Skip to content

v1.0.52
Compare
Choose a tag to compare
@josehelps josehelps released this 17 Mar 16:21
v1.0.52
5e35219
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Enterprise Security Content Updates v1.0.52 was released on March 18, 2020. It includes the following enhancements:

Fixed issues:

  • CRL-1746 - Added filter macros for several detection searches
  • CRL-1744 - Fixed empty macro unauthorize_dns_services_filter and typo in name for smb_traffic_spike_mltk_filter
  • CRL-1742 - Fixed broken "Search Summary" panel in the "Content Library" dashboard
  • Fixed various issues with search syntax in the following detections:
    Detect Outlook.exe writing a zip file
    Create or delete windows shares using net.exe
    Disabling Remote User Account Control
    First time seen command line arg
    Processes created by netsh
    Overwriting accessibility binaries
    Registry Keys Used For Privilege Escalation
    Remote Registry Key Modifications

Full documentation: https://docs.splunk.com/Documentation/ESSOC/1.0.52

Assets 3
Loading