diff --git a/contentctl.yml b/contentctl.yml
index e24367f52c..8898828321 100644
--- a/contentctl.yml
+++ b/contentctl.yml
@@ -73,7 +73,7 @@ apps:
   appid: Splunk_TA_microsoft_sysmon
   version: 4.0.3
   description: description of app
-  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-sysmon_403.tgz
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Splunk_TA_microsoft_sysmon-5.0.0.spl
 - uid: 833
   title: Splunk Add-on for Unix and Linux
   appid: Splunk_TA_nix
diff --git a/data_sources/sysmon_eventid_1.yml b/data_sources/sysmon_eventid_1.yml
index 22c8d87805..0e15897260 100644
--- a/data_sources/sysmon_eventid_1.yml
+++ b/data_sources/sysmon_eventid_1.yml
@@ -1,6 +1,6 @@
 name: Sysmon EventID 1
 id: b375f4d1-d7ca-4bc0-9103-294825c0af17
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs the creation of a new process, including details such as 
diff --git a/data_sources/sysmon_eventid_10.yml b/data_sources/sysmon_eventid_10.yml
index 05d7e905d1..78552d6bf6 100644
--- a/data_sources/sysmon_eventid_10.yml
+++ b/data_sources/sysmon_eventid_10.yml
@@ -1,6 +1,6 @@
 name: Sysmon EventID 10
 id: 659cd5a8-148a-4c59-ade1-05f41ac1b096
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs events where one process accesses another process, typically 
diff --git a/data_sources/sysmon_eventid_11.yml b/data_sources/sysmon_eventid_11.yml
index 0d0dbb3f55..dda614c63e 100644
--- a/data_sources/sysmon_eventid_11.yml
+++ b/data_sources/sysmon_eventid_11.yml
@@ -1,6 +1,6 @@
 name: Sysmon EventID 11
 id: f3db9179-f4f5-416d-bc03-39f4d4ff699e
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs the creation of a new file, including details about the file 
diff --git a/data_sources/sysmon_eventid_12.yml b/data_sources/sysmon_eventid_12.yml
index 5040d01c78..737b3311f7 100644
--- a/data_sources/sysmon_eventid_12.yml
+++ b/data_sources/sysmon_eventid_12.yml
@@ -1,6 +1,6 @@
 name: Sysmon EventID 12
 id: 3ef28798-8eaa-4fd2-b074-6f36d08a1b33
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs the creation of a new registry key, including details about 
diff --git a/data_sources/sysmon_eventid_13.yml b/data_sources/sysmon_eventid_13.yml
index 3a819be328..3d05e2ae6f 100644
--- a/data_sources/sysmon_eventid_13.yml
+++ b/data_sources/sysmon_eventid_13.yml
@@ -1,6 +1,6 @@
 name: Sysmon EventID 13
 id: 19cd00ee-f65f-48ca-bb08-64aac28638ce
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs changes to a registry key, including details about the 
diff --git a/data_sources/sysmon_eventid_14.yml b/data_sources/sysmon_eventid_14.yml
index ab5892e9ad..976710662f 100644
--- a/data_sources/sysmon_eventid_14.yml
+++ b/data_sources/sysmon_eventid_14.yml
@@ -1,6 +1,6 @@
 name: Sysmon EventID 14
 id: 77c4b345-0eab-415e-98c6-f4114b021723
-version: 2
+version: 4
 date: '2025-07-10'
 author: Bhavin Patel, Splunk
 description: Data source object for Sysmon EventID 14
diff --git a/data_sources/sysmon_eventid_15.yml b/data_sources/sysmon_eventid_15.yml
index 9fe94bd153..02c183c8a5 100644
--- a/data_sources/sysmon_eventid_15.yml
+++ b/data_sources/sysmon_eventid_15.yml
@@ -1,6 +1,6 @@
 name: Sysmon EventID 15
 id: 95785e02-93b4-47e2-81f1-be326295348e
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs the creation of a new file stream, including details about the
diff --git a/data_sources/sysmon_eventid_17.yml b/data_sources/sysmon_eventid_17.yml
index d2588bf23f..8ded5a5265 100644
--- a/data_sources/sysmon_eventid_17.yml
+++ b/data_sources/sysmon_eventid_17.yml
@@ -1,6 +1,6 @@
 name: Sysmon EventID 17
 id: 08924246-c8e8-4c95-a9fc-633c43cc82df
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Sysmon EventID 17 logs details about the detection of a named pipe.
diff --git a/data_sources/sysmon_eventid_18.yml b/data_sources/sysmon_eventid_18.yml
index 1aae6e5cd2..786bf97e1e 100644
--- a/data_sources/sysmon_eventid_18.yml
+++ b/data_sources/sysmon_eventid_18.yml
@@ -1,6 +1,6 @@
 name: Sysmon EventID 18
 id: 37eb3554-214e-4e66-af10-c3ffc5b8ca82
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs the connection to a named pipe, including details about the 
diff --git a/data_sources/sysmon_eventid_20.yml b/data_sources/sysmon_eventid_20.yml
index eec1979778..93b3400117 100644
--- a/data_sources/sysmon_eventid_20.yml
+++ b/data_sources/sysmon_eventid_20.yml
@@ -1,6 +1,6 @@
 name: Sysmon EventID 20
 id: aeee5374-3203-4286-b744-a8cc4ad1cd7e
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs WMI (Windows Management Instrumentation) consumer activity, 
diff --git a/data_sources/sysmon_eventid_21.yml b/data_sources/sysmon_eventid_21.yml
index d8949dfd1c..9bce6fb54d 100644
--- a/data_sources/sysmon_eventid_21.yml
+++ b/data_sources/sysmon_eventid_21.yml
@@ -1,6 +1,6 @@
 name: Sysmon EventID 21
 id: 304384bc-715e-4958-988b-a8051a91349a
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs activity related to the association of a WMI event consumer 
diff --git a/data_sources/sysmon_eventid_22.yml b/data_sources/sysmon_eventid_22.yml
index b4ee763481..8876f13266 100644
--- a/data_sources/sysmon_eventid_22.yml
+++ b/data_sources/sysmon_eventid_22.yml
@@ -1,6 +1,6 @@
 name: Sysmon EventID 22
 id: 911538b2-eba7-4d3e-85e8-d82d380c37bf
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs DNS query events, including details about the queried domain, 
diff --git a/data_sources/sysmon_eventid_23.yml b/data_sources/sysmon_eventid_23.yml
index 378848fd1c..e298218c8e 100644
--- a/data_sources/sysmon_eventid_23.yml
+++ b/data_sources/sysmon_eventid_23.yml
@@ -1,6 +1,6 @@
 name: Sysmon EventID 23
 id: 5ea2721d-f60c-4f48-a047-47d514e327c3
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs the deletion of a file, including details about the file path,
diff --git a/data_sources/sysmon_eventid_26.yml b/data_sources/sysmon_eventid_26.yml
index 7e4123dacf..7db09863e9 100644
--- a/data_sources/sysmon_eventid_26.yml
+++ b/data_sources/sysmon_eventid_26.yml
@@ -1,6 +1,6 @@
 name: Sysmon EventID 26
 id: 77f946e0-4afb-4789-8d9e-c29c1658f501
-version: 2
+version: 4
 date: '2025-07-10'
 author: Bhavin Patel, Splunk
 description: Data source object for Sysmon EventID 26
diff --git a/data_sources/sysmon_eventid_3.yml b/data_sources/sysmon_eventid_3.yml
index 7fdbecd28b..a61d05efc9 100644
--- a/data_sources/sysmon_eventid_3.yml
+++ b/data_sources/sysmon_eventid_3.yml
@@ -1,6 +1,6 @@
 name: Sysmon EventID 3
 id: 01d84dff-4e26-422c-9389-6a579ee6e75b
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs details of network connections initiated by processes, 
diff --git a/data_sources/sysmon_eventid_5.yml b/data_sources/sysmon_eventid_5.yml
index 6b3e32ae52..d076a95063 100644
--- a/data_sources/sysmon_eventid_5.yml
+++ b/data_sources/sysmon_eventid_5.yml
@@ -1,6 +1,6 @@
 name: Sysmon EventID 5
 id: 556471bf-44fa-44e6-97e2-eb25416aeb6d
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs the termination of a process, including details about the 
diff --git a/data_sources/sysmon_eventid_6.yml b/data_sources/sysmon_eventid_6.yml
index 183fae81b4..ef0d80fbc8 100644
--- a/data_sources/sysmon_eventid_6.yml
+++ b/data_sources/sysmon_eventid_6.yml
@@ -1,6 +1,6 @@
 name: Sysmon EventID 6
 id: eadc297a-c20c-45a1-8fac-74ad54019767
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs the loading of a driver into the kernel or user mode, 
diff --git a/data_sources/sysmon_eventid_7.yml b/data_sources/sysmon_eventid_7.yml
index 4100177286..5bf44612ec 100644
--- a/data_sources/sysmon_eventid_7.yml
+++ b/data_sources/sysmon_eventid_7.yml
@@ -1,6 +1,6 @@
 name: Sysmon EventID 7
 id: 45512fa5-4d55-4088-9d51-f4dedc16fdff
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs the loading of an image (module) into a process, including 
diff --git a/data_sources/sysmon_eventid_8.yml b/data_sources/sysmon_eventid_8.yml
index 0c50478755..6f8636314d 100644
--- a/data_sources/sysmon_eventid_8.yml
+++ b/data_sources/sysmon_eventid_8.yml
@@ -1,6 +1,6 @@
 name: Sysmon EventID 8
 id: df7a786c-ade0-48f0-8596-26f10d169f7d
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs the creation of a new thread in a process, including details 
diff --git a/data_sources/sysmon_eventid_9.yml b/data_sources/sysmon_eventid_9.yml
index 7d1fc5bf4b..83992efaf8 100644
--- a/data_sources/sysmon_eventid_9.yml
+++ b/data_sources/sysmon_eventid_9.yml
@@ -1,6 +1,6 @@
 name: Sysmon EventID 9
 id: ae4a6a24-9b8c-4386-a7ac-677d7ad5bf09
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs the access of raw disk data by a process, including details