github splunk/security_content v4.7.0

latest releases: v4.42.0, v4.41.0, v4.40.0...
15 months ago

New Analytics

  • Citrix ADC Exploitation CVE-2023-3519
  • Windows Modify Registry EnableLinkedConnections
  • Windows Modify Registry LongPathsEnabled
  • Windows Modify Registry Risk Behavior
  • Windows Post Exploitation Risk Behavior
  • Windows Common Abused Cmd Shell Risk Behavior

Updated Analytics

  • O365 Add App Role Assignment Grant User
  • MSHTML Module Load in Office Product
  • Office Document Spawned Child Process To Download
  • Office Product Spawn CMD Process
  • Office Product Spawning BITSAdmin
  • Office Product Spawning CertUtil
  • Office Product Spawning MSHTA
  • Office Product Spawning Rundll32 with no DLL
  • Office Product Spawning Windows Script Host

New Analytic Story

Other Updates

  • Tagged several detection analytics to BlackByte Ransomware
  • Removed unused fields from detections.json for SSE API
  • Improved validation script for the csv lookup and yaml files

Don't miss a new security_content release

NewReleases is sending notifications on new releases.