• Support
  • Forums
  • Blogs
A New Community Experience is Coming! For more information, please see our announcement.

USM Anywhere 2018-12-19 Update

SkylarTalleySkylarTalley

AlienVault Employee
+12
We've updated USM Anywhere with the defect fixes listed below. The USM Anywhere service and Sensors are updated automatically so you do not need to take any additional actions for the update to take effect.

Select Defects
ATLAS-20774 - Authenticated scans runs but does not retrieve any info or vuln
ATLAS-21178 – Agent dashboard disappears if agents offline

Threat Intelligence

New Plugins
AR-2520 - Radware Cloud Services
AR-2530 - Paloalto PAN-OS [0.15] for login events not giving any name to the event, replace with login
AR-2535 - Update Fortigate plugin

 New Rules
AR-2312 - Improve Azure Security Center rules
AR-2373 - New Rule: Suspicious UA connecting to Dynamic DNS domain
AR-2449 - Powershell memory injection shellcode in commandline
AR-2460 - Agent Action: get Docker mounted devices
AR-2475 - Add detections for lateral movement tools
AR-2493 - Investigate: detections for scenario
AR-2516 - Review potential Cobalt Strike detection
AR-2529 - Detect new linux uid exploit. CVE-2018-19788
AR-2536 - COM Hijack via Script Object
AR-2537 - Logon Scripts persistence
AR-2540 - Agent: Persistence netsh registry key
AR-2548 - New Agent detection: Platinum's REDPEPPER persistence via wmi_filter

 Improvements
AR-2172 - OSX Agent not compatible with Sierra systems.
AR-2491 - Plugin update - NXLOG parse ADFS event Username, Client IP, Activity ID.
AR-2494 - PfSense System and Linux DNSMASQ: New plugins
AR-2514 - Improve rule AVAgentDetectionDockerCryptoMiner
AR-2528 - Increase Bruteforce rule thresholds

Defects
AR-2527 - Azure MFA
AR-2531- Remove duplicated entries in agent dict

Share post:

Comments

Sign In or Register to comment.