For more information please visit the Splunk ES Content Update user documentation.
New search "AWS Investigate Security Hub alerts by dest" that leverages Security Hub alerts for investigation/response
Updated the detection searches AWS related stories with AWS Mitre Mappings where applicable:
- Suspicious AWS EC2 Activities
- AWS Suspicious Provisioning Activities
- AWS Cross Account Activity
- Cloud Cryptomining
- AWS User Monitoring
- Suspicious Cloud Authentication Activities
- Suspicious AWS Login Activities
- Suspicious AWS S3 Activities
- Unusual AWS EC2 Modifications
- Container Implantation Monitoring and Investigation
Updated analytic stories with new detection searches:
- Kubernetes Sensitive Role Activity
- Kubernetes Sensitive Object Access Activity
- Updated Creation of Shadow Copy with wmic and powershell to use Endpoint Datamodel
Full documentation: https://docs.splunk.com/Documentation/ESSOC/3.0.3
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.