Splunk Search

CVE-2023-23397 is all the rage right now.
Has anyone figured out a way to detect this in office content?
I've checked all Microsoft docs I can find, but nothing informs me as to what I'm actually looking for inside an email or contact etc.

MS has some pwershell things to look for in your environment. Eith on-prem Exchange or Cloud-based.

https://github.com/microsoft/CSS-Exchange/blob/a4c096e8b6e6eddeba2f42910f165681ed64adf7/docs/Securit...

This blog post might help: https://www.cardinalops.com/en/resources/detecting-microsoft-outlook-vulnerability-cve-2023-23397-sp...

You can check out our thread about this in the user group: https://splunk-usergroups.slack.com/archives/CDNHXVBGS/p1678882662724229.

Hi

I'm not a member of "splunk-usergroups on Slack" so can't see the detail you are referencing

You won't regret joining it: https://docs.splunk.com/Documentation/Community/current/community/Chat

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious! We’re back with another ...