Updating Github with Content from ESCU - v4.28.0

contentctl.yml

@@ -6,7 +6,7 @@ build:
   path_root: dist
   prefix: ESCU
   build: 004210
-  version: 4.26.0
+  version: 4.28.0
   label: ES Content Updates
   author_name: Splunk Threat Research Team
   author_email: research@splunk.com

dist/DA-ESS-ContentUpdate/app.manifest

@@ -5,7 +5,7 @@
     "id": {
       "group": null, 
       "name": "DA-ESS-ContentUpdate", 
-      "version": "4.26.0"
+      "version": "4.28.0"
     }, 
     "author": [
       {

dist/DA-ESS-ContentUpdate/default/app.conf

@@ -1,6 +1,6 @@
 #############
 # Automatically generated by generator.py in splunk/security_content
-# On Date: 2024-03-20T22:50:47 UTC
+# On Date: 2024-03-27T17:04:50 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############
@@ -10,7 +10,7 @@
 is_configured = false
 state = enabled
 state_change_requires_restart = false
-build = 20240320224914
+build = 20240327170110
 
 [triggers]
 reload.analytic_stories = simple
@@ -26,7 +26,7 @@ reload.es_investigations = simple
 
 [launcher]
 author = Splunk
-version = 4.26.0 
+version = 4.28.0 
 description = Explore the Analytic Stories included with ES Content Updates.
 
 [ui]

dist/DA-ESS-ContentUpdate/default/collections.conf

@@ -1,6 +1,6 @@
 #############
 # Automatically generated by generator.py in splunk/security_content
-# On Date: 2024-03-20T22:50:47 UTC
+# On Date: 2024-03-27T17:04:50 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/content-version.conf

@@ -1,8 +1,8 @@
 #############
 # Automatically generated by generator.py in splunk/security_content
-# On Date: 2024-03-20T22:50:47 UTC
+# On Date: 2024-03-27T17:04:50 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############
 [content-version]
-version = 4.26.0 
+version = 4.28.0 

dist/DA-ESS-ContentUpdate/default/es_investigations.conf

@@ -1,6 +1,6 @@
 #############
 # Automatically generated by generator.py in splunk/security_content
-# On Date: 2024-03-20T22:50:47 UTC
+# On Date: 2024-03-27T17:04:50 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/macros.conf

@@ -1,6 +1,6 @@
 #############
 # Automatically generated by generator.py in splunk/security_content
-# On Date: 2024-03-20T22:50:47 UTC
+# On Date: 2024-03-27T17:04:50 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############
@@ -137,6 +137,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[splunk_authentication_token_exposure_in_debug_log_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [splunk_code_injection_via_custom_dashboard_leading_to_rce_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.

dist/DA-ESS-ContentUpdate/default/transforms.conf

@@ -1,6 +1,6 @@
 #############
 # Automatically generated by generator.py in splunk/security_content
-# On Date: 2024-03-20T22:50:47 UTC
+# On Date: 2024-03-27T17:04:50 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/workflow_actions.conf

@@ -1,6 +1,6 @@
 #############
 # Automatically generated by generator.py in splunk/security_content
-# On Date: 2024-03-20T22:50:47 UTC
+# On Date: 2024-03-27T17:04:50 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/api/version.json

@@ -1 +1 @@
-{"version": {"name": "v4.26.0", "published_at": "2024-03-20T22:53:52Z"}}
+{"version": {"name": "v4.28.0", "published_at": "2024-03-27T17:07:08Z"}}