github splunk/security_content v3.53.0
on GitHub

latest releases: v4.31.1, v4.31.0, v4.30.0...
18 months ago

New Analytic Story

Updated Analytic Story

  • IcedID
  • Remcos
  • Qakbot

New Analytics

  • Azorult
  • SSL Certificates with Punycode
  • Windows App Layer Protocol Qakbot NamedPipe
  • Zeek x509 Certificate with Punycode

Updated Analytics

  • Attempted Credential Dump From Registry via Reg exe
  • AWS Detect Users with KMS keys performing encryption S3 (thank you Antony Bowesman)
  • AWS ECR Container Upload Outside Business Hours (thank you Antony Bowesman)
  • BITSAdmin Download File
  • BITS Job Persistence
  • Common Ransomware Extensions (thank you Steven Dick)
  • Creation of Shadow Copy
  • Detect Rare Executables (thank you Antony Bowesman)
  • Dump LSASS via procdump
  • Executables Or Script Creation In Suspicious Path
  • Kubernetes AWS detect suspicious kubectl calls (thank you Antony Bowesman)
  • O365 Disable MFA (thank you Jamie Windley)
  • Office Document Executing Macro Code
  • Office Product Spawn CMD Process
  • Office Product Spawning Windows Script Host
  • Process Creating LNK file in Suspicious Location
  • RunDLL Loading DLL By Ordinal
  • Suspicious Process File Path

Other updates

  • The name for a few analytics tests were updated #2455
  • Added a CI check to validate NIST and CIS20 tags #2390
Check out latest releases or
releases around splunk/security_content v3.53.0

Don't miss a new security_content release

NewReleases is sending notifications on new releases.

Get notifications