Skip to content

v4.6.0
Compare
Choose a tag to compare
@github-actions github-actions released this 27 Jun 23:32
· 3773 commits to develop since this release
v4.6.0
febc045
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

New Analytics

  • Windows PowerShell ScheduleTask
  • Windows Files and Dirs Access Rights Modification Via Icacls

Updated Analytics

  • ICACLS Grant Command
  • Registry Keys Used For Persistence
  • PowerShell 4104 Hunting
  • Detect Baron Samedit CVE-2021-3156 Segfault
  • Detect Baron Samedit CVE-2021-3156
  • Windows System Shutdown CommandLine
  • VMWare Aria Operations Exploit Attempt

New Analytic Story

  • Scheduled Tasks
  • Amadey
  • Graceful Wipe Out Attack
  • VMware Aria Operations vRealize CVE-2023-20887

Other Updates

  • Improved descriptions of several detections, tagged appropriate Mitre IDs and Analytic Stories to detections
  • Added filter macros to the macros.json file served via the API
  • Added content_changer functionality to security content

New Playbooks

  • URL Outbound Traffic Filtering Dispatch
  • Panorama Outbound Traffic Filtering
  • Splunk Message Identifier Activity Analysis
  • G Suite for GMail Message Identifier Activity Analysis
  • ZScaler Outbound Traffic Filtering
Assets 7
Loading