From fef1f68e807a68b02d20eac8bb90628151892d1a Mon Sep 17 00:00:00 2001 From: patel-bhavin <7771446+patel-bhavin@users.noreply.github.com> Date: Sat, 23 May 2026 07:44:35 +0000 Subject: [PATCH] Updated TAs --- contentctl.yml | 8 ++--- data_sources/asl_aws_cloudtrail.yml | 2 +- data_sources/aws_cloudfront.yml | 2 +- data_sources/aws_cloudtrail.yml | 2 +- .../aws_cloudtrail_assumerolewithsaml.yml | 2 +- data_sources/aws_cloudtrail_consolelogin.yml | 2 +- data_sources/aws_cloudtrail_copyobject.yml | 2 +- .../aws_cloudtrail_createaccesskey.yml | 2 +- data_sources/aws_cloudtrail_createkey.yml | 2 +- .../aws_cloudtrail_createloginprofile.yml | 2 +- .../aws_cloudtrail_createnetworkaclentry.yml | 2 +- .../aws_cloudtrail_createpolicyversion.yml | 2 +- .../aws_cloudtrail_createsnapshot.yml | 2 +- data_sources/aws_cloudtrail_createtask.yml | 2 +- .../aws_cloudtrail_createvirtualmfadevice.yml | 2 +- .../aws_cloudtrail_deactivatemfadevice.yml | 2 +- ...cloudtrail_deleteaccountpasswordpolicy.yml | 2 +- data_sources/aws_cloudtrail_deletealarms.yml | 2 +- .../aws_cloudtrail_deletedetector.yml | 2 +- data_sources/aws_cloudtrail_deletegroup.yml | 2 +- .../aws_cloudtrail_deleteguardrail.yml | 2 +- data_sources/aws_cloudtrail_deleteipset.yml | 2 +- .../aws_cloudtrail_deleteknowledgebase.yml | 2 +- ..._cloudtrail_deleteloggingconfiguration.yml | 2 +- .../aws_cloudtrail_deleteloggroup.yml | 2 +- .../aws_cloudtrail_deletelogstream.yml | 2 +- ...etemodelinvocationloggingconfiguration.yml | 2 +- .../aws_cloudtrail_deletenetworkaclentry.yml | 2 +- data_sources/aws_cloudtrail_deletepolicy.yml | 2 +- data_sources/aws_cloudtrail_deleterule.yml | 2 +- .../aws_cloudtrail_deleterulegroup.yml | 2 +- .../aws_cloudtrail_deletesnapshot.yml | 2 +- data_sources/aws_cloudtrail_deletetrail.yml | 2 +- .../aws_cloudtrail_deletevirtualmfadevice.yml | 2 +- data_sources/aws_cloudtrail_deletewebacl.yml | 2 +- ...aws_cloudtrail_describeeventaggregates.yml | 2 +- ...s_cloudtrail_describeimagescanfindings.yml | 2 +- ...s_cloudtrail_describesnapshotattribute.yml | 2 +- ...ws_cloudtrail_getaccountpasswordpolicy.yml | 2 +- data_sources/aws_cloudtrail_getobject.yml | 2 +- .../aws_cloudtrail_getpassworddata.yml | 2 +- data_sources/aws_cloudtrail_invokemodel.yml | 2 +- data_sources/aws_cloudtrail_jobcreated.yml | 2 +- .../aws_cloudtrail_listfoundationmodels.yml | 2 +- .../aws_cloudtrail_modifydbinstance.yml | 2 +- .../aws_cloudtrail_modifyimageattribute.yml | 2 +- ...aws_cloudtrail_modifysnapshotattribute.yml | 2 +- data_sources/aws_cloudtrail_putbucketacl.yml | 2 +- .../aws_cloudtrail_putbucketlifecycle.yml | 2 +- .../aws_cloudtrail_putbucketreplication.yml | 2 +- .../aws_cloudtrail_putbucketversioning.yml | 2 +- data_sources/aws_cloudtrail_putimage.yml | 2 +- data_sources/aws_cloudtrail_putkeypolicy.yml | 2 +- .../aws_cloudtrail_replacenetworkaclentry.yml | 2 +- ...aws_cloudtrail_setdefaultpolicyversion.yml | 2 +- data_sources/aws_cloudtrail_stoplogging.yml | 2 +- ...cloudtrail_updateaccountpasswordpolicy.yml | 2 +- .../aws_cloudtrail_updateloginprofile.yml | 2 +- .../aws_cloudtrail_updatesamlprovider.yml | 2 +- data_sources/aws_cloudtrail_updatetrail.yml | 2 +- data_sources/aws_cloudwatchlogs_vpcflow.yml | 2 +- data_sources/aws_security_hub.yml | 2 +- data_sources/azure_active_directory.yml | 2 +- ...p_role_assignment_to_service_principal.yml | 2 +- ...re_active_directory_add_member_to_role.yml | 2 +- ...ive_directory_add_owner_to_application.yml | 2 +- ...active_directory_add_service_principal.yml | 2 +- ...active_directory_add_unverified_domain.yml | 2 +- ...ctive_directory_consent_to_application.yml | 2 +- ...irectory_disable_strong_authentication.yml | 2 +- .../azure_active_directory_enable_account.yml | 2 +- ..._active_directory_invite_external_user.yml | 2 +- ...e_directory_microsoftgraphactivitylogs.yml | 2 +- ...directory_noninteractiveusersigninlogs.yml | 2 +- ...ve_directory_reset_password_(by_admin).yml | 2 +- ...ve_directory_set_domain_authentication.yml | 2 +- ...zure_active_directory_sign_in_activity.yml | 2 +- ...re_active_directory_update_application.yml | 2 +- ..._directory_update_authorization_policy.yml | 2 +- .../azure_active_directory_update_user.yml | 2 +- ...irectory_user_registered_security_info.yml | 2 +- ..._or_update_an_azure_automation_account.yml | 2 +- ..._or_update_an_azure_automation_runbook.yml | 2 +- ..._or_update_an_azure_automation_webhook.yml | 2 +- data_sources/azure_monitor_activity.yml | 2 +- data_sources/palo_alto_network_threat.yml | 8 ++--- data_sources/palo_alto_network_traffic.yml | 32 +++++++++---------- 87 files changed, 108 insertions(+), 108 deletions(-) diff --git a/contentctl.yml b/contentctl.yml index b40b943e4d..2b39e71324 100644 --- a/contentctl.yml +++ b/contentctl.yml @@ -149,9 +149,9 @@ apps: - uid: 1876 title: Splunk Add-on for AWS appid: Splunk_TA_aws - version: 8.1.1 + version: 8.1.2 description: description of app - hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-amazon-web-services-aws_811.tgz + hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-amazon-web-services-aws_812.tgz - uid: 3088 title: Splunk Add-on for Google Cloud Platform appid: SPLUNK_ADD_ON_FOR_GOOGLE_CLOUD_PLATFORM @@ -167,9 +167,9 @@ apps: - uid: 3110 title: Splunk Add-on for Microsoft Cloud Services appid: SPLUNK_TA_MICROSOFT_CLOUD_SERVICES - version: 6.1.1 + version: 6.1.2 description: description of app - hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-microsoft-cloud-services_611.tgz + hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-microsoft-cloud-services_612.tgz - uid: 4055 title: Splunk Add-on for Microsoft Office 365 appid: SPLUNK_ADD_ON_FOR_MICROSOFT_OFFICE_365 diff --git a/data_sources/asl_aws_cloudtrail.yml b/data_sources/asl_aws_cloudtrail.yml index e2a0e2d333..a1ab851823 100644 --- a/data_sources/asl_aws_cloudtrail.yml +++ b/data_sources/asl_aws_cloudtrail.yml @@ -23,7 +23,7 @@ separator: api.operation supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 output_fields: - dest - user diff --git a/data_sources/aws_cloudfront.yml b/data_sources/aws_cloudfront.yml index 58efe129ba..df7851c674 100644 --- a/data_sources/aws_cloudfront.yml +++ b/data_sources/aws_cloudfront.yml @@ -17,7 +17,7 @@ sourcetype: aws:cloudfront:accesslogs supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - action diff --git a/data_sources/aws_cloudtrail.yml b/data_sources/aws_cloudtrail.yml index 22ac0f53b1..e21c1dd5a2 100644 --- a/data_sources/aws_cloudtrail.yml +++ b/data_sources/aws_cloudtrail.yml @@ -10,4 +10,4 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 diff --git a/data_sources/aws_cloudtrail_assumerolewithsaml.yml b/data_sources/aws_cloudtrail_assumerolewithsaml.yml index 37a4757225..3e089fd8cd 100644 --- a/data_sources/aws_cloudtrail_assumerolewithsaml.yml +++ b/data_sources/aws_cloudtrail_assumerolewithsaml.yml @@ -18,7 +18,7 @@ separator_value: AssumeRoleWithSAML supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_consolelogin.yml b/data_sources/aws_cloudtrail_consolelogin.yml index 31c88917de..d08f6ec6d9 100644 --- a/data_sources/aws_cloudtrail_consolelogin.yml +++ b/data_sources/aws_cloudtrail_consolelogin.yml @@ -18,7 +18,7 @@ separator_value: ConsoleLogin supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_copyobject.yml b/data_sources/aws_cloudtrail_copyobject.yml index 4aa9e9731a..6bdfe84238 100644 --- a/data_sources/aws_cloudtrail_copyobject.yml +++ b/data_sources/aws_cloudtrail_copyobject.yml @@ -17,7 +17,7 @@ separator_value: CopyObject supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - additionalEventData.AuthenticationMethod diff --git a/data_sources/aws_cloudtrail_createaccesskey.yml b/data_sources/aws_cloudtrail_createaccesskey.yml index 839f3e39bc..fd9a5783d6 100644 --- a/data_sources/aws_cloudtrail_createaccesskey.yml +++ b/data_sources/aws_cloudtrail_createaccesskey.yml @@ -17,7 +17,7 @@ separator_value: CreateAccessKey supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_createkey.yml b/data_sources/aws_cloudtrail_createkey.yml index 8fd63dc070..5245f6cdb5 100644 --- a/data_sources/aws_cloudtrail_createkey.yml +++ b/data_sources/aws_cloudtrail_createkey.yml @@ -17,7 +17,7 @@ separator_value: CreateKey supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - app diff --git a/data_sources/aws_cloudtrail_createloginprofile.yml b/data_sources/aws_cloudtrail_createloginprofile.yml index cc3cbce3a1..5805fc2a6e 100644 --- a/data_sources/aws_cloudtrail_createloginprofile.yml +++ b/data_sources/aws_cloudtrail_createloginprofile.yml @@ -17,7 +17,7 @@ separator_value: CreateLoginProfile supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_createnetworkaclentry.yml b/data_sources/aws_cloudtrail_createnetworkaclentry.yml index ccce398201..6083be4d0b 100644 --- a/data_sources/aws_cloudtrail_createnetworkaclentry.yml +++ b/data_sources/aws_cloudtrail_createnetworkaclentry.yml @@ -17,7 +17,7 @@ separator_value: CreateNetworkAclEntry supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_createpolicyversion.yml b/data_sources/aws_cloudtrail_createpolicyversion.yml index 031affddb0..17e500aeba 100644 --- a/data_sources/aws_cloudtrail_createpolicyversion.yml +++ b/data_sources/aws_cloudtrail_createpolicyversion.yml @@ -17,7 +17,7 @@ separator_value: CreatePolicyVersion supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_createsnapshot.yml b/data_sources/aws_cloudtrail_createsnapshot.yml index 3bc1b92607..959a731a78 100644 --- a/data_sources/aws_cloudtrail_createsnapshot.yml +++ b/data_sources/aws_cloudtrail_createsnapshot.yml @@ -17,7 +17,7 @@ separator_value: CreateSnapshot supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - app diff --git a/data_sources/aws_cloudtrail_createtask.yml b/data_sources/aws_cloudtrail_createtask.yml index 60f6eae4f2..7362e31c14 100644 --- a/data_sources/aws_cloudtrail_createtask.yml +++ b/data_sources/aws_cloudtrail_createtask.yml @@ -17,7 +17,7 @@ separator_value: CreateTask supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - app diff --git a/data_sources/aws_cloudtrail_createvirtualmfadevice.yml