github splunk/security_content v4.35.0
on GitHub

3 days ago

Key Highlights

  • Enterprise Security Content Updates version 4.35.0 contains 11 new analytics and 6 updated analytics that are specifically crafted to detect the Splunk Security Advisories that were published on July 1st, 2024 for Splunk Enterprise 9.2.2, 9.1.5, 9.0.10 and Splunk Cloud. These Splunk Enterprise updates address several critical vulnerabilities, including multiple instances of persistent cross-site scripting (XSS) in various endpoints, remote code execution (RCE) exploits, and denial of service (DoS) vulnerabilities. Additionally, in this ESCU build we have updated the analytics for detecting information disclosure of user names, path traversal, insecure file uploads, and risky command safeguards bypasses, ensuring a more secure environment for Splunk Enterprise users. Please refer to https://advisory.splunk.com/ for specific details about the vulnerabilities.

Total New and Updated Content: [19]

New Analytic Story - [0]

Updated Analytic Story - [0]

New Analytics - [11]

Updated Analytics - [6]

Macros Added - [1]

  • splunkd_webs

Macros Updated - [0]

Lookups Added - [0]

Lookups Updated - [1]

  • splunk_risky_command

Playbooks Added - [0]

Playbooks Updated - [0]

Deprecated Analytics - [0]

Other Updates

  • Updated the ESCU Summary Dashboard to link directly to the Enterprise Security Use Case Library.

Full Changelog: v4.34.0...v4.35.0

Check out latest releases or
releases around splunk/security_content v4.35.0

Don't miss a new security_content release

NewReleases is sending notifications on new releases.

Get notifications