v1.0.52
Enterprise Security Content Updates v1.0.52 was released on March 18, 2020. It includes the following enhancements:
Fixed issues:
- CRL-1746 - Added filter macros for several detection searches
- CRL-1744 - Fixed empty macro unauthorize_dns_services_filter and typo in name for smb_traffic_spike_mltk_filter
- CRL-1742 - Fixed broken "Search Summary" panel in the "Content Library" dashboard
- Fixed various issues with search syntax in the following detections:
Detect Outlook.exe writing a zip file
Create or delete windows shares using net.exe
Disabling Remote User Account Control
First time seen command line arg
Processes created by netsh
Overwriting accessibility binaries
Registry Keys Used For Privilege Escalation
Remote Registry Key Modifications
Full documentation: https://docs.splunk.com/Documentation/ESSOC/1.0.52