Updating Github with Content from ESCU - v4.31.0

contentctl.yml

@@ -3,11 +3,11 @@ app:
   uid: 3449
   title: ES Content Updates
   appid: DA-ESS-ContentUpdate
-  version: 4.30.0
+  version: 4.31.0
   description: Explore the Analytic Stories included with ES Content Updates.
   prefix: ESCU
   build: 004210
-  version: 4.30.0
+  version: 4.31.0
   label: ES Content Updates
   author_name: Splunk Threat Research Team
   author_email: research@splunk.com

dist/DA-ESS-ContentUpdate/README.md

@@ -4,4 +4,4 @@ This subscription service delivers pre-packaged Security Content for use with Sp
 
 Requires Splunk Enterprise Security version 4.5 or greater.
 
-For more information please visit the [Splunk ES Content Update user documentation](https://docs.splunk.com/Documentation/ESSOC).
+For more information please visit the [Splunk ES Content Update user documentation](https://docs.splunk.com/Documentation/ESSOC).

dist/DA-ESS-ContentUpdate/app.manifest

@@ -1,11 +1,11 @@
 {
   "schemaVersion": "1.0.0", 
   "info": {
-    "title": "DA-ESS-ContentUpdate", 
+    "title": "ES Content Updates", 
     "id": {
       "group": null, 
       "name": "DA-ESS-ContentUpdate", 
-      "version": "4.30.0"
+      "version": "4.31.0"
     }, 
     "author": [
       {
@@ -14,7 +14,7 @@
         "company": "Splunk"
       }
     ], 
-    "releaseDate": null, 
+    "releaseDate": "2024-05-08", 
     "description": "Explore the Analytic Stories included with ES Content Updates.", 
     "classification": {
       "intendedAudience": null, 

dist/DA-ESS-ContentUpdate/default/app.conf

@@ -1,6 +1,7 @@
 #############
-# Automatically generated by generator.py in splunk/security_content
-# On Date: 2024-04-17T22:08:10 UTC
+# Automatically generated by 'contentctl build' from 
+# https://github.com/splunk/contentctl
+# On Date: 2024-05-08T17:10:53 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############
@@ -10,7 +11,7 @@
 is_configured = false
 state = enabled
 state_change_requires_restart = false
-build = 20240417220604
+build = 20240508171020
 
 [triggers]
 reload.analytic_stories = simple
@@ -26,12 +27,12 @@ reload.es_investigations = simple
 
 [launcher]
 author = Splunk
-version = 4.30.0 
+version = 4.31.0 
 description = Explore the Analytic Stories included with ES Content Updates.
 
 [ui]
 is_visible = true
-label = DA-ESS-ContentUpdate
+label = ES Content Updates
 
 [package]
 id = DA-ESS-ContentUpdate

dist/DA-ESS-ContentUpdate/default/collections.conf

@@ -1,6 +1,7 @@
 #############
-# Automatically generated by generator.py in splunk/security_content
-# On Date: 2024-04-17T22:08:10 UTC
+# Automatically generated by 'contentctl build' from 
+# https://github.com/splunk/contentctl
+# On Date: 2024-05-08T17:10:53 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############
@@ -29,10 +30,6 @@ replicate = false
 enforceTypes = false
 replicate = false
 
-[previously_seen_S3_access_from_remote_ip]
-enforceTypes = false
-replicate = false
-
 [previously_seen_api_calls_from_user_roles]
 enforceTypes = false
 replicate = false
@@ -81,6 +78,10 @@ replicate = false
 enforceTypes = false
 replicate = false
 
+[previously_seen_S3_access_from_remote_ip]
+enforceTypes = false
+replicate = false
+
 [previously_seen_users_console_logins]
 enforceTypes = false
 replicate = false

dist/DA-ESS-ContentUpdate/default/content-version.conf

@@ -1,8 +1,9 @@
 #############
-# Automatically generated by generator.py in splunk/security_content
-# On Date: 2024-04-17T22:08:10 UTC
+# Automatically generated by 'contentctl build' from 
+# https://github.com/splunk/contentctl
+# On Date: 2024-05-08T17:10:53 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############
 [content-version]
-version = 4.30.0 
+version = 4.31.0 

dist/DA-ESS-ContentUpdate/default/data/ui/nav/default.xml

@@ -2,5 +2,6 @@
   <view name="escu_summary" default="true"/>
   <view name="feedback"/>
   <view name="search"/>
+  <view name="dashboards"/>
   <a href="http://docs.splunk.com/Documentation/ESSOC">Docs</a>
 </nav>

