Hello everyone,
I am happy to inform you that ESM Default Content 4.6 is now available.
It is published on the Marketplace at ESM Default Content | Cybersecurity Marketplace
The following MITRE IDs associated rules were added/updated in this release :
- T1484.002 - Domain Trust Modification Detected (New)
- T1564 - Hide Artifacts to Evade Detection (New)
- T1216.002 - Possible Abnormal Execution via SyncAppvPublishingServer.vbs (New)
- T1218.015 - Possible Abnormal Use of Electron Applications (New)
- T1123 - Possible Audio Capture via PowerShell (New)
- T1105 - Possible Suspicious Redirect of cURL Command (New)
- T1614.001 - Possible System Language Discovery by Registry Key (New)
- T1505.005 - RDP Shadow Session Configuration Enabled (New)
- T1134.005 - SID-History Injection Detected (New)
- T1059.010 - Scripting Interpreters AutoHotKey or AutoIT Detected (New)
- T1588.007 - Suspicious OpenAI Activity (New)
- T1040 - Suspicious Network Sniffing (Updated)
- Suspicious File Hash Activity in Host Sysmon Based (New)
--
Prentice S. Hayes
Principal Product Manager | Cybersecurity Enterprise, Security Analytics
OpenText Cybersecurity
LinkedIn: https://www.linkedin.com/in/prenticeshayes/
Website: https://www.opentext.com/