Merge branch 'develop' into new-research-detection-endpoint

zake1god · web-flow · commit d7629feab886 · 2025-01-04T11:21:35.000+07:00
diff --git a/contentctl.yml b/contentctl.yml
@@ -21,8 +21,8 @@ test_instance:
   hec_port: 8088
   web_ui_port: 8000
   api_port: 8089
-  full_image_path: registry.hub.docker.com/splunk/splunk:latest
 container_settings:
+  full_image_path: registry.hub.docker.com/splunk/splunk:9.3
   leave_running: true
   num_containers: 1
 mode: {}
@@ -77,9 +77,9 @@ apps:
 - uid: 5579
   title: Splunk Add-on for CrowdStrike FDR
   appid: Splunk_TA_CrowdStrike_FDR
-  version: 2.0.2
+  version: 2.0.3
   description: description of app
-  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-crowdstrike-fdr_202.tgz
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-crowdstrike-fdr_203.tgz
 - uid: 3185
   title: Splunk Add-on for Microsoft IIS
   appid: SPLUNK_TA_FOR_IIS
diff --git a/data_sources/crowdstrike_processrollup2.yml b/data_sources/crowdstrike_processrollup2.yml
@@ -10,7 +10,7 @@ separator: event_simpleName
 supported_TA:
 - name: Splunk Add-on for CrowdStrike FDR
   url: https://splunkbase.splunk.com/app/5579
-  version: 2.0.2
+  version: 2.0.3
 fields:
 - AuthenticationId
 - AuthenticationId_meaning
diff --git a/macros/f5_bigip_rogue.yml b/macros/f5_bigip_rogue.yml
@@ -1,4 +1,4 @@
-definition: index=netops sourcetype="f5:bigip:rogue"
+definition: sourcetype="f5:bigip:rogue"
 description: customer specific splunk configurations(eg- index, source, sourcetype).
   Replace the macro definition with configurations for your Splunk Environment.
 name: f5_bigip_rogue
diff --git a/macros/zeek_rpc.yml b/macros/zeek_rpc.yml
@@ -1,4 +1,4 @@
-definition: index=zeek sourcetype="zeek:rpc:json"
+definition: sourcetype="zeek:rpc:json"
 description: customer specific splunk configurations(eg- index, source, sourcetype).
   Replace the macro definition with configurations for your Splunk Environment.
 name: zeek_rpc
diff --git a/macros/zeek_ssl.yml b/macros/zeek_ssl.yml
@@ -1,4 +1,4 @@
-definition: index=zeek sourcetype="zeek:ssl:json"
+definition: sourcetype="zeek:ssl:json"
 description: customer specific splunk configurations(eg- index, source, sourcetype).
   Replace the macro definition with configurations for your Splunk Environment.
 name: zeek_ssl
