Skip to content

Lock versions for releases: 7.16,8.0,8.1,8.2,8.3,8.4 #2236

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Aug 10, 2022
Merged

Lock versions for releases: 7.16,8.0,8.1,8.2,8.3,8.4 #2236

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fa0e178
Locked versions for releases: 7.16,8.0,8.1,8.2,8.3,8.4
terrancedejesus Aug 9, 2022
5703669
Merge branch 'main' into version-lock-2a3b5844
terrancedejesus Aug 10, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 55 additions & 0 deletions detection_rules/etc/deprecated_rules.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,11 @@
"rule_name": "User Discovery via Whoami",
"stack_version": "7.14.0"
},
"125417b8-d3df-479f-8418-12d7e034fee3": {
"deprecation_date": "2022/07/25",
"rule_name": "Attempt to Disable IPTables or Firewall",
"stack_version": "7.16"
},
"139c7458-566a-410c-a5cd-f80238d6a5cd": {
"deprecation_date": "2021/04/15",
"rule_name": "SQL Traffic to the Internet",
Expand All @@ -39,6 +44,16 @@
"rule_name": "Linux Restricted Shell Breakout via c89/c99 Shell evasion",
"stack_version": "7.16"
},
"20dc4620-3b68-4269-8124-ca5091e00ea8": {
"deprecation_date": "2022/07/25",
"rule_name": "Auditd Max Login Sessions",
"stack_version": "7.16"
},
"3605a013-6f0c-4f7d-88a5-326f5be262ec": {
"deprecation_date": "2022/08/01",
"rule_name": "Potential Privilege Escalation via Local Kerberos Relay over LDAP",
"stack_version": "7.16"
},
"3a86e085-094c-412d-97ff-2439731e59cb": {
"deprecation_date": "2021/03/03",
"rule_name": "Setgid Bit Set via chmod",
Expand Down Expand Up @@ -74,6 +89,11 @@
"rule_name": "Query Registry via reg.exe",
"stack_version": "7.14.0"
},
"6ea71ff0-9e95-475b-9506-2580d1ce6154": {
"deprecation_date": "2022/08/02",
"rule_name": "DNS Activity to the Internet",
"stack_version": "7.16"
},
"6f1500bc-62d7-4eb9-8601-7485e87da2f4": {
"deprecation_date": "2021/04/15",
"rule_name": "SSH (Secure Shell) to the Internet",
Expand All @@ -94,6 +114,11 @@
"rule_name": "Network Sniffing via Tcpdump",
"stack_version": "7.14.0"
},
"7b08314d-47a0-4b71-ae4e-16544176924f": {
"deprecation_date": "2022/08/02",
"rule_name": "File and Directory Discovery",
"stack_version": "7.16"
},
"7d2c38d7-ede7-4bdf-b140-445906e6c540": {
"deprecation_date": "2021/04/15",
"rule_name": "Tor Activity to the Internet",
Expand Down Expand Up @@ -124,6 +149,11 @@
"rule_name": "Linux Restricted Shell Breakout via apt/apt-get Changelog Escape",
"stack_version": "7.16"
},
"90e28af7-1d96-4582-bf11-9a1eff21d0e5": {
"deprecation_date": "2022/07/25",
"rule_name": "Auditd Login Attempt at Forbidden Time",
"stack_version": "7.16"
},
"97da359b-2b61-4a40-b2e4-8fc48cf7a294": {
"deprecation_date": "2022/05/09",
"rule_name": "Linux Restricted Shell Breakout via the SSH command",
Expand Down Expand Up @@ -169,6 +199,11 @@
"rule_name": "Nmap Process Activity",
"stack_version": "7.14.0"
},
"cab4f01c-793f-4a54-a03e-e5d85b96d7af": {
"deprecation_date": "2022/07/25",
"rule_name": "Auditd Login from Forbidden Location",
"stack_version": "7.16"
},
"cc16f774-59f9-462d-8b98-d27ccd4519ec": {
"deprecation_date": "2021/04/15",
"rule_name": "Process Discovery via Tasklist",
Expand All @@ -184,6 +219,11 @@
"rule_name": "PPTP (Point to Point Tunneling Protocol) Activity",
"stack_version": "7.14.0"
},
"d6450d4e-81c6-46a3-bd94-079886318ed5": {
"deprecation_date": "2022/07/28",
"rule_name": "Strace Process Activity",
"stack_version": "7.16"
},
"da986d2c-ffbf-4fd6-af96-a88dbf68f386": {
"deprecation_date": "2022/05/09",
"rule_name": "Linux Restricted Shell Breakout via the gcc command",
Expand All @@ -194,6 +234,16 @@
"rule_name": "Threat Intel Filebeat Module (v7.x) Indicator Match",
"stack_version": "8.0"
},
"df959768-b0c9-4d45-988c-5606a2be8e5a": {
"deprecation_date": "2022/07/25",
"rule_name": "Unusual Process Execution - Temp",
"stack_version": "7.16"
},
"e0dacebe-4311-4d50-9387-b17e89c2e7fd": {
"deprecation_date": "2022/08/02",
"rule_name": "Whitespace Padding in Process Command Line",
"stack_version": "7.16"
},
"e56993d2-759c-4120-984c-9ec9bb940fd5": {
"deprecation_date": "2021/04/15",
"rule_name": "RDP (Remote Desktop Protocol) to the Internet",
Expand All @@ -219,6 +269,11 @@
"rule_name": "Linux Restricted Shell Breakout via flock Shell evasion",
"stack_version": "7.16"
},
"fb9937ce-7e21-46bf-831d-1ad96eac674d": {
"deprecation_date": "2022/07/25",
"rule_name": "Auditd Max Failed Login Attempts",
"stack_version": "7.16"
},
"fd3fc25e-7c7c-4613-8209-97942ac609f6": {
"deprecation_date": "2022/05/09",
"rule_name": "Linux Restricted Shell Breakout via the expect command",
Expand Down
Loading