b/data_sources/aws_cloudtrail_createvirtualmfadevice.yml index 5940d46737..5c46908a39 100644 --- a/data_sources/aws_cloudtrail_createvirtualmfadevice.yml +++ b/data_sources/aws_cloudtrail_createvirtualmfadevice.yml @@ -17,7 +17,7 @@ separator_value: CreateVirtualMFADevice supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_deactivatemfadevice.yml b/data_sources/aws_cloudtrail_deactivatemfadevice.yml index d16bbc7fe4..e9993d363f 100644 --- a/data_sources/aws_cloudtrail_deactivatemfadevice.yml +++ b/data_sources/aws_cloudtrail_deactivatemfadevice.yml @@ -17,7 +17,7 @@ separator_value: DeactivateMFADevice supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_deleteaccountpasswordpolicy.yml b/data_sources/aws_cloudtrail_deleteaccountpasswordpolicy.yml index f4f5813b46..6e79b1fa62 100644 --- a/data_sources/aws_cloudtrail_deleteaccountpasswordpolicy.yml +++ b/data_sources/aws_cloudtrail_deleteaccountpasswordpolicy.yml @@ -15,7 +15,7 @@ separator_value: DeleteAccountPasswordPolicy supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_deletealarms.yml b/data_sources/aws_cloudtrail_deletealarms.yml index a011e17c1f..795c6c778e 100644 --- a/data_sources/aws_cloudtrail_deletealarms.yml +++ b/data_sources/aws_cloudtrail_deletealarms.yml @@ -17,7 +17,7 @@ separator_value: DeleteAlarms supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_deletedetector.yml b/data_sources/aws_cloudtrail_deletedetector.yml index 6d9e018adb..84910ce7b6 100644 --- a/data_sources/aws_cloudtrail_deletedetector.yml +++ b/data_sources/aws_cloudtrail_deletedetector.yml @@ -17,7 +17,7 @@ separator_value: DeleteDetector supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - app diff --git a/data_sources/aws_cloudtrail_deletegroup.yml b/data_sources/aws_cloudtrail_deletegroup.yml index 78272ba111..945c48a5a4 100644 --- a/data_sources/aws_cloudtrail_deletegroup.yml +++ b/data_sources/aws_cloudtrail_deletegroup.yml @@ -17,7 +17,7 @@ separator_value: DeleteGroup supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_deleteguardrail.yml b/data_sources/aws_cloudtrail_deleteguardrail.yml index 5d377fa9ad..7e65d1c763 100644 --- a/data_sources/aws_cloudtrail_deleteguardrail.yml +++ b/data_sources/aws_cloudtrail_deleteguardrail.yml @@ -13,7 +13,7 @@ separator_value: DeleteGuardrail supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_deleteipset.yml b/data_sources/aws_cloudtrail_deleteipset.yml index 95ccb47550..96527b5c00 100644 --- a/data_sources/aws_cloudtrail_deleteipset.yml +++ b/data_sources/aws_cloudtrail_deleteipset.yml @@ -16,7 +16,7 @@ separator_value: DeleteIPSet supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - app diff --git a/data_sources/aws_cloudtrail_deleteknowledgebase.yml b/data_sources/aws_cloudtrail_deleteknowledgebase.yml index 933c2fdae0..8cddbe4b89 100644 --- a/data_sources/aws_cloudtrail_deleteknowledgebase.yml +++ b/data_sources/aws_cloudtrail_deleteknowledgebase.yml @@ -13,7 +13,7 @@ separator_value: DeleteKnowledgeBase supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_deleteloggingconfiguration.yml b/data_sources/aws_cloudtrail_deleteloggingconfiguration.yml index 6dc7a13eb4..e220160b0b 100644 --- a/data_sources/aws_cloudtrail_deleteloggingconfiguration.yml +++ b/data_sources/aws_cloudtrail_deleteloggingconfiguration.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time example_log: '' diff --git a/data_sources/aws_cloudtrail_deleteloggroup.yml b/data_sources/aws_cloudtrail_deleteloggroup.yml index aaac3f159a..c8e114eb26 100644 --- a/data_sources/aws_cloudtrail_deleteloggroup.yml +++ b/data_sources/aws_cloudtrail_deleteloggroup.yml @@ -17,7 +17,7 @@ separator_value: DeleteLogGroup supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - apiVersion diff --git a/data_sources/aws_cloudtrail_deletelogstream.yml b/data_sources/aws_cloudtrail_deletelogstream.yml index d79a4a7e71..9b52438899 100644 --- a/data_sources/aws_cloudtrail_deletelogstream.yml +++ b/data_sources/aws_cloudtrail_deletelogstream.yml @@ -17,7 +17,7 @@ separator_value: DeleteLogStream supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - apiVersion diff --git a/data_sources/aws_cloudtrail_deletemodelinvocationloggingconfiguration.yml b/data_sources/aws_cloudtrail_deletemodelinvocationloggingconfiguration.yml index e05aeb93c1..1ceaf8d424 100644 --- a/data_sources/aws_cloudtrail_deletemodelinvocationloggingconfiguration.yml +++ b/data_sources/aws_cloudtrail_deletemodelinvocationloggingconfiguration.yml @@ -14,7 +14,7 @@ separator_value: DeleteModelInvocationLoggingConfiguration supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_deletenetworkaclentry.yml b/data_sources/aws_cloudtrail_deletenetworkaclentry.yml index c3598195cc..f3380188ac 100644 --- a/data_sources/aws_cloudtrail_deletenetworkaclentry.yml +++ b/data_sources/aws_cloudtrail_deletenetworkaclentry.yml @@ -16,7 +16,7 @@ separator_value: DeleteNetworkAclEntry supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_deletepolicy.yml b/data_sources/aws_cloudtrail_deletepolicy.yml index 342537ddab..f75000e923 