From 0e2eb5a84ceed252b5fafebf64fd5eb97d3074de Mon Sep 17 00:00:00 2001 From: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com> Date: Tue, 2 Apr 2024 21:33:18 +0530 Subject: [PATCH] Fix minstack version for O365 prod rules (#3565) --- .../o365/collection_microsoft_365_new_inbox_rule.toml | 6 +++--- ...ss_microsoft_365_brute_force_user_account_attempt.toml | 6 +++--- ..._microsoft_365_potential_password_spraying_attack.toml | 6 +++--- ...credential_access_user_excessive_sso_logon_errors.toml | 6 +++--- ...evasion_microsoft_365_exchange_dlp_policy_removed.toml | 6 +++--- ...osoft_365_exchange_malware_filter_policy_deletion.toml | 6 +++--- ...on_microsoft_365_exchange_malware_filter_rule_mod.toml | 6 +++--- ..._microsoft_365_exchange_safe_attach_rule_disabled.toml | 6 +++--- ...asion_microsoft_365_mailboxauditbypassassociation.toml | 6 +++--- ...on_microsoft_365_exchange_transport_rule_creation.toml | 6 +++--- ...tration_microsoft_365_exchange_transport_rule_mod.toml | 6 +++--- ...mpact_microsoft_365_potential_ransomware_activity.toml | 6 +++--- ...act_microsoft_365_unusual_volume_of_file_deletion.toml | 6 +++--- ...initial_access_microsoft_365_abnormal_clientappid.toml | 8 ++++---- ...microsoft_365_exchange_anti_phish_policy_deletion.toml | 6 +++--- ...access_microsoft_365_exchange_anti_phish_rule_mod.toml | 6 +++--- ..._access_microsoft_365_exchange_safelinks_disabled.toml | 6 +++--- ..._microsoft_365_user_restricted_from_sending_email.toml | 6 +++--- .../initial_access_o365_user_reported_phish_malware.toml | 6 +++--- .../o365/lateral_movement_malware_uploaded_onedrive.toml | 6 +++--- .../lateral_movement_malware_uploaded_sharepoint.toml | 6 +++--- ...ence_exchange_suspicious_mailbox_right_delegation.toml | 6 +++--- ...crosoft_365_exchange_dkim_signing_config_disabled.toml | 6 +++--- ...microsoft_365_exchange_management_role_assignment.toml | 6 +++--- ...ce_microsoft_365_global_administrator_role_assign.toml | 6 +++--- ...icrosoft_365_teams_custom_app_interaction_allowed.toml | 6 +++--- ...tence_microsoft_365_teams_external_access_enabled.toml | 6 +++--- ...sistence_microsoft_365_teams_guest_access_enabled.toml | 6 +++--- ...lege_escalation_new_or_modified_federation_domain.toml | 6 +++--- 29 files changed, 88 insertions(+), 88 deletions(-) diff --git a/rules/integrations/o365/collection_microsoft_365_new_inbox_rule.toml b/rules/integrations/o365/collection_microsoft_365_new_inbox_rule.toml index bae3ada03..332e71150 100644 --- a/rules/integrations/o365/collection_microsoft_365_new_inbox_rule.toml +++ b/rules/integrations/o365/collection_microsoft_365_new_inbox_rule.toml @@ -2,9 +2,9 @@ creation_date = "2021/03/29" integration = ["o365"] maturity = "production" -min_stack_comments = "New fields added: required_fields, related_integrations, setup" -min_stack_version = "8.3.0" -updated_date = "2023/06/22" +min_stack_comments = "Breaking change at 8.8.0 for Microsoft 365 Integration." +min_stack_version = "8.8.0" +updated_date = "2024/04/02" [rule] author = ["Elastic", "Gary Blackwell", "Austin Songer"] diff --git a/rules/integrations/o365/credential_access_microsoft_365_brute_force_user_account_attempt.toml b/rules/integrations/o365/credential_access_microsoft_365_brute_force_user_account_attempt.toml index af19258bd..862240ebb 100644 --- a/rules/integrations/o365/credential_access_microsoft_365_brute_force_user_account_attempt.toml +++ b/rules/integrations/o365/credential_access_microsoft_365_brute_force_user_account_attempt.toml @@ -2,9 +2,9 @@ creation_date = "2020/11/30" integration = ["o365"] maturity = "production" -min_stack_comments = "New fields added: required_fields, related_integrations, setup" -min_stack_version = "8.3.0" -updated_date = "2024/01/17" +min_stack_comments = "Breaking change at 8.8.0 for Microsoft 365 Integration." +min_stack_version = "8.8.0" +updated_date = "2024/04/02" [rule] author = ["Elastic", "Willem D'Haese", "Austin Songer"] diff --git a/rules/integrations/o365/credential_access_microsoft_365_potential_password_spraying_attack.toml b/rules/integrations/o365/credential_access_microsoft_365_potential_password_spraying_attack.toml index cca4ae142..b709ca3de 100644 --- a/rules/integrations/o365/credential_access_microsoft_365_potential_password_spraying_attack.toml +++ b/rules/integrations/o365/credential_access_microsoft_365_potential_password_spraying_attack.toml @@ -2,9 +2,9 @@ creation_date = "2020/12/01" integration = ["o365"] maturity = "production" -min_stack_comments = "New fields added: required_fields, related_integrations, setup" -min_stack_version = "8.3.0" -updated_date = "2024/01/05" +min_stack_comments = "Breaking change at 8.8.0 for Microsoft 365 Integration." +min_stack_version = "8.8.0" +updated_date = "2024/04/02" [rule] author = ["Elastic"] diff --git a/rules/integrations/o365/credential_access_user_excessive_sso_logon_errors.toml b/rules/integrations/o365/credential_access_user_excessive_sso_logon_errors.toml index 58de8ee11..58d24cb04 100644 --- a/rules/integrations/o365/credential_access_user_excessive_sso_logon_errors.toml +++ b/rules/integrations/o365/credential_access_user_excessive_sso_logon_errors.toml @@ -2,9 +2,9 @@ creation_date = "2021/05/17" integration = ["o365"] maturity = "production" -min_stack_comments = "New fields added: required_fields, related_integrations, setup" -min_stack_version = "8.3.0" -updated_date = "2024/01/05" +min_stack_comments = "Breaking change at 8.8.0 for Microsoft 365 Integration." +min_stack_version = "8.8.0" +updated_date = "2024/04/02" [rule] author = ["Elastic", "Austin Songer"] diff --git a/rules/integrations/o365/defense_evasion_microsoft_365_exchange_dlp_policy_removed.toml b/rules/integrations/o365/defense_evasion_microsoft_365_exchange_dlp_policy_removed.toml index c418c04f6..8f99baefd 100644 --- a/rules/integrations/o365/defense_evasion_microsoft_365_exchange_dlp_policy_removed.toml +++ b/rules/integrations/o365/defense_evasion_microsoft_365_exchange_dlp_policy_removed.toml @@ -2,9 +2,9 @@ creation_date = "2020/11/20" integration = ["o365"] maturity = "production" -min_stack_comments = "New fields added: required_fields, related_integrations, setup" -min_stack_version = "8.3.0" -updated_date = "2023/06/22" +min_stack_comments = "Breaking change at 8.8.0 for Microsoft 365 Integration." +min_stack_version = "8.8.0" +updated_date = "2024/04/02" [rule] author = ["Elastic"] diff --git a/rules/integrations/o365/defense_evasion_microsoft_365_exchange_malware_filter_policy_deletion.toml b/rules/integrations/o365/defense_evasion_microsoft_365_exchange_malware_filter_policy_deletion.toml index f0147f15d..c160e5ed5 100644 --- a/rules/integrations/o365/defense_evasion_microsoft_365_exchange_malware_filter_policy_deletion.toml +++ b/rules/integrations/o365/defense_evasion_microsoft_365_exchange_malware_filter_policy_deletion.toml @@ -2,9 +2,9 @@ creation_date = "2020/11/19" integration = ["o365"] maturity = "production" -min_stack_comments = "New fields added: required_fields, related_integrations, setup" -min_stack_version = "8.3.0" -updated_date = "2023/06/22" +min_stack_comments = "Breaking change at 8.8.0 for Microsoft 365 Integration." +min_stack_version = "8.8.0" +updated_date = "2024/04/02" [rule] author = ["Elastic"] diff --git a/rules/integrations/o365/defense_evasion_microsoft_365_exchange_malware_filter_rule_mod.toml