What's new
Enterprise Security Content Updates v4.18.0 was released on December 20, 2023. It includes the following enhancements:
New analytics
- PingID Mismatch Auth Source and Verification Response(External Contributor: @nterl0k)
- PingID Multiple Failed MFA Requests for User (External Contributor: @nterl0k)
- PingID New MFA Method After Credential Reset (External Contributor: @nterl0k)
- PingID New MFA Method Registered for User (External Contributor: @nterl0k)
- Kubernetes Abuse of Secret by Unusual Location
- Kubernetes Abuse of Secret by Unusual User Agent
- Kubernetes Abuse of Secret by Unusual User Group
- Kubernetes Abuse of Secret by Unusual User Name
- Kubernetes Access Scanning
- Kubernetes Suspicious Image Pulling
- Kubernetes Unauthorized Access
- Windows Modify System Firewall with Notable Process Path
Updated analytics
- Allow File and Printing Sharing In Firewall
- Azure AD PIM Role Assigned
- CMD Carry Out String Command Parameter
- Detect Use of cmd exe to Launch Script Interpreters
- Modification of Wallpaper
New analytic stories
Updated analytic story
Other Updates
- Added two new lookup files
ransomware_extensions_20231219.csv
andransomware_notes_20231219.csv
. - Updated the existing transforms definitions of
ransomware_extensions_lookup
andransomware_notes_lookup
to use the latest .csv files.
What's in Splunk Security Content |
This documentation applies to the following versions of Splunk® Security Content: 4.18.0
Feedback submitted, thanks!