anomaly_standard_init_score (#3946)

Co-authored-by: Teoderick Contreras <tcontreras@splunk.com>
Co-authored-by: Bhavin Patel <bhavin.j.patel91@gmail.com>

Author: 3 people

detections/application/cisco_ai_defense_security_alerts_by_application_name.yml

@@ -1,7 +1,7 @@
 name: Cisco AI Defense Security Alerts by Application Name
 id: 105e4a69-ec55-49fc-be1f-902467435ea8
-version: 4
-date: '2026-02-25'
+version: 5
+date: '2026-03-10'
 author: Bhavin Patel, Splunk
 status: production
 type: Anomaly
@@ -56,7 +56,7 @@ rba:
     risk_objects:
         - field: application_name
           type: other
-          score: 10
+          score: 20
     threat_objects: []
 tags:
     analytic_story:

detections/application/cisco_asa___aaa_policy_tampering.yml

@@ -1,7 +1,7 @@
 name: Cisco ASA - AAA Policy Tampering
 id: 8f2c4e9a-5d3b-4c7e-9a1f-6e8d5b2c3a9f
-version: 2
-date: '2026-02-25'
+version: 3
+date: '2026-03-10'
 author: Nasreddine Bencherchali, Splunk
 status: production
 type: Anomaly
@@ -61,7 +61,7 @@ rba:
     risk_objects:
         - field: host
           type: system
-          score: 40
+          score: 20
     threat_objects:
         - field: command
           type: process

detections/application/cisco_asa___device_file_copy_activity.yml

@@ -1,7 +1,7 @@
 name: Cisco ASA - Device File Copy Activity
 id: 4d7e8f3a-9c2b-4e6f-8a1d-5b9c7e2f4a8c
-version: 2
-date: '2026-02-25'
+version: 3
+date: '2026-03-10'
 author: Nasreddine Bencherchali, Splunk
 status: production
 type: Anomaly
@@ -61,7 +61,7 @@ rba:
     risk_objects:
         - field: host
           type: system
-          score: 50
+          score: 20
     threat_objects:
         - field: src_ip
           type: ip_address

detections/application/cisco_asa___device_file_copy_to_remote_location.yml

@@ -1,7 +1,7 @@
 name: Cisco ASA - Device File Copy to Remote Location
 id: 8a9e5f2b-6d4c-4e7f-9b3a-1c8d7f5e2a9b
-version: 2
-date: '2026-02-25'
+version: 3
+date: '2026-03-10'
 author: Nasreddine Bencherchali, Splunk
 status: production
 type: Anomaly
@@ -82,10 +82,10 @@ rba:
     risk_objects:
         - field: host
           type: system
-          score: 50
+          score: 20
         - field: user
           type: user
-          score: 50
+          score: 20
     threat_objects:
         - field: dest
           type: ip_address

detections/application/cisco_asa___logging_filters_configuration_tampering.yml

@@ -1,7 +1,7 @@
 name: Cisco ASA - Logging Filters Configuration Tampering
 id: b87b48a8-6d1a-4280-9cf1-16a950dbf901
-version: 2
-date: '2026-02-25'
+version: 3
+date: '2026-03-10'
 author: Nasreddine Bencherchali, Splunk
 status: production
 type: Anomaly
@@ -71,10 +71,10 @@ rba:
     risk_objects:
         - field: host
           type: system
-          score: 60
+          score: 20
         - field: user
           type: user
-          score: 60
+          score: 20
     threat_objects:
         - field: command
           type: process

detections/application/cisco_asa___logging_message_suppression.yml

@@ -1,7 +1,7 @@
 name: Cisco ASA - Logging Message Suppression
 id: 4e6c9d2a-8f3b-4c7e-9a5f-2d8b6e1c4a9f
-version: 2
-date: '2026-02-25'
+version: 3
+date: '2026-03-10'
 author: Nasreddine Bencherchali, Splunk
 status: production
 type: Anomaly
@@ -56,10 +56,10 @@ rba:
     risk_objects:
         - field: host
           type: system
-          score: 50
+          score: 20
         - field: user
           type: user
-          score: 50
+          score: 20
     threat_objects:
         - field: command
           type: process

detections/application/cisco_asa___new_local_user_account_created.yml

@@ -1,7 +1,7 @@
 name: Cisco ASA - New Local User Account Created
 id: 9c8e4f2a-7d3b-4e5c-8a9f-1b6d4e8c3f5a
-version: 2
-date: '2026-02-25'
+version: 3
+date: '2026-03-10'
 author: Nasreddine Bencherchali, Splunk
 status: production
 type: Anomaly
@@ -51,10 +51,10 @@ rba:
     risk_objects:
         - field: host
           type: system
-          score: 40
+          score: 20
         - field: user
           type: user
-          score: 40
+          score: 20
     threat_objects: []
 tags:
     analytic_story:

detections/application/cisco_asa___packet_capture_activity.yml

@@ -1,7 +1,7 @@
 name: Cisco ASA - Packet Capture Activity
 id: 7e9c3f8a-4b2d-4c5e-9a1f-6d8e5b3c2a9f
-version: 2
-date: '2026-02-25'
+version: 3
+date: '2026-03-10'
 author: Nasreddine Bencherchali, Splunk
 status: production
 type: Anomaly
@@ -56,10 +56,10 @@ rba:
     risk_objects:
         - field: host
           type: system
-          score: 50
+          score: 20
         - field: user
           type: user
-          score: 50
+          score: 20
     threat_objects:
         - field: command
           type: process

detections/application/cisco_asa___reconnaissance_command_activity.yml

@@ -1,7 +1,7 @@
 name: Cisco ASA - Reconnaissance Command Activity
 id: 6e9d4f7a-3c8b-4a9e-8d2f-7b5c9e1a6f3d
-version: 2
-date: '2026-02-25'
+version: 3
+date: '2026-03-10'
 author: Nasreddine Bencherchali, Splunk
 status: production
 type: Anomaly
@@ -112,10 +112,10 @@ rba:
     risk_objects:
         - field: host
           type: system
-          score: 50
+          score: 20
         - field: user
           type: user
-          score: 40
+          score: 20
     threat_objects:
         - field: src_ip
           type: ip_address

detections/application/cisco_asa___user_account_deleted_from_local_database.yml

@@ -1,7 +1,7 @@
 name: Cisco ASA - User Account Deleted From Local Database
 id: 2d4b9e7f-5c3a-4d8e-9b1f-8a6c5e2d4f7a
-version: 2
-date: '2026-02-25'
+version: 3
+date: '2026-03-10'
 author: Nasreddine Bencherchali, Splunk
 status: production
 type: Anomaly
@@ -51,10 +51,10 @@ rba:
     risk_objects:
         - field: host
           type: system
-          score: 40
+          score: 20
         - field: user
           type: user
-          score: 40
+          score: 20
     threat_objects: []
 tags:
     analytic_story: