diff --git a/data_sources/github.yml b/data_sources/github.yml
index 5114322fa2..2c5c88084d 100644
--- a/data_sources/github.yml
+++ b/data_sources/github.yml
@@ -9,7 +9,7 @@ sourcetype: aws:firehose:json
 supported_TA:
 - name: Splunk Add-on for Github
   url: https://splunkbase.splunk.com/app/6254
-  version: 3.0.0
+  version: 3.1.0
 fields:
 - _time
 - action
diff --git a/data_sources/powershell_script_block_logging_4104.yml b/data_sources/powershell_script_block_logging_4104.yml
index 4a0f37f2b9..7463322d94 100644
--- a/data_sources/powershell_script_block_logging_4104.yml
+++ b/data_sources/powershell_script_block_logging_4104.yml
@@ -9,7 +9,7 @@ sourcetype: xmlwineventlog
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - ActivityID
@@ -65,21 +65,21 @@ fields:
 - user_id
 - vendor_product
 field_mappings:
-  - data_model: cim
-    data_set: Endpoint.Processes
-    mapping:
-      Computer: Processes.dest
-      Path: Processes.process_path
-      ScriptBlockId: Processes.process_id
-      ScriptBlockText: Processes.process
-      UserID: Processes.user_id
-  - data_model: ocsf
-    mapping:
-      Computer: device.hostname
-      Path: process.file.path
-      ScriptBlockId: process.uid
-      ScriptBlockText: process.cmd_line
-      UserID: actor.user.uid
+- data_model: cim
+  data_set: Endpoint.Processes
+  mapping:
+    Computer: Processes.dest
+    Path: Processes.process_path
+    ScriptBlockId: Processes.process_id
+    ScriptBlockText: Processes.process
+    UserID: Processes.user_id
+- data_model: ocsf
+  mapping:
+    Computer: device.hostname
+    Path: process.file.path
+    ScriptBlockId: process.uid
+    ScriptBlockText: process.cmd_line
+    UserID: actor.user.uid
 example_log: <Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider
   Name='Microsoft-Windows-PowerShell' Guid='{A0C1853B-5C40-4B15-8766-3CF1C58F985A}'/><EventID>4104</EventID><Version>1</Version><Level>5</Level><Task>2</Task><Opcode>15</Opcode><Keywords>0x0</Keywords><TimeCreated
   SystemTime='2022-05-02T12:39:41.710158900Z'/><EventRecordID>112748</EventRecordID><Correlation
diff --git a/data_sources/windows_active_directory_admon.yml b/data_sources/windows_active_directory_admon.yml
index 591eac8fb6..4ea1a86783 100644
--- a/data_sources/windows_active_directory_admon.yml
+++ b/data_sources/windows_active_directory_admon.yml
@@ -9,7 +9,7 @@ sourcetype: ActiveDirectory
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - Guid
diff --git a/data_sources/windows_event_log_application_2282.yml b/data_sources/windows_event_log_application_2282.yml
index e304ac0df4..2e29d25494 100644
--- a/data_sources/windows_event_log_application_2282.yml
+++ b/data_sources/windows_event_log_application_2282.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - Channel
diff --git a/data_sources/windows_event_log_application_3000.yml b/data_sources/windows_event_log_application_3000.yml
index 43ec8ca515..f1104ace2e 100644
--- a/data_sources/windows_event_log_application_3000.yml
+++ b/data_sources/windows_event_log_application_3000.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - Channel
diff --git a/data_sources/windows_event_log_capi2_70.yml b/data_sources/windows_event_log_capi2_70.yml
index 47db13d6ab..6940150305 100644
--- a/data_sources/windows_event_log_capi2_70.yml
+++ b/data_sources/windows_event_log_capi2_70.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - Channel
diff --git a/data_sources/windows_event_log_capi2_81.yml b/data_sources/windows_event_log_capi2_81.yml
index 5ed24eb289..d122d7f0e7 100644
--- a/data_sources/windows_event_log_capi2_81.yml
+++ b/data_sources/windows_event_log_capi2_81.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - Channel
diff --git a/data_sources/windows_event_log_certificateservicesclient_1007.yml b/data_sources/windows_event_log_certificateservicesclient_1007.yml
index 8545b32e9b..d9741eff7d 100644
--- a/data_sources/windows_event_log_certificateservicesclient_1007.yml
+++ b/data_sources/windows_event_log_certificateservicesclient_1007.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - ActivityID
