github splunk/security_content v3.50.0
on GitHub

latest releases: v4.35.0, v4.34.0, v4.33.0...
20 months ago

New Analytic Story

  • AgentTesla
  • AWS Identity and Access Management Account Takeover
  • CISA AA22-264A
  • Okta MFA Exhaustion

New Analytics

  • AWS Multiple Users Failing To Authenticate From Ip
  • AWS Unusual Number of Failed Authentications From Ip
  • Detect DGA domains using pretrained model in DSDL
  • Okta Account Locked Out
  • Okta MFA Exhaustion Hunt
  • Okta New API Token Created
  • Okta New Device Enrolled on Account
  • Okta Suspicious Activity Reported
  • Okta ThreatInsight Threat Detected
  • Okta Two or More Rejected Okta Pushes
  • Okta Risk Threshold Exceeded
  • Office Product Spawning Windows Script Host
  • Powershell COM Hijacking InprocServer32 Modification
  • Windows COM Hijacking InprocServer32 Modification
  • Windows File Transfer Protocol In Non-Common Process Path
  • Windows ISO LNK File Creation
  • Windows Mail Protocol In Non-Common Process Path
  • Windows Multi hop Proxy TOR Website Query
  • Windows System Script Proxy Execution Syncappvpublishingserver

Updated Analytics

  • Multiple Okta Users With Invalid Credentials From The Same IP
  • Okta Account Lockout Events
  • Okta Failed SSO Attempts
  • Exchange PowerShell Module Usage
  • Registry Keys Used For Persistence
  • Windows Phishing Recent ISO Exec Registry

BA Updates

  • source field updated to XmlWinEventLog for Windows System Binary Proxy Execution Compiled HTML File Decompile (released in 3.49.1)

Other updates

  • Removed slim dependency in Github Actions, skip detection testing on tag creation and token updated
  • Fixed bugs in the init functionality for creating a security_content custom application
  • Added advanced_port_scanner.exe to Attacker Tools Lookup
  • Updated the Github Actions workflow steps to create and push files for the SSE API

NOTE

This release contains a new type of analytic( Detect DGA domains using pretrained model in DSDL) that leverages the Splunk App for Data Science and Deep Learning to detect DNS connections to domains generated by Domain Generation Algorithms. This detection uses a pre-trained deep learning model and you can find the steps to deploy this model in our GitHub Wiki.

Check out latest releases or
releases around splunk/security_content v3.50.0

Don't miss a new security_content release

NewReleases is sending notifications on new releases.

Get notifications