What's new
Enterprise Security Content Updates v4.13.0 was released on October 5, 2023. It includes the following enhancements.
New analytics
- Windows Abused Web Services
- Windows Admin Permission Discovery
- Windows Delete or Modify System Firewall
- Windows Disable or Modify Tools Via Taskkill
- Windows Executable in Loaded Modules
- Windows NjRat Fileless Storage via Registry
- Windows Modify Registry With MD5 Reg Key Name
- Splunk Absolute Path Traversal Using runshellscript
- Splunk DoS Using Malformed SAML Request
- Splunk RCE via Serialized Session Payload
- Splunk Reflected XSS on App Search Table Endpoint
- WS FTP Remote Code Execution
- JetBrains TeamCity RCE Attempt
New analytic stories
Updated analytics
Other Updates
- Updated the
splunk_risky_command
lookup file - Tagged relevant detections with NjRat Behavior
- Updated the
pretrained_dga_model_dsdl.ipynb
notebook to improve performance - Several production detections have been updated to have correct observables to produce accurate risk objects
- Updated the generated code for creating BA detection files in the latest SPLv2
What's in Splunk Security Content |
This documentation applies to the following versions of Splunk® Security Content: 4.13.0
Feedback submitted, thanks!