v3.1.2 which is Splunk 8.2+ compatible and includes various improveme…

…nts.

TA-linux_auditd/default/app.conf

@@ -8,7 +8,7 @@ label = Linux Auditd Technology Add-On
 [launcher]
 author = doksu
 description = Field extractions, CIM mappings and other artefacts for Linux Auditd
-version = 3.1.0
+version = 3.1.2
 
 [package]
 id = TA-linux_auditd

TA-linux_auditd/default/savedsearches.conf

@@ -25,13 +25,15 @@ search = [|inputlookup auditd_indices] [|inputlookup auditd_sourcetypes] type="U
 [Update auditd_hosts lookup]
 alert.track = 0
 cron_schedule = 30 * * * *
+dispatch.earliest_time = -24h
 enableSched = 1
 schedule_window = 30
 search = | tstats values(host) as host WHERE [|inputlookup auditd_indices] [|inputlookup auditd_sourcetypes] | mvexpand host limit=0 | outputlookup auditd_hosts
 
 [Update auditd_indices lookup]
 alert.track = 0
 cron_schedule = 0 */4 * * *
+dispatch.earliest_time = -7d
 enableSched = 1
 schedule_window = 60
 search = | tstats values(sourcetype) as sourcetype where index=* [|inputlookup auditd_sourcetypes] by index | table index | outputlookup auditd_indices

TA-linux_auditd/lookups/distribution_release.csv

@@ -1,9 +1,11 @@
 distribution_release,distribution_name
-fc27,Fedora 27
-fc28,Fedora 28
-fc29,Fedora 29
 fc30,Fedora 30
+fc31,Fedora 31
+fc32,Fedora 32
+fc33,Fedora 33
+fc34,Fedora 34
 el5,Enterprise Linux 5
 el6,Enterprise Linux 6
 el7,Enterprise Linux 7
 el8,Enterprise Linux 8
+el9,Enterprise Linux 9

linux-auditd/default/app.conf

@@ -8,7 +8,7 @@ label = Linux Auditd
 [launcher]
 author = doksu
 description = The Linux Auditd app provides operational visibility into the events of your linux fleet
-version = 3.1.0
+version = 3.1.2
 
 [package]
 id = linux-auditd

linux-auditd/default/data/ui/views/configure.xml

@@ -1,4 +1,4 @@
-<form>
+<form version="1.1">
   <label>Configure</label>
   <description>This dashboard is used to initially configure all the Linux Auditd app's lookups. Please use the time picker to determine how far back the app should learn then click 'Submit'.</description>
   <fieldset submitButton="true">

linux-auditd/default/data/ui/views/help.xml

@@ -1,4 +1,4 @@
-<dashboard refresh="60">
+<dashboard version="1.1" refresh="60">
   <label>Help</label>
   <description></description>
   <row>

linux-auditd/default/data/ui/views/host.xml

@@ -1,4 +1,4 @@
-<form>
+<form version="1.1">
   <label>Host</label>
   <fieldset submitButton="false">
     <input type="dropdown" token="host">

linux-auditd/default/data/ui/views/kernel.xml

@@ -1,4 +1,4 @@
-<form>
+<form version="1.1">
   <label>Kernel</label>
   <description></description>
   <fieldset submitButton="true" autoRun="false">

linux-auditd/default/data/ui/views/soc.xml

@@ -1,4 +1,4 @@
-<dashboard refresh="300">
+<dashboard version="1.1" refresh="300">
   <label>Security Operations Centre</label>
   <row>
     <panel>

linux-auditd/default/data/ui/views/syscall.xml

@@ -1,4 +1,4 @@
-<form>
+<form version="1.1">
   <label>System Call</label>
   <description></description>
   <fieldset submitButton="true">

linux-auditd/default/data/ui/views/te.xml

@@ -1,4 +1,4 @@
-<form>
+<form version="1.1">
   <label>Type Enforcement</label>
   <description></description>
   <fieldset submitButton="true">

linux-auditd/default/data/ui/views/tty.xml

@@ -1,4 +1,4 @@
-<form>
+<form version="1.1">
   <label>User TTY</label>
   <fieldset submitButton="true">
     <input type="text" token="host">

linux-auditd/default/data/ui/views/user_cmd.xml

@@ -1,4 +1,4 @@
-<form>
+<form version="1.1">
   <label>Sudo</label>
   <fieldset submitButton="true">
     <input type="text" token="host">