It appears the S387 signature set contains quite a few new signatures. Many of the signatures are disabled by default, and the ones that I checked are for older vulnerabilities.
Is this simply a back-fill of older vulnerabilities using the newer engine capabilities, or is there another effort going on behind the scenes?
You pretty much nailed it the first time.
To keep it short, we are leveraging new engine technologies to back-fill coverage as well as responding to customer requests for specific coverage. Many of these requests are for older vulnerabilities that we don't feel are broadly applicable so we are creating the signatures but releasing them retired. We're leaving the decision up to the end customer to unretire the signatures if its something you feel you want or need.
We'll be slowly releasing more signatures in upcoming updates, so expect more to come, but similar in nature.