From c58ee2f7f8b75d5dcc70b92c9f0e3414419154ae Mon Sep 17 00:00:00 2001
From: Marco Pedrinazzi <marcopedrinazzi.mp@gmail.com>
Date: Mon, 20 Apr 2026 14:44:21 +0200
Subject: [PATCH] Merge PR #5938 from @marcopedrinazzi - Fix file extension
 from .yaml to .yml for consistency

chore: changed extension from yaml to yml for certain files

---------

Co-authored-by: Nasreddine Bencherchali <monsteroffire2@gmail.com>
---
 ..._nmap_fin_scan.yaml => opencanary_portscan_nmap_fin_scan.yml} | 0
 ...map_null_scan.yaml => opencanary_portscan_nmap_null_scan.yml} | 0
 ...an_nmap_os_scan.yaml => opencanary_portscan_nmap_os_scan.yml} | 0
 ...map_xmas_scan.yaml => opencanary_portscan_nmap_xmas_scan.yml} | 0
 ...y_portscan_syn_scan.yaml => opencanary_portscan_syn_scan.yml} | 0
 ...ection_attempt.yaml => opencanary_rdp_connection_attempt.yml} | 1 +
 6 files changed, 1 insertion(+)
 rename rules/application/opencanary/{opencanary_portscan_nmap_fin_scan.yaml => opencanary_portscan_nmap_fin_scan.yml} (100%)
 rename rules/application/opencanary/{opencanary_portscan_nmap_null_scan.yaml => opencanary_portscan_nmap_null_scan.yml} (100%)
 rename rules/application/opencanary/{opencanary_portscan_nmap_os_scan.yaml => opencanary_portscan_nmap_os_scan.yml} (100%)
 rename rules/application/opencanary/{opencanary_portscan_nmap_xmas_scan.yaml => opencanary_portscan_nmap_xmas_scan.yml} (100%)
 rename rules/application/opencanary/{opencanary_portscan_syn_scan.yaml => opencanary_portscan_syn_scan.yml} (100%)
 rename rules/application/opencanary/{opencanary_rdp_connection_attempt.yaml => opencanary_rdp_connection_attempt.yml} (96%)

diff --git a/rules/application/opencanary/opencanary_portscan_nmap_fin_scan.yaml b/rules/application/opencanary/opencanary_portscan_nmap_fin_scan.yml
similarity index 100%
rename from rules/application/opencanary/opencanary_portscan_nmap_fin_scan.yaml
rename to rules/application/opencanary/opencanary_portscan_nmap_fin_scan.yml
diff --git a/rules/application/opencanary/opencanary_portscan_nmap_null_scan.yaml b/rules/application/opencanary/opencanary_portscan_nmap_null_scan.yml
similarity index 100%
rename from rules/application/opencanary/opencanary_portscan_nmap_null_scan.yaml
rename to rules/application/opencanary/opencanary_portscan_nmap_null_scan.yml
diff --git a/rules/application/opencanary/opencanary_portscan_nmap_os_scan.yaml b/rules/application/opencanary/opencanary_portscan_nmap_os_scan.yml
similarity index 100%
rename from rules/application/opencanary/opencanary_portscan_nmap_os_scan.yaml
rename to rules/application/opencanary/opencanary_portscan_nmap_os_scan.yml
diff --git a/rules/application/opencanary/opencanary_portscan_nmap_xmas_scan.yaml b/rules/application/opencanary/opencanary_portscan_nmap_xmas_scan.yml
similarity index 100%
rename from rules/application/opencanary/opencanary_portscan_nmap_xmas_scan.yaml
rename to rules/application/opencanary/opencanary_portscan_nmap_xmas_scan.yml
diff --git a/rules/application/opencanary/opencanary_portscan_syn_scan.yaml b/rules/application/opencanary/opencanary_portscan_syn_scan.yml
similarity index 100%
rename from rules/application/opencanary/opencanary_portscan_syn_scan.yaml
rename to rules/application/opencanary/opencanary_portscan_syn_scan.yml
diff --git a/rules/application/opencanary/opencanary_rdp_connection_attempt.yaml b/rules/application/opencanary/opencanary_rdp_connection_attempt.yml
similarity index 96%
rename from rules/application/opencanary/opencanary_rdp_connection_attempt.yaml
rename to rules/application/opencanary/opencanary_rdp_connection_attempt.yml
index e0e65f33f..04705cfab 100644
--- a/rules/application/opencanary/opencanary_rdp_connection_attempt.yaml
+++ b/rules/application/opencanary/opencanary_rdp_connection_attempt.yml
@@ -10,6 +10,7 @@ date: 2026-01-06
 tags:
     - attack.initial-access
     - attack.lateral-movement
+    - attack.persistence
     - attack.t1133
     - attack.t1021.001
 logsource: