What's new
Enterprise Security Content Updates v4.14.0 was released on October 18, 2023. It includes the following enhancements.
New analytics
- Confluence Trigger Vulnerability CVE-2023-22515
- Cisco IOS XE Implant Access
- Detect Certipy File Modifications (External Contributor: @nterl0k)
- Windows Domain Admin Impersonation Indicator
- Windows Registry SIP Provider Modification
- Microsoft SharePoint Server Elevation of Privilege
- Windows Steal Authentication Certificates - ESC1 Abuse (External Contributor: @nterl0k)
- Windows SIP Provider Inventory
- Windows SIP WinVerifyTrust Failed Trust Validation
New analytic stories
- Subvert Trust Controls SIP and Trust Provider Hijacking
- Microsoft SharePoint Server Elevation of Privilege CVE-2023-29357
- Cisco IOS XE Software Web Management User Interface vulnerability
Updated analytics
Other Updates
- Minor changes to playbook names and UUID
- Updated descriptions for 50 detections
Behavioral analytics service updates
Added lower() to behavioral analytics detection searches in the eval function
What's in Splunk Security Content |
This documentation applies to the following versions of Splunk® Security Content: 4.14.0
Feedback submitted, thanks!