Merge branch 'develop' into ftd-cim-update

Author: nasbench

contentctl.yml

@@ -221,8 +221,8 @@ apps:
 - uid: 3471
   title: Splunk Add-on for AppDynamics
   appid: Splunk_TA_AppDynamics
-  version: 3.1.2
+  version: 3.1.3
   description: The Splunk Add-on for AppDynamics enables you to easily configure data
     inputs to pull data from AppDynamics' REST APIs
-  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/cisco-splunk-add-on-for-appdynamics_312.tgz
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/cisco-splunk-add-on-for-appdynamics_313.tgz
 githash: d6fac80e6d50ae06b40f91519a98489d4ce3a3fd

data_sources/cisco_secure_application_appdynamics_alerts.yml

@@ -9,7 +9,7 @@ sourcetype: appdynamics_security
 supported_TA:
 - name: Splunk Add-on for AppDynamics
   url: https://splunkbase.splunk.com/app/3471
-  version: 3.1.2
+  version: 3.1.3
 fields:
 - SourceType
 - apiServerExternal

detections/network/detect_remote_access_software_usage_traffic.yml

@@ -1,7 +1,7 @@
 name: Detect Remote Access Software Usage Traffic
 id: 885ea672-07ee-475a-879e-60d28aa5dd42
-version: 8
-date: '2025-05-02'
+version: 9
+date: '2025-05-30'
 author: Steven Dick
 status: production
 type: Anomaly
@@ -16,7 +16,7 @@ description: The following analytic detects network traffic associated with know
 data_source:
 - Palo Alto Network Traffic
 search: '| tstats `security_content_summariesonly` count min(_time) as firstTime max(_time)
-  as lastTime values(All_Traffic.dest_port) as dest_port latest(user) as user from
+  as lastTime values(All_Traffic.dest_port) as dest_port latest(All_Traffic.user) as user from
   datamodel=Network_Traffic by All_Traffic.action All_Traffic.app All_Traffic.bytes
   All_Traffic.bytes_in All_Traffic.bytes_out All_Traffic.dest All_Traffic.dest_ip
   All_Traffic.dest_port All_Traffic.dvc All_Traffic.protocol All_Traffic.protocol_version