Product News & Announcements
All the latest news and announcements about Splunk products. Subscribe and never miss an update!

Enterprise Security Content Update (ESCU) | New Releases

cwopat
Splunk Employee
Splunk Employee

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the Enterprise Security Content Update (ESCU) app (v4.6.0 and v4.7.0). With these releases, there are 8 new detections, 16 updated detections and 7 new analytic stories now available in Splunk Enterprise Security via the ESCU application update process.

Content highlights include: 

  • New searches that focus on potential malicious activities related to suspicious registry modification of Windows and malicious command line behavior, including potential exploitation attempts against Citrix ADC
  • A new analytic story for the detection and investigation of unusual activities that relate to BlackByte ransomware
  • Detections for CVE-2023-36884, an unpatched zero-day vulnerability affecting Windows and Microsoft Office products, and CVE-2023-3519, a vulnerability in NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway
  • A new analytic story to detect task scheduling activities related to MITRE ATT&CK technique T1053
  • New searches to detect activities related to Amadey, a type of malware that primarily operates as a banking Trojan 
  • Detections for potential exploitation attempts against VMware vRealize Network Insight that align with the characteristics of CVE-2023-20887

New Analytic Stories: 

New Detections: 

Updated Detections: 

The team has also published the following blogs:

For all our tools and security content, please visit research.splunk.com

— The Splunk Threat Research Team

 

Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...