Update dist/escu, dist/ssa, and dist/api folders with the latest cont…

…ent associated with this tag
splunk · Apr 4, 2023 · f6eefe8 · f6eefe8
1 parent 79d2736
commit f6eefe8
Show file tree

Hide file tree

Showing 13 changed files with 676 additions and 43 deletions.
diff --git a/dist/api/detections.json b/dist/api/detections.json
diff --git a/dist/api/stories.json b/dist/api/stories.json
diff --git a/dist/escu/app.manifest b/dist/escu/app.manifest
@@ -5,7 +5,7 @@
     "id": {
       "group": null, 
       "name": "DA-ESS-ContentUpdate", 
-      "version": "3.63.0"
+      "version": "3.64.0"
     }, 
     "author": [
       {

diff --git a/dist/escu/default/analyticstories.conf b/dist/escu/default/analyticstories.conf
diff --git a/dist/escu/default/app.conf b/dist/escu/default/app.conf
@@ -4,7 +4,7 @@
 is_configured = false
 state = enabled
 state_change_requires_restart = false
-build = 12686
+build = 12838
 
 [triggers]
 reload.analytic_stories = simple
@@ -20,7 +20,7 @@ reload.es_investigations = simple
 
 [launcher]
 author = Splunk
-version = 3.63.0
+version = 3.64.0
 description = Explore the Analytic Stories included with ES Content Updates.
 
 [ui]

diff --git a/dist/escu/default/collections.conf b/dist/escu/default/collections.conf
@@ -1,6 +1,6 @@
 #############
 # Automatically generated by generator.py in splunk/security_content
-# On Date: 2023-03-30T20:08:38 UTC
+# On Date: 2023-04-04T18:54:41 UTC
 # Author: Splunk Security Research
 # Contact: [email protected]
 #############

diff --git a/dist/escu/default/content-version.conf b/dist/escu/default/content-version.conf
@@ -1,2 +1,2 @@
 [content-version]
-version = 3.63.0
+version = 3.64.0
diff --git a/dist/escu/default/es_investigations.conf b/dist/escu/default/es_investigations.conf
@@ -1,6 +1,6 @@
 #############
 # Automatically generated by generator.py in splunk/security_content
-# On Date: 2023-03-30T20:08:38 UTC
+# On Date: 2023-04-04T18:54:41 UTC
 # Author: Splunk Security Research
 # Contact: [email protected]
 #############

diff --git a/dist/escu/default/macros.conf b/dist/escu/default/macros.conf
@@ -1,6 +1,6 @@
 #############
 # Automatically generated by generator.py in splunk/security_content
-# On Date: 2023-03-30T20:08:38 UTC
+# On Date: 2023-04-04T18:54:41 UTC
 # Author: Splunk Security Research
 # Contact: [email protected]
 #############
@@ -2533,6 +2533,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[powershell_enable_powershell_remoting_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [powershell_enable_smb1protocol_feature_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -2557,6 +2561,14 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[powershell_invoke_cimmethod_cimsession_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
+[powershell_invoke_wmiexec_usage_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [powershell_load_module_in_meterpreter_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -2581,6 +2593,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[powershell_start_or_stop_service_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [powershell_using_memory_as_backing_store_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -3445,6 +3461,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[windows_enable_win32_scheduledjob_via_registry_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [windows_event_for_service_disabled_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -3613,6 +3633,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[windows_lateral_tool_transfer_remcom_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [windows_linked_policies_in_adsi_discovery_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -3813,6 +3837,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[windows_powershell_get_ciminstance_remote_computer_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [windows_powershell_iis_components_webglobalmodule_usage_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -3821,6 +3849,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[windows_powershell_wmi_win32_scheduledjob_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [windows_powerview_constrained_delegation_discovery_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -3925,6 +3957,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[windows_remote_create_service_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [windows_remote_service_rdpwinst_tool_execution_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -3977,10 +4013,18 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[windows_service_create_remcomsvc_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [windows_service_create_sliverc2_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[windows_service_create_with_tscon_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [windows_service_created_with_suspicious_service_path_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.