This documentation does not apply to the most recent version of Splunk® Security Content.
For documentation on the most recent version, go to the latest release.
Download topic as PDF
What's new
Enterprise Security Content Updates v4.26.0 was released on March 5, 2024. It includes the following enhancements:
New analytics story
New analytics
- Cloud Security Groups Modifications by User
- Detect Remote Access Software Usage File (External Contributor : @nterl0k)
- Detect Remote Access Software Usage FileInfo (External Contributor : @nterl0k)
- Detect Remote Access Software Usage Process(External Contributor : @nterl0k)
- Windows Multiple Account Passwords Changed
- Windows Multiple Accounts Deleted
- Windows Multiple Accounts Disabled
- Detect Remote Access Software Usage DNS(External Contributor : @nterl0k)
- Detect Remote Access Software Usage Traffic(External Contributor : @nterl0k)
- High Volume of Bytes Out to Url
- Detect Remote Access Software Usage URL(External Contributor : @nterl0k)
- JetBrains TeamCity Authentication Bypass CVE-2024-27198
- JetBrains TeamCity Authentication Bypass Suricata CVE-2024-27198
- JetBrains TeamCity Limited Auth Bypass Suricata CVE-2024-27199
- Nginx ConnectWise ScreenConnect Authentication Bypass
Updated analytics
- AWS IAM Delete Policy
- O365 Multiple Users Failing To Authenticate From Ip
- ConnectWise ScreenConnect Authentication Bypass
- JetBrains TeamCity RCE Attempt
Macros added
nginx_access_logs
suricata
Lookups updated
remote_access_software
Playbooks added
- G Suite for Gmail Message Eviction
- G Suite for Gmail Search and Purge
- MS Graph for Office 365 Message Eviction
- MS Graph for Office 365 Message Identifier Activity Analysis
- MS Graph for Office 365 Message Restore
- MS Graph for Office365 Search and Purge
- MS Graph for Office365 Search and Restore
Other updates
- Added a new script and a CI job to automatically upload the package to Splunkbase using a service account
- Create SSA-Content-latest.tar.gz in the generate_ba CI job
Last modified on 20 March, 2024
This documentation applies to the following versions of Splunk® Security Content: 4.26.0
Feedback submitted, thanks!