v4.27.0
gowthamarajr
released this
20 Mar 23:08
·
1691 commits
to develop
since this release
Updated Analytics Story
New Analytics
- Windows Credential Access From Browser Password Store
- Windows Known Abused DLL Created (External Contributor : @nterl0k )
Updated Analytics
- Okta User Logins From Multiple Cities
- Path traversal SPL injection
- Splunk User Enumeration Attempt
- AWS Concurrent Sessions From Different Ips
- AWS Credential Access RDS Password reset
- Kubernetes Nginx Ingress LFI
- Kubernetes Nginx Ingress RFI
- Kubernetes Previously Unseen Process
- O365 Multiple Users Failing To Authenticate From Ip
- Detect AzureHound Command-Line Arguments
- Detect AzureHound File Modifications
- Detect SharpHound Command-Line Arguments
- Detect SharpHound File Modifications
- Detect SharpHound Usage
- Disabling Windows Local Security Authority Defences via Registry
- Linux Iptables Firewall Modification
- Linux Kworker Process In Writable Process Path
- Linux Stdout Redirection To Dev Null File
- Network Traffic to Active Directory Web Services Protocol
- System Information Discovery Detection
- Windows SOAPHound Binary Execution
Lookups Added
- browser_app_list
- hijacklibs_loaded (External Contributor : @nterl0k )
Playbooks Updated
- All playbook yamls updated to use a list of D3FEND IDs