updating after local test

contentctl.yml

@@ -65,9 +65,9 @@ apps:
 - uid: 742
   title: Splunk Add-on for Microsoft Windows
   appid: SPLUNK_ADD_ON_FOR_MICROSOFT_WINDOWS
-  version: 9.0.0
+  version: 8.8.0
   description: description of app
-  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-microsoft-windows_900.tgz
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/splunk-add-on-for-microsoft-windows_880.tgz
 - uid: 5709
   title: Splunk Add-on for Sysmon
   appid: Splunk_TA_microsoft_sysmon

detections/endpoint/Splunk_TA_microsoft_sysmon 2/README.txt

@@ -0,0 +1,4 @@
+Splunk Add-on for Sysmon version 1.0.0
+Copyright (C) 2021 Splunk Inc. All Rights Reserved.
+
+For documentation, see: https://docs.splunk.com/Documentation/AddOns/latest/MSSysmon

detections/endpoint/Splunk_TA_microsoft_sysmon 2/THIRDPARTY

@@ -0,0 +1,68 @@
+================================================================================
+================================================================================
+
+          Third-Party Software for splunk-add-on-for-microsoft-sysmon
+
+--------------------------------------------------------------------------------
+
+The following 3rd-party software packages may be used by or distributed with splunk-add-on-for-microsoft-sysmon. Any information relevant to third-party vendors listed below are collected using common, reasonable means.
+
+Date generated: 2024-10-8
+
+Revision ID: 740cecbf611928a0a957078251c12f96ef5b848f
+
+================================================================================
+================================================================================
+
+
+
+
+================================================================================
+
+                                Declared License
+
+================================================================================
+
+No declared license found for splunk-add-on-for-microsoft-sysmon
+
+
+
+
+================================================================================
+
+                              First Party Licenses
+
+================================================================================
+
+No licenses found
+
+
+
+
+
+================================================================================
+
+                                  Dependencies
+
+================================================================================
+
+
+
+
+================================================================================
+                                    License
+
+================================================================================
+
+
+================================================================================
+
+                                   Copyrights
+
+================================================================================
+
+
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+
+Report Generated by FOSSA on 2024-10-8

detections/endpoint/Splunk_TA_microsoft_sysmon 2/VERSION

@@ -0,0 +1,2 @@
+4.0.2
+4.0.2

detections/endpoint/Splunk_TA_microsoft_sysmon 2/app.manifest

@@ -0,0 +1,58 @@
+{
+  "dependencies": null,
+  "incompatibleApps": null,
+  "info": {
+    "author": [
+      {
+        "name": "Splunk, Inc.",
+        "email": null,
+        "company": null
+      }
+    ],
+    "classification": {
+      "categories": [
+        "Security, Fraud & Compliance"
+      ],
+      "developmentStatus": "Production/Stable",
+      "intendedAudience": "IT Professionals"
+    },
+    "commonInformationModels": null,
+    "description": "Splunk Add-on for Sysmon",
+    "id": {
+      "group": null,
+      "name": "Splunk_TA_microsoft_sysmon",
+      "version": "4.0.2"
+    },
+    "license": {
+      "name": "Splunk General Terms",
+      "text": "LICENSES/LicenseRef-Splunk-8-2021.txt",
+      "uri": "https://www.splunk.com/en_us/legal/splunk-general-terms.html"
+    },
+    "privacyPolicy": {
+      "name": null,
+      "text": null,
+      "uri": null
+    },
+    "releaseDate": null,
+    "releaseNotes": {
+      "name": "README",
+      "text": "README.txt",
+      "uri": "https://docs.splunk.com/Documentation/AddOns/MSSysmon/About"
+    },
+    "title": "Splunk Add-on for Sysmon"
+  },
+  "inputGroups": null,
+  "platformRequirements": null,
+  "schemaVersion": "2.0.0",
+  "supportedDeployments": [
+    "_standalone",
+    "_distributed",
+    "_search_head_clustering"
+  ],
+  "targetWorkloads": [
+    "_search_heads",
+    "_forwarders",
+    "_indexers"
+  ],
+  "tasks": null
+}

detections/endpoint/Splunk_TA_microsoft_sysmon 2/default/app.conf

@@ -0,0 +1,27 @@
+##
+## SPDX-FileCopyrightText: 2021 Splunk, Inc. <sales@splunk.com>
+## SPDX-License-Identifier: LicenseRef-Splunk-8-2021
+##
+##
+
+[launcher]
+author = Splunk, Inc.
+description = Splunk Add-on for Sysmon
+version = 4.0.2
+
+[package]
+id = Splunk_TA_microsoft_sysmon
+check_for_updates = true
+
+[install]
+is_configured = false
+state = enabled
+build = 1728390377
+
+[ui]
+is_visible = false
+label = Splunk Add-on for Sysmon
+
+[id]
+name = Splunk_TA_microsoft_sysmon
+version = 4.0.2

detections/endpoint/Splunk_TA_microsoft_sysmon 2/default/eventtypes.conf

@@ -0,0 +1,26 @@
+##
+## SPDX-FileCopyrightText: 2021 Splunk, Inc. <sales@splunk.com>
+## SPDX-License-Identifier: LicenseRef-Splunk-8-2021
+##
+##
+
+[ms-sysmon-network]
+search = source="XmlWinEventLog:Microsoft-Windows-Sysmon/Operational" EventCode="3"
+
+[ms-sysmon-process]
+search = source="XmlWinEventLog:Microsoft-Windows-Sysmon/Operational" (EventCode IN ("1","5","6","7","8","9","10","15","17","18","24","25") )
+
+[ms-sysmon-filemod]
+search = source="XmlWinEventLog:Microsoft-Windows-Sysmon/Operational" (EventCode IN ("2","11","23","26","27","28","29") )
+
+[ms-sysmon-regmod]
+search = source="XmlWinEventLog:Microsoft-Windows-Sysmon/Operational" (EventCode IN ("12","13","14") )
+
+[ms-sysmon-wmimod]
+search = source="XmlWinEventLog:Microsoft-Windows-Sysmon/Operational" (EventCode IN ("19","20","21") )
+
+[ms-sysmon-dns]
+search = source="XmlWinEventLog:Microsoft-Windows-Sysmon/Operational" EventCode="22"
+
+[ms-sysmon-service]
+search = source="XmlWinEventLog:Microsoft-Windows-Sysmon/Operational" (EventCode IN ("4","16","255") )

detections/endpoint/Splunk_TA_microsoft_sysmon 2/default/inputs.conf

@@ -0,0 +1,18 @@
+##
+## SPDX-FileCopyrightText: 2021 Splunk, Inc. <sales@splunk.com>
+## SPDX-License-Identifier: LicenseRef-Splunk-8-2021
+##
+##
+
+[WinEventLog://Microsoft-Windows-Sysmon/Operational]
+disabled = false
+renderXml = 1
+source = XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+
+
+[WinEventLog://WEC-Sysmon]
+disabled = true
+renderXml = 1
+source = XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+sourcetype = XmlWinEventLog:WEC-Sysmon
+host = WinEventLogForwardHost