Splunk® Security Content

Release Notes

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of ESSOC. Click here for the latest version.
Acrobat logo Download topic as PDF

What's New

Enterprise Security Content Updates v3.23.0 was released on June 10, 2021. It includes the following enhancements.

New analytic stories include the following:

  • Meterpreter
  • Revil Ransomware

New detections include the following:

  • Excessive number of taskhost processes
  • Revil Registry Entry
  • Revil Common Exec Parameter
  • Modification Of Wallpaper
  • Wbemprox COM Object Execution
  • Known Services Killed by Ransomware
  • Delete ShadowCopy With PowerShell
  • Conti Common Exec parameter
  • Revil Ransomware
  • Excessive Usage of NSLOOKUP App
  • CMD Echo Pipe - Escalation
  • Detect AzureHound File Modifications
  • Detect SharpHound Command-Line Arguments
  • Detect SharpHound File Modifications
  • Detect SharpHound Usage
  • Detect Renamed Psexec
  • Detect Renamed 7-Zip
  • Detect Renamed WinRAR
  • Detect AzureHound Command-Line Arguments

Updated analytic stories include the following:

  • Ransomware
  • Windows Discovery Techniques

Updated lookups:

  • ransomware_extensions_lookup
  • ransomware_notes_lookup

Documentation-specific changes

As of v3.23.0, the doc pages for fixed and known issues are removed. Going forward, if there are known and fixed issues, they will be listed in What's New.

Last modified on 02 July, 2021
 

This documentation applies to the following versions of Splunk® Security Content: 3.23.0


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters