Updating build.ps1 and ThreatHunting app

2020-07-23 22:46:30 -07:00
parent cc6ca57a97
commit a163eb55d1
4 changed files with 129 additions and 112 deletions
--- a/Vagrant/bootstrap.sh
+++ b/Vagrant/bootstrap.sh
@@ -163,7 +163,11 @@ install_splunk() {
    /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/punchcard-custom-visualization_130.tgz -auth 'admin:changeme'
    /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/sankey-diagram-custom-visualization_130.tgz -auth 'admin:changeme'
    /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/link-analysis-app-for-splunk_161.tgz -auth 'admin:changeme'
-    /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/threathunting_141.tgz -auth 'admin:changeme'
+    /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/threathunting_143.tgz -auth 'admin:changeme'
+
+    ## Fix a bug with the ThreatHunting App (https://github.com/olafhartong/ThreatHunting/issues/53)
+    mv /opt/splunk/etc/apps/ThreatHunting/lookups/sysmonevencodes.csv /opt/splunk/etc/apps/ThreatHunting/lookups/sysmoneventcode.csv
+    sed -i 's/= sysmoneventcode/= sysmoneventcode.csv/g' /opt/splunk/etc/apps/ThreatHunting/default/props.conf

    # Install the Maxmind license key for the ASNgen App
    if [ -n "$MAXMIND_LICENSE" ]; then
--- a/Vagrant/resources/splunk_server/threathunting_141.tgz
+++ b/Vagrant/resources/splunk_server/threathunting_141.tgz
--- a/Vagrant/resources/splunk_server/threathunting_143.tgz
+++ b/Vagrant/resources/splunk_server/threathunting_143.tgz