For more information please visit the Splunk ES Content Update user documentation.
New Detections
AWS detect users creating keys with encrypt policy without MFA
BCDEdit Failure Recovery Modification
AWS network access control list created with all open ports
AWS network access control list deleted
Detect new open S3 Buckets over AWS CLI
O365 bypass MFA via trusted IP
* Detect hosts connecting to dynamic domain providers
Updates
AWS detect users with kms keys performing encryption against S3 buckets
Detect new open S3 buckets
Other
Circle CI Config updates
Increase in testing coverage
* Added notable alert action configurations to all savedsearches
New Detections:
Multi-factor authentication disabled (o365)
Excessive Authentication Failures Alert (o365)
PST Export Alert (o365)
Detect high number of login failures from a single source
* Detect Supernova Webshell (used in SUNBURST)
Updates:
High number of login failures from a single source detection
Deprecated AWS Searches that have been translated.
Other
Circle CI Config updates
Increase in testing coverage
New Stories
* Sunburst Malware
* Office 365 Detections
New Detections
Windows AdFind Exe
Sunburst Correlation DLL and Network Event
O365 Suspicious Admin Email Forwarding
O365 Suspicious Rights Delegation
* O365 Suspicious User Email Forwarding
Updates
Updates to response tasks and backend to handle multi-token replacement
Analytic Story name added to annotations
New Detections
Ryuk Test Files Detected
Windows connhost exe started forcefully
Windows DisableAntiSpyware Registry
Windows Security Account Manager Stopped
To view the all the release notes, please visit : https://github.com/splunk/security-content/releases/tag/v3.9.0
Note: We have also updated the app versioning of ESCU
Release notes: https://docs.splunk.com/Documentation/ESSOC
Release notes: https://docs.splunk.com/Documentation/ESSOC
Release notes: https://docs.splunk.com/Documentation/ESSOC
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.