This documentation does not apply to the most recent version of Splunk® Security Content.
For documentation on the most recent version, go to the latest release.
What's new
Enterprise Security Content Updates v4.13.0 was released on October 5, 2023. It includes the following enhancements.
New analytics
- Windows Abused Web Services
- Windows Admin Permission Discovery
- Windows Delete or Modify System Firewall
- Windows Disable or Modify Tools Via Taskkill
- Windows Executable in Loaded Modules
- Windows NjRat Fileless Storage via Registry
- Windows Modify Registry With MD5 Reg Key Name
- Splunk Absolute Path Traversal Using runshellscript
- Splunk DoS Using Malformed SAML Request
- Splunk RCE via Serialized Session Payload
- Splunk Reflected XSS on App Search Table Endpoint
- WS FTP Remote Code Execution
- JetBrains TeamCity RCE Attempt
New analytic stories
Updated analytics
Other Updates
- Updated the
splunk_risky_commandlookup file - Tagged relevant detections with NjRat Behavior
- Updated the
pretrained_dga_model_dsdl.ipynbnotebook to improve performance - Several production detections have been updated to have correct observables to produce accurate risk objects
- Updated the generated code for creating BA detection files in the latest SPLv2
Last modified on 18 October, 2023
| What's in Splunk Security Content |
This documentation applies to the following versions of Splunk® Security Content: 4.13.0
Download manual
Feedback submitted, thanks!