min_stack all rules to 8.3 (#2259)

* min_stack all rules to 8.3 * bump date Co-authored-by: Mika Ayenson <mika.ayenson@elastic.co>
2022-08-24 10:38:49 -06:00
parent 023fbc7bbd
commit 46d5e37b76
689 changed files with 2198 additions and 999 deletions
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/02/18"
 maturity = "production"
-updated_date = "2021/07/13"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"

 [rule]
 author = ["Elastic"]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/02/18"
 maturity = "production"
-updated_date = "2021/07/13"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"

 [rule]
 author = ["Elastic"]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/02/18"
 maturity = "production"
-updated_date = "2021/07/13"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"

 [rule]
 author = ["Elastic"]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/02/18"
 maturity = "production"
-updated_date = "2021/07/13"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"

 [rule]
 author = ["Elastic"]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/12/21"
 maturity = "production"
-updated_date = "2022/03/31"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"

 [rule]
 author = ["Elastic"]
@@ -1,9 +1,9 @@
 [metadata]
 creation_date = "2021/07/14"
 maturity = "production"
-updated_date = "2022/02/28"
-min_stack_comments = "The field `event.agent_id_status` was not introduced until 7.14"
-min_stack_version = "7.15.0"
+updated_date = "2022/08/24"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"

 [rule]
 author = ["Elastic"]
@@ -1,9 +1,9 @@
 [metadata]
 creation_date = "2021/07/14"
 maturity = "production"
-updated_date = "2022/02/16"
-min_stack_comments = "The field `event.agent_id_status` was not introduced until 7.14"
-min_stack_version = "7.15.0"
+updated_date = "2022/08/24"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"

 [rule]
 author = ["Elastic"]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/11/03"
 maturity = "production"
-updated_date = "2022/03/31"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"

 [rule]
 author = ["Elastic"]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/05/04"
 maturity = "production"
-updated_date = "2022/05/16"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"

 [rule]
 author = ["Elastic"]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2022/05/23"
 maturity = "production"
-updated_date = "2022/07/18"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"

 [rule]
 author = ["Elastic"]
@@ -37,10 +39,10 @@ process where
 or
 /* service or systemctl used to stop Elastic Agent on Linux */
 (event.type == "end" and
-  (process.name : ("systemctl", "service") and 
+  (process.name : ("systemctl", "service") and
    process.args : "elastic-agent" and
-    process.args : "stop") 
-  or 
+    process.args : "stop")
+  or
  /* Unload Elastic Agent extension on MacOS */
  (process.name : "kextunload" and
    process.args : "com.apple.iokit.EndpointSecurity" and
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/11/03"
 maturity = "production"
-updated_date = "2022/03/31"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"

 [rule]
 author = ["Elastic"]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/12/20"
 maturity = "production"
-updated_date = "2022/03/31"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"

 [rule]
 author = ["Elastic"]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2021/09/29"
 maturity = "production"
-updated_date = "2022/03/31"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"

 [rule]
 author = ["Elastic"]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2021/01/12"
 maturity = "production"
-updated_date = "2022/07/05"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"

 [rule]
 author = ["Elastic"]
@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2021/01/13"
 maturity = "development"
-updated_date = "2022/03/31"
+updated_date = "2022/08/24"

 [rule]
 author = ["Elastic"]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/01/07"
 maturity = "production"
-updated_date = "2022/07/06"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"

 [rule]
 author = ["Elastic"]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2021/01/19"
 maturity = "production"
-updated_date = "2022/03/31"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"

 [rule]
 author = ["Elastic"]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2021/12/10"
 maturity = "production"
-updated_date = "2022/03/31"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"

 [rule]
 author = ["Elastic"]
@@ -1,9 +1,9 @@
 [metadata]
 creation_date = "2020/07/07"
 maturity = "production"
-updated_date = "2022/03/31"
-min_stack_comments = "Comprehensive timeline templates only available in 8.2+"
-min_stack_version = "8.2"
+updated_date = "2022/08/24"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"

 [rule]
 author = ["Elastic"]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/09/14"
 maturity = "production"
-updated_date = "2021/05/10"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"

 [rule]
 author = ["Elastic"]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/12/21"
 maturity = "production"
-updated_date = "2021/03/22"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"

