Logpresso Store

1.2.2408.0 2024-08-11 17:01

Support M365 exchange, general and mail flow logs - Added log schemas, logger models, and dashboards - Added m365-exchange-mail-flows query command.

BLUEMAX TAMS

1.0.2408.0 2024-08-10 16:05

First release - Support response module for BLUEMAX TAMS. - Support 13 extended query commands for BLUEMAX TAMS

WAPPLES

1.2.2402.2 2024-08-08 01:00

Troubleshoot parsing errors due to unintentional sharing while parsing time information

eWalker SWG

1.2.2405.1 2024-08-08 01:00

Troubleshoot parsing errors due to unintentional sharing while parsing time information

Menlo Security

1.0.2408.0 2024-08-04 18:13

First Release - Menlo Security Web Access, Audit logger models. - menlo-web-logs, menlo-audit-logs query commands. - Web Access and Audit dashboards. - Phishing and malware download detection rules. - Tested on Menlo Security Admin Portal 2.90.0-133004.

ML Rules

0.1.2407.0 2024-07-29 14:20

Support web log feature generation command. - web-log-features

ChatGPT

1.0.2407.0 2024-07-20 17:25

Extended query commands: - chatgpt-ask - chatgpt-ask-batch - chatgpt-summarize-campaign-report

Check Point OPSEC LEA

1.2.2407.0 2024-07-13 13:17

Automatic resumption after various connection errors

NexG FW

1.0.2407.0 2024-07-10 17:37

First release - Dedicated log parser, log schema, logger model, dashboard

Elasticsearch

1.3.2407.0 2024-07-04 16:55

Support ECS 8.11 normalization (20 field set, 225 fields) - [ECS normalization reference link](https://docs.logpresso.com/ko/ecs-normalization)

CTX

1.0.2407.0 2024-07-03 01:22

Supported query commands: * ctx-get-file-report-batch * ctx-get-domain-report * ctx-get-similar-files * ctx-get-domain-report-batch * ctx-get-file-report * ctx-get-file-relations * ctx-get-ip-report-batch * ctx-get-ip-report

Defender for Endpoint

1.0.2403.1 2024-06-30 22:57

Preventing NullPointerException during exception handling when there is a problem with Rest API communication

Tlog

1.0.2406.0 2024-06-25 19:56

First Release - Log parser with support for stripping ANSI escape codes - Log schema, logger model, and dashboards - 6 TTP detection scenarios

CrowdStrike Falcon

1.0.2406.0 2024-06-23 16:39

First release - Supports dedicated log parser, log schemas, logger models, and dashboards.

MARS SLE

1.0.2406.0 2024-06-22 18:40

First release - Validated against platform version 2.5.5.6.6, analytics engine 4.6.11.3, mail engine version 2.4.8.20 - MARS SLE log parser, logger model, dashboards (Mail, File, URL) - MITRE ATTACK TTP detection rules (T1566.001, T1566.002) - Extended query commands for playbook

Trellix Endpoint Security

1.1.2406.0 2024-06-16 21:25

Receive logs in CEF format and support detection rules - Malware Hit Found - IOC Hit Found - FireEye Acquisition Started - FireEye Acquisition Queued - FireEye Acquisition Completed - FireEye Quarantine Request - FireEye Quarantine Failed - FireEye Quarantine Completed - FireEye Security Content Updated - Tamper Protection TP hit found Verified on Trellix Endpoint Security 5.3.1

BLUEMAX WIPS

1.0.2406.0 2024-06-14 22:14

Support BLUEMAX WIPS v1.5.0 - WIPS log parser - Logger model and log schemas - Event, performance, operation, audit dashboards

WAPPLES

1.2.2402.1 2024-06-13 21:24

Preventing Null Point Exceptions during exception handling when there is a problem with Rest API communication

Elasticsearch

1.2.2311.2 2024-06-13 21:12

Support for _type metafield for lower versions of Elasticsearch

Windows Event Log

1.0.2406.0 2024-06-13 16:00

First release * Disable Windows Service (T1562.001) * Install Windows Service (T1569.002) * RDP Lateral Movement (T1021.001) * Remote PsExec Command (T1569.002) Support app installation on linux environment.