splunk
diff --git a/‎contentctl.yml‎
Lines changed: 15 additions & 8 deletions b/‎contentctl.yml‎
Lines changed: 15 additions & 8 deletions
diff --git a/‎data_sources/aws_cloudtrail_deleteloggingconfiguration.yml‎
Lines changed: 16 additions & 0 deletions b/‎data_sources/aws_cloudtrail_deleteloggingconfiguration.yml‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎data_sources/aws_cloudtrail_deleterulegroup.yml‎
Lines changed: 16 additions & 0 deletions b/‎data_sources/aws_cloudtrail_deleterulegroup.yml‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎data_sources/aws_cloudtrail_describesnapshotattribute.yml‎
Lines changed: 150 additions & 0 deletions b/‎data_sources/aws_cloudtrail_describesnapshotattribute.yml‎
Lines changed: 150 additions & 0 deletions
diff --git a/‎data_sources/azure_active_directory_microsoftgraphactivitylogs.yml‎
Lines changed: 34 additions & 0 deletions b/‎data_sources/azure_active_directory_microsoftgraphactivitylogs.yml‎
Lines changed: 34 additions & 0 deletions
@@ -3,7 +3,7 @@ app:
   uid: 3449
   title: ES Content Updates
   appid: DA-ESS-ContentUpdate
-  version: 5.1.0
+  version: 5.1.1
   description: Explore the Analytic Stories included with ES Content Updates.
   prefix: ESCU
   label: ESCU
@@ -44,9 +44,9 @@ apps:
 - uid: 7404
   title: Cisco Security Cloud
   appid: CiscoSecurityCloud
-  version: 3.0.1
+  version: 3.1.1
   description: description of app
-  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/cisco-security-cloud_301.tgz
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/cisco-security-cloud_311.tgz
 - uid: 6652
   title: Add-on for Linux Sysmon
   appid: Splunk_TA_linux_sysmon
@@ -155,9 +155,9 @@ apps:
 - uid: 5556
   title: Splunk Add-on for Google Workspace
   appid: SPLUNK_ADD_ON_FOR_GOOGLE_WORKSPACE
-  version: 3.0.2
+  version: 3.0.3
   description: description of app
-  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-google-workspace_302.tgz
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-google-workspace_303.tgz
 - uid: 3110
   title: Splunk Add-on for Microsoft Cloud Services
   appid: SPLUNK_TA_MICROSOFT_CLOUD_SERVICES
@@ -167,9 +167,9 @@ apps:
 - uid: 4055
   title: Splunk Add-on for Microsoft Office 365
   appid: SPLUNK_ADD_ON_FOR_MICROSOFT_OFFICE_365
-  version: 4.7.0
+  version: 4.8.0
   description: description of app
-  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-microsoft-office-365_470.tgz
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-microsoft-office-365_480.tgz
 - uid: 2890
   title: Splunk Machine Learning Toolkit
   appid: SPLUNK_MACHINE_LEARNING_TOOLKIT
@@ -212,10 +212,17 @@ apps:
   version: 4.2.2
   description: PSC for MLTK
   hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/python-for-scientific-computing-for-linux-64-bit_422.tgz
+- uid: 6254
+  title: Splunk Add-on for Github
+  appid: Splunk_TA_github
+  version: 3.1.0
+  description: description of app
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-github_310.tgz
 - uid: 2882
   title: Splunk Add-on for AppDynamics
   appid: Splunk_TA_AppDynamics
   version: 3.0.0
-  description: The Splunk Add-on for AppDynamics enables you to easily configure data inputs to pull data from AppDynamics' REST APIs
+  description: The Splunk Add-on for AppDynamics enables you to easily configure data
+    inputs to pull data from AppDynamics' REST APIs
   hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-appdynamics_300.tgz
 githash: d6fac80e6d50ae06b40f91519a98489d4ce3a3fd
@@ -0,0 +1,16 @@
+name: AWS CloudTrail DeleteLoggingConfiguration
+id: 24a28726-28f3-4537-a953-71bfbbc3b831
