Splunk® Security Content

Release Notes

This documentation does not apply to the most recent version of Splunk® Security Content. For documentation on the most recent version, go to the latest release.

What's new

Enterprise Security Content Updates v3.52.0 was released on November 2, 2022. It includes the following enhancements.

New analytic story

  • CVE-2022-40684 Fortinet Appliance Auth bypass
  • GCP Account Takeover
  • Qakbot
  • Text4Shell CVE-2022-42889

Updated analytic story

  • Splunk Vulnerabilities

New analytics

  • Exploit Public Facing Application via Apache Commons Text
  • Fortinet Appliance Auth Bypass
  • GCP Authentication Failed During MFA Challenge
  • GCP Multi-Factor Authentication Disabled
  • GCP Multiple Failed MFA Requests for User
  • GCP Multiple Users Failing to Authenticate from Ip
  • GCP Successful Single-Factor Authentication
  • GCP Unusual Number of Failed Authentications from Ip
  • Splunk Code Injection via Custom Dashboard Leading to RCE
  • Splunk Data exfiltration from Analytics Workspace Using Sid Query
  • Splunk RCE via Splunk Secure Gateway Splunk Mobile Alerts Feature
  • Splunk Reflected XSS in the Templates Lists Radio
  • Splunk Stored XSS via Data Model objectName Field
  • Splunk XSS in Save Table Dialog Header in Search Page
  • Windows App Layer Protocol Wermgr Connect to NamedPipe
  • Windows Command Shell Fetch Env Variables
  • Windows DLL Side-Loading in Calc
  • Windows DLL Side-Loading Process Child of Calc
  • Windows Masquerading Explorer as Child Process
  • Windows Modify Registry Qakbot Binary Data Registry
  • Windows Process Injection of Wermgr to Known Browser
  • Windows Process Injection Remote Thread
  • Windows Process Injection Wermgr Child Process
  • Windows Regsvr32 Renamed Binary
  • Windows System Discovery Using ldap Nslookup
  • Windows System Discovery Using Qwinsta
  • Windows WMI Impersonate Token

Other updates

  • Added a tag called data_schema that has the version used for CIM/OCSF
Last modified on 02 November, 2022
  What's in Splunk Security Content

This documentation applies to the following versions of Splunk® Security Content: 3.52.0

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters