Splunk® Security Content

Release Notes

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

What's New

Enterprise Security Content Updates v3.18.0 was released on March 30, 2021. It includes the following enhancements.

New stories include the following:

  • Ingress Tool Transfer
  • Deobfuscate/Decode Files or Information
  • AWS IAM Privilege Escalation
  • Clop Ransomware

New detections include the following:

  • CertUtil Download With URLCache and Split Arguments
  • CertUtil Download With VerifyCtl and Split Arguments
  • CertUtil with Decode Flag
  • AWS Create Policy Version to allow all resources
  • AWS SetDefaultPolicyVersion
  • AWS CreateAccessKey
  • AWS CreateLoginProfile
  • AWS UpdateLoginProfile
  • Clop Common Exec Parameter
  • Clop Ransomware Known Service Name
  • Create Service In Suspicious File Path
  • High File Deletion Frequency
  • High Process Termination Frequency
  • Process Deleting Its Process File Path
  • Ransomware Notes bulk creation
  • Resize ShadowStorage volume

Updates include the following:

  • Detect Exchange Web Shell
  • Updated doc_gen.py
  • Added product and risk tag to all cloud searches
Last modified on 31 March, 2021
Fixed Issues

This documentation applies to the following versions of Splunk® Security Content: 3.18.0

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters