Merge branch 'main' into suspicious-mount-created

Author: shashank-elastic

detection_rules/devtools.py

@@ -416,7 +416,7 @@ def kibana_diff(rule_id, repo, branch, threads):
     else:
         rules = rules.filter(production_filter).id_map
 
-    repo_hashes = {r.id: r.contents.sha256(include_version=True) for r in rules.values()}
+    repo_hashes = {r.id: r.contents.get_hash(include_version=True) for r in rules.values()}
 
     kibana_rules = {r['rule_id']: r for r in get_kibana_rules(repo=repo, branch=branch, threads=threads).values()}
     kibana_hashes = {r['rule_id']: dict_hash(r) for r in kibana_rules.values()}

detection_rules/eswrap.py

@@ -421,9 +421,3 @@ def index_repo(ctx: click.Context, query, from_file, save_files):
         bulk_upload_docs, importable_rules_docs = ctx.invoke(generate_rules_index, query=query, save_files=save_files)
 
     es_client.bulk(bulk_upload_docs)
-
-
-@es_group.group('experimental')
-def es_experimental():
-    """[Experimental] helper commands for integrating with Elasticsearch."""
-    click.secho('\n* experimental commands are use at your own risk and may change without warning *\n')

detection_rules/etc/attack-technique-redirects.json

@@ -130,7 +130,8 @@
     "T1522": "T1552.005",
     "T1527": "T1550.001",
     "T1536": "T1578.004",
-    "T1547.011": "T1647"
+    "T1547.011": "T1647",
+    "T1574.002": "T1574.001"
   },
-  "saved_date": "Mon Dec  9 14:04:15 2024"
+  "saved_date": "Mon May  5 18:11:43 2025"
 }