Added
- Rules/decoders:
- Microsoft Windows Defender
- Microsoft log related events
- Microsoft SQL Server
- Identity guard
- Sysmon events 11 and 15
- MongoDB
- Docker
- Jenkins
- AWS S3
- Update_ruleset.py accepts a custom download URL
Changed
- web-accesslog_decoders.xml
- Amazon rules
- Rootcheck references
- Sysmon uses dynamic fields
- getawslog.py: Ignore digest files
- Fortigate decoders
- Apache decoders
Fixed
- Bug in update_ruleset.py
- Netstat command
- SSH rootchecks