Product News & Announcements
All the latest news and announcements about Splunk products. Subscribe and never miss an update!

Enterprise Security Content Update (ESCU) | New Releases

Splunk Employee
Splunk Employee

Last month, the Splunk Threat Research Team had 3 releases of new security content via the Enterprise Security Content Update (ESCU) app (v4.26.0, v4.27.0, and v4.28.0). With these releases, there are 18 new analytics, 1 new analytic story, 31 updated analytics, and 2 updated analytic stories now available in Splunk Enterprise Security via the ESCU application update process.

Content highlights include:

  • A new analytic story and detections for CVE-2024-27198 and CVE-2024-27199. This security content addresses critical authentication bypass vulnerabilities in JetBrains TeamCity. To learn more about these vulnerabilities and security content, check out our blog.
  • Six new detections for remote monitoring management (RMM) software abuse contributed by @nterl0k. Thank you!

New Analytics (18)

New Analytic Stories (1)

Updated Analytics (31)

Updated Analytic Stories (2)

The team also published the following 3 blogs:

For all our tools and security content, please visit

— The Splunk Threat Research Team

Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...