What's new
Enterprise Security Content Updates v4.7.0 was released on July 25, 2023. It includes the following enhancements.
New analytics
- Citrix ADC Exploitation CVE-2023-3519
- Windows Modify Registry EnableLinkedConnections
- Windows Modify Registry LongPathsEnabled
- Windows Modify Registry Risk Behavior
- Windows Post Exploitation Risk Behavior
- Windows Common Abused Cmd Shell Risk Behavior
Updated analytics
- O365 Add App Role Assignment Grant User
- MSHTML Module Load in Office Product
- Office Document Spawned Child Process To Download
- Office Product Spawn CMD Process
- Office Product Spawning BITSAdmin
- Office Product Spawning CertUtil
- Office Product Spawning MSHTA
- Office Product Spawning Rundll32 with no DLL
- Office Product Spawning Windows Script Host
New analytics story
- BlackByte Ransomware
- CVE-2023-36884 Office and Windows HTML RCE Vulnerability
- Citrix Netscaler ADC CVE-2023-3519
Other updates
- Tagged several detection analytics to BlackByte Ransomware
- Removed unused fields from detections.json for SSE API
- Improved validation script for the csv lookup and yaml files
What's in Splunk Security Content |
This documentation applies to the following versions of Splunk® Security Content: 4.7.0
Feedback submitted, thanks!