Release Branch
ESCU 4.26.0
Generating release notes - release_v4.26.0
Compared against - develop
Release notes for ESCU release_v4.26.0
New Analytics Story
Updated Analytics Story
New Analytics
- Cloud Security Groups Modifications by User
- Detect Remote Access Software Usage File(External Contributor : @nterl0k )
- Detect Remote Access Software Usage FileInfo(External Contributor : @nterl0k )
- Detect Remote Access Software Usage Process(External Contributor : @nterl0k )
- Windows Multiple Account Passwords Changed
- Windows Multiple Accounts Deleted
- Windows Multiple Accounts Disabled
- Detect Remote Access Software Usage DNS(External Contributor : @nterl0k )
- Detect Remote Access Software Usage Traffic(External Contributor : @nterl0k )
- High Volume of Bytes Out to Url
- Detect Remote Access Software Usage URL(External Contributor : @nterl0k )
- JetBrains TeamCity Authentication Bypass CVE-2024-27198
- JetBrains TeamCity Authentication Bypass Suricata CVE-2024-27198
- JetBrains TeamCity Limited Auth Bypass Suricata CVE-2024-27199
- Nginx ConnectWise ScreenConnect Authentication Bypass
Updated Analytics
- AWS IAM Delete Policy (External Contributor: @ep3p )
- O365 Multiple Users Failing To Authenticate From Ip
- ConnectWise ScreenConnect Authentication Bypass
- JetBrains TeamCity RCE Attempt
Macros Added
- nginx_access_logs
- suricata
Macros Updated
Lookups Added
Lookups Updated
- remote_access_software
Playbooks Added
- G Suite for Gmail Message Eviction
- G Suite for Gmail Search and Purge
- MS Graph for Office 365 Message Eviction
- MS Graph for Office 365 Message Identifier Activity Analysis
- MS Graph for Office 365 Message Restore
- MS Graph for Office365 Search and Purge
- MS Graph for Office365 Search and Restore
Playbooks Updated
Other Updates
- Added a new script and a CI job to automatically upload the package to Splunkbase using a service account
- Create SSA-Content-latest.tar.gz in the generate_ba CI job