diff --git a/data_sources/windows_event_log_defender_1121.yml b/data_sources/windows_event_log_defender_1121.yml
index b3147767b3..afae48a285 100644
--- a/data_sources/windows_event_log_defender_1121.yml
+++ b/data_sources/windows_event_log_defender_1121.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - ActivityID
diff --git a/data_sources/windows_event_log_defender_1122.yml b/data_sources/windows_event_log_defender_1122.yml
index 73594c09b9..6a47b79814 100644
--- a/data_sources/windows_event_log_defender_1122.yml
+++ b/data_sources/windows_event_log_defender_1122.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - ActivityID
diff --git a/data_sources/windows_event_log_defender_1129.yml b/data_sources/windows_event_log_defender_1129.yml
index b191570988..2f85626217 100644
--- a/data_sources/windows_event_log_defender_1129.yml
+++ b/data_sources/windows_event_log_defender_1129.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - ComputerName
diff --git a/data_sources/windows_event_log_defender_5007.yml b/data_sources/windows_event_log_defender_5007.yml
index 1fb3983cb9..8ca0b4ec85 100644
--- a/data_sources/windows_event_log_defender_5007.yml
+++ b/data_sources/windows_event_log_defender_5007.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - Channel
diff --git a/data_sources/windows_event_log_printservice_316.yml b/data_sources/windows_event_log_printservice_316.yml
index ed12dfe02a..942e76ee71 100644
--- a/data_sources/windows_event_log_printservice_316.yml
+++ b/data_sources/windows_event_log_printservice_316.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - ComputerName
diff --git a/data_sources/windows_event_log_printservice_808.yml b/data_sources/windows_event_log_printservice_808.yml
index 90d3e80d2c..b82e7d5934 100644
--- a/data_sources/windows_event_log_printservice_808.yml
+++ b/data_sources/windows_event_log_printservice_808.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - ComputerName
diff --git a/data_sources/windows_event_log_remoteconnectionmanager_1149.yml b/data_sources/windows_event_log_remoteconnectionmanager_1149.yml
index 499520e805..51042c1d40 100644
--- a/data_sources/windows_event_log_remoteconnectionmanager_1149.yml
+++ b/data_sources/windows_event_log_remoteconnectionmanager_1149.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - ActivityID
diff --git a/data_sources/windows_event_log_security_1100.yml b/data_sources/windows_event_log_security_1100.yml
index 5eac0482df..faa0722680 100644
--- a/data_sources/windows_event_log_security_1100.yml
+++ b/data_sources/windows_event_log_security_1100.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - Channel
diff --git a/data_sources/windows_event_log_security_1102.yml b/data_sources/windows_event_log_security_1102.yml
index f4e090f7f9..b0f2fa3835 100644
--- a/data_sources/windows_event_log_security_1102.yml
+++ b/data_sources/windows_event_log_security_1102.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - Caller_User_Name
diff --git a/data_sources/windows_event_log_security_4624.yml b/data_sources/windows_event_log_security_4624.yml
index b377daf317..4de8f03046 100644
--- a/data_sources/windows_event_log_security_4624.yml
+++ b/data_sources/windows_event_log_security_4624.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - ActivityID
diff --git a/data_sources/windows_event_log_security_4625.yml b/data_sources/windows_event_log_security_4625.yml
index 321dfdaebb..d9f7db68cb 100644
--- a/data_sources/windows_event_log_security_4625.yml
+++ b/data_sources/windows_event_log_security_4625.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - ActivityID
diff --git a/data_sources/windows_event_log_security_4627.yml b/data_sources/windows_event_log_security_4627.yml
index 399d944750..c1158f58e1 100644
--- a/data_sources/windows_event_log_security_4627.yml
+++ b/data_sources/windows_event_log_security_4627.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - ActivityID
diff --git a/data_sources/windows_event_log_security_4648.yml b/data_sources/windows_event_log_security_4648.yml
