elastic
diff --git a/‎detection_rules/etc/deprecated_rules.json‎
Lines changed: 90 additions & 0 deletions b/‎detection_rules/etc/deprecated_rules.json‎
Lines changed: 90 additions & 0 deletions
@@ -1,4 +1,9 @@
 {
+  "03a514d9-500e-443e-b6a9-72718c548f6c": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - SSH Process Launched From Inside A Container",
+    "stack_version": "8.14"
+  },
   "041d4d41-9589-43e2-ba13-5680af75ebc2": {
     "deprecation_date": "2023/09/25",
     "rule_name": "Deprecated - Potential DNS Tunneling via Iodine",
@@ -49,11 +54,21 @@
     "rule_name": "SQL Traffic to the Internet",
     "stack_version": "7.14.0"
   },
+  "160896de-b66f-42cb-8fef-20f53a9006ea": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - Potential Container Escape via Modified release_agent File",
+    "stack_version": "8.14"
+  },
   "1859ce38-6a50-422b-a5e8-636e231ea0cd": {
     "deprecation_date": "2022/05/09",
     "rule_name": "Linux Restricted Shell Breakout via c89/c99 Shell evasion",
     "stack_version": "7.16"
   },
+  "1a289854-5b78-49fe-9440-8a8096b1ab50": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - Suspicious Network Tool Launched Inside A Container",
+    "stack_version": "8.14"
+  },
   "20dc4620-3b68-4269-8124-ca5091e00ea8": {
     "deprecation_date": "2022/07/25",
     "rule_name": "Auditd Max Login Sessions",
@@ -89,6 +104,11 @@
     "rule_name": "Malicious Remote File Creation",
     "stack_version": "8.9"
   },
+  "342f834b-21a6-41bf-878c-87d116eba3ee": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - Modification of Dynamic Linker Preload Shared Object Inside A Container",
+    "stack_version": "8.14"
+  },
   "3605a013-6f0c-4f7d-88a5-326f5be262ec": {
     "deprecation_date": "2022/08/01",
     "rule_name": "Potential Privilege Escalation via Local Kerberos Relay over LDAP",
@@ -104,11 +124,26 @@
     "rule_name": "Deprecated - Potential Password Spraying of Microsoft 365 User Accounts",
     "stack_version": "8.12"
   },
+  "41f7da9e-4e9f-4a81-9b58-40d725d83bc0": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - Mount Launched Inside a Privileged Container",
+    "stack_version": "8.14"
+  },
+  "420e5bb4-93bf-40a3-8f4a-4cc1af90eca1": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - Interactive Exec Command Launched Against A Running Container",
+    "stack_version": "8.14"
+  },
   "43303fd4-4839-4e48-b2b2-803ab060758d": {
     "deprecation_date": "2022/09/13",
     "rule_name": "Web Application Suspicious Activity: No User Agent",
     "stack_version": "8.5"
   },
+  "475b42f0-61fb-4ef0-8a85-597458bfb0a1": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - Sensitive Files Compression Inside A Container",
+    "stack_version": "8.14"
+  },
   "47f09343-8d1f-4bb5-8bb0-00c9d18f5010": {
     "deprecation_date": "2021/03/17",
     "rule_name": "Execution via Regsvcs/Regasm",
@@ -129,6 +164,11 @@
     "rule_name": "Deprecated - Potential Reverse Shell via Suspicious Parent Process",
     "stack_version": "8.3"
   },
+  "4b4e9c99-27ea-4621-95c8-82341bc6e512": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - Container Workload Protection",
+    "stack_version": "8.14"
+  },
   "5e87f165-45c2-4b80-bfa5-52822552c997": {
     "deprecation_date": "2022/03/16",
     "rule_name": "Potential PrintNightmare File Modification",
@@ -159,6 +199,11 @@
     "rule_name": "Deprecated - Threat Intel Filebeat Module (v8.x) Indicator Match",
     "stack_version": "8.5"
   },
+  "6c6bb7ea-0636-44ca-b541-201478ef6b50": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - Container Management Utility Run Inside A Container",
