For more information please visit the Splunk ES Content Update user documentation.
Enterprise Security Content Updates v 1.0.49 was released on January 27, 2020. It includes the following enhancements:
Updated Analytic Stories:
* Updated "Credential Dumping", "Lateral Movement", "Windows Privilege Escalation","DNS Hijack" and "Disabling Security Tools" analytic stories.
* Added a new detection "Unload Sysmon Filter Driver".
* CRL-1715 - Updated "First Time Seen Running Windows Service" detection and "Previously Seen Running Windows Services" support search to use field names provided by Splunk Add-on for Microsoft Windows.
* CRL-1716 - Updated Malicious PowerShell Process With Obfuscation Techniques detection to address a false negative.
* CRL-1719 - Fixed URL reference in "Windows Privilege Escalation" analytic story
Full documentation: https://docs.splunk.com/Documentation/ESSOC/1.0.49
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.