ESM Default Content 4.6 is now GA!

Hello everyone,

I am happy to inform you that ESM Default Content 4.6 is now available.

It is published on the Marketplace at ESM Default Content | Cybersecurity Marketplace

   The following MITRE IDs associated rules were added/updated in this release : 

  • T1484.002 - Domain Trust Modification Detected (New)
  • T1564 - Hide Artifacts to Evade Detection (New)
  • T1216.002 - Possible Abnormal Execution via SyncAppvPublishingServer.vbs (New)
  • T1218.015 - Possible Abnormal Use of Electron Applications (New)
  • T1123 - Possible Audio Capture via PowerShell (New)
  • T1105 - Possible Suspicious Redirect of cURL Command (New)
  • T1614.001 - Possible System Language Discovery by Registry Key (New)
  • T1505.005 - RDP Shadow Session Configuration Enabled (New)
  • T1134.005 - SID-History Injection Detected (New)
  • T1059.010 - Scripting Interpreters AutoHotKey or AutoIT Detected (New)
  • T1588.007 - Suspicious OpenAI Activity (New)
  • T1040 - Suspicious Network Sniffing (Updated)
  • Suspicious File Hash Activity in Host Sysmon Based (New)

--
Prentice S. Hayes
Principal Product Manager | Cybersecurity Enterprise, Security Analytics
OpenText Cybersecurity

LinkedIn: https://www.linkedin.com/in/prenticeshayes/ 

Website: https://www.opentext.com/