Release v4.30.0

baselines/baseline_of_smb_traffic___mltk.yml

@@ -36,7 +36,7 @@ tags:
   analytic_story:
   - DHS Report TA18-074A
   - Disabling Security Tools
-  - 'Emotet Malware  DHS Report TA18-201A '
+  - Emotet Malware DHS Report TA18-201A
   - Hidden Cobra Malware
   - Netsh Abuse
   - Ransomware

baselines/deprecated/add_prohibited_processes_to_enterprise_security.yml

@@ -17,7 +17,7 @@ known_false_positives: none
 references: []
 tags:
   analytic_story:
-  - 'Emotet Malware  DHS Report TA18-201A '
+  - Emotet Malware DHS Report TA18-201A
   - Monitor for Unauthorized Software
   - SamSam Ransomware
   asset_type: Endpoint

bin/docker_detection_tester/test_config_github_actions.json

@@ -109,6 +109,11 @@
         "app_number": 2734,
         "app_version": "1.9.2",
         "http_path": "https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/url-toolbox_192.tgz"
+    },
+    "Splunk_TA_okta_identity_cloud": {
+        "app_number": 6553,
+        "app_version": "2.1.0,",
+        "http_path": "https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-okta-identity-cloud_210.tgz"
     }
 },
   "branch": "BRANCH_DOES_NOT_EXIST_USE_CLI_ARGUMENT",

contentctl.yml

@@ -6,7 +6,7 @@ build:
   path_root: dist
   prefix: ESCU
   build: 004210
-  version: 4.29.0
+  version: 4.30.0
   label: ES Content Updates
   author_name: Splunk Threat Research Team
   author_email: research@splunk.com

