Changelog
Link Back to SEKOIA.IO
Person Circle

Sekoia Changelog

Changelog

Feedback

Sekoia Defend (XDR)
Facebook
Twitter
LinkedIn
Copy Link
Rules Catalog updates! (ArubaOS, AWS, Bitsight, Broadcom, Cato Networks, Claroty, Cyberwatch, Dapren, Datadome, EfficientIP, ESET, Fastly, Forcepoint, Gatewatcher, Google, Lacework, Microsoft, SecurityScorecard, Trend Micro, Varonis, Veeam, Zscaler)

In the past three months many verified rules have been updated (54), and a lot of new rules (60) published to improve our detection capabilities!

Integrations to raise alerts based on the related security products:

  • ArubaOS Switch, 1 rule to detect Login Brute-Force Successful.
  • AWS CloudTrail, 2 rules to detect EC2 Enable Serial Console Access, S3 Bucket Replication.
  • Bitsight SPM, 4 rules to detect Minor/Moderate/Severe/Material Vulnerability.
  • Broadcom Edge Secure Web Gateway, 2 rules to detect High Threat, Anomaly TCP Denied.
  • Cato Networks SASE, 1 rule to detect High Risk Alert.
  • Claroty xDome, 1 rule to detect Network Threat Detection Alert
  • Cyberwatch Detection, 1 rule to detect Critical Vulnerability.
  • Daspren Parad, 1 rule to detect Malicious Behavior.
  • Datadome Protection: 1 rule to detect Intrusion Detection.
  • EfficientIP SOLIDServer, 1 rule to detect Suspicious Behavior.
  • ESET Protect, 5 rules to detect Intrusion Detection, Malware, Set Policy, Vulnerability Exploitation Attempt, Remote Action.
  • Fastly Next-Gen WAF, 1 rule to detect Audit Threat Alert.
  • Forcepoint Secure Web Gateway, 2 rules to detect Compromised Websites, Malicious Websites.
  • Gatewatcher AionIQ, 2 rules to detect Malware/Network Alert.
  • Google Workspace, 2 rules to detect Account Warning, Blocked Sender.
  • Lacework Cloud Security, 4 rules to detect Low/Medium/High/Critical Severity Alert.
  • Microsoft 365, 1 rule to detect Authenticated Activity From Tor IP Address.
  • Microsoft Entra ID, 4 rules to detect Consent Attempt to Suspicious OAuth Application, Sign-In Via Known AiTM Phishing Kit Generic/Tycoon 2FA/RED0046.
  • SecurityScorecard Vulnerability Assessment Scanner, 1 rule to detect New Issues.
  • Trend Micro Cloud One, 3 rules to detect Low/Medium/High Intrusion.
  • Varonis Data Security, 1 rule to detect Network Alert.
  • Veeam Backup & Replication, 1 rule for Malware Detection.
  • Zscaler ZIA, 2 rules to detect Malicious/Suspicious Threat Outbreak.

Threats on:

  • Windows, 16 rules: Anomaly Bruteforce Disabled Users, Cookies Deletion, Correlation Internal Kerberos Password Spraying, Correlation Internal Ntlm Password Spraying, Correlation Multi Service Disable, Correlation Suspicious Authentication Coercer Behavior, Credential Harvesting Via Vaultcmd.exe, Disabling SmartScreen Via Registry, DNS Query For Iplookup, Gpresult Usage, Openfiles Usage, Netscan Share Access Artefact, Njrat Registry Values, PowerShell Commands Invocation, Suspicious Certificate Request-adcs Abuse, Suspicious Commands From MS SQL Server Shell.

Our rules changelog is available over there: https://docs.sekoia.io/xdr/features/detect/rules_changelog/

What do you think about this update?
log in
All Categories
Added
Sekoia Defend (XDR)
Sekoia Intelligence (CTI)
TIP
Integrations
Sekoia Agent