splunk/security_content v3.43.0
on GitHub

latest releases: v4.40.0, v4.39.1, v4.39.0...

2 years ago

New Analytics

Splunk Command and Scripting Interpreter Delete Usage
Splunk Command and Scripting Interpreter Risky Commands
Splunk Digital Certificates Infrastructure Version
Splunk Digital Certificates Lack of Encryption
Splunk Identified SSL TLS Certificates
Splunk Protocol Impersonation Weak Encryption Configuration
Splunk Process Injection Forwarder Bundle Downloads
Splunk Protocol Impersonation Weak Encryption Selfsigned
Splunk Protocol Impersonation Weak Encryption Simplerequest

New ML Detections

Splunk Command and Scripting Interpreter Risky SPL MLTK

New Baseline

Splunk Command and Scripting Interpreter Risky SPL MLTK Baseline

New SOAR Workbook

Splunk PSA Hunting 06/22

Updated Analytic Story

Splunk Vulnerabilities

Other Updates

Fixed bug (PEX-76 / SSE-638) with API which caused SSE clients from pulling updates to fail.
Adds the ability to a test.yml to define a custom index under the field name custom_index to replay data into instead of the default main.

Check out latest releases or
releases around splunk/security_content v3.43.0

Don't miss a new security_content release

NewReleases is sending notifications on new releases.

Get notifications