What's new
Enterprise Security Content Updates v3.43.0 was released on June 14, 2022. It includes the following enhancements.
New analytics
- Splunk Command and Scripting Interpreter Delete Usage
- Splunk Command and Scripting Interpreter Risky Commands
- Splunk Digital Certificates Infrastructure Version
- Splunk Digital Certificates Lack of Encryption
- Splunk Identified SSL TLS Certificates
- Splunk Protocol Impersonation Weak Encryption Configuration
- Splunk Process Injection Forwarder Bundle Downloads
- Splunk Protocol Impersonation Weak Encryption Selfsigned
- Splunk Protocol Impersonation Weak Encryption Simplerequest
New ML Detections
- Splunk Command and Scripting Interpreter Risky SPL MLTK
New Baseline
- Splunk Command and Scripting Interpreter Risky SPL MLTK Baseline
New SOAR Workbook
- Splunk PSA Hunting 06/22
Updated analytic story
- Splunk Vulnerabilities
Other updates
- Fixed bug (PEX-76 / SSE-638) with API which caused SSE clients from pulling updates to fail.
- Adds the ability to define a custom index under the field name
custom_index
to replay data into instead of the defaultmain
.
What's in Splunk Security Content |
This documentation applies to the following versions of Splunk® Security Content: 3.43.0
Feedback submitted, thanks!