-
Notifications
You must be signed in to change notification settings - Fork 383
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deprecated mapping yaml for detections #3297
base: develop
Are you sure you want to change the base?
Conversation
I have moved the deprecation information into each relevant YML file itself in line with some proposed contentctl updates. Note that the following detections in the deprecated detections folder are still missing deprecation information in the YML and, as such, have not yet had their YMLs updated: https://github.com/splunk/security_content/blob/deprecated_mapping/detections/deprecated/excel_spawning_windows_script_host.yml We also lack deprecation information at this time for:
|
…ty_content into deprecated_mapping
that was previously added to detections
develop branch
adds a new mapping file for deprecated detections:
deprecated_id: d93f785e-4c2c-4262-b8c7-12b77a13fd39
replacement_name: Okta Multiple Failed MFA Requests For User
replacement_id: 826dbaae-a1e6-4c8c-b384-d16898956e73
date: '2025-01-28'
escu_version: 5.0.0
migration_guide: https://docs.splunk.com/Documentation/ESCU/5.0.0/user/DeprecatedAnalytics
reason: Detections updated to use the new search logic and field names due to the
TA update