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_all_backup_logs_for_host___response_task.xml

@@ -1,3 +1,12 @@
+<!--
+#############
+# Automatically generated by 'contentctl build' from 
+# https://github.com/splunk/contentctl
+# On Date: 2024-05-08T17:10:54 UTC
+# Author: Splunk Threat Research Team - Splunk
+# Contact: research@splunk.com
+#############
+-->
 <panel>
   <table>
     <search>

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_amazon_eks_kubernetes_activity_by_src_ip___response_task.xml

@@ -1,3 +1,12 @@
+<!--
+#############
+# Automatically generated by 'contentctl build' from 
+# https://github.com/splunk/contentctl
+# On Date: 2024-05-08T17:10:54 UTC
+# Author: Splunk Threat Research Team - Splunk
+# Contact: research@splunk.com
+#############
+-->
 <panel>
   <table>
     <search>

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_aws_investigate_security_hub_alerts_by_dest___response_task.xml

@@ -1,3 +1,12 @@
+<!--
+#############
+# Automatically generated by 'contentctl build' from 
+# https://github.com/splunk/contentctl
+# On Date: 2024-05-08T17:10:54 UTC
+# Author: Splunk Threat Research Team - Splunk
+# Contact: research@splunk.com
+#############
+-->
 <panel>
   <table>
     <search>

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_aws_investigate_user_activities_by_accesskeyid___response_task.xml

@@ -1,3 +1,12 @@
+<!--
+#############
+# Automatically generated by 'contentctl build' from 
+# https://github.com/splunk/contentctl
+# On Date: 2024-05-08T17:10:54 UTC
+# Author: Splunk Threat Research Team - Splunk
+# Contact: research@splunk.com
+#############
+-->
 <panel>
   <table>
     <search>

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_aws_investigate_user_activities_by_arn___response_task.xml

@@ -1,3 +1,12 @@
+<!--
+#############
+# Automatically generated by 'contentctl build' from 
+# https://github.com/splunk/contentctl
+# On Date: 2024-05-08T17:10:54 UTC
+# Author: Splunk Threat Research Team - Splunk
+# Contact: research@splunk.com
+#############
+-->
 <panel>
   <table>
     <search>

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_aws_network_acl_details_from_id___response_task.xml

@@ -1,3 +1,12 @@
+<!--
+#############
+# Automatically generated by 'contentctl build' from 
+# https://github.com/splunk/contentctl
+# On Date: 2024-05-08T17:10:54 UTC
+# Author: Splunk Threat Research Team - Splunk
+# Contact: research@splunk.com
+#############
+-->
 <panel>
   <table>
     <search>

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_aws_network_interface_details_via_resourceid___response_task.xml

@@ -1,3 +1,12 @@
+<!--
+#############
+# Automatically generated by 'contentctl build' from 
+# https://github.com/splunk/contentctl
+# On Date: 2024-05-08T17:10:54 UTC
+# Author: Splunk Threat Research Team - Splunk
+# Contact: research@splunk.com
+#############
+-->
 <panel>
   <table>
     <search>

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_aws_s3_bucket_details_via_bucketname___response_task.xml

@@ -1,3 +1,12 @@
+<!--
+#############
+# Automatically generated by 'contentctl build' from 
+# https://github.com/splunk/contentctl
+# On Date: 2024-05-08T17:10:54 UTC
+# Author: Splunk Threat Research Team - Splunk
+# Contact: research@splunk.com
+#############
+-->
 <panel>
   <table>
     <search>

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_gcp_kubernetes_activity_by_src_ip___response_task.xml

@@ -1,3 +1,12 @@
+<!--
+#############
+# Automatically generated by 'contentctl build' from 
+# https://github.com/splunk/contentctl
+# On Date: 2024-05-08T17:10:54 UTC
+# Author: Splunk Threat Research Team - Splunk
+# Contact: research@splunk.com
+#############
+-->
 <panel>
   <table>
     <search>

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_all_aws_activity_from_city___response_task.xml

@@ -1,3 +1,12 @@
+<!--
+#############
+# Automatically generated by 'contentctl build' from 
+# https://github.com/splunk/contentctl
+# On Date: 2024-05-08T17:10:54 UTC
+# Author: Splunk Threat Research Team - Splunk
+# Contact: research@splunk.com
+#############
+-->
 <panel>
   <table>
     <search>

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_all_aws_activity_from_country___response_task.xml

@@ -1,3 +1,12 @@
+<!--
+#############
+# Automatically generated by 'contentctl build' from 
+# https://github.com/splunk/contentctl
+# On Date: 2024-05-08T17:10:54 UTC
+# Author: Splunk Threat Research Team - Splunk
+# Contact: research@splunk.com
+#############
+-->
 <panel>
   <table>
     <search>

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_all_aws_activity_from_ip_address___response_task.xml

@@ -1,3 +1,12 @@
+<!--
+#############
+# Automatically generated by 'contentctl build' from 
+# https://github.com/splunk/contentctl
+# On Date: 2024-05-08T17:10:54 UTC
+# Author: Splunk Threat Research Team - Splunk
+# Contact: research@splunk.com
+#############
+-->
 <panel>
   <table>
     <search>

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_all_aws_activity_from_region___response_task.xml

@@ -1,3 +1,12 @@
+<!--
+#############
+# Automatically generated by 'contentctl build' from 
+# https://github.com/splunk/contentctl
+# On Date: 2024-05-08T17:10:54 UTC
+# Author: Splunk Threat Research Team - Splunk
+# Contact: research@splunk.com
+#############
+-->
 <panel>
   <table>
     <search>

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_backup_logs_for_endpoint___response_task.xml

@@ -1,3 +1,12 @@
+<!--
+#############
+# Automatically generated by 'contentctl build' from 
+# https://github.com/splunk/contentctl
+# On Date: 2024-05-08T17:10:54 UTC
+# Author: Splunk Threat Research Team - Splunk
+# Contact: research@splunk.com
+#############
+-->
 <panel>
   <table>
     <search>

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_certificate_logs_for_a_domain___response_task.xml

@@ -1,3 +1,12 @@
+<!--
+#############
+# Automatically generated by 'contentctl build' from 
+# https://github.com/splunk/contentctl
+# On Date: 2024-05-08T17:10:54 UTC
+# Author: Splunk Threat Research Team - Splunk
+# Contact: research@splunk.com
+#############
+-->
 <panel>
   <table>
     <search>

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_dns_server_history_for_a_host___response_task.xml

@@ -1,3 +1,12 @@
+<!--
+#############
+# Automatically generated by 'contentctl build' from 
+# https://github.com/splunk/contentctl
+# On Date: 2024-05-08T17:10:54 UTC
+# Author: Splunk Threat Research Team - Splunk
+# Contact: research@splunk.com
+#############
+-->
 <panel>
   <table>
     <search>

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_dns_traffic_ratio___response_task.xml

@@ -1,3 +1,12 @@
+<!--
+#############
+# Automatically generated by 'contentctl build' from 
+# https://github.com/splunk/contentctl
+# On Date: 2024-05-08T17:10:54 UTC
+# Author: Splunk Threat Research Team - Splunk
+# Contact: research@splunk.com
+#############
+-->
 <panel>
   <table>
     <search>

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_ec2_instance_details_by_instanceid___response_task.xml

@@ -1,3 +1,12 @@
+<!--
+#############
+# Automatically generated by 'contentctl build' from 
+# https://github.com/splunk/contentctl
+# On Date: 2024-05-08T17:10:54 UTC
+# Author: Splunk Threat Research Team - Splunk
+# Contact: research@splunk.com
+#############
+-->
 <panel>
   <table>
     <search>

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_ec2_launch_details___response_task.xml

@@ -1,3 +1,12 @@
+<!--
+#############
+# Automatically generated by 'contentctl build' from 
+# https://github.com/splunk/contentctl
+# On Date: 2024-05-08T17:10:54 UTC
+# Author: Splunk Threat Research Team - Splunk
+# Contact: research@splunk.com
+#############
+-->
 <panel>
   <table>
     <search>

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_email_info___response_task.xml

@@ -1,3 +1,12 @@
+<!--
+#############
+# Automatically generated by 'contentctl build' from 
+# https://github.com/splunk/contentctl
+# On Date: 2024-05-08T17:10:54 UTC
+# Author: Splunk Threat Research Team - Splunk
+# Contact: research@splunk.com
+#############
+-->
 <panel>
   <table>
     <search>