Merge branch 'develop' into nterl0k-t1595-generic-scanner

splunk · Jan 6, 2025 · f1fca81 · f1fca81
2 parents 9ee8526 + 6adf586
commit f1fca81
Show file tree

Hide file tree

Showing 5 changed files with 7 additions and 7 deletions.
diff --git a/contentctl.yml b/contentctl.yml
@@ -21,8 +21,8 @@ test_instance:
   hec_port: 8088
   web_ui_port: 8000
   api_port: 8089
-  full_image_path: registry.hub.docker.com/splunk/splunk:latest
 container_settings:
+  full_image_path: registry.hub.docker.com/splunk/splunk:9.3
   leave_running: true
   num_containers: 1
 mode: {}
@@ -77,9 +77,9 @@ apps:
 - uid: 5579
   title: Splunk Add-on for CrowdStrike FDR
   appid: Splunk_TA_CrowdStrike_FDR
-  version: 2.0.2
+  version: 2.0.3
   description: description of app
-  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-crowdstrike-fdr_202.tgz
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-crowdstrike-fdr_203.tgz
 - uid: 3185
   title: Splunk Add-on for Microsoft IIS
   appid: SPLUNK_TA_FOR_IIS

diff --git a/data_sources/crowdstrike_processrollup2.yml b/data_sources/crowdstrike_processrollup2.yml
@@ -10,7 +10,7 @@ separator: event_simpleName
 supported_TA:
 - name: Splunk Add-on for CrowdStrike FDR
   url: https://splunkbase.splunk.com/app/5579
-  version: 2.0.2
+  version: 2.0.3
 fields:
 - AuthenticationId
 - AuthenticationId_meaning

diff --git a/macros/f5_bigip_rogue.yml b/macros/f5_bigip_rogue.yml
@@ -1,4 +1,4 @@
-definition: index=netops sourcetype="f5:bigip:rogue"
+definition: sourcetype="f5:bigip:rogue"
 description: customer specific splunk configurations(eg- index, source, sourcetype).
   Replace the macro definition with configurations for your Splunk Environment.
 name: f5_bigip_rogue
diff --git a/macros/zeek_rpc.yml b/macros/zeek_rpc.yml
@@ -1,4 +1,4 @@
-definition: index=zeek sourcetype="zeek:rpc:json"
+definition: sourcetype="zeek:rpc:json"
 description: customer specific splunk configurations(eg- index, source, sourcetype).
   Replace the macro definition with configurations for your Splunk Environment.
 name: zeek_rpc
diff --git a/macros/zeek_ssl.yml b/macros/zeek_ssl.yml
@@ -1,4 +1,4 @@
-definition: index=zeek sourcetype="zeek:ssl:json"
+definition: sourcetype="zeek:ssl:json"
 description: customer specific splunk configurations(eg- index, source, sourcetype).
   Replace the macro definition with configurations for your Splunk Environment.
 name: zeek_ssl