CyberArk Audit Security Update: CVE-2024-47081 Fix Plus Multi-Solution Maintenance

Security Fix (Primary)

CVE-2024-47081 Remediation: Updated requests library from 2.32.2 to 2.32.4 in CyberArk Audit solution:

• Vulnerability: Maliciously crafted URLs could retrieve credentials for wrong hostname from netrc file
• Impact: Credential exposure risk in trusted environments with netrc authentication
• Scope: CyberArk Audit data connectors using Python requests library for API authentication

Multi-Solution Updates (8 solutions)

New Features

• Corelight v3.2.1: Added anomaly and first_seen parsers with custom table schema support
• Netskope v3.1.2: New CCF connector configuration for enhanced alert and event ingestion
• Microsoft Teams Hunting: New detection queries for blocked domain monitoring (NRT and scheduled)

Maintenance Updates

• Lumen Threat Feed: Delta sync improvements with enhanced error handling and logging
• Salesforce Service Cloud: Expanded CCF connector with improved DCR configuration
• ProofPoint TAP/POD: Version bump releases with packaging updates
• Feedly: Function App deployment package fixes for Python dependency structure

Affected Files

Solutions/CyberArkAudit/Data Connectors/requirements.txt (security fix) Solutions/Corelight/Parsers/ (new parsers: corelight_anomaly.yaml, corelight_first_seen.yaml) Solutions/Netskopev2/Data Connectors/NetskopeAlertsEvents_RestAPI_CCP/ (new CCF configuration) Hunting Queries/Microsoft 365 Defender/Email and Collaboration Queries/Microsoft Teams protection/ (new queries) (packaging artefacts across multiple solutions)