Skip to content

v3.60.0
Compare
Choose a tag to compare
@github-actions github-actions released this 21 Feb 21:03
· 6413 commits to develop since this release
v3.60.0
aca80cb
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

New Analytics Story

New Analytics

  • Exploit Public-Facing Fortinet FortiNAC CVE-2022-39952
  • Linux Data Destruction Command
  • Linux Hardware Addition SwapOff
  • Linux Impair Defenses Process Kill
  • Linux Indicator Removal Clear Cache
  • Linux Indicator Removal Service File Deletion
  • Linux System Reboot Via System Request Key
  • Linux Unix Shell Enable All SysRq Functions
  • Windows Steal Authentication Certificates CryptoAPI
  • Windows Mimikatz Crypto Export File Extensions

Updated Analytics

  • Linux Deletion Of Services
  • Linux Disable Services
  • Linux Shred Overwrite Command
  • Linux Service Restarted
  • Linux Stop Services
  • Linux Deleting Critical Directory Using RM Command
  • Wbemprox COM Object Execution

Other Updates:

  • Added Lateral Movement story to deprecated with a note to refer to Active Directory Lateral Movement analytic story.
  • Removed observables from action.escu.annotations in savedsearches.conf.
  • Added MSAccess.exe to all the Microsoft Office analytics
  • Updated Detect Outlook exe writing a zip file and removed explorer.exe as it was generating the bulk of noise.
Assets 7
Loading