Skip to main content
All CollectionsThreat IntelligenceThreat Intelligence Release Notes
Threat Intelligence Release 316
Threat Intelligence Release 316
Updated over a year ago

Release Notes – USMA R316 | Aug 2024

β€―

New Elements

AR-11155 | New Rule: ServiceNow Vulnerabilities

AR-11145 | New Rule: Detect RemoteKrbRelay Execution

AR-11143 | New Plugin: Meraki AUTER Events

AR-11139 | New Rule: CVE-2024-29510 - Ghostscript Library Exploit Detection

AR-11136 | New Rule: Palo Alto - PaloAltoRCEAttemptCommonBinaries

AR-11135 | New Rule: FortiGate - FortigateRCEAttemptCommonBinaries

AR-11114 | New Rule: Enumeration Against GCP Resources

AR-11083 | New Rule: MEDUSA/SEAELF Rootkit Detection

AR-11082 | New Rule: RIFLESPINE Rootkit Detection

AR-7877 | New Plugin: Forcepoint Email Security Cloud

AR-7427 | New Plugin: NetXplorer

Improvements

AR-10414 |Plugin Improvement: Azure Logs Collected Via Eventhub Parsed as Generic Events

AR-11172 | Plugin Improvement: Improved Parsing - Method "Possible Misconfigured Kubernetes Deployment"

AR-11160 | Plugin Improvement: MDATP - Additional Parsing Request

AR-11158 | Plugin Improvement: Vectra AI

AR-11157 | Rule Improvement: User Logged In From Multiple Countries - Add Trust Type and Source Workstation

AR-11146 |Plugin Improvement: Palo Alto Plugin Update to Parse Email Information

AR-11144 | Rule Improvement: Fake Browser Updates Lead to BOINC Volunteer Computing Software

AR-11013 | Rule Improvement: VMWare API Repeated Failed Access Attempts to Alert Bruteforcing

AR-11004 | Rule Improvement: Detect Renamed AWS Windows Binary

AR-10865 | Rule Improvement: Add Suspicious Path \Public\Audio\

Fixes

AR-11185 | Rule Improvement: Fix UEBAAnomalousOkta Noisy Rule

AR-11177 | Plugin Improvement: Paloalto PAN-OS - Parse "Subcategory" Field

AR-11142 | Plugin Improvement: Cisco Umbrella DLP Events Name Should Include Event Type (SaaS API and Real Time)

AR-11141 | Plugin Improvement: MDATP Email Sender and Email Recipient Information Are Not Correct

AR-11140 | Parsing Improvement: Watchguard Firebox

AR-11132 | Plugin Improvement: Microsoft Defender ATP Incidents

AR-11131 | Plugin improvement: AzureAD Sign in Activity

AR-11039 | Plugin Improvement: Linux Parsing

AR-10881 | Rule Improvement: CiscoMerakiCloud – IDS Alert

AR-10466 | Plugin Improvement: Microsoft Advanced Threat Protection - Incorrect "TIME CREATED" Parsing

AR-9394 | Plugin Improvement: Fortinet FortiGate - Plugin Parsing Events with Incorrect Time Stamps

AR-7672 | Plugin Improvement: Akamai ETP - Bad Date Parsing

Did this answer your question?