Update dist/escu, dist/ssa, and dist/api folders with the latest cont…

…ent associated with this tag

dist/escu/app.manifest

@@ -5,7 +5,7 @@
     "id": {
       "group": null, 
       "name": "DA-ESS-ContentUpdate", 
-      "version": "4.11.1"
+      "version": "4.12.0"
     }, 
     "author": [
       {

dist/escu/default/app.conf

@@ -4,7 +4,7 @@
 is_configured = false
 state = enabled
 state_change_requires_restart = false
-build = 16958
+build = 17107
 
 [triggers]
 reload.analytic_stories = simple
@@ -20,7 +20,7 @@ reload.es_investigations = simple
 
 [launcher]
 author = Splunk
-version = 4.11.1
+version = 4.12.0
 description = Explore the Analytic Stories included with ES Content Updates.
 
 [ui]

dist/escu/default/collections.conf

@@ -1,6 +1,6 @@
 #############
 # Automatically generated by generator.py in splunk/security_content
-# On Date: 2023-09-05T22:20:53 UTC
+# On Date: 2023-09-20T19:43:15 UTC
 # Author: Splunk Security Research
 # Contact: research@splunk.com
 #############

dist/escu/default/content-version.conf

@@ -1,2 +1,2 @@
 [content-version]
-version = 4.11.1
+version = 4.12.0

dist/escu/default/es_investigations.conf

@@ -1,6 +1,6 @@
 #############
 # Automatically generated by generator.py in splunk/security_content
-# On Date: 2023-09-05T22:20:53 UTC
+# On Date: 2023-09-20T19:43:15 UTC
 # Author: Splunk Security Research
 # Contact: research@splunk.com
 #############

dist/escu/default/macros.conf

@@ -1,6 +1,6 @@
 #############
 # Automatically generated by generator.py in splunk/security_content
-# On Date: 2023-09-05T22:20:53 UTC
+# On Date: 2023-09-20T19:43:15 UTC
 # Author: Splunk Security Research
 # Contact: research@splunk.com
 #############
@@ -2237,6 +2237,14 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[headless_browser_mockbin_or_mocky_request_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
+[headless_browser_usage_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [hide_user_account_from_sign_in_screen_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -3757,6 +3765,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[windows_ad_abnormal_object_access_activity_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [windows_ad_adminsdholder_acl_modified_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -3789,6 +3801,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[windows_ad_privileged_object_access_activity_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [windows_ad_replication_request_initiated_by_user_account_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -4125,10 +4141,22 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[windows_find_domain_organizational_units_with_getdomainou_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
+[windows_find_interesting_acl_with_findinterestingdomainacl_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [windows_findstr_gpp_discovery_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[windows_forest_discovery_with_getforestdomain_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [windows_gather_victim_host_information_camera_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -4145,6 +4173,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[windows_get_local_admin_with_findlocaladminaccess_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [windows_group_policy_object_created_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.

dist/escu/default/transforms.conf

@@ -1,6 +1,6 @@
 #############
 # Automatically generated by generator.py in splunk/security_content
-# On Date: 2023-09-05T22:20:53 UTC
+# On Date: 2023-09-20T19:43:15 UTC
 # Author: Splunk Security Research
 # Contact: research@splunk.com
 #############

dist/escu/default/workflow_actions.conf

@@ -1,6 +1,6 @@
 #############
 # Automatically generated by generator.py in splunk/security_content
-# On Date: 2023-09-05T22:20:53 UTC
+# On Date: 2023-09-20T19:43:15 UTC
 # Author: Splunk Security Research
 # Contact: research@splunk.com
 #############