Skip to content

v4.35.0
Compare
Choose a tag to compare
@patel-bhavin patel-bhavin released this 01 Jul 18:38
· 1167 commits to develop since this release
v4.35.0
fb7346f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Key Highlights

  • Enterprise Security Content Updates version 4.35.0 contains 11 new analytics and 6 updated analytics that are specifically crafted to detect the Splunk Security Advisories that were published on July 1st, 2024 for Splunk Enterprise 9.2.2, 9.1.5, 9.0.10 and Splunk Cloud. These Splunk Enterprise updates address several critical vulnerabilities, including multiple instances of persistent cross-site scripting (XSS) in various endpoints, remote code execution (RCE) exploits, and denial of service (DoS) vulnerabilities. Additionally, in this ESCU build we have updated the analytics for detecting information disclosure of user names, path traversal, insecure file uploads, and risky command safeguards bypasses, ensuring a more secure environment for Splunk Enterprise users. Please refer to https://advisory.splunk.com/ for specific details about the vulnerabilities.

Total New and Updated Content: [19]

New Analytic Story - [0]

Updated Analytic Story - [0]

New Analytics - [11]

Updated Analytics - [6]

Macros Added - [1]

  • splunkd_webs

Macros Updated - [0]

Lookups Added - [0]

Lookups Updated - [1]

  • splunk_risky_command

Playbooks Added - [0]

Playbooks Updated - [0]

Deprecated Analytics - [0]

Other Updates

  • Updated the ESCU Summary Dashboard to link directly to the Enterprise Security Use Case Library.

Full Changelog: v4.34.0...v4.35.0

Assets 3
Loading