What's New
Enterprise Security Content Updates v3.23.0 was released on June 10, 2021. It includes the following enhancements.
New analytic stories include the following:
- Meterpreter
- Revil Ransomware
New detections include the following:
- Excessive number of taskhost processes
- Revil Registry Entry
- Revil Common Exec Parameter
- Modification Of Wallpaper
- Wbemprox COM Object Execution
- Known Services Killed by Ransomware
- Delete ShadowCopy With PowerShell
- Conti Common Exec parameter
- Revil Ransomware
- Excessive Usage of NSLOOKUP App
- CMD Echo Pipe - Escalation
- Detect AzureHound File Modifications
- Detect SharpHound Command-Line Arguments
- Detect SharpHound File Modifications
- Detect SharpHound Usage
- Detect Renamed Psexec
- Detect Renamed 7-Zip
- Detect Renamed WinRAR
- Detect AzureHound Command-Line Arguments
Updated analytic stories include the following:
- Ransomware
- Windows Discovery Techniques
Updated lookups:
- ransomware_extensions_lookup
- ransomware_notes_lookup
Documentation-specific changes
As of v3.23.0, the doc pages for fixed and known issues are removed. Going forward, if there are known and fixed issues, they will be listed in What's New.
This documentation applies to the following versions of Splunk® Security Content: 3.23.0
Feedback submitted, thanks!