Bumped versions

ljstella · ljstella · commit d6f03a2d24b8 · 2025-09-09T08:49:59.000-04:00
diff --git a/detections/endpoint/cisco_nvm___curl_execution_with_insecure_flags.yml b/detections/endpoint/cisco_nvm___curl_execution_with_insecure_flags.yml
@@ -1,7 +1,7 @@
 name: Cisco NVM - Curl Execution With Insecure Flags
 id: cc695238-3117-4e60-aa83-4beac2a42c69
-version: 1
-date: '2025-07-01'
+version: 2
+date: '2025-09-09'
 author: Nasreddine Bencherchali, Splunk
 status: production
 type: Anomaly
diff --git a/detections/endpoint/cisco_nvm___mshtml_or_mshta_network_execution_without_url_in_cli.yml b/detections/endpoint/cisco_nvm___mshtml_or_mshta_network_execution_without_url_in_cli.yml
@@ -1,7 +1,7 @@
 name: Cisco NVM - MSHTML or MSHTA Network Execution Without URL in CLI
 id: f2a9df84-9b01-4a21-9e3a-7aa1a217f69e
-version: 1
-date: '2025-07-03'
+version: 2
+date: '2025-09-09'
 author: Nasreddine Bencherchali, Splunk
 status: production
 type: Anomaly
diff --git a/detections/endpoint/cisco_nvm___non_network_binary_making_network_connection.yml b/detections/endpoint/cisco_nvm___non_network_binary_making_network_connection.yml
@@ -1,7 +1,7 @@
 name: Cisco NVM - Non-Network Binary Making Network Connection
 id: c6db35af-8a0e-4b61-88ed-738e66f15715
-version: 1
-date: '2025-07-01'
+version: 2
+date: '2025-09-09'
 author: Nasreddine Bencherchali, Splunk
 status: production
 type: Anomaly
diff --git a/detections/endpoint/cisco_nvm___outbound_connection_to_suspicious_port.yml b/detections/endpoint/cisco_nvm___outbound_connection_to_suspicious_port.yml
@@ -1,7 +1,7 @@
 name: Cisco NVM - Outbound Connection to Suspicious Port
 id: fc32a8d5-bc79-4437-b48f-4646ab7bed9d
-version: 1
-date: '2025-07-01'
+version: 2
+date: '2025-09-09'
 author: Nasreddine Bencherchali, Splunk
 status: production
 type: Anomaly
diff --git a/detections/endpoint/cisco_nvm___rclone_execution_with_network_activity.yml b/detections/endpoint/cisco_nvm___rclone_execution_with_network_activity.yml
@@ -1,7 +1,7 @@
 name: Cisco NVM - Rclone Execution With Network Activity
 id: 719f8c78-b20d-4bb9-8c33-6d1a762e7a9a
-version: 1
-date: '2025-07-03'
+version: 2
+date: '2025-09-09'
 author: Nasreddine Bencherchali, Splunk
 status: production
 type: Anomaly
diff --git a/detections/endpoint/cisco_nvm___rundll32_abuse_of_mshtml_dll_for_payload_download.yml b/detections/endpoint/cisco_nvm___rundll32_abuse_of_mshtml_dll_for_payload_download.yml
@@ -1,7 +1,7 @@
 name: Cisco NVM - Rundll32 Abuse of MSHTML.DLL for Payload Download
 id: 18f0d27d-569e-4bc4-96e1-09b214fa73c0
-version: 1
-date: '2025-07-03'
+version: 2
+date: '2025-09-09'
 author: Nasreddine Bencherchali, Splunk
 status: production
 type: Anomaly
diff --git a/detections/endpoint/cisco_nvm___susp_script_from_archive_triggering_network_activity.yml b/detections/endpoint/cisco_nvm___susp_script_from_archive_triggering_network_activity.yml
@@ -1,7 +1,7 @@
 name: Cisco NVM - Susp Script From Archive Triggering Network Activity
 id: 8b07c2c9-0cde-4c44-9fa6-59dcf2b25777
-version: 1
-date: '2025-07-01'
+version: 2
+date: '2025-09-09'
