added back contentctl.yml as it is required for the legacy testing workflow

pyth0n1c · pyth0n1c · commit e84529f448d3 · 2026-05-20T13:31:40.000-07:00
diff --git a/contentctl.yml b/contentctl.yml
@@ -0,0 +1,268 @@
+path: .
+app:
+  uid: 3449
+  title: ES Content Updates
+  appid: DA-ESS-ContentUpdate
+  version: 6.0.0
+  description: Explore the Analytic Stories included with ES Content Updates.
+  prefix: ESCU
+  label: ESCU
+  author_name: Splunk Threat Research Team
+  author_email: research@splunk.com
+  author_company: Splunk
+enrichments: false
+build_app: true
+build_api: true
+build_ssa: false
+build_path: dist
+test_instance:
+  splunk_app_username: admin
+  instance_address: localhost
+  hec_port: 8088
+  web_ui_port: 8000
+  api_port: 8089
+container_settings:
+  full_image_path: registry.hub.docker.com/splunk/splunk:9.3
+  leave_running: true
+  num_containers: 1
+mode: {}
+splunk_api_username: null
+post_test_behavior: pause_on_failure
+apps:
+- uid: 1621
+  title: Splunk_SA_CIM
+  appid: Splunk_SA_CIM
+  version: 8.5.0
+  description: description of app
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-common-information-model-cim_850.tgz
+- uid: 6553
+  title: Splunk Add-on for Okta Identity Cloud
+  appid: Splunk_TA_okta_identity_cloud
+  version: 5.0.2
+  description: description of app
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-okta-identity-cloud_502.tgz
+- uid: 7404
+  title: Cisco Security Cloud
+  appid: CiscoSecurityCloud
+  version: 3.6.5
+  description: description of app
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/cisco-security-cloud_365.tgz
+- uid: 7569
+  title: Cisco Secure Access Add-on for Splunk
+  appid: TA-cisco-cloud-security-addon
+  version: 1.0.50
+  description: description of app
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/cisco-secure-access-add-on-for-splunk_1050.tar.gz
+- uid: 6652
+  title: Add-on for Linux Sysmon
+  appid: Splunk_TA_linux_sysmon
+  version: 1.0.0
+  description: description of app
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-sysmon-for-linux_100.tgz
+- uid: null
+  title: Splunk Fix XmlWinEventLog HEC Parsing
+  appid: Splunk_FIX_XMLWINEVENTLOG_HEC_PARSING
+  version: '0.1'
+  description: This TA is required for replaying Windows Data into the Test Environment.
+    The Default TA does not include logic for properly splitting multiple log events
+    in a single file.  In production environments, this logic is applied by the Universal
+    Forwarder.
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/Latest/Splunk_TA_fix_windows.tgz
+- uid: 742
+  title: Splunk Add-on for Microsoft Windows
+  appid: SPLUNK_ADD_ON_FOR_MICROSOFT_WINDOWS
+  version: 10.0.1
+  description: description of app
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-microsoft-windows_1001.tgz
+- uid: 5709
+  title: Splunk Add-on for Sysmon
+  appid: Splunk_TA_microsoft_sysmon
+  version: 5.0.0
+  description: description of app
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-sysmon_500.tgz
+- uid: 833
+  title: Splunk Add-on for Unix and Linux
+  appid: Splunk_TA_nix
+  version: 10.2.0
+  description: description of app
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-unix-and-linux_1020.tgz
+- uid: 5579
+  title: Splunk Add-on for CrowdStrike FDR
+  appid: Splunk_TA_CrowdStrike_FDR
+  version: 2.0.5
+  description: description of app
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-crowdstrike-fdr_205.tgz
+- uid: 3185
+  title: Splunk Add-on for Microsoft IIS
+  appid: SPLUNK_TA_FOR_IIS
+  version: 1.3.0
+  description: description of app
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-microsoft-iis_130.tgz
+- uid: 6994
+  title: CCX Add-on for Suricata
+  appid: SPLUNK_TA_FOR_SURICATA
+  version: 1.0.1
+  description: description of app
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/ccx-add-on-for-suricata_101.tgz
+- uid: 5466
+  title: TA for Zeek
+  appid: SPLUNK_TA_FOR_ZEEK
+  version: 1.0.11
+  description: description of app
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/ta-for-zeek_1011.tgz
+- uid: 3258
+  title: Splunk Add-on for NGINX
+  appid: SPLUNK_ADD_ON_FOR_NGINX
+  version: 3.3.0
+  description: description of app
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-nginx_330.tgz
+- uid: 5238
+  title: Splunk Add-on for Stream Forwarders
+  appid: SPLUNK_ADD_ON_FOR_STREAM_FORWARDERS
+  version: 8.1.3
+  description: description of app
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-stream-forwarders_813.tgz
+- uid: 5234
+  title: Splunk Add-on for Stream Wire Data
+  appid: SPLUNK_ADD_ON_FOR_STREAM_WIRE_DATA
+  version: 8.1.6
+  description: description of app
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-stream-wire-data_816.tgz
+- uid: 2757
+  title: Splunk Add-on for Palo Alto Networks
+  appid: SPLUNK_ADD_ON_FOR_PALO_ALTO_NETWORKS
+  version: 3.0.1
+  description: description of app
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-palo-alto-networks_301.tgz
+- uid: 3865
+  title: Zscaler Technical Add-On for Splunk
+  appid: Zscaler_CIM
+  version: 4.0.16
+  description: description of app
