splunk/security_content v4.12.0
on GitHub

latest releases: v4.42.0, v4.41.0, v4.40.0...

13 months ago

New Analytic Story

Forest Blizzard

New analytics

Windows Find Domain Organizational Units with GetDomainOU
Windows Find Interesting ACL with FindInterestingDomainAcl
Windows Forest Discovery with GetForestDomain
Windows Get Local Admin with FindLocalAdminAccess
Headless Browser Mockbin or Mocky Request
Headless Browser Usage
Windows AD Abnormal Object Access Activity (External Contributor : @nterl0k )
Windows AD Privileged Object Access Activity (External Contributor : @nterl0k )

Other Updates

Adding CVE to Splunk Edit User Privilege Escalation
Observables updated for 143+ detections to create accurate risk objects
Added status field to BA spec
Updated how to implement sections for all detections based on Endpoint.Processes

New Playbooks

Jira Related Tickets Search

Check out latest releases or
releases around splunk/security_content v4.12.0

Don't miss a new security_content release

NewReleases is sending notifications on new releases.

Get notifications