 author: Nasreddine Bencherchali, Splunk
 status: production
 type: Anomaly
diff --git a/detections/endpoint/cisco_nvm___suspicious_download_from_file_sharing_website.yml b/detections/endpoint/cisco_nvm___suspicious_download_from_file_sharing_website.yml
@@ -1,7 +1,7 @@
 name: Cisco NVM - Suspicious Download From File Sharing Website
 id: 94ebc001-35e7-4ae8-9b0e-52766b2f99c7
-version: 1
-date: '2025-07-01'
+version: 2
+date: '2025-09-09'
 author: Nasreddine Bencherchali, Splunk
 status: production
 type: Anomaly
diff --git a/detections/endpoint/cisco_nvm___suspicious_file_download_via_headless_browser.yml b/detections/endpoint/cisco_nvm___suspicious_file_download_via_headless_browser.yml
@@ -1,7 +1,7 @@
 name: Cisco NVM - Suspicious File Download via Headless Browser
 id: cd0e816f-f67d-4dbe-a153-480b546e867e
-version: 1
-date: '2025-07-02'
+version: 2
+date: '2025-09-09'
 author: Nasreddine Bencherchali, Splunk
 status: production
 type: TTP
diff --git a/detections/endpoint/cisco_nvm___suspicious_network_connection_from_process_with_no_args.yml b/detections/endpoint/cisco_nvm___suspicious_network_connection_from_process_with_no_args.yml
@@ -1,7 +1,7 @@
 name: Cisco NVM - Suspicious Network Connection From Process With No Args
 id: 54fa06c5-96a2-4406-a4a7-44d93ddbd173
-version: 1
-date: '2025-07-02'
+version: 2
+date: '2025-09-09'
 author: Nasreddine Bencherchali, Splunk
 status: production
 type: Anomaly
diff --git a/detections/endpoint/cisco_nvm___suspicious_network_connection_initiated_via_msxsl.yml b/detections/endpoint/cisco_nvm___suspicious_network_connection_initiated_via_msxsl.yml
@@ -1,7 +1,7 @@
 name: Cisco NVM - Suspicious Network Connection Initiated via MsXsl
 id: 1cbcf75f-0e45-4f29-8c1b-7fcd7e55cc55
-version: 1
-date: '2025-07-03'
+version: 2
+date: '2025-09-09'
 author: Nasreddine Bencherchali, Splunk
 status: production
 type: Anomaly
diff --git a/detections/endpoint/cisco_nvm___suspicious_network_connection_to_ip_lookup_service_api.yml b/detections/endpoint/cisco_nvm___suspicious_network_connection_to_ip_lookup_service_api.yml
@@ -1,7 +1,7 @@
 name: Cisco NVM - Suspicious Network Connection to IP Lookup Service API
 id: 568cb83e-d79e-4a23-85ec-6e1f6c30cb2f
-version: 2
-date: '2025-07-21'
+version: 3
+date: '2025-09-09'
 author: Nasreddine Bencherchali, Splunk, Janantha Marasinghe
 status: production
 type: Anomaly
diff --git a/detections/endpoint/cisco_nvm___webserver_download_from_file_sharing_website.yml b/detections/endpoint/cisco_nvm___webserver_download_from_file_sharing_website.yml
@@ -1,7 +1,7 @@
 name: Cisco NVM - Webserver Download From File Sharing Website
 id: 1984f997-3b49-4d4b-a7e9-dc5dbf88370e
-version: 1
-date: '2025-07-01'
+version: 2
+date: '2025-09-09'
 author: Nasreddine Bencherchali, Splunk
 status: production
 type: TTP
diff --git a/detections/endpoint/detect_rclone_command_line_usage.yml b/detections/endpoint/detect_rclone_command_line_usage.yml
@@ -1,7 +1,7 @@
 name: Detect RClone Command-Line Usage
 id: 32e0baea-b3f1-11eb-a2ce-acde48001122
-version: 12
-date: '2025-07-04'
+version: 13
+date: '2025-09-09'
