Branch was auto-updated.

dist/escu/app.manifest

@@ -5,7 +5,7 @@
     "id": {
       "group": null, 
       "name": "DA-ESS-ContentUpdate", 
-      "version": "4.12.0"
+      "version": "4.13.0"
     }, 
     "author": [
       {

dist/escu/default/app.conf

@@ -4,7 +4,7 @@
 is_configured = false
 state = enabled
 state_change_requires_restart = false
-build = 17107
+build = 17285
 
 [triggers]
 reload.analytic_stories = simple
@@ -20,7 +20,7 @@ reload.es_investigations = simple
 
 [launcher]
 author = Splunk
-version = 4.12.0
+version = 4.13.0
 description = Explore the Analytic Stories included with ES Content Updates.
 
 [ui]

dist/escu/default/collections.conf

@@ -1,6 +1,6 @@
 #############
 # Automatically generated by generator.py in splunk/security_content
-# On Date: 2023-09-20T19:43:15 UTC
+# On Date: 2023-10-04T21:15:36 UTC
 # Author: Splunk Security Research
 # Contact: research@splunk.com
 #############

dist/escu/default/content-version.conf

@@ -1,2 +1,2 @@
 [content-version]
-version = 4.12.0
+version = 4.13.0

dist/escu/default/es_investigations.conf

@@ -1,6 +1,6 @@
 #############
 # Automatically generated by generator.py in splunk/security_content
-# On Date: 2023-09-20T19:43:15 UTC
+# On Date: 2023-10-04T21:15:36 UTC
 # Author: Splunk Security Research
 # Contact: research@splunk.com
 #############

dist/escu/default/macros.conf

@@ -1,6 +1,6 @@
 #############
 # Automatically generated by generator.py in splunk/security_content
-# On Date: 2023-09-20T19:43:15 UTC
+# On Date: 2023-10-04T21:15:36 UTC
 # Author: Splunk Security Research
 # Contact: research@splunk.com
 #############
@@ -109,6 +109,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[splunk_absolute_path_traversal_using_runshellscript_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [splunk_account_discovery_drilldown_dashboard_disclosure_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -145,6 +149,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[splunk_dos_using_malformed_saml_request_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [splunk_dos_via_dump_spl_command_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -213,6 +221,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[splunk_rce_via_serialized_session_payload_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [splunk_rce_via_splunk_secure_gateway__splunk_mobile_alerts_feature_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -221,6 +233,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[splunk_reflected_xss_on_app_search_table_endpoint_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [splunk_risky_command_abuse_disclosed_february_2023_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -3753,6 +3769,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[windows_abused_web_services_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [windows_access_token_manipulation_sedebugprivilege_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -3841,6 +3861,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[windows_admin_permission_discovery_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [windows_administrative_shares_accessed_on_multiple_hosts_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -3993,6 +4017,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[windows_delete_or_modify_system_firewall_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [windows_deleted_registry_by_a_non_critical_process_file_path_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -4017,6 +4045,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[windows_disable_or_modify_tools_via_taskkill_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [windows_disable_shutdown_button_through_registry_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -4109,6 +4141,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[windows_executable_in_loaded_modules_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [windows_execute_arbitrary_commands_with_msdt_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -4137,6 +4173,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[windows_njrat_fileless_storage_via_registry_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [windows_files_and_dirs_access_rights_modification_via_icacls_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -4441,6 +4481,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[windows_modify_registry_with_md5_reg_key_name_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [windows_modify_registry_wuserver_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -5013,6 +5057,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[windows_time_based_evasion_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [windows_unsigned_dll_side_loading_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -5393,6 +5441,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[jetbrains_teamcity_rce_attempt_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [juniper_networks_remote_code_execution_exploit_detection_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -5457,6 +5509,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[ws_ftp_remote_code_execution_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 
 [admon]
 definition = source=ActiveDirectory