splunk · tccontre · Sep 24, 2024 · Sep 24, 2024 · Sep 25, 2024 · Sep 25, 2024
@@ -1,11 +1,11 @@
 name: Linux Auditd Add User
 id: 30f79353-e1d2-4585-8735-1e0359559f3f
 version: 1
-date: '2024-08-08'
+date: '2024-08-24'
 author: Teoderick Contreras, Splunk
 description: Data source object for Linux Auditd Add User Type
-source: /var/log/audit/audit.log
-sourcetype: linux:audit
+source: auditd
+sourcetype: auditd
 configuration: https://github.com/Neo23x0/auditd/blob/master/audit.rules
 supported_TA:
 - name: Splunk Add-on for Unix and Linux

@@ -1,11 +1,11 @@
 name: Linux Auditd Execve
 id: 9ef6364d-cc67-480e-8448-3306829a6a24
 version: 1
-date: '2024-08-08'
+date: '2024-09-24'
 author: Teoderick Contreras, Splunk
 description: Data source object for Linux Auditd Execve Type
-source: /var/log/audit/audit.log
-sourcetype: linux:audit
+source: auditd
+sourcetype: auditd
 configuration: https://github.com/Neo23x0/auditd/blob/master/audit.rules
 supported_TA:
 - name: Splunk Add-on for Unix and Linux

@@ -1,11 +1,11 @@
 name: Linux Auditd Path
 id: 3d86125c-0496-4a5a-aae3-0d355a4f3d7d
 version: 1
-date: '2024-08-08'
+date: '2024-09-24'
 author: Teoderick Contreras, Splunk
 description: Data source object for Linux Auditd Path Type
-source: /var/log/audit/audit.log
-sourcetype: linux:audit
+source: auditd
+sourcetype: auditd
 configuration: https://github.com/Neo23x0/auditd/blob/master/audit.rules
 supported_TA:
 - name: Splunk Add-on for Unix and Linux

@@ -1,11 +1,11 @@
 name: Linux Auditd Proctitle
 id: 5a25984a-2789-400a-858b-d75c923e06b1
 version: 1
-date: '2024-08-08'
+date: '2024-09-24'
 author: Teoderick Contreras, Splunk
 description: Data source object for Linux Auditd Proctitle Type
-source: /var/log/audit/audit.log
-sourcetype: linux:audit
+source: auditd
+sourcetype: auditd
 configuration: https://github.com/Neo23x0/auditd/blob/master/audit.rules
 supported_TA:
 - name: Splunk Add-on for Unix and Linux

@@ -1,11 +1,11 @@
 name: Linux Auditd Service Stop
 id: 0643483c-bc62-455c-8d6e-1630e5f0e00d
 version: 1
-date: '2024-08-08'
+date: '2024-09-24'
 author: Teoderick Contreras, Splunk
 description: Data source object for Linux Auditd Service Stop Type
-source: /var/log/audit/audit.log
-sourcetype: linux:audit
+source: auditd
+sourcetype: auditd
 configuration: https://github.com/Neo23x0/auditd/blob/master/audit.rules
 supported_TA:
 - name: Splunk Add-on for Unix and Linux

@@ -1,11 +1,11 @@
 name: Linux Auditd Syscall
 id: 4dff7047-0d43-4096-bb3f-b756c889bbad
 version: 1
-date: '2024-08-08'
+date: '2024-09-24'
 author: Teoderick Contreras, Splunk
 description: Data source object for Linux Auditd Syscall Type
-source: /var/log/audit/audit.log
-sourcetype: linux:audit
+source: auditd
+sourcetype: auditd
 configuration: https://github.com/Neo23x0/auditd/blob/master/audit.rules
 supported_TA:
 - name: Splunk Add-on for Unix and Linux

@@ -1,4 +1,4 @@
-definition: sourcetype="linux:audit"
+definition: sourcetype="auditd"
 description: customer specific splunk configurations(eg- index, source, sourcetype).
   Replace the macro definition with configurations for your Splunk Environment.
 name: linux_auditd