Product News & Announcements
All the latest news and announcements about Splunk products. Subscribe and never miss an update!

Enterprise Security Content Update (ESCU) | New Releases

OliviaHenderson
Splunk Employee
Splunk Employee

In the last month, the Splunk Threat Research Team (STRT) has had 1 release of new security content via the Enterprise Security Content Update (ESCU) app (v4.12.0.). With this release, there are 8 new detections and 1 new analytic story now available in Splunk Enterprise Security via the ESCU application update process.

Content highlights include:

  • A Forest Blizzard analytic story that contains detections to detect “Living Off The Land” attack techniques using headless web browsers to exfiltrate data files through legitimate platforms like Mockbin via ZIP archives containing LNK files. These techniques were observed in the cyberattack on Ukraine’s energy infrastructure, orchestrated via deceptive emails to steal NTLMv2 hashes by various advanced persistent threat (APT) groups.
  • Six new detections related to Windows Active Directory enumeration, specifically to detect activity related to the usage of a popular red team tool such as Powerview, which are typically used for reconnaissance by attackers. 

New Analytic Story: 

New Detections:

The team has also published the following blogs:

For all our tools and security content, please visit research.splunk.com

— The Splunk Threat Research Team

Get Updates on the Splunk Community!

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Cultivate Your Career Growth with Fresh Splunk Training

Growth doesn’t just happen—it’s nurtured. Like tending a garden, developing your Splunk skills takes the right ...

Introducing a Smarter Way to Discover Apps on Splunkbase

We’re excited to announce the launch of a foundational enhancement to Splunkbase: App Tiering.  Because we’ve ...