From 7053d42e439b1c7e1aa99a723952fe12228c23d4 Mon Sep 17 00:00:00 2001
From: frack113 <magicfrancois@gmail.com>
Date: Fri, 21 Jan 2022 11:59:13 +0100
Subject: [PATCH] move to builtin

---
 .../applocker/win_applocker_file_was_not_allowed_to_run.yml       | 0
 .../code_integrity/win_codeintegrity_failed_driver_load.yml       | 0
 rules/windows/{other => builtin}/dns_server/win_apt_gallium.yml   | 0
 .../windows/{other => builtin}/dns_server/win_susp_dns_config.yml | 0
 .../driverframeworks/win_usb_device_plugged.yml                   | 0
 rules/windows/{other => builtin}/ldap/win_ldap_recon.yml          | 0
 .../{other => builtin}/msexchange/win_exchange_cve_2021_42321.yml | 0
 .../msexchange/win_exchange_proxylogon_oabvirtualdir.yml          | 0
 .../msexchange/win_exchange_proxyshell_certificate_generation.yml | 0
 .../msexchange/win_exchange_proxyshell_mailbox_export.yml         | 0
 .../msexchange/win_exchange_proxyshell_remove_mailbox_export.yml  | 0
 .../{other => builtin}/msexchange/win_exchange_transportagent.yml | 0
 .../msexchange/win_exchange_transportagent_failed.yml             | 0
 .../msexchange/win_set_oabvirtualdirectory_externalurl.yml        | 0
 rules/windows/{other => builtin}/ntlm/win_susp_ntlm_auth.yml      | 0
 rules/windows/{other => builtin}/ntlm/win_susp_ntlm_rdp.yml       | 0
 .../printservice/win_exploit_cve_2021_1675_printspooler.yml       | 0
 .../win_exploit_cve_2021_1675_printspooler_operational.yml        | 0
 .../servicebus/win_hybridconnectionmgr_svc_running.yml            | 0
 .../{other => builtin}/smbclient/win_susp_failed_guest_logon.yml  | 0
 .../taskscheduler/win_rare_schtask_creation.yml                   | 0
 .../{other => builtin}/windefend/win_alert_lsass_access.yml       | 0
 .../{other => builtin}/windefend/win_defender_amsi_trigger.yml    | 0
 .../{other => builtin}/windefend/win_defender_disabled.yml        | 0
 .../{other => builtin}/windefend/win_defender_exclusions.yml      | 0
 .../{other => builtin}/windefend/win_defender_history_delete.yml  | 0
 .../{other => builtin}/windefend/win_defender_psexec_wmi_asr.yml  | 0
 .../windefend/win_defender_tamper_protection_trigger.yml          | 0
 .../windows/{other => builtin}/windefend/win_defender_threat.yml  | 0
 rules/windows/{other => builtin}/wmi/win_wmi_persistence.yml      | 0
 30 files changed, 0 insertions(+), 0 deletions(-)
 rename rules/windows/{other => builtin}/applocker/win_applocker_file_was_not_allowed_to_run.yml (100%)
 rename rules/windows/{other => builtin}/code_integrity/win_codeintegrity_failed_driver_load.yml (100%)
 rename rules/windows/{other => builtin}/dns_server/win_apt_gallium.yml (100%)
 rename rules/windows/{other => builtin}/dns_server/win_susp_dns_config.yml (100%)
 rename rules/windows/{other => builtin}/driverframeworks/win_usb_device_plugged.yml (100%)
 rename rules/windows/{other => builtin}/ldap/win_ldap_recon.yml (100%)
 rename rules/windows/{other => builtin}/msexchange/win_exchange_cve_2021_42321.yml (100%)
 rename rules/windows/{other => builtin}/msexchange/win_exchange_proxylogon_oabvirtualdir.yml (100%)
 rename rules/windows/{other => builtin}/msexchange/win_exchange_proxyshell_certificate_generation.yml (100%)
 rename rules/windows/{other => builtin}/msexchange/win_exchange_proxyshell_mailbox_export.yml (100%)
 rename rules/windows/{other => builtin}/msexchange/win_exchange_proxyshell_remove_mailbox_export.yml (100%)
 rename rules/windows/{other => builtin}/msexchange/win_exchange_transportagent.yml (100%)
 rename rules/windows/{other => builtin}/msexchange/win_exchange_transportagent_failed.yml (100%)
 rename rules/windows/{other => builtin}/msexchange/win_set_oabvirtualdirectory_externalurl.yml (100%)
