What's new
Enterprise Security Content Updates v3.34.0 was released on February 8, 2022. It includes the following enhancements.
New analytic story
- WhisperGate
New analytics
- Excessive File Deletion In WinDefender Folder
- Suspicious Process With Discord DNS Query
- Ping Sleep Batch Command
- Powershell Remove Windows Defender Directory
- Windows InstallUtil in Non Standard Path
- Windows DotNet Binary in Non Standard Path
- Windows NirSoft AdvancedRun
- Windows NirSoft Utilities
Updated analytics
- Executables Or Script Creation In Suspicious Path
- Process Deleting Its Process File Path
- Suspicious Process File Path
- Windows Defender Exclusion Registry Entry
- CMD Carry Out String Command Parameter
- Impacket Lateral Movement Commandline Parameters
- Malicious PowerShell Process - Encoded Command
- Suspicious Process DNS Query Known Abuse Web Services
Other updates
- Updated
lookups/ransomware_extensions.csv
andlookups/ransomware_notes.csv
lookups (Thanks to @VatsalJagani) - Updated Playbook versions to keep them in sync in
https://github.com/phantomcyber/playbooks
- Added risk_severity to BA detections.
- Fixed minor bugs in
generate.py
for the BA package.
What's in Splunk Security Content |
This documentation applies to the following versions of Splunk® Security Content: 3.34.0
Feedback submitted, thanks!