index 9fcade9e88..6d8216c068 100644
--- a/data_sources/windows_event_log_security_4648.yml
+++ b/data_sources/windows_event_log_security_4648.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - ActivityID
diff --git a/data_sources/windows_event_log_security_4662.yml b/data_sources/windows_event_log_security_4662.yml
index 6d2a77ae22..424ffc5864 100644
--- a/data_sources/windows_event_log_security_4662.yml
+++ b/data_sources/windows_event_log_security_4662.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - AccessList
diff --git a/data_sources/windows_event_log_security_4663.yml b/data_sources/windows_event_log_security_4663.yml
index aeb64b9849..ac221bf5ab 100644
--- a/data_sources/windows_event_log_security_4663.yml
+++ b/data_sources/windows_event_log_security_4663.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - AccessList
diff --git a/data_sources/windows_event_log_security_4672.yml b/data_sources/windows_event_log_security_4672.yml
index 66c953ff1d..5a34f3c163 100644
--- a/data_sources/windows_event_log_security_4672.yml
+++ b/data_sources/windows_event_log_security_4672.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - ActivityID
diff --git a/data_sources/windows_event_log_security_4688.yml b/data_sources/windows_event_log_security_4688.yml
index c9223d3a7a..ad86762d62 100644
--- a/data_sources/windows_event_log_security_4688.yml
+++ b/data_sources/windows_event_log_security_4688.yml
@@ -7,11 +7,12 @@ description: Data source object for Windows Event Log Security 4688
 source: XmlWinEventLog:Security
 sourcetype: xmlwineventlog
 separator: EventCode
-configuration: Enabling Windows event log process command line logging via group policy object https://lantern.splunk.com/Security/Product_Tips/Enterprise_Security/Enabling_Windows_event_log_process_command_line_logging_via_group_policy_object
+configuration: Enabling Windows event log process command line logging via group policy
+  object https://lantern.splunk.com/Security/Product_Tips/Enterprise_Security/Enabling_Windows_event_log_process_command_line_logging_via_group_policy_object
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - Caller_Domain
 - Caller_User_Name
@@ -90,39 +91,39 @@ fields:
 - vendor
 - vendor_product
 field_mappings:
-  - data_model: cim
-    data_set: Endpoint.Processes
-    mapping:
-      NewProcessId: Processes.process_id
-      NewProcessName: Processes.process_path
-      NewProcessName|endswith: Processes.process_name
-      Process_Command_Line: Processes.process
-      SubjectUserSid: Processes.user
-      ProcessId: Processes.parent_process_id
-      ParentProcessName: Processes.parent_process_path
-      ParentProcessName|endswith: Processes.parent_process_name
-      Computer: Processes.dest
-  - data_model: ocsf
-    mapping:
-      NewProcessId: process.pid
-      NewProcessName: process.file.path
-      NewProcessName|endswith: process.file.name
-      Process_Command_Line: process.cmd_line
-      SubjectUserSid: actor.user.name
-      ProcessId: actor.process.pid
-      ParentProcessName: actor.process.file.path
-      ParentProcessName|endswith: actor.process.file.name
-      Computer: device.hostname
+- data_model: cim
+  data_set: Endpoint.Processes
+  mapping:
+    NewProcessId: Processes.process_id
+    NewProcessName: Processes.process_path
+    NewProcessName|endswith: Processes.process_name
+    Process_Command_Line: Processes.process
+    SubjectUserSid: Processes.user
+    ProcessId: Processes.parent_process_id
+    ParentProcessName: Processes.parent_process_path
+    ParentProcessName|endswith: Processes.parent_process_name
+    Computer: Processes.dest
+- data_model: ocsf
+  mapping:
+    NewProcessId: process.pid
+    NewProcessName: process.file.path
+    NewProcessName|endswith: process.file.name
+    Process_Command_Line: process.cmd_line
+    SubjectUserSid: actor.user.name
+    ProcessId: actor.process.pid
+    ParentProcessName: actor.process.file.path
+    ParentProcessName|endswith: actor.process.file.name
+    Computer: device.hostname
 convert_to_log_source:
-  - data_source: Sysmon EventID 1
