Skip to content
Search
Get A Demo
Free SIEM
    Get A Demo
    Free SIEM
      March 12, 2024

      Security Detection Update - 2024-3-12

      Welcome to our weekly security detection and report update. Our Incident Detection Engineering (IDE) Team is constantly hard at work. Creating, testing, and writing detections for you! This week, we've made several important updates to improve your security posture and enhance the functionality of our detections. As you might know, monthly, we also release an overview of the entirety of what was changed in the product. However in these updates we'll focus on the net new content that IDE provides on an ongoing basis, musings from our team, and maybe the occasional horoscope if you're lucky.

      Introduction and Overview

      This week was split up into research, bug fixes and the detection and report listed below!

      Your Mira provided cybersecurity horoscope for today:

      By utilizing Blumira to safeguard your environment, the stars align favorably for your venture. Your foresight in choosing advanced cybersecurity solutions heralds a period of robust protection and trust, strengthening your relationships and business ventures. Innovations and strategic decisions will lead to growth, setting you apart as a leader in your industry. The commitment to excellence and security you've shown will attract prosperous opportunities and lasting success.

      New Detections

      This update introduces several new detections, including:

      JavaScript Executed From Unusual Directory

      This TTP has been associated with SocGholish incidents and is a valid indicator of suspicious behavior that should be investigated. This detection identifies when JavaScript files are run from User or Public user directories (downloads, desktop, etc). For more information, click here.

      • Status: Enabled
      • Log type requirement: Windows process creation or Blumira Agent for Windows

      New Reports

      This update introduces new global reports, including:

      Google Workspace: File ACL Changes (ALL)

      This global report has been created to find Google Workspace docs or drive items that have had their ACL (Access Control List) modified. For best results you can customize the report with the target and actor not containing your domain(s) to remove internal changes.

      Tag(s): Security Trends and Info , Product Updates , Security Alerts , Blog , Product Release Notes , Detection Update

      Amanda Berlin

      Amanda Berlin is Lead Incident Detection Engineer at Blumira, bringing nearly two decades of experience to her position. At Blumira she leads a team of incident detection engineers who are responsible for creating new detections based on threat intelligence and research for the Blumira platform. An accomplished...

      More from the blog

      View All Posts
      Screen capture of the Blumira platform
      SIEM XDR
      10 min read | November 12, 2024

      October 2024 Product Release Notes

      Read More
      Product Updates
      2 min read | November 8, 2024

      Security Detection Update – 2024-11-08

      Read More
      Blumira announcement: Bulk Rule Management for MSPs
      Product Updates
      6 min read | November 6, 2024

      Now Available: Bulk Rule Management For MSPs

      Read More