In the past three months many verified rules have been updated (39), and new rules (37) published to improve our detection capabilities!

Integrations to raise alerts based on the related security products:

• 1Password EPM, 4 rules to detect Brute Force, Grant Access Vault, MFA Disable, Share Externally.
• Cloudflare Gateway DNS, 2 rules to detect Query Allowed to Malicious Domain, Query Blocked to Malicious Domain.
• Darktrace Threat Visualizer, 2 rules to detect Threat Critical/Suspicious Alert.
• Fortigate IPS, 3 rules to detect High/Critical Severity Alert, Alert Peak.
• Gatewatcher AionIQ V103, 10 rules to detect Active CTI, Beacon, Dga, Malcore, Malicious Powershell, Network Behavior Analytics, Ransomware, Retrohunt, Shellcode, Sigflow Alert.
• Microsoft 365, 3 rules to detect Suspicious Activity Using Quick Assist, Medium/High Severity Alert.
• Sesame it Jizo NDR, 1 rule to detect Alert High Severity.
• Varonis, 3 rules to detect Many Accounts Disabled, Massive Dowloads By A Single User, Many File Created and Deleted.
• WatchGuard Firebox: 1 rule to detect Login Brute-Force Successful.
• WithSecure Elements, 1 rule to detect Warning Severity.

Threats on:

• Linux, 1 rule: Binary List Tcp.
• Windows, 8 rules: Correlation Impacket Smbexec, Correlation Supicious Powershell Drop and Exec, Elevated Shell Launched By Browser, Language Discovery, Ntfsinfo Usage, RDP Configuration File From Mail Process, Screenconnect Remote Execution, Unsigned Driver Loaded From Suspicious Location.