Splunk Search

CVE-2023-23397 is all the rage right now.
Has anyone figured out a way to detect this in office content?
I've checked all Microsoft docs I can find, but nothing informs me as to what I'm actually looking for inside an email or contact etc.

MS has some pwershell things to look for in your environment. Eith on-prem Exchange or Cloud-based.

https://github.com/microsoft/CSS-Exchange/blob/a4c096e8b6e6eddeba2f42910f165681ed64adf7/docs/Securit...

This blog post might help: https://www.cardinalops.com/en/resources/detecting-microsoft-outlook-vulnerability-cve-2023-23397-sp...

You can check out our thread about this in the user group: https://splunk-usergroups.slack.com/archives/CDNHXVBGS/p1678882662724229.

Hi

I'm not a member of "splunk-usergroups on Slack" so can't see the detail you are referencing

You won't regret joining it: https://docs.splunk.com/Documentation/Community/current/community/Chat

Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...