What's New
Enterprise Security Content Updates v3.30.0 was released on November 4, 2021. It includes the following enhancements.
New Analytics
- ServicePrincipalNames Discovery with PowerShell
- ServicePrincipalNames Discovery with SetSPN
- Remcos client registry install entry
- Malicious InProcServer32 Modification
- Process Writing DynamicWrapperX
- Winhlp32 Spawning a Process
Updated Analytics
- DLLHost with no Command Line Arguments with Network
- SearchProtocolHost with no Command Line with Network
- GPUpdate with no Command Line Arguments with Network
- Rundll32 with no Command Line Arguments with Network
- Detect Exchange Web Shell
- Malicious PowerShell Process - Encoded Command
- Malicious PowerShell Process - Connect To Internet With Hidden Window
- Suspicious wevtutil Usage
- DLLHost with no Command Line Arguments with Network
- SearchProtocolHost with no Command Line with Network
- GPUpdate with no Command Line Arguments with Network
- Rundll32 with no Command Line Arguments with Network
Other updates
- Added functionality to render Automation Playbooks on the Splunk Security Content website.
- Added functionality to display CVEs for detections on the Splunk Security Content website.
- Fixed an issue with the ATT&CK table not properly displaying on Splunk Security Content website.
- The manuals for analytics stories and detections are removed from the documentation. Go to the Splunk Security Content website to find all the latest security content, including analytics stories, detections, and playbooks.
What's in Splunk Security Content |
This documentation applies to the following versions of Splunk® Security Content: 3.30.0
Feedback submitted, thanks!