Update dist/escu, dist/ssa, and dist/api folders with the latest cont…

…ent associated with this tag

dist/escu/app.manifest

@@ -5,7 +5,7 @@
     "id": {
       "group": null, 
       "name": "DA-ESS-ContentUpdate", 
-      "version": "3.53.0"
+      "version": "3.54.0"
     }, 
     "author": [
       {

dist/escu/default/app.conf

@@ -4,7 +4,7 @@
 is_configured = false
 state = enabled
 state_change_requires_restart = false
-build = 11110
+build = 11194
 
 [triggers]
 reload.analytic_stories = simple
@@ -20,7 +20,7 @@ reload.es_investigations = simple
 
 [launcher]
 author = Splunk
-version = 3.53.0
+version = 3.54.0
 description = Explore the Analytic Stories included with ES Content Updates.
 
 [ui]

dist/escu/default/collections.conf

@@ -1,6 +1,6 @@
 #############
 # Automatically generated by generator.py in splunk/security_content
-# On Date: 2022-11-15T20:45:39 UTC
+# On Date: 2022-11-29T22:43:40 UTC
 # Author: Splunk Security Research
 # Contact: research@splunk.com
 #############

dist/escu/default/content-version.conf

@@ -1,2 +1,2 @@
 [content-version]
-version = 3.53.0
+version = 3.54.0

dist/escu/default/es_investigations.conf

@@ -1,6 +1,6 @@
 #############
 # Automatically generated by generator.py in splunk/security_content
-# On Date: 2022-11-15T20:45:39 UTC
+# On Date: 2022-11-29T22:43:40 UTC
 # Author: Splunk Security Research
 # Contact: research@splunk.com
 #############

dist/escu/default/macros.conf

@@ -1,6 +1,6 @@
 #############
 # Automatically generated by generator.py in splunk/security_content
-# On Date: 2022-11-15T20:45:39 UTC
+# On Date: 2022-11-29T22:43:40 UTC
 # Author: Splunk Security Research
 # Contact: research@splunk.com
 #############
@@ -2501,6 +2501,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[powershell_load_module_in_meterpreter_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [powershell_loading_dotnet_into_memory_via_reflection_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -3141,6 +3145,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[windows_apache_benchmark_binary_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [windows_app_layer_protocol_qakbot_namedpipe_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -3453,6 +3461,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[windows_mimikatz_binary_execution_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [windows_modify_registry_disable_toast_notifications_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -3493,6 +3505,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[windows_msexchange_management_mailbox_cmdlet_usage_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [windows_mshta_execution_in_registry_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -3521,6 +3537,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[windows_ngrok_reverse_proxy_usage_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [windows_nirsoft_advancedrun_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -4309,6 +4329,10 @@ description = Update this macro to limit the output results to filter out false
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
 
+[ngrok_reverse_proxy_on_network_filter]
+definition = search *
+description = Update this macro to limit the output results to filter out false positives.
+
 [plain_http_post_exfiltrated_data_filter]
 definition = search *
 description = Update this macro to limit the output results to filter out false positives.
@@ -4574,6 +4598,10 @@ description = customer specific splunk configurations(eg- index, source, sourcet
 definition = (Processes.process_name IN ("sh", "ksh", "zsh", "bash", "dash", "rbash", "fish", "csh", "tcsh", "ion", "eshell"))
 description = customer specific splunk configurations(eg- index, source, sourcetype). Replace the macro definition with configurations for your Splunk Environmnent.
 
+[msexchange_management]
+definition = sourcetype=MSExchange:management
+description = customer specific splunk configurations(eg- index, source, sourcetype). Replace the macro definition with configurations for your Splunk Environmnent.
+
 [netbackup]
 definition = sourcetype="netbackup_logs"
 description = customer specific splunk configurations(eg- index, source, sourcetype). Replace the macro definition with configurations for your Splunk Environmnent.