February 24th, 2026 - Content Release
- This content release includes:
- Added MITRE ATLAS Tactics and Techniques to tag schema for improved attack pattern classification and detection rule development.
- Expanded Ubiquiti Unifi network visibility with 7 new log mappers and parser enhancements covering process execution, DHCP events, DNS queries, and general network traffic.
- Enhanced field mappings and parsing for email security, web traffic analysis, and authentication monitoring:
- Abnormal Security threat detection now captures email metadata, sender/recipient details, and threat categorization.
- Netskope web transactions include network connection details, file hashes, and error context.
- Okta Active Directory authentication events provide standardized user identification.
Additional changes are enumerated below.
Log Mappers
- [New] Unifi - Process Cron - Command Execution
- [New] Unifi - Process sudo - Superuser Do Command Execution
- [New] Unifi DHCP ACK Event
- [New] Unifi DHCP Offer Event
- [New] Unifi DHCP Request and DHCP DISCOVER Event
- [New] Unifi DNS Network Event
- [New] Unifi Network Event
- [Updated] Abnormal Security Threats
- [Updated] Netskope - WebTx Events
- [Updated] Okta Authentication - auth_via_AD_agent
- [Updated] Unifi Catch All
- [Updated] Unifi HTTP Request Logs
Parsers
- [Updated] /Parsers/System/Abnormal Security/Abnormal Security
- [Updated] /Parsers/System/Netskope/Netskope WebTx
- [Updated] /Parsers/System/Okta/Okta
- [Updated] /Parsers/System/Ubiquiti/Ubiquiti Unifi