diff --git a/contentctl.yml b/contentctl.yml index 3a818dd18a..1a76707520 100644 --- a/contentctl.yml +++ b/contentctl.yml @@ -143,9 +143,9 @@ apps: - uid: 1876 title: Splunk Add-on for AWS appid: Splunk_TA_aws - version: 7.9.0 + version: 7.9.1 description: description of app - hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-amazon-web-services-aws_790.tgz + hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-amazon-web-services-aws_791.tgz - uid: 3088 title: Splunk Add-on for Google Cloud Platform appid: SPLUNK_ADD_ON_FOR_GOOGLE_CLOUD_PLATFORM @@ -161,9 +161,9 @@ apps: - uid: 3110 title: Splunk Add-on for Microsoft Cloud Services appid: SPLUNK_TA_MICROSOFT_CLOUD_SERVICES - version: 5.4.2 + version: 5.4.3 description: description of app - hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-microsoft-cloud-services_542.tgz + hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-microsoft-cloud-services_543.tgz - uid: 4055 title: Splunk Add-on for Microsoft Office 365 appid: SPLUNK_ADD_ON_FOR_MICROSOFT_OFFICE_365 @@ -216,6 +216,7 @@ apps: title: Splunk Add-on for AppDynamics appid: Splunk_TA_AppDynamics version: 3.0.0 - description: The Splunk Add-on for AppDynamics enables you to easily configure data inputs to pull data from AppDynamics' REST APIs + description: The Splunk Add-on for AppDynamics enables you to easily configure data + inputs to pull data from AppDynamics' REST APIs hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-appdynamics_300.tgz githash: d6fac80e6d50ae06b40f91519a98489d4ce3a3fd diff --git a/data_sources/asl_aws_cloudtrail.yml b/data_sources/asl_aws_cloudtrail.yml index 743e34d3eb..5288a351da 100644 --- a/data_sources/asl_aws_cloudtrail.yml +++ b/data_sources/asl_aws_cloudtrail.yml @@ -3,11 +3,11 @@ id: 1dcf9cfb-0e91-44c6-81b3-61b2574ec898 version: 1 date: '2025-01-14' author: Patrick Bareiss, Splunk -description: Data source object for ASL AWS CloudTrail +description: Data source object for ASL AWS CloudTrail source: aws_asl sourcetype: aws:asl separator: api.operation supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 diff --git a/data_sources/aws_cloudfront.yml b/data_sources/aws_cloudfront.yml index c4f146026d..a20439b21c 100644 --- a/data_sources/aws_cloudfront.yml +++ b/data_sources/aws_cloudfront.yml @@ -9,7 +9,7 @@ sourcetype: aws:cloudfront:accesslogs supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - action diff --git a/data_sources/aws_cloudtrail.yml b/data_sources/aws_cloudtrail.yml index af1afc59c0..e2734eacfe 100644 --- a/data_sources/aws_cloudtrail.yml +++ b/data_sources/aws_cloudtrail.yml @@ -10,4 +10,4 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 diff --git a/data_sources/aws_cloudtrail_assumerolewithsaml.yml b/data_sources/aws_cloudtrail_assumerolewithsaml.yml index ef4041930f..6f81a304c6 100644 --- a/data_sources/aws_cloudtrail_assumerolewithsaml.yml +++ b/data_sources/aws_cloudtrail_assumerolewithsaml.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_consolelogin.yml b/data_sources/aws_cloudtrail_consolelogin.yml index a40d3472a9..c1ecfc85fd 100644 --- a/data_sources/aws_cloudtrail_consolelogin.yml +++ b/data_sources/aws_cloudtrail_consolelogin.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_copyobject.yml b/data_sources/aws_cloudtrail_copyobject.yml index 44fabed1bb..e3c593b810 100644 --- a/data_sources/aws_cloudtrail_copyobject.yml +++ b/data_sources/aws_cloudtrail_copyobject.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - additionalEventData.AuthenticationMethod diff --git a/data_sources/aws_cloudtrail_createaccesskey.yml b/data_sources/aws_cloudtrail_createaccesskey.yml index 4834e03b5d..d7a1719024 100644 --- a/data_sources/aws_cloudtrail_createaccesskey.yml +++ b/data_sources/aws_cloudtrail_createaccesskey.