Skip to main content

December 05, 2025 - Content Release

This new and updated content is effective as of December 4, 2025.

This content release includes:

  • Updates to product naming from "G Suite" to "Google Workspace" across rules, log mappers, and parsers to reflect the current branding.
  • Update to product naming from "Dell SonicWall" to "SonicWall Firewall" in parsers and log mappers.
  • New support for Asana audit logging.

Additional changes are enumerated below.

Rules​

  • [Updated] MATCH-S00630 GCP Audit IAM DeleteServiceAccount Observed
  • [Updated] MATCH-S00629 GCP Audit IAM DisableServiceAccount Observed
  • [Updated] MATCH-S00117 Google Workspace - Access - Access Transparency
  • [Updated] MATCH-S00115 Google Workspace - Admin - User Settings - Turn Off 2SV
  • [Updated] MATCH-S00133 Google Workspace - Admin Activity
  • [Updated] MATCH-S00125 Google Workspace - Drive - Drive Open To Public
  • [Updated] MATCH-S00301 Google Workspace - Excessive OAuth Application Permissions Scope
  • [Updated] MATCH-S00128 Google Workspace - Login - Account Warning
  • [Updated] MATCH-S00129 Google Workspace - Login - Government Attack Warning
  • [Updated] MATCH-S00121 Google Workspace - Mobile - Suspicious Activity
  • [Updated] MATCH-S00227 Google Workspace - Unauthorized OAuth Application
  • [Updated] MATCH-S00120 Google Workspace - User Accounts - 2SV Disabled

Log Mappers​

  • [New] Asana Audit Authentication
  • [New] Asana Audit Catch All
  • [Updated] Azure ResourceHealth and ServiceHealth
  • [Updated] AzureActivityLog AuditLogs
  • [Updated] Google Workspace - access_transparency/GSUITE_RESOURCE/ACCESS
  • [Updated] Google Workspace - admin
  • [Updated] Google Workspace - calendar
  • [Updated] Google Workspace - drive.access
  • [Updated] Google Workspace - drive.acl_change
  • [Updated] Google Workspace - gcp
  • [Updated] Google Workspace - gplus
  • [Updated] Google Workspace - groups
  • [Updated] Google Workspace - groups_enterprise
  • [Updated] Google Workspace - login - password_change/recovery_info_change
  • [Updated] Google Workspace - login - risky_sensitive_action_allowed
  • [Updated] Google Workspace - login challenge
  • [Updated] Google Workspace - login-blocked_sender_change
  • [Updated] Google Workspace - login-email_forwarding_change
  • [Updated] Google Workspace - login.account_warning
  • [Updated] Google Workspace - login.gov_attack_warning
  • [Updated] Google Workspace - login.login
  • [Updated] Google Workspace - logout
  • [Updated] Google Workspace - meet
  • [Updated] Google Workspace - mobile
  • [Updated] Google Workspace - rules
  • [Updated] Google Workspace - saml
  • [Updated] Google Workspace - token
  • [Updated] Google Workspace - user_accounts
  • [Updated] Google Workspace Alert Center - AppMaker Editor
  • [Updated] Google Workspace Alert Center - Data Loss Prevention
  • [Updated] Google Workspace Alert Center - Domain wide takeout
  • [Updated] Google Workspace Alert Center - Gmail phishing
  • [Updated] Google Workspace Alert Center - Gmail phishing (Misconfigured whitelist)
  • [Updated] Google Workspace Alert Center - Google Operations
  • [Updated] Google Workspace Alert Center - Google identity
  • [Updated] Google Workspace Alert Center - Mobile device management (Device compromised)
  • [Updated] Google Workspace Alert Center - Mobile device management (Suspicious activity)
  • [Updated] Google Workspace Alert Center - Security Center rules
  • [Updated] Google Workspace Alert Center - Sensitive Admin Action
  • [Updated] Google Workspace Alert Center - State Sponsored Attack
  • [Updated] Google Workspace Alert Center - User Changes
  • [Updated] Netskope - Alerts
    • Updated action and normalizedAction field mappings.
  • [Updated] SonicWall Firewall - Custom Parser
  • [Updated] SonicWall Flows
  • [Updated] Thinkst Canary Parser - Catch All
    • Added additional field mappings.
  • [Updated] Windows - Security - 5145
    • Removes redundant mapping of baseimage and device_ip fields.

Parsers​

  • [New] /Parsers/System/Asana/Asana Audit
  • [New] /Parsers/System/Google/Google Workspace Alert Center
  • [New] /Parsers/System/Google/Google Workspace Audit
  • [New] /Parsers/System/SonicWall/SonicWall Firewall
  • [Updated] /Parsers/System/Dell/Dell SonicWall
  • [Updated] /Parsers/System/Google/G Suite Alert Center
  • [Updated] /Parsers/System/Google/G Suite Audit
  • [Updated] /Parsers/System/Linux/Linux OS Syslog
    • Updated parser to drop certain systemd events not useful for security monitoring.
  • [Updated] /Parsers/System/Thinkst Canary/Thinkst Canary
    • Modified parser to improve field extraction.
Status
Legal
Privacy Statement
Terms of Use
CA Privacy Notice

Copyright © 2025 by Sumo Logic, Inc.