splunk/security_content v4.7.0
on GitHub

latest releases: v4.42.0, v4.41.0, v4.40.0...

15 months ago

New Analytics

Citrix ADC Exploitation CVE-2023-3519
Windows Modify Registry EnableLinkedConnections
Windows Modify Registry LongPathsEnabled
Windows Modify Registry Risk Behavior
Windows Post Exploitation Risk Behavior
Windows Common Abused Cmd Shell Risk Behavior

Updated Analytics

O365 Add App Role Assignment Grant User
MSHTML Module Load in Office Product
Office Document Spawned Child Process To Download
Office Product Spawn CMD Process
Office Product Spawning BITSAdmin
Office Product Spawning CertUtil
Office Product Spawning MSHTA
Office Product Spawning Rundll32 with no DLL
Office Product Spawning Windows Script Host

New Analytic Story

BlackByte Ransomware
CVE-2023-36884 Office and Windows HTML RCE Vulnerability
Citrix Netscaler ADC CVE-2023-3519

Other Updates

Tagged several detection analytics to BlackByte Ransomware
Removed unused fields from detections.json for SSE API
Improved validation script for the csv lookup and yaml files

Check out latest releases or
releases around splunk/security_content v4.7.0

Don't miss a new security_content release

NewReleases is sending notifications on new releases.

Get notifications