Release notes for ESCU release_v4.34.0
Total New and Updated Content: [1256]
New Analytic Story - [1]
Updated Analytic Story - [0]
New Analytics - [2]
Updated Analytics - [1238]
Over 1200+ descriptions updated.
Macros Added - [3]
- fillnull_config
- oldsummaries_config
- summariesonly_config
Macros Updated - [2]
- prohibited_softwares
- security_content_summariesonly
Updated the security_content_summariesonly macro to use macros for each of the configuration settings that were previously hardcoded. There's no change in the values of those macros and the previous configuration of the security_content_summariesonly macro
Lookups Added - [0]
Lookups Updated - [0]
Playbooks Added - [0]
Playbooks Updated - [0]
Deprecated Analytics - [10]
- Clients Connecting to Multiple DNS Servers
- DNS Query Requests Resolved by Unauthorized DNS Servers
- First time seen command line argument
- GCP Kubernetes cluster scan detection
- Multiple Okta Users With Invalid Credentials From The Same IP
- Okta Failed SSO Attempts
- Prohibited Software On Endpoint
- Suspicious Changes to File Associations
- Uncommon Processes On Endpoint
- Unsigned Image Loaded by LSASS
Other Updates
- Updated descriptions and
_filtermacro for several analytics to have a consistent standard and formatting. - Updated distsearch.conf to remove bias language.
- Updated testing to run against the official Splunk Sysmon for Linux Add-on.
Full Changelog: v4.33.0...v4.34.0