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_createkey.yml b/data_sources/aws_cloudtrail_createkey.yml index 8c2aa289b1..4bb43d44ad 100644 --- a/data_sources/aws_cloudtrail_createkey.yml +++ b/data_sources/aws_cloudtrail_createkey.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - app diff --git a/data_sources/aws_cloudtrail_createloginprofile.yml b/data_sources/aws_cloudtrail_createloginprofile.yml index 7f09482a94..9969173ed5 100644 --- a/data_sources/aws_cloudtrail_createloginprofile.yml +++ b/data_sources/aws_cloudtrail_createloginprofile.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_createnetworkaclentry.yml b/data_sources/aws_cloudtrail_createnetworkaclentry.yml index b9eb2d9e66..a2f6ad9a2a 100644 --- a/data_sources/aws_cloudtrail_createnetworkaclentry.yml +++ b/data_sources/aws_cloudtrail_createnetworkaclentry.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_createpolicyversion.yml b/data_sources/aws_cloudtrail_createpolicyversion.yml index 49b4ea9e54..755fe9f0b1 100644 --- a/data_sources/aws_cloudtrail_createpolicyversion.yml +++ b/data_sources/aws_cloudtrail_createpolicyversion.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_createsnapshot.yml b/data_sources/aws_cloudtrail_createsnapshot.yml index d8140341e4..600b0023f9 100644 --- a/data_sources/aws_cloudtrail_createsnapshot.yml +++ b/data_sources/aws_cloudtrail_createsnapshot.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - app diff --git a/data_sources/aws_cloudtrail_createtask.yml b/data_sources/aws_cloudtrail_createtask.yml index 64c885e902..669e657594 100644 --- a/data_sources/aws_cloudtrail_createtask.yml +++ b/data_sources/aws_cloudtrail_createtask.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - app diff --git a/data_sources/aws_cloudtrail_createvirtualmfadevice.yml b/data_sources/aws_cloudtrail_createvirtualmfadevice.yml index 4a1bdc3f68..d3f5553464 100644 --- a/data_sources/aws_cloudtrail_createvirtualmfadevice.yml +++ b/data_sources/aws_cloudtrail_createvirtualmfadevice.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - action @@ -97,4 +97,5 @@ example_log: '{"eventVersion": "1.08", "userIdentity": {"type": "Root", "princip "strt_mfa_2"}, "responseElements": {"virtualMFADevice": {"serialNumber": "arn:aws:iam::1111111111111111:mfa/strt_mfa_2"}}, "requestID": "2fbe2074-55f8-4ec6-ad32-0b250803cf46", "eventID": "7e1c493d-c3c3-4f4a-ae4f-8cdd38970027", "readOnly": false, "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": - "1111111111111111", "eventCategory": "Management", "sessionCredentialFromConsole": "true"}' + "1111111111111111", "eventCategory": "Management", "sessionCredentialFromConsole": + "true"}' diff --git a/data_sources/aws_cloudtrail_deactivatemfadevice.yml b/data_sources/aws_cloudtrail_deactivatemfadevice.yml index bfef68070f..5f035b6840 100644 --- a/data_sources/aws_cloudtrail_deactivatemfadevice.yml +++ b/data_sources/aws_cloudtrail_deactivatemfadevice.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_deleteaccountpasswordpolicy.yml b/data_sources/aws_cloudtrail_deleteaccountpasswordpolicy.yml index 3998089a44..71542b720c 100644 --- a/data_sources/aws_cloudtrail_deleteaccountpasswordpolicy.yml +++ b/data_sources/aws_cloudtrail_deleteaccountpasswordpolicy.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_deletealarms.yml b/data_sources/aws_cloudtrail_deletealarms.yml index d7b436d019..1277dc4fd3 100644 --- a/data_sources/aws_cloudtrail_deletealarms.yml +++ b/data_sources/aws_cloudtrail_deletealarms.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_deletedetector.yml b/data_sources/aws_cloudtrail_deletedetector.yml index df3b6cea4e..ca2052001a 100644 --- a/data_sources/aws_cloudtrail_deletedetector.yml +++ b/data_sources/aws_cloudtrail_deletedetector.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - app diff --git a/data_sources/aws_cloudtrail_deletegroup.yml b/data_sources/aws_cloudtrail_deletegroup.yml index f383f21440..fef70de601 100644 --- a/data_sources/aws_cloudtrail_deletegroup.yml +++ b/data_sources/aws_cloudtrail_deletegroup.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_deleteipset.yml b/data_sources/aws_cloudtrail_deleteipset.yml index 9e70698a5f..5b4fa662e4 100644 --- a/data_sources/aws_cloudtrail_deleteipset.yml +++ b/data_sources/aws_cloudtrail_deleteipset.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - app diff --git a/data_sources/aws_cloudtrail_deleteloggroup.yml b/data_sources/aws_cloudtrail_deleteloggroup.yml index 936f52788a..8acfb651df 100644 --- a/data_sources/aws_cloudtrail_deleteloggroup.yml +++ b/data_sources/aws_cloudtrail_deleteloggroup.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - apiVersion diff --git a/data_sources/aws_cloudtrail_deletelogstream.yml b/data_sources/aws_cloudtrail_deletelogstream.yml index 591ea64693..de55c5ea81 100644 --- a/data_sources/aws_cloudtrail_deletelogstream.yml +++ b/data_sources/aws_cloudtrail_deletelogstream.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - apiVersion diff --git a/data_sources/aws_cloudtrail_deletenetworkaclentry.yml b/data_sources/aws_cloudtrail_deletenetworkaclentry.yml index 7c0003f08b..94dea0f434 100644 --- a/data_sources/aws_cloudtrail_deletenetworkaclentry.yml +++ b/data_sources/aws_cloudtrail_deletenetworkaclentry.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_deletepolicy.yml b/data_sources/aws_cloudtrail_deletepolicy.yml index 44cd10188c..7c8c181855 100644 --- a/data_sources/aws_cloudtrail_deletepolicy.yml +++ b/data_sources/aws_cloudtrail_deletepolicy.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_deleterule.yml b/data_sources/aws_cloudtrail_deleterule.yml index 545fbcec9a..e4061c8a3f 100644 --- a/data_sources/aws_cloudtrail_deleterule.yml +++ b/data_sources/aws_cloudtrail_deleterule.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - apiVersion diff --git a/data_sources/aws_cloudtrail_deletesnapshot.yml b/data_sources/aws_cloudtrail_deletesnapshot.yml index 6b586a2a3e..83a15e8c9d 100644 --- a/data_sources/aws_cloudtrail_deletesnapshot.yml +++ b/data_sources/aws_cloudtrail_deletesnapshot.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_deletetrail.yml b/data_sources/aws_cloudtrail_deletetrail.yml index 1555fafdac..da13b0269c 100644 --- a/data_sources/aws_cloudtrail_deletetrail.yml +++ b/data_sources/aws_cloudtrail_deletetrail.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - app diff --git a/data_sources/aws_cloudtrail_deletevirtualmfadevice.yml b/data_sources/aws_cloudtrail_deletevirtualmfadevice.yml index e03ef28b7d..21859dada9 100644 --- a/data_sources/aws_cloudtrail_deletevirtualmfadevice.yml +++ b/data_sources/aws_cloudtrail_deletevirtualmfadevice.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_deletewebacl.yml b/data_sources/aws_cloudtrail_deletewebacl.yml index 2368ae2314..464634f0ad 100644 --- a/data_sources/aws_cloudtrail_deletewebacl.yml +++ b/data_sources/aws_cloudtrail_deletewebacl.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - apiVersion diff --git a/data_sources/aws_cloudtrail_describeeventaggregates.yml b/data_sources/aws_cloudtrail_describeeventaggregates.yml index 94da197c95..a8aa09c8b8 100644 --- a/data_sources/aws_cloudtrail_describeeventaggregates.yml +++ b/data_sources/aws_cloudtrail_describeeventaggregates.