Branch was auto-updated.

.github/workflows/validate-and-build.yml

@@ -16,7 +16,7 @@ jobs:
 
       - uses: actions/setup-python@v4
         with:
-          python-version: '3.9' #Available versions here - https://github.com/actions/python-versions/releases  easy to change/make a matrix/use pypy
+          python-version: '3.11' #Available versions here - https://github.com/actions/python-versions/releases  easy to change/make a matrix/use pypy
           architecture: 'x64' # optional x64 or x86. Defaults to x64 if not specified
 
       - name: Install System Packages
@@ -25,24 +25,22 @@ jobs:
           sudo apt install jq -qq
       
 
-      - name: Install Python Dependencies and ContentCTL
+      - name: Install Python Dependencies and ContentCTL and Atomic Red Team
         run: |
-          pip3 install poetry
-          git submodule update --init contentctl
-          cd contentctl
-          git checkout main
-          poetry install
+          python3.11 -m venv .venv
+          source .venv/bin/activate
+          pip install contentctl
+          git clone --depth=1 --single-branch --branch=master https://github.com/redcanaryco/atomic-red-team.git
       
       - name: content_ctl validate
         run: |
-          cd contentctl
-          poetry run contentctl -p ../ validate 
+          source .venv/bin/activate
+          contentctl validate 
 
       - name: contentctl generate
         run: |
-          cd contentctl
-          poetry run contentctl -p ../ build
-          cd ..
+          source .venv/bin/activate
+          contentctl build --enrichments
           mkdir artifacts
           mv dist/DA-ESS-ContentUpdate-latest.tar.gz artifacts/
 

contentctl.yml

@@ -6,9 +6,7 @@ app:
   version: 4.31.0
   description: Explore the Analytic Stories included with ES Content Updates.
   prefix: ESCU
-  build: 004210
-  version: 4.31.0
-  label: ES Content Updates
+  label: ESCU
   author_name: Splunk Threat Research Team
   author_email: research@splunk.com
   author_company: Splunk
@@ -185,4 +183,3 @@ apps:
   description: description of app
   hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/url-toolbox_192.tgz
 githash: d6fac80e6d50ae06b40f91519a98489d4ce3a3fd
-

dist/DA-ESS-ContentUpdate/app.manifest

@@ -14,7 +14,7 @@
         "company": "Splunk"
       }
     ], 
-    "releaseDate": "2024-05-08", 
+    "releaseDate": "2024-05-10", 
     "description": "Explore the Analytic Stories included with ES Content Updates.", 
     "classification": {
       "intendedAudience": null, 

dist/DA-ESS-ContentUpdate/default/app.conf

@@ -1,7 +1,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:53 UTC
+# On Date: 2024-05-10T18:00:36 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############
@@ -11,7 +11,7 @@
 is_configured = false
 state = enabled
 state_change_requires_restart = false
-build = 20240508171020
+build = 20240510180009
 
 [triggers]
 reload.analytic_stories = simple

dist/DA-ESS-ContentUpdate/default/collections.conf

@@ -1,7 +1,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:53 UTC
+# On Date: 2024-05-10T18:00:36 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/content-version.conf

@@ -1,7 +1,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:53 UTC
+# On Date: 2024-05-10T18:00:36 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_all_backup_logs_for_host___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:54 UTC
+# On Date: 2024-05-10T18:00:37 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_amazon_eks_kubernetes_activity_by_src_ip___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:54 UTC
+# On Date: 2024-05-10T18:00:37 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_aws_investigate_security_hub_alerts_by_dest___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:54 UTC
+# On Date: 2024-05-10T18:00:37 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_aws_investigate_user_activities_by_accesskeyid___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:54 UTC
+# On Date: 2024-05-10T18:00:37 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_aws_investigate_user_activities_by_arn___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:54 UTC
+# On Date: 2024-05-10T18:00:37 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_aws_network_acl_details_from_id___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:54 UTC
+# On Date: 2024-05-10T18:00:37 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_aws_network_interface_details_via_resourceid___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:54 UTC
+# On Date: 2024-05-10T18:00:37 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_aws_s3_bucket_details_via_bucketname___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:54 UTC
+# On Date: 2024-05-10T18:00:37 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_gcp_kubernetes_activity_by_src_ip___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:54 UTC
+# On Date: 2024-05-10T18:00:37 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_all_aws_activity_from_city___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:54 UTC
+# On Date: 2024-05-10T18:00:37 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_all_aws_activity_from_country___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:54 UTC
+# On Date: 2024-05-10T18:00:37 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_all_aws_activity_from_ip_address___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:54 UTC
+# On Date: 2024-05-10T18:00:37 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_all_aws_activity_from_region___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:54 UTC
+# On Date: 2024-05-10T18:00:37 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_backup_logs_for_endpoint___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:54 UTC
+# On Date: 2024-05-10T18:00:37 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_certificate_logs_for_a_domain___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:54 UTC
+# On Date: 2024-05-10T18:00:37 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_dns_server_history_for_a_host___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:54 UTC
+# On Date: 2024-05-10T18:00:37 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_dns_traffic_ratio___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:54 UTC
+# On Date: 2024-05-10T18:00:37 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_ec2_instance_details_by_instanceid___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:54 UTC
+# On Date: 2024-05-10T18:00:37 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_ec2_launch_details___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:54 UTC
+# On Date: 2024-05-10T18:00:37 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_email_info___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:54 UTC
+# On Date: 2024-05-10T18:00:37 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_emails_from_specific_sender___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:54 UTC
+# On Date: 2024-05-10T18:00:37 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_first_occurrence_and_last_occurrence_of_a_mac_address___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:54 UTC
+# On Date: 2024-05-10T18:00:37 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_history_of_email_sources___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:54 UTC
+# On Date: 2024-05-10T18:00:37 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_logon_rights_modifications_for_endpoint___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:54 UTC
+# On Date: 2024-05-10T18:00:37 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_logon_rights_modifications_for_user___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:54 UTC
+# On Date: 2024-05-10T18:00:37 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_notable_history___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:54 UTC
+# On Date: 2024-05-10T18:00:37 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_parent_process_info___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:54 UTC
+# On Date: 2024-05-10T18:00:37 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_process_file_activity___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:54 UTC
+# On Date: 2024-05-10T18:00:37 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_process_info___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:54 UTC
+# On Date: 2024-05-10T18:00:37 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_process_information_for_port_activity___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:54 UTC
+# On Date: 2024-05-10T18:00:37 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_process_responsible_for_the_dns_traffic___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:54 UTC
+# On Date: 2024-05-10T18:00:37 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_get_sysmon_wmi_activity_for_host___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-05-08T17:10:54 UTC
+# On Date: 2024-05-10T18:00:37 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: research@splunk.com
 #############