+version: 1
+date: '2025-02-21'
+author: Bhavin Patel, Splunk
+description: Data source object for AWS CloudTrail DeleteLoggingConfiguration
+source: aws_cloudtrail
+sourcetype: aws:cloudtrail
+separator: eventName
+supported_TA:
+- name: Splunk Add-on for AWS
+  url: https://splunkbase.splunk.com/app/1876
+  version: 7.9.1
+fields:
+- _time
+example_log: ''
@@ -0,0 +1,16 @@
+name: AWS CloudTrail DeleteRuleGroup
+id: 21c9b538-fa11-4bdf-9138-0dfe06b4d730
+version: 1
+date: '2025-02-21'
+author: Bhavin Patel, Splunk
+description: Data source object for AWS CloudTrail DeleteRuleGroup
+source: aws_cloudtrail
+sourcetype: aws:cloudtrail
+separator: eventName
+supported_TA:
+- name: Splunk Add-on for AWS
+  url: https://splunkbase.splunk.com/app/1876
+  version: 7.9.1
+fields:
+- _time
+example_log: ''
@@ -0,0 +1,150 @@
+name: AWS CloudTrail DescribeSnapshotAttribute
+id: f054c99b-63b8-4236-8a62-b52fbbabacba
+version: 1
+date: '2025-02-21'
+author: Bhavin Patel, Splunk
+description: Data source object for AWS CloudTrail DescribeSnapshotAttribute
+source: aws_cloudtrail
+sourcetype: aws:cloudtrail
+separator: eventName
+supported_TA:
+- name: Splunk Add-on for AWS
+  url: https://splunkbase.splunk.com/app/1876
+  version: 7.9.1
+fields:
+- action
+- app
+- authentication_method
+- awsRegion
+- aws_account_id
+- change_type
+- command
+- date_hour
+- date_mday
+- date_minute
+- date_month
+- date_second
+- date_wday
+- date_year
+- date_zone
+- desc
+- dest
+- dest_ip_range
+- dest_port_range
+- direction
+- dvc
+- errorCode
+- errorMessage
+- eventCategory
+- eventID
+- eventName
+- eventSource
+- eventTime
+- eventType
+- eventVersion
+- eventtype
+- host
+- image_id
+- index
+- instance_type
+- linecount
+- managementEvent
+- msg
+- object
+- object_attrs
+- object_category
+- object_id
+- product
+- protocol
+- protocol_code
+- punct
+- readOnly
+- reason
+- recipientAccountId
+- region
+- requestID
+- requestParameters.attributeType
+- requestParameters.snapshotId
+- responseElements
+- result
+- result_id
+- rule_action
+- signature
+- source
+- sourceIPAddress
+- sourcetype
+- splunk_server
+- splunk_server_group
+- src
+- src_ip
+- src_ip_range
+- src_port_range
+- src_user
+- src_user_id
+- src_user_name
+- src_user_role
+- src_user_type
+- start_time
+- status
+- tag
+- tag::action
+- tag::app
+- tag::eventtype
+- tag::object_category
+- temp_access_key
+- timeendpos
+- timestartpos
+- tlsDetails.cipherSuite
+- tlsDetails.clientProvidedHostHeader
+- tlsDetails.tlsVersion
+- user
+- userAgent
+- userIdentity.accessKeyId
+- userIdentity.accountId
+- userIdentity.arn
+- userIdentity.principalId
+- userIdentity.sessionContext.attributes.creationDate
+- userIdentity.sessionContext.attributes.mfaAuthenticated
+- userIdentity.sessionContext.sessionIssuer.accountId
+- userIdentity.sessionContext.sessionIssuer.arn
+- userIdentity.sessionContext.sessionIssuer.principalId
+- userIdentity.sessionContext.sessionIssuer.type
+- userIdentity.sessionContext.sessionIssuer.userName
+- userIdentity.type
+- userName
+- user_access_key
+- user_agent
+- user_arn
+- user_group_id
+- user_id
+- user_name
+- user_role
+- user_type
+- vendor
+- vendor_account
+- vendor_product
+- vendor_region
+- _bkt
+- _cd
+- _eventtype_color
+- _indextime
+- _raw
+- _serial
+- _si
+- _sourcetype
+- _time
+example_log: '{"eventVersion": "1.10", "userIdentity": {"type": "AssumedRole", "principalId":
+  "AROAYTOGP2RLBXYPYUKBH:aws-go-sdk-1740131590946446551", "arn": "arn:aws:sts::111111111111111:assumed-role/DAFTPUNK-cloud-security-audit/aws-go-sdk-1740131590946446551",