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/zscaler-technical-add-on-for-splunk_4016.tgz
+- uid: 3719
+  title: Splunk Add-on for Amazon Kinesis Firehose
+  appid: SPLUNK_ADD_ON_FOR_AMAZON_KINESIS_FIREHOSE
+  version: 1.3.2
+  description: description of app
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-amazon-kinesis-firehose_132.tgz
+- uid: 1876
+  title: Splunk Add-on for AWS
+  appid: Splunk_TA_aws
+  version: 8.1.1
+  description: description of app
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-amazon-web-services-aws_811.tgz
+- uid: 3088
+  title: Splunk Add-on for Google Cloud Platform
+  appid: SPLUNK_ADD_ON_FOR_GOOGLE_CLOUD_PLATFORM
+  version: 4.7.0
+  description: description of app
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-google-cloud-platform_470.tgz
+- uid: 5556
+  title: Splunk Add-on for Google Workspace
+  appid: SPLUNK_ADD_ON_FOR_GOOGLE_WORKSPACE
+  version: 3.1.1
+  description: description of app
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-google-workspace_311.tgz
+- uid: 3110
+  title: Splunk Add-on for Microsoft Cloud Services
+  appid: SPLUNK_TA_MICROSOFT_CLOUD_SERVICES
+  version: 6.1.1
+  description: description of app
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-microsoft-cloud-services_611.tgz
+- uid: 4055
+  title: Splunk Add-on for Microsoft Office 365
+  appid: SPLUNK_ADD_ON_FOR_MICROSOFT_OFFICE_365
+  version: 6.0.2
+  description: description of app
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-microsoft-office-365_602.tgz
+- uid: 5518
+  title: Splunk add on for Microsoft Defender Advanced Hunting
+  appid: SPLUNK_ADD_ON_FOR_MICROSOFT_DEFENDER_ADVANCED_HUNTING
+  version: 1.4.2
+  description: description of app
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/microsoft-defender-advanced-hunting-add-on-for-splunk_142.tgz
+- uid: 6207
+  title: Splunk Add-on for Microsoft Security
+  appid: Splunk_TA_MS_Security
+  version: 3.0.0
+  description: description of app
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-microsoft-security_300.tgz
+- uid: 2734
+  title: URL Toolbox
+  appid: URL_TOOLBOX
+  version: 1.9.4
+  description: description of app
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/url-toolbox_194.tgz
+- uid: 6853
+  title: Splunk Add-on for Admon Enrichment
+  appid: SA-admon
+  version: 1.1.2
+  description: description of app
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-admon-enrichment_112.tgz
+- uid: 5082
+  title: CrowdStrike Falcon Event Streams Technical Add-On
+  appid: TA-crowdstrike-falcon-event-streams
+  version: 3.2.1
+  description: description of app
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/crowdstrike-falcon-event-streams-technical-add-on_321.tgz
+- uid: 6254
+  title: Splunk Add-on for Github
+  appid: Splunk_TA_github
+  version: 3.2.0
+  description: description of app
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-github_320.tgz
+- uid: 3471
+  title: Splunk Add-on for AppDynamics
+  appid: Splunk_TA_AppDynamics
+  version: 3.2.1
+  description: The Splunk Add-on for AppDynamics enables you to easily configure data
+    inputs to pull data from AppDynamics' REST APIs
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/cisco-splunk-add-on-for-appdynamics_321.tgz
+- uid: 4221
+  title: Cisco NVM Add-on for Splunk
+  appid: TA-Cisco-NVM
+  version: 4.0.7
+  description: The Cisco Endpoint Security Analytics (CESA) Add-On for Splunk allows
+    IT administrators to analyze and correlate user and endpoint behavior in Splunk
+    Enterprise. This Add-on provides configuration and collection of data from the
+    Cisco AnyConnect Network Visibility Module IPFIX (nvzFlow) Collector. This module
+    collects additional context such as user, device, application, location and destination
+    for flows both on and off premise.
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/cisco-endpoint-security-analytics-cesa-add-on-for-splunk_407.tgz
+- uid: 5603
+  title: Add-on for VMware ESXi Logs
+  appid: Splunk_TA_esxilogs
+  version: 4.2.2
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-vmware-esxi-logs_422.tgz
+- uid: 5640
+  title: Splunk Add-on for VMware Indexes
+  appid: SPLUNK_ADD_ON_FOR_VMWARE_INDEXES
+  version: 4.0.3
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-vmware-indexes_403.tgz
+- uid: 1467
+  title: Cisco Networks Add-on
+  appid: TA-cisco_ios
+  version: 2.7.9
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/add-on-for-cisco-network-data_279.tgz
+- uid: 8024
+  title: TA-ollama
+  appid: ta-ollama
+  version: 0.1.5
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/ta-ollama_015.tgz
+- uid: 8377
+  title: MCP TA
+  appid: mcp-ta
+  version: 0.1.2
+  description: description of app
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/mcp-ta_012.tgz
+- uid: 8574
+  title: TA-osquery
+  appid: ta-osquery
+  version: 1.0.4
+  description: description of app
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/ta-osquery_104.tgz
+githash: d6fac80e6d50ae06b40f91519a98489d4ce3a3fd
+test_data_caches:
+- base_url: https://media.githubusercontent.com/media/splunk/attack_data/master/
+  base_directory_name: external_repos/attack_data
