Key highlights
Enterprise Security Content Updates version 4.36.0 introduces a comprehensive suite of new detections related to Sneaky Active Directory Persistence Tricks. These detections are designed to identify and alert on subtle techniques used by attackers to maintain unauthorized access within Active Directory environments. The update includes analytics for detecting distributed and localized password spray attempts, identifying internal horizontal and vertical port scans, and alerting on Windows AD self-group additions.
Additionally, this release incorporates detections for monitoring increases in group/object modification activity, tracking unusual spikes in user modification activity, detecting suspicious Windows network share interactions, and identifying installations of known vulnerable drivers. These new capabilities significantly enhance an organization's ability to spot and respond to sophisticated persistence techniques in Active Directory, improving overall security posture against advanced persistent threats.
ESCU 4.36.0
###Total New and Updated Content: [10]
New Analytics - [10]
- Detect Distributed Password Spray Attempts
- Detect Password Spray Attempts
- Internal Horizontal Port Scan
- Internal Vertical Port Scan
- Windows AD add Self to Group
- Windows Increase in Group or Object Modification Activity
- Windows Increase in User Modification Activity
- Windows Network Share Interaction With Net
- Windows Vulnerable Driver Installed
Other Updates
- Added new data_source objects