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - app @@ -93,5 +93,5 @@ example_log: '{"eventVersion": "1.08", "userIdentity": {"type": "Root", "princip "filter": {"eventStatusCodes": ["open", "upcoming"], "startTimes": [{"from": "Jan 25, 2023 2:54:32 AM"}]}}, "responseElements": null, "requestID": "d6adf050-1d7a-4c25-9d48-0319e33f6f9a", "eventID": "201cee69-61ab-4ffb-80b7-bd31e81e0d82", "readOnly": true, "eventType": - "AwsApiCall", "managementEvent": true, "recipientAccountId": "1111111111111111", "eventCategory": - "Management", "sessionCredentialFromConsole": "true"}' + "AwsApiCall", "managementEvent": true, "recipientAccountId": "1111111111111111", + "eventCategory": "Management", "sessionCredentialFromConsole": "true"}' diff --git a/data_sources/aws_cloudtrail_describeimagescanfindings.yml b/data_sources/aws_cloudtrail_describeimagescanfindings.yml index 79696cbffc..8b3f6fd0aa 100644 --- a/data_sources/aws_cloudtrail_describeimagescanfindings.yml +++ b/data_sources/aws_cloudtrail_describeimagescanfindings.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - app diff --git a/data_sources/aws_cloudtrail_getaccountpasswordpolicy.yml b/data_sources/aws_cloudtrail_getaccountpasswordpolicy.yml index 376fecc828..3315cc9143 100644 --- a/data_sources/aws_cloudtrail_getaccountpasswordpolicy.yml +++ b/data_sources/aws_cloudtrail_getaccountpasswordpolicy.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_getobject.yml b/data_sources/aws_cloudtrail_getobject.yml index 27d29dea5d..6ec2284157 100644 --- a/data_sources/aws_cloudtrail_getobject.yml +++ b/data_sources/aws_cloudtrail_getobject.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - additionalEventData.AuthenticationMethod diff --git a/data_sources/aws_cloudtrail_getpassworddata.yml b/data_sources/aws_cloudtrail_getpassworddata.yml index fc6857d804..20f51f7003 100644 --- a/data_sources/aws_cloudtrail_getpassworddata.yml +++ b/data_sources/aws_cloudtrail_getpassworddata.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - app diff --git a/data_sources/aws_cloudtrail_jobcreated.yml b/data_sources/aws_cloudtrail_jobcreated.yml index b33710f139..18c2c3b2c9 100644 --- a/data_sources/aws_cloudtrail_jobcreated.yml +++ b/data_sources/aws_cloudtrail_jobcreated.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - app diff --git a/data_sources/aws_cloudtrail_modifydbinstance.yml b/data_sources/aws_cloudtrail_modifydbinstance.yml index 813b021c40..3c1769680a 100644 --- a/data_sources/aws_cloudtrail_modifydbinstance.yml +++ b/data_sources/aws_cloudtrail_modifydbinstance.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - app diff --git a/data_sources/aws_cloudtrail_modifyimageattribute.yml b/data_sources/aws_cloudtrail_modifyimageattribute.yml index 26ab870860..2bbdbc43da 100644 --- a/data_sources/aws_cloudtrail_modifyimageattribute.yml +++ b/data_sources/aws_cloudtrail_modifyimageattribute.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - app @@ -101,8 +101,8 @@ example_log: '{"eventVersion": "1.08", "userIdentity": {"type": "AssumedRole", " "ec2.amazonaws.com", "eventName": "ModifyImageAttribute", "awsRegion": "us-west-2", "sourceIPAddress": "72.135.245.10", "userAgent": "AWS Internal", "requestParameters": {"imageId": "ami-06dac31db29508566", "launchPermission": {"add": {"items": [{"userId": - "1111111111111111"}]}}, "attributeType": "launchPermission"}, "responseElements": {"requestId": - "84c431ce-6268-4218-aaf8-b4cdc1cd4055", "_return": true}, "requestID": "84c431ce-6268-4218-aaf8-b4cdc1cd4055", - "eventID": "957e1b12-ea17-4006-aefd-20677ace72b8", "readOnly": false, "eventType": - "AwsApiCall", "managementEvent": true, "recipientAccountId": "111111111111", "eventCategory": - "Management", "sessionCredentialFromConsole": "true"}' + "1111111111111111"}]}}, "attributeType": "launchPermission"}, "responseElements": + {"requestId": "84c431ce-6268-4218-aaf8-b4cdc1cd4055", "_return": true}, "requestID": + "84c431ce-6268-4218-aaf8-b4cdc1cd4055", "eventID": "957e1b12-ea17-4006-aefd-20677ace72b8", + "readOnly": false, "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": + "111111111111", "eventCategory": "Management", "sessionCredentialFromConsole": "true"}' diff --git a/data_sources/aws_cloudtrail_modifysnapshotattribute.yml b/data_sources/aws_cloudtrail_modifysnapshotattribute.yml index 373a15ede9..5c006d97a8 100644 --- a/data_sources/aws_cloudtrail_modifysnapshotattribute.yml +++ b/data_sources/aws_cloudtrail_modifysnapshotattribute.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - app diff --git a/data_sources/aws_cloudtrail_putbucketacl.yml b/data_sources/aws_cloudtrail_putbucketacl.yml index 10765a8703..d5009bf3d2 100644 --- a/data_sources/aws_cloudtrail_putbucketacl.yml +++ b/data_sources/aws_cloudtrail_putbucketacl.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_putbucketlifecycle.yml b/data_sources/aws_cloudtrail_putbucketlifecycle.yml index c9d8491a16..060a4d5b9a 100644 --- a/data_sources/aws_cloudtrail_putbucketlifecycle.yml +++ b/data_sources/aws_cloudtrail_putbucketlifecycle.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - additionalEventData.AuthenticationMethod diff --git a/data_sources/aws_cloudtrail_putbucketreplication.yml b/data_sources/aws_cloudtrail_putbucketreplication.yml index 50c9bb4051..9c72d4c291 100644 --- a/data_sources/aws_cloudtrail_putbucketreplication.yml +++ b/data_sources/aws_cloudtrail_putbucketreplication.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - additionalEventData.AuthenticationMethod diff --git a/data_sources/aws_cloudtrail_putbucketversioning.yml b/data_sources/aws_cloudtrail_putbucketversioning.yml index 4d928ee0d2..ebdfefcc92 100644 --- a/data_sources/aws_cloudtrail_putbucketversioning.yml +++ b/data_sources/aws_cloudtrail_putbucketversioning.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - additionalEventData.AuthenticationMethod diff --git a/data_sources/aws_cloudtrail_putimage.yml b/data_sources/aws_cloudtrail_putimage.yml index 707c03fcf6..2f1625ef3e 100644 --- a/data_sources/aws_cloudtrail_putimage.yml +++ b/data_sources/aws_cloudtrail_putimage.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - app diff --git a/data_sources/aws_cloudtrail_putkeypolicy.yml b/data_sources/aws_cloudtrail_putkeypolicy.yml index 9b2786fadb..fb9b0a64d3 100644 --- a/data_sources/aws_cloudtrail_putkeypolicy.yml +++ b/data_sources/aws_cloudtrail_putkeypolicy.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - app diff --git a/data_sources/aws_cloudtrail_replacenetworkaclentry.yml b/data_sources/aws_cloudtrail_replacenetworkaclentry.yml index 4ce1405960..c3dfb3942e 100644 --- a/data_sources/aws_cloudtrail_replacenetworkaclentry.yml +++ b/data_sources/aws_cloudtrail_replacenetworkaclentry.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_setdefaultpolicyversion.yml b/data_sources/aws_cloudtrail_setdefaultpolicyversion.yml index 9797971379..26c0214146 100644 --- a/data_sources/aws_cloudtrail_setdefaultpolicyversion.yml +++ b/data_sources/aws_cloudtrail_setdefaultpolicyversion.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_stoplogging.yml b/data_sources/aws_cloudtrail_stoplogging.yml index f285ce143e..0f29b4bc23 100644 --- a/data_sources/aws_cloudtrail_stoplogging.yml +++ b/data_sources/aws_cloudtrail_stoplogging.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - app diff --git a/data_sources/aws_cloudtrail_updateaccountpasswordpolicy.yml b/data_sources/aws_cloudtrail_updateaccountpasswordpolicy.yml index de90a002fe..e378ea1ed5 100644 --- a/data_sources/aws_cloudtrail_updateaccountpasswordpolicy.yml +++ b/data_sources/aws_cloudtrail_updateaccountpasswordpolicy.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_updateloginprofile.yml b/data_sources/aws_cloudtrail_updateloginprofile.yml index 6978637a08..f7731254c3 100644 --- a/data_sources/aws_cloudtrail_updateloginprofile.yml +++ b/data_sources/aws_cloudtrail_updateloginprofile.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_updatesamlprovider.yml b/data_sources/aws_cloudtrail_updatesamlprovider.yml index 2f2cd5b188..faa465f737 100644 --- a/data_sources/aws_cloudtrail_updatesamlprovider.yml +++ b/data_sources/aws_cloudtrail_updatesamlprovider.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_updatetrail.yml b/data_sources/aws_cloudtrail_updatetrail.yml index f22ec6b7ba..265e352353 100644 --- a/data_sources/aws_cloudtrail_updatetrail.yml +++ b/data_sources/aws_cloudtrail_updatetrail.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - app diff --git a/data_sources/aws_cloudwatchlogs_vpcflow.yml b/data_sources/aws_cloudwatchlogs_vpcflow.yml index b20242046f..6cdaddfb41 100644 --- a/data_sources/aws_cloudwatchlogs_vpcflow.yml +++ b/data_sources/aws_cloudwatchlogs_vpcflow.yml @@ -9,7 +9,7 @@ sourcetype: aws:cloudwatchlogs:vpcflow separator: eventName supported_TA: - name: Splunk Add-on for AWS - version: 7.9.0 + version: 7.9.1 url: https://splunkbase.splunk.com/app/1876 fields: - _raw diff --git a/data_sources/aws_security_hub.yml b/data_sources/aws_security_hub.yml index 5d4d52b2e7..93d572e96f 100644 --- a/data_sources/aws_security_hub.yml +++ b/data_sources/aws_security_hub.yml @@ -9,7 +9,7 @@ sourcetype: aws:securityhub:finding supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 7.9.0 + version: 7.9.1 fields: - _time - AwsAccountId diff --git a/data_sources/azure_active_directory.yml b/data_sources/azure_active_directory.yml index 2fa460b33f..b9f6759d8f 100644 --- a/data_sources/azure_active_directory.yml +++ b/data_sources/azure_active_directory.yml @@ -10,4 +10,4 @@ separator: operationName supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 5.4.2 + version: 5.4.3 diff --git a/data_sources/azure_active_directory_add_app_role_assignment_to_service_principal.yml b/data_sources/azure_active_directory_add_app_role_assignment_to_service_principal.yml index f527bda794..918b0f4e1e 100644 --- a/data_sources/azure_active_directory_add_app_role_assignment_to_service_principal.yml +++ b/data_sources/azure_active_directory_add_app_role_assignment_to_service_principal.yml @@ -11,7 +11,7 @@ separator: operationName supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 5.4.2 + version: 5.4.3 fields: - _time - Level diff --git a/data_sources/azure_active_directory_add_member_to_role.yml b/data_sources/azure_active_directory_add_member_to_role.yml index 3a0db1013e..92a07950e6 100644 --- a/data_sources/azure_active_directory_add_member_to_role.yml +++ b/data_sources/azure_active_directory_add_member_to_role.yml @@ -10,7 +10,7 @@ separator: operationName supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 5.4.2 + version: 5.4.3 fields: - _time - Level diff --git a/data_sources/azure_active_directory_add_owner_to_application.yml b/data_sources/azure_active_directory_add_owner_to_application.yml index a58de4a47b..16c5dcd51d 100644 --- a/data_sources/azure_active_directory_add_owner_to_application.yml +++ b/data_sources/azure_active_directory_add_owner_to_application.yml @@ -10,7 +10,7 @@ separator: operationName supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 5.4.2 + version: 5.4.3 fields: - _time - Level diff --git a/data_sources/azure_active_directory_add_service_principal.yml b/data_sources/azure_active_directory_add_service_principal.yml index e3970586a3..fb6f5cbaac 100644 --- a/data_sources/azure_active_directory_add_service_principal.yml +++ b/data_sources/azure_active_directory_add_service_principal.yml @@ -10,7 +10,7 @@ separator: operationName supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 5.4.2 + version: 5.4.3 fields: - _time - Level diff --git a/data_sources/azure_active_directory_add_unverified_domain.yml b/data_sources/azure_active_directory_add_unverified_domain.yml index d4103cfef6..306def24ea 100644 --- a/data_sources/azure_active_directory_add_unverified_domain.yml +++ b/data_sources/azure_active_directory_add_unverified_domain.yml @@ -10,7 +10,7 @@ separator: operationName supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 5.4.2 + version: 5.4.3 fields: - _time - Level diff --git a/data_sources/azure_active_directory_consent_to_application.yml b/data_sources/azure_active_directory_consent_to_application.yml index d7a04aa5ad..1edce87134 100644 --- a/data_sources/azure_active_directory_consent_to_application.yml +++ b/data_sources/azure_active_directory_consent_to_application.yml @@ -10,7 +10,7 @@ separator: operationName supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 5.4.2 + version: 5.4.3 fields: - _time - Level diff --git a/data_sources/azure_active_directory_disable_strong_authentication.yml b/data_sources/azure_active_directory_disable_strong_authentication.yml index 2ef98d1f69..aa98208bf0 100644 --- a/data_sources/azure_active_directory_disable_strong_authentication.yml +++ b/data_sources/azure_active_directory_disable_strong_authentication.yml @@ -10,7 +10,7 @@ separator: operationName supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 5.4.2 + version: 5.4.3 fields: - _time - Level diff --git a/data_sources/azure_active_directory_enable_account.yml b/data_sources/azure_active_directory_enable_account.yml index b09a4f4204..2f6b0c2e01 100644 --- a/data_sources/azure_active_directory_enable_account.yml +++ b/data_sources/azure_active_directory_enable_account.yml @@ -10,7 +10,7 @@ separator: operationName supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 5.4.2 + version: 5.4.3 fields: - _time - Level diff --git a/data_sources/azure_active_directory_invite_external_user.yml b/data_sources/azure_active_directory_invite_external_user.yml index e66920d152..0733402826 100644 --- a/data_sources/azure_active_directory_invite_external_user.yml +++ b/data_sources/azure_active_directory_invite_external_user.yml @@ -10,7 +10,7 @@ separator: operationName supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 5.4.2 + version: 5.4.3 fields: - _time - Level diff --git a/data_sources/azure_active_directory_reset_password_(by_admin).yml b/data_sources/azure_active_directory_reset_password_(by_admin).yml index b3fb17cd5e..f4937d5c9b 100644 --- a/data_sources/azure_active_directory_reset_password_(by_admin).yml +++ b/data_sources/azure_active_directory_reset_password_(by_admin).yml @@ -10,7 +10,7 @@ separator: operationName supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 5.4.2 + version: 5.4.3 fields: - _time - Level diff --git a/data_sources/azure_active_directory_set_domain_authentication.yml b/data_sources/azure_active_directory_set_domain_authentication.yml index dda3730b7f..574a75221f 100644 --- a/data_sources/azure_active_directory_set_domain_authentication.yml +++ b/data_sources/azure_active_directory_set_domain_authentication.yml @@ -10,7 +10,7 @@ separator: operationName supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 5.4.2 + version: 5.4.3 fields: - _time - Level diff --git a/data_sources/azure_active_directory_sign_in_activity.yml b/data_sources/azure_active_directory_sign_in_activity.yml index 7b53354989..d4b801225f 100644 --- a/data_sources/azure_active_directory_sign_in_activity.yml +++ b/data_sources/azure_active_directory_sign_in_activity.yml @@ -10,7 +10,7 @@ separator: operationName supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 5.4.2 + version: 5.4.3 fields: - _time - Level diff --git a/data_sources/azure_active_directory_update_application.yml b/data_sources/azure_active_directory_update_application.yml index b77b1dfa80..3c97053a25 100644 --- a/data_sources/azure_active_directory_update_application.yml +++ b/data_sources/azure_active_directory_update_application.yml @@ -10,7 +10,7 @@ separator: operationName supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 5.4.2 + version: 5.4.3 fields: - _time - Level diff --git a/data_sources/azure_active_directory_update_authorization_policy.yml b/data_sources/azure_active_directory_update_authorization_policy.yml index d04c125346..e69be452cc 100644 --- a/data_sources/azure_active_directory_update_authorization_policy.yml +++ b/data_sources/azure_active_directory_update_authorization_policy.yml @@ -10,7 +10,7 @@ separator: operationName supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 5.4.2 + version: 5.4.3 fields: - _time - Level diff --git a/data_sources/azure_active_directory_update_user.yml b/data_sources/azure_active_directory_update_user.yml index c589966ec2..d61f6843f2 100644 --- a/data_sources/azure_active_directory_update_user.yml +++ b/data_sources/azure_active_directory_update_user.yml @@ -10,7 +10,7 @@ separator: operationName supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 5.4.2 + version: 5.4.3 fields: - _time - Level diff --git a/data_sources/azure_active_directory_user_registered_security_info.yml b/data_sources/azure_active_directory_user_registered_security_info.yml index 5880ca36cd..e99fb6f0e0 100644 --- a/data_sources/azure_active_directory_user_registered_security_info.yml +++ b/data_sources/azure_active_directory_user_registered_security_info.yml @@ -11,7 +11,7 @@ separator: operationName supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 5.4.2 + version: 5.4.3 fields: - _time - Level diff --git a/data_sources/azure_audit_create_or_update_an_azure_automation_account.yml b/data_sources/azure_audit_create_or_update_an_azure_automation_account.yml index b341d24461..3235917a85 100644 --- a/data_sources/azure_audit_create_or_update_an_azure_automation_account.yml +++ b/data_sources/azure_audit_create_or_update_an_azure_automation_account.yml @@ -11,7 +11,7 @@ separator: operationName.localizedValue supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 5.4.2 + version: 5.4.3 fields: - _time - authorization.action diff --git a/data_sources/azure_audit_create_or_update_an_azure_automation_runbook.yml b/data_sources/azure_audit_create_or_update_an_azure_automation_runbook.yml index 6511f9fe3e..a6e9a58229 100644 --- a/data_sources/azure_audit_create_or_update_an_azure_automation_runbook.yml +++ b/data_sources/azure_audit_create_or_update_an_azure_automation_runbook.yml @@ -11,7 +11,7 @@ separator: operationName.localizedValue supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 5.4.2 + version: 5.4.3 fields: - _time - authorization.action diff --git a/data_sources/azure_audit_create_or_update_an_azure_automation_webhook.yml b/data_sources/azure_audit_create_or_update_an_azure_automation_webhook.yml index da046c0e0b..bbccba0d6f 100644 --- a/data_sources/azure_audit_create_or_update_an_azure_automation_webhook.yml +++ b/data_sources/azure_audit_create_or_update_an_azure_automation_webhook.yml @@ -11,7 +11,7 @@ separator: operationName.localizedValue supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 5.4.2 + version: 5.4.3 fields: - _time - authorization.action diff --git a/data_sources/azure_monitor_activity.yml b/data_sources/azure_monitor_activity.yml index d3526f723c..5d7a6d8087 100644 --- a/data_sources/azure_monitor_activity.yml +++ b/data_sources/azure_monitor_activity.yml @@ -13,7 +13,7 @@ separator: operationName supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 5.4.2 + version: 5.4.3 fields: - column - action diff --git a/data_sources/linux_secure.yml b/data_sources/linux_secure.yml index 468d387446..c3bb4697bb 100644 --- a/data_sources/linux_secure.yml +++ b/data_sources/linux_secure.yml @@ -9,7 +9,7 @@ sourcetype: linux_secure supported_TA: - name: Splunk Add-on for Unix and Linux url: https://splunkbase.splunk.com/app/833 - version: 9.2.0 + version: 10.0.0 fields: - _time - action