splunk
diff --git a/‎data_sources/o365.yml‎
Lines changed: 4 additions & 4 deletions b/‎data_sources/o365.yml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎data_sources/o365_add_app_role_assignment_grant_to_user_.yml‎
Lines changed: 75 additions & 74 deletions b/‎data_sources/o365_add_app_role_assignment_grant_to_user_.yml‎
Lines changed: 75 additions & 74 deletions
diff --git a/‎data_sources/o365_add_app_role_assignment_to_service_principal_.yml‎
Lines changed: 74 additions & 73 deletions b/‎data_sources/o365_add_app_role_assignment_to_service_principal_.yml‎
Lines changed: 74 additions & 73 deletions
@@ -1,13 +1,13 @@
 name: O365
 id: b32de97d-0074-4cca-853c-db22c392b6c0
 version: 1
-date: '2024-07-18'
+date: "2024-07-18"
 author: Patrick Bareiss, Splunk
 description: Data source object for O365.
 source: o365
 sourcetype: o365:management:activity
 separator: Operation
 supported_TA:
-- name: Splunk Add-on for Microsoft Office 365
-  url: https://splunkbase.splunk.com/app/4055
-  version: 4.7.0
+  - name: Splunk Add-on for Microsoft Office 365
+    url: https://splunkbase.splunk.com/app/4055
+    version: 4.8.0
@@ -1,87 +1,88 @@
 name: O365 Add app role assignment grant to user.
 id: ce1d7849-a1d2-47fd-b6eb-d7ef854a860c
 version: 1
-date: '2024-07-18'
+date: "2024-07-18"
 author: Patrick Bareiss, Splunk
 description: Data source object for O365 Add app role assignment grant to user.
 source: o365
 sourcetype: o365:management:activity
 separator: Operation
 supported_TA:
-- name: Splunk Add-on for Microsoft Office 365
-  url: https://splunkbase.splunk.com/app/4055
-  version: 4.7.0
+  - name: Splunk Add-on for Microsoft Office 365
+    url: https://splunkbase.splunk.com/app/4055
+    version: 4.8.0
 fields:
-- _time
-- ActorContextId
-- ActorIpAddress
-- Actor{}.ID
-- Actor{}.Type
-- AzureActiveDirectoryEventType
-- ClientIP
-- CreationTime
-- ExtendedProperties{}.Name
-- ExtendedProperties{}.Value
-- Id
-- InterSystemsId
-- IntraSystemId
-- ModifiedProperties{}.Name
-- ModifiedProperties{}.NewValue
-- ModifiedProperties{}.OldValue
-- ObjectId
-- Operation
-- OrganizationId
-- RecordType
-- ResultStatus
-- SupportTicketId
-- TargetContextId
-- Target{}.ID
-- Target{}.Type
-- UserId
-- UserKey
-- UserType
-- Version
-- Workload
-- additionalDetails
-- app
-- authentication_service
-- command
-- date_hour
-- date_mday
-- date_minute
-- date_month
-- date_second
-- date_wday
-- date_year
-- date_zone
-- dest
-- dest_name
-- dvc
-- event_type
-- extendedAuditEventCategory
-- extended_properties
-- host
-- index
-- linecount
-- object
-- punct
-- record_type
-- signature
-- source
-- sourcetype
-- splunk_server
-- src
-- src_ip
-- src_user
-- status
-- timeendpos
-- timestartpos
-- user
-- user_id
-- user_type
-- vendor_account
-- vendor_product
-example_log: '{"Actor": [{"ID": "[email protected]", "Type": 5}, {"ID":
+  - _time
+  - ActorContextId
+  - ActorIpAddress
+  - Actor{}.ID
+  - Actor{}.Type
+  - AzureActiveDirectoryEventType
+  - ClientIP
+  - CreationTime
+  - ExtendedProperties{}.Name
+  - ExtendedProperties{}.Value
+  - Id
+  - InterSystemsId
+  - IntraSystemId
+  - ModifiedProperties{}.Name
+  - ModifiedProperties{}.NewValue
+  - ModifiedProperties{}.OldValue
+  - ObjectId
+  - Operation
+  - OrganizationId
+  - RecordType
+  - ResultStatus
+  - SupportTicketId
+  - TargetContextId
+  - Target{}.ID
+  - Target{}.Type
+  - UserId
+  - UserKey
+  - UserType
+  - Version
+  - Workload
+  - additionalDetails
+  - app
+  - authentication_service
+  - command
+  - date_hour
+  - date_mday
+  - date_minute
+  - date_month
+  - date_second
+  - date_wday
+  - date_year
+  - date_zone
+  - dest
+  - dest_name
+  - dvc
+  - event_type
+  - extendedAuditEventCategory
+  - extended_properties
+  - host
+  - index
+  - linecount
+  - object
+  - punct
+  - record_type
+  - signature
+  - source
+  - sourcetype
+  - splunk_server
+  - src
+  - src_ip
+  - src_user
+  - status
+  - timeendpos
+  - timestartpos
+  - user
+  - user_id
+  - user_type
+  - vendor_account
+  - vendor_product
+example_log:
+  '{"Actor": [{"ID": "[email protected]", "Type": 5}, {"ID":
   "10037FFEA938FB92", "Type": 3}, {"ID": "74658136-14ec-4630-ad9b-26e160ff0fc6", "Type":
   2}, {"ID": "User_bfb8c366-0406-41a5-b3e3-328f4a3b4484", "Type": 2}, {"ID": "bfb8c366-0406-41a5-b3e3-328f4a3b4484",
   "Type": 2}, {"ID": "User", "Type": 2}], "ActorContextId": "0e8108b1-18e9-41a4-961b-dfcddf92ef08",
 
@@ -1,86 +1,87 @@
 name: O365 Add app role assignment to service principal.
