github splunk/security_content v4.18.0
on GitHub

latest releases: v4.42.0, v4.41.0, v4.40.0...
10 months ago

ESCU 4.18.0 Release branch

New Analytic Story
  • Rhysida Ransomware
  • Kubernetes Security
Updated Analytic Story
  • NjRAT
  • RedLine Stealer
  • Amadey
New Analytics
  • PingID Mismatch Auth Source and Verification Response (External Contributor : @nterl0k )
  • PingID Multiple Failed MFA Requests For User (External Contributor : @nterl0k )
  • PingID New MFA Method After Credential Reset (External Contributor : @nterl0k )
  • PingID New MFA Method Registered For User (External Contributor : @nterl0k )
  • Kubernetes Abuse of Secret by Unusual Location
  • Kubernetes Abuse of Secret by Unusual User Agent
  • Windows Modify System Firewall with Notable Process Path
  • Kubernetes Abuse of Secret by Unusual User Group
  • Kubernetes Abuse of Secret by Unusual User Name
  • Kubernetes Access Scanning
  • Kubernetes Suspicious Image Pulling
  • Kubernetes Unauthorized Access
  • Windows Modify System Firewall with Notable Process Path
Updated Analytics
  • Allow File And Printing Sharing In Firewall
  • Azure AD PIM Role Assigned
  • CMD Carry Out String Command Parameter
  • Detect Use of cmd exe to Launch Script Interpreters
  • Modification Of Wallpaper
Other Updates
  • Added two new lookup files ransomware_extensions_20231219.csv‎ and ransomware_notes_20231219.csv and updated the existing transforms definitions of ransomware_extensions_lookup and ransomware_notes_lookup to use the latest csv files.
Check out latest releases or
releases around splunk/security_content v4.18.0

Don't miss a new security_content release

NewReleases is sending notifications on new releases.

Get notifications