 [rule]
 author = ["Elastic"]
@@ -31,19 +33,19 @@ timestamp_override = "event.ingested"
 type = "query"

 query = '''
-event.category:file and event.type:change and 
-  (file.name:pam_*.so or file.path:(/etc/pam.d/* or /private/etc/pam.d/*)) and 
+event.category:file and event.type:change and
+  (file.name:pam_*.so or file.path:(/etc/pam.d/* or /private/etc/pam.d/*)) and
  process.executable:
-    (* and 
-      not 
+    (* and
+      not
      (
-        /bin/yum or 
-        "/usr/sbin/pam-auth-update" or 
-        /usr/libexec/packagekitd or 
-        /usr/bin/dpkg or 
-        /usr/bin/vim or 
-        /usr/libexec/xpcproxy or 
-        /usr/bin/bsdtar or 
+        /bin/yum or
+        "/usr/sbin/pam-auth-update" or
+        /usr/libexec/packagekitd or
+        /usr/bin/dpkg or
+        /usr/bin/vim or
+        /usr/libexec/xpcproxy or
+        /usr/bin/bsdtar or
        /usr/local/bin/brew or
        /usr/bin/rsync or
        /usr/bin/yum or
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2021/01/19"
 maturity = "production"
-updated_date = "2021/08/03"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"

 [rule]
 author = ["Elastic"]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/12/22"
 maturity = "production"
-updated_date = "2022/05/04"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"

 [rule]
 author = ["Elastic"]
@@ -22,18 +24,18 @@ timestamp_override = "event.ingested"
 type = "query"

 query = '''
-event.category:file and event.type:(change or creation) and 
- file.name:("authorized_keys" or "authorized_keys2") and 
+event.category:file and event.type:(change or creation) and
+ file.name:("authorized_keys" or "authorized_keys2") and
 not process.executable:
-             (/Library/Developer/CommandLineTools/usr/bin/git or 
-              /usr/local/Cellar/maven/*/libexec/bin/mvn or 
-              /Library/Java/JavaVirtualMachines/jdk*.jdk/Contents/Home/bin/java or 
-              /usr/bin/vim or 
-              /usr/local/Cellar/coreutils/*/bin/gcat or 
+             (/Library/Developer/CommandLineTools/usr/bin/git or
+              /usr/local/Cellar/maven/*/libexec/bin/mvn or
+              /Library/Java/JavaVirtualMachines/jdk*.jdk/Contents/Home/bin/java or
+              /usr/bin/vim or
+              /usr/local/Cellar/coreutils/*/bin/gcat or
              /usr/bin/bsdtar or
-              /usr/bin/nautilus or 
+              /usr/bin/nautilus or
              /usr/bin/scp or
-              /usr/bin/touch or 
+              /usr/bin/touch or
              /var/lib/docker/* or
              /usr/bin/google_guest_agent)
 '''
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2021/01/26"
 maturity = "production"
-updated_date = "2021/03/03"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"

 [rule]
 author = ["Elastic"]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/04/23"
 maturity = "production"
-updated_date = "2021/03/10"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"

 [rule]
 author = ["Elastic"]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2021/02/03"
 maturity = "production"
-updated_date = "2021/03/03"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"

 [rule]
 author = ["Elastic"]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/04/13"
 maturity = "production"
-updated_date = "2021/03/03"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"

 [rule]
 author = ["Elastic"]
@@ -1,9 +1,9 @@
 [metadata]
 creation_date = "2021/11/24"
 maturity = "production"
-updated_date = "2022/02/16"
-min_stack_comments = "Threat index is ECS 1.11 compliant (8.0)."
-min_stack_version = "8.0"
+updated_date = "2022/08/24"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"

 [rule]
 author = ["Elastic"]
@@ -1,9 +1,9 @@
 [metadata]
 creation_date = "2021/04/21"
 maturity = "production"
-updated_date = "2022/02/16"
-min_stack_comments = "Threat intel module fields were updated from `threatintel.*` to `threat.*` in ECS 1.11 (7.16)."
-min_stack_version = "8.0"
+updated_date = "2022/08/24"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"

