What Changed
The Lookout mobile security solution has been updated to version 3.0.1 addressing parser validation issues and adding new security monitoring capabilities. Key improvements include parser field fixes, comprehensive and executive security dashboards, and updated analytic rules.
Security Impact (Visibility & Fidelity)
Parser fixes resolve KQL validation errors that could have affected query reliability against Lookout mobile threat data. The solution now includes:
- Fixed LookoutEvents parser with proper field mapping
- New comprehensive security investigation dashboard for detailed threat analysis
- Executive dashboard providing high-level security posture overview
- Enhanced analytic rules (v2.0.3) with improved MITRE ATT&CK mappings for mobile threats
These improvements enhance visibility into mobile device threats, compliance status, and security incidents across iOS and Android platforms.
Affected Files
Solutions/Lookout/Analytic Rules/ (5 detection rules updated)
Solutions/Lookout/Workbooks/ (4 new dashboards added)
Solutions/Lookout/Parsers/LookoutEvents.yaml
Solutions/Lookout/Data Connectors/ (CCF and Function App configurations)
(extensive documentation, validation tools, and packaging artifacts)