splunk
diff --git a/‎contentctl.yml‎
Lines changed: 11 additions & 6 deletions b/‎contentctl.yml‎
Lines changed: 11 additions & 6 deletions
diff --git a/‎data_sources/linux_auditd_cwd.yml‎
Lines changed: 25 additions & 0 deletions b/‎data_sources/linux_auditd_cwd.yml‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎data_sources/m365_copilot_graph_api.yml‎
Lines changed: 1 addition & 1 deletion b/‎data_sources/m365_copilot_graph_api.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎data_sources/ntlm_operational_8004.yml‎
Lines changed: 1 addition & 1 deletion b/‎data_sources/ntlm_operational_8004.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎data_sources/ntlm_operational_8005.yml‎
Lines changed: 1 addition & 1 deletion b/‎data_sources/ntlm_operational_8005.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎data_sources/ntlm_operational_8006.yml‎
Lines changed: 1 addition & 1 deletion b/‎data_sources/ntlm_operational_8006.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎data_sources/o365.yml‎
Lines changed: 1 addition & 1 deletion b/‎data_sources/o365.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎data_sources/o365_add_app_role_assignment_grant_to_user_.yml‎
Lines changed: 1 addition & 1 deletion b/‎data_sources/o365_add_app_role_assignment_grant_to_user_.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎data_sources/o365_add_app_role_assignment_to_service_principal_.yml‎
Lines changed: 1 addition & 1 deletion b/‎data_sources/o365_add_app_role_assignment_to_service_principal_.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎data_sources/o365_add_mailboxpermission.yml‎
Lines changed: 1 addition & 1 deletion b/‎data_sources/o365_add_mailboxpermission.yml‎
Lines changed: 1 addition & 1 deletion
@@ -38,9 +38,9 @@ apps:
 - uid: 6553
   title: Splunk Add-on for Okta Identity Cloud
   appid: Splunk_TA_okta_identity_cloud
-  version: 4.1.0
+  version: 5.0.0
   description: description of app
-  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-okta-identity-cloud_410.tgz
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-okta-identity-cloud_500.tgz
 - uid: 7404
   title: Cisco Security Cloud
   appid: CiscoSecurityCloud
@@ -65,9 +65,9 @@ apps:
 - uid: 742
   title: Splunk Add-on for Microsoft Windows
   appid: SPLUNK_ADD_ON_FOR_MICROSOFT_WINDOWS
-  version: 9.1.1
+  version: 9.1.2
   description: description of app
-  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-microsoft-windows_911.tgz
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-microsoft-windows_912.tgz
 - uid: 5709
   title: Splunk Add-on for Sysmon
   appid: Splunk_TA_microsoft_sysmon
@@ -167,9 +167,9 @@ apps:
 - uid: 4055
   title: Splunk Add-on for Microsoft Office 365
   appid: SPLUNK_ADD_ON_FOR_MICROSOFT_OFFICE_365
-  version: 5.0.0
+  version: 5.1.0
   description: description of app
-  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-microsoft-office-365_500.tgz
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-microsoft-office-365_510.tgz
 - uid: 2890
   title: Splunk Machine Learning Toolkit
   appid: SPLUNK_MACHINE_LEARNING_TOOLKIT
@@ -251,6 +251,11 @@ apps:
   appid: TA-cisco_ios
   version: 2.7.9
   hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/add-on-for-cisco-network-data_279.tgz
+- uid: 8024
+  title: TA-ollama
+  appid: ta-ollama
+  version: 0.1.5
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/ta-ollama_015.tgz
 githash: d6fac80e6d50ae06b40f91519a98489d4ce3a3fd
 test_data_caches:
 - base_url: https://media.githubusercontent.com/media/splunk/attack_data/master/
 
@@ -0,0 +1,25 @@
+name: Linux Auditd Cwd
+id: a9ef851b-d864-478b-b1b3-76535d7ff7fc
+version: 1
+date: '2025-12-02'
+author: Nasreddine Bencherchali, Splunk
+description: This type is used to record the working directory from which the process that invoked the system call specified in the first record was executed. The purpose of this record is to record the current process's location in case a relative path winds up being captured in the associated PATH record. This way the absolute path can be reconstructed.
+source: auditd
+sourcetype: auditd
+separator: type
+separator_value: CWD
+configuration: https://github.com/Neo23x0/auditd/blob/master/audit.rules
+supported_TA:
+- name: Splunk Add-on for Unix and Linux
+  url: https://splunkbase.splunk.com/app/833
+  version: 10.2.0
+fields:
+- cwd
+- date_hour
+- date_mday
+- date_minute
+- date_month
+- date_second
+- msg
+- type
+example_log: 'type=CWD msg=audit(11/20/2025 16:57:48.909:110027) : cwd=/etc/ssh'
@@ -9,7 +9,7 @@ sourcetype: o365:graph:api
 supported_TA:
 - name: Splunk Add-on for Microsoft Office 365
   url: https://splunkbase.splunk.com/app/4055
-  version: 5.0.0
+  version: 5.1.0
 fields:
 - appDisplayName
 - appId
 
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 9.1.1
+  version: 9.1.2
 fields:
 - CategoryString
 - Channel
 
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 9.1.1
+  version: 9.1.2
 fields:
 - CategoryString
 - Channel
 
@@ -10,7 +10,7 @@ separator: EventCode
 supported_TA:
 - name: Splunk Add-on for Microsoft Windows
   url: https://splunkbase.splunk.com/app/742
-  version: 9.1.1
+  version: 9.1.2
 fields:
 - CategoryString
 - Channel
 
@@ -17,4 +17,4 @@ separator: Operation
 supported_TA:
 - name: Splunk Add-on for Microsoft Office 365
   url: https://splunkbase.splunk.com/app/4055
-  version: 5.0.0
+  version: 5.1.0
@@ -17,7 +17,7 @@ separator_value: Add app role assignment grant to user.
 supported_TA:
 - name: Splunk Add-on for Microsoft Office 365
   url: https://splunkbase.splunk.com/app/4055
-  version: 5.0.0
+  version: 5.1.0
 fields:
 - _time
 - ActorContextId
 
@@ -18,7 +18,7 @@ separator_value: Add app role assignment to service principal.
 supported_TA:
 - name: Splunk Add-on for Microsoft Office 365
   url: https://splunkbase.splunk.com/app/4055
-  version: 5.0.0
+  version: 5.1.0
 fields:
 - _time
 - ActorContextId
 
@@ -18,7 +18,7 @@ separator_value: Add-MailboxPermission
 supported_TA:
 - name: Splunk Add-on for Microsoft Office 365
   url: https://splunkbase.splunk.com/app/4055
-  version: 5.0.0
+  version: 5.1.0
 fields:
 - _time
 - AccessRights