What's new
Enterprise Security Content Updates v3.54.0 was released on November 30, 2022. It includes the following enhancements.
New analytic story
- CISA AA22-320A
- Reverse Network Proxy
- MetaSploit
New analytics
- Ngrok Reverse Proxy on Network
- Powershell Load Module in Meterpreter
- Windows Apache Benchmark Binary
- Windows Mimikatz Binary Execution
- Windows MSExchange Management Mailbox Cmdlet Usage
- Windows Ngrok Reverse Proxy Usage
- Windows Service Created with Suspicious Service Path
Updated analytics
- BITSAdmin Download File (Thank you @BlackB0lt!)
- Common Ransomware Extensions (Thank you Steven Dick!)
- Exchange PowerShell Module Usage
Other updates
- Tagged several detections for AgentTesla, Qakbot
- Crowdstike TA added to detection testing pipeline
What's in Splunk Security Content |
This documentation applies to the following versions of Splunk® Security Content: 3.54.0
Feedback submitted, thanks!