Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release branch for 4.14.0 #2880

Merged
merged 57 commits into from
Oct 18, 2023
Merged

Release branch for 4.14.0 #2880

merged 57 commits into from
Oct 18, 2023

Conversation

pyth0n1c
Copy link
Collaborator

@pyth0n1c pyth0n1c commented Oct 7, 2023
edited by patel-bhavin

Release notes

New Analytic Story

  • Subvert Trust Controls SIP and Trust Provider Hijacking
  • Microsoft SharePoint Server Elevation of Privilege CVE-2023-29357
  • Cisco IOS XE Software Web Management User Interface vulnerability

New Analytics

  • Confluence CVE-2023-22515 Trigger Vulnerability
  • Cisco IOS XE Implant Access
  • Detect Certipy File Modifications (External Contributor : @nterl0k )
  • Windows Domain Admin Impersonation Indicator
  • Windows Registry SIP Provider Modification
  • Microsoft SharePoint Server Elevation of Privilege
  • Windows Steal Authentication Certificates - ESC1 Abuse (External Contributor : @nterl0k )
  • Windows SIP Provider Inventory
  • Windows SIP WinVerifyTrust Failed Trust Validation

Updated Analytics

Other Updates

  • Minor changes to playbook names and UUID
  • Updated descriptions for 50 detections

BA Updates

  • Added lower() to BA detection searches in the eval function

gowthamarajr and others added 15 commits September 29, 2023 11:57
@gowthamarajr
Update 50 detections
8cd1076
@gowthamarajr
Edit parsing
64096b6
@ljstella
Add lower to evals
c668947
@patel-bhavin
convert sigma values to lowercase
f512d5d
@srv-rr-gh-researchbt
Branch was auto-updated.
762d9c6
@ljstella
launch.json config for debugging convert
c1e0211
@ljstella
selectively lowercase eval'd fields
6fd0f77
@ljstella
Reconvert from sigma with new logic
d40d319
@patel-bhavin
updating files and metadata
49d1751
@mvelazc0
adding new detection - diamond ticket
a20f6b7
@patel-bhavin
update for data
1612821
@ljstella
Update two detections to use IN()
9a67bbd
@pyth0n1c
contentctl validate throws errors
3fce3df 
on the following playbooks. the first
had an invalid uuid (improper number
of characters). The second had unallowed
characters in the name (underscores).  I
will reach out to the devs for this content
to understand what implications these changes
may have.
@pyth0n1c
Fix the ids associated with a number of playbooks and fix incorrectly…
7ff0904 
… named referenced detections. Check with Playbook SME to understand the full implications of these changes.
@pyth0n1c
Meaningless commit to
6ba2975 
the release branch so that 
we can open a PR
@pyth0n1c pyth0n1c added the 4.14.0 label Oct 7, 2023
patel-bhavin and others added 28 commits October 12, 2023 11:15
@patel-bhavin
update source
fb66f99
@patel-bhavin
Merge pull request #2879 from splunk/Diamond_Ticket
e324b3d 
Diamond Ticket
@srv-rr-gh-researchbt
Branch was auto-updated.
f06d7fc
@srv-rr-gh-researchbt
Branch was auto-updated.
d883138
@srv-rr-gh-researchbt
Branch was auto-updated.
5e537ec
@srv-rr-gh-researchbt
Branch was auto-updated.
2dd1d58
@patel-bhavin
Merge pull request #2863 from splunk/update_50_detections
3d994b2 
Update 50 detections
@MHaggis
Create confluence_cve_2023_22515_trigger_vulnerability.yml
69be7e2
@patel-bhavin
new PR with correct yamls
ab59162
@MHaggis
macro
39d89dc
@patel-bhavin
update story name
4106413
@patel-bhavin
Merge pull request #2886 from splunk/sharepoint_duplicate
606aed1 
Microsoft SharePoint Server Elevation of Privilege
@srv-rr-gh-researchbt
Branch was auto-updated.
33c8026
@patel-bhavin
macros error
07f2c0e
@MHaggis
Update confluence_cve_2023_22515_trigger_vulnerability.yml
f3e2739
@patel-bhavin
Merge pull request #2882 from splunk/sip_it_sip_it_good
d54f5e5 
SIP Happens: Stirring Up the Crypto with a New Module
@patel-bhavin
Merge pull request #2885 from splunk/1more1
ac7d89f 
Create confluence_cve_2023_22515_trigger_vulnerability.yml
@patel-bhavin
updated descriptions
fdd1067
@patel-bhavin
updated with proper format
bf7abc8
@patel-bhavin
Merge pull request #2887 from splunk/decriptions_change
508fbc4 
description updated with proper format
@MHaggis
Cisco IOS XE Vulnerability CVE-2023-20198
52b666b
@MHaggis
Update cisco_ios_xe_software_web_management_user_interface_vulnerabil…
0c1e54f 
…ity.yml
@MHaggis
fix
4855e9d
@MHaggis
Update cisco_ios_xe_implant_access.yml
64775a0
@MHaggis
Merge branch 'cve202320198' of https://github.com/splunk/security_con…
d8641bf 
…tent into cve202320198
@patel-bhavin
Merge pull request #2888 from splunk/cve202320198
a2b453f 
Cisco IOS XE Vulnerability CVE-2023-20198
@patel-bhavin
fixing indentation
57aa264
@patel-bhavin
minor
585e125
@gowthamarajr gowthamarajr merged commit edb7165 into develop Oct 18, 2023
26 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gowthamarajr gowthamarajr gowthamarajr approved these changes

@patel-bhavin patel-bhavin Awaiting requested review from patel-bhavin patel-bhavin is a code owner

@P4T12ICK P4T12ICK Awaiting requested review from P4T12ICK

Assignees
No one assigned
Labels
4.14.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@pyth0n1c @gowthamarajr @ljstella @patel-bhavin @srv-rr-gh-researchbt @mvelazc0 @MHaggis