For additional information about Infigo SIEM visit the official site:
www.infigosiem.com
Release Notes for Infigo SIEM Content App Version 4.2.120251112115318
Overview
This release includes important updates and enhancements to the Infigo SIEM Content application. Below are the key changes and configuration updates made in this version.
Key Changes
Addition of SOC Remote Management Tools:
A new stanza [soc_remote_management_tools] has been added to the transforms.conf file.
Settings:
batch_index_query: Set to 0
case_sensitive_match: Set to false
filename: Points to soc_remote_management_tools.csv
New Lookup File:
The file lookups/soc_remote_management_tools.csv has been added to the application, providing additional data for the SOC remote management tools.
h1. Release Notes for infigo_sa_siem_content (Version 4.2.120251104114021)
h2. Overview
This release includes important updates to the savedsearches.conf configuration, enhancing the detection capabilities of the Infigo SIEM Alert Manager Rules Add-on. Below are the detailed changes made in this version.
h2. Configuration Changes
h3. Saved Searches (savedsearches.conf)
1. Rule ID: END093
Rule Name: Endpoint - Windows - Suspicious Browser Or Electron App Command Executed
Modifications:*
Rule Version Updated: Changed from 1.0.1 to 1.0.2.
* Search Logic Updated: The search now excludes firefox.exe from the lookup for suspicious browser processes, enhancing the specificity of detection.
h2. Conclusion
This update focuses on improving the accuracy and effectiveness of the detection rules within the Infigo SIEM Alert Manager. You are encouraged to review the changes and adapt your configurations accordingly to leverage the enhanced capabilities of this release.
h1. Release Notes for Infigo SIEM Content Add-on (Version 4.2.120251028144431)
h2. Overview
This release includes updates and modifications to the Infigo SIEM Content Add-on. Below are the key changes made in this version.
h2. Configuration Changes
h3. Saved Searches
h4. Rule: Change - All - Password Change Of Privileged Account Outside Business Hours
* Rule ID: CHA004
* Modifications:
Rule Version Updated: Changed from 1.0.1 to 1.0.2.
Search Time Window Adjustment: The time condition in the search has been modified from checking for password changes within the last 10 minutes (<601 seconds) to checking for changes within the last 5 minutes (<301 seconds).
Description: The search detects password changes for service or privileged accounts outside of business hours. The configuration utilizes macros to define business hours and account lists.
h3. Lookups
* File Changes:
soc_first_time_seen_portable_app.csv: Updated.
soc_windows_suspicious_browser_arguments.csv: Updated.
These updates enhance the functionality of the application and improve the accuracy of the alerts generated by the saved searches. Please ensure that you review these changes and adjust your configurations accordingly to take full advantage of the new features and improvements.
There are around 20 new rules in this release.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.