Merge branch 'develop' into xworm

Author: patel-bhavin

.github/workflows/unit-testing.yml

@@ -43,25 +43,25 @@ jobs:
             git switch new_branch_for_testing
             contentctl test --verbose --disable-tqdm --no-enable-integration-testing --container-settings.num-containers 2 --post-test-behavior never_pause mode:changes --mode.target-branch ${{ github.base_ref }}
             echo "contentctl test - COMPLETED"
-          continue-on-error: true
 
         # Store test_results/summary.yml and dist/DA-ESS-ContentUpdate-latest.tar.gz to job artifact-test_summary_results.zip
         - name: store_artifacts
+          if: always()
           uses: actions/upload-artifact@v4
           with:
             name: test_summary_results
             path: |
               test_results/summary.yml
               dist/DA-ESS-ContentUpdate-latest.tar.gz
-          continue-on-error: true
 
         # Print entire result summary so that the users can view it in the Github Actions logs 
         - name: Print entire test_results/summary.yml
+          if: always()
           run: cat test_results/summary.yml
-          continue-on-error: true
 
         # Run a simple custom script created to pretty print results in a markdown friendly format in Github Actions Summary
         - name: Check the test_results/summary.yml for pass/fail.
+          if: always()
           run: |       
             echo "This job will fail if there are failures in unit-testing"  
             python .github/workflows/format_test_results.py >> $GITHUB_STEP_SUMMARY

contentctl.yml

@@ -44,9 +44,9 @@ apps:
 - uid: 7404
   title: Cisco Security Cloud
   appid: CiscoSecurityCloud
-  version: 3.1.1
+  version: 3.2.0
   description: description of app
-  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/cisco-security-cloud_311.tgz
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/cisco-security-cloud_320.tgz
 - uid: 6652
   title: Add-on for Linux Sysmon
   appid: Splunk_TA_linux_sysmon
@@ -101,9 +101,9 @@ apps:
 - uid: 5466
   title: TA for Zeek
   appid: SPLUNK_TA_FOR_ZEEK
-  version: 1.0.8
+  version: 1.0.9
   description: description of app
-  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/ta-for-zeek_108.tgz
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/ta-for-zeek_109.tgz
 - uid: 3258
   title: Splunk Add-on for NGINX
   appid: SPLUNK_ADD_ON_FOR_NGINX
@@ -143,9 +143,9 @@ apps:
 - uid: 1876
   title: Splunk Add-on for AWS
   appid: Splunk_TA_aws
-  version: 7.9.1
+  version: 7.10.0
   description: description of app
-  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-amazon-web-services-aws_791.tgz
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-amazon-web-services-aws_7100.tgz
 - uid: 3088
   title: Splunk Add-on for Google Cloud Platform
   appid: SPLUNK_ADD_ON_FOR_GOOGLE_CLOUD_PLATFORM
@@ -155,9 +155,9 @@ apps:
 - uid: 5556
   title: Splunk Add-on for Google Workspace
   appid: SPLUNK_ADD_ON_FOR_GOOGLE_WORKSPACE
-  version: 3.0.3
+  version: 3.0.4
   description: description of app
-  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-google-workspace_303.tgz
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-google-workspace_304.tgz
 - uid: 3110
   title: Splunk Add-on for Microsoft Cloud Services
   appid: SPLUNK_TA_MICROSOFT_CLOUD_SERVICES

data_sources/asl_aws_cloudtrail.yml

@@ -23,7 +23,7 @@ separator: api.operation
 supported_TA:
 - name: Splunk Add-on for AWS
   url: https://splunkbase.splunk.com/app/1876
-  version: 7.9.1
+  version: 7.10.0
 output_fields:
 - dest
 - user

data_sources/aws_cloudfront.yml

@@ -17,7 +17,7 @@ sourcetype: aws:cloudfront:accesslogs
 supported_TA:
 - name: Splunk Add-on for AWS
   url: https://splunkbase.splunk.com/app/1876
-  version: 7.9.1
+  version: 7.10.0
 fields:
 - _time
 - action

data_sources/aws_cloudtrail.yml

@@ -10,4 +10,4 @@ separator: eventName
 supported_TA:
 - name: Splunk Add-on for AWS
   url: https://splunkbase.splunk.com/app/1876
-  version: 7.9.1
+  version: 7.10.0

data_sources/aws_cloudtrail_assumerolewithsaml.yml

@@ -18,7 +18,7 @@ separator_value: AssumeRoleWithSAML
 supported_TA:
 - name: Splunk Add-on for AWS
   url: https://splunkbase.splunk.com/app/1876
-  version: 7.9.1
+  version: 7.10.0
 fields:
 - _time
 - action

data_sources/aws_cloudtrail_consolelogin.yml

@@ -18,7 +18,7 @@ separator_value: ConsoleLogin
 supported_TA:
 - name: Splunk Add-on for AWS
   url: https://splunkbase.splunk.com/app/1876
-  version: 7.9.1
+  version: 7.10.0
 fields:
 - _time
 - action
@@ -115,4 +115,4 @@ output_fields:
 - src
 - vendor_account
 - vendor_region
-- vendor_product
+- vendor_product

data_sources/aws_cloudtrail_copyobject.yml

@@ -17,7 +17,7 @@ separator_value: CopyObject
 supported_TA:
 - name: Splunk Add-on for AWS
   url: https://splunkbase.splunk.com/app/1876
-  version: 7.9.1
+  version: 7.10.0
 fields:
 - _time
 - additionalEventData.AuthenticationMethod
@@ -131,4 +131,4 @@ output_fields:
 - src
 - vendor_account
 - vendor_region
-- vendor_product
+- vendor_product

data_sources/aws_cloudtrail_createaccesskey.yml

@@ -17,7 +17,7 @@ separator_value: CreateAccessKey
 supported_TA:
 - name: Splunk Add-on for AWS
   url: https://splunkbase.splunk.com/app/1876
-  version: 7.9.1
+  version: 7.10.0
 fields:
 - _time
 - action
@@ -115,4 +115,4 @@ output_fields:
 - src
 - vendor_account
 - vendor_region
-- vendor_product
+- vendor_product

data_sources/aws_cloudtrail_createkey.yml

@@ -17,7 +17,7 @@ separator_value: CreateKey
 supported_TA:
 - name: Splunk Add-on for AWS
   url: https://splunkbase.splunk.com/app/1876
-  version: 7.9.1
+  version: 7.10.0
 fields:
 - _time
 - app
@@ -162,4 +162,4 @@ output_fields:
 - src
 - vendor_account
 - vendor_region
-- vendor_product
+- vendor_product