Product News & Announcements
All the latest news and announcements about Splunk products. Subscribe and never miss an update!

Enterprise Security Content Update (ESCU) | New Releases

cwopat
Splunk Employee
Splunk Employee

In the last month, the Splunk Threat Research Team (STRT) has had 4 releases of new security content via the Enterprise Security Content Update (ESCU) app (v4.8.0, v4.9.0, v4.10.0 and v4.11.1). With these releases, there are 24 new detections, 27 updated detections and 8 new analytic stories now available in Splunk Enterprise Security via the ESCU application update process.

Content highlights include: 

  • An analytic story with detections related to known activities of the group Flax Typhoon
  • Detections for organizations using Adobe ColdFusion related to critical vulnerabilities CVE-2023-29298 and CVE-2023-26360
  • Detection for critical vulnerability Ivanti Sentry (CVE-2023-38035)
  • An analytic story to detect suspicious activities potentially related to Ave Maria (aka Warzone) RAT
  • Updated detections related to Azure Active Directory 
  • New detections for Windows Certificate Services and Active Directory Discovery 
  • Updated detections for Clop ransomware variants 
  • An analytic story related Citrix ShareFile RCE CVE-2023-24489
  • Detections for zero-day vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) CVE-2023-35078 and CVE-2023-35082.
  • A new analytic for hunting events associated with Splunk Vulnerability Disclosure SVD-2023-0606 in which an attacker can use a specially crafted web URL in their browser to cause log file injection. The attack inserts American National Standards Institute (ANSI) escape codes into specific files using a terminal program that supports those escape codes. The attack requires a terminal program that supports the translation of ANSI escape codes and requires additional user interaction to execute successfully. 

New Analytic Stories: 

New Detections: 

Updated Detections: 

For all our tools and security content, please visit research.splunk.com.

— The Splunk Threat Research Team

Get Updates on the Splunk Community!

Bridging the Gap: Splunk Helps Students Move from Classroom to Career

The Splunk Community is a powerful network of users, educators, and organizations working together to tackle ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...