From 807bd7730e5b5d8e935c1ff21b873ecc33194adc Mon Sep 17 00:00:00 2001
From: patel-bhavin <7771446+patel-bhavin@users.noreply.github.com>
Date: Mon, 6 Oct 2025 06:58:11 +0000
Subject: [PATCH] Updated TAs

---
 contentctl.yml                                |  4 +--
 data_sources/cisco_ai_defense_alerts.yml      |  2 +-
 data_sources/cisco_asa_logs.yml               | 33 +++++++++++--------
 data_sources/cisco_duo_activity.yml           |  2 +-
 data_sources/cisco_duo_administrator.yml      |  2 +-
 ...rewall_threat_defense_connection_event.yml |  2 +-
 ...ure_firewall_threat_defense_file_event.yml |  2 +-
 ...irewall_threat_defense_intrusion_event.yml |  2 +-
 8 files changed, 28 insertions(+), 21 deletions(-)

diff --git a/contentctl.yml b/contentctl.yml
index 13db3e38f9..7524a80a08 100644
--- a/contentctl.yml
+++ b/contentctl.yml
@@ -44,9 +44,9 @@ apps:
 - uid: 7404
   title: Cisco Security Cloud
   appid: CiscoSecurityCloud
-  version: 3.4.1
+  version: 3.4.2
   description: description of app
-  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/cisco-security-cloud_341.tgz
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/cisco-security-cloud_342.tgz
 - uid: 6652
   title: Add-on for Linux Sysmon
   appid: Splunk_TA_linux_sysmon
diff --git a/data_sources/cisco_ai_defense_alerts.yml b/data_sources/cisco_ai_defense_alerts.yml
index d733630dab..e8d9fe5727 100644
--- a/data_sources/cisco_ai_defense_alerts.yml
+++ b/data_sources/cisco_ai_defense_alerts.yml
@@ -10,5 +10,5 @@ separator: null
 supported_TA:
 - name: Cisco Security Cloud
   url: https://splunkbase.splunk.com/app/7404
-  version: 3.4.1
+  version: 3.4.2
 fields: null
diff --git a/data_sources/cisco_asa_logs.yml b/data_sources/cisco_asa_logs.yml
index 4d753b03d3..8e79006648 100644
--- a/data_sources/cisco_asa_logs.yml
+++ b/data_sources/cisco_asa_logs.yml
@@ -3,19 +3,25 @@ id: 3f2a9b6d-1c8e-4f7b-a2d3-8b7f1c2a9d4e
 version: 1
 date: '2025-09-23'
 author: Bhavin Patel, Splunk
-description: >
-  Data source object for Cisco ASA system logs. Cisco ASA logs provide firewall
-  operational and security telemetry (connection events, ACL denies, VPN events,
-  NAT translations, and device health). Deploy the Splunk Add-on for Cisco ASA
-  (TA-cisco_asa) on indexers/heavy forwarders and the Cisco ASA App on search
-  heads for best parsing, CIM mapping, and dashboards. This data is ingested via SYSLOG. You must be ingesting Cisco ASA syslog data into your Splunk environment. To ensure all detections work, configure your ASA and FTD devices to generate and forward both debug and informational level syslog messages before they are sent to Splunk. A few analytics are designed to be used with comprehensive logging enabled, as it relies on the presence of specific message IDs. You can find specific instructions on how to set this up here : https://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html#toc-hId--1451069880. 
