What's new
Enterprise Security Content Updates v4.36.0 was released on July 17th, 2024 and includes the following enhancements:
Key highlights
Enterprise Security Content Updates version 4.36.0 introduces a comprehensive suite of new detections related to Sneaky Active Directory Persistence Tricks. These detections are designed to identify and alert on subtle techniques used by attackers to maintain unauthorized access within Active Directory environments. This update includes analytics for detecting distributed and localized password spray attempts, identifying internal horizontal and vertical port scans, and alerting on Windows AD self-group additions.
Additionally, this release incorporates detections for monitoring increases in group or object modification activity, tracking unusual spikes in user modification activity, detecting suspicious Windows network share interactions, and identifying installations of known vulnerable drivers. These new capabilities significantly enhance an organization's ability to spot and respond to sophisticated persistence techniques in Active Directory, improving overall security posture against advanced persistent threats.
New analytics
- Detect Distributed Password Spray Attempts
- Detect Password Spray Attempts
- Internal Horizontal Port Scan
- Internal Vertical Port Scan
- Windows AD add Self to Group
- Windows Increase in Group or Object Modification Activity
- Windows Increase in User Modification Activity
- Windows Network Share Interaction With Net
- Windows Vulnerable Driver Installed
Other updates
Added new data_source objects
This documentation applies to the following versions of Splunk® Security Content: 4.36.0
Download manual
Feedback submitted, thanks!