New Analytics
- Ivanti EPMM Remote Unauthenticated API Access CVE-2023-35078
- Ivanti EPMM Remote Unauthenticated API Access CVE-2023-35082
- Citrix ShareFile Exploitation CVE-2023-24489
- Windows Powershell RemoteSigned File
- PowerShell Script Block With URL Chain (Thank you @steven Dick)
- PowerShell WebRequest Using Memory Stream (Thank you @steven Dick)
- Suspicious Process Executed From Container File (Thank you @steven Dick)
- Windows Registry Payload Injection (Thank you @steven Dick)
- Windows Scheduled Task Service Spawned Shell (Thank you @steven Dick)
Updated Analytics
- Clop Common Exec Parameter (Thank you @DipsyTipsy)
- O365 Added Service Principal
- O365 New Federated Domain Added
- O365 Excessive SSO logon errors
New Analytic Story
- Ivanti EPMM Remote Unauthenticated Access
- Citrix ShareFile RCE CVE-2023-24489
Other Updates
- Updated detections with test datasets
- Updated several observables in detections