fixed typos

Signed-off-by: Zachary Christensen <zchristensen@splunk.com>
splunk · Dec 1, 2023 · 4620ce4 · 4620ce4
1 parent f6dc6b9
commit 4620ce4
Show file tree

Hide file tree

Showing 30 changed files with 72 additions and 82 deletions.
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -27,7 +27,7 @@ If applicable, add screenshots to help explain your problem.
  - Splunk ES Version: [e.g. 7.0]
  - Splunk Version: [e.g. 9.0]
  - SA-CrowdstrikeDevices Version: [e.g. 1.0.1]
- - [Crowdstrike Devices add-on (TA)](https://splunkbase.splunk.com/app/5570/) Version: [e.g. 3.1]
+ - [CrowdStrike Devices add-on (TA)](https://splunkbase.splunk.com/app/5570/) Version: [e.g. 3.1]
 
 **Additional context**
 Add any other context about the problem here.
diff --git a/README.md b/README.md
@@ -1,16 +1,16 @@
-# CrowdStrike Devices for Splunk Enterprise Security
+#  CrowdStrike Devices for Splunk Enterprise Security
 
 [![License](https://img.shields.io/badge/License-Splunk%20General%20Terms-ce0070)](https://www.splunk.com/en_us/legal/splunk-general-terms.html)
 [![Docs](https://github.com/splunk/SA-CrowdstrikeDevices/actions/workflows/docs.yml/badge.svg)](splunk.github.io/SA-CrowdstrikeDevices/)
 ![Appinspect](https://github.com/splunk/SA-CrowdstrikeDevices/actions/workflows/appinspect.yml/badge.svg)
 ![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/splunk/SA-CrowdstrikeDevices)
 [![Splunkbase App](https://img.shields.io/badge/Splunkbase-SA--CrowdstrikeDevices-blue)](https://splunkbase.splunk.com/app/6573)
 [![Splunk ES Compatibility](https://img.shields.io/badge/Splunk%20ES%20Compatibility-7.x%20|%206.x-success)](https://splunkbase.splunk.com/app/263)
-[![Crowdstrike Add-on Compatibility](https://img.shields.io/badge/Crowdstrike%20Addon%20Compatibility-3.x-success)](https://splunkbase.splunk.com/app/5570)
+[![CrowdStrike Add-on Compatibility](https://img.shields.io/badge/CrowdStrike%20Addon%20Compatibility-3.x-success)](https://splunkbase.splunk.com/app/5570)
 ![Splunk Cloud Compatibility](https://img.shields.io/badge/Splunk%20Cloud%20Ready-Victoria%20|%20Classic-informational?logo=splunk)
 [![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2FZachChristensen28%2FSA-CrowdstrikeDevices.svg?type=small)](https://app.fossa.com/projects/git%2Bgithub.com%2FZachChristensen28%2FSA-CrowdstrikeDevices?ref=badge_small)
 
-This supporting add-on comes with prebuilt content for CrowdStrike device data to be easily used with Splunk Enterprise Security's asset database.
+This supporting add-on comes with prebuilt content for  CrowdStrike device data to be easily used with Splunk Enterprise Security's asset database.
 
 ```markdown
 ** This supporting add-on is only intended to work with Splunk Enterprise Security deployments **
@@ -22,15 +22,15 @@ Full documentation can be found at [https://splunk.github.io/SA-CrowdstrikeDevic
 
 ## Disclaimer
 
-> *This Splunk Supporting Add-on is __not__ affiliated with [__Crowdstrike, Inc.__](https://www.crowdstrike.com) and is not sponsored or sanctioned by the Crowdstrike team. As such, the included documentation does not contain information on how to get started with Crowdstrike. Rather, this documentation serves as a guide to use Crowdstrike device data with Splunk Enterprise Security. Please visit [https://www.crowdstrike.com](https://www.crowdstrike.com) for more information about Crowdstrike.*
+> *This Splunk Supporting Add-on is __not__ affiliated with [__CrowdStrike, Inc.__](https://www.crowdstrike.com) and is not sponsored or sanctioned by the CrowdStrike team. As such, the included documentation does not contain information on how to get started with CrowdStrike. Rather, this documentation serves as a guide to use CrowdStrike device data with Splunk Enterprise Security. Please visit [https://www.crowdstrike.com](https://www.crowdstrike.com) for more information about CrowdStrike.*
 
 ## About
 
 Info | Description
 ------|----------
 SA-CrowdstrikeDevices | 1.1.1 - [Splunkbase](https://splunkbase.splunk.com/app/6573/) 
 Splunk Enterprise Security Version (Required) | [7.x \| 6.x](https://splunkbase.splunk.com/app/263)
-Crowdstrike Devices Add-on (Required) | [3.x](https://splunkbase.splunk.com/app/5570)
+CrowdStrike Devices Add-on (Required) | [3.x](https://splunkbase.splunk.com/app/5570)
 Add-on has a web UI | No, this add-on does not contain views.
 
 ## Issues or Feature Requests

diff --git a/docs/components/all-configurations.md b/docs/components/all-configurations.md
@@ -4,16 +4,16 @@ Below is a table that list all configuration for this add-on.
 
 Name | Type | Web Location | CLI Location\* | Description
 ---- | ---- | ------------ | ------------- | -----------
-Crowdstrike Devices Lookup - Gen | Saved Search | Settings > Searches reports, and alerts | savedsearches.conf | Populates the lookup file `crowdstrike_devices`.
-Crowdstrike Devices Lookup - Cleanup | Saved Search | Settings > Searches reports, and alerts | savedsearches.conf | removes old entries from kvstore lookup: `crowdstrike_devices`.
+CrowdStrike Devices Lookup - Gen | Saved Search | Settings > Searches reports, and alerts | savedsearches.conf | Populates the lookup file `crowdstrike_devices`.
+CrowdStrike Devices Lookup - Cleanup | Saved Search | Settings > Searches reports, and alerts | savedsearches.conf | removes old entries from kvstore lookup: `crowdstrike_devices`.
 crowdstrike_devices | lookup | Settings > Lookups > Lookup definitions | transforms.conf | Lookup definition for the KVStore collection `crowdstrike_devices_collection`.
 crowdstrike_devices_collection | KVStore collection | n/a\*\* | collections.conf | KVStore configuration.
 sa_crowdstrike_index | Search macro | Settings > Advanced Search > Search Macros | macros.conf | Index definition for the crowdstrike index that contains the sourcetype `crowdstrike:device:json`.
 sa_crowdstrike_retention | Search macro | Settings> Advanced Search > Search Macros | macros.conf | The amount of time for the device not being updated before it is removed from the lookup. `default "-2d"`
-identity_manager://crowdstrike_devices | Asset lookup configuration | Enterprise Security > Configure > Data Enrichment > Asset and Identity Management > Asset Lookups | inputs.conf | Asset configuration lookup to load Crowdstrike devices into the asset database.
+identity_manager://crowdstrike_devices | Asset lookup configuration | Enterprise Security > Configure > Data Enrichment > Asset and Identity Management > Asset Lookups | inputs.conf | Asset configuration lookup to load CrowdStrike devices into the asset database.
 
 > \*CLI locations are relative to `../default`. Any update to CLI configuration files should be done in the local directory.
 
 !!!info
-**If you have the [Splunk App for Lookup File Editing<small>:icon-link-external:</small>](https://splunkbase.splunk.com/app/263){ target="blank" }, the KVStore collection `crowdstrike_devices_collection` is viewable within the Web interface.
+**If you have the [Splunk App for Lookup File Editing <small>:icon-link-external:</small>](https://splunkbase.splunk.com/app/263){ target="blank" }, the KVStore collection `crowdstrike_devices_collection` is viewable within the Web interface.
 !!!
diff --git a/docs/components/asset-mapping.md b/docs/components/asset-mapping.md
@@ -2,9 +2,9 @@
 
 The following table describes how this add-on maps to the Asset Database.
 
-> reference [Format an asset or identity in Splunk ES<small>:icon-link-external:</small>](https://docs.splunk.com/Documentation/ES/latest/Admin/Formatassetoridentitylist#Asset_lookup_header){ target="blank" }
+> reference [Format an asset or identity in Splunk Enterprise Security <small>:icon-link-external:</small>](https://docs.splunk.com/Documentation/ES/latest/Admin/Formatassetoridentitylist#Asset_lookup_header){ target="blank" }
 
-ES Asset lookup field | [Crowdstrike Device TA Fields<small>:icon-link-external:</small>](https://splunkbase.splunk.com/app/5570){ target="blank" } | Example value | Multi-value allowed
+Asset lookup field | [CrowdStrike Device TA Fields <small>:icon-link-external:</small>](https://splunkbase.splunk.com/app/5570){ target="blank" } | Example value | Multi-value allowed
 --- | --- | --- | ---
 ip | `falcon_device.local_ip` | 10.15.23.8 | true
 mac | `mac` | 61:se:e3:1s:7r:38 | true

diff --git a/docs/components/category.md b/docs/components/category.md
@@ -2,7 +2,7 @@
 
 ## Default category field mapping
 
-Mapped Field | Crowdstrike Event Field | Example value
+Mapped Field | CrowdStrike Event Field | Example value
 ------------ | ----------------------- | -------------
 bios | `falcon_device.bios_manufacturer` | Dell Inc
 bios_version | `falcon_device.bios_version` | 1.6.5

diff --git a/docs/configure/bunit.md b/docs/configure/bunit.md
@@ -1,6 +1,6 @@
 # Business Unit Field (bunit)
 
-!!!infoTo update the `bunit` field modify the `Crowdstrike Devices Lookup - Gen` saved search. It is recommended to clone the default search before making changes (see [Clone Saved Search](clone-search.md))
+!!!infoTo update the `bunit` field modify the `CrowdStrike Devices Lookup - Gen` saved search. It is recommended to clone the default search before making changes (see [Clone Saved Search](clone-search.md))
 !!!
