Skip to content

Releases: splunk/security_content

v1.0.48

19 Dec 23:18
@josehelps josehelps
v1.0.48
46f2591
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.48

RELEASE NOTES

Version 1.0.48 was released on December 20, 2019 and introduced input(pre-filter) and output(post-filter) macros for all new detection searches after v. 1.0.46. These macros let you update a macro definition once and then apply the new definition across all detections that leverage that macro. These changes will be local to your Splunk environment.

New detection searches added to the "Credential Dumping" Analytic Story:

  • Access LSASS Memory for Dump Creation
  • Create Remote Thread into LSASS
  • Detect Credential Dumping through LSASS access
  • Unsigned Image Loaded by LSASS
  • Attempted Credential Dump From Registry via Reg.exe
  • Detect Mimikatz Using Loaded Images
  • Attempt To Set Default PowerShell Execution Policy To Unrestricted or Bypass
  • Creation of Shadow Copy with ntdsutil
  • Creation of Shadow Copy with vssadmin
  • Creation of Shadow Copy with wmic and powershell
  • Creation of Shadow Copy with wmicCredential Dumping via Copy Command from Shadowcopy
  • Credential Dumping via Symlink to Shadowcopy

Fixed a bug in the security_content_ctime macro, which was not working as expected.

Loading

v1.0.47

16 Dec 22:24
@josehelps josehelps
v1.0.47
b59991e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.47

Enterprise Security Content Updates v 1.0.47 included the following enhancements:

Fixed issues:


  • CRL-1700 Remove ES macro dependency by introducing new macros security_content_ctime replacing the ctime macro across all content, and introducing security_content_summariesonly replacing the summariesonly macro across all content.

  • Removed runstory macro definition
.
  • Removed comment macro for empty definition.
Loading

v1.0.46

11 Dec 16:03
@josehelps josehelps
v1.0.46
8148eef
Compare
Choose a tag to compare
v1.0.46

Enterprise Security Content Updates v 1.0.46 included the following enhancements.

Fixed issues:

  • CRL-1688 Ensure that ESCU is supported on Splunk Enterprise 8.0
  • CRL-1686 Resolve broken hyperlinks in content files
  • CRL-1609 Fix for validation check on Feedback Center page
Loading

v1.0.45

27 Nov 03:21
@josehelps josehelps
v1.0.45
a5f1973
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.45

Enterprise Security Content Updates v 1.0.45 included the following enhancements.

Updated Analytic Stories:

  • Added new searches "Abnormally High AWS Instances Launched by User - MLTK detection" and "Abnormally High AWS Instances Terminated by User - MLTK detection" to the "Suspicious AWS EC2 Activities" Analytic Story
  • Added new search "Abnormally High AWS Instances Launched by User - MLTK detection" to the "Cloud Cryptomining" Analytic Story

Fixed issues:

  • CRL-1493 ESCU Fraud Searches Are Mislabeled
  • CRL-1697 Added: Cloud Compute Instance Created With Previously Unseen Image detection to Cloud Cryptomining story
Loading

v1.0.44

18 Nov 22:32
@josehelps josehelps
v1.0.44
ff8d9ae
Compare
Choose a tag to compare
v1.0.44 
fixing CI errors
Loading

v1.0.43

31 Oct 22:27
@josehelps josehelps
v1.0.43
a646993
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.43 
Merge pull request #244 from splunk/remove_asx_code

remove asx files
Loading

v1.0.42

27 Aug 22:45
@josehelps josehelps
v1.0.42
621f263
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.42 
Merge pull request #192 from splunk/CRL-1607-Fix-Weird-Italics

CRL-1608 Update dyn_dns_queries.json
Loading

v1.0.41

29 Jul 20:58
@josehelps josehelps
v1.0.41
54e360b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.41 
Merge pull request #157 from splunk/dependabot/pip/typing-3.7.4

Bump typing from 3.6.6 to 3.7.4
Loading

v1.0.40

18 Jun 19:48
@josehelps josehelps
v1.0.40
27a44bb
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.40 
Merge pull request #155 from splunk/slim_0.9.0

Downgrading slim to 0.9.0
Loading

v1.0.39

06 Jun 21:37
@josehelps josehelps
v1.0.39
e4ec63b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.39 
Merge pull request #124 from splunk/ui_bug

removal of context panel
Loading