Skip to content

v4.12.0
Compare
Choose a tag to compare
@github-actions github-actions released this 20 Sep 19:54
· 1439 commits to develop since this release
v4.12.0
c81a487
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

New Analytic Story

  • Forest Blizzard

New analytics

  • Windows Find Domain Organizational Units with GetDomainOU
  • Windows Find Interesting ACL with FindInterestingDomainAcl
  • Windows Forest Discovery with GetForestDomain
  • Windows Get Local Admin with FindLocalAdminAccess
  • Headless Browser Mockbin or Mocky Request
  • Headless Browser Usage
  • Windows AD Abnormal Object Access Activity (External Contributor : @nterl0k )
  • Windows AD Privileged Object Access Activity (External Contributor : @nterl0k )

Other Updates

  • Adding CVE to Splunk Edit User Privilege Escalation
  • Observables updated for 143+ detections to create accurate risk objects
  • Added status field to BA spec
  • Updated how to implement sections for all detections based on Endpoint.Processes

New Playbooks

  • Jira Related Tickets Search

Contributors

nterl0k
Assets 7
Loading