b/rules/integrations/o365/defense_evasion_microsoft_365_exchange_malware_filter_rule_mod.toml index 3c1f78020..b7384af5a 100644 --- a/rules/integrations/o365/defense_evasion_microsoft_365_exchange_malware_filter_rule_mod.toml +++ b/rules/integrations/o365/defense_evasion_microsoft_365_exchange_malware_filter_rule_mod.toml @@ -2,9 +2,9 @@ creation_date = "2020/11/19" integration = ["o365"] maturity = "production" -min_stack_comments = "New fields added: required_fields, related_integrations, setup" -min_stack_version = "8.3.0" -updated_date = "2023/06/22" +min_stack_comments = "Breaking change at 8.8.0 for Microsoft 365 Integration." +min_stack_version = "8.8.0" +updated_date = "2024/04/02" [rule] author = ["Elastic"] diff --git a/rules/integrations/o365/defense_evasion_microsoft_365_exchange_safe_attach_rule_disabled.toml b/rules/integrations/o365/defense_evasion_microsoft_365_exchange_safe_attach_rule_disabled.toml index f4cdcd126..df89e34c0 100644 --- a/rules/integrations/o365/defense_evasion_microsoft_365_exchange_safe_attach_rule_disabled.toml +++ b/rules/integrations/o365/defense_evasion_microsoft_365_exchange_safe_attach_rule_disabled.toml @@ -2,9 +2,9 @@ creation_date = "2020/11/19" integration = ["o365"] maturity = "production" -min_stack_comments = "New fields added: required_fields, related_integrations, setup" -min_stack_version = "8.3.0" -updated_date = "2023/06/22" +min_stack_comments = "Breaking change at 8.8.0 for Microsoft 365 Integration." +min_stack_version = "8.8.0" +updated_date = "2024/04/02" [rule] author = ["Elastic"] diff --git a/rules/integrations/o365/defense_evasion_microsoft_365_mailboxauditbypassassociation.toml b/rules/integrations/o365/defense_evasion_microsoft_365_mailboxauditbypassassociation.toml index 38bd2cf8f..147b3d4a3 100644 --- a/rules/integrations/o365/defense_evasion_microsoft_365_mailboxauditbypassassociation.toml +++ b/rules/integrations/o365/defense_evasion_microsoft_365_mailboxauditbypassassociation.toml @@ -2,9 +2,9 @@ creation_date = "2022/01/13" integration = ["o365"] maturity = "production" -min_stack_comments = "New fields added: required_fields, related_integrations, setup" -min_stack_version = "8.3.0" -updated_date = "2023/06/22" +min_stack_comments = "Breaking change at 8.8.0 for Microsoft 365 Integration." +min_stack_version = "8.8.0" +updated_date = "2024/04/02" [rule] author = ["Elastic"] diff --git a/rules/integrations/o365/exfiltration_microsoft_365_exchange_transport_rule_creation.toml b/rules/integrations/o365/exfiltration_microsoft_365_exchange_transport_rule_creation.toml index 7eab6e482..4cb6fe52e 100644 --- a/rules/integrations/o365/exfiltration_microsoft_365_exchange_transport_rule_creation.toml +++ b/rules/integrations/o365/exfiltration_microsoft_365_exchange_transport_rule_creation.toml @@ -2,9 +2,9 @@ creation_date = "2020/11/18" integration = ["o365"] maturity = "production" -min_stack_comments = "New fields added: required_fields, related_integrations, setup" -min_stack_version = "8.3.0" -updated_date = "2023/06/22" +min_stack_comments = "Breaking change at 8.8.0 for Microsoft 365 Integration." +min_stack_version = "8.8.0" +updated_date = "2024/04/02" [rule] author = ["Elastic"] diff --git a/rules/integrations/o365/exfiltration_microsoft_365_exchange_transport_rule_mod.toml b/rules/integrations/o365/exfiltration_microsoft_365_exchange_transport_rule_mod.toml index ede1ab7c7..b765b5575 100644 --- a/rules/integrations/o365/exfiltration_microsoft_365_exchange_transport_rule_mod.toml +++ b/rules/integrations/o365/exfiltration_microsoft_365_exchange_transport_rule_mod.toml @@ -2,9 +2,9 @@ creation_date = "2020/11/19" integration = ["o365"] maturity = "production" -min_stack_comments = "New fields added: