Splunk® Security Content

Release Notes

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of ESSOC. Click here for the latest version.
Acrobat logo Download topic as PDF

What's New

Enterprise Security Content Updates v3.25.0 was released on July 8, 2021. It includes the following enhancements.

New analytic stories include the following:

  • PrintNightmare CVE-2021-1675

New analytics include the following:

  • Print Spooler Adding A Printer Driver
  • Print Spooler Failed to Load a Plug-in
  • Spoolsv Spawning Rundll32
  • Spoolsv Suspicious Loaded Modules
  • Spoolsv Suspicious Process Access
  • Spoolsv Writing a DLL
  • Spoolsv Writing a DLL - Sysmon

Changes to deprecated detections include the following:

  • doc_gen.py will not longer include deprecated detections on Splunk Docs.
  • The correlation search label is updated to ESCU - Deprecated -<search_name> - Rule
  • The following note is added to the beginning of the description of the deprecated detection:

    #### WARNING, this detection has been marked deprecated by the Splunk Threat Research team, this means that it will no longer be maintained or supported. If you have any questions feel free to email us at: research@splunk.com.*

Last modified on 08 July, 2021
 

This documentation applies to the following versions of Splunk® Security Content: 3.25.0


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters