This documentation does not apply to the most recent version of Splunk® Security Content.
For documentation on the most recent version, go to the latest release.
Download topic as PDF
What's new
Enterprise Security Content Updates v3.54.0 was released on November 30, 2022. It includes the following enhancements.
New analytic story
- CISA AA22-320A
- Reverse Network Proxy
- MetaSploit
New analytics
- Ngrok Reverse Proxy on Network
- Powershell Load Module in Meterpreter
- Windows Apache Benchmark Binary
- Windows Mimikatz Binary Execution
- Windows MSExchange Management Mailbox Cmdlet Usage
- Windows Ngrok Reverse Proxy Usage
- Windows Service Created with Suspicious Service Path
Updated analytics
- BITSAdmin Download File (Thank you @BlackB0lt!)
- Common Ransomware Extensions (Thank you Steven Dick!)
- Exchange PowerShell Module Usage
Other updates
- Tagged several detections for AgentTesla, Qakbot
- Crowdstike TA added to detection testing pipeline
Last modified on 30 November, 2022
NEXT What's in Splunk Security Content |
This documentation applies to the following versions of Splunk® Security Content: 3.54.0
Feedback submitted, thanks!