github splunk/security_content v3.0.7

latest releases: v4.28.0, v4.27.0, v4.26.0...
3 years ago

New Stories

  • Detect Zerologon Attack
  • GCP Cross Account Activity

New Detections

  • GCP Detect OAuth Token Abuse
  • Detect Computer Changed with Anonymous Account
  • Detect Zerologon via Zeek

Updates

  • fixed bug with detection "AWS Detect STS Assume Role Abuse"
  • fixed bug with detection "AWS Detect Role Creation"
  • tagged new Zerologon on detection "Detect Mimikatz Using Loaded Images"
  • tagged new Zerologon on detection "Detect Credential Dumping through LSASS access"

Others

  • Add the ability to tag detections with RBA. See wiki for details.

Don't miss a new security_content release

NewReleases is sending notifications on new releases.