New Analytics
- ASL AWS Concurrent Sessions From Different IPs
- ASL AWS CreateAccessKey
- ASL AWS Defense Evasion Delete Cloudtrail
- ASL AWS Defense Evasion Delete CloudWatch Log Group
- ASL AWS Defense Evasion Impair Security Services
- ASL AWS Excessive Security Scanning
- ASL AWS IAM Delete Policy
- ASL AWS Multi-Factor Authentication Disabled
- ASL AWS New MFA Method Registered For User
- ASL AWS Password Policy Changes
- Detect DNS Data Exfiltration using pretrained model in DSDL
- Detect RTLO In File Name (Thank you @nterl0k)
- Detect RTLO In Process (Thank you @nterl0k)
- Detect Webshell Exploit Behavior (Thank you @nterl0k)
- Windows MOVEit Transfer Writing ASPX
New Analytic Story
- MOVEit Transfer Critical Vulnerability
Other Updates
- Added support for Apple Silicon for detection testing
- Updated several detections which use
|outputlookupto create KVStore instead of CSV