Devo Parser Catalog Update for November

Updated Parsers

cloud.azure

Improvements
- Fixed parsing of the action field to standardize its value:
  - cloud.azure.firewall.network_rule
Added
- Added new parser:
  - cloud.azure.cache.connectedclientlist
  - cloud.azure.contregistry.repositoryevents
  - cloud.azure.aadiam.microsoftserviceprincipalsigninlogs
  - cloud.azure.activity.administrative
  - cloud.azure.activity.policy
  - cloud.azure.advisor.recommendation
  - cloud.azure.botservice.botrequest
  - cloud.azure.machinelearningservices.read_event
  - cloud.azure.kusto.command
  - cloud.azure.nsp.access_log
  - cloud.aws.cloudwatch.eks
  - cloud.azure.network.azfwapplicationrule
  - cloud.azure.network.azfwdnsquery
  - cloud.azure.network.azfwidpssignature
  - cloud.azure.network.azfwnatrule
  - cloud.azure.network.azfwnetworkrule
  - cloud.azure.network.azfwthreatintel
- Updated existing parsers to handle additional fields required for the new log format:
  - cloud.azure.sql.securityauditevents
  - cloud.azure.keyvault
  - cloud.azure.eventhub
  - cloud.azure.dbforpostgresql
  - cloud.azure.apimanagement.gatewaylogs
  - cloud.azure.aks

box.win_snare

Improvements
- Added new fields:
  - box.win_snare

edr.microsoft_defender

Improvements
- Added new field:
  - edr.microsoft_defender.endpoint.assessment_software_vulnerabilities
- Updated parsing logic to parse new fields:
  - edr.microsoft_defender.endpoint.machines
- Refined the parser to support new JSON logs:
  - edr.microsoft_defender.advanced_hunting.device_process.events

box.audit

Improvements
- Updated parser logic to handle double colon (::):
  - box.audit.macos.event

box.unix_snare

Added
- Added new table:
  - box.unix_snare.audit

my.app

Added
- Created new table:
  - my.app.equifax_dev.cisco.vpn

cef0.eset

Added
- Added new table:
  - cef0.eset.protect

waf.f5

Improvements
- Updated existing parser to handle additional fields required for the new log format (security event):
  - waf.f5.distributed_cloud.events

network.juniper

Improvements
- Added support to parsing of UI_LOGIN_EVENT:
  - network.juniper.junos

box.all.win

Improvements
- Added 5 new fields in box.all.win union:
  - failureStatus
  - callerProcessId
  - callerProcessName
  - targetServerName
  - serviceId
- Updated parser to support new fields:
  - box.all.win union

box.win_nxlog

Improvements
- Fixed parsing used json1of to support Keywords as int or str:
  - box.win_nxlog.dns

cloud.aws

Improvements
- Updated parser to support four new fields:
  - cloud.aws.rds.audit
- New fields added:
  - cloud.aws.cloudtrail.ssm
Added
- New parser created:
  - cloud.aws.cloudtrail.q

network.cisco

Improvements
- Updated parsing logic to parse new fields:
  - network.cisco.switch

firewall.cisco

Improvements
- Updated parsing logic to parse new fields for certain event ids:
  - firewall.cisco.asa

db.oracle

Improvements
- Added JSON parsing support:
  - db.oracle.audit

cef0.fortinet

Added
- Created new cef0 parsers:
  - cef0.fortinet.forticlinetems
  - cef0.fortinet.fortigate600f
  - cef0.fortinet.fortigate70f
  - cef0.fortinet.fortigatevm64ali
  - cef0.fortinet.fortigatevm64aws
  - cef0.fortinet.fortigatevm64azure
- Added new cef0.fortinet parsers to the Union:
  - cef0.fortinet.fortigateAll

firewall.watchguard

Improvements
- Refined the parser to support new events and removed redundancy:
  - firewall.watchguard.traffic

kms.obsidian

Added
- New parser created:
  - kms.obsidian.alerts.default

firewall.paloalto

Improvements
- Updated parser to support JSON logs as per new schema:
  - firewall.paloalto.threat

sig.cisco

Improvements
- Refined the parser to support logs of V13 of umbrella:
  - sig.cisco.umbrella.dns
  - sig.cisco.umbrella.proxy

casb.netskope

Added
- New parser added for casb netskope to parse v2 of netskope platform endpoint:
  - casb.netskope.endpoint

box.win_cloudwatch

Improvements
- Added versioning to support new logs:
  - box.win_cloudwatch

cef0.cisco

Added
- Added new cef0 parser for c100v logs:
  - cef0.cisco.c100vSecureEmailGatewayVirtual

firewall.all

Improvements
- New mappings added:
  - firewall.all.vpn.traffic

box.all

Improvements
- Added table monitor.dynatrace.api.grail_query to union:
  - box.all.unix
  - box.all.win

cef0.checkPoint

Improvements
- Added new fields:
  - cef0.checkPoint.systemMonitor

endpoint.vmware

Added
- Added new table:
  - endpoint.vmware.cbc_event_forwarder.cbAuth
  - endpoint.vmware.cbc_event_forwarder.cbWatchlist
  - endpoint.vmware.cbc_event_forwarder.cbAlerts

firewall.all

Improvements
- Added tables cef0.checkPoint.vpn1Firewall1, cef0.paloAltoNetworks.panOs, cef0.fortinet.fortigateAll to the Union:
  - firewall.all.ips
  - cef0.fortinet.fortigateAll
  - cef0.checkPoint.vpn1Firewall1
  - cef0.paloAltoNetworks.panOs

ips.all

Improvements
- Added tables cef0.checkPoint.vpn1Firewall1, cef0.paloAltoNetworks.panOs, cef0.fortinet.fortigateAll to the Union:
  - ips.all.alerts
  - cef0.fortinet.fortigateAll
  - cef0.checkPoint.vpn1Firewall1
  - cef0.paloAltoNetworks.panOs

Updated Parsers

my.app

kms.obsidian

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded