Several changes have been made to the Threat Detection Content in Live.
- Known Threats Pack - This Live bundle allows you to keep track of all identified (known/labeled) threats. This is a quick way to deploy all content that deals with malware signatures and malware behavior as well as supporting content (reports, etc...). As we discover and add more signatures and behaviors for known malicious code this pack will get updated with the content. If you'd like to read more about the pack and how to deploy it check out this blog post: Know About Knowns With Known Threats Pack.
Other bug fixes and changes
- 'Featured Content' widget now displays more recent/relevant content.
We strive to provide timely and accurate detection of threats as well as traits that can help analysts hunt through network and log data. Occasionally this means retiring content that provides little-to-no value.
- Adware Client application rule - This rule was retired due to it not representing current threats and the amount of noise it contributed to the analyst experience.