Skip to content

Commit d6f58a1

Browse files
ljstellaljstella
authored
Merge branch 'develop' into auto_update_187
2 parents e060e96 + a1e4783 commit d6f58a1

23 files changed

+1294
-1270
lines changed

contentctl.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -161,9 +161,9 @@ apps:
161161
- uid: 3110
162162
title: Splunk Add-on for Microsoft Cloud Services
163163
appid: SPLUNK_TA_MICROSOFT_CLOUD_SERVICES
164-
version: 5.4.2
164+
version: 5.4.3
165165
description: description of app
166-
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-microsoft-cloud-services_542.tgz
166+
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-microsoft-cloud-services_543.tgz
167167
- uid: 4055
168168
title: Splunk Add-on for Microsoft Office 365
169169
appid: SPLUNK_ADD_ON_FOR_MICROSOFT_OFFICE_365

data_sources/azure_active_directory.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,4 +10,4 @@ separator: operationName
1010
supported_TA:
1111
- name: Splunk Add-on for Microsoft Cloud Services
1212
url: https://splunkbase.splunk.com/app/3110
13-
version: 5.4.2
13+
version: 5.4.3

data_sources/azure_active_directory_add_app_role_assignment_to_service_principal.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ separator: operationName
1111
supported_TA:
1212
- name: Splunk Add-on for Microsoft Cloud Services
1313
url: https://splunkbase.splunk.com/app/3110
14-
version: 5.4.2
14+
version: 5.4.3
1515
fields:
1616
- _time
1717
- Level

data_sources/azure_active_directory_add_member_to_role.yml

Lines changed: 56 additions & 55 deletions
Original file line numberDiff line numberDiff line change
@@ -1,68 +1,69 @@
11
name: Azure Active Directory Add member to role
22
id: 1660d196-127f-4678-81b2-472d51711b07
33
version: 1
4-
date: '2024-07-18'
4+
date: "2024-07-18"
55
author: Patrick Bareiss, Splunk
66
description: Data source object for Azure Active Directory Add member to role
77
source: Azure AD
88
sourcetype: azure:monitor:aad
99
separator: operationName
1010
supported_TA:
11-
- name: Splunk Add-on for Microsoft Cloud Services
12-
url: https://splunkbase.splunk.com/app/3110
13-
version: 5.4.2
11+
- name: Splunk Add-on for Microsoft Cloud Services
12+
url: https://splunkbase.splunk.com/app/3110
13+
version: 5.4.3
1414
fields:
15-
- _time
16-
- Level
17-
- callerIpAddress
18-
- category
19-
- correlationId
20-
- date_hour
21-
- date_mday
22-
- date_minute
23-
- date_month
24-
- date_second
25-
- date_wday
26-
- date_year
27-
- date_zone
28-
- durationMs
29-
- host
30-
- index
31-
- linecount
32-
- operationName
33-
- operationVersion
34-
- properties.activityDateTime
35-
- properties.activityDisplayName
36-
- properties.category
37-
- properties.correlationId
38-
- properties.id
39-
- properties.initiatedBy.user.displayName
40-
- properties.initiatedBy.user.id
41-
- properties.initiatedBy.user.ipAddress
42-
- properties.initiatedBy.user.userPrincipalName
43-
- properties.loggedByService
44-
- properties.operationType
45-
- properties.result
46-
- properties.resultReason
47-
- properties.targetResources{}.displayName
48-
- properties.targetResources{}.id
49-
- properties.targetResources{}.modifiedProperties{}.displayName
50-
- properties.targetResources{}.modifiedProperties{}.newValue
51-
- properties.targetResources{}.modifiedProperties{}.oldValue
52-
- properties.targetResources{}.type
53-
- properties.targetResources{}.userPrincipalName
54-
- properties.userAgent
55-
- punct
56-
- resourceId
57-
- resultSignature
58-
- source
59-
- sourcetype
60-
- splunk_server
61-
- tenantId
62-
- time
63-
- timeendpos
64-
- timestartpos
65-
example_log: '{"time": "2023-04-28T16:39:51.9312625Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam",
15+
- _time
16+
- Level
17+
- callerIpAddress
18+
- category
19+
- correlationId
20+
- date_hour
21+
- date_mday
22+
- date_minute
23+
- date_month
24+
- date_second
25+
- date_wday
26+
- date_year
27+
- date_zone
28+
- durationMs
29+
- host
30+
- index
31+
- linecount
32+
- operationName
33+
- operationVersion
34+
- properties.activityDateTime
35+
- properties.activityDisplayName
36+
- properties.category
37+
- properties.correlationId
38+
- properties.id
39+
- properties.initiatedBy.user.displayName
40+
- properties.initiatedBy.user.id
41+
- properties.initiatedBy.user.ipAddress
42+
- properties.initiatedBy.user.userPrincipalName
43+
- properties.loggedByService
44+
- properties.operationType
45+
- properties.result
46+
- properties.resultReason
47+
- properties.targetResources{}.displayName
48+
- properties.targetResources{}.id
49+
- properties.targetResources{}.modifiedProperties{}.displayName
50+
- properties.targetResources{}.modifiedProperties{}.newValue
51+
- properties.targetResources{}.modifiedProperties{}.oldValue
52+
- properties.targetResources{}.type
53+
- properties.targetResources{}.userPrincipalName
54+
- properties.userAgent
55+
- punct
56+
- resourceId
57+
- resultSignature
58+
- source
59+
- sourcetype
60+
- splunk_server
61+
- tenantId
62+
- time
63+
- timeendpos
64+
- timestartpos
65+
example_log:
66+
'{"time": "2023-04-28T16:39:51.9312625Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam",
6667
"operationName": "Add member to role", "operationVersion": "1.0", "category": "AuditLogs",
6768
"tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultSignature": "None", "durationMs":
6869
0, "callerIpAddress": "52.177.250.168", "correlationId": "b425f2d7-2245-4952-b599-61dff8054f2b",

