AR-10975 | New Plugin: Cisco Duo Activity Logs

AR-10968 | New Plugin: Mimecast Threat Intel Feed Grid Stix

AR-10957 | New Rule: Certreq Downloading Malicious Binaries

AR-10914 | New Rule: Windows - Comments Following cmd.exe and PowerShell.exe Process Creation

AR-10904 | New Rule: Xwizard Suspicious Execution

AR-10898 | New Rule: OTX - Create Separate Rules for RATFeeder Domain Alarms

AR-10880 | New Rule: Detect Download Files with Output To Suspicious Path

AR-10872 | New Rule: OTX - Create Separate Rule for IOT Alarms

AR-10871 | New Rule: OTX - Create Separate Rule for Tracker Alarms

AR-10841 | New Plugin: Dell Boomi Atom APIs Container

AR-10802 | New Rule: Cisco FTD User Locked Out

AR-10756 | New Rule: Windows - APT28 Custom Protocol Handler

AR-10753 | New Rule: Windows - APT 28 Scheduled Task Creation

AR-10541 | New Rule: Kaspersky Security Center Cloud

AR-10518 | New Rule: Cisco AMP for Endpoints - To Trigger Alarms from Events Related To Cloud IOC

AR-10065 | New Rule: Microsoft Azure CR - OAuth Applications to Deploy VMs

AR-10671 | New Rule: Kaspersky - Dangerous Link Blocked

AR-10950 | Rule improvement: Remove Silent Flags on WindowsMultipleServiceInstallsSystemRoot and DuoSuccessfulMFAExhaustionAttack Rules

AR-10938 | Rule Improvement: Fortinet - Remove Reverse Lookups from FortinetBotnetConnections

AR-10936 | Plugin Improvement: Alibaba Cloud

AR-10930 | Rule Improvement: Exchange - Additional Highlighted Fields in Suspicious Inbox Rule

AR-10928 | Rule Improvement: Additional Highlighted Fields in Common Powershell Attack Frameworks

AR-10912 | Plugin Improvement: Microsoft Advanced Threat Protection - Extract alertWebURL and incidentWebURL from Raw Logs

AR-10864 | Rule Improvement: Sonicwall - Brute Force Rule Improvements

AR-10812 | Plugin Improvement: Cisco Firepower - Rework Rule Logic to Use Cisco Firepower Codes Instead of Event Names for CiscoFirepowerSuccessfulBruteForce Rule

AR-10795 | Rule Improvement: Add Highlight Field "URL" and "DomainName" To Initial Access - MDATP Initial Access Alert Detected

AR-7409 | Plugin Improvement: Cisco Umbrella - Configure the Cisco Umbrella Audit Plugin to Be Able to Parse Data from An S3 Bucket

AR-10951 | Rule Improvement: Kaspersky - Malicious Object Detected

AR-10978 | Rule Improvement: Add Excl. and Null Checks for Failed Logon to Nonexistent Account Rule

AR-10977 | Rule Improvement: Microsoft O365 - Authentication Method Downgraded to One Way SMS: Correct Authentication Method

AR-10963 | Plugin Improvement: ZScaler NSS - Not Parsing Source and Destination IPs

AR-10961 | Rule Improvement: Revert Changes Made to MDATPMediumSeverityAlert and MDATPHighSeverityAlert Rules

AR-10960 | Rule Improvement: Filter Rapid7 Hits from "SAM, SECURITY or SYSTEM Registry Hive Export" Rule

AR-10948 | Rule Improvement: Standardize All the Repeated Login Failure Rules Into Same Taxonomy

AR-10945 | Plugin Improvement: NxLog Not Parsing "Operation" Field

AR-10944 | Plugin Improvement: Kaspersky Security Center - SRC IP is Not Being Properly Parser

AR-10940 | Rule Improvement: Exclusion for WindowsRenamedBinaries Rule

AR-10935 | Plugin Improvement: AWS Network Firewall Parser

AR-10931 | Rule Improvement: Add Mute Time to Rules That Are Missing the Field

AR-10735 | Plugin Improvement: Cisco Firepower Threat Defense - Applying Incorrect Data Source Rule to User Authentication Rejected Events

AR-9937 | Plugin Improvement: Zscaler ZPA - Parsing Fields Incorrectly