Merge pull request #3304 from splunk/auto-ta-update-162

Automated Splunk TA Update 162

Author: ljstella

contentctl.yml

@@ -155,9 +155,9 @@ apps:
 - uid: 3110
   title: Splunk Add-on for Microsoft Cloud Services
   appid: SPLUNK_TA_MICROSOFT_CLOUD_SERVICES
-  version: 5.4.1
+  version: 5.4.2
   description: description of app
-  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-microsoft-cloud-services_541.tgz
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-microsoft-cloud-services_542.tgz
 - uid: 4055
   title: Splunk Add-on for Microsoft Office 365
   appid: SPLUNK_ADD_ON_FOR_MICROSOFT_OFFICE_365

data_sources/azure_active_directory.yml

@@ -10,4 +10,4 @@ separator: operationName
 supported_TA:
 - name: Splunk Add-on for Microsoft Cloud Services
   url: https://splunkbase.splunk.com/app/3110
-  version: 5.4.1
+  version: 5.4.2

data_sources/azure_active_directory_add_app_role_assignment_to_service_principal.yml

@@ -11,7 +11,7 @@ separator: operationName
 supported_TA:
 - name: Splunk Add-on for Microsoft Cloud Services
   url: https://splunkbase.splunk.com/app/3110
-  version: 5.4.1
+  version: 5.4.2
 fields:
 - _time
 - Level

data_sources/azure_active_directory_add_member_to_role.yml

@@ -10,7 +10,7 @@ separator: operationName
 supported_TA:
 - name: Splunk Add-on for Microsoft Cloud Services
   url: https://splunkbase.splunk.com/app/3110
-  version: 5.4.1
+  version: 5.4.2
 fields:
 - _time
 - Level

data_sources/azure_active_directory_add_owner_to_application.yml

@@ -10,7 +10,7 @@ separator: operationName
 supported_TA:
 - name: Splunk Add-on for Microsoft Cloud Services
   url: https://splunkbase.splunk.com/app/3110
-  version: 5.4.1
+  version: 5.4.2
 fields:
 - _time
 - Level

data_sources/azure_active_directory_add_service_principal.yml

@@ -10,7 +10,7 @@ separator: operationName
 supported_TA:
 - name: Splunk Add-on for Microsoft Cloud Services
   url: https://splunkbase.splunk.com/app/3110
-  version: 5.4.1
+  version: 5.4.2
 fields:
 - _time
 - Level

data_sources/azure_active_directory_add_unverified_domain.yml

@@ -10,7 +10,7 @@ separator: operationName
 supported_TA:
 - name: Splunk Add-on for Microsoft Cloud Services
   url: https://splunkbase.splunk.com/app/3110
-  version: 5.4.1
+  version: 5.4.2
 fields:
 - _time
 - Level

data_sources/azure_active_directory_consent_to_application.yml

@@ -10,7 +10,7 @@ separator: operationName
 supported_TA:
 - name: Splunk Add-on for Microsoft Cloud Services
   url: https://splunkbase.splunk.com/app/3110
-  version: 5.4.1
+  version: 5.4.2
 fields:
 - _time
 - Level

data_sources/azure_active_directory_disable_strong_authentication.yml

@@ -10,7 +10,7 @@ separator: operationName
 supported_TA:
 - name: Splunk Add-on for Microsoft Cloud Services
   url: https://splunkbase.splunk.com/app/3110
-  version: 5.4.1
+  version: 5.4.2
 fields:
 - _time
 - Level

data_sources/azure_active_directory_enable_account.yml

@@ -10,7 +10,7 @@ separator: operationName
 supported_TA:
 - name: Splunk Add-on for Microsoft Cloud Services
   url: https://splunkbase.splunk.com/app/3110
-  version: 5.4.1
+  version: 5.4.2
 fields:
 - _time
 - Level

data_sources/azure_active_directory_invite_external_user.yml

@@ -10,7 +10,7 @@ separator: operationName
 supported_TA:
 - name: Splunk Add-on for Microsoft Cloud Services
   url: https://splunkbase.splunk.com/app/3110
-  version: 5.4.1
+  version: 5.4.2
 fields:
 - _time
 - Level

data_sources/azure_active_directory_reset_password_(by_admin).yml

@@ -10,7 +10,7 @@ separator: operationName
 supported_TA:
 - name: Splunk Add-on for Microsoft Cloud Services
   url: https://splunkbase.splunk.com/app/3110
-  version: 5.4.1
+  version: 5.4.2
 fields:
 - _time
 - Level

data_sources/azure_active_directory_set_domain_authentication.yml

@@ -10,7 +10,7 @@ separator: operationName
 supported_TA:
 - name: Splunk Add-on for Microsoft Cloud Services
   url: https://splunkbase.splunk.com/app/3110
-  version: 5.4.1
+  version: 5.4.2
 fields:
 - _time
 - Level

data_sources/azure_active_directory_sign_in_activity.yml

@@ -10,7 +10,7 @@ separator: operationName
 supported_TA:
 - name: Splunk Add-on for Microsoft Cloud Services
   url: https://splunkbase.splunk.com/app/3110
-  version: 5.4.1
+  version: 5.4.2
 fields:
 - _time
 - Level

data_sources/azure_active_directory_update_application.yml

@@ -10,7 +10,7 @@ separator: operationName
 supported_TA:
 - name: Splunk Add-on for Microsoft Cloud Services
   url: https://splunkbase.splunk.com/app/3110
-  version: 5.4.1
+  version: 5.4.2
 fields:
 - _time
 - Level

data_sources/azure_active_directory_update_authorization_policy.yml

@@ -10,7 +10,7 @@ separator: operationName
 supported_TA:
 - name: Splunk Add-on for Microsoft Cloud Services
   url: https://splunkbase.splunk.com/app/3110
-  version: 5.4.1
+  version: 5.4.2
 fields:
 - _time
 - Level

data_sources/azure_active_directory_update_user.yml

@@ -10,7 +10,7 @@ separator: operationName
 supported_TA:
 - name: Splunk Add-on for Microsoft Cloud Services
   url: https://splunkbase.splunk.com/app/3110
-  version: 5.4.1
+  version: 5.4.2
 fields:
 - _time
 - Level

data_sources/azure_active_directory_user_registered_security_info.yml

@@ -11,7 +11,7 @@ separator: operationName
 supported_TA:
 - name: Splunk Add-on for Microsoft Cloud Services
   url: https://splunkbase.splunk.com/app/3110
-  version: 5.4.1
+  version: 5.4.2
 fields:
 - _time
 - Level

data_sources/azure_audit_create_or_update_an_azure_automation_account.yml

@@ -11,7 +11,7 @@ separator: operationName.localizedValue
 supported_TA:
 - name: Splunk Add-on for Microsoft Cloud Services
   url: https://splunkbase.splunk.com/app/3110
-  version: 5.4.1
+  version: 5.4.2
 fields:
 - _time
 - authorization.action

data_sources/azure_audit_create_or_update_an_azure_automation_runbook.yml

@@ -11,7 +11,7 @@ separator: operationName.localizedValue
 supported_TA:
 - name: Splunk Add-on for Microsoft Cloud Services
   url: https://splunkbase.splunk.com/app/3110
-  version: 5.4.1
+  version: 5.4.2
 fields:
 - _time
 - authorization.action

data_sources/azure_audit_create_or_update_an_azure_automation_webhook.yml

@@ -11,7 +11,7 @@ separator: operationName.localizedValue
 supported_TA:
 - name: Splunk Add-on for Microsoft Cloud Services
   url: https://splunkbase.splunk.com/app/3110
-  version: 5.4.1
+  version: 5.4.2
 fields:
 - _time
 - authorization.action

