Every month, the integrations team work on new and updated collectors for you, and I collect them all in this Catalog Update. This post contains new and updated collector information as well as links to their respective pages in our Documentation portal. Be advised that some pages in Documentation may not be available at the time of posting but will be added as soon as they are available. To request new collectors or an update to an existing collector, please open a support ticket through the Support Portal. You can also visit the new Resources Portal, a single page for all your customer resources!
Table of Contents
Updated Collectors
Forcepoint SWG Collector v2.1.0
- Changed
- The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.16.2" to "1.16.3"
- Fixed
- Updated datetime_key in swgweb service to fix delay in events
- Allowed override datetime_key and id_key from user config
Microsoft Defender ATP Endpoint Collector v2.3.0
- Changed
- Refactored the code to use the SDK
Template1CollectorPuller - Refactored all the puller logics
- Updated the persistence logic, added new param in the persistence to avoid duplicates
- Added unit-tests
- Updated docker base image to 1.6.0
- Refactored the code to use the SDK
Cortex XDR Collector v2.3.0
- Improvements
- The DevoCollectorSDK Python package (devo-collector-sdk) has been updated to "1.16.3"
- Upgraded the docker base image to 1.6.0
- Fixed
- Added timeout in the requests call to fix the unresponsive API issue
Google Workspace Reports Collector v1.13.0
- Changed
- Updated docker base image to 1.6.0
- Added
- Added a new service with application_name: vault for Google Vault audit logs
BigID Collector v1.3.0
- Changed
- Updated the Docker base image to 1.6.0
- Fixed
- Fixed token expiration validation to properly check if 24 hours (86400 seconds) have elapsed since token creation
SOCRadar Collector v2.0.0
- Improvements
- Refactored the code to use Template1CollectorPuller
- Upgraded Docker base image to 1.6.0
- Added Unit tests and added user_guide
- Upgraded DCSDK to 1.16.3
Abnormal Security Collector v2.2.0
- Changed
- The DCSDK Docker base image has been updated to "1.6.0"
- Upgraded the DCSDK to v1.16.3
- Changed initial_start_time_in_utc to optional field
Microsoft Defender ATP Endpoint Collector v3.1.0
- Changed
- Added a migration guide because of persistence incompatibility
- Fixed
- Fixed the issue with advance hunting service
- Fixed the issue with GCC high environment
- Fixed missing issue with alerts service
Okta Collector v2.0.0
- Changed
- Refactored the code to use the latest DCSDK 1.16.3
- Upgraded persistence to use initial_log_id to avoid duplicates
Menlo Security Collector v1.5.0
- Changed
- Refactored the code to use the latest DCSDK 1.16.3
- Added
- Fixed the bug for start date more than 30 days old
Radware CWAF Collector v1.1.0
- Changed
- Refactored the code to use the latest DCSDK 1.16.3
- Fixed
- Fix the persistence update issue after each API call
- Added optional param to handle waiting period on API failure
Trend Micro Vision One Collector v1.5.2
- Changed
- Refactored the code to use the latest DCSDK 1.16.3
- Added
- Fixed collector persistence issue when collector is paused for more than 5 days
Trellix ePO Collector v1.3.0
- Changed
- Updated
DevoCollectorSDKto version 1.16.3 - Updated docker base image to 1.6.0
- Updated
- Fixed
- Override url issue
Airlock Digital Collector v1.1.0
- Changed
- The DCSDK Docker base image has been updated from "1.2.0" to "1.6.0"
- The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.11.1" to "1.16.3"
- Added
- Added admin_logs service
CyberArk Identity Collector v1.5.0
- Changed
- Upgraded SDK image base to 1.6.0
- Added
- Added new service siem_audit_events
- Added group base pulling mechanism
SailPoint IdentityNow Collector v1.5.0
- Changed
- The DevoCollectorSDK Python package (devo-collector-sdk) has been updated to "1.16.3"
- Upgraded SDK image base to 1.6.0
- Fixed
- Fixed invalid token issue by handling token expiry time