-
Notifications
You must be signed in to change notification settings - Fork 331
Issues: splunk/security_content
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
pre trained Deep Learning models for ESCU - Support for DSDL Version 5.1.1
enhancement
New feature or request
#2939
opened Jan 9, 2024 by
atgithub11
Underscores in some Windows log based rules
bug
Something isn't working
#2312
opened Aug 2, 2022 by
alekwisnia
TR-2335: Use of Incident Response/Review compatible fields in Correlation Searches
enhancement
New feature or request
#2319
opened Aug 9, 2022 by
beano500
Include "Drilldown name and Search" in the detection template
4.0.0
Security Content 4.0.0
enhancement
New feature or request
#2385
opened Sep 23, 2022 by
gs3cl
kubernetes detections to be ported to opentelemetry output because of EOS of sc4k
enhancement
New feature or request
#2679
opened May 17, 2023 by
hhgsplk
[BUG] artifact_update custom function fails if cef_value passed is 0
bug
Something isn't working
#2821
opened Aug 22, 2023 by
ianwills-splunk
[BUG] ESCU CS fields LogonType and TargetUserName
bug
Something isn't working
#2869
opened Oct 2, 2023 by
cp-sn
Include New feature or request
tags.atomic_guid
and tags.required_fields
into ESCU
enhancement
#2904
opened Oct 30, 2023 by
ccl0utier
[BUG] "Kerberos TGT Request Using RC4 Encryption" using non-CIM field "Account_Name"
bug
Something isn't working
#2920
opened Dec 1, 2023 by
iso-rgomez
[BUG] ESCU - Detect Excessive Account Lockouts From Endpoint
bug
Something isn't working
#2929
opened Dec 14, 2023 by
githubonlyy
detect_new_local_admin_account.yml query update
bug
Something isn't working
#2073
opened Mar 8, 2022 by
TheLawsOfChaos
[BUG] O365 Mailbox Inbox Folder Shared with All Users. Field "object" doesn't exist.
needs-more-info
#2937
opened Jan 2, 2024 by
atgithub11
[BUG] Linux Service Started Or Enabled triggering on Windows events
bug
Something isn't working
#2944
opened Jan 17, 2024 by
0xC0FFEEEE
[BUG] Datasource is set incorrectly on this detection
bug
Something isn't working
#2962
opened Feb 15, 2024 by
josehelps
Scheduled Task Initiation on Remote Endpoint - Update Analytics
enhancement
New feature or request
#2977
opened Mar 10, 2024 by
Badoodish
Azure AD Multi-Source Failed Authentications Spike - Missing ADFSSignInLogs category
enhancement
New feature or request
#2980
opened Mar 20, 2024 by
atgithub11
Minor malicious_powershell_process___encoded_command search update
enhancement
New feature or request
#2982
opened Mar 20, 2024 by
SirDuckly
[BUG] Detections with joins failed to properly translate to Sigma
bug
Something isn't working
#2987
opened Mar 29, 2024 by
ajkingio
[BUG] Missing Wildcards in Splunk Rule for Detecting Known Services Killed by Ransomware
bug
Something isn't working
#2996
opened Apr 9, 2024 by
shimonShouei
[BUG] Incorrect logic statement in detection search "Detect Renamed PSExec"
bug
Something isn't working
#3009
opened May 14, 2024 by
OberAlex
[BUG] browser_app_list lookup doesn't exist in indexers, causing query to fail in "Windows Credential Access From Browser Password Store"
bug
Something isn't working
#3014
opened May 23, 2024 by
iso-rgomez
[BUG] Something isn't working
Message
vs. ScriptBlockText
for Powershell rules
bug
#3015
opened May 30, 2024 by
ccl0utier
ProTip!
Updated in the last three days: updated:>2024-06-04.