splunk/security_content v3.18.0
on GitHub

latest releases: v4.41.0, v4.40.0, v4.39.1...

3 years ago

New Analytic Stories

Ingress Tool Transfer
Deobfuscate/Decode Files or Information
AWS IAM Privilege Escalation
Clop Ransomware

New Detections

CertUtil Download With URLCache and Split Arguments
CertUtil Download With VerifyCtl and Split Arguments
CertUtil with Decode Flag
AWS Create Policy Version to allow all resources
AWS SetDefaultPolicyVersion
AWS CreateAccessKey
AWS CreateLoginProfile
AWS UpdateLoginProfile
Clop Common Exec Parameter
Clop Ransomware Known Service Name
Create Service In Suspicious File Path
High File Deletion Frequency
High Process Termination Frequency
Process Deleting Its Process File Path
Ransomware Notes bulk creation
Resize ShadowStorage volume

Updates:

Detect Exchange Web Shell
Added product and risk tag to all cloud searches

Bug Fixes:

Updated Mitre IDs in Create Service In Suspicious File Path. Thank you Drew Chruch for fixing
Updated CI to fail, if AppInspect had any "Failures"

Notes

doc_gen.py now generates markdown and wiki documentation for stories and detections. It also is used to produce product documentation.

Check out latest releases or
releases around splunk/security_content v3.18.0

Don't miss a new security_content release

NewReleases is sending notifications on new releases.

Get notifications