splunk · ljstella · Mar 5, 2026 · Mar 4, 2026 · Mar 5, 2026 · Mar 5, 2026
@@ -3,7 +3,7 @@ app:
   uid: 3449
   title: ES Content Updates
   appid: DA-ESS-ContentUpdate
-  version: 5.23.0
+  version: 5.24.0
   description: Explore the Analytic Stories included with ES Content Updates.
   prefix: ESCU
   label: ESCU

@@ -3,7 +3,7 @@ id: d870ce3b-e796-402f-b2af-cab4da1223f2
 version: 11
 date: '2026-02-10'
 author: Gowthamaraj Rajendran, Bhavin Patel, Splunk
-status: deprecated
+status: removed
 type: Anomaly
 description: The following analytic detects the execution of the 'apt-get' command with elevated privileges using 'sudo' on a Linux system. It leverages data from Endpoint Detection and Response (EDR) agents, focusing on process execution logs that include command-line details. This activity is significant because it indicates a user may be attempting to escalate privileges to root, which could lead to unauthorized system control. If confirmed malicious, an attacker could gain root access, allowing them to execute arbitrary commands, install or remove software, and potentially compromise the entire system.
 data_source:

@@ -1 +1 @@
-contentctl==5.5.15
+contentctl==5.5.16