What's new
Enterprise Security Content Updates v3.60.0 was released on February 22, 2023. It includes the following enhancements.
New analytic story
- AwfulShred
- Fortinet FortiNAC CVE-2022-39952
New analytics
- Exploit Public-Facing Fortinet FortiNAC CVE-2022-39952
- Linux Data Destruction Command
- Linux Hardware Addition SwapOff
- Linux Impair Defenses Process Kill
- Linux Indicator Removal Clear Cache
- Linux Indicator Removal Service File Deletion
- Linux System Reboot Via System Request Key
- Linux Unix Shell Enable All SysRq Functions
- Windows Steal Authentication Certificates CryptoAPI
- Windows Mimikatz Crypto Export File Extensions
Updated analytics
- Linux Deletion of Services
- Linux Disable Services
- Linux Shred Overwrite Command
- Linux Service Restarted
- Linux Stop Services
- Linux Deleting Critical Directory Using RM Command
- Wbemprox COM Object Execution
Other updates
- Added Lateral Movement story to deprecated with a note to refer to Active Directory Lateral Movement analytic story.
- Removed
observables
fromaction.escu.annotations
insavedsearches.conf
. - Added
MSAccess.exe
to all the Microsoft Office analytics - Updated Detect Outlook exe writing a zip file and removed
explorer.exe
as it was generating the bulk of noise.
What's in Splunk Security Content |
This documentation applies to the following versions of Splunk® Security Content: 3.60.0
Feedback submitted, thanks!