-
Notifications
You must be signed in to change notification settings - Fork 332
Issues: splunk/security_content
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
Custom Content Development
enhancement
New feature or request
#3019
opened Jun 11, 2024 by
lluked
updated Jun 11, 2024
[BUG] Something isn't working
Message
vs. ScriptBlockText
for Powershell rules
bug
#3015
opened May 30, 2024 by
ccl0utier
updated Jun 11, 2024
[BUG] Incorrect logic statement in detection search "Detect Renamed PSExec"
bug
Something isn't working
#3009
opened May 14, 2024 by
OberAlex
updated May 14, 2024
detect_new_local_admin_account.yml query update
bug
Something isn't working
#2073
opened Mar 8, 2022 by
TheLawsOfChaos
updated Apr 26, 2024
[BUG] Missing Wildcards in Splunk Rule for Detecting Known Services Killed by Ransomware
bug
Something isn't working
#2996
opened Apr 9, 2024 by
shimonShouei
updated Apr 9, 2024
[BUG] Detections with joins failed to properly translate to Sigma
bug
Something isn't working
#2987
opened Mar 29, 2024 by
ajkingio
updated Mar 29, 2024
Minor malicious_powershell_process___encoded_command search update
enhancement
New feature or request
#2982
opened Mar 20, 2024 by
SirDuckly
updated Mar 20, 2024
Azure AD Multi-Source Failed Authentications Spike - Missing ADFSSignInLogs category
enhancement
New feature or request
#2980
opened Mar 20, 2024 by
atgithub11
updated Mar 20, 2024
Scheduled Task Initiation on Remote Endpoint - Update Analytics
enhancement
New feature or request
#2977
opened Mar 10, 2024 by
Badoodish
updated Mar 10, 2024
[BUG] Datasource is set incorrectly on this detection
bug
Something isn't working
#2962
opened Feb 15, 2024 by
josehelps
updated Feb 15, 2024
Include "Drilldown name and Search" in the detection template
4.0.0
Security Content 4.0.0
enhancement
New feature or request
#2385
opened Sep 23, 2022 by
gs3cl
updated Feb 1, 2024
[BUG] ESCU - Detect Excessive Account Lockouts From Endpoint
bug
Something isn't working
#2929
opened Dec 14, 2023 by
githubonlyy
updated Jan 25, 2024
Underscores in some Windows log based rules
bug
Something isn't working
#2312
opened Aug 2, 2022 by
alekwisnia
updated Jan 24, 2024
pre trained Deep Learning models for ESCU - Support for DSDL Version 5.1.1
enhancement
New feature or request
#2939
opened Jan 9, 2024 by
atgithub11
updated Jan 24, 2024
[BUG] Linux Service Started Or Enabled triggering on Windows events
bug
Something isn't working
#2944
opened Jan 17, 2024 by
0xC0FFEEEE
updated Jan 24, 2024
[BUG] O365 Mailbox Inbox Folder Shared with All Users. Field "object" doesn't exist.
needs-more-info
#2937
opened Jan 2, 2024 by
atgithub11
updated Jan 24, 2024
[BUG] "Kerberos TGT Request Using RC4 Encryption" using non-CIM field "Account_Name"
bug
Something isn't working
#2920
opened Dec 1, 2023 by
iso-rgomez
updated Jan 24, 2024
Include New feature or request
tags.atomic_guid
and tags.required_fields
into ESCU
enhancement
#2904
opened Oct 30, 2023 by
ccl0utier
updated Jan 23, 2024
[BUG] ESCU CS fields LogonType and TargetUserName
bug
Something isn't working
#2869
opened Oct 2, 2023 by
cp-sn
updated Jan 23, 2024
kubernetes detections to be ported to opentelemetry output because of EOS of sc4k
enhancement
New feature or request
#2679
opened May 17, 2023 by
hhgsplk
updated Jan 22, 2024
short_lived_windows_accounts.yml adding risk to user
#2353
opened Aug 31, 2022 by
jwindley-splunk
updated Jan 22, 2024
[BUG] artifact_update custom function fails if cef_value passed is 0
bug
Something isn't working
#2821
opened Aug 22, 2023 by
ianwills-splunk
updated Aug 29, 2023
TR-2335: Use of Incident Response/Review compatible fields in Correlation Searches
enhancement
New feature or request
#2319
opened Aug 9, 2022 by
beano500
updated Oct 11, 2022
ProTip!
Adding no:label will show everything without a label.