Logpresso Store

1.0.2408.0 2024-08-04 18:13

First Release - Menlo Security Web Access, Audit logger models. - menlo-web-logs, menlo-audit-logs query commands. - Web Access and Audit dashboards. - Phishing and malware download detection rules. - Tested on Menlo Security Admin Portal 2.90.0-133004.

ML Rules

0.1.2407.0 2024-07-29 14:20

Support web log feature generation command. - web-log-features

ChatGPT

1.0.2407.0 2024-07-20 17:25

Extended query commands: - chatgpt-ask - chatgpt-ask-batch - chatgpt-summarize-campaign-report

Check Point OPSEC LEA

1.2.2407.0 2024-07-13 13:17

Automatic resumption after various connection errors

NexG FW

1.0.2407.0 2024-07-10 17:37

First release - Dedicated log parser, log schema, logger model, dashboard

Elasticsearch

1.3.2407.0 2024-07-04 16:55

Support ECS 8.11 normalization (20 field set, 225 fields) - [ECS normalization reference link](https://docs.logpresso.com/ko/ecs-normalization)

CTX

1.0.2407.0 2024-07-03 01:22

Supported query commands: * ctx-get-file-report-batch * ctx-get-domain-report * ctx-get-similar-files * ctx-get-domain-report-batch * ctx-get-file-report * ctx-get-file-relations * ctx-get-ip-report-batch * ctx-get-ip-report

Defender for Endpoint

1.0.2403.1 2024-06-30 22:57

Preventing NullPointerException during exception handling when there is a problem with Rest API communication

Tlog

1.0.2406.0 2024-06-25 19:56

First Release - Log parser with support for stripping ANSI escape codes - Log schema, logger model, and dashboards - 6 TTP detection scenarios

CrowdStrike Falcon

1.0.2406.0 2024-06-23 16:39

First release - Supports dedicated log parser, log schemas, logger models, and dashboards.

MARS SLE

1.0.2406.0 2024-06-22 18:40

First release - Validated against platform version 2.5.5.6.6, analytics engine 4.6.11.3, mail engine version 2.4.8.20 - MARS SLE log parser, logger model, dashboards (Mail, File, URL) - MITRE ATTACK TTP detection rules (T1566.001, T1566.002) - Extended query commands for playbook

Trellix Endpoint Security

1.1.2406.0 2024-06-16 21:25

Receive logs in CEF format and support detection rules - Malware Hit Found - IOC Hit Found - FireEye Acquisition Started - FireEye Acquisition Queued - FireEye Acquisition Completed - FireEye Quarantine Request - FireEye Quarantine Failed - FireEye Quarantine Completed - FireEye Security Content Updated - Tamper Protection TP hit found Verified on Trellix Endpoint Security 5.3.1

BLUEMAX WIPS

1.0.2406.0 2024-06-14 22:14

Support BLUEMAX WIPS v1.5.0 - WIPS log parser - Logger model and log schemas - Event, performance, operation, audit dashboards

WAPPLES

1.2.2402.1 2024-06-13 21:24

Preventing Null Point Exceptions during exception handling when there is a problem with Rest API communication

Elasticsearch

1.2.2311.2 2024-06-13 21:12

Support for _type metafield for lower versions of Elasticsearch

Windows Event Log

1.0.2406.0 2024-06-13 16:00

First release * Disable Windows Service (T1562.001) * Install Windows Service (T1569.002) * RDP Lateral Movement (T1021.001) * Remote PsExec Command (T1569.002) Support app installation on linux environment.

BLUEMAX NGF

1.6.2406.0 2024-06-12 17:21

Support BLUEMAX NGF v3.5.1 firmware. - Added fw_rule_dir field when parsing fw4_allow, fw4_deny, fw6_allow, fw6_deny log types. - Changed start_time, end_time field types to date type. - Changed device_ip field type to IP address type.

Genian NAC

1.3.2406.0 2024-06-08 22:18

Support Genian NAC REST API changes - Field name changes: IP -> NL_IPSTR, MAC -> NL_MAC, SS_STATUS -> NL_STATUS, Hostname -> NL_FQDN, PLATFORM -> NL_PLATFORM, NODEPOLICY -> NL_NODESYSTEM, LASTACTIVE -> NL_LASTACTIVE - Cache node list to improve dashboard performance (updated every 5 minutes)

Palo Alto Networks NGFW

1.2.2406.0 2024-06-01 14:35

Added ATT&CK TTP rules

eWalker SWG

1.2.2405.0 2024-05-31 18:15

Support for collecting syslog methods * Add syslog collection model Added ssl.log collection target * ssl.log