For more information please visit the Splunk ES Content Update user documentation.
Enterprise Security Content Updates v1.0.52 was released on March 18, 2020. It includes the following enhancements:
* CRL-1746 - Added filter macros for several detection searches
* CRL-1744 - Fixed empty macro unauthorize_dns_services_filter and typo in name for smb_traffic_spike_mltk_filter
* CRL-1742 - Fixed broken "Search Summary" panel in the "Content Library" dashboard
* Fixed various issues with search syntax in the following detections:
Detect Outlook.exe writing a zip file
Create or delete windows shares using net.exe
Disabling Remote User Account Control
First time seen command line arg
Processes created by netsh
Overwriting accessibility binaries
Registry Keys Used For Privilege Escalation
Remote Registry Key Modifications
Full documentation: https://docs.splunk.com/Documentation/ESSOC/1.0.52
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.