 rename rules/windows/{other => builtin}/ntlm/win_susp_ntlm_auth.yml (100%)
 rename rules/windows/{other => builtin}/ntlm/win_susp_ntlm_rdp.yml (100%)
 rename rules/windows/{other => builtin}/printservice/win_exploit_cve_2021_1675_printspooler.yml (100%)
 rename rules/windows/{other => builtin}/printservice/win_exploit_cve_2021_1675_printspooler_operational.yml (100%)
 rename rules/windows/{other => builtin}/servicebus/win_hybridconnectionmgr_svc_running.yml (100%)
 rename rules/windows/{other => builtin}/smbclient/win_susp_failed_guest_logon.yml (100%)
 rename rules/windows/{other => builtin}/taskscheduler/win_rare_schtask_creation.yml (100%)
 rename rules/windows/{other => builtin}/windefend/win_alert_lsass_access.yml (100%)
 rename rules/windows/{other => builtin}/windefend/win_defender_amsi_trigger.yml (100%)
 rename rules/windows/{other => builtin}/windefend/win_defender_disabled.yml (100%)
 rename rules/windows/{other => builtin}/windefend/win_defender_exclusions.yml (100%)
 rename rules/windows/{other => builtin}/windefend/win_defender_history_delete.yml (100%)
 rename rules/windows/{other => builtin}/windefend/win_defender_psexec_wmi_asr.yml (100%)
 rename rules/windows/{other => builtin}/windefend/win_defender_tamper_protection_trigger.yml (100%)
 rename rules/windows/{other => builtin}/windefend/win_defender_threat.yml (100%)
 rename rules/windows/{other => builtin}/wmi/win_wmi_persistence.yml (100%)

diff --git a/rules/windows/other/applocker/win_applocker_file_was_not_allowed_to_run.yml b/rules/windows/builtin/applocker/win_applocker_file_was_not_allowed_to_run.yml
similarity index 100%
rename from rules/windows/other/applocker/win_applocker_file_was_not_allowed_to_run.yml
rename to rules/windows/builtin/applocker/win_applocker_file_was_not_allowed_to_run.yml
diff --git a/rules/windows/other/code_integrity/win_codeintegrity_failed_driver_load.yml b/rules/windows/builtin/code_integrity/win_codeintegrity_failed_driver_load.yml
similarity index 100%
rename from rules/windows/other/code_integrity/win_codeintegrity_failed_driver_load.yml
rename to rules/windows/builtin/code_integrity/win_codeintegrity_failed_driver_load.yml
diff --git a/rules/windows/other/dns_server/win_apt_gallium.yml b/rules/windows/builtin/dns_server/win_apt_gallium.yml
similarity index 100%
rename from rules/windows/other/dns_server/win_apt_gallium.yml
rename to rules/windows/builtin/dns_server/win_apt_gallium.yml
diff --git a/rules/windows/other/dns_server/win_susp_dns_config.yml b/rules/windows/builtin/dns_server/win_susp_dns_config.yml
similarity index 100%
rename from rules/windows/other/dns_server/win_susp_dns_config.yml
rename to rules/windows/builtin/dns_server/win_susp_dns_config.yml
diff --git a/rules/windows/other/driverframeworks/win_usb_device_plugged.yml b/rules/windows/builtin/driverframeworks/win_usb_device_plugged.yml
similarity index 100%
rename from rules/windows/other/driverframeworks/win_usb_device_plugged.yml
rename to rules/windows/builtin/driverframeworks/win_usb_device_plugged.yml
diff --git a/rules/windows/other/ldap/win_ldap_recon.yml b/rules/windows/builtin/ldap/win_ldap_recon.yml
similarity index 100%
rename from rules/windows/other/ldap/win_ldap_recon.yml
rename to rules/windows/builtin/ldap/win_ldap_recon.yml
diff --git a/rules/windows/other/msexchange/win_exchange_cve_2021_42321.yml b/rules/windows/builtin/msexchange/win_exchange_cve_2021_42321.yml
similarity index 100%
rename from rules/windows/other/msexchange/win_exchange_cve_2021_42321.yml
rename to rules/windows/builtin/msexchange/win_exchange_cve_2021_42321.yml
diff --git a/rules/windows/other/msexchange/win_exchange_proxylogon_oabvirtualdir.yml b/rules/windows/builtin/msexchange/win_exchange_proxylogon_oabvirtualdir.yml
