What's new
Enterprise Security Content Updates v4.0.0 was released on April 19, 2023. It includes the following enhancements.
This major version change to 4.0.0 includes improvements to the Sigma to Search Processing Language (SPL) converter, including back-end changes to testing and content generation. This change allows us to define signature-based detections in industry standard language. There is no impact on customer environments when the ESCU application is installed or upgraded.
New analytic story
- Winter Vivern
- Sandworm Tools
- BlackLotus Campaign
New analytics
- Windows Exfiltration Over C2 Via Invoke RestMethod
- Windows Exfiltration Over C2 Via Powershell UploadString
- Windows Scheduled Task Created Via XML
- Windows Screen Capture Via Powershell
- Windows DNS Gather Network Info
- Windows Impair Defenses Disable HVCI
- Windows BootLoader Inventory
- Windows RDP Connection Successful
Other updates
- Tagged several detections with
Data Destruction
- Fixed a number of deprecated and experimental searches that contained runtime syntactic/parsing/execution errors.
What's in Splunk Security Content |
This documentation applies to the following versions of Splunk® Security Content: 4.0.0
Feedback submitted, thanks!