What's new
Enterprise Security Content Updates v3.44.0 was released on June 30, 2022. It includes the following enhancements.
New analytic story
- Windows System Binary Proxy Execution MSIExec
New analytics
- Potential password in username (Thanks to @mbjerkeland)
- Added PowerView SPN Discovery
- Added PowerView Kerberos Ticket Request
- Windows Impair Defenses Delete Win Defender Context Menu
- Windows Impair Defenses Delete Win Defender Profile Registry
- Windows Impair Defenses Disable Win Defender Auto Logging
- Windows MSIExec DLLRegisterServer
- Windows MSIExec Remote Download
- Windows MSIExec Spawn Discovery Command
- Windows MSIExec Unregister DLLRegisterServer
- Windows MSIExec With Network Connections
Updated analytics
- Outbound Network Connection from Java Using Default Ports
- Rundll32 LockWorkStation
- Splunk Command and Scripting Interpreter Risky Commands (released in v3.43.1)
Other updates
- Tagged detections with correct data models
- Improvements to the automated detection testing framework
- Several key updates to
contentctl
project code for optimizations, improved error handling and git-actions workflow in our CI/CD
What's in Splunk Security Content |
This documentation applies to the following versions of Splunk® Security Content: 3.44.0
Feedback submitted, thanks!