From 5097cd5fef96e810dea135f087e2a742159e4076 Mon Sep 17 00:00:00 2001 From: Bhavin Patel Date: Wed, 6 Aug 2025 14:08:17 -0500 Subject: [PATCH 1/2] removed detections and version bump --- contentctl.yml | 2 +- .../detections}/any_powershell_downloadfile.yml | 2 +- .../detections}/any_powershell_downloadstring.yml | 2 +- .../windows_installutil_uninstall_option_with_network.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) rename {detections/deprecated => removed/detections}/any_powershell_downloadfile.yml (99%) rename {detections/deprecated => removed/detections}/any_powershell_downloadstring.yml (99%) rename {detections/deprecated => removed/detections}/windows_installutil_uninstall_option_with_network.yml (99%) diff --git a/contentctl.yml b/contentctl.yml index e24367f52c..ca367ca9f5 100644 --- a/contentctl.yml +++ b/contentctl.yml @@ -3,7 +3,7 @@ app: uid: 3449 title: ES Content Updates appid: DA-ESS-ContentUpdate - version: 5.11.0 + version: 5.12.0 description: Explore the Analytic Stories included with ES Content Updates. prefix: ESCU label: ESCU diff --git a/detections/deprecated/any_powershell_downloadfile.yml b/removed/detections/any_powershell_downloadfile.yml similarity index 99% rename from detections/deprecated/any_powershell_downloadfile.yml rename to removed/detections/any_powershell_downloadfile.yml index 20d9e8c712..aec7c3a208 100644 --- a/detections/deprecated/any_powershell_downloadfile.yml +++ b/removed/detections/any_powershell_downloadfile.yml @@ -3,7 +3,7 @@ id: 1a93b7ea-7af7-11eb-adb5-acde48001122 version: '16' date: '2025-06-23' author: Michael Haag, Splunk -status: deprecated +status: removed type: TTP description: The following analytic detects the use of PowerShell's `DownloadFile` method to download files. It leverages data from Endpoint Detection and Response diff --git a/detections/deprecated/any_powershell_downloadstring.yml b/removed/detections/any_powershell_downloadstring.yml similarity index 99% rename from detections/deprecated/any_powershell_downloadstring.yml rename to removed/detections/any_powershell_downloadstring.yml index ab27385550..484b25cd86 100644 --- a/detections/deprecated/any_powershell_downloadstring.yml +++ b/removed/detections/any_powershell_downloadstring.yml @@ -3,7 +3,7 @@ id: 4d015ef2-7adf-11eb-95da-acde48001122 version: 14 date: '2025-07-29' author: Michael Haag, Splunk -status: deprecated +status: removed type: TTP description: The following analytic detects the use of PowerShell's `DownloadString` method to download files. It leverages data from Endpoint Detection and Response diff --git a/detections/deprecated/windows_installutil_uninstall_option_with_network.yml b/removed/detections/windows_installutil_uninstall_option_with_network.yml similarity index 99% rename from detections/deprecated/windows_installutil_uninstall_option_with_network.yml rename to removed/detections/windows_installutil_uninstall_option_with_network.yml index de81a547e1..e529c6381d 100644 --- a/detections/deprecated/windows_installutil_uninstall_option_with_network.yml +++ b/removed/detections/windows_installutil_uninstall_option_with_network.yml @@ -3,7 +3,7 @@ id: 1a52c836-43ef-11ec-a36c-acde48001122 version: 13 date: '2025-06-26' author: Michael Haag, Splunk -status: deprecated +status: removed type: TTP description: The following analytic identifies the use of Windows InstallUtil.exe making a remote network connection using the `/u` (uninstall) switch. This detection From 01e4f16476780f39c83fd298390ebd6171d53990 Mon Sep 17 00:00:00 2001 From: Bhavin Patel Date: Thu, 7 Aug 2025 13:49:21 -0500 Subject: [PATCH 2/2] udpating version --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index f737e429bd..d0957e8bb7 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1 +1 @@ -contentctl==5.5.7 \ No newline at end of file +contentctl==5.5.8 \ No newline at end of file