What's New
Enterprise Security Content Updates v3.25.0 was released on July 8, 2021. It includes the following enhancements.
New analytic stories include the following:
- PrintNightmare CVE-2021-1675
New analytics include the following:
- Print Spooler Adding A Printer Driver
- Print Spooler Failed to Load a Plug-in
- Spoolsv Spawning Rundll32
- Spoolsv Suspicious Loaded Modules
- Spoolsv Suspicious Process Access
- Spoolsv Writing a DLL
- Spoolsv Writing a DLL - Sysmon
Changes to deprecated detections include the following:
- doc_gen.py will not longer include deprecated detections on Splunk Docs.
- The correlation search label is updated to ESCU - Deprecated -<search_name> - Rule
- The following note is added to the beginning of the description of the deprecated detection:
#### WARNING, this detection has been marked deprecated by the Splunk Threat Research team, this means that it will no longer be maintained or supported. If you have any questions feel free to email us at: research@splunk.com.*
This documentation applies to the following versions of Splunk® Security Content: 3.25.0
Feedback submitted, thanks!