What's new
Enterprise Security Content Updates v3.39.0 was released on May 3, 2022. It includes the following enhancements.
New analytic story
- Cyclops BLink
- Local Privilege Escalation with KrbRelayUp
- Industroyer2
- AcidRain
- Windows Drivers
Updated analytic story
- Splunk Vulnerabilities
New analytics
- Path traversal SPL injection
- Splunk User Enumeration Attempt
- Splunk XSS in Monitoring Console
- Linux Iptables Firewall Modification
- Linux Kworker Process in Writable Process Path
- Linux Deletion of Cron Jobs
- Linux Deletion of Init Daemon Script
- Linux Deletion of Services
- Linux deletion of SSH Key
- Linux Deletion of SSL Certificate
- Linux High Frequency of File Deletion In Etc Folder
- Windows Computer Account Created by Computer Account
- Windows Computer Account Requesting Kerberos Ticket
- Windows Computer Account with SPN
- Windows Kerberos Local Successful Logon
- Windows KrbRelayUp Service Creation
- Windows ISO LNK File Creation
- Windows Registry Modification for Safe Mode Persistence
- Windows Registry Certificate Added
- Windows Registry Delete Task SD
Updated analytics
- Splunk DoS via Malformed S2S Request
Other updates
- Fixed API version error
- CI update to push packages to Pre-QA Artifactory
- Fixed
nes_fields parameter
insavedsearches.conf
- Updated
prohibited_apps_launching_cmd.csv
What's in Splunk Security Content |
This documentation applies to the following versions of Splunk® Security Content: 3.39.0
Feedback submitted, thanks!