What's new
Enterprise Security Content Updates v3.64.0 was released on April 5, 2023. It includes the following enhancements.
Updated analytic story
- 3CX Supply Chain Attack
New analytics
- PowerShell Invoke-WmiExec Usage
- PowerShell Invoke CIMMethod CIMSession
- PowerShell Enable PowerShell Remoting
- PowerShell Start or Stop Service
- Windows PowerShell Get-CIMInstance Remote Computer
- Windows Enable Win32_ScheduledJob via Registry
- Windows PowerShell WMI Win32_ScheduledJob
- Windows Service Create with Tscon
- Windows Lateral Tool Transfer RemCom
- Windows Service Create RemComSvc
Other updates
- Updated 3CX related analytics with the CVE ID (CVE-2023-29059)
- Updated Git actions with appropriate permissions
What's in Splunk Security Content |
This documentation applies to the following versions of Splunk® Security Content: 3.64.0
Feedback submitted, thanks!