data_sources/azure_active_directory_add_owner_to_application.yml

Lines changed: 61 additions & 60 deletions
Original file line numberDiff line numberDiff line change
@@ -1,73 +1,74 @@
11
name: Azure Active Directory Add owner to application
22
id: e895ed56-7be4-4b3a-b782-ecd0f594ec4c
33
version: 1
4-
date: '2024-07-18'
4+
date: "2024-07-18"
55
author: Patrick Bareiss, Splunk
66
description: Data source object for Azure Active Directory Add owner to application
77
source: Azure AD
88
sourcetype: azure:monitor:aad
99
separator: operationName
1010
supported_TA:
11-
- name: Splunk Add-on for Microsoft Cloud Services
12-
url: https://splunkbase.splunk.com/app/3110
13-
version: 5.4.2
11+
- name: Splunk Add-on for Microsoft Cloud Services
12+
url: https://splunkbase.splunk.com/app/3110
13+
version: 5.4.3
1414
fields:
15-
- _time
16-
- Level
17-
- callerIpAddress
18-
- category
19-
- correlationId
20-
- date_hour
21-
- date_mday
22-
- date_minute
23-
- date_month
24-
- date_second
25-
- date_wday
26-
- date_year
27-
- date_zone
28-
- durationMs
29-
- eventtype
30-
- host
31-
- index
32-
- linecount
33-
- operationName
34-
- operationVersion
35-
- properties.activityDateTime
36-
- properties.activityDisplayName
37-
- properties.additionalDetails{}.key
38-
- properties.additionalDetails{}.value
39-
- properties.category
40-
- properties.correlationId
41-
- properties.id
42-
- properties.initiatedBy.user.displayName
43-
- properties.initiatedBy.user.id
44-
- properties.initiatedBy.user.ipAddress
45-
- properties.initiatedBy.user.userPrincipalName
46-
- properties.loggedByService
47-
- properties.operationType
48-
- properties.result
49-
- properties.resultReason
50-
- properties.targetResources{}.displayName
51-
- properties.targetResources{}.id
52-
- properties.targetResources{}.modifiedProperties{}.displayName
53-
- properties.targetResources{}.modifiedProperties{}.newValue
54-
- properties.targetResources{}.modifiedProperties{}.oldValue
55-
- properties.targetResources{}.type
56-
- properties.targetResources{}.userPrincipalName
57-
- properties.userAgent
58-
- punct
59-
- resourceId
60-
- resultSignature
61-
- source
62-
- sourcetype
63-
- splunk_server
64-
- tag
65-
- tag::eventtype
66-
- tenantId
67-
- time
68-
- timeendpos
69-
- timestartpos
70-
example_log: '{"time": "2023-06-20T15:54:13.2420879Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam",
15+
- _time
16+
- Level
17+
- callerIpAddress
18+
- category
19+
- correlationId
20+
- date_hour
21+
- date_mday
22+
- date_minute
23+
- date_month
24+
- date_second
25+
- date_wday
26+
- date_year
27+
- date_zone
28+
- durationMs
29+
- eventtype
30+
- host
31+
- index
32+
- linecount
33+
- operationName
34+
- operationVersion
35+
- properties.activityDateTime
36+
- properties.activityDisplayName
37+
- properties.additionalDetails{}.key
38+
- properties.additionalDetails{}.value
39+
- properties.category
40+
- properties.correlationId
41+
- properties.id
42+
- properties.initiatedBy.user.displayName
43+
- properties.initiatedBy.user.id
44+
- properties.initiatedBy.user.ipAddress
45+
- properties.initiatedBy.user.userPrincipalName
46+
- properties.loggedByService
47+
- properties.operationType
48+
- properties.result
49+
- properties.resultReason
50+
- properties.targetResources{}.displayName
51+
- properties.targetResources{}.id
52+
- properties.targetResources{}.modifiedProperties{}.displayName
53+
- properties.targetResources{}.modifiedProperties{}.newValue
54+
- properties.targetResources{}.modifiedProperties{}.oldValue
55+
- properties.targetResources{}.type
56+
- properties.targetResources{}.userPrincipalName
57+
- properties.userAgent
58+
- punct
59+
- resourceId
60+
- resultSignature
61+
- source
62+
- sourcetype
63+
- splunk_server
64+
- tag
65+
- tag::eventtype
66+
- tenantId
67+
- time
68+
- timeendpos
69+
- timestartpos
70+
example_log:
71+
'{"time": "2023-06-20T15:54:13.2420879Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam",
7172
"operationName": "Add owner to application", "operationVersion": "1.0", "category":
7273
"AuditLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultSignature":
7374
"None", "durationMs": 0, "callerIpAddress": "20.190.135.43", "correlationId": "231de5d4-2156-433a-8163-48956bdaa040",

0 commit comments

Comments
 (0)