Testing new Sysmon Ta

contentctl.yml

@@ -73,7 +73,7 @@ apps:
   appid: Splunk_TA_microsoft_sysmon
   version: 4.0.3
   description: description of app
-  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-sysmon_403.tgz
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Splunk_TA_microsoft_sysmon-5.0.0.spl
 - uid: 833
   title: Splunk Add-on for Unix and Linux
   appid: Splunk_TA_nix

data_sources/sysmon_eventid_1.yml

@@ -1,6 +1,6 @@
 name: Sysmon EventID 1
 id: b375f4d1-d7ca-4bc0-9103-294825c0af17
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs the creation of a new process, including details such as 

data_sources/sysmon_eventid_10.yml

@@ -1,6 +1,6 @@
 name: Sysmon EventID 10
 id: 659cd5a8-148a-4c59-ade1-05f41ac1b096
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs events where one process accesses another process, typically 

data_sources/sysmon_eventid_11.yml

@@ -1,6 +1,6 @@
 name: Sysmon EventID 11
 id: f3db9179-f4f5-416d-bc03-39f4d4ff699e
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs the creation of a new file, including details about the file 

data_sources/sysmon_eventid_12.yml

@@ -1,6 +1,6 @@
 name: Sysmon EventID 12
 id: 3ef28798-8eaa-4fd2-b074-6f36d08a1b33
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs the creation of a new registry key, including details about 

data_sources/sysmon_eventid_13.yml

@@ -1,6 +1,6 @@
 name: Sysmon EventID 13
 id: 19cd00ee-f65f-48ca-bb08-64aac28638ce
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs changes to a registry key, including details about the 

data_sources/sysmon_eventid_14.yml

@@ -1,6 +1,6 @@
 name: Sysmon EventID 14
 id: 77c4b345-0eab-415e-98c6-f4114b021723
-version: 2
+version: 4
 date: '2025-07-10'
 author: Bhavin Patel, Splunk
 description: Data source object for Sysmon EventID 14

data_sources/sysmon_eventid_15.yml

@@ -1,6 +1,6 @@
 name: Sysmon EventID 15
 id: 95785e02-93b4-47e2-81f1-be326295348e
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs the creation of a new file stream, including details about the

data_sources/sysmon_eventid_17.yml

@@ -1,6 +1,6 @@
 name: Sysmon EventID 17
 id: 08924246-c8e8-4c95-a9fc-633c43cc82df
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Sysmon EventID 17 logs details about the detection of a named pipe.

data_sources/sysmon_eventid_18.yml

@@ -1,6 +1,6 @@
 name: Sysmon EventID 18
 id: 37eb3554-214e-4e66-af10-c3ffc5b8ca82
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs the connection to a named pipe, including details about the 

data_sources/sysmon_eventid_20.yml

@@ -1,6 +1,6 @@
 name: Sysmon EventID 20
 id: aeee5374-3203-4286-b744-a8cc4ad1cd7e
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs WMI (Windows Management Instrumentation) consumer activity, 

data_sources/sysmon_eventid_21.yml

@@ -1,6 +1,6 @@
 name: Sysmon EventID 21
 id: 304384bc-715e-4958-988b-a8051a91349a
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs activity related to the association of a WMI event consumer 

data_sources/sysmon_eventid_22.yml

@@ -1,6 +1,6 @@
 name: Sysmon EventID 22
 id: 911538b2-eba7-4d3e-85e8-d82d380c37bf
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs DNS query events, including details about the queried domain, 

data_sources/sysmon_eventid_23.yml

@@ -1,6 +1,6 @@
 name: Sysmon EventID 23
 id: 5ea2721d-f60c-4f48-a047-47d514e327c3
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs the deletion of a file, including details about the file path,

data_sources/sysmon_eventid_26.yml

@@ -1,6 +1,6 @@
 name: Sysmon EventID 26
 id: 77f946e0-4afb-4789-8d9e-c29c1658f501
-version: 2
+version: 4
 date: '2025-07-10'
 author: Bhavin Patel, Splunk
 description: Data source object for Sysmon EventID 26

data_sources/sysmon_eventid_3.yml

@@ -1,6 +1,6 @@
 name: Sysmon EventID 3
 id: 01d84dff-4e26-422c-9389-6a579ee6e75b
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs details of network connections initiated by processes, 

data_sources/sysmon_eventid_5.yml

@@ -1,6 +1,6 @@
 name: Sysmon EventID 5
 id: 556471bf-44fa-44e6-97e2-eb25416aeb6d
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs the termination of a process, including details about the 

data_sources/sysmon_eventid_6.yml

@@ -1,6 +1,6 @@
 name: Sysmon EventID 6
 id: eadc297a-c20c-45a1-8fac-74ad54019767
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs the loading of a driver into the kernel or user mode, 

data_sources/sysmon_eventid_7.yml

@@ -1,6 +1,6 @@
 name: Sysmon EventID 7
 id: 45512fa5-4d55-4088-9d51-f4dedc16fdff
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs the loading of an image (module) into a process, including 

data_sources/sysmon_eventid_8.yml

@@ -1,6 +1,6 @@
 name: Sysmon EventID 8
 id: df7a786c-ade0-48f0-8596-26f10d169f7d
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs the creation of a new thread in a process, including details 

data_sources/sysmon_eventid_9.yml

@@ -1,6 +1,6 @@
 name: Sysmon EventID 9
 id: ae4a6a24-9b8c-4386-a7ac-677d7ad5bf09
-version: 3
+version: 4
 date: '2025-07-10'
 author: Patrick Bareiss, Splunk
 description: Logs the access of raw disk data by a process, including details