Skip to content

new o11y secure application detection#4108

Merged
patel-bhavin merged 19 commits into
developfrom
secureapp
Jun 15, 2026
Merged

new o11y secure application detection#4108
patel-bhavin merged 19 commits into
developfrom
secureapp

Conversation

@bpluta-splunk

@bpluta-splunk bpluta-splunk commented May 27, 2026

Copy link
Copy Markdown
Collaborator

Details

We are keeping the legacy AppD Secure Application detection until we can get a TA to provide the sourcetype for both AppD and o11y.

Checklist

  • [x ] Validate name matches <platform>_<mitre att&ck technique>_<short description> nomenclature
  • [ x] CI/CD jobs passed ✔️
  • [ x] Validated SPL logic.
  • [ x] Validated tags, description, and how to implement.
  • [ x] Verified references match analytic.
  • [ x] Confirm updates to lookups are handled properly.

@bpluta-splunk

bpluta-splunk commented May 27, 2026

Copy link
Copy Markdown
Collaborator Author

Screenshots of search being ran against test data

Screenshot 2026-05-27 at 11 47 27 AM Screenshot 2026-05-27 at 11 47 39 AM

patel-bhavin
patel-bhavin reviewed Jun 3, 2026
View reviewed changes
Comment thread detections/application/splunk_secure_application_alerts_for_runtime_security.yml Outdated
@patel-bhavin

patel-bhavin commented Jun 3, 2026

Copy link
Copy Markdown
Contributor
image

testing from the show instance.

patel-bhavin
patel-bhavin previously approved these changes Jun 11, 2026
View reviewed changes
@patel-bhavin patel-bhavin added this to the v6.1.0 milestone Jun 11, 2026
nasbench
nasbench reviewed Jun 12, 2026
View reviewed changes
Comment thread macros/secureapp_field_mappings.yml Outdated
Comment thread macros/secureapp_attack.yml Outdated
Comment thread detections/application/splunk_secure_application_alerts_for_runtime_security.yml Outdated
Comment thread detections/application/splunk_secure_application_alerts_for_runtime_security.yml
Comment thread detections/application/splunk_secure_application_alerts_for_runtime_security.yml
Comment thread detections/application/splunk_secure_application_alerts_for_runtime_security.yml
@patel-bhavin @nasbench
Update macros/secureapp_attack.yml
c8d077d 
Co-authored-by: Nasreddine Bencherchali <nbencher@cisco.com>
patel-bhavin
patel-bhavin previously approved these changes Jun 15, 2026
View reviewed changes
nasbench
nasbench previously approved these changes Jun 15, 2026
View reviewed changes
@patel-bhavin patel-bhavin dismissed stale reviews from nasbench and themself via b1a8395 June 15, 2026 13:56
patel-bhavin
patel-bhavin previously approved these changes Jun 15, 2026
View reviewed changes
@patel-bhavin patel-bhavin merged commit 7870ff5 into develop Jun 15, 2026
6 checks passed
@patel-bhavin patel-bhavin deleted the secureapp branch June 15, 2026 14:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nasbench nasbench nasbench approved these changes
@patel-bhavin patel-bhavin patel-bhavin left review comments
@ljstella ljstella Awaiting requested review from ljstella ljstella is a code owner

Assignees

No one assigned

Labels

Detections Macros

Projects

None yet

Milestone

v6.1.0

Development

Successfully merging this pull request may close these issues.

3 participants

@bpluta-splunk @patel-bhavin @nasbench