github splunk/security_content v3.52.0

latest releases: v4.42.0, v4.41.0, v4.40.0...
2 years ago

New Analytic Story

Updated Analytic Story

New Analytics

  • Exploit Public Facing Application via Apache Commons Text
  • Fortinet Appliance Auth bypass
  • GCP Authentication Failed During MFA Challenge
  • GCP Multi-Factor Authentication Disabled
  • GCP Multiple Failed MFA Requests For User
  • GCP Multiple Users Failing To Authenticate From Ip
  • GCP Successful Single-Factor Authentication
  • GCP Unusual Number of Failed Authentications From Ip
  • Splunk Code Injection via custom dashboard leading to RCE
  • Splunk Data exfiltration from Analytics Workspace using sid query
  • Splunk RCE via Splunk Secure Gateway Splunk Mobile alerts feature
  • Splunk Reflected XSS in the templates lists radio
  • Splunk Stored XSS via Data Model objectName field
  • Splunk XSS in Save table dialog header in search page
  • Windows App Layer Protocol Wermgr Connect To NamedPipe
  • Windows Command Shell Fetch Env Variables
  • Windows DLL Side-Loading In Calc
  • Windows DLL Side-Loading Process Child Of Calc
  • Windows Masquerading Explorer As Child Process
  • Windows Modify Registry Qakbot Binary Data Registry
  • Windows Process Injection Of Wermgr to Known Browser
  • Windows Process Injection Remote Thread
  • Windows Process Injection Wermgr Child Process
  • Windows Regsvr32 Renamed Binary
  • Windows System Discovery Using ldap Nslookup
  • Windows System Discovery Using Qwinsta
  • Windows WMI Impersonate Token

New BA Analytics

  • Office Product Spawning Windows Script Host
  • Windows COM Hijacking InprocServer32 Modification
  • Windows Exchange PowerShell Module Usage

Other updates

  • Added a tag called data_schema that has the version used for CIM/OCSF
  • Updated a bug template for creating better Github Issues

Don't miss a new security_content release

NewReleases is sending notifications on new releases.