splunk/security_content v3.60.0

on GitHub

New Analytics Story

• AwfulShred
• Fortinet FortiNAC CVE-2022-39952

New Analytics

• Exploit Public-Facing Fortinet FortiNAC CVE-2022-39952
• Linux Data Destruction Command
• Linux Hardware Addition SwapOff
• Linux Impair Defenses Process Kill
• Linux Indicator Removal Clear Cache
• Linux Indicator Removal Service File Deletion
• Linux System Reboot Via System Request Key
• Linux Unix Shell Enable All SysRq Functions
• Windows Steal Authentication Certificates CryptoAPI
• Windows Mimikatz Crypto Export File Extensions

Updated Analytics

• Linux Deletion Of Services
• Linux Disable Services
• Linux Shred Overwrite Command
• Linux Service Restarted
• Linux Stop Services
• Linux Deleting Critical Directory Using RM Command
• Wbemprox COM Object Execution

Other Updates:

• Added Lateral Movement story to deprecated with a note to refer to Active Directory Lateral Movement analytic story.
• Removed observables from action.escu.annotations in savedsearches.conf.
• Added MSAccess.exe to all the Microsoft Office analytics
• Updated Detect Outlook exe writing a zip file and removed explorer.exe as it was generating the bulk of noise.