security_content icon indicating copy to clipboard operation
security_content copied to clipboard

Published 20 hours ago verified publisher icon splunk

new-xml-src-data

Open tccontre opened this issue 2 years ago • 0 comments

Details

add new xml sourcetype in attack_data feature of contentctl.py

  • 'XmlWinEventLog:Security',
  • 'XmlWinEventLog:System',
  • 'XmlWinEventLog:Application',
  • 'XmlWinEventLog:Directory Service'

What does this PR have in it? Screenshots are worth 1000 words 😄

Screenshot 2022-09-15 at 10 01 27

Checklist

  • [ ] Validate name matches <platform>_<mitre att&ck technique>_<short description> nomenclature
  • [ ] CI/CD jobs passed ✔️
  • [ ] Validated SPL logic.
  • [ ] Validated tags, description, and how to implement.
  • [ ] Verified references match analytic.

tccontre avatar Sep 15 '22 08:09 tccontre