ESCU 5.7.0 brings tighter integration with Cisco Security Products and a number of fixes and improvements to existing content:

• Cisco Secure Firewall Threat Defense Integration: Improved and tested several ESCU detections to work with Event Streamer (eStreamer) data collected by the Cisco Secure Firewall Threat Defense (FTD) platform. For more information about Cisco Secure Firewall, go to the Cisco Secure Firewall site or refer to the Cisco Secure Firewall Threat Defense Analytics analytic story.

• Bugfixes based on community feedback: Feedback from community members and users continues to be one of the best paths to improve the quality and performance of ESCU content. This release includes a number of bug fixes that reduces false positives and improves the risk entities and fields returned from searches.

• Cisco Secure Firewall - Remote Access Software Usage Traffic

• AWS Defense Evasion Impair Security Services
• Detect Outbound LDAP Traffic
• Detect Remote Access Software Usage Traffic
• Internal Horizontal Port Scan NMAP Top 20
• Internal Horizontal Port Scan
• Internal Vertical Port Scan
• O365 Concurrent Sessions From Different Ips
• Prohibited Network Traffic Allowed
• Protocol or Port Mismatch
• Protocols passing authentication in cleartext
• TOR Traffic
• Windows Sensitive Registry Hive Dump Via CommandLine

• cisco_secure_firewall_appid_remote_mgmt_and_desktop_tools

• cisco_secure_firewall_filetype_lookup
• cisco_snort_ids_to_threat_mapping

Detections scheduled for removal: For a list of detections that are scheduled to be removed from the ESCU version 5.8.0, see List of detections scheduled for removal in ESCU version 5.8.0.