Skip to main content

May 15th, 2026 - Content Release

  • This content release includes:
    • Removed redundant Cisco Umbrella and Okta field mappings for hosts and from corresponding rules
    • New Laurel Linux Audit process start mapper for enhanced Linux process execution visibility
    • AWS WAF parser enhancement to extract cookies
    • Fortinet Fortigate severity mapping fix
    • Changes are enumerated below

Rules

  • [Updated] THRESHOLD-S00016 HTTP Response Error Spike - Internal
  • [Updated] THRESHOLD-S00099 Long URL Containing SQL Commands
  • [Updated] OUTLIER-S00016 Okta - Outlier in OIDC token request failures
  • [Updated] MATCH-S00835 Possible Dynamic URL Domain
  • [Updated] LEGACY-S00182 Suspicious HTTP User-Agent

Log Mappers

  • [New] Laurel Linux Audit - Process Start
  • [Updated] Fortinet UTM IDS1
  • [Updated] Laurel Linux Audit - System Call
  • [Updated] Okta Authentication - auth_via_AD_agent
  • [Updated] Okta Authentication - auth_via_mfa
  • [Updated] Okta Authentication - auth_via_radius
  • [Updated] Okta Authentication - sso
  • [Updated] Okta Authentication Events
  • [Updated] Okta Catch All
  • [Updated] Okta Security Threat Events

Parsers

  • [Updated] /Parsers/System/AWS/AWS WAF
  • [Updated] /Parsers/System/Fortinet/Fortigate/Fortigate-CEF
Status
Legal
Privacy Statement
Terms of Use
CA Privacy Notice

Copyright © 2026 by Sumo Logic, Inc.