What's new
Enterprise Security Content Updates v4.6.0 was released on June 27, 2023. It includes the following enhancements.
New analytic story
- Scheduled Tasks
- Amadey
- Graceful Wipe Out Attack
- VMware Aria Operations vRealize CVE-2023-20887
New analytics
- Windows PowerShell ScheduleTask
- Windows Files and Dirs Access Rights Modification Via Icacls
Updated analytics
- ICACLS Grant Command
- Registry Keys Used For Persistence
- PowerShell 4104 Hunting
- Detect Baron Samedit CVE-2021-3156 Segfault
- Detect Baron Samedit CVE-2021-3156
- Windows System Shutdown CommandLine
- VMWare Aria Operations Exploit Attempt
Other updates
- Improved descriptions of several detections, tagged appropriate Mitre IDs and analytic stories to detections
- Added filter macros to the
macros.json
file via the API - Added content_changer functionality to security content
What's in Splunk Security Content |
This documentation applies to the following versions of Splunk® Security Content: 4.6.0
Feedback submitted, thanks!