Product News & Announcements
All the latest news and announcements about Splunk products. Subscribe and never miss an update!

Enterprise Security Content Update (ESCU) | New Releases

Splunk Employee
Splunk Employee

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the Enterprise Security Content Update (ESCU) app (v4.1.0 and v4.2.0). With these releases, there are 61 new detections and 6 new analytic stories now available in Splunk Enterprise Security via the ESCU application update process or via Splunk Security Essentials (SSE).

Content highlights include: 

  • Azure Active Directory Privilege Escalation and AWS Exfiltration detections that help detect various new techniques used to gain higher-level permissions or exfiltrate data on systems
  • Detections to search for Snake Malware, a sophisticated espionage tool from Russia’s Federal Security Service (FSB), and its variants
  • Active Directory Privilege Escalations detections to detect techniques that adversaries use to gain higher-level permissions on a system or network that leverage Active Directory
  • Detections to search for adversaries leveraging RedLine Stealer malware
  • Windows Registry bootkit detections 
  • Remote Code Execution (RCE) detections in a commonly used printing software called PaperCut

New Analytic Stories: 

New Detections: 

The team has also published the following blogs in the last month:

For all our tools and security content, please visit

— The Splunk Threat Research Team

Get Updates on the Splunk Community!

Splunk APM & RUM | Upcoming Planned Maintenance

There will be planned maintenance of the streaming infrastructure for Splunk APM and Splunk RUM in the coming ...

Part 2: Diving Deeper With AIOps

Getting the Most Out of Event Correlation and Alert Storm Detection in Splunk IT Service Intelligence   Watch ...

User Groups | Upcoming Events!

If by chance you weren't already aware, the Splunk Community is host to numerous User Groups, organized ...