Skip to main content
All CollectionsThreat IntelligenceThreat Intelligence Release Notes
Threat Intelligence Release 317
Threat Intelligence Release 317
Updated over a year ago

Release Notes โ€“ USMA R317 | Aug 2024

โ€ฏ

New Elements

AR-11155 | New Rule: NIDS Rule for ServiceNow Vulnerabilities

AR-11145 | New Rule: Detect RemoteKrbRelay Execution

AR-11139 | New Rule: CVE-2024-29510 - Ghostcript Library Exploit Detection

AR-11136 | New Rule: PaloAltoRCEAttemptCommonBinaries

AR-11135 | New Rule: FortigateRCEAttemptCommonBinaries

AR-11114 | New Rule: Enumeration Against GCP Resources

AR-11083 | New Rule: MEDUSA/SEAELF Rootkit Detection

AR-11082 | New Rule: RIFLESPINE Rootkit Detection

AR-7877 | New Plugin: ForcePoint Email Security Cloud

AR-7427 | New Plugin: NetXplorer

Improvements

AR-11172 | Plugin Improvement: Improved Parsing - Method "Possible Misconfigured Kubernetes Deployment"

AR-11160 | Plugin Improvement: MDATP - Additional Parsing Request

AR-11158 | Plugin Improvement: Vectra AI

AR-11157 | Rule Improvement: User Logged In From Multiple Countries - Add Trust Type (Custom field 10) and Source Workstation to Correlation Rules

AR-11146 | Plugin Improvement: Palo Alto - Update to Parse Email Information

AR-11144 | Rule Improvement: Fake Browser Updates Lead to BOINC Volunteer Computing Software

AR-11143 | Plugin Improvement: Parse Event_Description for Meraki AUTER Events

AR-11013 | Rule Improvement: VMWare API Repeated Failed Access Attempts to Alert Bruteforcing

AR-11004 | Rule Improvement: Add Ability to Detect Renamed AWS Windows Binary

AR-10865 | Rule Improvement: Add Suspicious Path \Public\Audio\ to Suspicious Execution Correlation Rules

AR-10414 | Plugin Improvement: Azure Subscription Logs Collected via Eventhubs Parsed as Generic Events

Fixes

AR-11185 | Rule Improvement: UEBAAnomalousOkta is Noisy

AR-11177 | Plugin Improvement: Palo Alto PAN-OS - Parse "Subcategory" Field

AR-11142 | Plugin Improvement: Cisco Umbrella DLP - Event Names Should Include Event Type (SaaS API and Real Time)

AR-11141 | Plugin Improvement: MDATP - Email Sender and Email Recipient Information are Not Correct

AR-11140 | Plugin Improvement: Watchguard Firebox

AR-11132 | Plugin Improvement: Microsoft Defender ATP Incidents

AR-11131 | Plugin improvement: AzureAD Sign-in Activity

AR-11039 | Plugin Improvement: Linux

AR-10881 | Rule Improvement: CiscoMerakiCloud-IDS-Alert

AR-10466 | Plugin Improvement: Microsoft Advanced Threat Protection - Incorrect "TIME CREATED" Parsing

AR-9394 | Plugin Improvement: Fortinet FortiGate - Parsing Events with Incorrect Time Stamps

AR-7672 | Plugin Improvement: Parsing for Akamai ETP

Did this answer your question?