Skip to content

Updated OOB Response Plan for 8.5 Release of Splunk Enterprise SecurityAdd files via upload#3975

Merged
patel-bhavin merged 2 commits intodevelopfrom
kbouchardherjavecgroup-patch-1
Mar 28, 2026
Merged

Updated OOB Response Plan for 8.5 Release of Splunk Enterprise SecurityAdd files via upload#3975
patel-bhavin merged 2 commits intodevelopfrom
kbouchardherjavecgroup-patch-1

Conversation

@kbouchardherjavecgroup
Copy link
Copy Markdown
Collaborator

@kbouchardherjavecgroup kbouchardherjavecgroup commented Mar 26, 2026

Updated OOB Response Plan for 8.5 Release of Splunk Enterprise Security

Details

What does this PR have in it? Screenshots are worth 1000 words 😄

Checklist

  • Validate name matches <platform>_<mitre att&ck technique>_<short description> nomenclature
  • CI/CD jobs passed ✔️
  • Validated SPL logic.
  • Validated tags, description, and how to implement.
  • Verified references match analytic.
  • Confirm updates to lookups are handled properly.

Notes For Submitters and Reviewers

  • If you're submitting a PR from a fork, ensuring the box to allow updates from maintainers is checked will help speed up the process of getting it merged.
  • Checking the output of the build CI job when it fails will likely show an error about what is failing. You may have a very descriptive error of the specific field(s) in the specific file(s) that is causing an issue. In some cases, its also possible there is an issue with the YAML. Many of these can be caught with the pre-commit hooks if you set them up. These errors will be less descriptive as to what exactly is wrong, but will give you a column and row position in a specific file where the YAML processing breaks. If you're having trouble with this, feel free to add a comment to your PR tagging one of the maintainers and we'll be happy to help troubleshoot it.
  • Updates to existing lookup files can be tricky, because of how Splunk handles application updates and the differences between existing lookup files being updated vs new lookups. You can read more here but the short version is that any changes to lookup files need to bump the the date and version in the associated YAML file.

@kbouchardherjavecgroup
Add files via upload
e9e9c26 
Updated OOB Response Plan for 8.5 Release of Splunk Enterprise Security
@patel-bhavin
Copy link
Copy Markdown
Contributor

patel-bhavin commented Mar 27, 2026
edited
Loading

@kbouchardherjavecgroup - Do we remove the v2 objects from response_templates directory?

@henryy-splunk
Copy link
Copy Markdown
Collaborator

henryy-splunk commented Mar 27, 2026

@kbouchardherjavecgroup - Do we remove the v2 objects from response_templates directory?

No, you should be able to leave the v2 in the directory. Removing it removes it from the splunk tab.

henryy-splunk
henryy-splunk approved these changes Mar 27, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@henryy-splunk henryy-splunk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@patel-bhavin patel-bhavin enabled auto-merge (squash) March 28, 2026 10:06
@patel-bhavin patel-bhavin merged commit 35e6ee2 into develop Mar 28, 2026
5 checks passed
@patel-bhavin patel-bhavin deleted the kbouchardherjavecgroup-patch-1 branch March 28, 2026 10:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@henryy-splunk henryy-splunk henryy-splunk approved these changes

@ccl0utier ccl0utier Awaiting requested review from ccl0utier ccl0utier is a code owner

@patel-bhavin patel-bhavin Awaiting requested review from patel-bhavin

Assignees

No one assigned

Labels

Response Templates

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kbouchardherjavecgroup @patel-bhavin @henryy-splunk