What's new
Enterprise Security Content Updates v3.57.0 was released on January 25, 2023. It includes the following enhancements.
New analytic story
- Chaos Ransomware
- LockBit Ransomware
New analytics
- Detect suspicious DNS TXT records using pretrained model in DSDL
- Windows Boot or Logon Autostart Execution in Startup Folder
- Windows Modify Registry Default Icon Setting
- Windows Phishing PDF File Executes URL Link
- Windows Replication Through Removable Media
- Windows User Execution Malicious URL Shortcut File
- Windows Vulnerable Driver Loaded
- Linux Ngrok Reverse Proxy Usage
- Windows Server Software Component GACUtil Install to GAC
- Windows PowerShell Add Module to Global Assembly Cache
- Windows Credential Dumping LSASS Memory Createdump
Updated analytics
- Known Services Killed by Ransomware
- Windows DLL Search Order Hijacking Hunt
- Windows DLL Search Order Hijacking Hunt Sysmon
- ProxyShell ProxyNotShell Behavior Detected (correlation)
Other updates
- Added 3 new playbook files:
Dynamic Identifier Reputation Analysis
,PhishTank URL Reputation Analysis
, andVirusTotal v3 Identifier Reputation Analysis
from phantomcyber/playbooks to security_content - Added
onenote.exe
to several detection analytics related to Microsoft Office products
What's in Splunk Security Content |
This documentation applies to the following versions of Splunk® Security Content: 3.57.0
Feedback submitted, thanks!