contentctl_test.yml

@@ -5,10 +5,30 @@ infrastructure_config:
   full_image_path: registry.hub.docker.com/splunk/splunk:latest
 post_test_behavior: pause_on_failure
 mode: changes
-detections_list: null
+detections_list: null 
 splunkbase_username: null
 splunkbase_password: null
 apps:
+- uid: 1621
+  appid: Splunk_SA_CIM
+  title: Splunk Common Information Model (CIM)
+  description: null
+  release: 5.2.0
+  local_path: null
+  http_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-common-information-model-cim_520.tgz
+  splunkbase_path: null
+  environment_path: ENVIRONMENT_PATH_NOT_SET
+  force_local: false
+- uid: 6553
+  appid: Splunk_TA_okta_identity_cloud
+  title: Splunk Add-on for Okta Identity Cloud
+  description: null
+  release: 2.1.0
+  local_path: null
+  http_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-okta-identity-cloud_210.tgz
+  splunkbase_path: null
+  environment_path: ENVIRONMENT_PATH_NOT_SET
+  force_local: false
 - uid: 6176
   appid: Splunk_TA_linux_sysmon
   title: Add-on for Linux Sysmon
@@ -45,9 +65,9 @@ apps:
   appid: Splunk_TA_microsoft_sysmon
   title: Splunk Add-on for Sysmon
   description: null
-  release: 3.1.0
+  release: 4.0.0
   local_path: null
-  http_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-sysmon_310.tgz
+  http_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-sysmon_400.tgz
   splunkbase_path: null
   environment_path: ENVIRONMENT_PATH_NOT_SET
   force_local: false
@@ -65,19 +85,19 @@ apps:
   appid: Splunk_TA_CrowdStrike_FDR
   title: Splunk Add-on for CrowdStrike FDR
   description: null
-  release: 1.4.0
+  release: 1.5.0
   local_path: null
-  http_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-crowdstrike-fdr_140.tgz
+  http_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-crowdstrike-fdr_150.tgz
   splunkbase_path: null
   environment_path: ENVIRONMENT_PATH_NOT_SET
   force_local: false
 - uid: 3185
   appid: SPLUNK_TA_FOR_IIS
   title: Splunk Add-on for Microsoft IIS
   description: null
-  release: 1.2.0
+  release: 1.3.0
   local_path: null
-  http_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-microsoft-iis_120.tgz
+  http_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-microsoft-iis_130.tgz
   splunkbase_path: null
   environment_path: ENVIRONMENT_PATH_NOT_SET
   force_local: false
@@ -95,19 +115,19 @@ apps:
   appid: SPLUNK_TA_FOR_ZEEK
   title: TA for Zeek
   description: null
-  release: 1.0.5
+  release: 1.0.6
   local_path: null
-  http_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/ta-for-zeek_105.tgz
+  http_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/ta-for-zeek_106.tgz
   splunkbase_path: null
   environment_path: ENVIRONMENT_PATH_NOT_SET
   force_local: false
 - uid: 3258
   appid: SPLUNK_ADD_ON_FOR_NGINX
   title: Splunk Add-on for NGINX
   description: null
-  release: 3.2.1
+  release: 3.2.2
   local_path: null
-  http_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-nginx_321.tgz
+  http_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-nginx_322.tgz
   splunkbase_path: null
   environment_path: ENVIRONMENT_PATH_NOT_SET
   force_local: false
@@ -135,9 +155,9 @@ apps:
   appid: PALO_ALTO_NETWORKS_ADD_ON_FOR_SPLUNK
   title: Palo Alto Networks Add-on for Splunk
   description: null
-  release: 8.1.0
+  release: 8.1.1
   local_path: null
-  http_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/palo-alto-networks-add-on-for-splunk_810.tgz
+  http_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/palo-alto-networks-add-on-for-splunk_811.tgz
   splunkbase_path: null
   environment_path: ENVIRONMENT_PATH_NOT_SET
   force_local: false
@@ -165,49 +185,49 @@ apps:
   appid: Splunk_TA_aws
   title: Splunk Add-on for AWS
   description: null
-  release: 7.2.0
+  release: 7.5.0
   local_path: null
-  http_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-amazon-web-services-aws_720.tgz
+  http_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-amazon-web-services-aws_750.tgz
   splunkbase_path: null
   environment_path: ENVIRONMENT_PATH_NOT_SET
   force_local: false
 - uid: 3088
   appid: SPLUNK_ADD_ON_FOR_GOOGLE_CLOUD_PLATFORM
   title: Splunk Add-on for Google Cloud Platform
   description: null
-  release: 4.3.0
+  release: 4.4.0
   local_path: null
-  http_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-google-cloud-platform_430.tgz
+  http_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-google-cloud-platform_440.tgz
   splunkbase_path: null
   environment_path: ENVIRONMENT_PATH_NOT_SET
   force_local: false
 - uid: 5556
   appid: SPLUNK_ADD_ON_FOR_GOOGLE_WORKSPACE
   title: Splunk Add-on for Google Workspace
   description: null
-  release: 2.6.0
+  release: 2.6.3
   local_path: null
-  http_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-google-workspace_260.tgz
+  http_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-google-workspace_263.tgz
   splunkbase_path: null
   environment_path: ENVIRONMENT_PATH_NOT_SET
   force_local: false
 - uid: 3110
   appid: SPLUNK_TA_MICROSOFT_CLOUD_SERVICES
   title: Splunk Add-on for Microsoft Cloud Services
   description: null
-  release: 5.2.1
+  release: 5.2.2
   local_path: null
-  http_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-microsoft-cloud-services_521.tgz
+  http_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-microsoft-cloud-services_522.tgz
   splunkbase_path: null
   environment_path: ENVIRONMENT_PATH_NOT_SET
   force_local: false
 - uid: 4055
   appid: SPLUNK_ADD_ON_FOR_MICROSOFT_OFFICE_365
   title: Splunk Add-on for Microsoft Office 365
   description: null
-  release: 4.3.0
+  release: 4.5.1
   local_path: null
-  http_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-microsoft-office-365_430.tgz
+  http_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-microsoft-office-365_451.tgz
   splunkbase_path: null
   environment_path: ENVIRONMENT_PATH_NOT_SET
   force_local: false
@@ -230,14 +250,4 @@ apps:
   http_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/url-toolbox_192.tgz
   splunkbase_path: null
   environment_path: ENVIRONMENT_PATH_NOT_SET
-  force_local: false
-- uid: 1621
-  appid: Splunk_SA_CIM
-  title: Splunk Common Information Model (CIM)
-  description: null
-  release: 5.2.0
-  local_path: null
-  http_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-common-information-model-cim_520.tgz
-  splunkbase_path: null
-  environment_path: ENVIRONMENT_PATH_NOT_SET
-  force_local: false
+  force_local: false