-    mapping:
-      NewProcessId: ProcessId #New_Process_ID in Hex
-      NewProcessName: Image
-      Process_Command_Line: CommandLine
-      SubjectUserSid: User
-      ProcessId: ParentProcessId
-      ParentProcessName: ParentImage
-      Computer: Computer
+- data_source: Sysmon EventID 1
+  mapping:
+    NewProcessId: ProcessId
+    NewProcessName: Image
+    Process_Command_Line: CommandLine
+    SubjectUserSid: User
+    ProcessId: ParentProcessId
+    ParentProcessName: ParentImage
+    Computer: Computer
 example_log: <Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider
   Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-A5BA-3E3B0328C30D}'/><EventID>4688</EventID><Version>2</Version><Level>0</Level><Task>13312</Task><Opcode>0</Opcode><Keywords>0x8020000000000000</Keywords><TimeCreated
   SystemTime='2024-04-23T08:48:30.449376800Z'/><EventRecordID>432820</EventRecordID><Correlation/><Execution
diff --git a/data_sources/windows_event_log_security_4698.yml b/data_sources/windows_event_log_security_4698.yml
index 2d23899632..ed7bb25505 100644
--- a/data_sources/windows_event_log_security_4698.yml
+++ b/data_sources/windows_event_log_security_4698.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - Account_Domain
diff --git a/data_sources/windows_event_log_security_4699.yml b/data_sources/windows_event_log_security_4699.yml
index f7c7c00c52..f640defd3a 100644
--- a/data_sources/windows_event_log_security_4699.yml
+++ b/data_sources/windows_event_log_security_4699.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - Account_Domain
diff --git a/data_sources/windows_event_log_security_4703.yml b/data_sources/windows_event_log_security_4703.yml
index 75c6bc1ad2..ebd64ed925 100644
--- a/data_sources/windows_event_log_security_4703.yml
+++ b/data_sources/windows_event_log_security_4703.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - Caller_Domain
diff --git a/data_sources/windows_event_log_security_4719.yml b/data_sources/windows_event_log_security_4719.yml
index d3bd23a31c..ef9997624d 100644
--- a/data_sources/windows_event_log_security_4719.yml
+++ b/data_sources/windows_event_log_security_4719.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - ActivityID
diff --git a/data_sources/windows_event_log_security_4720.yml b/data_sources/windows_event_log_security_4720.yml
index 976a1c8ce1..aba3e26aa6 100644
--- a/data_sources/windows_event_log_security_4720.yml
+++ b/data_sources/windows_event_log_security_4720.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - Account_Domain
diff --git a/data_sources/windows_event_log_security_4724.yml b/data_sources/windows_event_log_security_4724.yml
index 68dcf6a49f..745475cf13 100644
--- a/data_sources/windows_event_log_security_4724.yml
+++ b/data_sources/windows_event_log_security_4724.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - Caller_Domain
diff --git a/data_sources/windows_event_log_security_4725.yml b/data_sources/windows_event_log_security_4725.yml
index f2718026ac..3e771e13be 100644
--- a/data_sources/windows_event_log_security_4725.yml
+++ b/data_sources/windows_event_log_security_4725.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - Caller_Domain
diff --git a/data_sources/windows_event_log_security_4726.yml b/data_sources/windows_event_log_security_4726.yml
index 75e43e4a94..9af55b1692 100644
--- a/data_sources/windows_event_log_security_4726.yml
+++ b/data_sources/windows_event_log_security_4726.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - Caller_Domain
diff --git a/data_sources/windows_event_log_security_4732.yml b/data_sources/windows_event_log_security_4732.yml
index 9af1fd6d61..324b8743e4 100644
--- a/data_sources/windows_event_log_security_4732.yml
+++ b/data_sources/windows_event_log_security_4732.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - Account_Domain
diff --git a/data_sources/windows_event_log_security_4738.yml b/data_sources/windows_event_log_security_4738.yml
index 92492a2d18..4de460b215 100644
--- a/data_sources/windows_event_log_security_4738.yml