 
 The bunit field will most likely need to be updated. Every organization will have different values for this field. See [Asset Mappings](/components/asset-mapping.md) for description of the default fields used.
diff --git a/docs/configure/category.md b/docs/configure/category.md
@@ -1,6 +1,6 @@
 # Category Field
 
-!!!info To update the `category` field modify the `Crowdstrike Devices Lookup - Gen` saved search. It is recommended to clone the default search before making changes (see [Clone Saved Search](clone-search.md)).
+!!!info To update the `category` field modify the `CrowdStrike Devices Lookup - Gen` saved search. It is recommended to clone the default search before making changes (see [Clone Saved Search](clone-search.md)).
 !!!
 
 The category field by default includes many important fields. Most will find that the default configuration for this field will work for their needs.

diff --git a/docs/configure/cleanup.md b/docs/configure/cleanup.md
@@ -1,9 +1,9 @@
 # Update Cleanup
 
-The saved search `Crowdstrike Devices Lookup - Cleanup` runs every hour 29 minutes after the hour to remove old/stale device data from the kvstore. By default, it will remove any device that has not reported in longer than 2 days.
+The saved search `CrowdStrike Devices Lookup - Cleanup` runs every hour 29 minutes after the hour to remove old/stale device data from the kvstore. By default, it will remove any device that has not reported in longer than 2 days.
 
 !!!info Note
-Even though a device may be removed, it will be re-added by the saved search `Crowdstrike Devices Lookup - Gen` if it begins to send data again.
+Even though a device may be removed, it will be re-added by the saved search `CrowdStrike Devices Lookup - Gen` if it begins to send data again.
 !!!
 
 ## Update Search Macro
@@ -14,7 +14,7 @@ To change the retention period from the default 2 days, there is a search macro
 1. Set the "App" to `SA-CrowdstrikeDeviecs`.
 1. Set the "Owner" to `Any`.
 1. Click on `sa_crowdstrike_retention` to modify the definition.
-1. Set the definition to a valid [time modifier<small>:icon-link-external:</small>](https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/SearchTimeModifiers#How_to_specify_relative_time_modifiers){ target="blank" }.
+1. Set the definition to a valid [time modifier <small>:icon-link-external:</small>](https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/SearchTimeModifiers#How_to_specify_relative_time_modifiers){ target="blank" }.
 
 !!!success Note
 __Make sure to keep the quotes around the definition.__
@@ -30,5 +30,5 @@ To update the default schedule perform the following steps:
 1. Navigate to Settings > Searches, reports, and alerts.
 1. Set the "App" dropdown to `SA-CrowdstrikeDevices`.
 1. Set the "Owner" dropdown to `All`.
-1. Click "Edit" under actions for the search `Crowdstrike Devices Lookup - Cleanup`
+1. Click "Edit" under actions for the search `CrowdStrike Devices Lookup - Cleanup`
 1. Click "Edit Schedule" and update the schedule and necessary.
diff --git a/docs/configure/clone-search.md b/docs/configure/clone-search.md
@@ -4,7 +4,7 @@ order: -100
 
 # Clone default saved search
 
-In order to preserve the default behavior and to compare changes to new releases, it is recommended to clone the default search `Crowdstrike Devices Lookup - Gen` before making any changes.
+In order to preserve the default behavior and to compare changes to new releases, it is recommended to clone the default search `CrowdStrike Devices Lookup - Gen` before making any changes.
 
 ## Clone
 
@@ -13,7 +13,7 @@ Perform the following to clone the default search:
 1. Navigate to Settings > Searches, reports, and alerts.
 1. Change "App" filter to `SA-CrowdstrikeDevices`.
 1. Change "Owner" to `All`.
-1. For the search named "Crowdstrike Devices Lookup - Gen" click "Edit" under Actions.
+1. For the search named "CrowdStrike Devices Lookup - Gen" click "Edit" under Actions.
 1. From the dropdown menu click "Clone."
 1. <small>(optional)</small> Update the Title.
 1. Set "Permissions" to `clone`.
@@ -23,5 +23,5 @@ Perform the following to clone the default search:
 
 Disable the original search:
 
-1. For the search named "Crowdstrike Devices Lookup - Gen" click "Edit" under Actions.
+1. For the search named "CrowdStrike Devices Lookup - Gen" click "Edit" under Actions.
 1. From the dropdown menu click "Disable" to disable the default search.
diff --git a/docs/configure/priority.md b/docs/configure/priority.md
@@ -1,6 +1,6 @@
 # Priority Field
 
-!!!primary To update the `priority` field modify the `Crowdstrike Devices Lookup - Gen` saved search. It is recommended to clone the default search before making changes (see [Clone Saved Search](clone-search.md)).
+!!!primary To update the `priority` field modify the `CrowdStrike Devices Lookup - Gen` saved search. It is recommended to clone the default search before making changes (see [Clone Saved Search](clone-search.md)).
 !!!
 
 The priority field is very generic by default and should be updated to suite your environment. The following table describes how this field is set.

diff --git a/docs/favicon.ico b/docs/favicon.ico
diff --git a/docs/index.md b/docs/index.md
@@ -3,35 +3,33 @@ icon: home
 label: Home
 ---
 
-![](/static/sa-crowdstrike-hero.webp)
-
 # Welcome to the Docs!
 
-The SA-CrowdstrikeDevices add-on allows Splunk Enterprise Security admins to use [CrowdStrike<small>:icon-link-external:</small>][crowdstrike]{ target="blank" } device data with the Asset Database. This documentation will cover the components used in the add-on and advanced configurations. 
+The SA-CrowdstrikeDevices add-on allows Splunk Enterprise Security admins to use [CrowdStrike <small>:icon-link-external:</small>][crowdstrike]{ target="blank" } device data with the Asset Database. This documentation will cover the components used in the add-on and advanced configurations. 
 
 !!!danger Important
-This Supporting add-on is only intended to work with [Splunk Enterprise Security<small>:icon-link-external:</small>](https://splunkbase.splunk.com/app/263){ target="blank" } deployments.
+This Supporting add-on is only intended to work with [Splunk Enterprise Security <small>:icon-link-external:</small>](https://splunkbase.splunk.com/app/263){ target="blank" } deployments.
 !!!
 
 > __*Disclaimer*__
 > 
-> *This Splunk Supporting Add-on is __not__ affiliated with [__Crowdstrike, Inc.__<small>:icon-link-external:</small>][crowdstrike]{ target="blank" } and is not sponsored or sanctioned by the Crowdstrike team. As such, the included documentation does not contain information on how to get started with Crowdstrike. Rather, this documentation serves as a guide to use Crowdstrike device data with Splunk Enterprise Security. Please visit [https://www.crowdstrike.com<small>:icon-link-external:</small>][crowdstrike]{ target="blank" } for more information about Crowdstrike.*
+> *This Splunk Supporting Add-on is __not__ affiliated with [__CrowdStrike, Inc.__ <small>:icon-link-external:</small>][crowdstrike]{ target="blank" } and is not sponsored or sanctioned by the CrowdStrike team. As such, the included documentation does not contain information on how to get started with CrowdStrike. Rather, this documentation serves as a guide to use CrowdStrike device data with Splunk Enterprise Security. Please visit [https://www.crowdstrike.com <small>:icon-link-external:</small>][crowdstrike]{ target="blank" } for more information about CrowdStrike.*
 
 ## Assumptions
 
 This documentation assumes the following:
 
-1. You have a working Splunk Enterprise Security environment. __This add-on is not intended to work without Splunk ES.__
-2. You already have Crowdstrike device data ingested using the [Crowdstrike Devices technical add-on<small>:icon-link-external:</small>](https://splunkbase.splunk.com/app/5570){ target="blank" }.
-3. Familiarity with setting up a new Asset source in Enterprise Security.
+1. You have a working Splunk Enterprise Security environment. __This add-on is not intended to work without Splunk Enterprise Security.__
+2. You already have CrowdStrike device data ingested using the [CrowdStrike Devices technical add-on <small>:icon-link-external:</small>](https://splunkbase.splunk.com/app/5570){ target="blank" }.
+3. Familiarity with setting up a new Asset source in Splunk Enterprise Security.
