AR-10925 | New Plugin: Mimecast Threat Intelligence - STIX

AR-10924 | New Plugin: Mimecast Threat Intelligence - CSV

AR-10915 | New Rule: Windows - Curl to FTP over 80 or 443

AR-10906 | New Rule: Sensitive File Recovery from Backup Via Wbadmin.EXE

AR-10886 | New Plugin: Mimecast - Collect Audit Logs Events

AR-10876 | New Rule: Cisco Duo - DuoFraudulentLoginAttemptReported

AR-10875 | New Rule: Cisco Duo - DuoSuccessfulMFAExhaustionAttack

AR-10863 | New Rule: Cisco Firepower- Successful Login from TOR

AR-10847 | New Plugin: Vectra AI

AR-10842 | New Rule: Firewall Exception List Added for RemoteDesktop-UserMode-In

AR-10837 | New Rule: Symantec Endpoint Protection - Suspicious SMB Client Request 6 Attack

AR-10828 | New Plugin: Dell - Boomi Atom API Gateway Access

AR-10819 | New Rule: Palo Alto GlobalProtect - Successful VPN Login from TOR

AR-10818 | New Rule: WatchGuard - Successful VPN Login from TOR

AR-10797 | New Plugin: MobileIron Sentry

AR-10794 | New Plugin: Alibaba ActionTrail

AR-10793 | New Plugin: Siemens SiPass

AR-10789 | New Plugin: Alibaba ApsaraDB RDS

AR-10788 | New Plugin: Alibaba Web Application Firewall

AR-10724 | New Rule: Cisco Firepower - Repeated Login Failure

AR-10723 | New Rule: Cisco Firepower - Password Spray CR

AR-10633 | New Plugin: Cisco Umbrella - Parse DLP Logs Properly

AR-10589 | New Plugin: Cerberus FTP Server

AR-9817 | New Rule: Enable Remote Connection Between Anonymous Computer - AllowAnonymousCallback

AR-10878 | New Rule: MDforCloudUnusualLocation

AR-10877 | New Rule: UEBAO365LoginAnomalyFolderPermissionChange

AR-10910 | Rule Improvement: Tune Mute Condition on ATP Rule

AR-10908 | Rule Improvement: Add Set testsigning to SuspiciousBcdeditUsage

AR-10892 | Plugin Improvement: Forcepoint – Parsing Correction

AR-10884 | Plugin Improvement: Linux NXLog - Update to Parse Variables

AR-10879 | Rule Improvement: UEBAAnomalousRDPReconActivity

AR-10859 | Plugin Improvement: Absolute Software

AR-10858 | Plugin Improvement: Microsoft Advanced Threat Protection - JSON

AR-10848 | Plugin Improvement: Microsoft O365 - Parse TargetId.UserType

AR-10796 | Plugin Improvement: Add "Resource Provider" Highlight Field To "Privilege Escalation - New Access Credential Added to Application or Service Principal"

AR-10785 | Plugin Improvement: Ivanti Connect Secure

AR-10771 | Plugin Improvement: Parse "Account Name" and "Description" for "Windows Event Log Cleared" Rule

AR-10763 | Rule Improvement: UEBAMultipleOrganizationAnomalies

AR-10762 | Rule Improvement: UEBAMultipleGeographicalAnomalies

AR-10714 | Rule Improvement: Windows - PowerShellDataExfiltration

AR-10897 | Plugin Improvement: Microsoft Azure - Multifactor Authentication is Not Parsing Events Correctly

AR-10896 | Plugin Improvement: Ivanti Connect Secure - Mismatch in Event Names

AR-10874 | Rule Improvement: Windows - WindowsProcessInSuspiciousPath

AR-10873 | Rule Improvement: Cisco Meraki - Fix Recursive Alarm CiscoMerakiCloud-IDS-Alert

AR-10808 | Rule Improvement: Darktrace - Exclude "Antigena" Events

AR-10801 | Plugin Improvement: Google G Suite - Request for Addition of "File Owner" and "File Name" Fields to Alarm

AR-10782 | Plugin Improvement: Azure Active Directory - Add 'Risk State' in the Highlight Fields

AR-10780 | Plugin Improvement: Windows NxLog - Add Additional Fields to Highlight on Alarm

AR-10694 | Plugin Improvement: Cloudflare Zero Trust - Gateway DNS Logs

AR-10692 | Plugin Improvement: Cloudflare Zero Trust - Audit Logs

AR-10689 | Plugin Improvement: Tenable Active Directory

AR-10679 | Plugin Improvement: Cloudflare Zero Trust - Gateway HTTP Logs

AR-10619 | Plugin Improvement: Windows NxLog - Update Username and Source Address

AR-10605 | Plugin Improvement: Perl