Locked versions for releases: 7.16,8.0,8.1,8.2,8.3,8.4 (#2236)

Co-authored-by: terrancedejesus <terrancedejesus@users.noreply.github.com> Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> (cherry picked from commit cb2ca45)
elastic · Aug 10, 2022 · a7411d0 · a7411d0
1 parent 46e1a50
commit a7411d0
Show file tree

Hide file tree

Showing 2 changed files with 1,494 additions and 1,324 deletions.
diff --git a/detection_rules/etc/deprecated_rules.json b/detection_rules/etc/deprecated_rules.json
@@ -29,6 +29,11 @@
     "rule_name": "User Discovery via Whoami",
     "stack_version": "7.14.0"
   },
+  "125417b8-d3df-479f-8418-12d7e034fee3": {
+    "deprecation_date": "2022/07/25",
+    "rule_name": "Attempt to Disable IPTables or Firewall",
+    "stack_version": "7.16"
+  },
   "139c7458-566a-410c-a5cd-f80238d6a5cd": {
     "deprecation_date": "2021/04/15",
     "rule_name": "SQL Traffic to the Internet",
@@ -39,6 +44,16 @@
     "rule_name": "Linux Restricted Shell Breakout via c89/c99 Shell evasion",
     "stack_version": "7.16"
   },
+  "20dc4620-3b68-4269-8124-ca5091e00ea8": {
+    "deprecation_date": "2022/07/25",
+    "rule_name": "Auditd Max Login Sessions",
+    "stack_version": "7.16"
+  },
+  "3605a013-6f0c-4f7d-88a5-326f5be262ec": {
+    "deprecation_date": "2022/08/01",
+    "rule_name": "Potential Privilege Escalation via Local Kerberos Relay over LDAP",
+    "stack_version": "7.16"
+  },
   "3a86e085-094c-412d-97ff-2439731e59cb": {
     "deprecation_date": "2021/03/03",
     "rule_name": "Setgid Bit Set via chmod",
@@ -74,6 +89,11 @@
     "rule_name": "Query Registry via reg.exe",
     "stack_version": "7.14.0"
   },
+  "6ea71ff0-9e95-475b-9506-2580d1ce6154": {
+    "deprecation_date": "2022/08/02",
+    "rule_name": "DNS Activity to the Internet",
+    "stack_version": "7.16"
+  },
   "6f1500bc-62d7-4eb9-8601-7485e87da2f4": {
     "deprecation_date": "2021/04/15",
     "rule_name": "SSH (Secure Shell) to the Internet",
@@ -94,6 +114,11 @@
     "rule_name": "Network Sniffing via Tcpdump",
     "stack_version": "7.14.0"
   },
+  "7b08314d-47a0-4b71-ae4e-16544176924f": {
+    "deprecation_date": "2022/08/02",
+    "rule_name": "File and Directory Discovery",
+    "stack_version": "7.16"
+  },
   "7d2c38d7-ede7-4bdf-b140-445906e6c540": {
     "deprecation_date": "2021/04/15",
     "rule_name": "Tor Activity to the Internet",
@@ -124,6 +149,11 @@
     "rule_name": "Linux Restricted Shell Breakout via  apt/apt-get Changelog Escape",
     "stack_version": "7.16"
   },
+  "90e28af7-1d96-4582-bf11-9a1eff21d0e5": {
+    "deprecation_date": "2022/07/25",
+    "rule_name": "Auditd Login Attempt at Forbidden Time",
+    "stack_version": "7.16"
+  },
   "97da359b-2b61-4a40-b2e4-8fc48cf7a294": {
     "deprecation_date": "2022/05/09",
     "rule_name": "Linux Restricted Shell Breakout via the SSH command",
@@ -169,6 +199,11 @@
     "rule_name": "Nmap Process Activity",
     "stack_version": "7.14.0"
   },
+  "cab4f01c-793f-4a54-a03e-e5d85b96d7af": {
+    "deprecation_date": "2022/07/25",
+    "rule_name": "Auditd Login from Forbidden Location",
+    "stack_version": "7.16"
+  },
   "cc16f774-59f9-462d-8b98-d27ccd4519ec": {
     "deprecation_date": "2021/04/15",
     "rule_name": "Process Discovery via Tasklist",
@@ -184,6 +219,11 @@
     "rule_name": "PPTP (Point to Point Tunneling Protocol) Activity",
     "stack_version": "7.14.0"
   },
+  "d6450d4e-81c6-46a3-bd94-079886318ed5": {
+    "deprecation_date": "2022/07/28",
+    "rule_name": "Strace Process Activity",
+    "stack_version": "7.16"
+  },
   "da986d2c-ffbf-4fd6-af96-a88dbf68f386": {
     "deprecation_date": "2022/05/09",
     "rule_name": "Linux Restricted Shell Breakout via the gcc command",
@@ -194,6 +234,16 @@
     "rule_name": "Threat Intel Filebeat Module (v7.x) Indicator Match",
     "stack_version": "8.0"
   },
+  "df959768-b0c9-4d45-988c-5606a2be8e5a": {
+    "deprecation_date": "2022/07/25",
+    "rule_name": "Unusual Process Execution - Temp",
+    "stack_version": "7.16"
+  },
+  "e0dacebe-4311-4d50-9387-b17e89c2e7fd": {
+    "deprecation_date": "2022/08/02",
+    "rule_name": "Whitespace Padding in Process Command Line",
+    "stack_version": "7.16"
+  },
   "e56993d2-759c-4120-984c-9ec9bb940fd5": {
     "deprecation_date": "2021/04/15",
     "rule_name": "RDP (Remote Desktop Protocol) to the Internet",
@@ -219,6 +269,11 @@
     "rule_name": "Linux Restricted Shell Breakout via flock Shell evasion",
     "stack_version": "7.16"
   },
+  "fb9937ce-7e21-46bf-831d-1ad96eac674d": {
+    "deprecation_date": "2022/07/25",
+    "rule_name": "Auditd Max Failed Login Attempts",
+    "stack_version": "7.16"
+  },
   "fd3fc25e-7c7c-4613-8209-97942ac609f6": {
     "deprecation_date": "2022/05/09",
     "rule_name": "Linux Restricted Shell Breakout via the expect command",