+description: "Data source object for Cisco ASA system logs. Cisco ASA logs provide\
+  \ firewall operational and security telemetry (connection events, ACL denies, VPN\
+  \ events, NAT translations, and device health). Deploy the Splunk Add-on for Cisco\
+  \ ASA (TA-cisco_asa) on indexers/heavy forwarders and the Cisco ASA App on search\
+  \ heads for best parsing, CIM mapping, and dashboards. This data is ingested via\
+  \ SYSLOG. You must be ingesting Cisco ASA syslog data into your Splunk environment.\
+  \ To ensure all detections work, configure your ASA and FTD devices to generate\
+  \ and forward both debug and informational level syslog messages before they are\
+  \ sent to Splunk. A few analytics are designed to be used with comprehensive logging\
+  \ enabled, as it relies on the presence of specific message IDs. You can find specific\
+  \ instructions on how to set this up here : https://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html#toc-hId--1451069880.\
+  \ \n"
 source: cisco:asa
-sourcetype: cisco:asa 
+sourcetype: cisco:asa
 separator: null
 supported_TA:
-  - name: Cisco Security Cloud
-    url: https://splunkbase.splunk.com/app/7404
-    version: 3.4.1
+- name: Cisco Security Cloud
+  url: https://splunkbase.splunk.com/app/7404
+  version: 3.4.2
 fields:
 - Cisco_ASA_action
 - Cisco_ASA_message_id
@@ -126,6 +132,7 @@ fields:
 - vendor_product
 - vendor_severity
 - zone
-example_log: >
-  Sep 23 19:27:50 18.144.133.67 :2025-09-23T19:27:49Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01
-  Sep 23 18:07:00 18.144.133.67 :2025-09-23T18:07:00Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55508 to management:172.31.12.229/443
\ No newline at end of file
+example_log: 'Sep 23 19:27:50 18.144.133.67 :2025-09-23T19:27:49Z: %ASA-session-7-609002:
+  Teardown local-host management:54.245.234.201 duration 0:02:01 Sep 23 18:07:00 18.144.133.67
+  :2025-09-23T18:07:00Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55508
+  to management:172.31.12.229/443'
diff --git a/data_sources/cisco_duo_activity.yml b/data_sources/cisco_duo_activity.yml
index f653b944b7..e58af724ce 100644
--- a/data_sources/cisco_duo_activity.yml
+++ b/data_sources/cisco_duo_activity.yml
@@ -10,7 +10,7 @@ separator: null
 supported_TA:
 - name: Cisco Security Cloud
   url: https://splunkbase.splunk.com/app/7404
-  version: 3.4.1
+  version: 3.4.2
 fields:
 - access_device.browser
 - access_device.browser_version
diff --git a/data_sources/cisco_duo_administrator.yml b/data_sources/cisco_duo_administrator.yml
index 7e765c2c78..56d7a34178 100644
--- a/data_sources/cisco_duo_administrator.yml
+++ b/data_sources/cisco_duo_administrator.yml
@@ -10,7 +10,7 @@ separator: null
 supported_TA:
 - name: Cisco Security Cloud
   url: https://splunkbase.splunk.com/app/7404
-  version: 3.4.1
+  version: 3.4.2
 fields:
 - action
 - actionlabel
diff --git a/data_sources/cisco_secure_firewall_threat_defense_connection_event.yml b/data_sources/cisco_secure_firewall_threat_defense_connection_event.yml
index f9c5619f9a..eae44b5a5a 100644
--- a/data_sources/cisco_secure_firewall_threat_defense_connection_event.yml
+++ b/data_sources/cisco_secure_firewall_threat_defense_connection_event.yml
@@ -10,7 +10,7 @@ sourcetype: cisco:sfw:estreamer
 supported_TA:
 - name: Cisco Security Cloud
   url: https://splunkbase.splunk.com/app/7404
-  version: 3.4.1
+  version: 3.4.2
 fields:
 - AC_RuleAction
 - action
diff --git a/data_sources/cisco_secure_firewall_threat_defense_file_event.yml b/data_sources/cisco_secure_firewall_threat_defense_file_event.yml
index 1c4aec52d7..9e6366ae4e 100644
--- a/data_sources/cisco_secure_firewall_threat_defense_file_event.yml
+++ b/data_sources/cisco_secure_firewall_threat_defense_file_event.yml
@@ -10,7 +10,7 @@ sourcetype: cisco:sfw:estreamer
 supported_TA:
 - name: Cisco Security Cloud
   url: https://splunkbase.splunk.com/app/7404
-  version: 3.4.1
+  version: 3.4.2
 fields:
 - app
 - Application
diff --git a/data_sources/cisco_secure_firewall_threat_defense_intrusion_event.yml b/data_sources/cisco_secure_firewall_threat_defense_intrusion_event.yml
index 471781c615..35d6299056 100644
--- a/data_sources/cisco_secure_firewall_threat_defense_intrusion_event.yml
+++ b/data_sources/cisco_secure_firewall_threat_defense_intrusion_event.yml
@@ -10,7 +10,7 @@ sourcetype: cisco:sfw:estreamer
 supported_TA:
 - name: Cisco Security Cloud
   url: https://splunkbase.splunk.com/app/7404
-  version: 3.4.1
+  version: 3.4.2
 fields:
 - Application
 - Classification