Skip to main content
All CollectionsThreat IntelligenceThreat Intelligence Release Notes
Threat Intelligence Release 313
Threat Intelligence Release 313
Updated over a week ago

Release Notes – USMA R313 | June 2024

New Elements

AR-11023 | New Rule: Edge Link Down

AR-11008 | New Plugin: AWS RDS for MariaDB

AR-11002 | New Rule: Suspicious WebRequest with DirectIP

AR-11001 | New Plugin: Cisco Duo Authentication Logs

AR-10997 | New Plugin: SecureW2.com RADIUS events via S3 bucket

AR-10988 | New Plugin: Cisco Duo Telephony Logs

AR-10973 | New Plugin: Mimecast Threat Intel Feed Grid CSV

AR-10943 | New Plugin: WatchGuard Wireless Access Points

AR-10916 | New Rule: Windows - Lnk Within Zip

AR-9522 | New Rule: Azure AD Sign In - Primary Refresh Token Access Attempt

Improvements

AR-11047 | Plugin Improvement: Windows - Fix Update Test for Failing Plugins Changes

AR-11025 | Rule Improvement: Exchange - Expanding Logic of Suspicious Inbox Rule to Include More Forwarding Folders and Inbox Rules Created With Names Containing Longer Sets of Special Characters

AR-11011 | Rule Improvement: Windows O365 - Add Highlighted Fields to O365 Rulepack

AR-11003 | Plugin Improvement: Mimecast Threat Intel Feed Grid STIX

AR-10999 | Rule Improvement: Split "MDATP Credential Access Alert Detected" Rule into Two Separate High and Medium Severity Correlation Rules

AR-10990 | Rule Improvement: OTX TrackerWatchlistMatching - Increase mute to 2 hours

AR-10987 | Plugin Improvement: Illumio Policy Compute - No Event Names

AR-10985 | Plugin Improvement: Alibaba ActionTrail

AR-10962 | Rule Improvement: Windows Dump Service - Include Security System Extension Events

AR-10942 | Plugin Improvement: Office 365 Azure AD - Parse the User Using "Userid" When “Userkey” Has Zero Value

AR-10646 | Rule Improvement: Review "High" Severity NIDS Detections Targeting Exposed Public Resources

Fixes

AR-11026 | Rule Improvement: Add Exclusion for PowerShell Exporting Certificate Alarm Rule - Importing PKI Module

AR-11021 | Rule Improvement: Add Exclusion for Computer Accounts and Increase Mute Time for UserAccountDisabled Rule

AR-11006 | Rule Improvement: Add Exclusion for Computer Accounts "$" to FailedLogonDisabledAccount Rule

AR-10993 | Rule Improvement: Exclusion for Service Account for User Account was Unlocked Rule

AR-10992 | Rule Improvement: Add Count and Length to Windows Account Lockout Rule

AR-10972 | Rule Improvement: Increase Mute time (24h) And Add Exclusion for Error Codes for CR Windows Update Process Failure

AR-10966 | Plugin Improvement: NIDS to Parse the XFF String as Source IP Address

AR-10953 | Rule Improvement: MDATP Severity Alarms Inconsistent Incident IDs

AR-10690 | Plugin Improvement: FortiAnalyzer - Syslog Enhancement

Did this answer your question?