What's new
Enterprise Security Content Updates v4.5.0 was released on June 13, 2023. It includes the following enhancements.
New analytic story
- MOVEit Transfer Critical Vulnerability
New analytics
- ASL AWS Concurrent Sessions From Different IPs
- ASL AWS CreateAccessKey
- ASL AWS Defense Evasion Delete Cloudtrail
- ASL AWS Defense Evasion Delete CloudWatch Log Group
- ASL AWS Defense Evasion Impair Security Services
- ASL AWS Excessive Security Scanning
- ASL AWS IAM Delete Policy
- ASL AWS Multi-Factor Authentication Disabled
- ASL AWS New MFA Method Registered For User
- ASL AWS Password Policy Changes
- Detect DNS Data Exfiltration using pretrained model in DSDL
- Detect RTLO In File Name (Thank you @nterl0k)
- Detect RTLO In Process (Thank you @nterl0k)
- Detect Webshell Exploit Behavior (Thank you @nterl0k)
- Windows MOVEit Transfer Writing ASPX
Other updates
- Added support for Apple Silicon for detection testing
- Updated several detections which use
|outputlookup
to create KVStore instead of CSV
What's in Splunk Security Content |
This documentation applies to the following versions of Splunk® Security Content: 4.5.0
Feedback submitted, thanks!