deprecated macros were not copied over during PORT operation. Fix that.

Author: pyth0n1c

macros/deprecated/aws_config.yml

@@ -1,4 +1,8 @@
-definition: sourcetype=aws:config
-description: customer specific splunk configurations(eg- index, source, sourcetype).
-  Replace the macro definition with configurations for your Splunk Environment.
 name: aws_config
+id: f14bfb6b-7b06-4cb6-beef-59f584b3dffd
+version: 1
+creation_date: '2020-04-30'
+modification_date: '2026-05-13'
+author: Splunk Threat Research Team
+description: customer specific splunk configurations(eg- index, source, sourcetype). Replace the macro definition with configurations for your Splunk Environment.
+definition: sourcetype=aws:config

macros/deprecated/aws_description.yml

@@ -1,4 +1,8 @@
-definition: sourcetype="aws:description"
-description: customer specific splunk configurations(eg- index, source, sourcetype).
-  Replace the macro definition with configurations for your Splunk Environment.
 name: aws_description
+id: 37b90e53-76f4-4cc9-8b74-d2294d80f3f6
+version: 1
+creation_date: '2020-04-30'
+modification_date: '2026-05-13'
+author: Splunk Threat Research Team
+description: customer specific splunk configurations(eg- index, source, sourcetype). Replace the macro definition with configurations for your Splunk Environment.
+definition: sourcetype="aws:description"

macros/deprecated/aws_securityhub_firehose.yml

@@ -1,4 +1,8 @@
-definition: sourcetype="aws:securityhub:firehose"
-description: customer specific splunk configurations(eg- index, source, sourcetype).
-  Replace the macro definition with configurations for your Splunk Environment.
 name: aws_securityhub_firehose
+id: 047a11bf-353a-45cf-86b4-3cf2ee680fdb
+version: 1
+creation_date: '2020-05-05'
+modification_date: '2026-05-13'
+author: Splunk Threat Research Team
+description: customer specific splunk configurations(eg- index, source, sourcetype). Replace the macro definition with configurations for your Splunk Environment.
+definition: sourcetype="aws:securityhub:firehose"

macros/deprecated/azuread.yml

@@ -1,4 +1,8 @@
-definition: sourcetype=mscs:azure:eventhub
-description: customer specific splunk configurations(eg- index, source, sourcetype).
-  Replace the macro definition with configurations for your Splunk Environment.
 name: azuread
+id: 69a46574-72f6-4d76-9502-619e5805f9c1
+version: 1
+creation_date: '2020-04-30'
+modification_date: '2026-05-13'
+author: Splunk Threat Research Team
+description: customer specific splunk configurations(eg- index, source, sourcetype). Replace the macro definition with configurations for your Splunk Environment.
+definition: sourcetype=mscs:azure:eventhub

macros/deprecated/brand_abuse_dns.yml

@@ -1,5 +1,8 @@
-definition: lookup update=true brandMonitoring_lookup domain as query OUTPUT domain_abuse
-  | search domain_abuse=true
-description: This macro limits the output to only domains that are in the brand monitoring
-  lookup file
 name: brand_abuse_dns
+id: 5ff8a324-d441-40ef-87f2-b220d6301dc2
+version: 1
+creation_date: '2019-10-16'
+modification_date: '2026-05-13'
+author: Splunk Threat Research Team
+description: This macro limits the output to only domains that are in the brand monitoring lookup file
+definition: lookup update=true brandMonitoring_lookup domain as query OUTPUT domain_abuse | search domain_abuse=true

macros/deprecated/brand_abuse_email.yml

@@ -1,5 +1,8 @@
-definition: lookup update=true brandMonitoring_lookup domain as src_user OUTPUT domain_abuse
-  | search domain_abuse=true
-description: This macro limits the output to only domains that are in the brand monitoring
-  lookup file
 name: brand_abuse_email
+id: 610d5f81-cf1d-4ca6-89d5-2b2c5f8df03d
+version: 1
+creation_date: '2019-10-16'
+modification_date: '2026-05-13'
+author: Splunk Threat Research Team
+description: This macro limits the output to only domains that are in the brand monitoring lookup file
+definition: lookup update=true brandMonitoring_lookup domain as src_user OUTPUT domain_abuse | search domain_abuse=true

macros/deprecated/brand_abuse_web.yml

@@ -1,5 +1,8 @@
-definition: lookup update=true brandMonitoring_lookup domain as urls OUTPUT domain_abuse
-  | search domain_abuse=true
-description: This macro limits the output to only domains that are in the brand monitoring
-  lookup file
 name: brand_abuse_web
+id: 9113796e-72df-4536-b7db-9dd1cbfc9923
+version: 1
+creation_date: '2019-10-16'
+modification_date: '2026-05-13'
+author: Splunk Threat Research Team
+description: This macro limits the output to only domains that are in the brand monitoring lookup file
+definition: lookup update=true brandMonitoring_lookup domain as urls OUTPUT domain_abuse | search domain_abuse=true

macros/deprecated/cloud_api_calls_from_previously_unseen_user_roles_activity_window.yml

@@ -1,3 +1,8 @@
+name: cloud_api_calls_from_previously_unseen_user_roles_activity_window
+id: 13fef53a-3ab4-4656-bda0-4c9183cb88be
+version: 1
+creation_date: '2020-08-20'
+modification_date: '2026-05-13'
+author: Splunk Threat Research Team
 description: Use this macro to determine how far back you should be checking for new commands from user roles
 definition: '"-70m@m"'
-name: cloud_api_calls_from_previously_unseen_user_roles_activity_window

macros/deprecated/cloudwatch_eks.yml

@@ -1,3 +1,8 @@
-definition: sourcetype="aws:cloudwatchlogs:eks"
-description: customer specific splunk configurations(eg- index, source, sourcetype) for AWS cloudwatch eks logs. Replace the macro definition with configurations for your Splunk Environment.
 name: cloudwatch_eks
+id: 16c38950-13af-4636-b6aa-bcbdfeda1f69
+version: 1
+creation_date: '2020-04-30'
+modification_date: '2026-05-13'
+author: Splunk Threat Research Team
+description: customer specific splunk configurations(eg- index, source, sourcetype) for AWS cloudwatch eks logs. Replace the macro definition with configurations for your Splunk Environment.
+definition: sourcetype="aws:cloudwatchlogs:eks"

macros/deprecated/cloudwatch_vpc.yml

@@ -1,3 +1,8 @@
-definition: sourcetype=aws:cloudwatchlogs:vpcflow
-description: customer specific splunk configurations(eg- index, source, sourcetype) for AWS cloudwatch vpc logs. Replace the macro definition with configurations for your Splunk Environment.
 name: cloudwatch_vpc
+id: 99f810c9-6899-47f6-921a-183c7f71b36d
+version: 1
+creation_date: '2020-04-30'
+modification_date: '2026-05-13'
+author: Splunk Threat Research Team
+description: customer specific splunk configurations(eg- index, source, sourcetype) for AWS cloudwatch vpc logs. Replace the macro definition with configurations for your Splunk Environment.
+definition: sourcetype=aws:cloudwatchlogs:vpcflow