Bump contentctl.yml and build.yml to 6.1.0 (#4113)

patel-bhavin · research bot · web-flow · commit 0c3e5887e8fa · 2026-06-08T15:58:54.000+02:00
* chore: bump contentctl.yml and build.yml to 6.1.0

* move to removed

* status is removed

---------

Co-authored-by: research bot &lt;research@splunk.com&gt;
diff --git a/build.yml b/build.yml
@@ -9,7 +9,7 @@ author: Splunk Threat Research Team
 author_email: research@splunk.com
 content_prefix: ESCU
 label: ES Content Updates
-app_version: 6.0.0
+app_version: 6.1.0
 description: Explore the Analytic Stories included with ES Content Updates.
 id: DA-ESS-ContentUpdate
 external_app_content:
diff --git a/contentctl.yml b/contentctl.yml
@@ -3,7 +3,7 @@ app:
   uid: 3449
   title: ES Content Updates
   appid: DA-ESS-ContentUpdate
-  version: 6.0.0
+  version: 6.1.0
   description: Explore the Analytic Stories included with ES Content Updates.
   prefix: ESCU
   label: ESCU
diff --git a/removed/detections/attempt_to_add_certificate_to_untrusted_store.yml b/removed/detections/attempt_to_add_certificate_to_untrusted_store.yml
@@ -2,9 +2,9 @@ name: Attempt To Add Certificate To Untrusted Store
 id: 6bc5243e-ef36-45dc-9b12-f4a6be131159
 version: 20
 creation_date: '2020-04-29'
-modification_date: '2026-05-13'
+modification_date: '2026-06-03'
 author: Patrick Bareiss, Rico Valdez, Splunk
-status: deprecated
+status: removed
 deprecation_info:
     reason: Detection is deprecated as the usage of certutil and addstore by itself is not malicious.
     removed_in_version: 6.1.0
diff --git a/removed/detections/chcp_command_execution.yml b/removed/detections/chcp_command_execution.yml
@@ -1,10 +1,10 @@
 name: CHCP Command Execution
 id: 21d236ec-eec1-11eb-b23e-acde48001122
-version: 13
+version: 14
 creation_date: '2021-08-05'
-modification_date: '2026-05-13'
+modification_date: '2026-06-03'
 author: Teoderick Contreras, Splunk
-status: deprecated
+status: removed
 deprecation_info:
     reason: Detection is deprecated as the usage of chcp.com by itself is not malicious.
     removed_in_version: 6.1.0
diff --git a/removed/detections/ivanti_sentry_authentication_bypass.yml b/removed/detections/ivanti_sentry_authentication_bypass.yml
@@ -1,10 +1,10 @@
 name: Ivanti Sentry Authentication Bypass
 id: b8e0d1cf-e6a8-4d46-a5ae-aebe18ead8f8
-version: 9
+version: 10
 creation_date: '2023-08-24'
-modification_date: '2026-05-13'
+modification_date: '2026-06-03'
 author: Michael Haag, Splunk
-status: deprecated
+status: removed
 deprecation_info:
     reason: Detection is deprecated since it is not specific enough to identify the intended malicious activity and might produce false positives.
     removed_in_version: 6.1.0
diff --git a/removed/detections/processes_launching_netsh.yml b/removed/detections/processes_launching_netsh.yml
@@ -1,10 +1,10 @@
 name: Processes launching netsh
 id: b89919ed-fe5f-492c-b139-95dbb162040e
-version: 16
+version: 17
 creation_date: '2020-04-29'
-modification_date: '2026-05-13'
+modification_date: '2026-06-03'
 author: Michael Haag, Josef Kuepker, Splunk
-status: deprecated
+status: removed
 deprecation_info:
     reason: Detection is deprecated as the usage of netsh.exe by itself is often used for legitimate purposes.
     removed_in_version: 6.1.0
diff --git a/removed/detections/sc_exe_manipulating_windows_services.yml b/removed/detections/sc_exe_manipulating_windows_services.yml
@@ -1,10 +1,10 @@
 name: Sc exe Manipulating Windows Services
 id: f0c693d8-2a89-4ce7-80b4-98fea4c3ea6d
-version: 16
+version: 17
 creation_date: '2020-04-29'
-modification_date: '2026-05-13'
+modification_date: '2026-06-03'
 author: Rico Valdez, Splunk
-status: deprecated
+status: removed
 deprecation_info:
     reason: Detection is deprecated as the usage of sc.exe by itself is often used for legitimate purposes.
     removed_in_version: 6.1.0
