What's new
Enterprise Security Content Updates v3.55.0 was released on December 13, 2022. It includes the following enhancements.
New analytic story
- Prestige Ransomware
- Windows Post-Exploitation
New analytics
- Windows Modify Registry Reg Restore
- Windows Query Registry Reg Save
- Windows System User Discovery Via Quser
- Windows WMI Process and Service List
- Windows Cached Domain Credentials Reg Query
- Windows ClipBoard Data via Get-ClipBoard
- Windows Credentials from Password Stores Query
- Windows Credentials in Registry Reg Query
- Windows Indirect Command Execution Via Series of Forfiles
- Windows Information Discovery Fsutil
- Windows Password Managers Discovery
- Windows Private Keys Discovery
- Windows Security Support Provider Reg Query
- Windows Steal or Forge Kerberos Tickets Klist
- Windows System Network Config Discovery Display DNS
- Windows System Network Connections Discovery Netsh
- Windows Change Default File Association for No File Ext
- Windows Service Stop Via Net and SC Application
Other updates
- Added new Mitre MAP Coverage map json files to show the CISA 2021 Top Malware TTP coverage in
docs/mitre-map
. - Fixed a bug in
contentctl
to appropriate scheduling configuration insavedsearches.conf
What's in Splunk Security Content |
This documentation applies to the following versions of Splunk® Security Content: 3.55.0
Feedback submitted, thanks!