 author: Michael Haag, Splunk
 status: production
 type: TTP
diff --git a/detections/endpoint/windows_curl_download_to_suspicious_path.yml b/detections/endpoint/windows_curl_download_to_suspicious_path.yml
@@ -1,7 +1,7 @@
 name: Windows Curl Download to Suspicious Path
 id: c32f091e-30db-11ec-8738-acde48001122
-version: 14
-date: '2025-06-30'
+version: 15
+date: '2025-09-09'
 author: Michael Haag, Nasreddine Bencherchali, Splunk
 status: production
 type: TTP
diff --git a/detections/endpoint/windows_file_download_via_powershell.yml b/detections/endpoint/windows_file_download_via_powershell.yml
@@ -1,7 +1,7 @@
 name: Windows File Download Via PowerShell
 id: 58c4e56c-b5b8-46a3-b5fb-6537dca3c6de
-version: 1
-date: '2025-06-23'
+version: 2
+date: '2025-09-09'
 author: Michael Haag, Nasreddine Bencherchali, Splunk
 status: production
 type: Anomaly
diff --git a/detections/endpoint/windows_installutil_remote_network_connection.yml b/detections/endpoint/windows_installutil_remote_network_connection.yml
@@ -1,7 +1,7 @@
 name: Windows InstallUtil Remote Network Connection
 id: 4fbf9270-43da-11ec-9486-acde48001122
-version: 15
-date: '2025-06-26'
+version: 16
+date: '2025-09-09'
 author: Michael Haag, Splunk
 status: production
 type: Anomaly
diff --git a/detections/endpoint/windows_installutil_url_in_command_line.yml b/detections/endpoint/windows_installutil_url_in_command_line.yml
@@ -1,7 +1,7 @@
 name: Windows InstallUtil URL in Command Line
 id: 28e06670-43df-11ec-a569-acde48001122
-version: 11
-date: '2025-02-03'
+version: 12
+date: '2025-09-09'
 author: Michael Haag, Splunk
 status: production
 type: TTP
diff --git a/detections/endpoint/windows_msiexec_remote_download.yml b/detections/endpoint/windows_msiexec_remote_download.yml
@@ -1,7 +1,7 @@
 name: Windows MSIExec Remote Download
 id: 6aa49ff2-3c92-4586-83e0-d83eb693dfda
-version: 10
-date: '2025-06-26'
+version: 11
+date: '2025-09-09'
 author: Michael Haag, Splunk
 status: production
 type: TTP
diff --git a/detections/endpoint/windows_powershell_msix_package_installation.yml b/detections/endpoint/windows_powershell_msix_package_installation.yml
@@ -1,7 +1,7 @@
 name: Windows PowerShell MSIX Package Installation
 id: d2f77901-dbfa-42d9-8af7-dcd0f1a50a2f
-version: 1
-date: '2025-08-05'
+version: 2
+date: '2025-09-09'
 author: Michael Haag, Splunk
 status: production
 type: TTP
diff --git a/detections/endpoint/wmic_xsl_execution_via_url.yml b/detections/endpoint/wmic_xsl_execution_via_url.yml
@@ -1,7 +1,7 @@
 name: WMIC XSL Execution via URL
 id: 787e9dd0-4328-11ec-a029-acde48001122
-version: 10
-date: '2025-07-02'
+version: 11
+date: '2025-09-09'
 author: Michael Haag, Splunk
 status: production
 type: TTP
diff --git a/detections/network/cisco_smart_install_oversized_packet_detection.yml b/detections/network/cisco_smart_install_oversized_packet_detection.yml
@@ -1,7 +1,7 @@
 name: Cisco Smart Install Oversized Packet Detection
 id: 3b8d2b4f-4e1e-4a9e-9b43-8a7a3a9c7e21
-version: 1
-date: '2025-08-21'
+version: 2
+date: '2025-09-09'
 author: Bhavin Patel, Michael Haag, Splunk
 status: production
 type: TTP
