Product News & Announcements
All the latest news and announcements about Splunk products. Subscribe and never miss an update!

Enterprise Security Content Update (ESCU) | New Releases

cwopat
Splunk Employee
Splunk Employee

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the Enterprise Security Content Update (ESCU) app (v4.1.0 and v4.2.0). With these releases, there are 61 new detections and 6 new analytic stories now available in Splunk Enterprise Security via the ESCU application update process or via Splunk Security Essentials (SSE).

Content highlights include: 

  • Azure Active Directory Privilege Escalation and AWS Exfiltration detections that help detect various new techniques used to gain higher-level permissions or exfiltrate data on systems
  • Detections to search for Snake Malware, a sophisticated espionage tool from Russia’s Federal Security Service (FSB), and its variants
  • Active Directory Privilege Escalations detections to detect techniques that adversaries use to gain higher-level permissions on a system or network that leverage Active Directory
  • Detections to search for adversaries leveraging RedLine Stealer malware
  • Windows Registry bootkit detections 
  • Remote Code Execution (RCE) detections in a commonly used printing software called PaperCut

New Analytic Stories: 

New Detections: 

The team has also published the following blogs in the last month:

For all our tools and security content, please visit research.splunk.com

— The Splunk Threat Research Team

Get Updates on the Splunk Community!

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Cultivate Your Career Growth with Fresh Splunk Training

Growth doesn’t just happen—it’s nurtured. Like tending a garden, developing your Splunk skills takes the right ...

Introducing a Smarter Way to Discover Apps on Splunkbase

We’re excited to announce the launch of a foundational enhancement to Splunkbase: App Tiering.  Because we’ve ...