similarity index 100%
rename from rules/windows/other/msexchange/win_exchange_proxylogon_oabvirtualdir.yml
rename to rules/windows/builtin/msexchange/win_exchange_proxylogon_oabvirtualdir.yml
diff --git a/rules/windows/other/msexchange/win_exchange_proxyshell_certificate_generation.yml b/rules/windows/builtin/msexchange/win_exchange_proxyshell_certificate_generation.yml
similarity index 100%
rename from rules/windows/other/msexchange/win_exchange_proxyshell_certificate_generation.yml
rename to rules/windows/builtin/msexchange/win_exchange_proxyshell_certificate_generation.yml
diff --git a/rules/windows/other/msexchange/win_exchange_proxyshell_mailbox_export.yml b/rules/windows/builtin/msexchange/win_exchange_proxyshell_mailbox_export.yml
similarity index 100%
rename from rules/windows/other/msexchange/win_exchange_proxyshell_mailbox_export.yml
rename to rules/windows/builtin/msexchange/win_exchange_proxyshell_mailbox_export.yml
diff --git a/rules/windows/other/msexchange/win_exchange_proxyshell_remove_mailbox_export.yml b/rules/windows/builtin/msexchange/win_exchange_proxyshell_remove_mailbox_export.yml
similarity index 100%
rename from rules/windows/other/msexchange/win_exchange_proxyshell_remove_mailbox_export.yml
rename to rules/windows/builtin/msexchange/win_exchange_proxyshell_remove_mailbox_export.yml
diff --git a/rules/windows/other/msexchange/win_exchange_transportagent.yml b/rules/windows/builtin/msexchange/win_exchange_transportagent.yml
similarity index 100%
rename from rules/windows/other/msexchange/win_exchange_transportagent.yml
rename to rules/windows/builtin/msexchange/win_exchange_transportagent.yml
diff --git a/rules/windows/other/msexchange/win_exchange_transportagent_failed.yml b/rules/windows/builtin/msexchange/win_exchange_transportagent_failed.yml
similarity index 100%
rename from rules/windows/other/msexchange/win_exchange_transportagent_failed.yml
rename to rules/windows/builtin/msexchange/win_exchange_transportagent_failed.yml
diff --git a/rules/windows/other/msexchange/win_set_oabvirtualdirectory_externalurl.yml b/rules/windows/builtin/msexchange/win_set_oabvirtualdirectory_externalurl.yml
similarity index 100%
rename from rules/windows/other/msexchange/win_set_oabvirtualdirectory_externalurl.yml
rename to rules/windows/builtin/msexchange/win_set_oabvirtualdirectory_externalurl.yml
diff --git a/rules/windows/other/ntlm/win_susp_ntlm_auth.yml b/rules/windows/builtin/ntlm/win_susp_ntlm_auth.yml
similarity index 100%
rename from rules/windows/other/ntlm/win_susp_ntlm_auth.yml
rename to rules/windows/builtin/ntlm/win_susp_ntlm_auth.yml
diff --git a/rules/windows/other/ntlm/win_susp_ntlm_rdp.yml b/rules/windows/builtin/ntlm/win_susp_ntlm_rdp.yml
similarity index 100%
rename from rules/windows/other/ntlm/win_susp_ntlm_rdp.yml
rename to rules/windows/builtin/ntlm/win_susp_ntlm_rdp.yml
diff --git a/rules/windows/other/printservice/win_exploit_cve_2021_1675_printspooler.yml b/rules/windows/builtin/printservice/win_exploit_cve_2021_1675_printspooler.yml
similarity index 100%
rename from rules/windows/other/printservice/win_exploit_cve_2021_1675_printspooler.yml
rename to rules/windows/builtin/printservice/win_exploit_cve_2021_1675_printspooler.yml
diff --git a/rules/windows/other/printservice/win_exploit_cve_2021_1675_printspooler_operational.yml b/rules/windows/builtin/printservice/win_exploit_cve_2021_1675_printspooler_operational.yml
similarity index 100%
rename from rules/windows/other/printservice/win_exploit_cve_2021_1675_printspooler_operational.yml
rename to rules/windows/builtin/printservice/win_exploit_cve_2021_1675_printspooler_operational.yml
