Merge pull request #3567 from splunk/bump_version_5_8_0

pyth0n1c · web-flow · commit 5fa73118ce9a · 2025-06-17T13:05:03.000-07:00
Bump ESCU to 5.8.0
diff --git a/contentctl.yml b/contentctl.yml
@@ -3,7 +3,7 @@ app:
   uid: 3449
   title: ES Content Updates
   appid: DA-ESS-ContentUpdate
-  version: 5.7.0
+  version: 5.8.0
   description: Explore the Analytic Stories included with ES Content Updates.
   prefix: ESCU
   label: ESCU
diff --git a/removed/detections/certutil_download_with_urlcache_and_split_arguments.yml b/removed/detections/certutil_download_with_urlcache_and_split_arguments.yml
@@ -3,7 +3,7 @@ id: 415b4306-8bfb-11eb-85c4-acde48001122
 version: 13
 date: '2025-05-02'
 author: Michael Haag, Splunk
-status: deprecated
+status: removed
 type: TTP
 description: This analytic has been deprecated in favor of "Windows CertUtil Download".
   The following analytic detects the use of certutil.exe to download files
diff --git a/removed/detections/certutil_download_with_verifyctl_and_split_arguments.yml b/removed/detections/certutil_download_with_verifyctl_and_split_arguments.yml
@@ -3,7 +3,7 @@ id: 801ad9e4-8bfb-11eb-8b31-acde48001122
 version: 13
 date: '2025-05-02'
 author: Michael Haag, Splunk
-status: deprecated
+status: removed
 type: TTP
 description: This analytic has been deprecated in favor of "Windows CertUtil Download".
   The following analytic detects the use of `certutil.exe` to download
diff --git a/removed/detections/windows_certutil_download_with_url_argument.yml b/removed/detections/windows_certutil_download_with_url_argument.yml
@@ -3,7 +3,7 @@ id: 4fc5ca00-4c7c-46b3-8772-c98a4b8bd944
 version: 6
 date: '2025-05-02'
 author: Nasreddine Bencherchali, Splunk
-status: deprecated
+status: removed
 type: TTP
 description: This analytic has been deprecated in favor of "Windows CertUtil Download".
   The following analytic detects the use of `certutil.exe` to download
diff --git a/removed/detections/windows_remote_access_software_hunt.yml b/removed/detections/windows_remote_access_software_hunt.yml
@@ -3,7 +3,7 @@ id: 8bd22c9f-05a2-4db1-b131-29271f28cb0a
 version: 8
 date: '2025-05-02'
 author: Michael Haag, Splunk
-status: deprecated
+status: removed
 type: Hunting
 description: This search is deprecated in favor of the new detection - Detect Remote Access Software Usage Process. The following analytic identifies the use of remote access software within
   the environment. It leverages data from Endpoint Detection and Response (EDR) agents,
