[SSE]
channel=Splunk_Security_Essentials
order=1
name=Splunk Security Essentials
type=app
app_context=Splunk_Security_Essentials

[ES]
channel=Splunk_App_for_Enterprise_Security
order=2
name=Splunk App for Enterprise Security
app_context=Splunk_Security_Essentials
type=app


[Custom]
channel=custom
order=4
name=Custom Content
description=Custom content created locally inside of SSE
type=app
app_context=Splunk_Security_Essentials

[Splunk_Research_Baselines]
channel=Splunk_Research_Baselines
order=5
name=Splunk Security Content - Baselines
description=This is the Baselines provided by the Splunk Security Content team.  The API endpoint is https://content.splunkresearch.com/baselines?community=false
type=splunkresearch
app_context=Splunk_Security_Essentials
build_url=https://content.splunkresearch.com/version?client=sse
build_field=version.name
content_download_url=https://splk.it/sse_strt_baselines

[Splunk_Research_Deployments]
channel=Splunk_Research_Deployments
order=6
name=Splunk Security Content - Deployments
description=This is the Deployments provided by the Splunk Security Content team.  The API endpoint is https://content.splunkresearch.com/deployments?community=false
type=splunkresearch
app_context=Splunk_Security_Essentials
build_url=https://content.splunkresearch.com/version?client=sse
build_field=version.name
content_download_url=https://splk.it/sse_strt_deployments

[Splunk_Research_Detections]
channel=Splunk_Research_Detections
order=7
name=Splunk Security Content - Detections
description=This is the Detections provided by the Splunk Security Content team.  The API endpoint is https://content.splunkresearch.com/detections?community=false
type=splunkresearch
app_context=Splunk_Security_Essentials
build_url=https://content.splunkresearch.com/version?client=sse
build_field=version.name
content_download_url=https://splk.it/sse_strt_detections
[Splunk_Research_Lookups]
channel=Splunk_Research_Lookups
order=8
name=Splunk Security Content - Lookups
description=This is the Lookups provided by the Splunk Security Content team.  The API endpoint is https://content.splunkresearch.com/lookups?community=false
type=splunkresearch
app_context=Splunk_Security_Essentials
build_url=https://content.splunkresearch.com/version?client=sse
build_field=version.name
content_download_url=https://splk.it/sse_strt_lookups

[Splunk_Research_Macros]
channel=Splunk_Research_Macros
order=9
name=Splunk Security Content - Macros
description=This is the Macros provided by the Splunk Security Content team.  The API endpoint is https://content.splunkresearch.com/macros?community=false
type=splunkresearch
app_context=Splunk_Security_Essentials
build_url=https://content.splunkresearch.com/version?client=sse
build_field=version.name
content_download_url=https://splk.it/sse_strt_macros

[Splunk_Research_Stories]
channel=Splunk_Research_Stories
order=12
name=Splunk Security Content - Stories
description=This is the Analytic Stories provided by the Splunk Security Content team. The API endpoint is https://content.splunkresearch.com/stories?community=false
type=splunkresearch
app_context=Splunk_Security_Essentials
build_url=https://content.splunkresearch.com/version?client=sse
build_field=version.name
content_download_url=https://splk.it/sse_strt_stories

[Splunk_Research_Version]
channel=Splunk_Research_Version
order=13
name=Splunk Security Content
description=This is the current Version of the API provided by the Splunk Security Content team.  The API endpoint is https://content.splunkresearch.com/version?community=false
type=splunkresearch
app_context=Splunk_Security_Essentials
build_url=https://content.splunkresearch.com/version?client=sse
build_field=version.name
content_download_url=https://splk.it/sse_strt_version

# [Sigma]
# channel=Sigma
# order=-1
# name=Sigma (Open Source Detections)
# description=Blah blah description
# type=content
# disabled=true
# default=disabled
# app_context=Splunk_Security_Essentials
# build_url=https://api.amazonaws.com/myAPI
# build_field=buildnum
# content_download_url=https://api.amazonaws.com/myAPI2

[mitreattack]
channel=mitreattack
order=14
name=MITRE ATT&CK
description=This is how we make sure that we have the latest version of MITRE ATT&CK. The UI grabs it from essentials_updates.conf:[mitreattack]:content_download_url and stashes it in lookup=sse_json_doc_storage_lookup, keeping a version number in lookup=external_content_lookup
type=mitre
app_context=Splunk_Security_Essentials
build_url=https://api.github.com/repos/mitre/cti/releases/latest
build_field=tag_name
content_download_url=https://splk.it/mitreattack

#[mitrepreattack]
#channel=mitrepreattack
#order=-1
#name=MITRE Pre-ATT&CK
#description=This is how we make sure that we have the latest version of MITRE Pre-ATT&CK. The UI grabs it from essentials_updates.conf:[mitreattack]:content_download_url and stashes it in lookup=sse_json_doc_storage_lookup, keeping a version number in lookup=external_content_lookup
#type=mitre
#app_context=Splunk_Security_Essentials
#content_download_url=https://go.splunksecurityessentials.com/mitrepreattack