Skip to content

v4.42.0

Compare
Choose a tag to compare
@patel-bhavin patel-bhavin released this 14 Oct 22:21
· 391 commits to develop since this release
eb2e7d3

Total New and Updated Content: [18]

Key Highlights:

Splunk Vulnerabilities: This release introduces key detections for recently disclosed Splunk vulnerabilities, including issues like disabling KVStore via CSRF, image file disclosure in PDF exports, and persistent XSS attacks. It also covers critical vulnerabilities such as remote code execution through arbitrary file writes and sensitive information disclosure in low-privileged user sessions and DEBUG logs. These detections enhance monitoring for exploitation attempts, improving Splunk's defenses against potential attacks and data breaches.

CISA AA24-241A : This new analytic story delivers detections tailored to identify malicious usage of PowerShell Web Access (PSWA) in Windows environments. These new detections focus on monitoring PowerShell Web Access activity through the IIS application pool and web access logs, providing enhanced visibility into suspicious or unauthorized access. The story introduces two key detections: "Windows Identify PowerShell Web Access IIS Pool" and "Windows IIS Server PSWA Console Access," which track the creation and usage of PSWA sessions, anomalies in IIS pool configurations, and unusual patterns of console access. By improving detection of PowerShell Web Access exploitation, we can defenses against potential privilege escalation, lateral movement, and remote code execution attempts within Windows infrastructures.

In addition to these updates, the detection logic for "Windows AdFind Exe" and "Linux Auditd Change File Owner To Root" has been improved based on customer feedback. These enhancements provide more accurate identification of AdFind tool usage in Windows environments and better detection of unauthorized file ownership changes to root in Linux systems, further fortifying defenses against privilege abuse and lateral movement techniques across both platforms.

New Analytic Story - [0]

Updated Analytic Story - [1]

New Analytics - [10]

Updated Analytics - [15]

Other Updates

  • Updated README.md and WIKI on Github repository