+++ b/data_sources/windows_event_log_security_4738.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - AccountExpires
diff --git a/data_sources/windows_event_log_security_4739.yml b/data_sources/windows_event_log_security_4739.yml
index fcf04236d9..ec2e520e2d 100644
--- a/data_sources/windows_event_log_security_4739.yml
+++ b/data_sources/windows_event_log_security_4739.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - Caller_Domain
diff --git a/data_sources/windows_event_log_security_4741.yml b/data_sources/windows_event_log_security_4741.yml
index 9976c94880..57c2a74b2c 100644
--- a/data_sources/windows_event_log_security_4741.yml
+++ b/data_sources/windows_event_log_security_4741.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - AccountExpires
diff --git a/data_sources/windows_event_log_security_4742.yml b/data_sources/windows_event_log_security_4742.yml
index 3c7a617af6..5154674657 100644
--- a/data_sources/windows_event_log_security_4742.yml
+++ b/data_sources/windows_event_log_security_4742.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - AccountExpires
diff --git a/data_sources/windows_event_log_security_4768.yml b/data_sources/windows_event_log_security_4768.yml
index dbc74e1d2b..2f6573aeba 100644
--- a/data_sources/windows_event_log_security_4768.yml
+++ b/data_sources/windows_event_log_security_4768.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - Channel
diff --git a/data_sources/windows_event_log_security_4769.yml b/data_sources/windows_event_log_security_4769.yml
index 8215487700..cd4b654c66 100644
--- a/data_sources/windows_event_log_security_4769.yml
+++ b/data_sources/windows_event_log_security_4769.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - Channel
diff --git a/data_sources/windows_event_log_security_4771.yml b/data_sources/windows_event_log_security_4771.yml
index 04cb621bcd..fa3b9e853b 100644
--- a/data_sources/windows_event_log_security_4771.yml
+++ b/data_sources/windows_event_log_security_4771.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - Channel
diff --git a/data_sources/windows_event_log_security_4776.yml b/data_sources/windows_event_log_security_4776.yml
index dc74add04f..a0084b6817 100644
--- a/data_sources/windows_event_log_security_4776.yml
+++ b/data_sources/windows_event_log_security_4776.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - Channel
diff --git a/data_sources/windows_event_log_security_4781.yml b/data_sources/windows_event_log_security_4781.yml
index fbd50f8147..4f8d23c97d 100644
--- a/data_sources/windows_event_log_security_4781.yml
+++ b/data_sources/windows_event_log_security_4781.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - ActivityID
diff --git a/data_sources/windows_event_log_security_4794.yml b/data_sources/windows_event_log_security_4794.yml
index ecdc4c46db..720fb704ae 100644
--- a/data_sources/windows_event_log_security_4794.yml
+++ b/data_sources/windows_event_log_security_4794.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - ActivityID
diff --git a/data_sources/windows_event_log_security_4798.yml b/data_sources/windows_event_log_security_4798.yml
index f923fc486a..4fd0eb6ed2 100644
--- a/data_sources/windows_event_log_security_4798.yml
+++ b/data_sources/windows_event_log_security_4798.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - ActivityID
diff --git a/data_sources/windows_event_log_security_4876.yml b/data_sources/windows_event_log_security_4876.yml
index 181c1b241c..ba585ae1a4 100644
--- a/data_sources/windows_event_log_security_4876.yml
+++ b/data_sources/windows_event_log_security_4876.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - ActivityID
diff --git a/data_sources/windows_event_log_security_4886.yml b/data_sources/windows_event_log_security_4886.yml
index eb9cbbdea0..e328487366 100644
--- a/data_sources/windows_event_log_security_4886.yml
+++ b/data_sources/windows_event_log_security_4886.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - ActivityID
diff --git a/data_sources/windows_event_log_security_4887.yml b/data_sources/windows_event_log_security_4887.yml