required_fields, related_integrations, setup" -min_stack_version = "8.3.0" -updated_date = "2023/06/22" +min_stack_comments = "Breaking change at 8.8.0 for Microsoft 365 Integration." +min_stack_version = "8.8.0" +updated_date = "2024/04/02" [rule] author = ["Elastic"] diff --git a/rules/integrations/o365/impact_microsoft_365_potential_ransomware_activity.toml b/rules/integrations/o365/impact_microsoft_365_potential_ransomware_activity.toml index e4406be07..d562df516 100644 --- a/rules/integrations/o365/impact_microsoft_365_potential_ransomware_activity.toml +++ b/rules/integrations/o365/impact_microsoft_365_potential_ransomware_activity.toml @@ -2,9 +2,9 @@ creation_date = "2021/07/15" integration = ["o365"] maturity = "production" -min_stack_comments = "New fields added: required_fields, related_integrations, setup" -min_stack_version = "8.3.0" -updated_date = "2023/06/22" +min_stack_comments = "Breaking change at 8.8.0 for Microsoft 365 Integration." +min_stack_version = "8.8.0" +updated_date = "2024/04/02" [rule] author = ["Austin Songer"] diff --git a/rules/integrations/o365/impact_microsoft_365_unusual_volume_of_file_deletion.toml b/rules/integrations/o365/impact_microsoft_365_unusual_volume_of_file_deletion.toml index 86638000c..288995e6a 100644 --- a/rules/integrations/o365/impact_microsoft_365_unusual_volume_of_file_deletion.toml +++ b/rules/integrations/o365/impact_microsoft_365_unusual_volume_of_file_deletion.toml @@ -2,9 +2,9 @@ creation_date = "2021/07/15" integration = ["o365"] maturity = "production" -min_stack_comments = "New fields added: required_fields, related_integrations, setup" -min_stack_version = "8.3.0" -updated_date = "2023/06/22" +min_stack_comments = "Breaking change at 8.8.0 for Microsoft 365 Integration." +min_stack_version = "8.8.0" +updated_date = "2024/04/02" [rule] author = ["Austin Songer"] diff --git a/rules/integrations/o365/initial_access_microsoft_365_abnormal_clientappid.toml b/rules/integrations/o365/initial_access_microsoft_365_abnormal_clientappid.toml index df836da58..35c80c20d 100644 --- a/rules/integrations/o365/initial_access_microsoft_365_abnormal_clientappid.toml +++ b/rules/integrations/o365/initial_access_microsoft_365_abnormal_clientappid.toml @@ -1,10 +1,10 @@ [metadata] creation_date = "2023/07/18" -maturity = "production" -min_stack_comments = "New fields added: required_fields, related_integrations, setup, New Term" -min_stack_version = "8.6.0" integration = ["o365"] -updated_date = "2023/07/18" +maturity = "production" +min_stack_comments = "Breaking change at 8.8.0 for Microsoft 365 Integration." +min_stack_version = "8.8.0" +updated_date = "2024/04/02" [rule] author = ["Elastic"] diff --git a/rules/integrations/o365/initial_access_microsoft_365_exchange_anti_phish_policy_deletion.toml b/rules/integrations/o365/initial_access_microsoft_365_exchange_anti_phish_policy_deletion.toml index ecd641404..c08ab9f66 100644 --- a/rules/integrations/o365/initial_access_microsoft_365_exchange_anti_phish_policy_deletion.toml +++ b/rules/integrations/o365/initial_access_microsoft_365_exchange_anti_phish_policy_deletion.toml @@ -2,9 +2,9 @@ creation_date = "2020/11/19" integration = ["o365"] maturity = "production" -min_stack_comments = "New fields added: required_fields, related_integrations, setup" -min_stack_version = "8.3.0" -updated_date = "2023/06/22" +min_stack_comments = "Breaking change at 8.8.0 for Microsoft 365 Integration." +min_stack_version = "8.8.0" +updated_date = "2024/04/02" [rule] author = ["Elastic"] diff --git a/rules/integrations/o365/initial_access_microsoft_365_exchange_anti_phish_rule_mod.toml b/rules/integrations/o365/initial_access_microsoft_365_exchange_anti_phish_rule_mod.toml