New Analytic Story
- Cyclops BLink
- Local Privilege Escalation With KrbRelayUp
- Industroyer2
- AcidRain
- Windows Drivers
Updated Analytic Story
- Splunk Vulnerabilities
New Analytics
- Path traversal SPL injection
- Splunk User Enumeration Attempt
- Splunk XSS in Monitoring Console
- Linux Iptables Firewall Modification
- Linux Kworker Process In Writable Process Path
- Windows Computer Account Created by Computer Account
- Windows Computer Account Requesting Kerberos Ticket
- Windows Computer Account With SPN
- Windows Kerberos Local Successful Logon
- Windows KrbRelayUp Service Creation
- Linux Deletion Of Cron Jobs
- Linux Deletion Of Init Daemon Script
- Linux Deletion Of Services
- Linux deletion Of SSH Key
- Linux Deletion of SSL Certificate
- Linux High Frequency Of File Deletion In Etc Folder
- Windows ISO LNK File Creation
- Windows Registry Modification for Safe Mode Persistence
- Windows Registry Certificate Added
- Windows Registry Delete Task SD
Updated Analytics
- Splunk DoS via Malformed S2S Request
BA updates
- Moved
TCP Command and Scripting Interpreter Outbound LDAP Traffic
to experimental
Other Updates
- Fixed API version error
- CI update to push packages to Pre-QA artifactory
- Fixed nes_fields parameter in savedsearches.conf
- Updated
prohibited_apps_launching_cmd.csv