100644 --- a/data_sources/aws_cloudtrail_deletepolicy.yml +++ b/data_sources/aws_cloudtrail_deletepolicy.yml @@ -15,7 +15,7 @@ separator_value: DeletePolicy supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_deleterule.yml b/data_sources/aws_cloudtrail_deleterule.yml index a2173cfbdd..feccbfd885 100644 --- a/data_sources/aws_cloudtrail_deleterule.yml +++ b/data_sources/aws_cloudtrail_deleterule.yml @@ -17,7 +17,7 @@ separator_value: DeleteRule supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - apiVersion diff --git a/data_sources/aws_cloudtrail_deleterulegroup.yml b/data_sources/aws_cloudtrail_deleterulegroup.yml index da3f17641b..a8885474d0 100644 --- a/data_sources/aws_cloudtrail_deleterulegroup.yml +++ b/data_sources/aws_cloudtrail_deleterulegroup.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time example_log: '' diff --git a/data_sources/aws_cloudtrail_deletesnapshot.yml b/data_sources/aws_cloudtrail_deletesnapshot.yml index abdadc0623..15084d281f 100644 --- a/data_sources/aws_cloudtrail_deletesnapshot.yml +++ b/data_sources/aws_cloudtrail_deletesnapshot.yml @@ -17,7 +17,7 @@ separator_value: DeleteSnapshot supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_deletetrail.yml b/data_sources/aws_cloudtrail_deletetrail.yml index 337c9ea196..945b9e856b 100644 --- a/data_sources/aws_cloudtrail_deletetrail.yml +++ b/data_sources/aws_cloudtrail_deletetrail.yml @@ -17,7 +17,7 @@ separator_value: DeleteTrail supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - app diff --git a/data_sources/aws_cloudtrail_deletevirtualmfadevice.yml b/data_sources/aws_cloudtrail_deletevirtualmfadevice.yml index 98e2b348f0..7d93d4eff4 100644 --- a/data_sources/aws_cloudtrail_deletevirtualmfadevice.yml +++ b/data_sources/aws_cloudtrail_deletevirtualmfadevice.yml @@ -15,7 +15,7 @@ separator_value: DeleteVirtualMFADevice supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_deletewebacl.yml b/data_sources/aws_cloudtrail_deletewebacl.yml index 99cd93a96e..41ca01bd58 100644 --- a/data_sources/aws_cloudtrail_deletewebacl.yml +++ b/data_sources/aws_cloudtrail_deletewebacl.yml @@ -15,7 +15,7 @@ separator_value: DeleteWebACL supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - apiVersion diff --git a/data_sources/aws_cloudtrail_describeeventaggregates.yml b/data_sources/aws_cloudtrail_describeeventaggregates.yml index 9dd4f80cf7..54bd6eeb76 100644 --- a/data_sources/aws_cloudtrail_describeeventaggregates.yml +++ b/data_sources/aws_cloudtrail_describeeventaggregates.yml @@ -15,7 +15,7 @@ separator_value: DescribeEventAggregates supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - app diff --git a/data_sources/aws_cloudtrail_describeimagescanfindings.yml b/data_sources/aws_cloudtrail_describeimagescanfindings.yml index 0f8bb8eed5..53108a3c30 100644 --- a/data_sources/aws_cloudtrail_describeimagescanfindings.yml +++ b/data_sources/aws_cloudtrail_describeimagescanfindings.yml @@ -16,7 +16,7 @@ separator_value: DescribeImageScanFindings supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - app diff --git a/data_sources/aws_cloudtrail_describesnapshotattribute.yml b/data_sources/aws_cloudtrail_describesnapshotattribute.yml index 2d57303e7f..00ad01a68c 100644 --- a/data_sources/aws_cloudtrail_describesnapshotattribute.yml +++ b/data_sources/aws_cloudtrail_describesnapshotattribute.yml @@ -10,7 +10,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - action - app diff --git a/data_sources/aws_cloudtrail_getaccountpasswordpolicy.yml b/data_sources/aws_cloudtrail_getaccountpasswordpolicy.yml index 083092e53b..5204ebff4c 100644 --- a/data_sources/aws_cloudtrail_getaccountpasswordpolicy.yml +++ b/data_sources/aws_cloudtrail_getaccountpasswordpolicy.yml @@ -15,7 +15,7 @@ separator_value: GetAccountPasswordPolicy supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_getobject.yml b/data_sources/aws_cloudtrail_getobject.yml index 365cdfe545..35a8af721a 100644 --- a/data_sources/aws_cloudtrail_getobject.yml +++ b/data_sources/aws_cloudtrail_getobject.yml @@ -16,7 +16,7 @@ separator_value: GetObject supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - additionalEventData.AuthenticationMethod diff --git a/data_sources/aws_cloudtrail_getpassworddata.yml b/data_sources/aws_cloudtrail_getpassworddata.yml index 00ba64b91d..4e9c821a5a 100644 --- a/data_sources/aws_cloudtrail_getpassworddata.yml +++ b/data_sources/aws_cloudtrail_getpassworddata.yml @@ -15,7 +15,7 @@ separator_value: GetPasswordData supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - app diff --git a/data_sources/aws_cloudtrail_invokemodel.yml b/data_sources/aws_cloudtrail_invokemodel.yml index 3de67b1420..8fc1268ec1 100644 --- a/data_sources/aws_cloudtrail_invokemodel.yml +++ b/data_sources/aws_cloudtrail_invokemodel.yml @@ -13,7 +13,7 @@ separator_value: InvokeModel supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_jobcreated.yml b/data_sources/aws_cloudtrail_jobcreated.yml index cf554f355f..38318f635e 100644 --- a/data_sources/aws_cloudtrail_jobcreated.yml +++ b/data_sources/aws_cloudtrail_jobcreated.yml @@ -14,7 +14,7 @@ separator_value: JobCreated supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - app diff --git a/data_sources/aws_cloudtrail_listfoundationmodels.yml b/data_sources/aws_cloudtrail_listfoundationmodels.yml index 3fca8be7b6..10f99019b1 100644 --- a/data_sources/aws_cloudtrail_listfoundationmodels.yml +++ b/data_sources/aws_cloudtrail_listfoundationmodels.yml @@ -14,7 +14,7 @@ separator_value: ListFoundationModels supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_modifydbinstance.yml b/data_sources/aws_cloudtrail_modifydbinstance.yml index f01a53b315..28d5504a68 100644 --- a/data_sources/aws_cloudtrail_modifydbinstance.yml +++ b/data_sources/aws_cloudtrail_modifydbinstance.yml @@ -16,7 +16,7 @@ separator_value: ModifyDBInstance supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - app diff --git a/data_sources/aws_cloudtrail_modifyimageattribute.yml b/data_sources/aws_cloudtrail_modifyimageattribute.yml index e17c7fcb42..f268c70ba3 100644 --- a/data_sources/aws_cloudtrail_modifyimageattribute.yml +++ b/data_sources/aws_cloudtrail_modifyimageattribute.yml @@ -15,7 +15,7 @@ separator_value: ModifyImageAttribute supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - app diff --git a/data_sources/aws_cloudtrail_modifysnapshotattribute.yml b/data_sources/aws_cloudtrail_modifysnapshotattribute.yml index a132088a09..3bae5fb017 100644 --- a/data_sources/aws_cloudtrail_modifysnapshotattribute.yml +++ b/data_sources/aws_cloudtrail_modifysnapshotattribute.yml @@ -14,7 +14,7 @@ separator_value: ModifySnapshotAttribute supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - app diff --git a/data_sources/aws_cloudtrail_putbucketacl.yml b/data_sources/aws_cloudtrail_putbucketacl.yml index 2146050b67..59cdadc146 100644 --- a/data_sources/aws_cloudtrail_putbucketacl.yml +++ b/data_sources/aws_cloudtrail_putbucketacl.yml @@ -15,7 +15,7 @@ separator_value: PutBucketAcl supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_putbucketlifecycle.yml b/data_sources/aws_cloudtrail_putbucketlifecycle.yml index 9538b4ad30..328d5fac0e 100644 --- a/data_sources/aws_cloudtrail_putbucketlifecycle.yml +++ b/data_sources/aws_cloudtrail_putbucketlifecycle.yml @@ -15,7 +15,7 @@ separator_value: PutBucketLifecycle supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - additionalEventData.AuthenticationMethod diff --git a/data_sources/aws_cloudtrail_putbucketreplication.yml b/data_sources/aws_cloudtrail_putbucketreplication.yml index 0b60fbedd6..4b32b68e8b 100644 --- a/data_sources/aws_cloudtrail_putbucketreplication.yml +++ b/data_sources/aws_cloudtrail_putbucketreplication.yml @@ -14,7 +14,7 @@ separator_value: PutBucketReplication supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - additionalEventData.AuthenticationMethod diff --git a/data_sources/aws_cloudtrail_putbucketversioning.yml b/data_sources/aws_cloudtrail_putbucketversioning.yml index 97716b4e08..e5f56f5d83 100644 --- a/data_sources/aws_cloudtrail_putbucketversioning.yml +++ b/data_sources/aws_cloudtrail_putbucketversioning.yml @@ -14,7 +14,7 @@ separator_value: PutBucketVersioning supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - additionalEventData.AuthenticationMethod diff --git a/data_sources/aws_cloudtrail_putimage.yml b/data_sources/aws_cloudtrail_putimage.yml index 747d291a19..7020de2369 100644 --- a/data_sources/aws_cloudtrail_putimage.yml +++ b/data_sources/aws_cloudtrail_putimage.yml @@ -15,7 +15,7 @@ separator_value: PutImage supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - app diff --git a/data_sources/aws_cloudtrail_putkeypolicy.yml b/data_sources/aws_cloudtrail_putkeypolicy.yml index caca6320a0..025e74abce 100644 --- a/data_sources/aws_cloudtrail_putkeypolicy.yml +++ b/data_sources/aws_cloudtrail_putkeypolicy.yml @@ -11,7 +11,7 @@ separator: eventName supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - app diff --git a/data_sources/aws_cloudtrail_replacenetworkaclentry.yml b/data_sources/aws_cloudtrail_replacenetworkaclentry.yml index fb1e6775df..2dfa7cff04 100644 --- a/data_sources/aws_cloudtrail_replacenetworkaclentry.yml +++ b/data_sources/aws_cloudtrail_replacenetworkaclentry.yml @@ -14,7 +14,7 @@ separator_value: ReplaceNetworkAclEntry supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_setdefaultpolicyversion.yml b/data_sources/aws_cloudtrail_setdefaultpolicyversion.yml index 3b14cf0fe0..1abf5b1be3 100644 --- a/data_sources/aws_cloudtrail_setdefaultpolicyversion.yml +++ b/data_sources/aws_cloudtrail_setdefaultpolicyversion.yml @@ -15,7 +15,7 @@ separator_value: SetDefaultPolicyVersion supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_stoplogging.yml b/data_sources/aws_cloudtrail_stoplogging.yml index a53e3bf275..24863182a0 100644 --- a/data_sources/aws_cloudtrail_stoplogging.yml +++ b/data_sources/aws_cloudtrail_stoplogging.yml @@ -14,7 +14,7 @@ separator_value: StopLogging supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - app diff --git a/data_sources/aws_cloudtrail_updateaccountpasswordpolicy.yml b/data_sources/aws_cloudtrail_updateaccountpasswordpolicy.yml index 8bff86c1be..7b65af725e 100644 --- a/data_sources/aws_cloudtrail_updateaccountpasswordpolicy.yml +++ b/data_sources/aws_cloudtrail_updateaccountpasswordpolicy.yml @@ -14,7 +14,7 @@ separator_value: UpdateAccountPasswordPolicy supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_updateloginprofile.yml b/data_sources/aws_cloudtrail_updateloginprofile.yml index c130437f11..c9a6491077 100644 --- a/data_sources/aws_cloudtrail_updateloginprofile.yml +++ b/data_sources/aws_cloudtrail_updateloginprofile.yml @@ -14,7 +14,7 @@ separator_value: UpdateLoginProfile supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_updatesamlprovider.yml b/data_sources/aws_cloudtrail_updatesamlprovider.yml index 8156c20fe1..84f9e8e037 100644 --- a/data_sources/aws_cloudtrail_updatesamlprovider.yml +++ b/data_sources/aws_cloudtrail_updatesamlprovider.yml @@ -15,7 +15,7 @@ separator_value: UpdateSAMLProvider supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - action diff --git a/data_sources/aws_cloudtrail_updatetrail.yml b/data_sources/aws_cloudtrail_updatetrail.yml index 61f97ddc56..6cc5d8e54a 100644 --- a/data_sources/aws_cloudtrail_updatetrail.yml +++ b/data_sources/aws_cloudtrail_updatetrail.yml @@ -15,7 +15,7 @@ separator_value: UpdateTrail supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - app diff --git a/data_sources/aws_cloudwatchlogs_vpcflow.yml b/data_sources/aws_cloudwatchlogs_vpcflow.yml index 24e9097583..6376486c4e 100644 --- a/data_sources/aws_cloudwatchlogs_vpcflow.yml +++ b/data_sources/aws_cloudwatchlogs_vpcflow.yml @@ -13,7 +13,7 @@ source: aws_cloudwatchlogs_vpcflow sourcetype: aws:cloudwatchlogs:vpcflow supported_TA: - name: Splunk Add-on for AWS - version: 8.1.1 + version: 8.1.2 url: https://splunkbase.splunk.com/app/1876 fields: - _raw diff --git a/data_sources/aws_security_hub.yml b/data_sources/aws_security_hub.yml index 4f9e202e3b..4e21377d42 100644 --- a/data_sources/aws_security_hub.yml +++ b/data_sources/aws_security_hub.yml @@ -15,7 +15,7 @@ sourcetype: aws:securityhub:finding supported_TA: - name: Splunk Add-on for AWS url: https://splunkbase.splunk.com/app/1876 - version: 8.1.1 + version: 8.1.2 fields: - _time - AwsAccountId diff --git a/data_sources/azure_active_directory.yml b/data_sources/azure_active_directory.yml index 6a00b39f1e..4dbf4aed17 100644 --- a/data_sources/azure_active_directory.yml +++ b/data_sources/azure_active_directory.yml @@ -10,7 +10,7 @@ separator: operationName supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 6.1.1 + version: 6.1.2 output_fields: - dest - user diff --git a/data_sources/azure_active_directory_add_app_role_assignment_to_service_principal.yml b/data_sources/azure_active_directory_add_app_role_assignment_to_service_principal.yml index 5bc33b6253..55b7c0a7b7 100644 --- a/data_sources/azure_active_directory_add_app_role_assignment_to_service_principal.yml +++ b/data_sources/azure_active_directory_add_app_role_assignment_to_service_principal.yml @@ -18,7 +18,7 @@ separator_value: Add app role assignment to service principal supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 6.1.1 + version: 6.1.2 fields: - _time - Level diff --git a/data_sources/azure_active_directory_add_member_to_role.yml b/data_sources/azure_active_directory_add_member_to_role.yml index 35b1ae85fa..e97d1ca61c 100644 --- a/data_sources/azure_active_directory_add_member_to_role.yml +++ b/data_sources/azure_active_directory_add_member_to_role.yml @@ -18,7 +18,7 @@ separator_value: Add member to role supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 6.1.1 + version: 6.1.2 fields: - _time - Level diff --git a/data_sources/azure_active_directory_add_owner_to_application.yml b/data_sources/azure_active_directory_add_owner_to_application.yml index 96e4a2035f..0f7e0ec26e 100644 --- a/data_sources/azure_active_directory_add_owner_to_application.yml +++ b/data_sources/azure_active_directory_add_owner_to_application.yml @@ -18,7 +18,7 @@ separator_value: Add owner to application supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 6.1.1 + version: 6.1.2 fields: - _time - Level diff --git a/data_sources/azure_active_directory_add_service_principal.yml b/data_sources/azure_active_directory_add_service_principal.yml index 6b9f9f456c..958185225c 100644 --- a/data_sources/azure_active_directory_add_service_principal.yml +++ b/data_sources/azure_active_directory_add_service_principal.yml @@ -18,7 +18,7 @@ separator_value: Add service principal supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 6.1.1 + version: 6.1.2 fields: - _time - Level diff --git a/data_sources/azure_active_directory_add_unverified_domain.yml b/data_sources/azure_active_directory_add_unverified_domain.yml index 32626c5aa9..b412d8896c 100644 --- a/data_sources/azure_active_directory_add_unverified_domain.yml +++ b/data_sources/azure_active_directory_add_unverified_domain.yml @@ -17,7 +17,7 @@ separator_value: Add unverified