Skip to content

Issues: splunk/security_content

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear current search query, filters, and sorts
23 Open 232 Closed
23 Open 232 Closed
Author
Filter by author
Label
Filter by label
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Milestones
Filter by milestone
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Custom Content Development enhancement New feature or request
#3019 opened Jun 11, 2024 by lluked updated Jun 11, 2024
@ljstella
1
[BUG] Message vs. ScriptBlockText for Powershell rules bug Something isn't working
#3015 opened May 30, 2024 by ccl0utier updated Jun 11, 2024
@ljstella
1
[BUG] Incorrect logic statement in detection search "Detect Renamed PSExec" bug Something isn't working
#3009 opened May 14, 2024 by OberAlex updated May 14, 2024
detect_new_local_admin_account.yml query update bug Something isn't working
#2073 opened Mar 8, 2022 by TheLawsOfChaos updated Apr 26, 2024
@P4T12ICK
3
[BUG] Missing Wildcards in Splunk Rule for Detecting Known Services Killed by Ransomware bug Something isn't working
#2996 opened Apr 9, 2024 by shimonShouei updated Apr 9, 2024
[BUG] Detections with joins failed to properly translate to Sigma bug Something isn't working
#2987 opened Mar 29, 2024 by ajkingio updated Mar 29, 2024
Minor malicious_powershell_process___encoded_command search update enhancement New feature or request
#2982 opened Mar 20, 2024 by SirDuckly updated Mar 20, 2024
Azure AD Multi-Source Failed Authentications Spike - Missing ADFSSignInLogs category enhancement New feature or request
#2980 opened Mar 20, 2024 by atgithub11 updated Mar 20, 2024
Scheduled Task Initiation on Remote Endpoint - Update Analytics enhancement New feature or request
#2977 opened Mar 10, 2024 by Badoodish updated Mar 10, 2024
[BUG] Datasource is set incorrectly on this detection bug Something isn't working
#2962 opened Feb 15, 2024 by josehelps updated Feb 15, 2024
Include "Drilldown name and Search" in the detection template 4.0.0 Security Content 4.0.0 enhancement New feature or request
#2385 opened Sep 23, 2022 by gs3cl updated Feb 1, 2024
@patel-bhavin
3
[BUG] ESCU - Detect Excessive Account Lockouts From Endpoint bug Something isn't working
#2929 opened Dec 14, 2023 by githubonlyy updated Jan 25, 2024
@patel-bhavin
3
Underscores in some Windows log based rules bug Something isn't working
#2312 opened Aug 2, 2022 by alekwisnia updated Jan 24, 2024
@ljstella
4
pre trained Deep Learning models for ESCU - Support for DSDL Version 5.1.1 enhancement New feature or request
#2939 opened Jan 9, 2024 by atgithub11 updated Jan 24, 2024
@josehelps
1
[BUG] Linux Service Started Or Enabled triggering on Windows events bug Something isn't working
#2944 opened Jan 17, 2024 by 0xC0FFEEEE updated Jan 24, 2024
@josehelps
2
[BUG] O365 Mailbox Inbox Folder Shared with All Users. Field "object" doesn't exist. needs-more-info
#2937 opened Jan 2, 2024 by atgithub11 updated Jan 24, 2024
@josehelps
1
[BUG] "Kerberos TGT Request Using RC4 Encryption" using non-CIM field "Account_Name" bug Something isn't working
#2920 opened Dec 1, 2023 by iso-rgomez updated Jan 24, 2024
@josehelps
1
Include tags.atomic_guid and tags.required_fields into ESCU enhancement New feature or request
#2904 opened Oct 30, 2023 by ccl0utier updated Jan 23, 2024
@pyth0n1c
[BUG] ESCU CS fields LogonType and TargetUserName bug Something isn't working
#2869 opened Oct 2, 2023 by cp-sn updated Jan 23, 2024
@josehelps
3
kubernetes detections to be ported to opentelemetry output because of EOS of sc4k enhancement New feature or request
#2679 opened May 17, 2023 by hhgsplk updated Jan 22, 2024
@P4T12ICK
1
short_lived_windows_accounts.yml adding risk to user
#2353 opened Aug 31, 2022 by jwindley-splunk updated Jan 22, 2024
1
[BUG] artifact_update custom function fails if cef_value passed is 0 bug Something isn't working
#2821 opened Aug 22, 2023 by ianwills-splunk updated Aug 29, 2023
@ljstella
TR-2335: Use of Incident Response/Review compatible fields in Correlation Searches enhancement New feature or request
#2319 opened Aug 9, 2022 by beano500 updated Oct 11, 2022
@ljstella
1
ProTip! Adding no:label will show everything without a label.