Skip to main content

Every month, the integrations team work on new and updated collectors for you, and I collect them all in this Catalog Update.   This post contains new and updated collector information as well as links to their respective pages in our Documentation portal.  Be advised that some pages in Documentation may not be available at the time of posting but will be added as soon as they are available. To request new collectors or an update to an existing collector, please open a support ticket through the Support Portal. You can also visit the new Resources Portal, a single page for all your customer resources!

 

Table of Contents

 

New Collectors

Spidersilk Collector v1.0.0

Link to Documentation

Change Log

A new collector for Spidersilk has been introduced, designed around a snapshot-based data retrieval approach. This collector enables targeted gathering and analysis of information from several key services:

  • Threats: Delivers periodic snapshots to help you monitor and address potential security issues. 

  • Assets: Provides scheduled snapshots of your assets, supporting continuous asset tracking and visibility.

  • Darkweb: Supplies consolidated snapshots of dark web activity relevant to your organization, aiding proactive risk awareness.

  • DCSDK version: 1.14.0

 

Updated Collectors

IBM Cloud logs v2.0.1 (previously IBM Cloud Activity Tracker)

Link to Documentation

Change Log

  • Changed the name of the collector to `IBM CLoud Logs`

  • Updated the migration_guide accordingly.

 

Microsoft Graph Collector v3.0.0

Link to Documentation

Change Log

  • Updated DCSDK solves bug INT-3340

  • Updated DCSDK from 1.13.1 to 1.14.0

 

Google Cloud Platform Collector v2.2.0

Link to Documentation

Change Log

  • Added a logging filter to handle `ValueError` related to closed RPC channels. This error occurs when an RPC call is attempted on a closed connection, usually due to normal service shutdowns or transient network issues. Since these cases do not indicate a critical failure, the error is now logged as a warning instead of raising an exception.

  • DCSDK version: 1.14.0

 

Cyble Vision Collector v1.1.0

Link to Documentation

Change Log

  • Updated DevoCollectorSDK version from 1.9.2 to 1.15.0

  • Upgrade Docker image base to version v1.4.1 in Dockerfile

 

Tencent Collector v1.1.0

Link to Documentation

Change Log

  • Upgraded DCSDK from 1.13.1 to 1.15.0.

  • Upgraded Dockerfile base image to 1.4.1.

  • Created a separate table for cloudaudit logs.

 

Zscaler Collector v2.0.0

Link to Documentation

Change Log

  •  Refactor code and upgraded DCSDK to 1.15.0

  •  Upgraded docker base image to 1.4.0

  •  Sending data to new table `sse.zscaler.zia.audit`

 

Alibaba Cloud Collector v1.3.0

Link to Documentation

Change Log

  • Updated DCSDK from 1.14.0 to 1.15.0

  • Upgraded dcsdk-docker-base-image to 1.4.1

  • Added new smq service

 

Microsoft Azure Collector v2.5.0

Link to Documentation

Change Log

  • New autocategorization rules for several tables:

    • cloud.azure.ah.alert_info

      cloud.azure.ah.alert_evidence

      cloud.azure.sql.securityauditevents

      cloud.azure.vm.subassessment

      cloud.azure.virtualnetwork.net_sec_group_event

      cloud.azure.eh.metrics

      cloud.azure.firewall.network_rule

      cloud.azure.firewall.application_rule

      cloud.azure.firewall.dns_query

      cloud.azure.storage.storageread

      cloud.azure.storage.storagewrite

      cloud.azure.storage.storagedelete

      cloud.azure.traffic_manager.probe_health_status

  • The timezone of pendulum.now() is explicitly set to UTC now

  • Corrected typo in rules of: cloud.azure.intune.operation

  • Updated SDK from 1.12.2 to 1.15.0:Differentiated error codes for SdkPersistenceServiceError.

 

Menlo Collector v1.4.0

Link to Documentation

Change Log

  • Upgraded the DCSDK from 1.14.0 to 1.15.0.

  • Upgraded dcsdk-docker-base-image to 1.4.1

  • Fixed the Setup Error issue caused by the start date in the config.

 

Salesforce Collector v3.1.0

Link to Documentation

Change Log

  • Upgraded the DCSDK from 1.13.1 to 1.15.0.

  • Upgraded dcsdk-docker-base-image to 1.4.1.

  • Fixed the custom fields not showing up bug in custom query.

 

Microsoft Defender ATP Endpoint v2.0.0

Link to Documentation

Change Log

  • Added a new endpoint for the service assessments (/SoftwareVulnerabilityChangesByMachine)

  • Changed the name of the assessments service from assessments_beta to assessments

  • Updated Docker image to 1.4.1

  • Updated DevoCollectorSDK from v1.12.4 to v1.15.0:

  • Added a new endpoint for the service assessments

 

Proofpoint TAP v3.2.0

Link to Documentation

Change Log

  • Refactor code and upgraded DCSDK to 1.15.0

  • Upgraded docker base image to 1.4.1

  • Fixed the OOMK bug causing the collector to restart

 

Microsoft Graph v3.2.0

Link to Documentation

Change Log

  • Fixing bug with pendulum and TZ causing re-authentication to fail

  • Updated DCSDK from 1.14.0 to 1.15.0

  • Upgraded dcsdk-docker-base-image to 1.4.1

 

Alibaba Collector v1.3.1

Link to Documentation

Change Log

  •  Fixed issue with handling byte values in access_log service response

 

Salesforce Collector v3.2.0

Link to Documentation

Change Log

  • Made skip_export user configurable in the custom service query.

 

Zscaler Collector v2.0.1

Link to Documentation

Change Log

  • Fixed the issue for invalid session error.

 

 

 

 

 

 

 

Be the first to reply!
Terms & ConditionsCookie settings