Skip to content

Commit ad621f0

Browse files
github-actions[bot]tradebot-elastic
github-actions[bot]
authored and
tradebot-elastic
committed
Lock versions for releases: 8.18,8.19,9.0,9.1 (#4960)
(cherry picked from commit c210a88)
1 parent 3868842 commit ad621f0

File tree

2 files changed

+66
-11
lines changed

2 files changed

+66
-11
lines changed

detection_rules/etc/version.lock.json

Lines changed: 65 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -991,9 +991,9 @@
991991
},
992992
"181f6b23-3799-445e-9589-0018328a9e46": {
993993
"rule_name": "Script Execution via Microsoft HTML Application",
994-
"sha256": "01dda1376728fe6955188499cabdad513ced58430a823ed0efa060d3e3e4fd42",
994+
"sha256": "8e9050616bc785d696c0a88bef0934bebc593c6d8d175e23e21d7e9021e4a63b",
995995
"type": "eql",
996-
"version": 205
996+
"version": 206
997997
},
998998
"183f3cd2-4cc6-44c0-917c-c5d29ecdcf74": {
999999
"rule_name": "Simple HTTP Web Server Connection",
@@ -2454,10 +2454,10 @@
24542454
"version": 4
24552455
},
24562456
"3fac01b2-b811-11ef-b25b-f661ea17fbce": {
2457-
"rule_name": "Azure Entra MFA TOTP Brute Force Attempts",
2458-
"sha256": "096663ac4f2f65728b65859267b7a5df52cae07f45541fc4df53d7d2c0162a1c",
2457+
"rule_name": "Microsoft Entra ID MFA TOTP Brute Force Attempts",
2458+
"sha256": "00ca74cbcb463e4aab75e6f1c2caa5279929ef6c8c0ecc91e21716ab9f885a48",
24592459
"type": "esql",
2460-
"version": 2
2460+
"version": 3
24612461
},
24622462
"3fe4e20c-a600-4a86-9d98-3ecb1ef23550": {
24632463
"rule_name": "DNF Package Manager Plugin File Creation",
@@ -3245,6 +3245,12 @@
32453245
"type": "eql",
32463246
"version": 318
32473247
},
3248+
"5841b80f-a1f8-4c00-a966-d2cc4a7a82e4": {
3249+
"rule_name": "Unusual Web Config File Access",
3250+
"sha256": "b794e93559c621d6e245068b3dbad5a07ac97d1e4cdfd00b3083ca2c15ae8594",
3251+
"type": "new_terms",
3252+
"version": 1
3253+
},
32483254
"58aa72ca-d968-4f34-b9f7-bea51d75eb50": {
32493255
"rule_name": "RDP Enabled via Registry",
32503256
"sha256": "8d8c264f3c828e6bbfef2b4d20ae146ff9be9f011e3755c642210ed001c6c1a8",
@@ -4157,6 +4163,13 @@
41574163
"type": "query",
41584164
"version": 211
41594165
},
4166+
"70558fd5-6448-4c65-804a-8567ce02c3a2": {
4167+
"min_stack_version": "8.18",
4168+
"rule_name": "Google SecOps External Alerts",
4169+
"sha256": "3875d92943fd3bd7e6de3c62cedde504db8217fbfd89d59c6a6e5afa159386d3",
4170+
"type": "query",
4171+
"version": 1
4172+
},
41604173
"708c9d92-22a3-4fe0-b6b9-1f861c55502d": {
41614174
"rule_name": "Suspicious Execution via MSIEXEC",
41624175
"sha256": "65980fe1ae4be0bcb253357e4e833ea08e6cf9acc68b212beaf62c43948c1e50",
@@ -4217,6 +4230,13 @@
42174230
"type": "query",
42184231
"version": 5
42194232
},
4233+
"720fc1aa-e195-4a1d-81d8-04edfe5313ed": {
4234+
"min_stack_version": "8.18",
4235+
"rule_name": "Elastic Security External Alerts",
4236+
"sha256": "422e82deeff98279777d95dbf0ed16eaf90b3bb1c5a3950ad92a7fff136b9406",
4237+
"type": "query",
4238+
"version": 1
4239+
},
42204240
"721999d0-7ab2-44bf-b328-6e63367b9b29": {
42214241
"rule_name": "Microsoft 365 Potential ransomware activity",
42224242
"sha256": "efcdb7e0993e29ec64fe324c23c28c6b84a1994689b6ebab3cc2d46a4740d321",
@@ -4283,6 +4303,13 @@
42834303
"type": "eql",
42844304
"version": 215
42854305
},
4306+
"74147312-ba03-4bea-91d1-040d54c1e8c3": {
4307+
"min_stack_version": "8.18",
4308+
"rule_name": "Microsoft Sentinel External Alerts",
4309+
"sha256": "a34a03f8ae7aa0e2dd7e603598ea2a6ce21901318fe406e2e71b9bb9a42f8d8f",
4310+
"type": "query",
4311+
"version": 1
4312+
},
42864313
"7453e19e-3dbf-4e4e-9ae0-33d6c6ed15e1": {
42874314
"rule_name": "Modification of Environment Variable via Unsigned or Untrusted Parent",
42884315
"sha256": "ddf21d53d6b8b8924b7cd9e99aa28d4f195a780f81fedcabd802cfa7f5eb3443",
@@ -5697,6 +5724,13 @@
56975724
"type": "eql",
56985725
"version": 209
