What's new
Enterprise Security Content Updates v3.38.0 was released on April 18, 2022. It includes the following enhancements.
New analytic story
- Spring4Shell CVE-2022-22965
New analytics
- Java Writing JSP File
- Spring4Shell Payload URL Request
- Web JSP Request via URL
- Web Spring4Shell HTTP Request Class Module
- Web Spring Cloud Function FunctionRouter
- Kerberos Ticket Granting Ticket (TGT) Request Using RC4 Encryption
- Unknown Process Using The Kerberos Protocol
- Kerberos User Enumeration
- Kerberos Service Ticket Request Using RC4 Encryption
- Windows PowerView Unconstrained Delegation Discovery
- Windows Get-ADComputer Unconstrained Delegation Discovery
- Windows PowerView Constrained Delegation Discovery
- GitHub Actions Disable Security Workflow
- MacOS plutil
Updated analytics
- MacOS LOLBins
- Suspicious Kerberos Service Ticket Request
- Suspicious Ticket Granting Ticket (TGT) Request
- Unusual Number of Computer Service Tickets Requested
- PetitPotam Suspicious Kerberos TGT Request
What's in Splunk Security Content |
This documentation applies to the following versions of Splunk® Security Content: 3.38.0
Feedback submitted, thanks!