ESCU is a Splunk owned application that is available for free on Splunkbase. You can download the latest version of ESCU from Splunkbase.

ESCU detections are available in Splunk Enterprise Security using an automatic application update process that is built into the product. For more information on the automatic update process, see Update the Analytic Stories.

You can also access this content from the Splunk Security Content website, which is updated daily with the latest content that is available in the ESCU application.