splunk
diff --git a/‎.github/workflows/appinspect.yml‎
Lines changed: 7 additions & 1 deletion b/‎.github/workflows/appinspect.yml‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎.github/workflows/build.yml‎
Lines changed: 7 additions & 1 deletion b/‎.github/workflows/build.yml‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎.github/workflows/unit-testing.yml‎
Lines changed: 7 additions & 1 deletion b/‎.github/workflows/unit-testing.yml‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎contentctl.yml‎
Lines changed: 1 addition & 1 deletion b/‎contentctl.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎data_sources/linux_secure.yml‎
Lines changed: 4 additions & 1 deletion b/‎data_sources/linux_secure.yml‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎detections/application/pingid_mismatch_auth_source_and_verification_response.yml‎
Lines changed: 1 addition & 1 deletion b/‎detections/application/pingid_mismatch_auth_source_and_verification_response.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎detections/application/windows_ad_suspicious_attribute_modification.yml‎
Lines changed: 1 addition & 1 deletion b/‎detections/application/windows_ad_suspicious_attribute_modification.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎detections/application/windows_ad_suspicious_gpo_modification.yml‎
Lines changed: 1 addition & 1 deletion b/‎detections/application/windows_ad_suspicious_gpo_modification.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎detections/cloud/azure_ad_application_administrator_role_assigned.yml‎
Lines changed: 1 addition & 1 deletion b/‎detections/cloud/azure_ad_application_administrator_role_assigned.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎detections/cloud/azure_ad_azurehound_useragent_detected.yml‎
Lines changed: 1 addition & 1 deletion b/‎detections/cloud/azure_ad_azurehound_useragent_detected.yml‎
Lines changed: 1 addition & 1 deletion
@@ -18,7 +18,13 @@ jobs:
 
       - name: Install Python Dependencies and ContentCTL and Atomic Red Team
         run: |
-          pip install contentctl==5.0.0
+          if [ -n "${{ vars.CONTENTCTL_VERSION }}" ]; then
+            echo "Installing contentctl version ${{ vars.CONTENTCTL_VERSION }}"
+            pip install contentctl==${{ vars.CONTENTCTL_VERSION }}
+          else
+            echo "Installing latest contentctl version"
+            pip install contentctl
+          fi
           git clone --depth=1 --single-branch --branch=master https://github.com/redcanaryco/atomic-red-team.git external_repos/atomic-red-team
           git clone --depth=1 --single-branch --branch=master https://github.com/mitre/cti external_repos/cti
       
 
@@ -19,7 +19,13 @@ jobs:
 
       - name: Install Python Dependencies and ContentCTL and Atomic Red Team
         run: |
-          pip install contentctl==5.0.0
+          if [ -n "${{ vars.CONTENTCTL_VERSION }}" ]; then
+            echo "Installing contentctl version ${{ vars.CONTENTCTL_VERSION }}"
+            pip install contentctl==${{ vars.CONTENTCTL_VERSION }}
+          else
+            echo "Installing latest contentctl version"
+            pip install contentctl
+          fi
           git clone --depth=1 --single-branch --branch=master https://github.com/redcanaryco/atomic-red-team.git external_repos/atomic-red-team
           git clone --depth=1 --single-branch --branch=master https://github.com/mitre/cti external_repos/cti
       
 
@@ -23,7 +23,13 @@ jobs:
         - name: Install Python Dependencies and ContentCTL
           run: |
             python -m pip install --upgrade pip
-            pip install contentctl==5.0.0
+            if [ -n "${{ vars.CONTENTCTL_VERSION }}" ]; then
+              echo "Installing contentctl version ${{ vars.CONTENTCTL_VERSION }}"
+              pip install contentctl==${{ vars.CONTENTCTL_VERSION }}
+            else
+              echo "Installing latest contentctl version"
+              pip install contentctl
+            fi
            
         # Running contentctl test with a few arguments, before running the command make sure you checkout into the current branch of the pull request. This step only performs unit testing on all the changes against the target-branch. In most cases this target branch will be develop
         # Make sure we check out the PR, even if it actually lives in a fork
 
@@ -3,7 +3,7 @@ app:
   uid: 3449
   title: ES Content Updates
   appid: DA-ESS-ContentUpdate
-  version: 4.44.0
+  version: 5.0.0
   description: Explore the Analytic Stories included with ES Content Updates.
   prefix: ESCU
   label: ESCU
 
@@ -6,7 +6,10 @@ author: Patrick Bareiss, Splunk
 description: Data source object for Linux Secure
 source: /var/log/secure
 sourcetype: linux_secure
-supported_TA: []
+supported_TA:
+- name: Splunk Add-on for Unix and Linux
+  url: https://splunkbase.splunk.com/app/833
+  version: 9.2.0
 fields:
 - _time
 - action
 
@@ -1,6 +1,6 @@
 name: PingID Mismatch Auth Source and Verification Response
 id: 15b0694e-caa2-4009-8d83-a1f98b86d086
-version: 4
+version: 5
 date: '2025-01-21'
 author: Steven Dick
 status: production
 
@@ -1,6 +1,6 @@
 name: Windows AD Suspicious Attribute Modification
 id: 5682052e-ce55-4f9f-8d28-59191420b7e0
-version: 3
+version: 4
 date: '2025-01-21'
 author: Dean Luxton
 status: production
 
@@ -1,6 +1,6 @@
 name: Windows AD Suspicious GPO Modification
 id: 0a2afc18-a3b5-4452-b60a-2e774214f9bf
-version: 3
+version: 4
 date: '2025-01-21'
 author: Dean Luxton
 status: experimental
 
@@ -1,6 +1,6 @@
 name: Azure AD Application Administrator Role Assigned
 id: eac4de87-7a56-4538-a21b-277897af6d8d
-version: 6
+version: 7
 date: '2024-11-14'
 author: Mauricio Velazco, Gowthamaraj Rajendran, Splunk
 status: production
 
@@ -1,6 +1,6 @@
 name: Azure AD AzureHound UserAgent Detected
 id: d62852db-a1f1-40db-a7fc-c3d56fa8bda3
-version: 1
+version: 2
 date: '2025-01-06'
 author: Dean Luxton 
 data_source: