Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release 4.12.0 #2848

Merged
merged 252 commits into from
Sep 20, 2023
Merged

Release 4.12.0 #2848

merged 252 commits into from
Sep 20, 2023

Conversation

patel-bhavin
Copy link
Contributor

@patel-bhavin patel-bhavin commented Sep 12, 2023
edited
Loading

Code freeze into this branch on September 15th

New Analytic Story

  • Forest Blizzard

New analytics

  • Windows Find Domain Organizational Units with GetDomainOU
  • Windows Find Interesting ACL with FindInterestingDomainAcl
  • Windows Forest Discovery with GetForestDomain
  • Windows Get Local Admin with FindLocalAdminAccess
  • Headless Browser Mockbin or Mocky Request
  • Headless Browser Usage
  • Windows AD Abnormal Object Access Activity (External Contributor : @nterl0k )
  • Windows AD Privileged Object Access Activity (External Contributor : @nterl0k )

Other Updates

  • Adding CVE to Splunk Edit User Privilege Escalation
  • Observables updated for 143+ detections to create accurate risk objects
  • Added status field to BA spec
  • Updated how to implement sections for all detections based on Endpoint.Processes

New Playbooks

  • Jira Related Tickets Search

@srv-rr-gh-researchbt
Branch was auto-updated.
d2d82b6
@srv-rr-gh-researchbt
Branch was auto-updated.
f6046cd
@srv-rr-gh-researchbt
Branch was auto-updated.
4aaacd9
@srv-rr-gh-researchbt
Branch was auto-updated.
5a477e4
@srv-rr-gh-researchbt
Branch was auto-updated.
98daa9b
@srv-rr-gh-researchbt
Branch was auto-updated.
7271c94
@srv-rr-gh-researchbt
Branch was auto-updated.
ada48b9
@srv-rr-gh-researchbt
Branch was auto-updated.
d8adc03
@srv-rr-gh-researchbt
Branch was auto-updated.
4a9132b
@srv-rr-gh-researchbt
Branch was auto-updated.
1d58a1d
@srv-rr-gh-researchbt
Branch was auto-updated.
522d633
@srv-rr-gh-researchbt
Branch was auto-updated.
a1622a0
@srv-rr-gh-researchbt
Branch was auto-updated.
19ccecc
@srv-rr-gh-researchbt
Branch was auto-updated.
6a5d846
@srv-rr-gh-researchbt
Branch was auto-updated.
2f29181
@srv-rr-gh-researchbt
Branch was auto-updated.
fe987fe
@srv-rr-gh-researchbt
Branch was auto-updated.
cafe72a
@srv-rr-gh-researchbt
Branch was auto-updated.
51722ea
@srv-rr-gh-researchbt
Branch was auto-updated.
7df0643
@srv-rr-gh-researchbt
Branch was auto-updated.
ef3f86c
@srv-rr-gh-researchbt
Branch was auto-updated.
017002d
@srv-rr-gh-researchbt
Branch was auto-updated.
ac8413f
@srv-rr-gh-researchbt
Branch was auto-updated.
e028f99
@srv-rr-gh-researchbt
Branch was auto-updated.
fa47db7
@srv-rr-gh-researchbt
Branch was auto-updated.
7493da3
@srv-rr-gh-researchbt
Branch was auto-updated.
e8da03f
@srv-rr-gh-researchbt
Branch was auto-updated.
4de8a67
@srv-rr-gh-researchbt
Branch was auto-updated.
d69b913
@srv-rr-gh-researchbt
Branch was auto-updated.
e5064e3
@srv-rr-gh-researchbt
Branch was auto-updated.
e1fd13d
gowthamarajr and others added 27 commits September 12, 2023 14:14
@gowthamarajr
Update CIM, add macros
f12ba10
@gowthamarajr
edit macro
6a3c737
@patel-bhavin
Update windows_ad_abnormal_object_access_activity.yml
1cf2761
@patel-bhavin
Update windows_ad_privileged_object_access_activity.yml
fbc808c
@gowthamarajr
Update SPL
439cf21
@patel-bhavin
Merge pull request #2804 from ericli-splunk/ericli-snow-typo
f310833 
Fix typos in ServiceNow_Related_Tickets_Search.yml
@patel-bhavin
Update windows_ad_abnormal_object_access_activity.yml
c6b398b
@patel-bhavin
Update windows_ad_privileged_object_access_activity.yml
4abb1ea
@patel-bhavin
Update certutil_with_decode_argument.yml
69f5523
@patel-bhavin
Merge pull request #2847 from splunk/headless-horseman
73dfe5d 
The Haagless Horseman 🐴
@mvelazc0
minor fixes
e623806
@patel-bhavin
Merge pull request #2810 from splunk/duplicate_2716
f5ab746 
Ad Enum - Duplicate
@srv-rr-gh-researchbt
Branch was auto-updated.
1edd30b
@patel-bhavin
spl fixes
df48560
@patel-bhavin
remove macro
a0f7f08
@patel-bhavin
Merge pull request #2836 from splunk/AD_TR_3271
ec9e45c 
Add New AD detections
@srv-rr-gh-researchbt
Branch was auto-updated.
dacd82d
@gowthamarajr
Edit how_to_implement for Endpoint.Processes
e06cfa1
@patel-bhavin
Merge branch 'release_v4.12.0' into Edit_How_To_Implement
fdb4417
@patel-bhavin
fixes
47ec8db
@patel-bhavin
Merge branch 'release_v4.12.0' into TR-2409
d429ccd
@patel-bhavin
Merge pull request #2850 from splunk/Edit_How_To_Implement
f0666c4 
Edit how_to_implement for Endpoint.Processes
@patel-bhavin
Merge pull request #2851 from splunk/TR-2409
63c9384 
TR-2409
@srv-rr-gh-researchbt
Branch was auto-updated.
6098afb
@patel-bhavin
Merge pull request #2846 from splunk/fix-automated-enrichment
db69bf0 
Fixed automated enrichment to reference renamed playbooks
@patel-bhavin
remove dynamic risk score
eae9147
@patel-bhavin
update score
e5bd444
@patel-bhavin patel-bhavin merged commit c81a487 into develop Sep 20, 2023
26 checks passed
@delete-merged-branch delete-merged-branch bot deleted the release_v4.12.0 branch September 20, 2023 18:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mvelazc0 mvelazc0 mvelazc0 approved these changes

@P4T12ICK P4T12ICK Awaiting requested review from P4T12ICK

Assignees
No one assigned
Labels
4.12.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@patel-bhavin @mvelazc0 @srv-rr-gh-researchbt @ericli-splunk @tccontre @gowthamarajr @kelby-shelton @MHaggis