 
 ## About
 
 Info | Description
 ------|----------
-SA-CrowdstrikeDevices | 1.1.1 - [Splunkbase<small>:icon-link-external:</small>](https://splunkbase.splunk.com/app/6573){ target="blank" } 
-Splunk Enterprise Security Version <small>(Required)</small> | [7.x \| 6.x<small>:icon-link-external:</small>](https://splunkbase.splunk.com/app/263){ target="blank" }
-Crowdstrike Devices Add-on <small>(Required)</small> | [3.x<small>:icon-link-external:</small>](https://splunkbase.splunk.com/app/5570){ target="blank" }
+SA-CrowdstrikeDevices | 1.1.1 - [Splunkbase <small>:icon-link-external:</small>](https://splunkbase.splunk.com/app/6573){ target="blank" } 
+Splunk Enterprise Security Version <small>(Required)</small> | [7.x \| 6.x <small>:icon-link-external:</small>](https://splunkbase.splunk.com/app/263){ target="blank" }
+CrowdStrike Devices Add-on <small>(Required)</small> | [3.x <small>:icon-link-external:</small>](https://splunkbase.splunk.com/app/5570){ target="blank" }
 Add-on has a web UI | No, this add-on does not contain views.
 
 [crowdstrike]: https://www.crowdstrike.com
diff --git a/docs/releases/compatibility.md b/docs/releases/compatibility.md
@@ -6,6 +6,6 @@ icon: check-circle
 
 Product | Version
 --------- | -------
-Splunk platform versions | 9.x, 8.x
-Splunk Enterprise Security version | [7.x, 6.x<small>:icon-link-external:</small>](https://splunkbase.splunk.com/app/263){ taget="blank" }
-Crowdstrike Device Add-on Version | [3.x<small>:icon-link-external:</small>](https://splunkbase.splunk.com/app/5570){ taget="blank" }
+Splunk Platform versions | 9.x, 8.x
+Splunk Enterprise Security version | [7.x, 6.x <small>:icon-link-external:</small>](https://splunkbase.splunk.com/app/263){ taget="blank" }
+CrowdStrike Device add-on version | [3.x <small>:icon-link-external:</small>](https://splunkbase.splunk.com/app/5570){ taget="blank" }
diff --git a/docs/releases/index.md b/docs/releases/index.md
@@ -6,7 +6,7 @@ label: Releases
 
 # Release Notes
 
-Latest release can be found on [Splunkbase<small>:icon-link-external:</small>](https://splunkbase.splunk.com/app/6573){ target="blank" }.
+Latest release can be found on [Splunkbase <small>:icon-link-external:</small>](https://splunkbase.splunk.com/app/6573){ target="blank" }.
 
 ## v1.1.1 [!badge text="LATEST" variant="info"]
 
@@ -27,7 +27,7 @@ Released: April 19, 2023
 Released: December 19, 2022
 
 +++ New :icon-shield-check:
-- [x] Added macro and retention definition to ES General Settings
+- [x] Added macro and retention definition to the General Settings in Splunk Enterprise Security
 +++
 
 ---
@@ -37,9 +37,9 @@ Released: December 19, 2022
 Released: November 22, 2022
 
 +++ New :icon-shield-check:
-- [x] Added ES managed configuration
+- [x] Added managed configuration to Splunk Enterprise Security
 +++ Fixed :icon-bug:
-- [x] Fixed incorrect mac field (Thanks [@PaddlingCode<small>:icon-link-external:</small>](https://github.com/PaddlingCode){ target="blank" })
+- [x] Fixed incorrect mac field (Thanks [@PaddlingCode <small>:icon-link-external:</small>](https://github.com/PaddlingCode){ target="blank" })
 +++
 
 ---

diff --git a/docs/retype.yml b/docs/retype.yml
@@ -4,7 +4,6 @@ url: splunk.github.io/SA-CrowdstrikeDevices/
 branding:
   title: SA-CrowdstrikeDevices
   label: v1.1.1
-  logo: static/sa-crowdstrike-logo-small.svg
   colors:
     label:
       text: "#fff"
@@ -14,11 +13,5 @@ links:
   link: https://splunkbase.splunk.com/app/6573
   target: blank
   icon: apps
-footer:
-  copyright: "&copy; Copyright {{ year }}. All rights reserved.\nMade with :icon-heart-fill: by [ZachTheSplunker](https://www.linkedin.com/in/zachthesplunker/){ target=blank }"
-  links: 
-    - text: Connect with ZachTheSplunker on LinkedIn
-      link: https://www.linkedin.com/in/zachthesplunker/
-      target: blank
 markdown:
   lineBreaks: hard