v1.0.47

Enterprise Security Content Updates v 1.0.47 included the following enhancements:

Fixed issues:


• CRL-1700 Remove ES macro dependency by introducing new macros security_content_ctime replacing the ctime macro across all content, and introducing security_content_summariesonly replacing the summariesonly macro across all content.

• Removed runstory macro definition
.
• Removed comment macro for empty definition.

v1.0.46

Enterprise Security Content Updates v 1.0.46 included the following enhancements.

Fixed issues:

• CRL-1688 Ensure that ESCU is supported on Splunk Enterprise 8.0
• CRL-1686 Resolve broken hyperlinks in content files
• CRL-1609 Fix for validation check on Feedback Center page

v1.0.45

Enterprise Security Content Updates v 1.0.45 included the following enhancements.

Updated Analytic Stories:

• Added new searches "Abnormally High AWS Instances Launched by User - MLTK detection" and "Abnormally High AWS Instances Terminated by User - MLTK detection" to the "Suspicious AWS EC2 Activities" Analytic Story
• Added new search "Abnormally High AWS Instances Launched by User - MLTK detection" to the "Cloud Cryptomining" Analytic Story

Fixed issues:

• CRL-1493 ESCU Fraud Searches Are Mislabeled
• CRL-1697 Added: Cloud Compute Instance Created With Previously Unseen Image detection to Cloud Cryptomining story

v1.0.44

fixing CI errors

v1.0.43

Merge pull request #244 from splunk/remove_asx_code

remove asx files

v1.0.42

Merge pull request #192 from splunk/CRL-1607-Fix-Weird-Italics

CRL-1608 Update dyn_dns_queries.json

v1.0.41

Merge pull request #157 from splunk/dependabot/pip/typing-3.7.4

Bump typing from 3.6.6 to 3.7.4

v1.0.40

Merge pull request #155 from splunk/slim_0.9.0

Downgrading slim to 0.9.0

v1.0.39

Merge pull request #124 from splunk/ui_bug

removal of context panel

v1.0.38

Merge pull request #85 from splunk/mltk_final_tweaks

needed a break in there - formatting