What's new
Enterprise Security Content Updates version 5.4.0 was released on April 23, 2025 and includes the following enhancements:
Key highlights
Splunk Enterprise Security Content Update version 5.5.0 releases new analytic stories and detections to strengthen the visibility and defense of your security environment.
Here's a summary of the latest updates:
- SAP NetWeaver Exploitation: A new analytic story targeting CVE-2025-31324 in SAP NetWeaver, including a dedicated hunting detection for "SAP NetWeaver Visual Composer Exploitation Attempt" to catch early signs of exploitation. For more information about this vulnerability, see Critical vulnerability in SAP NetWeaver enables malicious file uploads.
- AMOS Stealer Analytics: Added a new analytic story for AMOS Stealer and introduced the "MacOS AMOS Stealer – Virtual Machine Check Activity" detection which looks for the execution of the "osascript" command along with specific commandline strings.
- Additional Windows Detections: Shipped three new Windows-focused detections to improve visibility into post-compromise activity. The first identifies reconnaissance by monitoring built-in log query utilities against the Windows Event Log, the second alerts when an adversary clears the Event Log via Wevtutil, and a third that detects malicious file downloads executed through the CertUtil utility.
These additions strengthen security teams' ability to detect and respond to emerging threats across critical enterprise platforms.
New analytic stories
New analytics
- MacOS AMOS Stealer - Virtual Machine Check Activity
- SAP NetWeaver Visual Composer Exploitation Attempt
- Windows EventLog Recon Activity Using Log Query Utilities
- Windows Eventlog Cleared Via Wevtutil
- Windows File Download Via CertUtil
Other updates
- Updated the
is_nirsoft_software
lookup with additional nirsoft tooling. - Updated the
attack_data
links for several detections.
This documentation applies to the following versions of Splunk® Enterprise Security Content Update: 5.5.0
Feedback submitted, thanks!