index 665552860..61782f361 100644 --- a/rules/integrations/o365/initial_access_microsoft_365_exchange_anti_phish_rule_mod.toml +++ b/rules/integrations/o365/initial_access_microsoft_365_exchange_anti_phish_rule_mod.toml @@ -2,9 +2,9 @@ creation_date = "2020/11/19" integration = ["o365"] maturity = "production" -min_stack_comments = "New fields added: required_fields, related_integrations, setup" -min_stack_version = "8.3.0" -updated_date = "2023/06/22" +min_stack_comments = "Breaking change at 8.8.0 for Microsoft 365 Integration." +min_stack_version = "8.8.0" +updated_date = "2024/04/02" [rule] author = ["Elastic"] diff --git a/rules/integrations/o365/initial_access_microsoft_365_exchange_safelinks_disabled.toml b/rules/integrations/o365/initial_access_microsoft_365_exchange_safelinks_disabled.toml index b9f3ff185..a9b2dd6b3 100644 --- a/rules/integrations/o365/initial_access_microsoft_365_exchange_safelinks_disabled.toml +++ b/rules/integrations/o365/initial_access_microsoft_365_exchange_safelinks_disabled.toml @@ -2,9 +2,9 @@ creation_date = "2020/11/18" integration = ["o365"] maturity = "production" -min_stack_comments = "New fields added: required_fields, related_integrations, setup" -min_stack_version = "8.3.0" -updated_date = "2023/06/22" +min_stack_comments = "Breaking change at 8.8.0 for Microsoft 365 Integration." +min_stack_version = "8.8.0" +updated_date = "2024/04/02" [rule] author = ["Elastic"] diff --git a/rules/integrations/o365/initial_access_microsoft_365_user_restricted_from_sending_email.toml b/rules/integrations/o365/initial_access_microsoft_365_user_restricted_from_sending_email.toml index 5841c41a3..0453d71ad 100644 --- a/rules/integrations/o365/initial_access_microsoft_365_user_restricted_from_sending_email.toml +++ b/rules/integrations/o365/initial_access_microsoft_365_user_restricted_from_sending_email.toml @@ -2,9 +2,9 @@ creation_date = "2021/07/15" integration = ["o365"] maturity = "production" -min_stack_comments = "New fields added: required_fields, related_integrations, setup" -min_stack_version = "8.3.0" -updated_date = "2023/06/22" +min_stack_comments = "Breaking change at 8.8.0 for Microsoft 365 Integration." +min_stack_version = "8.8.0" +updated_date = "2024/04/02" [rule] author = ["Austin Songer"] diff --git a/rules/integrations/o365/initial_access_o365_user_reported_phish_malware.toml b/rules/integrations/o365/initial_access_o365_user_reported_phish_malware.toml index b90856dfa..90c76c255 100644 --- a/rules/integrations/o365/initial_access_o365_user_reported_phish_malware.toml +++ b/rules/integrations/o365/initial_access_o365_user_reported_phish_malware.toml @@ -2,9 +2,9 @@ creation_date = "2022/01/12" integration = ["o365"] maturity = "production" -min_stack_comments = "New fields added: required_fields, related_integrations, setup" -min_stack_version = "8.3.0" -updated_date = "2023/06/22" +min_stack_comments = "Breaking change at 8.8.0 for Microsoft 365 Integration." +min_stack_version = "8.8.0" +updated_date = "2024/04/02" [rule] author = ["Elastic"] diff --git a/rules/integrations/o365/lateral_movement_malware_uploaded_onedrive.toml b/rules/integrations/o365/lateral_movement_malware_uploaded_onedrive.toml index 858fec97b..52de44169 100644 --- a/rules/integrations/o365/lateral_movement_malware_uploaded_onedrive.toml +++ b/rules/integrations/o365/lateral_movement_malware_uploaded_onedrive.toml @@ -2,9 +2,9 @@ creation_date = "2022/01/10" integration = ["o365"] maturity = "production" -min_stack_comments = "New fields added: required_fields, related_integrations, setup" -min_stack_version = "8.3.0" -updated_date = "2023/06/22" +min_stack_comments = "Breaking change at 8.8.0 for Microsoft 