domain supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 6.1.1 + version: 6.1.2 fields: - _time - Level diff --git a/data_sources/azure_active_directory_consent_to_application.yml b/data_sources/azure_active_directory_consent_to_application.yml index ec658594bd..95fcbcc97e 100644 --- a/data_sources/azure_active_directory_consent_to_application.yml +++ b/data_sources/azure_active_directory_consent_to_application.yml @@ -18,7 +18,7 @@ separator_value: Consent to application supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 6.1.1 + version: 6.1.2 fields: - _time - Level diff --git a/data_sources/azure_active_directory_disable_strong_authentication.yml b/data_sources/azure_active_directory_disable_strong_authentication.yml index 337333172f..e10d3e0498 100644 --- a/data_sources/azure_active_directory_disable_strong_authentication.yml +++ b/data_sources/azure_active_directory_disable_strong_authentication.yml @@ -16,7 +16,7 @@ separator_value: Disable Strong Authentication supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 6.1.1 + version: 6.1.2 fields: - _time - Level diff --git a/data_sources/azure_active_directory_enable_account.yml b/data_sources/azure_active_directory_enable_account.yml index 4d655dbf44..26089440d3 100644 --- a/data_sources/azure_active_directory_enable_account.yml +++ b/data_sources/azure_active_directory_enable_account.yml @@ -15,7 +15,7 @@ separator_value: Enable account supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 6.1.1 + version: 6.1.2 fields: - _time - Level diff --git a/data_sources/azure_active_directory_invite_external_user.yml b/data_sources/azure_active_directory_invite_external_user.yml index fea61f37aa..3507a77ead 100644 --- a/data_sources/azure_active_directory_invite_external_user.yml +++ b/data_sources/azure_active_directory_invite_external_user.yml @@ -16,7 +16,7 @@ separator_value: Invite external user supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 6.1.1 + version: 6.1.2 fields: - _time - Level diff --git a/data_sources/azure_active_directory_microsoftgraphactivitylogs.yml b/data_sources/azure_active_directory_microsoftgraphactivitylogs.yml index f00ce2323f..353af1c68c 100644 --- a/data_sources/azure_active_directory_microsoftgraphactivitylogs.yml +++ b/data_sources/azure_active_directory_microsoftgraphactivitylogs.yml @@ -10,7 +10,7 @@ separator: operationName supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 6.1.1 + version: 6.1.2 fields: - _time example_log: '{"time": "2024-04-30T01:22:46.4948958Z", "resourceId": "/TENANTS/225E05A1-5914-4688-A404-7030E60F3143/PROVIDERS/MICROSOFT.AADIAM", diff --git a/data_sources/azure_active_directory_noninteractiveusersigninlogs.yml b/data_sources/azure_active_directory_noninteractiveusersigninlogs.yml index 2b0180bf69..5baaa070bd 100644 --- a/data_sources/azure_active_directory_noninteractiveusersigninlogs.yml +++ b/data_sources/azure_active_directory_noninteractiveusersigninlogs.yml @@ -10,7 +10,7 @@ separator: operationName supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 6.1.1 + version: 6.1.2 fields: - action - additional_details diff --git a/data_sources/azure_active_directory_reset_password_(by_admin).yml b/data_sources/azure_active_directory_reset_password_(by_admin).yml index 13a089b491..aec689b962 100644 --- a/data_sources/azure_active_directory_reset_password_(by_admin).yml +++ b/data_sources/azure_active_directory_reset_password_(by_admin).yml @@ -16,7 +16,7 @@ separator_value: Reset password (by admin) supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 6.1.1 + version: 6.1.2 fields: - _time - Level diff --git a/data_sources/azure_active_directory_set_domain_authentication.yml b/data_sources/azure_active_directory_set_domain_authentication.yml index d7827e8ef0..20c6dc416a 100644 --- a/data_sources/azure_active_directory_set_domain_authentication.yml +++ b/data_sources/azure_active_directory_set_domain_authentication.yml @@ -16,7 +16,7 @@ separator_value: Set domain authentication supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 6.1.1 + version: 6.1.2 fields: - _time - Level diff --git a/data_sources/azure_active_directory_sign_in_activity.yml b/data_sources/azure_active_directory_sign_in_activity.yml index 670fc671b0..0e233a6f7f 100644 --- a/data_sources/azure_active_directory_sign_in_activity.yml +++ b/data_sources/azure_active_directory_sign_in_activity.yml @@ -16,7 +16,7 @@ separator_value: Sign-in activity supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 6.1.1 + version: 6.1.2 fields: - _time - Level diff --git a/data_sources/azure_active_directory_update_application.yml b/data_sources/azure_active_directory_update_application.yml index 237f09bd7d..95cacfab4b 100644 --- a/data_sources/azure_active_directory_update_application.yml +++ b/data_sources/azure_active_directory_update_application.yml @@ -16,7 +16,7 @@ separator_value: Update application supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 6.1.1 + version: 6.1.2 fields: - _time - Level diff --git