Product News & Announcements
All the latest news and announcements about Splunk products. Subscribe and never miss an update!

Enterprise Security Content Update (ESCU) - New Releases

cwopat
Splunk Employee
Splunk Employee

 ESCU for Community.png

In the last month, the Splunk Threat Research Team (STRT) has had three releases of new content via the Enterprise Security Content Update (ESCU) app (v3.63.0, v3.64.0, v4.0.0). With these releases, there are 21 new detections and 4 new analytic stories now available in Splunk Enterprise Security via the ESCU application update process or via Splunk Security Essentials (SSE). Read on for a summary of what these entail!

Content highlights include: 

  • Detections to look for 3CX applications and compromised network indicators
  • Expanded privileged escalation detections to detect PowerShell-based malicious activity using New-CIMSession and Invoke-CIMMethod cmdlets
  • Detection searches for Winter Vivern and Sandworm malware 
  • Detections to identify suspicious bootloaders based on the diverse techniques employed by the BlackLotus bootkit 

New Analytic Stories: 

New Detections: 

For all our tools and security content, please visit research.splunk.com

The Splunk Threat Research Team has also recently published the following blogs for a more in-depth research analysis of various threats:

— The Splunk Threat Research Team

Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...