ESCU v4.0.0
This major version change to 4.0 includes improvements to Sigma to Search Processing Language (SPL) converter, including backend changes testing and content generation.
NOTE: There is no impact to the ESCU application, our behind the scene tooling just got an upgrade!
New Analytic Story
- Winter Vivern
- Sandworm Tools
- BlackLotus Campaign
New Analytics
- Windows Exfiltration Over C2 Via Invoke RestMethod
- Windows Exfiltration Over C2 Via Powershell UploadString
- Windows Scheduled Task Created Via XML
- Windows Screen Capture Via Powershell
- Windows DNS Gather Network Info
- Windows Impair Defenses Disable HVCI
- Windows BootLoader Inventory
- Windows RDP Connection Successful
Other Updates
- Tagged several detections with
Data Destruction - Fixed number of deprecated and experimental searches had some runtime syntactic/parsing/execution errors.