What's new
Enterprise Security Content Updates v4.25.0 was released on February 22, 2024. It includes the following enhancements:
New analytics stories
New analytics
- ConnectWise ScreenConnect Path Traversal
- ConnectWise ScreenConnect Path Traversal Windows SACL
- Windows Non Discord App Access Discord LevelDB
- Windows Time Based Evasion via Choice Exec
- Windows Unsecured Outlook Credentials Access In Registry
- ConnectWise ScreenConnect Authentication Bypass
- WordPress Bricks Builder plugin RCE
Updated analytics
- Detect Regasm Spawning a Process
- Download Files Using Telegram
- Executables Or Script Creation In Suspicious Path
- High Process Termination Frequency
- Linux Edit Cron Table Parameter
- Non Chrome Process Accessing Chrome Default Dir
- Non Firefox Process Access Firefox Profile Dir
- Processes launching netsh
- Registry Keys Used For Persistence
- Suspicious Driver Loaded Path
- Suspicious Process DNS Query Known Abuse Web Services
- Suspicious Process Executed From Container File
- Windows Credentials from Password Stores Chrome LocalState Access
- Windows Credentials from Password Stores Chrome Login Data Access
- Windows File Transfer Protocol In Non-Common Process Path
- Windows Gather Victim Network Info Through Ip Check Web Services
- Windows Phishing PDF File Executes URL Link
- Windows System Network Connections Discovery Netsh
- Windows User Execution Malicious URL Shortcut File
- WinEvent Scheduled Task Created Within Public Path
Other updates
- Updated contentctl to output accurate providing technologies in savedsearches.conf
This documentation applies to the following versions of Splunk® Security Content: 4.25.0
Feedback submitted, thanks!