Skip to content

v3.0.2
Compare
Choose a tag to compare
@josehelps josehelps released this 18 Jun 19:55
v3.0.2
605d0c4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

New Analytic Story:

  • Suspicious Cloud Auth Activities (uses updated Authentication Data Model on ES 6.2)

New Detection:

  • Kerberoasting spn request with RC4 encryption
  • Detect new user AWS Console Login - DM

Fixed Issues:

  • Set the Macro for summariesonly to false by default
  • Updated First Time Seen Running Windows Service Detection
  • Updated Previously Seen Running Windows Services
  • Updated Reg exe Manipulating Windows Services Registry Keys
  • Updated Sc exe Manipulated Windows Services
  • AWS Cross Account Activity From Previously Unseen Account

Full documentation: https://docs.splunk.com/Documentation/ESSOC/3.0.2

Assets 3