index 80421384fc..83a0f473ec 100644
--- a/data_sources/windows_event_log_security_4887.yml
+++ b/data_sources/windows_event_log_security_4887.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - ActivityID
diff --git a/data_sources/windows_event_log_security_5136.yml b/data_sources/windows_event_log_security_5136.yml
index 0b2759349f..3282f9c9b1 100644
--- a/data_sources/windows_event_log_security_5136.yml
+++ b/data_sources/windows_event_log_security_5136.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - ActivityID
diff --git a/data_sources/windows_event_log_security_5137.yml b/data_sources/windows_event_log_security_5137.yml
index 7076b1bbcf..f1024f7bd5 100644
--- a/data_sources/windows_event_log_security_5137.yml
+++ b/data_sources/windows_event_log_security_5137.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - AppCorrelationID
diff --git a/data_sources/windows_event_log_security_5140.yml b/data_sources/windows_event_log_security_5140.yml
index 1c8500f5c7..cc05758c21 100644
--- a/data_sources/windows_event_log_security_5140.yml
+++ b/data_sources/windows_event_log_security_5140.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - AccessList
@@ -93,19 +93,19 @@ fields:
 - vendor
 - vendor_product
 field_mappings:
-  - data_model: ocsf
-    mapping:
-      AccessList: access_list
-      AccessMask: access_mask
-      AccessReason: access_result
-      ShareLocalPath: file
-      ObjectType: file.type
-      IpAddress: src_endpoint.ip
-      IpPort: src_endpoint.port
-      SubjectDomainName: actor.user.domain
-      SubjectUserName: actor.user.name
-      SubjectLogonId: actor.session.uid
-      SubjectUserSid: actor.user.uid
+- data_model: ocsf
+  mapping:
+    AccessList: access_list
+    AccessMask: access_mask
+    AccessReason: access_result
+    ShareLocalPath: file
+    ObjectType: file.type
+    IpAddress: src_endpoint.ip
+    IpPort: src_endpoint.port
+    SubjectDomainName: actor.user.domain
+    SubjectUserName: actor.user.name
+    SubjectLogonId: actor.session.uid
+    SubjectUserSid: actor.user.uid
 example_log: <Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider
   Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/><EventID>5140</EventID><Version>1</Version><Level>0</Level><Task>12808</Task><Opcode>0</Opcode><Keywords>0x8020000000000000</Keywords><TimeCreated
   SystemTime='2023-03-23T15:59:26.669364000Z'/><EventRecordID>138541</EventRecordID><Correlation/><Execution
diff --git a/data_sources/windows_event_log_security_5141.yml b/data_sources/windows_event_log_security_5141.yml
index 3ec7c1cbc8..927f93fc4e 100644
--- a/data_sources/windows_event_log_security_5141.yml
+++ b/data_sources/windows_event_log_security_5141.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - ActivityID
diff --git a/data_sources/windows_event_log_security_5145.yml b/data_sources/windows_event_log_security_5145.yml
index 83c50c2e9f..290b9b0224 100644
--- a/data_sources/windows_event_log_security_5145.yml
+++ b/data_sources/windows_event_log_security_5145.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - AccessList
@@ -97,35 +97,35 @@ fields:
 - vendor
 - vendor_product
 field_mappings:
-  - data_model: custom_cim
-    data_set: Endpoint.Processes
-    mapping:
-      AccessList: access_list
-      AccessMask: access_mask
-      AccessReason: access_result
-      RelativeTargetName: relative_target_name
-      ObjectType: object_type
-      IpAddress: src_ip
-      IpPort: src_port
-      SubjectDomainName: user_domain
-      SubjectUserName: user
-      SubjectLogonId: user_logon_id
-      SubjectUserSid: user_sid
-      ShareName: share
-  - data_model: ocsf
-    mapping:
-      AccessList: access_list
-      AccessMask: access_mask
-      AccessReason: access_result
-      RelativeTargetName: file.path
-      ObjectType: file.type
-      IpAddress: src_endpoint.ip
-      IpPort: src_endpoint.port
-      SubjectDomainName: actor.user.domain
-      SubjectUserName: actor.user.name
-      SubjectLogonId: actor.session.uid
-      SubjectUserSid: actor.user.uid
-      ShareName: share
+- data_model: custom_cim
