From 1b3ee725f5b67fab9ff0588666a4d155dcf40200 Mon Sep 17 00:00:00 2001 From: Shashank K S Date: Wed, 10 Sep 2025 15:02:45 +0530 Subject: [PATCH] Tune Rules that have unsupported versions in min_stack_version --- ...calation_iam_customer_managed_policy_attached_to_role.toml | 4 +--- .../privilege_escalation_iam_update_assume_role_policy.toml | 4 +--- .../credential_access_entra_id_brute_force_activity.toml | 4 +--- 3 files changed, 3 insertions(+), 9 deletions(-) diff --git a/rules/integrations/aws/privilege_escalation_iam_customer_managed_policy_attached_to_role.toml b/rules/integrations/aws/privilege_escalation_iam_customer_managed_policy_attached_to_role.toml index 9d0b1bccdd1..090883ce90e 100644 --- a/rules/integrations/aws/privilege_escalation_iam_customer_managed_policy_attached_to_role.toml +++ b/rules/integrations/aws/privilege_escalation_iam_customer_managed_policy_attached_to_role.toml @@ -2,9 +2,7 @@ creation_date = "2024/11/04" integration = ["aws"] maturity = "production" -min_stack_comments = "New fields added: actor.entity.id and target.entity.id" -min_stack_version = "8.16.5" -updated_date = "2025/09/08" +updated_date = "2025/10/10" [rule] author = ["Elastic"] diff --git a/rules/integrations/aws/privilege_escalation_iam_update_assume_role_policy.toml b/rules/integrations/aws/privilege_escalation_iam_update_assume_role_policy.toml index 7ee7cc9efa0..5897f2cf985 100644 --- a/rules/integrations/aws/privilege_escalation_iam_update_assume_role_policy.toml +++ b/rules/integrations/aws/privilege_escalation_iam_update_assume_role_policy.toml @@ -2,9 +2,7 @@ creation_date = "2020/07/06" integration = ["aws"] maturity = "production" -min_stack_comments = "New fields added: actor.entity.id and target.entity.id" -min_stack_version = "8.16.5" -updated_date = "2025/07/10" +updated_date = "2025/10/10" [rule] author = ["Elastic"] diff --git a/rules/integrations/azure/credential_access_entra_id_brute_force_activity.toml b/rules/integrations/azure/credential_access_entra_id_brute_force_activity.toml index 5f664ef65ed..f0923edd399 100644 --- a/rules/integrations/azure/credential_access_entra_id_brute_force_activity.toml +++ b/rules/integrations/azure/credential_access_entra_id_brute_force_activity.toml @@ -2,9 +2,7 @@ creation_date = "2024/09/06" integration = ["azure"] maturity = "production" -min_stack_comments = "Elastic ESQL values aggregation is more performant in 8.16.5 and above." -min_stack_version = "8.17.0" -updated_date = "2025/07/16" +updated_date = "2025/10/10" [rule] author = ["Elastic"]