From 5678c18b132c00398509beb13fc4876b1bcbd7df Mon Sep 17 00:00:00 2001
From: Bhavin Patel <bpatel@splunk.com>
Date: Thu, 19 Feb 2026 01:42:51 +0530
Subject: [PATCH 1/2] aitk

---
 contentctl.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/contentctl.yml b/contentctl.yml
index 9ec2c73807..bdf9a4401f 100644
--- a/contentctl.yml
+++ b/contentctl.yml
@@ -171,11 +171,11 @@ apps:
   description: description of app
   hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-microsoft-office-365_510.tgz
 - uid: 2890
-  title: Splunk Machine Learning Toolkit
+  title: Splunk AI Toolkit
   appid: SPLUNK_MACHINE_LEARNING_TOOLKIT
   version: 5.5.0
   description: description of app
-  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-machine-learning-toolkit_550.tgz
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-ai-toolkit_570.tgz
 - uid: 5518
   title: Splunk add on for Microsoft Defender Advanced Hunting
   appid: SPLUNK_ADD_ON_FOR_MICROSOFT_DEFENDER_ADVANCED_HUNTING
@@ -209,9 +209,9 @@ apps:
 - uid: 2882
   title: Python for Scientific Computing (for Linux 64-bit)
   appid: Splunk_SA_Scientific_Python_linux_x86_64
-  version: 4.2.2
+  version: 4.3.0
   description: PSC for MLTK
-  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/python-for-scientific-computing-for-linux-64-bit_422.tgz
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/python-for-scientific-computing-for-linux-64-bit_430.tgz
 - uid: 6254
   title: Splunk Add-on for Github
   appid: Splunk_TA_github

From e2dacad19861745d480b6ac2ff32a21f3f79ef26 Mon Sep 17 00:00:00 2001
From: Bhavin Patel <bpatel@splunk.com>
Date: Thu, 19 Feb 2026 01:46:13 +0530
Subject: [PATCH 2/2] test detection

---
 .../endpoint/potentially_malicious_code_on_commandline.yml       | 1 +
 1 file changed, 1 insertion(+)

diff --git a/detections/endpoint/potentially_malicious_code_on_commandline.yml b/detections/endpoint/potentially_malicious_code_on_commandline.yml
index a3e8f8d010..dbcf97f7ff 100644
--- a/detections/endpoint/potentially_malicious_code_on_commandline.yml
+++ b/detections/endpoint/potentially_malicious_code_on_commandline.yml
@@ -92,3 +92,4 @@ tests:
   - data: https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1059.001/malicious_cmd_line_samples/windows-sysmon.log
     source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
     sourcetype: XmlWinEventLog
+