56995726
},
5727+
"9b35422b-9102-45a9-8610-2e0c22281c55": {
5728+
"min_stack_version": "8.18",
5729+
"rule_name": "SentinelOne Alert External Alerts",
5730+
"sha256": "68730c7058c78efbdb1fa839ed203894407fe046b9db371d79697927d04df699",
5731+
"type": "query",
5732+
"version": 1
5733+
},
57005734
"9b6813a1-daf1-457e-b0e6-0bb4e55b8a4c": {
57015735
"rule_name": "Persistence via WMI Event Subscription",
57025736
"sha256": "c41ecc6deef7ce4de642b215d877cca87c3bdd1c8dbbddece705c8d211f78b82",
@@ -6346,6 +6380,13 @@
63466380
"type": "new_terms",
63476381
"version": 13
63486382
},
6383+
"aeebe561-c338-4118-9924-8cb4e478aa58": {
6384+
"min_stack_version": "8.18",
6385+
"rule_name": "CrowdStrike External Alerts",
6386+
"sha256": "3ed638538030b56001a17551427ce3c28872dc46cc8d25eaf05b09d40b3973c6",
6387+
"type": "query",
6388+
"version": 1
6389+
},
63496390
"af1e36fe-0abd-4463-b5ec-4e276dec0b26": {
63506391
"rule_name": "Linux Telegram API Request",
63516392
"sha256": "6ac91d1a303eaa48227d0640d61daf8090249c5177fec04c8eab7eef3e42a2c6",
@@ -7583,6 +7624,13 @@
75837624
"type": "eql",
75847625
"version": 107
75857626
},
7627+
"d3b6222f-537e-4b84-956a-3ebae2dcf811": {
7628+
"min_stack_version": "8.18",
7629+
"rule_name": "Splunk External Alerts",
7630+
"sha256": "f378f24577665171fd3b33d5b1172def6d1fa3fa89da6e34e50c43d6f969e922",
7631+
"type": "query",
7632+
"version": 1
7633+
},
75867634
"d43f2b43-02a1-4219-8ce9-10929a32a618": {
75877635
"rule_name": "Potential PowerShell Obfuscation via Backtick-Escaped Variable Expansion",
75887636
"sha256": "eaeaebdaa3240798af533bd1db03a445ea59bf9841b14a82684a4de790cf0c2b",
@@ -8195,6 +8243,13 @@
81958243
"type": "eql",
81968244
"version": 218
81978245
},
8246+
"e43b7578-f3cc-4682-a8cf-f9d8a5fb07f1": {
8247+
"min_stack_version": "8.18",
8248+
"rule_name": "SentinelOne Threat External Alerts",
8249+
"sha256": "187f393346f1e5ce97e9a11d3cb68a3d26efed06da5070cba9858bb5e01bef6e",
8250+
"type": "query",
8251+
"version": 1
8252+
},
81988253
"e468f3f6-7c4c-45bb-846a-053738b3fe5d": {
81998254
"rule_name": "First Time Seen NewCredentials Logon Process",
82008255
"sha256": "1427e75700829bf8f8c5f393c446556c02e5016d04293bca9c2112a6d88fc352",
@@ -8676,10 +8731,10 @@
86768731
"version": 105
86778732
},
86788733
"f0cc239b-67fa-46fc-89d4-f861753a40f5": {
8679-
"rule_name": "Microsoft Azure or Mail Sign-in from a Suspicious Source",
8680-
"sha256": "4fd69243a3f405a2fc8dac28257d472860062369ad573cd79c1e6fc5b6add7a7",
8734+
"rule_name": "Microsoft 365 or Entra ID Sign-in from a Suspicious Source",
8735+
"sha256": "1c82a2568d10fea4868e5657b9934f3be6431843d1a284c5dde1fff807ea002e",
86818736
"type": "esql",
8682-
"version": 2
8737+
"version": 3
86838738
},
86848739
"f0dbff4c-1aa7-4458-9ed5-ada472f64970": {
86858740
"rule_name": "dMSA Account Creation by an Unusual User",
@@ -8767,9 +8822,9 @@
87678822
},
87688823
"f33e68a4-bd19-11ed-b02f-f661ea17fbcc": {
87698824
"rule_name": "Google Workspace Object Copied to External Drive with App Consent",
8770-
"sha256": "5377740b067e775623f0521c2d29b16c6652340c0b2039ef6eb7efd52d98693d",
8825+
"sha256": "e3d5d22bf6f0e1c8cdf350e9585236e6eb414438bc033c531501c84f9d4d3681",
87718826
"type": "eql",
8772-
"version": 10
8827+
"version": 11
87738828
},
87748829
"f3403393-1fd9-4686-8f6e-596c58bc00b4": {
87758830
"rule_name": "Machine Learning Detected a DNS Request Predicted to be a DGA Domain",

pyproject.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[project]
22
name = "detection_rules"
3-
version = "1.3.20"
3+
version = "1.3.21"
44
description = "Detection Rules is the home for rules used by Elastic Security. This repository is used for the development, maintenance, testing, validation, and release of rules for Elastic Security’s Detection Engine."
55
readme = "README.md"
66
requires-python = ">=3.12"

0 commit comments

Comments
 (0)