Skip to main content

November 6, 2025 - Content Release

This content release includes:

  • An updated parser and new log mappers for Netskope Cloud Security for improved handling of Netskope DLP logs.
  • An updated mapper for Azure Audit Logs which repurposes the changeTarget field mapping for changed items such as groups.
  • Updated Azure rules to accommodate the repurposed changeTarget field
  • Updated Keeper Authentication mapper to include the Success field.
note

If you are ingesting Netskope Cloud Security Logs or Azure Audit Logs ensure that the log source is set to use the appropriate system parser:

  • Netskope Cloud Security: /Parsers/System/Netskope/Netskope Security Cloud JSON
  • Azure Audit Logs: /Parsers/System/Microsoft/Microsoft Azure JSON

Rules​

  • [Updated] MATCH-S00226 Azure - Add Member to Group
  • [Updated] MATCH-S00220 Azure - Add Member to Role Outside of PIM
  • [Updated] MATCH-S00231 Azure - Member Added to Global Administrator Role
  • [Updated] MATCH-S00233 Azure - Member Added to Global Administrator Role Non-PIM
  • [Updated] MATCH-S00229 Azure - Member Added to Non-Global Administrator Role

Log Mappers​

  • [New] Netskope - DLP Alerts
  • [New] Netskope - Incidents
  • [Updated] AzureActivityLog AuditLogs
  • [Updated] Keeper Authentication

Parsers​

  • [Updated] /Parsers/System/Netskope/Netskope Security Cloud JSON
Status
Legal
Privacy Statement
Terms of Use
CA Privacy Notice

Copyright © 2025 by Sumo Logic, Inc.