Enterprise Security Content Updates v 1.0.50 was released on February 13, 2020. It includes the following enhancements:
Fixed issues:
- CRL-1727 - Fixed bug in "AWS Activity in New Region" around converting the time to a readable format
- CRL-1726 - Some lookup files were inadvertently omitted from the last couple of builds. All lookups now properly included
- CRL-1725 - Updated search in "Detect Prohibited Applications Spawning cmd.exe" to use parent_process_name vs parent_process where appropriate
- CRL-1723 - Fixed search "Suspicious Writes to Windows Recycle Bin" to use Filesystem.file_path as opposed to Filesystem.filepath
- Closes issue 343
- Introduced a new detection
MacOS - Re-opened Applicationscontributed by @jwindley-splunk
Full documentation: https://docs.splunk.com/Documentation/ESSOC/1.0.50