updating descirption

patel-bhavin · patel-bhavin · commit 15ab58b7981c · 2025-02-10T14:02:05.000-08:00
diff --git a/detections/deprecated/known_services_killed_by_ransomware.yml b/detections/deprecated/known_services_killed_by_ransomware.yml
@@ -5,7 +5,7 @@ date: '2025-02-07'
 author: Teoderick Contreras, Splunk
 status: deprecated
 type: TTP
-description: The following analytic detects the suspicious termination of known services
+description: This analytic has been deprecated in favor of a new analytic - Windows Security And Backup Services Stop. The following analytic detects the suspicious termination of known services
   commonly targeted by ransomware before file encryption. It leverages Windows System
   Event Logs (EventCode 7036) to identify when critical services such as Volume Shadow
   Copy, backup, and antivirus services are stopped. This activity is significant because
diff --git a/detections/deprecated/suspicious_driver_loaded_path.yml b/detections/deprecated/suspicious_driver_loaded_path.yml
@@ -5,7 +5,7 @@ date: '2025-02-06'
 author: Teoderick Contreras, Splunk
 status: deprecated
 type: TTP
-description: The following analytic detects the loading of drivers from suspicious
+description: This search has been deprecated in favour of - Windows Suspicious Driver Loaded Path. The following analytic detects the loading of drivers from suspicious
   paths, which is a technique often used by malicious software such as coin miners
   (e.g., xmrig). It leverages Sysmon EventCode 6 to identify drivers loaded from non-standard
   directories. This activity is significant because legitimate drivers typically reside
diff --git a/detections/deprecated/suspicious_process_file_path.yml b/detections/deprecated/suspicious_process_file_path.yml
@@ -5,7 +5,7 @@ date: '2025-02-10'
 author: Teoderick Contreras, Splunk
 status: deprecated
 type: TTP
-description: The following analytic identifies processes running from file paths not
+description: This search has been deprecated in favour of -  Windows Suspicious Process File Path. The following analytic identifies processes running from file  paths not
   typically associated with legitimate software. It leverages data from Endpoint Detection
   and Response (EDR) agents, focusing on specific process paths within the Endpoint
   data model. This activity is significant because adversaries often use unconventional
