github splunk/security_content v3.58.0
on GitHub

latest releases: v4.41.0, v4.40.0, v4.39.1...
20 months ago

New Analytic Story

  • AsyncRAT
  • Compromised User Account
  • Swift Slicer
  • Windows Certificate Services

New Analytics

  • AWS AD New MFA Method Registered For User
  • AWS Concurrent Sessions From Different Ips
  • AWS High Number Of Failed Authentications For User
  • AWS High Number Of Failed Authentications From Ip
  • AWS Password Policy Changes
  • AWS Successful Console Authentication From Multiple IPs
  • Azure AD Concurrent Sessions From Different Ips
  • Azure AD High Number Of Failed Authentications For User
  • Azure AD High Number Of Failed Authentications From Ip
  • Azure AD New MFA Method Registered For User
  • Azure AD Successful Authentication From Different Ips
  • Detect suspicious processnames using a pretrained model in DSDL
  • Driver Inventory
  • LOLBAS With Network Traffic (Thanks to @nterl0k)
  • Windows Data Destruction Recursive Exec Files Deletion
  • Windows Export Certificate
  • Windows PowerShell Export Certificate
  • Windows PowerShell Export PfxCertificate
  • Windows Spearphishing Attachment Onenote Spawn Mshta
  • Windows Steal Authentication Certificates Certificate Issued
  • Windows Steal Authentication Certificates Certificate Request
  • Windows Steal Authentication Certificates CertUtil Backup
  • Windows Steal Authentication Certificates CS Backup
  • Windows Steal Authentication Certificates Export Certificate
  • Windows Steal Authentication Certificates Export PfxCertificate
  • Windows Powershell Cryptography Namespace
  • Windows Scheduled Task with Highest Privileges
  • Windows Spearphishing Attachment Connect To None MS Office Domain

Updated Analytics

  • AWS Multiple Users Failing To Authenticate From Ip
  • Exploit Public Facing Application via Apache Commons Text
  • Office Application Drop Executable (Thanks to @TheLawsOfChaos )
  • Office Product Spawning MSHTA
  • Rundll32 with no Command Line Arguments with Network (Thanks to @nterl0k)
  • Windows Java Spawning Shells

Other Updates

  • Moved 12 failing detections to experimental
  • Fixed a number of detections that use an incorrect sourcetype in their macro.
  • Several Endpoint detections updated to from proc_guid to process_guid (Thanks to @nterl0k)
Check out latest releases or
releases around splunk/security_content v3.58.0

Don't miss a new security_content release

NewReleases is sending notifications on new releases.

Get notifications