 [rule]
 author = ["Elastic"]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/06/10"
 maturity = "production"
-updated_date = "2021/07/20"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/07/16"
 maturity = "production"
-updated_date = "2022/07/19"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/06/04"
 maturity = "production"
-updated_date = "2022/07/19"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/07/21"
 maturity = "production"
-updated_date = "2021/07/20"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/07/06"
 maturity = "production"
-updated_date = "2022/07/14"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/05/26"
 maturity = "production"
-updated_date = "2022/07/22"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/06/10"
 maturity = "production"
-updated_date = "2022/07/22"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/06/15"
 maturity = "production"
-updated_date = "2022/07/22"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/06/26"
 maturity = "production"
-updated_date = "2022/07/14"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/06/16"
 maturity = "production"
-updated_date = "2021/07/20"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/06/15"
 maturity = "production"
-updated_date = "2022/07/22"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/05/26"
 maturity = "production"
-updated_date = "2021/07/20"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2021/07/19"
 maturity = "production"
-updated_date = "2021/10/01"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2021/07/19"
 maturity = "production"
-updated_date = "2021/10/01"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/05/28"
 maturity = "production"
-updated_date = "2021/07/20"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/05/27"
 maturity = "production"
-updated_date = "2021/07/20"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/05/21"
 maturity = "production"
-updated_date = "2021/07/20"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/06/09"
 maturity = "production"
-updated_date = "2022/03/11"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2021/05/05"
 maturity = "production"
-updated_date = "2021/07/20"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/06/24"
 maturity = "production"
-updated_date = "2022/07/14"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2021/04/22"
 maturity = "production"
-updated_date = "2021/07/20"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2021/06/06"
 maturity = "production"
-updated_date = "2022/07/05"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2021/06/29"
 maturity = "production"
-updated_date = "2022/07/05"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2021/10/17"
 maturity = "production"
-updated_date = "2022/07/05"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/06/10"
 maturity = "production"
-updated_date = "2022/07/22"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/05/18"
 maturity = "production"
-updated_date = "2022/07/22"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/05/20"
 maturity = "production"
-updated_date = "2022/07/14"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/06/05"
 maturity = "production"
-updated_date = "2021/07/20"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2021/08/27"
 maturity = "production"
-updated_date = "2022/02/28"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/05/26"
 maturity = "production"
-updated_date = "2022/07/19"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/05/21"
 maturity = "production"
-updated_date = "2021/07/20"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2021/06/05"
 maturity = "production"
-updated_date = "2021/07/20"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/05/21"
 maturity = "production"
-updated_date = "2022/04/07"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/05/20"
 maturity = "production"
-updated_date = "2021/07/20"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/06/11"
 maturity = "production"
-updated_date = "2022/07/22"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/07/02"
 maturity = "production"
-updated_date = "2022/04/20"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/07/06"
 maturity = "production"
-updated_date = "2022/07/14"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/07/13"
 maturity = "production"
-updated_date = "2022/07/14"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/07/13"
 maturity = "production"
-updated_date = "2022/07/14"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/07/13"
 maturity = "production"
-updated_date = "2022/07/14"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -42,7 +44,7 @@ of the source IP address.
 #### Possible investigation steps

 - Identify the user account involved and the action performed. Verify whether it should perform this kind of action.
-    - Examine the user identity in the `aws.cloudtrail.user_identity.arn` field and the access key ID in the 
+    - Examine the user identity in the `aws.cloudtrail.user_identity.arn` field and the access key ID in the
    `aws.cloudtrail.user_identity.access_key_id` field, which can help identify the precise user context.
    - The user agent details in the `user_agent.original` field may also indicate what kind of a client made the request.
 - Investigate other alerts associated with the user account during the past 48 hours.
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/07/13"
 maturity = "production"
-updated_date = "2022/07/14"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -42,7 +44,7 @@ of the source IP address.
 #### Possible investigation steps

 - Identify the user account involved and the action performed. Verify whether it should perform this kind of action.
-    - Examine the user identity in the `aws.cloudtrail.user_identity.arn` field and the access key ID in the 
+    - Examine the user identity in the `aws.cloudtrail.user_identity.arn` field and the access key ID in the
    `aws.cloudtrail.user_identity.access_key_id` field, which can help identify the precise user context.
    - The user agent details in the `user_agent.original` field may also indicate what kind of a client made the request.
 - Investigate other alerts associated with the user account during the past 48 hours.
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/07/13"
 maturity = "production"
-updated_date = "2022/07/14"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -41,7 +43,7 @@ user.
 #### Possible investigation steps

 - Identify the user account involved and the action performed. Verify whether it should perform this kind of action.
-    - Examine the user identity in the `aws.cloudtrail.user_identity.arn` field and the access key ID in the 
+    - Examine the user identity in the `aws.cloudtrail.user_identity.arn` field and the access key ID in the
    `aws.cloudtrail.user_identity.access_key_id` field, which can help identify the precise user context.
    - The user agent details in the `user_agent.original` field may also indicate what kind of a client made the request.
 - Investigate other alerts associated with the user account during the past 48 hours.
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/06/04"
 maturity = "production"
-updated_date = "2021/07/20"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2021/05/05"
 maturity = "production"
-updated_date = "2022/04/07"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/06/05"
 maturity = "production"
-updated_date = "2021/07/20"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/05/20"
 maturity = "production"
-updated_date = "2021/07/20"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2021/06/05"
 maturity = "production"
-updated_date = "2021/07/20"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2021/06/06"
 maturity = "production"
-updated_date = "2022/07/05"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2022/04/12"
 maturity = "production"
-updated_date = "2022/07/05"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2021/05/10"
 maturity = "production"
-updated_date = "2021/07/20"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2021/05/10"
 maturity = "production"
-updated_date = "2021/07/20"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2021/07/19"
 maturity = "production"
-updated_date = "2021/07/19"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2021/06/05"
 maturity = "production"
-updated_date = "2022/07/05"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2021/06/05"
 maturity = "production"
-updated_date = "2022/04/20"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2021/09/22"
 maturity = "production"
-updated_date = "2021/09/22"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/07/06"
 maturity = "production"
-updated_date = "2022/07/22"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -40,7 +42,7 @@ your first IAM user. Then securely lock away the root user credentials and use t
 service management tasks. Amazon provides a [list of the tasks that require root user](https://docs.aws.amazon.com/general/latest/gr/root-vs-iam.html#aws_tasks-that-require-root).

 This rule looks for attempts to log in to AWS as the root user without using multi-factor authentication (MFA), meaning
-the account is not secured properly. 
+the account is not secured properly.

 #### Possible investigation steps

@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2021/05/17"
 maturity = "production"
-updated_date = "2021/10/05"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2021/05/17"
 maturity = "production"
-updated_date = "2021/10/11"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/07/06"
 maturity = "production"
-updated_date = "2022/07/19"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "aws"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/08/18"
 maturity = "production"
-updated_date = "2021/07/20"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "azure"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2021/08/12"
 maturity = "production"
-updated_date = "2021/10/15"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "azure"


@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/08/31"
 maturity = "production"
-updated_date = "2021/07/20"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "azure"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/08/19"
 maturity = "production"
-updated_date = "2021/07/20"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "azure"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/12/14"
 maturity = "production"
-updated_date = "2021/07/20"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "azure"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/09/01"
 maturity = "production"
-updated_date = "2022/07/13"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "azure"

 [rule]
@@ -33,7 +35,7 @@ type = "query"

 query = '''
 event.dataset:azure.activitylogs and
-    azure.activitylogs.operation_name:"MICROSOFT.AUTOMATION/AUTOMATIONACCOUNTS/RUNBOOKS/DELETE" and 
+    azure.activitylogs.operation_name:"MICROSOFT.AUTOMATION/AUTOMATIONACCOUNTS/RUNBOOKS/DELETE" and
    event.outcome:(Success or success)
 '''

@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2021/09/22"
 maturity = "production"
-updated_date = "2021/09/22"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "azure"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/08/17"
 maturity = "production"
-updated_date = "2021/07/20"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "azure"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/12/14"
 maturity = "production"
-updated_date = "2022/07/19"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "azure"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/08/18"
 maturity = "production"
-updated_date = "2021/07/20"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "azure"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2020/08/18"
 maturity = "production"
-updated_date = "2021/07/20"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "azure"

 [rule]
@@ -1,7 +1,9 @@
 [metadata]
 creation_date = "2021/08/01"
 maturity = "production"
-updated_date = "2021/08/01"
+min_stack_comments = "New fields added: required_fields, related_integrations, setup"
+min_stack_version = "8.3.0"
+updated_date = "2022/08/24"
 integration = "azure"

 [rule]
--- a/Show More
+++ b/Show More