+    "stack_version": "8.14"
+  },
   "6ea71ff0-9e95-475b-9506-2580d1ce6154": {
     "deprecation_date": "2022/08/02",
     "rule_name": "DNS Activity to the Internet",
@@ -224,6 +269,11 @@
     "rule_name": "Deprecated - Suspicious JAVA Child Process",
     "stack_version": "8.12"
   },
+  "8d3d0794-c776-476b-8674-ee2e685f6470": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - Suspicious Interactive Shell Spawned From Inside A Container",
+    "stack_version": "8.14"
+  },
   "8fed8450-847e-43bd-874c-3bbf0cd425f3": {
     "deprecation_date": "2022/05/09",
     "rule_name": "Linux Restricted Shell Breakout via  apt/apt-get Changelog Escape",
@@ -234,6 +284,16 @@
     "rule_name": "Auditd Login Attempt at Forbidden Time",
     "stack_version": "7.16"
   },
+  "9661ed8b-001c-40dc-a777-0983b7b0c91a": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - Sensitive Keys Or Passwords Searched For Inside A Container",
+    "stack_version": "8.14"
+  },
+  "97697a52-4a76-4f0a-aa4f-25c178aae6eb": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - File System Debugger Launched Inside a Privileged Container",
+    "stack_version": "8.14"
+  },
   "97da359b-2b61-4a40-b2e4-8fc48cf7a294": {
     "deprecation_date": "2022/05/09",
     "rule_name": "Linux Restricted Shell Breakout via the SSH command",
@@ -259,6 +319,11 @@
     "rule_name": "Network Connection via Mshta",
     "stack_version": "7.10.0"
   },
+  "a52a9439-d52c-401c-be37-2785235c6547": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - Netcat Listener Established Inside A Container",
+    "stack_version": "8.14"
+  },
   "a5f0d057-d540-44f5-924d-c6a2ae92f045": {
     "deprecation_date": "2023/06/22",
     "rule_name": "Potential SSH Brute Force Detected on Privileged Account",
@@ -309,6 +374,11 @@
     "rule_name": "Socat Process Activity",
     "stack_version": "7.14.0"
   },
+  "d0b0f3ed-0b37-44bf-adee-e8cb7de92767": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - AWS Credentials Searched For Inside A Container",
+    "stack_version": "8.14"
+  },
   "d2053495-8fe7-4168-b3df-dad844046be3": {
     "deprecation_date": "2021/04/15",
     "rule_name": "PPTP (Point to Point Tunneling Protocol) Activity",
@@ -364,16 +434,36 @@
     "rule_name": "Suspicious Network Connection Attempt by Root",
     "stack_version": "8.3"
   },
+  "ec604672-bed9-43e1-8871-cf591c052550": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - File Made Executable via Chmod Inside A Container",
+    "stack_version": "8.14"
+  },
   "ee619805-54d7-4c56-ba6f-7717282ddd73": {
     "deprecation_date": "2022/05/09",
     "rule_name": "Linux Restricted Shell Breakout via crash Shell evasion",
     "stack_version": "7.16"
   },
+  "ef65e82c-d8b4-4895-9824-5f6bc6166804": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - Potential Container Escape via Modified notify_on_release File",
+    "stack_version": "8.14"
+  },
   "f52362cd-baf1-4b6d-84be-064efc826461": {
     "deprecation_date": "2022/05/09",
     "rule_name": "Linux Restricted Shell Breakout via flock Shell evasion",
     "stack_version": "7.16"
   },
+  "f5488ac1-099e-4008-a6cb-fb638a0f0828": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - SSH Connection Established Inside A Running Container",
+    "stack_version": "8.14"
+  },
+  "f7769104-e8f9-4931-94a2-68fc04eadec3": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - SSH Authorized Keys File Modified Inside a Container",
+    "stack_version": "8.14"
+  },
   "fb9937ce-7e21-46bf-831d-1ad96eac674d": {
     "deprecation_date": "2022/07/25",
     "rule_name": "Auditd Max Failed Login Attempts",