updating docs and package bits [ci skip]

research bot · research bot · commit 3272e098b4a0 · 2019-10-31T20:30:02.000Z
diff --git a/package/default/analytic_stories.conf b/package/default/analytic_stories.conf
@@ -1,6 +1,6 @@
 #############
 # Automatically generated by generator.py in splunk/security-content
-# On Date: 2019-10-31T17:15:19 UTC
+# On Date: 2019-10-31T20:26:18 UTC
 # Author: Splunk Security Research
 # Contact: research@splunk.com
 #############
diff --git a/package/default/analyticstories.conf b/package/default/analyticstories.conf
@@ -1,6 +1,6 @@
 #############
 # Automatically generated by generator.py in splunk/security-content
-# On Date: 2019-10-31T17:15:19 UTC
+# On Date: 2019-10-31T20:26:18 UTC
 # Author: Splunk Security Research
 # Contact: research@splunk.com
 #############
diff --git a/package/default/app.conf b/package/default/app.conf
@@ -4,7 +4,7 @@
 is_configured = false
 state = enabled
 state_change_requires_restart = false
-build = 2705
+build = 2729
 
 [triggers]
 reload.analytic_stories = simple
diff --git a/package/default/macros.conf b/package/default/macros.conf
@@ -1,6 +1,6 @@
 #############
 # Automatically generated by generator.py in splunk/security-content
-# On Date: 2019-10-31T17:15:19 UTC
+# On Date: 2019-10-31T20:26:18 UTC
 # Author: Splunk Security Research
 # Contact: research@splunk.com
 #############
diff --git a/package/default/savedsearches.conf b/package/default/savedsearches.conf
@@ -1,6 +1,6 @@
 #############
 # Automatically generated by generator.py in splunk/security-content
-# On Date: 2019-10-31T17:15:19 UTC
+# On Date: 2019-10-31T20:26:18 UTC
 # Author: Splunk Security Research
 # Contact: research@splunk.com
 #############
diff --git a/package/default/transforms.conf b/package/default/transforms.conf
@@ -1,196 +1,196 @@
 #############
 # Automatically generated by generator.py in splunk/security-content
-# On Date: 2019-10-31T17:15:19 UTC
+# On Date: 2019-10-31T20:26:18 UTC
 # Author: Splunk Security Research
 # Contact: research@splunk.com
 #############
 
 [api_call_by_user_baseline]
 filename = api_call_by_user_baseline.csv
-description = A lookup file that will contain the baseline information for number of AWS API calls per user
+# description = A lookup file that will contain the baseline information for number of AWS API calls per user
 
 [aws_service_accounts]
 filename = aws_service_accounts.csv
-description = A lookup file that will contain AWS Service accounts
+# description = A lookup file that will contain AWS Service accounts
 
 [baseline_blocked_outbound_connections]
 filename = baseline_blocked_outbound_connections.csv
-description = A lookup file that will contain the baseline information for number of blocked outbound connections
+# description = A lookup file that will contain the baseline information for number of blocked outbound connections
 
 [brandMonitoring_lookup]
 filename = brand_monitoring.csv
 default_match = false
-description = A file that contains look-a-like domains for brands that you want to monitor
+# description = A file that contains look-a-like domains for brands that you want to monitor
 match_type = WILDCARD(domain)
 min_matches = 1
 
 [csc_lookup]
 filename = csc_lookup.csv
-description = The CSC control numbers and names
+# description = The CSC control numbers and names
 min_matches = 1
 
 [domains]
 filename = domains.csv
-description = A list of domains that can be whitelisted
+# description = A list of domains that can be whitelisted
 
 [dynamic_dns_providers_default]
 filename = dynamic_dns_providers_default.csv
 case_sensitive_match = false
-description = A list of dynammic dns providers that should not be modified
+# description = A list of dynammic dns providers that should not be modified
 match_type = WILDCARD(dynamic_dns_domains)
 
 [dynamic_dns_providers_local]
 filename = dynamic_dns_providers_local.csv
 case_sensitive_match = false
-description = A list of dynammic dns providers that can be modified
+# description = A list of dynammic dns providers that can be modified
 match_type = WILDCARD(dynamic_dns_domains)
 
 [escu_search_id_lookup]
 filename = escu_search_id.csv
-description = A placeholder lookup file to hold information for ESCU Usage dashboard
+# description = A placeholder lookup file to hold information for ESCU Usage dashboard
 
 [isSuspiciousFileExtension_lookup]
 filename = suspicious_email_attachments.csv
-description = A list of suspicious extensions for email attachments
+# description = A list of suspicious extensions for email attachments
 match_type = WILDCARD(file_name)
 
 [isWindowsSystemFile_lookup]
 filename = system32_executables.csv
 default_match = false
-description = A list of executable files in Windows\System32
+# description = A list of executable files in Windows\System32
 min_matches = 1
 
 [legit_domains]
 filename = legit_domains.csv
-description = A list of legit domains to be used to whitelist possible phishing sites
+# description = A list of legit domains to be used to whitelist possible phishing sites
 
 [lookup_rare_process_whitelist_default]
 filename = rare_process_whitelist_default.csv
 default_match = false
 case_sensitive_match = false
-description = A list of rare processes that are legitimate provided by Splunk
+# description = A list of rare processes that are legitimate provided by Splunk
 match_type = WILDCARD(process)
 min_matches = 1
 
 [lookup_rare_process_whitelist_local]
 filename = rare_process_whitelist_local.csv
 default_match = false
 case_sensitive_match = false
-description = A list of rare processes that are legitimate provided by the end user
+# description = A list of rare processes that are legitimate provided by the end user
 match_type = WILDCARD(process)
 min_matches = 1
 
 [lookup_uncommon_processes_default]
 filename = uncommon_processes_default.csv
 case_sensitive_match = false
-description = A list of processes that are not common
+# description = A list of processes that are not common
 match_type = WILDCARD(process)
 
 [lookup_uncommon_processes_local]
 filename = uncommon_processes_local.csv
 case_sensitive_match = false
-description = A list of processes that are not common
+# description = A list of processes that are not common
 match_type = WILDCARD(process)
 
 [network_acl_activity_baseline]
 filename = network_acl_activity_baseline.csv
-description = A lookup file that will contain the baseline information for number of AWS Network ACL Activity
+# description = A lookup file that will contain the baseline information for number of AWS Network ACL Activity
 
 [previously_seen_S3_access_from_remote_ip]
 filename = previously_seen_S3_access_from_remote_ip.csv
-description = A placeholder for a list of IPs that have access S3
+# description = A placeholder for a list of IPs that have access S3
 
 [previously_seen_api_calls_from_user_roles]
 filename = previously_seen_api_calls_from_user_roles.csv
-description = A placeholder for a list of AWS API calls for each user role
+# description = A placeholder for a list of AWS API calls for each user role
 
 [previously_seen_aws_cross_account_activity]
 filename = previously_seen_aws_cross_account_activity.csv
-description = A placeholder for a list of AWS accounts and assumed roles
+# description = A placeholder for a list of AWS accounts and assumed roles
 
 [previously_seen_aws_regions]
 filename = previously_seen_aws_regions.csv
 default_match = false
-description = A place holder for a list of used AWS regions
+# description = A place holder for a list of used AWS regions
 min_matches = 1
 
 [previously_seen_cloud_compute_creations_by_user]
 filename = previously_seen_cloud_compute_creations_by_user.csv
 default_match = false
-description = A place holder for a list of users that have created cloud compute instances
+# description = A place holder for a list of users that have created cloud compute instances
 min_matches = 1
 
 [previously_seen_cloud_compute_images]
 filename = previously_seen_cloud_compute_images.csv
 default_match = false
-description = A place holder for a list of used cloud compute images
+# description = A place holder for a list of used cloud compute images
 min_matches = 1
 
 [previously_seen_cloud_compute_instance_types]
 filename = previously_seen_cloud_compute_instance_types.csv
 default_match = false
-description = A place holder for a list of used cloud compute instance types
+# description = A place holder for a list of used cloud compute instance types
 min_matches = 1
 
 [previously_seen_cloud_regions]
 filename = previously_seen_cloud_regions.csv
 default_match = false
-description = A place holder for a list of used cloud compute images
+# description = A place holder for a list of used cloud compute images
 min_matches = 1
 
 [previously_seen_cmd_line_arguments]
 filename = previously_seen_cmd_line_arguments.csv
-description = A placeholder for a list of cmd line arugments that been seen before
+# description = A placeholder for a list of cmd line arugments that been seen before
 
 [previously_seen_ec2_modifications_by_user]
 filename = previously_seen_ec2_modifications_by_user.csv
-description = A place holder for a list of AWS EC2 modifications done by each user
+# description = A place holder for a list of AWS EC2 modifications done by each user
 
 [previously_seen_running_windows_services]
 filename = previously_seen_running_windows_services.csv
-description = A placeholder for the list of Windows Services running
+# description = A placeholder for the list of Windows Services running
 
 [prohibitedProcesses_lookup]
 filename = prohibited_processes.csv
-description = A list of processes that have been marked as prohibited
+# description = A list of processes that have been marked as prohibited
 
 [prohibited_apps_launching_cmd]
 filename = prohibited_apps_launching_cmd.csv
-description = A list of processes that should not be launching cmd.exe
+# description = A list of processes that should not be launching cmd.exe
 match_type = WILDCARD(prohibited_applications)
 
 [ransomware_extensions_lookup]
 filename = ransomware_extensions.csv
 default_match = false
-description = A list of file extensions that are associated with ransomware
+# description = A list of file extensions that are associated with ransomware
 min_matches = 1
 
 [ransomware_notes_lookup]
 filename = ransomware_notes.csv
 default_match = false
-description = A list of file names that are ransomware note files
+# description = A list of file names that are ransomware note files
 match_type = WILDCARD(ransomware_notes)
 min_matches = 1
 
 [s3_deletion_baseline]
 filename = s3_deletion_baseline.csv
-description = A placeholder for the baseline information for AWS S3 deletions
+# description = A placeholder for the baseline information for AWS S3 deletions
 
 [security_group_activity_baseline]
 filename = security_group_activity_baseline.csv
-description = A placeholder for the baseline information for AWS security groups
+# description = A placeholder for the baseline information for AWS security groups
 
 [security_services_lookup]
 filename = security_services.csv
 default_match = false
-description = A list of services that deal with security
+# description = A list of services that deal with security
 match_type = WILDCARD(service)
 min_matches = 1
 
 [suspicious_writes_lookup]
 filename = suspicious_files.csv
 default_match = false
-description = A list of suspicious file names
+# description = A list of suspicious file names
 match_type = WILDCARD(file)
 min_matches = 1
 
diff --git a/package/default/use_case_library.conf b/package/default/use_case_library.conf
@@ -1,6 +1,6 @@
 #############
 # Automatically generated by generator.py in splunk/security-content
-# On Date: 2019-10-31T17:15:19 UTC
+# On Date: 2019-10-31T20:26:18 UTC
 # Author: Splunk Security Research
 # Contact: research@splunk.com
 #############
