Splunk® Security Content

Release Notes

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Splunk® Security Content. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

What's new

Enterprise Security Content Updates v3.57.0 was released on January 25, 2023. It includes the following enhancements.

New analytic story

  • Chaos Ransomware
  • LockBit Ransomware

New analytics

  • Detect suspicious DNS TXT records using pretrained model in DSDL
  • Windows Boot or Logon Autostart Execution in Startup Folder
  • Windows Modify Registry Default Icon Setting
  • Windows Phishing PDF File Executes URL Link
  • Windows Replication Through Removable Media
  • Windows User Execution Malicious URL Shortcut File
  • Windows Vulnerable Driver Loaded
  • Linux Ngrok Reverse Proxy Usage
  • Windows Server Software Component GACUtil Install to GAC
  • Windows PowerShell Add Module to Global Assembly Cache
  • Windows Credential Dumping LSASS Memory Createdump

Updated analytics

  • Known Services Killed by Ransomware
  • Windows DLL Search Order Hijacking Hunt
  • Windows DLL Search Order Hijacking Hunt Sysmon
  • ProxyShell ProxyNotShell Behavior Detected (correlation)

Other updates

  • Added 3 new playbook files: Dynamic Identifier Reputation Analysis, PhishTank URL Reputation Analysis, and VirusTotal v3 Identifier Reputation Analysis from phantomcyber/playbooks to security_content
  • Added onenote.exe to several detection analytics related to Microsoft Office products
Last modified on 27 January, 2023
  NEXT
What's in Splunk Security Content

This documentation applies to the following versions of Splunk® Security Content: 3.57.0


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters