Skip to main content
All CollectionsThreat IntelligenceThreat Intelligence Release Notes
Threat Intelligence Release 314
Threat Intelligence Release 314
Updated over a year ago

Release Notes – USMA R314 | July 2024

Important Communications  

The following changes are coming soon and may impact your orchestration rules, filter rules, or other rules.  

AR-10981 | Watchguard SSLVPN - Condense Authentication Event Names to Increase Investigation Efficiency

New Elements

AR-11068 | New Rule: RegreSSHion Detection

AR-11059 | New Plugin: Cisco 350 Series Switch

AR-11036 | New Plugin: AlienApp for Snowflake

AR-11019 | New Plugin: Huawei Router/Switches

AR-11018 | New Plugin: Alibaba Security Center

AR-10971 | New Rule: Detect Upper/Lower Case PowerShell/Other lolbins Execution

AR-10899 | New Plugin: SonicWALL SMA6210 (Secure Mobile Access Appliance)

Improvements

AR-10154 | Plugin Improvement: Improve CrowdStrike Falcon (FDR) to Parse More Fields

AR-11093 | Plugin Improvement: G Suite - Email Forwarding Rule Out of Domain - Parse Forwarding Address

AR-11092 | Plugin Improvement: MDATP - Add Microsoft Defender ATP Incidents JSON as Data Source

AR-11088 | Plugin Improvement - Mimecast Threat Intel Feed Customer STIX

AR-11087 | Plugin Improvement - Mimecast Threat Intel Feed Grid CSV

AR-11086 | Plugin Improvement - Mimecast Threat Intel Feed Grid STIX

AR-11078 | Plugin Improvement: Microsoft Advanced Threat Protection JSON

AR-11076 | Rule Improvement: S3DangerousACL Update Request

AR-11062 | Rule Improvement: UEBA - Remove Silent Flag

AR-11061 | Rule Improvement: Review Noisy Rule UEBAAnomalousRDP

AR-11060 | Rule Improvement: Activate UEBAAnomalousOkta Rule

AR-11038 | Plugin Improvement: Pulse Connect Secure - Primary Authentication Events Mismatch

AR-11035 | Plugin Improvement: Vmware API

AR-11030 | Plugin Improvement: Improve Parsing of the Cisco Umbrella DLP Logs

AR-11029 | Rule Improvement: Improve MDATPHighSeverityAlert Rule

AR-11024 | Rule Improvement: Improve Regex Rule WindowsNetworkTunnelingQEMU

AR-10996 | Plugin Improvement: Amazon EKS API Server

AR-10981 | Plugin Improvement: Watchguard SSLVPN - Condense Authentication Event Names to Increase Investigation Efficiency

AR-10923 | Plugin Improvement: O365 Ruleset - Parse "Source Process User ID" and/or "User Group ID" as Highlighted Fields

AR-10783 | Plugin Improvement: AV Generic Data Source Additional Parsing Required

Fixes

AR-11090 | Plugin Improvement: Ciscoduo - Authentication Log Events Plugin is Assigning the Same Event Name to All the Logs

AR-11089 | Plugin Improvement: Ciscoduo - Activity Log Events Plugin Is Assigning the Same Event Name to All the Logs

AR-11074 | Rule Improvement: Alarm Method "Windows Login Default Point of Sale Credentials" Should Be Adjusted to Be Grouped as A Failed Login

AR-11065 | Plugin Improvement: MDATP fix aggregation

AR-11057 | Plugin Improvement: Google Cloud Kubernetes Engine

AR-11048 | Rule Improvement: AWS VPN - Impossible travel activity (AWSClientVPNEndpointImpossibleTravel) - Rule Firing on The Same IP When There's No Geolocation Available Causing False Positive Alarms

AR-10969 | Plugin Improvement: MDATPInitialAccess Fix Aggregation

Did this answer your question?