a/data_sources/azure_active_directory_update_authorization_policy.yml b/data_sources/azure_active_directory_update_authorization_policy.yml index b21575ad7a..f95d668b02 100644 --- a/data_sources/azure_active_directory_update_authorization_policy.yml +++ b/data_sources/azure_active_directory_update_authorization_policy.yml @@ -16,7 +16,7 @@ separator_value: Update authorization policy supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 6.1.1 + version: 6.1.2 fields: - _time - Level diff --git a/data_sources/azure_active_directory_update_user.yml b/data_sources/azure_active_directory_update_user.yml index f35576f14d..250161ca28 100644 --- a/data_sources/azure_active_directory_update_user.yml +++ b/data_sources/azure_active_directory_update_user.yml @@ -14,7 +14,7 @@ separator_value: Update user supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 6.1.1 + version: 6.1.2 fields: - _time - Level diff --git a/data_sources/azure_active_directory_user_registered_security_info.yml b/data_sources/azure_active_directory_user_registered_security_info.yml index 53e80c4a15..88e1139653 100644 --- a/data_sources/azure_active_directory_user_registered_security_info.yml +++ b/data_sources/azure_active_directory_user_registered_security_info.yml @@ -15,7 +15,7 @@ separator_value: User registered security info supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 6.1.1 + version: 6.1.2 fields: - _time - Level diff --git a/data_sources/azure_audit_create_or_update_an_azure_automation_account.yml b/data_sources/azure_audit_create_or_update_an_azure_automation_account.yml index ccde445043..add79872ec 100644 --- a/data_sources/azure_audit_create_or_update_an_azure_automation_account.yml +++ b/data_sources/azure_audit_create_or_update_an_azure_automation_account.yml @@ -15,7 +15,7 @@ separator_value: Create or Update an Azure Automation account supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 6.1.1 + version: 6.1.2 fields: - _time - authorization.action diff --git a/data_sources/azure_audit_create_or_update_an_azure_automation_runbook.yml b/data_sources/azure_audit_create_or_update_an_azure_automation_runbook.yml index faf3d19ac2..cc2777a42f 100644 --- a/data_sources/azure_audit_create_or_update_an_azure_automation_runbook.yml +++ b/data_sources/azure_audit_create_or_update_an_azure_automation_runbook.yml @@ -15,7 +15,7 @@ separator_value: Create or Update an Azure Automation Runbook supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 6.1.1 + version: 6.1.2 fields: - _time - authorization.action diff --git a/data_sources/azure_audit_create_or_update_an_azure_automation_webhook.yml b/data_sources/azure_audit_create_or_update_an_azure_automation_webhook.yml index 6dd735705e..39db847da2 100644 --- a/data_sources/azure_audit_create_or_update_an_azure_automation_webhook.yml +++ b/data_sources/azure_audit_create_or_update_an_azure_automation_webhook.yml @@ -15,7 +15,7 @@ separator_value: Create or Update an Azure Automation webhook supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 6.1.1 + version: 6.1.2 fields: - _time - authorization.action diff --git a/data_sources/azure_monitor_activity.yml b/data_sources/azure_monitor_activity.yml index 8273e6ac84..6ac7fd1e61 100644 --- a/data_sources/azure_monitor_activity.yml +++ b/data_sources/azure_monitor_activity.yml @@ -13,7 +13,7 @@ separator: operationName supported_TA: - name: Splunk Add-on for Microsoft Cloud Services url: https://splunkbase.splunk.com/app/3110 - version: 6.1.1 + version: 6.1.2 fields: - column - action diff --git a/data_sources/palo_alto_network_threat.yml b/data_sources/palo_alto_network_threat.yml index 851f40cc5b..99fafb63b4 100644 --- a/data_sources/palo_alto_network_threat.yml +++ b/data_sources/palo_alto_network_threat.yml @@ -16,7 +16,7 @@ sourcetype: pan:threat supported_TA: - name: Palo Alto Networks Add-on url: https://splunkbase.splunk.com/app/7523 - version: 3.0.1 + version: 3.1.0 field_mappings: - data_model: cim data_set: Web @@ -28,10 +28,10 @@ field_mappings: url_length: Web.url_length src: Web.src output_fields: -- http_user_agent +- http_user_agent - http_method -- url -- url_length +- url +- url_length - src - dest fields: diff --git a/data_sources/palo_alto_network_traffic.yml b/data_sources/palo_alto_network_traffic.yml index a3f947d023..340a19f39c 100644 --- a/data_sources/palo_alto_network_traffic.yml +++ b/data_sources/palo_alto_network_traffic.yml @@ -16,7 +16,7 @@ sourcetype: pan:traffic supported_TA: - name: Palo Alto Networks Add-on url: https://splunkbase.splunk.com/app/7523 - version: 3.0.1 + version: 3.1.0 fields: - _time - date_hour @@ -37,22 +37,22 @@ fields: - timeendpos - timestartpos output_fields: -- action -- app -- bytes -- bytes_in -- bytes_out -- dest -- dest_ip -- dest_port -- dvc -- protocol +- action +- app +- bytes +- bytes_in +- bytes_out +- dest +- dest_ip +- dest_port +- dvc +- protocol - protocol_version -- src -- src_ip -- src_port -- transport -- user +- src +- src_ip +- src_port +- transport +- user - vendor_product field_mappings: - data_model: cim