forked from splunk/security_content
-
Notifications
You must be signed in to change notification settings - Fork 0
/
contentctl.yml
210 lines (209 loc) · 8.54 KB
/
contentctl.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
path: .
app:
uid: 3449
title: ES Content Updates
appid: DA-ESS-ContentUpdate
version: 4.42.0
description: Explore the Analytic Stories included with ES Content Updates.
prefix: ESCU
label: ESCU
author_name: Splunk Threat Research Team
author_email: [email protected]
author_company: Splunk
enrichments: false
build_app: true
build_api: true
build_ssa: false
build_path: dist
test_instance:
splunk_app_username: admin
instance_address: localhost
hec_port: 8088
web_ui_port: 8000
api_port: 8089
full_image_path: registry.hub.docker.com/splunk/splunk:latest
container_settings:
leave_running: true
num_containers: 1
mode: {}
splunk_api_username: null
post_test_behavior: pause_on_failure
apps:
# - uid: 263
# title: Splunk Enterprise Security
# appid: SplunkEnterpriseSecuritySuite
# version: 7.3.1
# description: description of app
# hardcoded_path: apps/splunk-enterprise-security_731.spl
- uid: 1621
title: Splunk Common Information Model (CIM)
appid: Splunk_SA_CIM
version: 5.3.2
description: description of app
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-common-information-model-cim_532.tgz
- uid: 6553
title: Splunk Add-on for Okta Identity Cloud
appid: Splunk_TA_okta_identity_cloud
version: 2.2.0
description: description of app
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-okta-identity-cloud_220.tgz
- uid: 6652
title: Add-on for Linux Sysmon
appid: Splunk_TA_linux_sysmon
version: 1.0.0
description: description of app
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-sysmon-for-linux_100.tgz
- uid: null
title: Splunk Fix XmlWinEventLog HEC Parsing
appid: Splunk_FIX_XMLWINEVENTLOG_HEC_PARSING
version: '0.1'
description: This TA is required for replaying Windows Data into the Test Environment.
The Default TA does not include logic for properly splitting multiple log events
in a single file. In production environments, this logic is applied by the Universal
Forwarder.
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/Splunk_TA_fix_windows.tgz
- uid: 742
title: Splunk Add-on for Microsoft Windows
appid: SPLUNK_ADD_ON_FOR_MICROSOFT_WINDOWS
version: 8.8.0
description: description of app
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-microsoft-windows_880.tgz
- uid: 5709
title: Splunk Add-on for Sysmon
appid: Splunk_TA_microsoft_sysmon
version: 4.0.1
description: description of app
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-sysmon_401.tgz
- uid: 833
title: Splunk Add-on for Unix and Linux
appid: Splunk_TA_nix
version: 9.0.0
description: description of app
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-unix-and-linux_900.tgz
- uid: 5579
title: Splunk Add-on for CrowdStrike FDR
appid: Splunk_TA_CrowdStrike_FDR
version: 1.5.0
description: description of app
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-crowdstrike-fdr_150.tgz
- uid: 3185
title: Splunk Add-on for Microsoft IIS
appid: SPLUNK_TA_FOR_IIS
version: 1.3.0
description: description of app
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-microsoft-iis_130.tgz
- uid: 4242
title: TA for Suricata
appid: SPLUNK_TA_FOR_SURICATA
version: 2.3.4
description: description of app
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/ta-for-suricata_234.tgz
- uid: 5466
title: TA for Zeek
appid: SPLUNK_TA_FOR_ZEEK
version: 1.0.8
description: description of app
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/ta-for-zeek_108.tgz
- uid: 3258
title: Splunk Add-on for NGINX
appid: SPLUNK_ADD_ON_FOR_NGINX
version: 3.2.2
description: description of app
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-nginx_322.tgz
- uid: 5238
title: Splunk Add-on for Stream Forwarders
appid: SPLUNK_ADD_ON_FOR_STREAM_FORWARDERS
version: 8.1.1
description: description of app
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-stream-forwarders_811.tgz
- uid: 5234
title: Splunk Add-on for Stream Wire Data
appid: SPLUNK_ADD_ON_FOR_STREAM_WIRE_DATA
version: 8.1.1
description: description of app
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-stream-wire-data_811.tgz
- uid: 2757
title: Palo Alto Networks Add-on for Splunk
appid: PALO_ALTO_NETWORKS_ADD_ON_FOR_SPLUNK
version: 8.1.1
description: description of app
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/palo-alto-networks-add-on-for-splunk_811.tgz
- uid: 3865
title: Zscaler Technical Add-On for Splunk
appid: Zscaler_CIM
version: 4.0.3
description: description of app
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/zscaler-technical-add-on-for-splunk_403.tgz
- uid: 3719
title: Splunk Add-on for Amazon Kinesis Firehose
appid: SPLUNK_ADD_ON_FOR_AMAZON_KINESIS_FIREHOSE
version: 1.3.2
description: description of app
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-amazon-kinesis-firehose_132.tgz
- uid: 1876
title: Splunk Add-on for AWS
appid: Splunk_TA_aws
version: 7.5.0
description: description of app
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-amazon-web-services-aws_750.tgz
- uid: 3088
title: Splunk Add-on for Google Cloud Platform
appid: SPLUNK_ADD_ON_FOR_GOOGLE_CLOUD_PLATFORM
version: 4.5.0
description: description of app
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-google-cloud-platform_450.tgz
- uid: 5556
title: Splunk Add-on for Google Workspace
appid: SPLUNK_ADD_ON_FOR_GOOGLE_WORKSPACE
version: 2.7.0
description: description of app
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-google-workspace_270.tgz
- uid: 3110
title: Splunk Add-on for Microsoft Cloud Services
appid: SPLUNK_TA_MICROSOFT_CLOUD_SERVICES
version: 5.2.2
description: description of app
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-microsoft-cloud-services_522.tgz
- uid: 4055
title: Splunk Add-on for Microsoft Office 365
appid: SPLUNK_ADD_ON_FOR_MICROSOFT_OFFICE_365
version: 4.5.1
description: description of app
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-microsoft-office-365_451.tgz
- uid: 2890
title: Splunk Machine Learning Toolkit
appid: SPLUNK_MACHINE_LEARNING_TOOLKIT
version: 5.4.1
description: description of app
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-machine-learning-toolkit_541.tgz
- uid: 5518
title: Splunk add on for Microsoft Defender Advanced Hunting
appid: SPLUNK_ADD_ON_FOR_MICROSOFT_DEFENDER_ADVANCED_HUNTING
version: 1.4.1
description: description of app
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/microsoft-defender-advanced-hunting-add-on-for-splunk_141.tgz
- uid: 6207
title: Splunk Add-on for Microsoft Security
appid: Splunk_TA_MS_Security
version: 2.3.0
description: description of app
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-microsoft-security_230.tgz
- uid: 2734
title: URL Toolbox
appid: URL_TOOLBOX
version: 1.9.2
description: description of app
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/url-toolbox_192.tgz
- uid: 6853
title: Splunk Add-on for Admon Enrichment
appid: SA-admon
version: 1.1.0
description: description of app
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-admon-enrichment_112.tgz
- uid: 5082
title: CrowdStrike Falcon Event Streams Technical Add-On
appid: TA-crowdstrike-falcon-event-streams
version: 3.2.1
description: description of app
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/crowdstrike-falcon-event-streams-technical-add-on_321.tgz
githash: d6fac80e6d50ae06b40f91519a98489d4ce3a3fd