What's new
Enterprise Security Content Updates v3.62.0 was released on March 22, 2023. It includes the following enhancements.
New analytic story
- CVE-2023-21716 Word RTF Heap Corruption
- CVE-2023-23397 Outlook Elevation of Privilege
New analytics
- Okta Mismatch Between Source and Response for Okta Verify Push Request
- Okta Multiple Failed Requests to Access Applications
- Okta Suspicious Use of a Session Cookie
- Okta Phishing Detection with FastPass Origin Check
- Okta ThreatInsight Login Failure with High Unknown Users
- Okta ThreatInsight Suspected PasswordSpray Attack
- Windows Rundll32 WebDAV Request
- Windows Rundll32 WebDav with Network Connection
Other updates
- Updated
ransomware_notes.csv
andransomware_extensions.csv
files and transforms definition - Updated playbook name to CrowdStrike OAuth API Device Attribute Lookup
- Updated several analytics to integrate better with Enterprise Security
What's in Splunk Security Content |
This documentation applies to the following versions of Splunk® Security Content: 3.62.0
Feedback submitted, thanks!