github splunk/security_content v4.1.0
on GitHub

latest releases: v4.40.0, v4.39.1, v4.39.0...
16 months ago

New Analytic Story

  • Active Directory Privilege Escalation
  • RedLine Stealer

New Analytics

  • Active Directory Lateral Movement Identified
  • Impacket Lateral Movement smbexec CommandLine Parameters
  • Impacket Lateral Movement WMIExec CommandLine Parameters
  • Steal or Forge Authentication Certificates Behavior Identified
  • Windows Administrative Shares Accessed On Multiple Hosts
  • Windows Admon Default Group Policy Object Modified
  • Windows Admon Group Policy Object Created
  • Windows Credentials from Password Stores Chrome Extension Access
  • Windows Credentials from Password Stores Chrome LocalState Access
  • Windows Credentials from Password Stores Chrome Login Data Access
  • Windows Default Group Policy Object Modified
  • Windows Default Group Policy Object Modified with GPME
  • Windows DnsAdmins New Member Added
  • Windows File Share Discovery With Powerview
  • Windows Findstr GPP Discovery
  • Windows Group Policy Object Created
  • Windows Large Number of Computer Service Tickets Requested
  • Windows Local Administrator Credential Stuffing
  • Windows Modify Registry Auto Minor Updates
  • Windows Modify Registry Auto Update Notif
  • Windows Modify Registry Disable WinDefender Notifications
  • Windows Modify Registry Do Not Connect To Win Update
  • Windows Modify Registry No Auto Reboot With Logon User
  • Windows Modify Registry No Auto Update
  • Windows Modify Registry Tamper Protection
  • Windows Modify Registry UpdateServiceUrlAlternate
  • Windows Modify Registry USeWuServer
  • Windows Modify Registry WuServer
  • Windows Modify Registry wuStatusServer
  • Windows PowerSploit GPP Discovery
  • Windows PowerView AD Access Control List Enumeration
  • Windows Query Registry Browser List Application
  • Windows Query Registry UnInstall Program List
  • Windows Rapid Authentication On Multiple Hosts
  • Windows Service Stop Win Updates
  • Windows Special Privileged Logon On Multiple Hosts

Other Updates:

  • Added a new job for smoke testing experimental and deprecated detections
  • Several detections and yaml metadata fixed by @nterl0k and @TheLawsOfChaos
  • Deprecated detection Detect Mimikatz Using Loaded Images
Check out latest releases or
releases around splunk/security_content v4.1.0

Don't miss a new security_content release

NewReleases is sending notifications on new releases.

Get notifications