What's new
Enterprise Security Content Updates v4.9.0 was released on August 9, 2023. It includes the following enhancements.
New analytics
- Ivanti EPMM Remote Unauthenticated API Access CVE-2023-35078
- Ivanti EPMM Remote Unauthenticated API Access
- Citrix ShareFile Exploitation CVE-2023-24489
- Windows Powershell RemoteSigned File
- PowerShell Script Block with URL Chain
- PowerShell WebRequest Using Memory Stream
- Suspicious Process Executed from Container File
- Windows Registry Payload Injection
- Windows Scheduled Task Service Spawned Shell
New analytic stories
Updated analytics
- Clop Common Exec Parameter
- O365 Added Service Principal
- O365 New Federated Domain Added
- O365 Excessive SSO logon errors
Other updates
- Updated detections with test datasets
- Updated the SPL several observables in detections yaml
What's in Splunk Security Content |
This documentation applies to the following versions of Splunk® Security Content: 4.9.0
Feedback submitted, thanks!