Skip to content

v1.0.50
Compare
Choose a tag to compare
@josehelps josehelps released this 07 Feb 19:22
v1.0.50
bdedd41

Enterprise Security Content Updates v 1.0.50 was released on February 13, 2020. It includes the following enhancements:

Fixed issues:

  • CRL-1727 - Fixed bug in "AWS Activity in New Region" around converting the time to a readable format
  • CRL-1726 - Some lookup files were inadvertently omitted from the last couple of builds. All lookups now properly included
  • CRL-1725 - Updated search in "Detect Prohibited Applications Spawning cmd.exe" to use parent_process_name vs parent_process where appropriate
  • CRL-1723 - Fixed search "Suspicious Writes to Windows Recycle Bin" to use Filesystem.file_path as opposed to Filesystem.filepath
  • Closes issue 343
  • Introduced a new detection MacOS - Re-opened Applications contributed by @jwindley-splunk

Full documentation: https://docs.splunk.com/Documentation/ESSOC/1.0.50

Assets 3