Update dist/escu, dist/ssa, and dist/api folders with the latest cont…

…ent associated with this tag
splunk · Oct 18, 2023 · 7df57b0 · 7df57b0
1 parent ba0e12c
commit 7df57b0
Show file tree

Hide file tree

Showing 81 changed files with 1,029 additions and 406 deletions.
diff --git a/dist/api/detections.json b/dist/api/detections.json
diff --git a/dist/api/lookups.json b/dist/api/lookups.json
diff --git a/dist/api/macros.json b/dist/api/macros.json
diff --git a/dist/api/stories.json b/dist/api/stories.json
diff --git a/dist/escu/app.manifest b/dist/escu/app.manifest
@@ -5,7 +5,7 @@
     "id": {
       "group": null, 
       "name": "DA-ESS-ContentUpdate", 
-      "version": "4.13.0"
+      "version": "4.14.0"
     }, 
     "author": [
       {

diff --git a/dist/escu/default/analyticstories.conf b/dist/escu/default/analyticstories.conf
diff --git a/dist/escu/default/app.conf b/dist/escu/default/app.conf
@@ -4,7 +4,7 @@
 is_configured = false
 state = enabled
 state_change_requires_restart = false
-build = 17306
+build = 17448
 
 [triggers]
 reload.analytic_stories = simple
@@ -20,7 +20,7 @@ reload.es_investigations = simple
 
 [launcher]
 author = Splunk
-version = 4.13.0
+version = 4.14.0
 description = Explore the Analytic Stories included with ES Content Updates.
 
 [ui]

diff --git a/dist/escu/default/collections.conf b/dist/escu/default/collections.conf
@@ -1,6 +1,6 @@
 #############
 # Automatically generated by generator.py in splunk/security_content
-# On Date: 2023-10-04T22:36:05 UTC
+# On Date: 2023-10-18T20:29:18 UTC
 # Author: Splunk Security Research
 # Contact: [email protected]
 #############

diff --git a/dist/escu/default/content-version.conf b/dist/escu/default/content-version.conf
@@ -1,2 +1,2 @@
 [content-version]
-version = 4.13.0
+version = 4.14.0
diff --git a/dist/escu/default/es_investigations.conf b/dist/escu/default/es_investigations.conf
@@ -1,6 +1,6 @@
 #############
 # Automatically generated by generator.py in splunk/security_content
-# On Date: 2023-10-04T22:36:05 UTC
+# On Date: 2023-10-18T20:29:18 UTC
 # Author: Splunk Security Research
 # Contact: [email protected]
 #############

diff --git a/dist/escu/default/macros.conf b/dist/escu/default/macros.conf
@@ -1,6 +1,6 @@
 #############
 # Automatically generated by generator.py in splunk/security_content
-# On Date: 2023-10-04T22:36:05 UTC
+# On Date: 2023-10-18T20:29:18 UTC
 # Author: Splunk Security Research
 # Contact: [email protected]
 #############
@@ -1573,6 +1573,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[detect_certipy_file_modifications_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [detect_computer_changed_with_anonymous_account_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -4105,6 +4109,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[windows_domain_admin_impersonation_indicator_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [windows_dotnet_binary_in_non_standard_path_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -4793,6 +4801,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[windows_registry_sip_provider_modification_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [windows_regsvr32_renamed_binary_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -4933,6 +4945,14 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[windows_sip_provider_inventory_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
+[windows_sip_winverifytrust_failed_trust_validation_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [windows_snake_malware_file_modification_crmlog_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -4989,6 +5009,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[windows_steal_authentication_certificates___esc1_abuse_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [windows_steal_authentication_certificates_export_certificate_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -5389,6 +5413,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[cisco_ios_xe_implant_access_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [citrix_adc_exploitation_cve_2023_3519_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -5397,6 +5425,14 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[confluence_cve_2023_22515_trigger_vulnerability_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
+[confluence_data_center_and_server_privilege_escalation_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [confluence_unauthenticated_remote_code_execution_cve_2022_26134_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -5457,6 +5493,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[microsoft_sharepoint_server_elevation_of_privilege_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [monitor_web_traffic_for_brand_abuse_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -6131,6 +6171,10 @@ description = customer specific splunk configurations(eg- index, source, sourcet
 definition = sourcetype=stream:tcp
 description = customer specific splunk configurations(eg- index, source, sourcetype). Replace the macro definition with configurations for your Splunk Environmnent.
 
+[subjectinterfacepackage]
+definition = sourcetype="PwSh:SubjectInterfacePackage"
+description = customer specific splunk configurations(eg- index, source, sourcetype). Replace the macro definition with configurations for your Splunk Environmnent.
+
 [suspicious_email_attachments]
 definition = lookup update=true is_suspicious_file_extension_lookup file_name OUTPUT suspicious | search suspicious=true
 description = This macro limits the output to email attachments that have suspicious extensions