Merge branch 'main' into rule-tuning-shared-object-creation

terrancedejesus · web-flow · commit e88bfce2f9a7 · 2025-03-14T23:53:26.000-04:00
diff --git a/.github/workflows/kibana-mitre-update.yml b/.github/workflows/kibana-mitre-update.yml
@@ -15,6 +15,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Get MITRE Attack changed files
+        if: false
         id: changed-attack-files
         uses: tj-actions/changed-files@v44
         with:
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "detection_rules"
-version = "0.4.22"
+version = "0.4.23"
 description = "Detection Rules is the home for rules used by Elastic Security. This repository is used for the development, maintenance, testing, validation, and release of rules for Elastic Security’s Detection Engine."
 readme = "README.md"
 requires-python = ">=3.12"
diff --git a/rules/_deprecated/container_workload_protection.toml b/rules/_deprecated/container_workload_protection.toml
@@ -1,8 +1,9 @@
 [metadata]
 creation_date = "2023/04/05"
 integration = ["cloud_defend"]
-maturity = "production"
-updated_date = "2025/02/06"
+deprecation_date = "2025/03/14"
+maturity = "deprecated"
+updated_date = "2025/03/14"
 
 [rule]
 author = ["Elastic"]
diff --git a/rules/_deprecated/credential_access_aws_creds_search_inside_a_container.toml b/rules/_deprecated/credential_access_aws_creds_search_inside_a_container.toml
@@ -1,8 +1,9 @@
 [metadata]
 creation_date = "2023/06/28"
 integration = ["cloud_defend"]
-maturity = "production"
-updated_date = "2025/02/06"
+deprecation_date = "2025/03/14"
+maturity = "deprecated"
+updated_date = "2025/03/14"
 
 [rule]
 author = ["Elastic"]
diff --git a/rules/_deprecated/credential_access_collection_sensitive_files_compression_inside_a_container.toml b/rules/_deprecated/credential_access_collection_sensitive_files_compression_inside_a_container.toml
@@ -1,8 +1,9 @@
 [metadata]
 creation_date = "2023/05/12"
 integration = ["cloud_defend"]
-maturity = "production"
-updated_date = "2025/02/06"
+deprecation_date = "2025/03/14"
+maturity = "deprecated"
+updated_date = "2025/03/14"
 
 [rule]
 author = ["Elastic"]
diff --git a/rules/_deprecated/credential_access_sensitive_keys_or_passwords_search_inside_a_container.toml b/rules/_deprecated/credential_access_sensitive_keys_or_passwords_search_inside_a_container.toml
@@ -1,8 +1,9 @@
 [metadata]
 creation_date = "2023/05/12"
 integration = ["cloud_defend"]
-maturity = "production"
-updated_date = "2025/02/06"
+deprecation_date = "2025/03/14"
+maturity = "deprecated"
+updated_date = "2025/03/14"
 
 [rule]
 author = ["Elastic"]
diff --git a/rules/_deprecated/defense_evasion_ld_preload_shared_object_modified_inside_a_container.toml b/rules/_deprecated/defense_evasion_ld_preload_shared_object_modified_inside_a_container.toml
@@ -1,8 +1,9 @@
 [metadata]
 creation_date = "2023/06/06"
 integration = ["cloud_defend"]
-maturity = "production"
-updated_date = "2025/02/06"
+deprecation_date = "2025/03/14"
+maturity = "deprecated"
+updated_date = "2025/03/14"
 
 [rule]
 author = ["Elastic"]
diff --git a/rules/_deprecated/discovery_suspicious_network_tool_launched_inside_a_container.toml b/rules/_deprecated/discovery_suspicious_network_tool_launched_inside_a_container.toml
@@ -1,8 +1,9 @@
 [metadata]
 creation_date = "2023/04/26"
 integration = ["cloud_defend"]
-maturity = "production"
-updated_date = "2025/02/06"
+deprecation_date = "2025/03/14"
+maturity = "deprecated"
+updated_date = "2025/03/14"
 
 [rule]
 author = ["Elastic"]
diff --git a/rules/_deprecated/execution_container_management_binary_launched_inside_a_container.toml b/rules/_deprecated/execution_container_management_binary_launched_inside_a_container.toml
@@ -1,8 +1,9 @@
 [metadata]
 creation_date = "2023/04/26"
 integration = ["cloud_defend"]
-maturity = "production"
-updated_date = "2025/02/06"
+deprecation_date = "2025/03/14"
+maturity = "deprecated"
+updated_date = "2025/03/14"
 
 [rule]
 author = ["Elastic"]
diff --git a/rules/_deprecated/execution_file_made_executable_via_chmod_inside_a_container.toml b/rules/_deprecated/execution_file_made_executable_via_chmod_inside_a_container.toml
@@ -1,8 +1,9 @@
 [metadata]
 creation_date = "2023/04/26"
 integration = ["cloud_defend"]
-maturity = "production"
-updated_date = "2025/02/06"
+deprecation_date = "2025/03/14"
+maturity = "deprecated"
+updated_date = "2025/03/14"
 