+  data_set: Endpoint.Processes
+  mapping:
+    AccessList: access_list
+    AccessMask: access_mask
+    AccessReason: access_result
+    RelativeTargetName: relative_target_name
+    ObjectType: object_type
+    IpAddress: src_ip
+    IpPort: src_port
+    SubjectDomainName: user_domain
+    SubjectUserName: user
+    SubjectLogonId: user_logon_id
+    SubjectUserSid: user_sid
+    ShareName: share
+- data_model: ocsf
+  mapping:
+    AccessList: access_list
+    AccessMask: access_mask
+    AccessReason: access_result
+    RelativeTargetName: file.path
+    ObjectType: file.type
+    IpAddress: src_endpoint.ip
+    IpPort: src_endpoint.port
+    SubjectDomainName: actor.user.domain
+    SubjectUserName: actor.user.name
+    SubjectLogonId: actor.session.uid
+    SubjectUserSid: actor.user.uid
+    ShareName: share
 example_log: <Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider
   Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-A5BA-3E3B0328C30D}'/><EventID>5145</EventID><Version>0</Version><Level>0</Level><Task>12811</Task><Opcode>0</Opcode><Keywords>0x8020000000000000</Keywords><TimeCreated
   SystemTime='2024-03-11T03:06:39.742608600Z'/><EventRecordID>2018939</EventRecordID><Correlation/><Execution
diff --git a/data_sources/windows_event_log_system_4720.yml b/data_sources/windows_event_log_system_4720.yml
index dd9230d0ef..3ef555a543 100644
--- a/data_sources/windows_event_log_system_4720.yml
+++ b/data_sources/windows_event_log_system_4720.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - Account_Domain
diff --git a/data_sources/windows_event_log_system_4726.yml b/data_sources/windows_event_log_system_4726.yml
index 85030c1641..8c591348db 100644
--- a/data_sources/windows_event_log_system_4726.yml
+++ b/data_sources/windows_event_log_system_4726.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - Account_Domain
diff --git a/data_sources/windows_event_log_system_4728.yml b/data_sources/windows_event_log_system_4728.yml
index 2b4b917048..94efdd060b 100644
--- a/data_sources/windows_event_log_system_4728.yml
+++ b/data_sources/windows_event_log_system_4728.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - Account_Domain
diff --git a/data_sources/windows_event_log_system_7036.yml b/data_sources/windows_event_log_system_7036.yml
index bbc47d514b..7d8463c44f 100644
--- a/data_sources/windows_event_log_system_7036.yml
+++ b/data_sources/windows_event_log_system_7036.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - Channel
diff --git a/data_sources/windows_event_log_system_7040.yml b/data_sources/windows_event_log_system_7040.yml
index 9c2fe0b263..0323d24b1f 100644
--- a/data_sources/windows_event_log_system_7040.yml
+++ b/data_sources/windows_event_log_system_7040.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - Channel
diff --git a/data_sources/windows_event_log_system_7045.yml b/data_sources/windows_event_log_system_7045.yml
index cc9dce8d16..fc289a7af4 100644
--- a/data_sources/windows_event_log_system_7045.yml
+++ b/data_sources/windows_event_log_system_7045.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - AccountName
diff --git a/data_sources/windows_event_log_taskscheduler_200.yml b/data_sources/windows_event_log_taskscheduler_200.yml
index 4aadd5eef7..1ce4b87149 100644
--- a/data_sources/windows_event_log_taskscheduler_200.yml
+++ b/data_sources/windows_event_log_taskscheduler_200.yml
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - ActionName
diff --git a/data_sources/windows_iis.yml b/data_sources/windows_iis.yml
index 4b60956cbb..cb39b6df24 100644
--- a/data_sources/windows_iis.yml
+++ b/data_sources/windows_iis.yml
@@ -10,4 +10,4 @@ separator: EventID
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
diff --git a/data_sources/windows_iis_29.yml b/data_sources/windows_iis_29.yml
index 6db0557ffb..6b87977b86 100644
--- a/data_sources/windows_iis_29.yml
+++ b/data_sources/windows_iis_29.yml
@@ -10,7 +10,7 @@ separator: EventID
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 8.9.0
+  version: 9.0.0
 fields:
 - _time
 - ComputerName