What's new
Enterprise Security Content Updates v4.12.0 was released on September 20, 2023. It includes the following enhancements.
New analytics
- Windows Find Domain Organizational Units with GetDomainOU
- Windows Find Interesting ACL with FindInterestingDomainAcl
- Windows Forest Discovery with GetForestDomain
- Windows Get Local Admin with FindLocalAdminAccess
- Headless Browser Mockbin or Mocky Request
- Headless Browser Usage
- Windows AD Abnormal Object Access Activity (External Contributor : @nterl0k )
- Windows AD Privileged Object Access Activity (External Contributor : @nterl0k )
New analytic story
Other Updates
- Added CVE to Splunk Edit User Privilege Escalation
- Updated observables for 143+ detections to create accurate risk objects
- Added status field to the behavioral analytics specifications
- Updated implementation sections for all detections based on endpoint.processes
New Playbooks
- Jira Related Tickets Search
What's in Splunk Security Content |
This documentation applies to the following versions of Splunk® Security Content: 4.12.0
Feedback submitted, thanks!