This documentation does not apply to the most recent version of Splunk® Security Content.
For documentation on the most recent version, go to the latest release.
Download topic as PDF
What's new
Enterprise Security Content Updates v3.43.0 was released on June 14, 2022. It includes the following enhancements.
New analytics
- Splunk Command and Scripting Interpreter Delete Usage
- Splunk Command and Scripting Interpreter Risky Commands
- Splunk Digital Certificates Infrastructure Version
- Splunk Digital Certificates Lack of Encryption
- Splunk Identified SSL TLS Certificates
- Splunk Protocol Impersonation Weak Encryption Configuration
- Splunk Process Injection Forwarder Bundle Downloads
- Splunk Protocol Impersonation Weak Encryption Selfsigned
- Splunk Protocol Impersonation Weak Encryption Simplerequest
New ML Detections
- Splunk Command and Scripting Interpreter Risky SPL MLTK
New Baseline
- Splunk Command and Scripting Interpreter Risky SPL MLTK Baseline
New SOAR Workbook
- Splunk PSA Hunting 06/22
Updated analytic story
- Splunk Vulnerabilities
Other updates
- Fixed bug (PEX-76 / SSE-638) with API which caused SSE clients from pulling updates to fail.
- Adds the ability to define a custom index under the field name
custom_index
to replay data into instead of the defaultmain
.
Last modified on 14 June, 2022
NEXT What's in Splunk Security Content |
This documentation applies to the following versions of Splunk® Security Content: 3.43.0
Feedback submitted, thanks!