Splunk® Security Content

Release Notes

What's new

Enterprise Security Content Updates v4.41.0 was released on September 26, 2024 and includes the following enhancements:

Key highlights

ValleyRAT Analytic Story: This update introduces comprehensive detections tailored to the ValleyRAT malware, providing enhanced monitoring and threat-hunting capabilities for adversarial activity on Windows systems. The story includes new detections that focuses on impairing defenses, modifying system registries, and exploiting privilege escalation mechanisms. Key detections cover tactics such as disabling antivirus via registry modifications, setting Windows Defender exclusions, and UAC bypass techniques like FodHelper and Eventvwr. These detections improve visibility into malicious registry changes, task scheduling anomalies, and suspicious executable behavior, fortifying defenses against ValleyRAT C2 activity, and privilege abuse attempts.

New analytic story

New analytics

Updated analytics

Last modified on 26 September, 2024
 

This documentation applies to the following versions of Splunk® Security Content: 4.41.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters