security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Lock versions for releases: 7.16,8.0,8.1,8.2,8.3,8.4,8.5 (#2332)

Browse Source 
* Locked versions for releases: 7.16,8.0,8.1,8.2,8.3,8.4,8.5

* Update detection_rules/etc/version.lock.json

* Update detection_rules/etc/version.lock.json

Co-authored-by: terrancedejesus <terrancedejesus@users.noreply.github.com>
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

(cherry picked from commit 05b715f116)
This commit is contained in:
github-actions[bot]
2022-09-29 11:19:46 -04:00
parent bb19d46975
commit 71b271c61b
1 changed files with 386 additions and 386 deletions
Download Patch File Download Diff File Expand all files Collapse all files
detection_rules/etc/version.lock.json
+386 -386
View File
@@ -11,9 +11,9 @@
}
},
"rule_name": "Attempt to Modify an Okta Policy Rule",
"sha256": "dedf2a77f86a3ecebeba40e8a1f54e713510e09384f2ca228c8adb9cc6322490",
"sha256": "89cbc0eb5b4639be3e37bb1e89b7ee51e90f6e50c76d4368e131a7e38d0cee81",
"type": "query",
"version": 100
"version": 101
},
"00140285-b827-4aee-aa09-8113f58a08f3": {
"min_stack_version": "8.3",
@@ -59,9 +59,9 @@
}
},
"rule_name": "Microsoft 365 User Restricted from Sending Email",
"sha256": "e9e1b5a4251f0147cfd30074afa7a9cd6b88518af2163ff18c40fa4f156203c7",
"sha256": "800b46e07338fe2de6177e541487caae40e39dfecd6c44a09abea5ffc429e8e9",
"type": "query",
"version": 100
"version": 101
},
"015cca13-8832-49ac-a01b-a396114809f6": {
"min_stack_version": "8.3",
@@ -75,9 +75,9 @@
}
},
"rule_name": "AWS Redshift Cluster Creation",
"sha256": "77073d8d75f01751ef31afeb74cef13a1aa5fd817622767399143a4a9e32b788",
"sha256": "fe128a2d94b1e9cb689c906063c5ba7210a0e6b0e7cc558cf0d602aa66e265c4",
"type": "query",
"version": 100
"version": 101
},
"027ff9ea-85e7-42e3-99d2-bbb7069e02eb": {
"min_stack_version": "8.3",
@@ -139,9 +139,9 @@
}
},
"rule_name": "Microsoft 365 Exchange Safe Attachment Rule Disabled",
"sha256": "da3bc7996bc722d2de60aae61f129bd3bd430f64ca4c1864d1a6169fd2489769",
"sha256": "9c753af8cfa4af8e249a5d5b351338c1541b3f7cdef2bd4ba97f693cab83a0b0",
"type": "query",
"version": 100
"version": 101
},
"035889c4-2686-4583-a7df-67f89c292f2c": {
"min_stack_version": "8.3",
@@ -203,9 +203,9 @@
}
},
"rule_name": "Azure AD Global Administrator Role Assigned",
"sha256": "abb80aa2836f715afa34004e9b29a77a38c6bc1e65c576ab21b479e0a638245b",
"sha256": "288b33ef30117913f0017bba83da1caa675d73c6c6c58088ce9f550fde43042c",
"type": "query",
"version": 100
"version": 101
},
"053a0387-f3b5-4ba5-8245-8002cca2bd08": {
"min_stack_version": "8.3",
@@ -322,9 +322,9 @@
"07b5f85a-240f-11ed-b3d9-f661ea17fbce": {
"min_stack_version": "8.3",
"rule_name": "Google Drive Ownership Transferred via Google Workspace",
"sha256": "f8e05498e63a3fb10621fd91713a7f0995aaf07a9eb6fd5ef73b62c7a81458f6",
"sha256": "1c82ea9b65fada4ec684045bd8b3e5eaa0730b35b41ddef3dd151ff26a9d6be9",
"type": "query",
"version": 1
"version": 2
},
"080bc66a-5d56-4d1f-8071-817671716db9": {
"min_stack_version": "8.3",
@@ -430,9 +430,9 @@
}
},
"rule_name": "Azure Frontdoor Web Application Firewall (WAF) Policy Deleted",
"sha256": "2c794ea54d9aa3824d1373096ab7db8786f2ca676b66d38be2430c91b38156c9",
"sha256": "e9b638ed7f3e43e337695cbafa761a7fabd832f38a7fae09bea663e61f0492c3",
"type": "query",
"version": 100
"version": 101
},
"0a97b20f-4144-49ea-be32-b540ecc445de": {
"min_stack_version": "8.3",
@@ -526,9 +526,9 @@
}
},
"rule_name": "O365 Exchange Suspicious Mailbox Right Delegation",
"sha256": "056521254f96e10279453630789e55bfcef8712bebc713ebd993a79d6c3e449f",
"sha256": "f42ea7acfc39b867f160d77cb67980e378220b0b29dbec1c46ba81a85b3ec497",
"type": "query",
"version": 100
"version": 101
},
"0d69150b-96f8-467c-a86d-a67a3378ce77": {
"min_stack_version": "8.3",
@@ -574,9 +574,9 @@
}
},
"rule_name": "SharePoint Malware File Upload",
"sha256": "ec2339c33ce001404d50de90459e83490814a70cbe7257722192be7908277b0d",
"sha256": "52e4662dae5a3d57aebcef8d8c8ac99e9cb8a6d96ce0efecbc4e95e04cfeb435",
"type": "query",
"version": 100
"version": 101
},
"0e5acaae-6a64-4bbc-adb8-27649c03f7e1": {
"min_stack_version": "8.3",
@@ -590,9 +590,9 @@
}
},
"rule_name": "GCP Service Account Key Creation",
"sha256": "da7d7509d3e20b62dd84274dde1294efce3201c3c1d270c12cbd05940378df7b",
"sha256": "6afc25f81b4cad253ba69aca882700f0ba5ceedb977e7013834813cf782b7edf",
"type": "query",
"version": 100
"version": 101
},
"0e79980b-4250-4a50-a509-69294c14e84b": {
"min_stack_version": "8.3",
@@ -730,9 +730,9 @@
}
},
"rule_name": "AWS RDS Snapshot Export",
"sha256": "e54ac76da02c0772971016966fa9829510ed25a8cb2ef4a0b535cc85c50836cb",
"sha256": "09100ecbae6d7900d19afa230b411ff3868e72070afd10045314a87e3355af27",
"type": "query",
"version": 100
"version": 101
},
"119c8877-8613-416d-a98a-96b6664ee73a5": {
"rule_name": "AWS RDS Snapshot Export",
@@ -775,9 +775,9 @@
}
},
"rule_name": "AWS Route 53 Domain Transfer Lock Disabled",
"sha256": "fb16c3f709b5cc59f4ead250115bfdac9b328fea01c4e6c8b25664e4e65d8122",
"sha256": "f3e99151601129baf7c4df19db50e81306094e02bb5816b758347d236b6b52df",
"type": "query",
"version": 100
"version": 101
},
"120559c6-5e24-49f4-9e30-8ffe697df6b9": {
"rule_name": "User Discovery via Whoami",
@@ -889,9 +889,9 @@
}
},
"rule_name": "Azure External Guest User Invitation",
"sha256": "f9c5b6690acc93fdfe6cae2fcb31a08572101d7f9ad2a27ba86ef235972c5386",
"sha256": "cd3ff42d4d39f286f6ea43a9dc3e39036052e41de46a2361d7f2e03b904b56ff",
"type": "query",
"version": 100
"version": 101
},
"143cb236-0956-4f42-a706-814bcaa0cf5a": {
"min_stack_version": "8.3",
@@ -1001,9 +1001,9 @@
}
},
"rule_name": "Azure Automation Runbook Created or Modified",
"sha256": "e426eaaece53a6e1fe40d5348cd2ace438e66ba4d7326ad7eacc7d36cda6e99e",
"sha256": "1ddd06726c54971391c661c9aea4eac602559a462ed0ecd122be0d5432a23e3c",
"type": "query",
"version": 100
"version": 101
},
"16904215-2c95-4ac8-bf5c-12354e047192": {
"min_stack_version": "8.3",
@@ -1033,9 +1033,9 @@
}
},
"rule_name": "AWS IAM Group Creation",
"sha256": "3bc9921d9f20ce54ad8f1812f5f46671210c22f202b04699b27ec8b4d1a9d831",
"sha256": "36d85b8991ba411ea3abb812164d7816a169f8c2865ae140831f5bbc32103fee",
"type": "query",
"version": 100
"version": 101
},
"16a52c14-7883-47af-8745-9357803f0d4c": {
"min_stack_version": "8.3",
@@ -1193,9 +1193,9 @@
}
},
"rule_name": "GCP Logging Sink Modification",
"sha256": "1ffcdba13e67968ded072af5594a58c0106a9e12220cdbfa2f363a02344c80bb",
"sha256": "37e5db0b52f2fb6adfd3e9e6c268a8c6869f11e97fb66e0df258ce2cdf8cf23d",
"type": "query",
"version": 100
"version": 101
},
"1859ce38-6a50-422b-a5e8-636e231ea0cd": {
"rule_name": "Linux Restricted Shell Breakout via c89/c99 Shell evasion",
@@ -1231,9 +1231,9 @@
}
},
"rule_name": "Azure Application Credential Modification",
"sha256": "2fc3c7af40f9acc3751831430f8b577e68ea3fc5381cafbdc8bfd17298b1ab66",
"sha256": "4578d2fa5303996ca9dae8665c8478e5f83d838b6e503934124775b995cf839c",
"type": "query",
"version": 100
"version": 101
},
"1a6075b0-7479-450e-8fe7-b8b8438ac570": {
"min_stack_version": "8.3",
@@ -1263,9 +1263,9 @@
}
},
"rule_name": "AWS CloudTrail Log Suspended",
"sha256": "01f0029caa8d6a301b7dab4562f20b9e41ac6aa399d19a0d12532d6efde56b6b",
"sha256": "05bfadde2b742216d77d68d250fe2191fdd06d02a3426e96f3287a9a1398f8bb",
"type": "query",
"version": 101
"version": 102
},
"1aa9181a-492b-4c01-8b16-fa0735786b2b": {
"min_stack_version": "8.3",
@@ -1311,9 +1311,9 @@
}
},
"rule_name": "AWS ElastiCache Security Group Modified or Deleted",
"sha256": "f22b89997980f0f7bb68c6d90afb377a6248cbe72383c35af9fc8a7b1cdf1b63",
"sha256": "4cb4cedb42b0a57c864fe7c83f8baeb8b06a53cbcdfbefe6a1c2a0261b1bbc59",
"type": "query",
"version": 100
"version": 101
},
"1c27fa22-7727-4dd3-81c0-de6da5555feb": {
"min_stack_version": "8.3",
@@ -1334,9 +1334,9 @@
}
},
"rule_name": "Possible Consent Grant Attack via Azure-Registered Application",
"sha256": "3ecb70e746789a1c2d3133b92a8d04fa8be02d4403da7487ad7c0867053af775",
"sha256": "4184599620742719a0761ffccaf0ffe2da0455e8d5a29756443c609edfb8ce47",
"type": "query",
"version": 101
"version": 102
},
"1c84dd64-7e6c-4bad-ac73-a5014ee37042": {
"min_stack_version": "8.3",
@@ -1366,9 +1366,9 @@
}
},
"rule_name": "Azure Kubernetes Rolebindings Created",
"sha256": "c1d21aa629ba82e68861ad58ac66781556f69ca6897fdc739676ae92cb5d530c",
"sha256": "d60a2598b31e2c9c16a051b1cf76726ce5d8f024423f62da4ce30e959924ff97",
"type": "query",
"version": 100
"version": 101
},
"1cd01db9-be24-4bef-8e7c-e923f0ff78ab": {
"min_stack_version": "8.3",
@@ -1462,9 +1462,9 @@
}
},
"rule_name": "Azure Storage Account Key Regenerated",
"sha256": "bef3f0b6705e193153c99d5f218502cca9f9cc83ec6d4131a6a5801931050919",
"sha256": "3328d28b7049bd0768a8c49e258c4d07acf8100a03153adfeb091e534e234847",
"type": "query",
"version": 100
"version": 101
},
"1e9fc667-9ff1-4b33-9f40-fefca8537eb0": {
"min_stack_version": "8.3",
@@ -1574,9 +1574,9 @@
}
},
"rule_name": "AWS Route 53 Domain Transferred to Another Account",
"sha256": "55fc97b8c86d4bb2f2f3e6223d1c095fd7f23b4a7660daf7731df2327b94b208",
"sha256": "9d52800d94fafc364ae8b490281527d60770d6a379f47520a2cb09cf05e99bd3",
"type": "query",
"version": 100
"version": 101
},
"20457e4f-d1de-4b92-ae69-142e27a4342a": {
"min_stack_version": "8.3",
@@ -1667,9 +1667,9 @@
}
},
"rule_name": "AWS S3 Bucket Configuration Deletion",
"sha256": "868f9f8ea7f28d0c9c45f1ef70b0a9a30d72ee674afdc28546b4d8fd7c378dca",
"sha256": "108c59289a1d5994a5bb27934096a29be7e76f6d86706b92902f3bd63765200f",
"type": "query",
"version": 100
"version": 101
},
"231876e7-4d1f-4d63-a47c-47dd1acdc1cb": {
"min_stack_version": "8.3",
@@ -1699,9 +1699,9 @@
}
},
"rule_name": "GCP Storage Bucket Permissions Modification",
"sha256": "13bad850d4d56d9537080bd08d7cf1323cf5493cac34d11400e2586808177847",
"sha256": "3a74c25c08ab6c0f9443f08ec07e9c2ffba7dc1c8becd1c506ecda3036984ab0",
"type": "query",
"version": 100
"version": 101
},
"2339f03c-f53f-40fa-834b-40c5983fc41f": {
"min_stack_version": "8.3",
@@ -1747,9 +1747,9 @@
}
},
"rule_name": "Azure Blob Container Access Level Modification",
"sha256": "d51872339b331d3547a459099f4407a540ce502c4bf2039f54fd5e157d7f7fc8",
"sha256": "4cad95b3cb6eb2f2107dab0dafaacb3393fb7f29826d6aa31c2fd134e5745e7e",
"type": "query",
"version": 100
"version": 101
},
"265db8f5-fc73-4d0d-b434-6483b56372e2": {
"min_stack_version": "8.3",
@@ -1779,9 +1779,9 @@
}
},
"rule_name": "Azure Active Directory High Risk User Sign-in Heuristic",
"sha256": "62cd211fbabb33bdd0fe847d9e78af10462cc5e8a1dd3c8675bb6add5f1ee701",
"sha256": "e51084c7f907586bbb7ab0533c6e4224e314cd945f1f8e1aa6b47a12bf99e679",
"type": "query",
"version": 101
"version": 102
},
"26f68dba-ce29-497b-8e13-b4fde1db5a2d": {
"min_stack_version": "8.3",
@@ -1795,9 +1795,9 @@
}
},
"rule_name": "Attempts to Brute Force a Microsoft 365 User Account",
"sha256": "9401b75236db68cd9cc6b95298e0c058e8bddfbc598bfe19ac9d3821904450c7",
"sha256": "b1fe391f2303c93bb37c3c897a8f47d2e405bd9039dc3ddf007b4c0f84b3ab0b",
"type": "threshold",
"version": 100
"version": 101
},
"272a6484-2663-46db-a532-ef734bf9a796": {
"min_stack_version": "8.3",
@@ -1811,9 +1811,9 @@
}
},
"rule_name": "Microsoft 365 Exchange Transport Rule Modification",
"sha256": "f0d2392b5756282cd0987d6dc90550d4680e9718bfe0e97ba517f6c619e22cfc",
"sha256": "e44cf5df8dbb32d716d2a4362cb8385e493638cb71b141aa8aa3717205bc20bc",
"type": "query",
"version": 100
"version": 101
},
"2772264c-6fb9-4d9d-9014-b416eed21254": {
"min_stack_version": "8.3",
@@ -1843,9 +1843,9 @@
}
},
"rule_name": "GCP Firewall Rule Modification",
"sha256": "fccaa904f802277b7009a410145e95e6124f88c8daaede709907851290d338b1",
"sha256": "c46e35ee0ca1918848d5c07bb8d194b7c09f835063fedbb38ac67903d7a0e411",
"type": "query",
"version": 100
"version": 101
},
"27f7c15a-91f8-4c3d-8b9e-1f99cc030a51": {
"min_stack_version": "8.3",
@@ -1859,9 +1859,9 @@
}
},
"rule_name": "Microsoft 365 Teams External Access Enabled",
"sha256": "59f72647630785fb2d391210c03d5fd612a72ba3a8bfe38c766bb7d53e161432",
"sha256": "9c73b9c2b54cace47d3e2a3ef52215f855ab5f0db468115a949b43b64571e34d",
"type": "query",
"version": 100
"version": 101
},
"2820c9c2-bcd7-4d6e-9eba-faf3891ba450": {
"min_stack_version": "8.3",
@@ -1929,9 +1929,9 @@
}
},
"rule_name": "AWS Security Group Configuration Change Detection",
"sha256": "5be1de2e3af44cc0cbc167f1d7f1c90ff48444098d0c24135c9dc6c35e832acc",
"sha256": "a9b4f01618dab4656c0ba36b475526cc02968ff74953533fbfa6f9e2f51b2583",
"type": "query",
"version": 100
"version": 101
},
"290aca65-e94d-403b-ba0f-62f320e63f51": {
"min_stack_version": "8.3",
@@ -2089,9 +2089,9 @@
}
},
"rule_name": "O365 Excessive Single Sign-On Logon Errors",
"sha256": "b02f5f9fa6087a2849f387d80535cd323b4f97862415a4ecc8f09d0aed319468",
"sha256": "1d488ef91e96ded9a1b9dfddd9e26c6a2fdae410b8d33c28258f21f2c899bdf9",
"type": "threshold",
"version": 100
"version": 101
},
"2e1e835d-01e5-48ca-b9fc-7a61f7f11902": {
"min_stack_version": "8.3",
@@ -2169,9 +2169,9 @@
}
},
"rule_name": "GCP Kubernetes Rolebindings Created or Patched",
"sha256": "6d93060f9b9e8a8cef362846ea83b74bbfd9356f08524feb784b76ba45cd90ea",
"sha256": "bd0cfcd18ddea0b9730c52e91f2de67a9b343831ce2a5351233e44a328498830",
"type": "query",
"version": 100
"version": 101
},
"2f2f4939-0b34-40c2-a0a3-844eb7889f43": {
"min_stack_version": "8.3",
@@ -2249,9 +2249,9 @@
}
},
"rule_name": "GCP Firewall Rule Creation",
"sha256": "2efaa38f1a46d34342b330869668b129aa0e7132c81917d956eb81ae46cda437",
"sha256": "6b22ed0dce77a88333520b488a22ee9831f3fde9e7d782c7464a81a5af7f68d1",
"type": "query",
"version": 100
"version": 101
},
"3115bd2c-0baa-4df0-80ea-45e474b5ef93": {
"min_stack_version": "8.3",
@@ -2313,9 +2313,9 @@
}
},
"rule_name": "GCP Pub/Sub Topic Deletion",
"sha256": "9d9731baf6e3c9b5ce561a821f35e3b7a5bbe2531d5d49245b03d4afefd8a489",
"sha256": "a2d4932e5b9b6484d87be5d984065ff70180730d9c9165ca3c4e15e805390e62",
"type": "query",
"version": 100
"version": 101
},
"323cb487-279d-4218-bcbd-a568efe930c6": {
"min_stack_version": "8.3",
@@ -2329,9 +2329,9 @@
}
},
"rule_name": "Azure Network Watcher Deletion",
"sha256": "9a41e06817347a17572dc03234248e5e26d5ab8c057eb554ce6d670e15fb83dd",
"sha256": "6ef41c449f78258c39b4bb1940c9e184e32ee4a1b272d2362a90a87fbf09bf91",
"type": "query",
"version": 100
"version": 101
},
"32923416-763a-4531-bb35-f33b9232ecdb": {
"min_stack_version": "8.3",
@@ -2393,9 +2393,9 @@
}
},
"rule_name": "AWS IAM User Addition to Group",
"sha256": "cbcd96bed459634465d669fa2c81fe66f4e7731f0bcf635077efc930128d0c34",
"sha256": "187f8fc5a7b7a4da4503ede2a18051b669563e0cf85fc9e07870d177fb00a28f",
"type": "query",
"version": 101
"version": 102
},
"33f306e8-417c-411b-965c-c2812d6d3f4d": {
"min_stack_version": "8.3",
@@ -2550,9 +2550,9 @@
}
},
"rule_name": "AWS RDS Security Group Creation",
"sha256": "722a66f40e6153b12544431635f167f5dbd5b4edf250e483143ed9e6e8301d9c",
"sha256": "e7d3f401c3b6114f2e8a8e0bce305970520dd87f021765fe5b56c02684e65866",
"type": "query",
"version": 100
"version": 101
},
"37994bca-0611-4500-ab67-5588afe73b77": {
"min_stack_version": "8.3",
@@ -2566,9 +2566,9 @@
}
},
"rule_name": "Azure Active Directory High Risk Sign-in",
"sha256": "c8ac802a488e4abe790d49d56f35dfb73901dd252399b4fe079fb149f7505980",
"sha256": "348052c64f71f90dcb6ee503fc83470eacd275b679326af6f3f8e2be8cd72bed",
"type": "query",
"version": 101
"version": 102
},
"37b0816d-af40-40b4-885f-bb162b3c88a9": {
"rule_name": "Anomalous Kernel Module Activity",
@@ -2588,9 +2588,9 @@
}
},
"rule_name": "AWS Execution via System Manager",
"sha256": "f22c9949a2a4bf592a657bd34ef3feb8987300782e79e261dac91bfb92327186",
"sha256": "71c37d4d5ec0f32aaededca772445a7d210706e1ebaa230b5ff6d8818bd969a6",
"type": "query",
"version": 101
"version": 102
},
"37f638ea-909d-4f94-9248-edd21e4a9906": {
"min_stack_version": "8.3",
@@ -2620,9 +2620,9 @@
}
},
"rule_name": "Attempted Bypass of Okta MFA",
"sha256": "6f055cbfbd5e2282e57c78b9a1b0cb8851f7960e4ffb18c2b3f239167c504e8a",
"sha256": "a6d8d6da1a5504de456e60bc1a93eb5a2f01ad762adb11172dc93a08e83801dc",
"type": "query",
"version": 100
"version": 101
},
"3838e0e3-1850-4850-a411-2e8c5ba40ba8": {
"min_stack_version": "8.3",
@@ -2668,9 +2668,9 @@
}
},
"rule_name": "User Added as Owner for Azure Service Principal",
"sha256": "b8c7fa9f080b3a7a21e60f4baefcbb3e150b711a42e292383bd3411f7d8ab75c",
"sha256": "97d1d34640ed067b24cd9c6aec92a3218d38a9e44e5e1c3858822b9f355e152e",
"type": "query",
"version": 100
"version": 101
},
"39144f38-5284-4f8e-a2ae-e3fd628d90b0": {
"min_stack_version": "8.3",
@@ -2684,9 +2684,9 @@
}
},
"rule_name": "AWS EC2 Network Access Control List Creation",
"sha256": "17ad9da50d17efe58810988b1954391a488d33a2e6e9fc2f1f7eba3d8b0b3b5a",
"sha256": "19eaf15725e3a5061e078f8fc55b6ba952482d0dd6f2b10350eb1fd40d8d799d",
"type": "query",
"version": 100
"version": 101
},
"397945f3-d39a-4e6f-8bcb-9656c2031438": {
"min_stack_version": "8.3",
@@ -2754,9 +2754,9 @@
}
},
"rule_name": "Azure Full Network Packet Capture Detected",
"sha256": "ab00bf952be5af8b57e616263c15d1e95b0863f6a879d70d63100a34566ee8ca",
"sha256": "ed7c759eb27766427a4ddb53b35f5c39aadeb89cbe40c95c3cfd0a943127616e",
"type": "query",
"version": 100
"version": 101
},
"3b382770-efbb-44f4-beed-f5e0a051b895": {
"min_stack_version": "8.3",
@@ -2834,9 +2834,9 @@
}
},
"rule_name": "AWS CloudTrail Log Updated",
"sha256": "428ab9fdfdf45f8b78936be6e761223f7aa5dacba6db94c648f3ac20b1c69eb8",
"sha256": "ca1a335240ddaea8136fa5af17127f0a9434a1b473eac0a6c436119918dd7420",
"type": "query",
"version": 101
"version": 102
},
"3e3d15c6-1509-479a-b125-21718372157e": {
"min_stack_version": "8.3",
@@ -2898,9 +2898,9 @@
}
},
"rule_name": "Potential Password Spraying of Microsoft 365 User Accounts",
"sha256": "9698e2683dc852a3ac02802f639b1e88431d9633813aaceb33b693c1312499df",
"sha256": "c2c2f1f18bd31515f4fbc65a849bdb58c56ead6aa70b4d4fb8aaee1449fdb474",
"type": "threshold",
"version": 100
"version": 101
},
"3f0e5410-a4bf-4e8c-bcfc-79d67a285c54": {
"min_stack_version": "8.3",
@@ -2914,9 +2914,9 @@
}
},
"rule_name": "CyberArk Privileged Access Security Error",
"sha256": "a4cc55d9e2adab88e3dd79bef6dfb423e37db0a5132b1fc6bf861eff6c99bbd2",
"sha256": "eac32a4108db050129c6234b8b03ef41e888ffedde7571c022877c1796c3c574",
"type": "query",
"version": 100
"version": 101
},
"3f3f9fe2-d095-11ec-95dc-f661ea17fbce": {
"min_stack_version": "8.3",
@@ -3010,9 +3010,9 @@
}
},
"rule_name": "Okta Brute Force or Password Spraying Attack",
"sha256": "a45a3f38b8831ccd84dd07383145d7045a99f2c01c9d243a92f34cb0c21dfbb7",
"sha256": "9507019dcb04b4ca591e79a6563cc6a7293cc6b2922a1247faa399bff3ce4ccd",
"type": "threshold",
"version": 100
"version": 101
},
"42eeee3d-947f-46d3-a14d-7036b962c266": {
"min_stack_version": "8.3",
@@ -3307,9 +3307,9 @@
"495e5f2e-2480-11ed-bea8-f661ea17fbce": {
"min_stack_version": "8.3",
"rule_name": "Application Removed from Blocklist in Google Workspace",
"sha256": "3374eeddf36189dea4b300570a391bea57dca4ee9e2f19f4edeb2317c44d1826",
"sha256": "f65ab660ff049917ef0d56928b4115a2675fd3a83ade36c9569b28cd3cf3397d",
"type": "query",
"version": 1
"version": 2
},
"4a4e23cf-78a2-449c-bac3-701924c269d3": {
"min_stack_version": "8.3",
@@ -3378,9 +3378,9 @@
}
},
"rule_name": "AWS Management Console Brute Force of Root User Identity",
"sha256": "163a5f3b46f7f1b2e2d69b4b4a8f2e222a05a8629f7d156e4396434ddac22480",
"sha256": "ef11a9260283c9287c2457c41043ac3eda591df8431603408cbbb0f62e984892",
"type": "threshold",
"version": 100
"version": 101
},
"4da13d6e-904f-4636-81d8-6ab14b4e6ae9": {
"min_stack_version": "8.3",
@@ -3465,9 +3465,9 @@
}
},
"rule_name": "Unauthorized Access to an Okta Application",
"sha256": "99bc1263ad19d3e5bfe36418f450b76f8a7271baf25aa74c58f567e37a3dfbde",
"sha256": "91937ce85079314b002d9db667305679fa7defb86a978d5565009df30815d8d1",
"type": "query",
"version": 100
"version": 101
},
"4fe9d835-40e1-452d-8230-17c147cafad8": {
"min_stack_version": "8.3",
@@ -3513,9 +3513,9 @@
}
},
"rule_name": "Microsoft 365 Exchange DKIM Signing Configuration Disabled",
"sha256": "7c6ef54fd34285ddd5858959918293e868ea67da752bd3df50269d11f5ebd881",
"sha256": "4b3ee12f6ed02b5f7a530627ebcf4a03977f654840b6fa6044a377809b7ce8f2",
"type": "query",
"version": 100
"version": 101
},
"51859fa0-d86b-4214-bf48-ebb30ed91305": {
"min_stack_version": "8.3",
@@ -3529,9 +3529,9 @@
}
},
"rule_name": "GCP Logging Sink Deletion",
"sha256": "c2aa4f7692508f3df54b9878b13d7b677da0a4a8a274930ecf8d50d53faa4e59",
"sha256": "f04f86ca61f586621773775c3d833043ecc41f01875ed7a6754bc0d388299811",
"type": "query",
"version": 100
"version": 101
},
"51ce96fb-9e52-4dad-b0ba-99b54440fc9a": {
"min_stack_version": "8.3",
@@ -3561,9 +3561,9 @@
}
},
"rule_name": "AWS GuardDuty Detector Deletion",
"sha256": "2b436fd7d94632c5c485759103c5abdc1e13947c23ddeab67e8de989041d751a",
"sha256": "fd8d5239f94600865974276bc39a3197dc624360e4fda40949cee520970b6737",
"type": "query",
"version": 100
"version": 101
},
"52376a86-ee86-4967-97ae-1a05f55816f0": {
"min_stack_version": "8.3",
@@ -3653,9 +3653,9 @@
}
},
"rule_name": "AWS EFS File System or Mount Deleted",
"sha256": "a7f06a11fbee770dc0fca658213ecdb0694efb4e85b3a8a8827003c2f3adb3ff",
"sha256": "92dd7f3eee2909b37416ccffcca01ddac8ea9b079249d58b7a68bca79b05b846",
"type": "query",
"version": 100
"version": 101
},
"5370d4cd-2bb3-4d71-abf5-1e1d0ff5a2de": {
"min_stack_version": "8.3",
@@ -3669,9 +3669,9 @@
}
},
"rule_name": "Azure Diagnostic Settings Deletion",
"sha256": "b653fc13f628033560da2a89e872042c5b76e3cc0bad743e4cdb89a5b772b2f1",
"sha256": "a33f7703c7150e2ab58f7c1af92f17d3358b8944ec15b284545340ea7c235bd6",
"type": "query",
"version": 100
"version": 101
},
"53a26770-9cbd-40c5-8b57-61d01a325e14": {
"min_stack_version": "8.3",
@@ -3820,9 +3820,9 @@
}
},
"rule_name": "GCP Logging Bucket Deletion",
"sha256": "3a3b6ad88408ca05c708936092266de5e85a9a6bb7bf8a82d4b7ff594155fba3",
"sha256": "36d1f7974b7afefde6314e3bed440da6c6784c0f110c1fbc1293aed89c635d13",
"type": "query",
"version": 100
"version": 101
},
"56f2e9b5-4803-4e44-a0a4-a52dc79d57fe": {
"min_stack_version": "8.3",
@@ -3884,9 +3884,9 @@
}
},
"rule_name": "Azure Virtual Network Device Modified or Deleted",
"sha256": "c478af6a790ea8c0dcd61f3cab330fb1abe6835df82da5a1a6c7c2ad0083c2c3",
"sha256": "36b5cdc1f4072787f2a7ee1f75cf300934251e66bd85f8471752d14d63f3cbbc",
"type": "query",
"version": 100
"version": 101
},
"577ec21e-56fe-4065-91d8-45eb8224fe77": {
"min_stack_version": "8.3",
@@ -3996,9 +3996,9 @@
}
},
"rule_name": "O365 Email Reported by User as Malware or Phish",
"sha256": "77b9e5441d776bd1d4421ba04cf53208030a60a1536147cf517115b3e306aeca",
"sha256": "2967ee9d92e6919fd392653ca21163fd3cb0c2231fe79fa57a28134dcba36c9a",
"type": "query",
"version": 100
"version": 101
},
"594e0cbf-86cc-45aa-9ff7-ff27db27d3ed": {
"min_stack_version": "8.3",
@@ -4012,9 +4012,9 @@
}
},
"rule_name": "AWS CloudTrail Log Created",
"sha256": "064da749510016cbce8588a084602725df9b741e5780994843c512ed98e9640a",
"sha256": "dd8615672455eb26117c05df3c53320c181c521066f44ccec20ce5fc3e9be97a",
"type": "query",
"version": 100
"version": 101
},
"59756272-1998-4b8c-be14-e287035c4d10": {
"min_stack_version": "8.3",
@@ -4124,9 +4124,9 @@
}
},
"rule_name": "AWS WAF Rule or Rule Group Deletion",
"sha256": "3249161fac88f6cbf8cae454058c7467958169242359eb4fd2fa85c8b8bf00eb",
"sha256": "eba683b3c4d41a39fb0a9208b548250bcc4a1adc8e19e79bb910f6b1b5b86361",
"type": "query",
"version": 100
"version": 101
},
"5c983105-4681-46c3-9890-0c66d05e776b": {
"min_stack_version": "8.3",
@@ -4227,9 +4227,9 @@
"5e161522-2545-11ed-ac47-f661ea17fbce": {
"min_stack_version": "8.3",
"rule_name": "Google Workspace 2SV Policy Disabled",
"sha256": "fd5d32a38a6fcc1c2f9da9bc81f2b1a80916de40174c78913b05259325c6b639",
"sha256": "0e4f796c44b12756ec86c03bef7bca532a986bd70cbe34fda071162af183bb2e",
"type": "query",
"version": 1
"version": 2
},
"5e552599-ddec-4e14-bad1-28aa42404388": {
"min_stack_version": "8.3",
@@ -4243,9 +4243,9 @@
}
},
"rule_name": "Microsoft 365 Teams Guest Access Enabled",
"sha256": "c2d44b6e87bf1e7dea9dd3a0d2990194af418603132d5bee07c23b69068e4717",
"sha256": "50aae074ddb8947d940c38965282b736fbff99f023d2a715cb22e2dca25e2f4d",
"type": "query",
"version": 100
"version": 101
},
"5e87f165-45c2-4b80-bfa5-52822552c997": {
"rule_name": "Potential PrintNightmare File Modification",
@@ -4265,9 +4265,9 @@
}
},
"rule_name": "Azure Command Execution on Virtual Machine",
"sha256": "872a5367783e16ffc634425549afb38612e1eeed5207f97e5d483684f2d93cb9",
"sha256": "5637e2ee71403942ade1e207efd0fb68aad7ddb05c75fbbec08760e3d430476d",
"type": "query",
"version": 100
"version": 101
},
"60b6b72f-0fbc-47e7-9895-9ba7627a8b50": {
"min_stack_version": "8.3",
@@ -4281,9 +4281,9 @@
}
},
"rule_name": "Azure Service Principal Addition",
"sha256": "42f4486306a4f314aa7c0579be6188e7e3f261ee72c27caedfd0832958e55896",
"sha256": "24b0f7575e69c3da0576076406bc354a01b3885bf902debc9d613c3a9e94c71f",
"type": "query",
"version": 101
"version": 102
},
"60f3adec-1df9-4104-9c75-b97d9f078b25": {
"min_stack_version": "8.3",
@@ -4297,9 +4297,9 @@
}
},
"rule_name": "Microsoft 365 Exchange DLP Policy Removed",
"sha256": "94d03cfbb90d2318be2e5e0e432a60714974dcfcf37b9582f671982a34290fc7",
"sha256": "ebca4569bef15eab7d2b131134f2c0a4f17b6f29255255feaba207e377d2ba7a",
"type": "query",
"version": 100
"version": 101
},
"610949a1-312f-4e04-bb55-3a79b8c95267": {
"min_stack_version": "8.3",
@@ -4390,16 +4390,16 @@
"63c05204-339a-11ed-a261-0242ac120002": {
"min_stack_version": "8.4",
"rule_name": "Kubernetes Suspicious Assignment of Controller Service Account",
"sha256": "6ff3774856f3a89c719426d0b0ad31e9476927c25e33ae9f1fb2c33a60262fe9",
"sha256": "b26e2d87c35842443778574939ecc5d426b960a505ada7acb42bcdc372e86d9e",
"type": "query",
"version": 1
"version": 2
},
"63c056a0-339a-11ed-a261-0242ac120002": {
"min_stack_version": "8.4",
"rule_name": "Kubernetes Denied Service Account Request",
"sha256": "206708bf073f5373d61076aff081083306733334434485a072a95127453c17f3",
"sha256": "4ca24e8d75f1433636355cb68e30a1e5a1d95721e92a2a4a7079f1114e58ca16",
"type": "query",
"version": 1
"version": 2
},
"63c057cc-339a-11ed-a261-0242ac120002": {
"min_stack_version": "8.4",
@@ -4554,9 +4554,9 @@
}
},
"rule_name": "Attempt to Modify an Okta Policy",
"sha256": "f349235176eea6fab8f64b9d29af010ac35907d99e524aec451bb7143ea6aa7b",
"sha256": "3dc9daa76e62e8c631c9303e09468d98447d71290ddfd2d926d570bf2f580d66",
"type": "query",
"version": 100
"version": 101
},
"675239ea-c1bc-4467-a6d3-b9e2cc7f676d": {
"min_stack_version": "8.3",
@@ -4570,9 +4570,9 @@
}
},
"rule_name": "O365 Mailbox Audit Logging Bypass",
"sha256": "180540c4dfa973ebb322a17a92f3bd9e1179dca70a52c648ded69003862cc3c9",
"sha256": "be4affa23789ae2a09fbd537820317eb2e39cdb1582e3fa38dc10d83f53e8aeb",
"type": "query",
"version": 100
"version": 101
},
"676cff2b-450b-4cf1-8ed2-c0c58a4a2dd7": {
"min_stack_version": "8.3",
@@ -4586,9 +4586,9 @@
}
},
"rule_name": "Attempt to Revoke Okta API Token",
"sha256": "7fa1e50559094f15c0d582e8502734500d72a89865f1e7b1da149ef3c6152317",
"sha256": "12a8d39f94e8286e76e2461d978b636448c471180d04134c11d2b06fc623e504",
"type": "query",
"version": 100
"version": 101
},
"67a9beba-830d-4035-bfe8-40b7e28f8ac4": {
"rule_name": "SMTP to the Internet",
@@ -4646,9 +4646,9 @@
}
},
"rule_name": "New or Modified Federation Domain",
"sha256": "a58f40a2a2689a462fd3ebcbf5dba55550ecc3cbcfec5949aa2a35892c5afafb",
"sha256": "b36b28a3d7c05bc571463614e266a0db27d51920ae9cafa0b2ab15e654b98a7a",
"type": "query",
"version": 100
"version": 101
},
"6885d2ae-e008-4762-b98a-e8e1cd3a81e9": {
"min_stack_version": "8.3",
@@ -4662,9 +4662,9 @@
}
},
"rule_name": "Threat Detected by Okta ThreatInsight",
"sha256": "0ef8f32d6082e1c9bab33717afc8fe1c23e756abe5942df0dde64456026edec1",
"sha256": "265eccee9014d25d76ba6c13ef37b75fe4b585694f0ad3aa47ae0690669d4d9b",
"type": "query",
"version": 100
"version": 101
},
"68921d85-d0dc-48b3-865f-43291ca2c4f2": {
"min_stack_version": "8.3",
@@ -4701,9 +4701,9 @@
}
},
"rule_name": "Google Workspace Admin Role Assigned to a User",
"sha256": "545233dc9b965ee4f62840278af84bef551cdacf71cbce2552b8a9d2704615b5",
"sha256": "2c52d4ab28968599f73fc69986af4d6bb32fa1a7990400dedb69a00d27923991",
"type": "query",
"version": 101
"version": 102
},
"689b9d57-e4d5-4357-ad17-9c334609d79a": {
"min_stack_version": "8.3",
@@ -4733,9 +4733,9 @@
}
},
"rule_name": "AWS CloudWatch Log Group Deletion",
"sha256": "ca37ae77a2a934249977d73567f63f4aa0372dd28c4332d3e67f3abb9714b631",
"sha256": "83270dc39fbfd745efa730454cdf9fe041bc1b5913aceb61ccde29d37aed5da9",
"type": "query",
"version": 101
"version": 102
},
"68d56fdc-7ffa-4419-8e95-81641bd6f845": {
"min_stack_version": "8.3",
@@ -4797,9 +4797,9 @@
}
},
"rule_name": "AWS IAM Password Recovery Requested",
"sha256": "7f96125b14edc240bd6bf616955819b7ea9fe7491f8afb0873fbf8d85b7d52ed",
"sha256": "b9cca5071a90915b420201300534cf7294a09a03ce5a02fdc723ec827c3ec094",
"type": "query",
"version": 100
"version": 101
},
"6a8ab9cc-4023-4d17-b5df-1a3e16882ce7": {
"min_stack_version": "8.3",
@@ -5008,9 +5008,9 @@
}
},
"rule_name": "Google Workspace Role Modified",
"sha256": "8dc1f19266e88e4e9730b019277e28ce3f4e7f8a2f366b75198d4d752ba789b8",
"sha256": "daef89c776f6dbbe4af324d1e25088b7050e7ea1d1e9ab4726f530b8a5b4a5a5",
"type": "query",
"version": 100
"version": 101
},
"6f683345-bb10-47a7-86a7-71e9c24fb358": {
"rule_name": "Linux Restricted Shell Breakout via the find command",
@@ -5030,9 +5030,9 @@
}
},
"rule_name": "AWS CloudTrail Log Deleted",
"sha256": "3ce48bd244eb8526b966ce1ead4d0487ae071f67d638c971ab2f7ae83ae5e274",
"sha256": "b39ba2fb57dbf938e72f9acbe9a64c4d65ca5123539a40e67b80060ac3b1966f",
"type": "query",
"version": 101
"version": 102
},
"7024e2a0-315d-4334-bb1a-552d604f27bc": {
"min_stack_version": "8.3",
@@ -5046,9 +5046,9 @@
}
},
"rule_name": "AWS Config Resource Deletion",
"sha256": "d7267c58adaa59759b247610f0d44632689bbeb1da3010560530b7b14761d19c",
"sha256": "90cb1cfb2ad7ed8caee073392761b2e26ee4c706c9561a7216e1613be85b4d86",
"type": "query",
"version": 101
"version": 102
},
"70d12c9c-0dbd-4a1a-bc44-1467502c9cf6": {
"min_stack_version": "8.3",
@@ -5142,9 +5142,9 @@
}
},
"rule_name": "Microsoft 365 Potential ransomware activity",
"sha256": "b91ed8e2d7e1cb283ab6ca4c730174019a360cee3c01a5c6365aedf04ed563a2",
"sha256": "5ed8b9792817be8710679364f5e1af5fef0cf852e05c97076743efb4d24e3db2",
"type": "query",
"version": 100
"version": 101
},
"729aa18d-06a6-41c7-b175-b65b739b1181": {
"min_stack_version": "8.3",
@@ -5158,9 +5158,9 @@
}
},
"rule_name": "Attempt to Reset MFA Factors for an Okta User Account",
"sha256": "ca6648edd972ed21401c4098468a62d530987ef7fbaca081fa283b7824b54ee8",
"sha256": "1e794e11cf17f126dd248557655736d7e16036585bdcda44a847ee1c5ae1fcad",
"type": "query",
"version": 100
"version": 101
},
"72d33577-f155-457d-aad3-379f9b750c97": {
"rule_name": "Linux Restricted Shell Breakout via env Shell Evasion",
@@ -5356,9 +5356,9 @@
}
},
"rule_name": "User Added as Owner for Azure Application",
"sha256": "703fe0f5612ad2d0a2b2586ea0901b308e6d66e9fb1b42ea07f599eda881a0e9",
"sha256": "a97f673b735d37b32973f00c9e6ea2608c0f8e7a451e7da2ed05a256eb20d451",
"type": "query",
"version": 100
"version": 101
},
"77a3c3df-8ec4-4da4-b758-878f551dee69": {
"min_stack_version": "8.3",
@@ -5395,9 +5395,9 @@
}
},
"rule_name": "Application Added to Google Workspace Domain",
"sha256": "167624464a44f366b739b360ebb3abbf57ded7a1a0a5477391c335aa6c3a8d50",
"sha256": "a3cc84e17ebd0f9217243f6d5128ebb437ecb8d4e643a5ea8d1b3e3e40f343be",
"type": "query",
"version": 100
"version": 101
},
"7882cebf-6cf1-4de3-9662-213aa13e8b80": {
"min_stack_version": "8.3",
@@ -5411,9 +5411,9 @@
}
},
"rule_name": "Azure Privilege Identity Management Role Modified",
"sha256": "c7ee92c687fa9c3bce9e82202474629c2b5486a7b2887ab1fe55092c3ba392fd",
"sha256": "b97ff66b9f974c5948d1cd101ce1d612c1172848e28f936f9004aaacfbec8189",
"type": "query",
"version": 101
"version": 102
},
"78d3d8d9-b476-451d-a9e0-7a5addd70670": {
"min_stack_version": "8.3",
@@ -5443,9 +5443,9 @@
}
},
"rule_name": "Azure Key Vault Modified",
"sha256": "e1212563d20d9bd804d0f0103f0d02843b99ed1512929cf8637d33a1283c7172",
"sha256": "cc11cad36b109a308b000d4ffef2cee07ed8515a3efaa31a6f87699596a763e3",
"type": "query",
"version": 100
"version": 101
},
"79f97b31-480e-4e63-a7f4-ede42bf2c6de": {
"min_stack_version": "8.3",
@@ -5487,9 +5487,9 @@
}
},
"rule_name": "AWS ElastiCache Security Group Created",
"sha256": "226ee11ffe057fb5a2ee3b7f350a57d79b5080d0586afb18939eea9ce65ae082",
"sha256": "25e965176005d56b0d73ff069dc3ac7b084832901d17b8466d3786f84b192af2",
"type": "query",
"version": 100
"version": 101
},
"7b8bfc26-81d2-435e-965c-d722ee397ef1": {
"min_stack_version": "8.3",
@@ -5542,9 +5542,9 @@
"7caa8e60-2df0-11ed-b814-f661ea17fbce": {
"min_stack_version": "8.3",
"rule_name": "Google Workspace Bitlocker Setting Disabled",
"sha256": "b2085a3b9a489dab8592255dd99f396e153d9b0230697c8f7bf2d0f370f5b4ae",
"sha256": "e433cddd2695f67bea309beea9d1d29197cb7f724fd7e8b1fe04b09657cfb195",
"type": "query",
"version": 1
"version": 2
},
"7ceb2216-47dd-4e64-9433-cddc99727623": {
"min_stack_version": "8.3",
@@ -5558,9 +5558,9 @@
}
},
"rule_name": "GCP Service Account Creation",
"sha256": "785c10b62b59333a0f88d46a496dead6b5f7a450baf28951b38c53c1f5596014",
"sha256": "bfc9ca414ec24b008728120433fe6adbc82be9ee524bfa2d2e435d619ec3dd06",
"type": "query",
"version": 100
"version": 101
},
"7d2c38d7-ede7-4bdf-b140-445906e6c540": {
"rule_name": "Tor Activity to the Internet",
@@ -5689,9 +5689,9 @@
}
},
"rule_name": "Azure Kubernetes Pods Deleted",
"sha256": "b991a10d5e4c961fbac48a5a9eaab802246deca8ee74ad44255110504a225183",
"sha256": "fd9f832afa3eb4db90466e05aa43684b05fbd8af82fa4d943022de552cdb9cc4",
"type": "query",
"version": 100
"version": 101
},
"83b2c6e5-e0b2-42d7-8542-8f3af86a1acb": {
"rule_name": "Linux Restricted Shell Breakout via the mysql command",
@@ -5759,9 +5759,9 @@
}
},
"rule_name": "AWS EC2 Network Access Control List Deletion",
"sha256": "c6e59ebe85ab003df21fbcd6bad692bcdc76fe6c2b28629a40a6fa9c8918795e",
"sha256": "bcb4aade8b5ba3c22a8c82cdf9e5c119b5c206ac7a8a25c005c9c46bdac688b0",
"type": "query",
"version": 100
"version": 101
},
"863cdf31-7fd3-41cf-a185-681237ea277b": {
"min_stack_version": "8.3",
@@ -5775,9 +5775,9 @@
}
},
"rule_name": "AWS RDS Security Group Deletion",
"sha256": "f39be5f1084cc1ef95308f704a479690c24f61bce88d207ea29b7c6fcfb93708",
"sha256": "b9740b6e6fe0a2bf15223ae18f550d8f48741f5b183edaba4d75d1780eb7fdeb",
"type": "query",
"version": 100
"version": 101
},
"867616ec-41e5-4edc-ada2-ab13ab45de8a": {
"min_stack_version": "8.3",
@@ -5791,9 +5791,9 @@
}
},
"rule_name": "AWS IAM Group Deletion",
"sha256": "be3cafda2f1bc4c15c32214ed64b86374b01e2ba135956915942b0ee2158a900",
"sha256": "ad3bca60bba8131fb73f2ba77fef189865b606cf0e8f75552a0f665a03e7c9ea",
"type": "query",
"version": 100
"version": 101
},
"870aecc0-cea4-4110-af3f-e02e9b373655": {
"min_stack_version": "8.3",
@@ -5839,9 +5839,9 @@
}
},
"rule_name": "AWS EventBridge Rule Disabled or Deleted",
"sha256": "367010706d34877b7145c84d93da5e24a1de26743ac66c62886d3c3dd795c7ee",
"sha256": "7318a2445dc5a3d30e791c384f8cb3a6fb45f6a517e2d3cd4c7e8a7920bc5915",
"type": "query",
"version": 100
"version": 101
},
"87ec6396-9ac4-4706-bcf0-2ebb22002f43": {
