This documentation does not apply to the most recent version of Splunk® Security Content.
For documentation on the most recent version, go to the latest release.
Download topic as PDF
What's new
Enterprise Security Content Updates v4.18.0 was released on December 20, 2023. It includes the following enhancements:
New analytics
- PingID Mismatch Auth Source and Verification Response(External Contributor: @nterl0k)
- PingID Multiple Failed MFA Requests for User (External Contributor: @nterl0k)
- PingID New MFA Method After Credential Reset (External Contributor: @nterl0k)
- PingID New MFA Method Registered for User (External Contributor: @nterl0k)
- Kubernetes Abuse of Secret by Unusual Location
- Kubernetes Abuse of Secret by Unusual User Agent
- Kubernetes Abuse of Secret by Unusual User Group
- Kubernetes Abuse of Secret by Unusual User Name
- Kubernetes Access Scanning
- Kubernetes Suspicious Image Pulling
- Kubernetes Unauthorized Access
- Windows Modify System Firewall with Notable Process Path
Updated analytics
- Allow File and Printing Sharing In Firewall
- Azure AD PIM Role Assigned
- CMD Carry Out String Command Parameter
- Detect Use of cmd exe to Launch Script Interpreters
- Modification of Wallpaper
New analytic stories
Updated analytic story
Other Updates
- Added two new lookup files
ransomware_extensions_20231219.csv
andransomware_notes_20231219.csv
. - Updated the existing transforms definitions of
ransomware_extensions_lookup
andransomware_notes_lookup
to use the latest .csv files.
Last modified on 10 January, 2024
NEXT What's in Splunk Security Content |
This documentation applies to the following versions of Splunk® Security Content: 4.18.0
Feedback submitted, thanks!