diff --git a/rules/windows/other/servicebus/win_hybridconnectionmgr_svc_running.yml b/rules/windows/builtin/servicebus/win_hybridconnectionmgr_svc_running.yml
similarity index 100%
rename from rules/windows/other/servicebus/win_hybridconnectionmgr_svc_running.yml
rename to rules/windows/builtin/servicebus/win_hybridconnectionmgr_svc_running.yml
diff --git a/rules/windows/other/smbclient/win_susp_failed_guest_logon.yml b/rules/windows/builtin/smbclient/win_susp_failed_guest_logon.yml
similarity index 100%
rename from rules/windows/other/smbclient/win_susp_failed_guest_logon.yml
rename to rules/windows/builtin/smbclient/win_susp_failed_guest_logon.yml
diff --git a/rules/windows/other/taskscheduler/win_rare_schtask_creation.yml b/rules/windows/builtin/taskscheduler/win_rare_schtask_creation.yml
similarity index 100%
rename from rules/windows/other/taskscheduler/win_rare_schtask_creation.yml
rename to rules/windows/builtin/taskscheduler/win_rare_schtask_creation.yml
diff --git a/rules/windows/other/windefend/win_alert_lsass_access.yml b/rules/windows/builtin/windefend/win_alert_lsass_access.yml
similarity index 100%
rename from rules/windows/other/windefend/win_alert_lsass_access.yml
rename to rules/windows/builtin/windefend/win_alert_lsass_access.yml
diff --git a/rules/windows/other/windefend/win_defender_amsi_trigger.yml b/rules/windows/builtin/windefend/win_defender_amsi_trigger.yml
similarity index 100%
rename from rules/windows/other/windefend/win_defender_amsi_trigger.yml
rename to rules/windows/builtin/windefend/win_defender_amsi_trigger.yml
diff --git a/rules/windows/other/windefend/win_defender_disabled.yml b/rules/windows/builtin/windefend/win_defender_disabled.yml
similarity index 100%
rename from rules/windows/other/windefend/win_defender_disabled.yml
rename to rules/windows/builtin/windefend/win_defender_disabled.yml
diff --git a/rules/windows/other/windefend/win_defender_exclusions.yml b/rules/windows/builtin/windefend/win_defender_exclusions.yml
similarity index 100%
rename from rules/windows/other/windefend/win_defender_exclusions.yml
rename to rules/windows/builtin/windefend/win_defender_exclusions.yml
diff --git a/rules/windows/other/windefend/win_defender_history_delete.yml b/rules/windows/builtin/windefend/win_defender_history_delete.yml
similarity index 100%
rename from rules/windows/other/windefend/win_defender_history_delete.yml
rename to rules/windows/builtin/windefend/win_defender_history_delete.yml
diff --git a/rules/windows/other/windefend/win_defender_psexec_wmi_asr.yml b/rules/windows/builtin/windefend/win_defender_psexec_wmi_asr.yml
similarity index 100%
rename from rules/windows/other/windefend/win_defender_psexec_wmi_asr.yml
rename to rules/windows/builtin/windefend/win_defender_psexec_wmi_asr.yml
diff --git a/rules/windows/other/windefend/win_defender_tamper_protection_trigger.yml b/rules/windows/builtin/windefend/win_defender_tamper_protection_trigger.yml
similarity index 100%
rename from rules/windows/other/windefend/win_defender_tamper_protection_trigger.yml
rename to rules/windows/builtin/windefend/win_defender_tamper_protection_trigger.yml
diff --git a/rules/windows/other/windefend/win_defender_threat.yml b/rules/windows/builtin/windefend/win_defender_threat.yml
similarity index 100%
rename from rules/windows/other/windefend/win_defender_threat.yml
rename to rules/windows/builtin/windefend/win_defender_threat.yml
diff --git a/rules/windows/other/wmi/win_wmi_persistence.yml b/rules/windows/builtin/wmi/win_wmi_persistence.yml
similarity index 100%
rename from rules/windows/other/wmi/win_wmi_persistence.yml
rename to rules/windows/builtin/wmi/win_wmi_persistence.yml