A New Community Experience is Coming! For more information, please see our announcement
Plugins Feed Update - September 09,2018
Plugins Feed Update - 2018-09-04
USM Appliance Plugins Feed Release NotesNew plugins available
HIDS rules and decoders
- Added new plugin for DELL iDRAC (dell-idrac).
- Added new plugin for Microsoft Azure ATP (azure-atp).
- Added new plugin for Duo Two-Factor Authentication (duo-2fa).
- Added new plugin for VMware nsx (vmware-nsx).
- Added new plugin for Softerra Adaxes (softerra-adaxes).
- Added new plugin for Riverbed Technology SteelHead (riverbed-steelhead).
How to enable new HIDS rules
- Added new IPsec rules and more Windows Firewall and Policy OSSEC rules.
- Updated FireEye CM (fireeye-cm) plugin to parse correct timestamp in rule 20.
- Updated Aruba Networks ClearPass (aruba-clearpass) plugin to parse event name correctly and to parse new audit and system logs.
- Updated Juniper Networks SRX Series (juniper-srx) plugin to parse IDS events without action.
- Updated IBM Aix Audit (aix-audit) plugin to parse new multi-lines logs.
- Updated Darktrace DCIP (darktrace) plugin to parse dvc as source_ip.
- Updated Cylance CylancePROTECT (cylance) plugin to parse new threat and audit logs.
- Updated AlienVault-HIDS (ossec-single-line) plugin to support new events with RID 40111 and to parse some new windows audit failure events.
- Updated DELL SonicWall VPN (sonicwall-vpn) plugin to parse all device names rather than just "vpn".
- Updated WatchGuard XTM Series (watchguard) plugin to change date field in a rule.
- Updated Cisco router (cisco-router) plugin to parse new logs.
- Updated Microsoft Windows Nxlog (nxlog) plugin to parse Windows event id 5141.