Product News & Announcements
All the latest news and announcements about Splunk products. Subscribe and never miss an update!

Enterprise Security Content Update (ESCU) - New Releases

cwopat
Splunk Employee
Splunk Employee

 ESCU for Community.png

In the last month, the Splunk Threat Research Team (STRT) has had three releases of new content via the Enterprise Security Content Update (ESCU) app (v3.63.0, v3.64.0, v4.0.0). With these releases, there are 21 new detections and 4 new analytic stories now available in Splunk Enterprise Security via the ESCU application update process or via Splunk Security Essentials (SSE). Read on for a summary of what these entail!

Content highlights include: 

  • Detections to look for 3CX applications and compromised network indicators
  • Expanded privileged escalation detections to detect PowerShell-based malicious activity using New-CIMSession and Invoke-CIMMethod cmdlets
  • Detection searches for Winter Vivern and Sandworm malware 
  • Detections to identify suspicious bootloaders based on the diverse techniques employed by the BlackLotus bootkit 

New Analytic Stories: 

New Detections: 

For all our tools and security content, please visit research.splunk.com

The Splunk Threat Research Team has also recently published the following blogs for a more in-depth research analysis of various threats:

— The Splunk Threat Research Team

Get Updates on the Splunk Community!

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

A Prelude to .conf25: Your Guide to Splunk University

Heading to Boston this September for .conf25? Get a jumpstart by arriving a few days early for Splunk ...