365 Integration." +min_stack_version = "8.8.0" +updated_date = "2024/04/02" [rule] author = ["Elastic"] diff --git a/rules/integrations/o365/lateral_movement_malware_uploaded_sharepoint.toml b/rules/integrations/o365/lateral_movement_malware_uploaded_sharepoint.toml index 6cfc929ce..480d23d76 100644 --- a/rules/integrations/o365/lateral_movement_malware_uploaded_sharepoint.toml +++ b/rules/integrations/o365/lateral_movement_malware_uploaded_sharepoint.toml @@ -2,9 +2,9 @@ creation_date = "2022/01/10" integration = ["o365"] maturity = "production" -min_stack_comments = "New fields added: required_fields, related_integrations, setup" -min_stack_version = "8.3.0" -updated_date = "2023/06/22" +min_stack_comments = "Breaking change at 8.8.0 for Microsoft 365 Integration." +min_stack_version = "8.8.0" +updated_date = "2024/04/02" [rule] author = ["Elastic"] diff --git a/rules/integrations/o365/persistence_exchange_suspicious_mailbox_right_delegation.toml b/rules/integrations/o365/persistence_exchange_suspicious_mailbox_right_delegation.toml index 72fb548f5..e62ba72b5 100644 --- a/rules/integrations/o365/persistence_exchange_suspicious_mailbox_right_delegation.toml +++ b/rules/integrations/o365/persistence_exchange_suspicious_mailbox_right_delegation.toml @@ -2,9 +2,9 @@ creation_date = "2021/05/17" integration = ["o365"] maturity = "production" -min_stack_comments = "New fields added: required_fields, related_integrations, setup" -min_stack_version = "8.3.0" -updated_date = "2023/06/22" +min_stack_comments = "Breaking change at 8.8.0 for Microsoft 365 Integration." +min_stack_version = "8.8.0" +updated_date = "2024/04/02" [rule] author = ["Elastic", "Austin Songer"] diff --git a/rules/integrations/o365/persistence_microsoft_365_exchange_dkim_signing_config_disabled.toml b/rules/integrations/o365/persistence_microsoft_365_exchange_dkim_signing_config_disabled.toml index d441a433a..daf801209 100644 --- a/rules/integrations/o365/persistence_microsoft_365_exchange_dkim_signing_config_disabled.toml +++ b/rules/integrations/o365/persistence_microsoft_365_exchange_dkim_signing_config_disabled.toml @@ -2,9 +2,9 @@ creation_date = "2020/11/18" integration = ["o365"] maturity = "production" -min_stack_comments = "New fields added: required_fields, related_integrations, setup" -min_stack_version = "8.3.0" -updated_date = "2023/06/22" +min_stack_comments = "Breaking change at 8.8.0 for Microsoft 365 Integration." +min_stack_version = "8.8.0" +updated_date = "2024/04/02" [rule] author = ["Elastic"] diff --git a/rules/integrations/o365/persistence_microsoft_365_exchange_management_role_assignment.toml b/rules/integrations/o365/persistence_microsoft_365_exchange_management_role_assignment.toml index 33a666d14..d3c597049 100644 --- a/rules/integrations/o365/persistence_microsoft_365_exchange_management_role_assignment.toml +++ b/rules/integrations/o365/persistence_microsoft_365_exchange_management_role_assignment.toml @@ -2,9 +2,9 @@ creation_date = "2020/11/20" integration = ["o365"] maturity = "production" -min_stack_comments = "New fields added: required_fields, related_integrations, setup" -min_stack_version = "8.3.0" -updated_date = "2023/06/22" +min_stack_comments = "Breaking change at 8.8.0 for Microsoft 365 Integration." +min_stack_version = "8.8.0" +updated_date = "2024/04/02" [rule] author = ["Elastic"] diff --git a/rules/integrations/o365/persistence_microsoft_365_global_administrator_role_assign.toml b/rules/integrations/o365/persistence_microsoft_365_global_administrator_role_assign.toml index 336accf9d..94cfa6187 100644 --- a/rules/integrations/o365/persistence_microsoft_365_global_administrator_role_assign.toml +++ b/rules/integrations/o365/persistence_microsoft_365_global_administrator_role_assign.toml @@ -2,9 +2,9 @@ creation_date = "2022/01/06" integration = ["o365"] maturity = "production" -min_stack_comments = "New fields added: required_fields, related_integrations, setup" -min_stack_version = "8.3.0" -updated_date = "2023/06/22" +min_stack_comments = "Breaking change at 8.8.0 for Microsoft 365 Integration." +min_stack_version = "8.8.0" +updated_date = "2024/04/02" [rule] author = ["Elastic"] diff --git a/rules/integrations/o365/persistence_microsoft_365_teams_custom_app_interaction_allowed.toml b/rules/integrations/o365/persistence_microsoft_365_teams_custom_app_interaction_allowed.toml index e0b4b1af4..e4a143449 100644 --- a/rules/integrations/o365/persistence_microsoft_365_teams_custom_app_interaction_allowed.toml +++ b/rules/integrations/o365/persistence_microsoft_365_teams_custom_app_interaction_allowed.toml @@ -2,9 +2,9 @@ creation_date = "2020/11/30" integration = ["o365"] maturity = "production" -min_stack_comments = "New fields added: required_fields, related_integrations, setup" -min_stack_version = "8.3.0" -updated_date = "2023/06/22" +min_stack_comments = "Breaking change at 8.8.0 for Microsoft 365 Integration." +min_stack_version = "8.8.0" +updated_date = "2024/04/02" [rule] author = ["Elastic"] diff --git a/rules/integrations/o365/persistence_microsoft_365_teams_external_access_enabled.toml b/rules/integrations/o365/persistence_microsoft_365_teams_external_access_enabled.toml index a263a54f6..a5288bc40 100644 --- a/rules/integrations/o365/persistence_microsoft_365_teams_external_access_enabled.toml +++ b/rules/integrations/o365/persistence_microsoft_365_teams_external_access_enabled.toml @@ -2,9 +2,9 @@ creation_date = "2020/11/30" integration = ["o365"] maturity = "production" -min_stack_comments = "New fields added: required_fields, related_integrations, setup" -min_stack_version = "8.3.0" -updated_date = "2023/06/22" +min_stack_comments = "Breaking change at 8.8.0 for Microsoft 365 Integration." +min_stack_version = "8.8.0" +updated_date = "2024/04/02" [rule] author = ["Elastic"] diff --git a/rules/integrations/o365/persistence_microsoft_365_teams_guest_access_enabled.toml b/rules/integrations/o365/persistence_microsoft_365_teams_guest_access_enabled.toml index da3379715..03d0fdbd6 100644 --- a/rules/integrations/o365/persistence_microsoft_365_teams_guest_access_enabled.toml +++ b/rules/integrations/o365/persistence_microsoft_365_teams_guest_access_enabled.toml @@ -2,9 +2,9 @@ creation_date = "2020/11/20" integration = ["o365"] maturity = "production" -min_stack_comments = "New fields added: required_fields, related_integrations, setup" -min_stack_version = "8.3.0" -updated_date = "2023/06/22" +min_stack_comments = "Breaking change at 8.8.0 for Microsoft 365 Integration." +min_stack_version = "8.8.0" +updated_date = "2024/04/02" [rule] author = ["Elastic"] diff --git a/rules/integrations/o365/privilege_escalation_new_or_modified_federation_domain.toml b/rules/integrations/o365/privilege_escalation_new_or_modified_federation_domain.toml index 41046f826..7cc85cff0 100644 --- a/rules/integrations/o365/privilege_escalation_new_or_modified_federation_domain.toml +++ b/rules/integrations/o365/privilege_escalation_new_or_modified_federation_domain.toml @@ -2,9 +2,9 @@ creation_date = "2021/05/17" integration = ["o365"] maturity = "production" -min_stack_comments = "New fields added: required_fields, related_integrations, setup" -min_stack_version = "8.3.0" -updated_date = "2023/06/22" +min_stack_comments = "Breaking change at 8.8.0 for Microsoft 365 Integration." +min_stack_version = "8.8.0" +updated_date = "2024/04/02" [rule] author = ["Austin Songer"]