This page contains information about new content released in the last month, and improvements and bug fixes to existing content.
This information, and information about all existing content, can also be found in the Knowledge Center in the Hunters portal.
New Content
Category | Name | Description | Prerequisites | Where it can be found |
---|
Detector | Suspicious Command Execution Using msdt.exe | Detects command executions using Microsoft's Diagnostic Troubleshooting Wizard (msdt.exe) This behavior can indicate exploitation of the CVE-2022-30190 ("Follina") vulnerability. | | Leads page - Enterprise Network leads |
Improvements and Bugfixes
IOC lookup detectors' base confidence reduced from Likely to Unlikely
Improved scoring model of all Microsoft 365 Defender alerts to utilize the tactics, techniques and severity level provided by the vendor
Fixed display issue with hostname attribute in SentinelOne Threats detector
Improved scoring of the detector “IP IOC Found in Network Traffic Events” by extracting the traffic direction and the firewall action, and modifying the MITRE tactics and severity of leads accordingly.
Fixed a bug in scoring of the detector “Sharing of EBS Snapshot“ to support rare cases where target account ID field is empty.
Decrease FP rate of the detector “Sharing of EBS Snapshot“ by excluding activities done by common 3rd party products, and fine tune the scoring model.
Improved scoring of the detector “Netcat Execution” by mapping the use of each feature of Netcat to its respective MITRE ATT&CK Technique, and detecting suspicious children running under Netcat.
Decrease FP rate of the detector “Suspected C2 Communication Using Common App” by excluding communications conducted by windows services or third party products. Also, fine tuning the scoring.