Product News & Announcements
All the latest news and announcements about Splunk products. Subscribe and never miss an update!

Enterprise Security Content Update (ESCU) - New Releases

cwopat
Splunk Employee
Splunk Employee

 ESCU for Community.png

In the last month, the Splunk Threat Research Team (STRT) has had three releases of new content via the Enterprise Security Content Update (ESCU) app (v3.63.0, v3.64.0, v4.0.0). With these releases, there are 21 new detections and 4 new analytic stories now available in Splunk Enterprise Security via the ESCU application update process or via Splunk Security Essentials (SSE). Read on for a summary of what these entail!

Content highlights include: 

  • Detections to look for 3CX applications and compromised network indicators
  • Expanded privileged escalation detections to detect PowerShell-based malicious activity using New-CIMSession and Invoke-CIMMethod cmdlets
  • Detection searches for Winter Vivern and Sandworm malware 
  • Detections to identify suspicious bootloaders based on the diverse techniques employed by the BlackLotus bootkit 

New Analytic Stories: 

New Detections: 

For all our tools and security content, please visit research.splunk.com

The Splunk Threat Research Team has also recently published the following blogs for a more in-depth research analysis of various threats:

— The Splunk Threat Research Team

Get Updates on the Splunk Community!

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

The Defining Technology Movement of Our Lifetime The advent of agentic AI is arguably the defining technology ...

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

In today’s complex digital landscape, security teams face increasing pressure to protect sprawling data across ...

Your summer travels continue with new course releases

Summer in the Northern hemisphere is in full swing, and is often a time to travel and explore. If your summer ...