Skip to content

v4.36.0

Compare
Choose a tag to compare
@patel-bhavin patel-bhavin released this 17 Jul 23:06
· 1453 commits to develop since this release
16885f0

Key highlights

Enterprise Security Content Updates version 4.36.0 introduces a comprehensive suite of new detections related to Sneaky Active Directory Persistence Tricks. These detections are designed to identify and alert on subtle techniques used by attackers to maintain unauthorized access within Active Directory environments. The update includes analytics for detecting distributed and localized password spray attempts, identifying internal horizontal and vertical port scans, and alerting on Windows AD self-group additions.

Additionally, this release incorporates detections for monitoring increases in group/object modification activity, tracking unusual spikes in user modification activity, detecting suspicious Windows network share interactions, and identifying installations of known vulnerable drivers. These new capabilities significantly enhance an organization's ability to spot and respond to sophisticated persistence techniques in Active Directory, improving overall security posture against advanced persistent threats.

ESCU 4.36.0

###Total New and Updated Content: [10]

New Analytics - [10]

Other Updates

  • Added new data_source objects