What's new
Enterprise Security Content Updates v3.46.0 was released on August 02, 2022. It includes the following enhancements.
New analytic story
- AWS Defense Evasion
- Azure Active Directory Account Takeover
- DarkCrystal RAT
- Linux Living Off The Land
- Linux Rootkit
New analytics
- AWS Defense Evasion Delete CloudTrail
- AWS Defense Evasion Delete CloudWatch Log Group
- AWS Defense Evasion Impair Security Services
- AWS Defense Evasion PutBucketLifecycle
- AWS Defense Evasion Stop Logging CloudTrail
- AWS Defense Evasion Update CloudTrail
- Azure Active Directory High Risk Sign-in
- Azure AD Authentication Failed During MFA Challenge
- Azure AD Multiple Users Failing to Authenticate from IP
- Azure AD Successful PowerShell Authentication
- Azure AD Successful Single-Factor Authentication
- Azure AD Unusual Number of Failed Authentications from IP
- Linux Clipboard Data Copy
- Linux Decode Base64 to Shell
- Linux Kernel Module Enumeration
- Linux Obfuscated Files or Information Base64 Decode
- Linux Persistence and Privilege Escalation Risk Behavior (RBA)
- Linux SSH Authorized Keys Modification
- Linux SSH Remote Services Script Execute
- Windows Command Shell DCRat ForkBomb Payload
- Windows System LogOff CommandLine
- Windows System Reboot CommandLine
- Windows System Shutdown CommandLine
- Windows System Time Discovery W32tm Delay
Other updates
- Deprecated analytic story
Container Implantation Monitoring and Investigation
What's in Splunk Security Content |
This documentation applies to the following versions of Splunk® Security Content: 3.46.0
Feedback submitted, thanks!