 [rule]
 author = ["Elastic"]
diff --git a/rules/_deprecated/execution_interactive_exec_to_container.toml b/rules/_deprecated/execution_interactive_exec_to_container.toml
@@ -1,8 +1,9 @@
 [metadata]
 creation_date = "2023/05/12"
 integration = ["cloud_defend"]
-maturity = "production"
-updated_date = "2025/02/06"
+deprecation_date = "2025/03/14"
+maturity = "deprecated"
+updated_date = "2025/03/14"
 
 [rule]
 author = ["Elastic"]
diff --git a/rules/_deprecated/execution_interactive_shell_spawned_from_inside_a_container.toml b/rules/_deprecated/execution_interactive_shell_spawned_from_inside_a_container.toml
@@ -1,8 +1,9 @@
 [metadata]
 creation_date = "2023/04/26"
 integration = ["cloud_defend"]
-maturity = "production"
-updated_date = "2025/02/06"
+deprecation_date = "2025/03/14"
+maturity = "deprecated"
+updated_date = "2025/03/14"
 
 [rule]
 author = ["Elastic"]
diff --git a/rules/_deprecated/execution_netcat_listener_established_inside_a_container.toml b/rules/_deprecated/execution_netcat_listener_established_inside_a_container.toml
@@ -1,8 +1,9 @@
 [metadata]
 creation_date = "2023/04/26"
 integration = ["cloud_defend"]
-maturity = "production"
-updated_date = "2025/02/06"
+deprecation_date = "2025/03/14"
+maturity = "deprecated"
+updated_date = "2025/03/14"
 
 [rule]
 author = ["Elastic"]
diff --git a/rules/_deprecated/initial_access_ssh_connection_established_inside_a_container.toml b/rules/_deprecated/initial_access_ssh_connection_established_inside_a_container.toml
@@ -1,8 +1,9 @@
 [metadata]
 creation_date = "2023/05/12"
 integration = ["cloud_defend"]
-maturity = "production"
-updated_date = "2025/02/06"
+deprecation_date = "2025/03/14"
+maturity = "deprecated"
+updated_date = "2025/03/14"
 
 [rule]
 author = ["Elastic"]
diff --git a/rules/_deprecated/lateral_movement_ssh_process_launched_inside_a_container.toml b/rules/_deprecated/lateral_movement_ssh_process_launched_inside_a_container.toml
@@ -1,8 +1,9 @@
 [metadata]
 creation_date = "2023/05/12"
 integration = ["cloud_defend"]
-maturity = "production"
-updated_date = "2025/02/06"
+deprecation_date = "2025/03/14"
+maturity = "deprecated"
+updated_date = "2025/03/14"
 
 [rule]
 author = ["Elastic"]
diff --git a/rules/_deprecated/persistence_ssh_authorized_keys_modification_inside_a_container.toml b/rules/_deprecated/persistence_ssh_authorized_keys_modification_inside_a_container.toml
@@ -1,8 +1,9 @@
 [metadata]
 creation_date = "2023/05/12"
 integration = ["cloud_defend"]
-maturity = "production"
-updated_date = "2025/02/06"
+deprecation_date = "2025/03/14"
+maturity = "deprecated"
+updated_date = "2025/03/14"
 
 [rule]
 author = ["Elastic"]
diff --git a/rules/_deprecated/privilege_escalation_debugfs_launched_inside_a_privileged_container.toml b/rules/_deprecated/privilege_escalation_debugfs_launched_inside_a_privileged_container.toml
@@ -1,8 +1,9 @@
 [metadata]
 creation_date = "2023/10/26"
 integration = ["cloud_defend"]
-maturity = "production"
-updated_date = "2025/02/06"
+deprecation_date = "2025/03/14"
+maturity = "deprecated"
+updated_date = "2025/03/14"
 
 [rule]
 author = ["Elastic"]
diff --git a/rules/_deprecated/privilege_escalation_mount_launched_inside_a_privileged_container.toml b/rules/_deprecated/privilege_escalation_mount_launched_inside_a_privileged_container.toml
@@ -1,8 +1,9 @@
 [metadata]
 creation_date = "2023/10/26"
 integration = ["cloud_defend"]
-maturity = "production"
-updated_date = "2025/02/06"
+deprecation_date = "2025/03/14"
+maturity = "deprecated"
+updated_date = "2025/03/14"
 
 [rule]
 author = ["Elastic"]
diff --git a/rules/_deprecated/privilege_escalation_potential_container_escape_via_modified_notify_on_release_file.toml b/rules/_deprecated/privilege_escalation_potential_container_escape_via_modified_notify_on_release_file.toml
@@ -1,8 +1,9 @@
 [metadata]
 creation_date = "2023/10/26"
 integration = ["cloud_defend"]
-maturity = "production"
-updated_date = "2025/02/06"
+deprecation_date = "2025/03/14"
+maturity = "deprecated"
+updated_date = "2025/03/14"
 
 [rule]
 author = ["Elastic"]
diff --git a/rules/_deprecated/privilege_escalation_potential_container_escape_via_modified_release_agent_file.toml b/rules/_deprecated/privilege_escalation_potential_container_escape_via_modified_release_agent_file.toml
@@ -1,8 +1,9 @@
 [metadata]
 creation_date = "2023/10/26"
 integration = ["cloud_defend"]
-maturity = "production"
-updated_date = "2025/02/06"
+deprecation_date = "2025/03/14"
+maturity = "deprecated"
+updated_date = "2025/03/14"
 
 [rule]
 author = ["Elastic"]
