New Analytics
- Windows PowerShell ScheduleTask
- Windows Files and Dirs Access Rights Modification Via Icacls
Updated Analytics
- ICACLS Grant Command
- Registry Keys Used For Persistence
- PowerShell 4104 Hunting
- Detect Baron Samedit CVE-2021-3156 Segfault
- Detect Baron Samedit CVE-2021-3156
- Windows System Shutdown CommandLine
- VMWare Aria Operations Exploit Attempt
New Analytic Story
- Scheduled Tasks
- Amadey
- Graceful Wipe Out Attack
- VMware Aria Operations vRealize CVE-2023-20887
Other Updates
- Improved descriptions of several detections, tagged appropriate Mitre IDs and Analytic Stories to detections
- Added filter macros to the macros.json file served via the API
- Added content_changer functionality to security content
New Playbooks
- URL Outbound Traffic Filtering Dispatch
- Panorama Outbound Traffic Filtering
- Splunk Message Identifier Activity Analysis
- G Suite for GMail Message Identifier Activity Analysis
- ZScaler Outbound Traffic Filtering