+  "accountId": "111111111111111", "accessKeyId": "DAFTPUNK", "sessionContext": {"sessionIssuer":
+  {"type": "Role", "principalId": "AROAYTOGP2RLBXYPYUKBH", "arn": "arn:aws:iam::111111111111111:role/DAFTPUNK-cloud-security-audit",
+  "accountId": "111111111111111", "userName": "DAFTPUNK-cloud-security-audit"}, "attributes":
+  {"creationDate": "2025-02-21T10:48:43Z", "mfaAuthenticated": "false"}}}, "eventTime":
+  "2025-02-21T11:29:27Z", "eventSource": "ec2.amazonaws.com", "eventName": "DescribeSnapshotAttribute",
+  "awsRegion": "eu-central-1", "sourceIPAddress": "54.203.114.197", "userAgent": "m/E
+  aws-sdk-go-v2/1.30.5 os/linux lang/go#1.22.4 md/GOOS#linux md/GOARCH#amd64 api/ec2#1.177.3",
+  "requestParameters": {"snapshotId": "snap-082bd5016636bbd94", "attributeType": "PRODUCT_CODES"},
+  "responseElements": null, "requestID": "70339070-6038-40b7-9acf-5ecb85cda843", "eventID":
+  "bcc65c3f-a997-4a01-90bf-3b85f7268e70", "readOnly": true, "eventType": "AwsApiCall",
+  "managementEvent": true, "recipientAccountId": "111111111111111", "eventCategory":
+  "Management", "tlsDetails": {"tlsVersion": "TLSv1.3", "cipherSuite": "TLS_AES_128_GCM_SHA256",
+  "clientProvidedHostHeader": "ec2.eu-central-1.amazonaws.com"}}'
@@ -0,0 +1,34 @@
+name: Azure Active Directory MicrosoftGraphActivityLogs
+id: 63ff93ba-2bbb-4542-8773-239bf5266367
+version: 1
+date: '2025-02-21'
+author: Bhavin Patel, Splunk
+description: Data source object for Azure Active Directory MicrosoftGraphActivityLogs
+source: Azure AD
+sourcetype: azure:monitor:aad
+separator: operationName
+supported_TA:
+- name: Splunk Add-on for Microsoft Cloud Services
+  url: https://splunkbase.splunk.com/app/3110
+  version: 5.4.3
+fields:
+- _time
+example_log: '{"time": "2024-04-30T01:22:46.4948958Z", "resourceId": "/TENANTS/225E05A1-5914-4688-A404-7030E60F3143/PROVIDERS/MICROSOFT.AADIAM",
+  "operationName": "Microsoft Graph Activity", "operationVersion": "beta", "category":
+  "MicrosoftGraphActivityLogs", "resultSignature": "200", "durationMs": "948894",
+  "callerIpAddress": "45.83.145.6", "correlationId": "8fb849dd-2abe-4c3e-b202-d71af8d1555b",
+  "level": "Informational", "location": "East US 2", "properties": {"__UDI_RequiredFields_TenantId":
+  "225e05a1-5914-4688-a404-7030e60f3143", "__UDI_RequiredFields_UniqueId": "8fb849dd-2abe-4c3e-b202-d71af8d1555b",
+  "__UDI_RequiredFields_EventTime": 638500369660000000, "__UDI_RequiredFields_RegionScope":
+  "NA", "timeGenerated": "2024-04-30T01:22:46.4948958Z", "location": "East US 2",
+  "requestId": "8fb849dd-2abe-4c3e-b202-d71af8d1555b", "operationId": "8fb849dd-2abe-4c3e-b202-d71af8d1555b",
+  "clientRequestId": "8fb849dd-2abe-4c3e-b202-d71af8d1555b", "apiVersion": "beta",
+  "requestMethod": "GET", "responseStatusCode": 200, "tenantId": "225e05a1-5914-4688-a404-7030e60f3143",
+  "durationMs": 948894, "responseSizeBytes": 91, "signInActivityId": "KRsphQ_4s0-oHv_Br8qSAQ",
+  "roles": "", "appId": "1950a258-227b-4e31-a9cf-717495945fc2", "UserPrincipalObjectID":
+  "7b934539-7366-494e-a8ac-3517694d32db", "scopes": "AuditLog.Read.All Directory.AccessAsUser.All
+  email openid profile", "identityProvider": "", "clientAuthMethod": "0", "wids":
+  "b79fbf4d-3ef9-4689-8143-76b194e85509", "C_Idtyp": "user", "C_Iat": "1714439850",
+  "ipAddress": "45.83.145.6", "userAgent": "azurehound/v2.1.8", "requestUri": "https://graph.microsoft.com/beta/servicePrincipals/ffe3e001-d8cf-43a4-89ab-bfce35fd7786/owners?%24top=999",
+  "userId": "7b934539-7366-494e-a8ac-3517694d32db", "tokenIssuedAt": "2024-04-30T01:17:30.0000000Z"},
+  "tenantId": "225e05a1-5914-4688-a404-7030e60f3143"}'