data_sources/azure_monitor_activity.yml

@@ -3,14 +3,17 @@ id: 1997a515-a61a-4f78-ada9-54af34c764f2
 version: 1
 date: '2025-01-13'
 author: Bhavin Patel, Splunk
-description: Data source object for Azure Monitor Activity.  The Splunk Add-on for Microsoft Cloud Services add-on is required to ingest In-Tune audit logs via Azure EventHub.  To configure this logging, visit Intune > Tenant administration > Diagnostic settings > Add diagnostic settings & send events to the activity audit event hub. 
+description: Data source object for Azure Monitor Activity.  The Splunk Add-on for
+  Microsoft Cloud Services add-on is required to ingest In-Tune audit logs via Azure
+  EventHub.  To configure this logging, visit Intune > Tenant administration > Diagnostic
+  settings > Add diagnostic settings & send events to the activity audit event hub.
 source: Azure AD
 sourcetype: azure:monitor:activity
 separator: operationName
 supported_TA:
 - name: Splunk Add-on for Microsoft Cloud Services
   url: https://splunkbase.splunk.com/app/3110
-  version: 5.4.1
+  version: 5.4.2
 fields:
 - column
 - action
@@ -93,4 +96,16 @@ fields:
 - vendor_product
 - vendor_region
 - _time
-example_log: '{"time": "2024-04-29T13:30:28.8622000Z", "tenantId": "26db52ee-c1b5-4c96-a0d4-129e25dc0388", "category": "AuditLogs", "operationName": "createDeviceHealthScript DeviceHealthScript", "properties": {"ActivityDate": "4/29/2024 1:30:28 PM", "ActivityResultStatus": 1, "ActivityType": 0, "Actor": {"ActorType": 1, "Application": "5926fc8e-304e-4f59-8bed-58ca97cc39a4", "ApplicationName": "Microsoft Intune portal extension", "IsDelegatedAdmin": false, "Name": null, "ObjectId": "cf2ef473-7d3b-4f14-961c-2e470e9a70f2", "PartnerTenantId": "00000000-0000-0000-0000-000000000000", "UserPermissions": ["*"], "UPN": "brian.cove@frothlydev.onmicrosoft.com"}, "AdditionalDetails": "", "AuditEventId": "3e7e790e-f15a-4c2c-a91a-516483bb4e37", "Category": 3, "RelationId": null, "TargetDisplayNames": ["<null>"], "TargetObjectIds": ["b16fcad4-b9f5-46fe-9bf0-841cd9be7bc9"], "Targets": [{"ModifiedProperties": [{"Name": "DeviceManagementAPIVersion", "Old": null, "New": "5024-02-13"}], "Name": null}]}, "resultType": "Success", "resultDescription": "None", "correlationId": "949ac544-b4e5-4576-a117-915c47c0ee00", "identity": "brian.cove@frothlydev.onmicrosoft.com"}'
+example_log: '{"time": "2024-04-29T13:30:28.8622000Z", "tenantId": "26db52ee-c1b5-4c96-a0d4-129e25dc0388",
+  "category": "AuditLogs", "operationName": "createDeviceHealthScript DeviceHealthScript",
+  "properties": {"ActivityDate": "4/29/2024 1:30:28 PM", "ActivityResultStatus": 1,
+  "ActivityType": 0, "Actor": {"ActorType": 1, "Application": "5926fc8e-304e-4f59-8bed-58ca97cc39a4",
+  "ApplicationName": "Microsoft Intune portal extension", "IsDelegatedAdmin": false,
+  "Name": null, "ObjectId": "cf2ef473-7d3b-4f14-961c-2e470e9a70f2", "PartnerTenantId":
+  "00000000-0000-0000-0000-000000000000", "UserPermissions": ["*"], "UPN": "brian.cove@frothlydev.onmicrosoft.com"},
+  "AdditionalDetails": "", "AuditEventId": "3e7e790e-f15a-4c2c-a91a-516483bb4e37",
+  "Category": 3, "RelationId": null, "TargetDisplayNames": ["<null>"], "TargetObjectIds":
+  ["b16fcad4-b9f5-46fe-9bf0-841cd9be7bc9"], "Targets": [{"ModifiedProperties": [{"Name":
+  "DeviceManagementAPIVersion", "Old": null, "New": "5024-02-13"}], "Name": null}]},
+  "resultType": "Success", "resultDescription": "None", "correlationId": "949ac544-b4e5-4576-a117-915c47c0ee00",
+  "identity": "brian.cove@frothlydev.onmicrosoft.com"}'