 id: 785ba57a-ba7b-474e-97c8-9474e6e00b3a
 version: 1
-date: '2024-07-18'
+date: "2024-07-18"
 author: Patrick Bareiss, Splunk
 description: Data source object for O365 Add app role assignment to service principal.
 source: o365
 sourcetype: o365:management:activity
 separator: Operation
 supported_TA:
-- name: Splunk Add-on for Microsoft Office 365
-  url: https://splunkbase.splunk.com/app/4055
-  version: 4.7.0
+  - name: Splunk Add-on for Microsoft Office 365
+    url: https://splunkbase.splunk.com/app/4055
+    version: 4.8.0
 fields:
-- _time
-- ActorContextId
-- Actor{}.ID
-- Actor{}.Type
-- AzureActiveDirectoryEventType
-- CreationTime
-- ExtendedProperties{}.Name
-- ExtendedProperties{}.Value
-- Id
-- InterSystemsId
-- IntraSystemId
-- ModifiedProperties{}.Name
-- ModifiedProperties{}.NewValue
-- ModifiedProperties{}.OldValue
-- ObjectId
-- Operation
-- OrganizationId
-- RecordType
-- ResultStatus
-- SupportTicketId
-- TargetContextId
-- Target{}.ID
-- Target{}.Type
-- UserId
-- UserKey
-- UserType
-- Version
-- Workload
-- additionalDetails
-- app
-- authentication_service
-- command
-- date_hour
-- date_mday
-- date_minute
-- date_month
-- date_second
-- date_wday
-- date_year
-- date_zone
-- dest
-- dest_name
-- dvc
-- event_type
-- eventtype
-- extendedAuditEventCategory
-- host
-- index
-- linecount
-- object
-- punct
-- record_type
-- signature
-- source
-- sourcetype
-- splunk_server
-- status
-- tag
-- tag::eventtype
-- timeendpos
-- timestartpos
-- user
-- user_agent
-- user_agent_change
-- user_id
-- user_type
-- vendor_account
-- vendor_product
-example_log: '{"CreationTime": "2024-02-08T21:49:53", "Id": "a6bee61d-8b3f-42e1-b4fa-778fb05c43ac",
+  - _time
+  - ActorContextId
+  - Actor{}.ID
+  - Actor{}.Type
+  - AzureActiveDirectoryEventType
+  - CreationTime
+  - ExtendedProperties{}.Name
+  - ExtendedProperties{}.Value
+  - Id
+  - InterSystemsId
+  - IntraSystemId
+  - ModifiedProperties{}.Name
+  - ModifiedProperties{}.NewValue
+  - ModifiedProperties{}.OldValue
+  - ObjectId
+  - Operation
+  - OrganizationId
+  - RecordType
+  - ResultStatus
+  - SupportTicketId
+  - TargetContextId
+  - Target{}.ID
+  - Target{}.Type
+  - UserId
+  - UserKey
+  - UserType
+  - Version
+  - Workload
+  - additionalDetails
+  - app
+  - authentication_service
+  - command
+  - date_hour
+  - date_mday
+  - date_minute
+  - date_month
+  - date_second
+  - date_wday
+  - date_year
+  - date_zone
+  - dest
+  - dest_name
+  - dvc
+  - event_type
+  - eventtype
+  - extendedAuditEventCategory
+  - host
+  - index
+  - linecount
+  - object
+  - punct
+  - record_type
+  - signature
+  - source
+  - sourcetype
+  - splunk_server
+  - status
+  - tag
+  - tag::eventtype
+  - timeendpos
+  - timestartpos
+  - user
+  - user_agent
+  - user_agent_change
+  - user_id
+  - user_type
+  - vendor_account
+  - vendor_product
+example_log:
+  '{"CreationTime": "2024-02-08T21:49:53", "Id": "a6bee61d-8b3f-42e1-b4fa-778fb05c43ac",
   "Operation": "Add app role assignment to service principal.", "OrganizationId":
   "75243ab2-44f8-435c-a7a6-b479385df6d4", "RecordType": 8, "ResultStatus": "Success",
   "UserKey": "Not Available", "UserType": 4, "Version": 1, "Workload": "AzureActiveDirectory",