Merge pull request #3437 from splunk/fix_bad_attack_data_paths

fix weird attack data links

Author: patel-bhavin

detections/application/cisco_ai_defense_security_alerts_by_application_name.yml

@@ -1,7 +1,7 @@
 name: Cisco AI Defense Security Alerts by Application Name
 id: 105e4a69-ec55-49fc-be1f-902467435ea8
-version: 2
-date: '2025-03-21'
+version: 3
+date: '2025-05-02'
 author: Bhavin Patel, Splunk
 status: production
 type: Anomaly

detections/application/cisco_secure_application_alerts.yml

@@ -1,7 +1,7 @@
 name: Cisco Secure Application Alerts
 id: 9982bff4-fc5d-49a3-ab9e-2dbbab2a711b
-version: 1
-date: '2025-02-04'
+version: 2
+date: '2025-05-02'
 author: Ryan Long, Bhavin Patel, Splunk
 status: production
 type: Anomaly

detections/application/crushftp_server_side_template_injection.yml

@@ -1,7 +1,7 @@
 name: CrushFTP Server Side Template Injection
 id: ccf6b7a3-bd39-4bc9-a949-143a8d640dbc
-version: 3
-date: '2025-01-21'
+version: 4
+date: '2025-05-02'
 author: Michael Haag, Splunk
 data_source:
 - CrushFTP

detections/application/detect_distributed_password_spray_attempts.yml

@@ -1,7 +1,7 @@
 name: Detect Distributed Password Spray Attempts
 id: b1a82fc8-8a9f-4344-9ec2-bde5c5331b57
-version: 4
-date: '2025-02-10'
+version: 5
+date: '2025-05-02'
 author: Dean Luxton
 status: production
 type: Hunting

detections/application/detect_html_help_spawn_child_process.yml

@@ -1,7 +1,7 @@
 name: Detect HTML Help Spawn Child Process
 id: 723716de-ee55-4cd4-9759-c44e7e55ba4b
-version: 10
-date: '2025-02-10'
+version: 11
+date: '2025-05-02'
 author: Michael Haag, Splunk
 status: production
 type: TTP

detections/application/detect_new_login_attempts_to_routers.yml

@@ -1,7 +1,7 @@
 name: Detect New Login Attempts to Routers
 id: bce3ed7c-9b1f-42a0-abdf-d8b123a34836
-version: 4
-date: '2025-01-21'
+version: 5
+date: '2025-05-02'
 author: Bhavin Patel, Splunk
 status: experimental
 type: TTP

detections/application/detect_password_spray_attempts.yml

@@ -1,7 +1,7 @@
 name: Detect Password Spray Attempts
 id: 086ab581-8877-42b3-9aee-4a7ecb0923af
-version: 7
-date: '2025-02-10'
+version: 8
+date: '2025-05-02'
 author: Dean Luxton
 status: production
 type: TTP

detections/application/email_attachments_with_lots_of_spaces.yml

@@ -1,7 +1,7 @@
 name: Email Attachments With Lots Of Spaces
 id: 56e877a6-1455-4479-ada6-0550dc1e22f8
-version: 5
-date: '2025-01-21'
+version: 6
+date: '2025-05-02'
 author: David Dorsey, Splunk
 status: experimental
 type: Anomaly

detections/application/email_files_written_outside_of_the_outlook_directory.yml

@@ -1,7 +1,7 @@
 name: Email files written outside of the Outlook directory
 id: 8d52cf03-ba25-4101-aa78-07994aed4f74
-version: 8
-date: '2025-02-10'
+version: 9
+date: '2025-05-02'
 author: Bhavin Patel, Splunk
 status: experimental
 type: TTP

detections/application/email_servers_sending_high_volume_traffic_to_hosts.yml

@@ -1,7 +1,7 @@
 name: Email servers sending high volume traffic to hosts
 id: 7f5fb3e1-4209-4914-90db-0ec21b556378
-version: 6
-date: '2025-02-10'
+version: 7
+date: '2025-05-02'
 author: Bhavin Patel, Splunk
 status: experimental
 type: Anomaly