"rule_name": "FTP (File Transfer Protocol) Activity to the Internet",
@@ -5861,9 +5861,9 @@
}
},
"rule_name": "Microsoft 365 Global Administrator Role Assigned",
"sha256": "7ccdd0dd55b42d0243844e56404c0100052c1390d25e282a878032c8e2fcd758",
"sha256": "06a2870dd213505ab21cf79e77102f038a0ca424bb6609f239f62e97824509c9",
"type": "query",
"version": 100
"version": 101
},
"88817a33-60d3-411f-ba79-7c905d865b2a": {
"min_stack_version": "8.3",
@@ -5995,9 +5995,9 @@
}
},
"rule_name": "Attempt to Deactivate an Okta Network Zone",
"sha256": "96efba52fe6cbf544a08722635a44c05c5cd7eb8c7d96bbd84a59de1856a7235",
"sha256": "045434b736375d19dd5c2261b23dbdaee593cd818afa3d68de289052817c3eb2",
"type": "query",
"version": 100
"version": 101
},
"8acb7614-1d92-4359-bfcf-478b6d9de150": {
"min_stack_version": "8.3",
@@ -6059,9 +6059,9 @@
}
},
"rule_name": "Azure Kubernetes Events Deleted",
"sha256": "44a51581dbc42a7f4e2970a5c54d8ba2c713d95e75fd6ddfecc281f479a5c5db",
"sha256": "d2fda40a22fb4d46eb3a36ed6cc7bc6304f6f30019afbff7fcd240859601b9e1",
"type": "query",
"version": 100
"version": 101
},
"8c1bdde8-4204-45c0-9e0c-c85ca3902488": {
"min_stack_version": "8.3",
@@ -6169,9 +6169,9 @@
}
},
"rule_name": "Azure Automation Runbook Deleted",
"sha256": "c75a4d4e912c35047aa88e39420ae638bfb0405fc11623f2798583bf1a78492e",
"sha256": "4a094369167a5416694956facfb84594a711b8f4622441fe2d9376ce2c65fcb2",
"type": "query",
"version": 100
"version": 101
},
"8f3e91c7-d791-4704-80a1-42c160d7aa27": {
"min_stack_version": "8.3",
@@ -6217,9 +6217,9 @@
}
},
"rule_name": "GCP Service Account Deletion",
"sha256": "d057eb6c8a3ff17bc8ab962565bc7a4f09b724c09fd6fd9feb05ac0ef07b6fe0",
"sha256": "dc106358a8faa9b73188f48185804a769735e4e84da828db49b812e29cc5b522",
"type": "query",
"version": 100
"version": 101
},
"8fed8450-847e-43bd-874c-3bbf0cd425f3": {
"rule_name": "Linux Restricted Shell Breakout via apt/apt-get Changelog Escape",
@@ -6255,9 +6255,9 @@
}
},
"rule_name": "AWS Deletion of RDS Instance or Cluster",
"sha256": "fccbd85c5ef8509fcdf0af7ff50d8075a6de27f496059da1d4e794064128683d",
"sha256": "e0467768e8198131a5fe5d6684af0485b7eb13b4149b9c52f1435e6c954b6c3c",
"type": "query",
"version": 100
"version": 101
},
"9092cd6c-650f-4fa3-8a8a-28256c7489c9": {
"min_stack_version": "8.3",
@@ -6293,9 +6293,9 @@
}
},
"rule_name": "GCP Virtual Private Cloud Route Creation",
"sha256": "34a1db159c380f672b99ce5fa36d2d08d218ff0a52d4d7f61b049fed345154f4",
"sha256": "83db654be4ce09b09ea2f5fc1979aa9970b6a65b8325061138faff6de8405f7f",
"type": "query",
"version": 100
"version": 101
},
"91d04cd4-47a9-4334-ab14-084abe274d49": {
"min_stack_version": "8.3",
@@ -6309,9 +6309,9 @@
}
},
"rule_name": "AWS WAF Access Control List Deletion",
"sha256": "93a8abf17df4faa81fa3dcf2a4da451cf18650e46bb92662dabff5f425fab8cd",
"sha256": "4268caaaedc7a1b5641e0396f7a2594afb2038c989475450700a48f6284fb026",
"type": "query",
"version": 100
"version": 101
},
"91f02f01-969f-4167-8d77-07827ac4cee0": {
"min_stack_version": "8.3",
@@ -6380,9 +6380,9 @@
}
},
"rule_name": "AWS Security Token Service (STS) AssumeRole Usage",
"sha256": "7a748c5b733bb3376d6c9c0535838c0de1cf5effdfe0f3343404aed88a5a20e9",
"sha256": "33e33fcf51a64052e25ea495dc5d119f6366f59ca29734cb8fa950094f0098ec",
"type": "query",
"version": 100
"version": 101
},
"931e25a5-0f5e-4ae0-ba0d-9e94eff7e3a4": {
"min_stack_version": "8.3",
@@ -6412,9 +6412,9 @@
}
},
"rule_name": "AWS VPC Flow Logs Deletion",
"sha256": "6b32892aa2db1f90353f5be46ecbcfe86c7a3fe108a67c12a422e123d0ad5d08",
"sha256": "1a802576b2f53f4b109418073778dbb9ab316488a42b15571652d43c1664cece",
"type": "query",
"version": 101
"version": 102
},
"93b22c0a-06a0-4131-b830-b10d5e166ff4": {
"min_stack_version": "8.3",
@@ -6467,9 +6467,9 @@
}
},
"rule_name": "Google Workspace Admin Role Deletion",
"sha256": "aeae7ce32f48766371322897bfbc3da7e4c5c5b9c1f6d5f7221bad6887a9d88a",
"sha256": "ef6d929dc2c2361a81de3f98368a4b583d1b79accfccf61f4bd2660192e320d0",
"type": "query",
"version": 100
"version": 101
},
"93f47b6f-5728-4004-ba00-625083b3dcb0": {
"min_stack_version": "8.3",
@@ -6490,9 +6490,9 @@
"9510add4-3392-11ed-bd01-f661ea17fbce": {
"min_stack_version": "8.3",
"rule_name": "Google Workspace Custom Gmail Route Created or Modified",
"sha256": "b354de5608defe82e0d3a7c230774e90003cb87416fc120e1d8e4465d30b3a1c",
"sha256": "5fd3d2b8c4d529473f1faf8da5346efc3e1c194556689eb7bba24604dfea18db",
"type": "query",
"version": 1
"version": 2
},
"954ee7c8-5437-49ae-b2d6-2960883898e9": {
"min_stack_version": "8.3",
@@ -6554,9 +6554,9 @@
}
},
"rule_name": "Attempt to Create Okta API Token",
"sha256": "d37cf8c47114dfde946b80c362cb55a4511f183e64c1770ee19c2fe896040498",
"sha256": "e422d6ae568c6176ce467e84cff66e388e6aebd1a08ecd0975170f85d062755e",
"type": "query",
"version": 100
"version": 101
},
"96e90768-c3b7-4df6-b5d9-6237f8bc36a8": {
"min_stack_version": "8.3",
@@ -6586,9 +6586,9 @@
}
},
"rule_name": "Microsoft 365 Exchange Anti-Phish Rule Modification",
"sha256": "6b0aee250c12113c8634c1a9b4bc83aa88487e2839f2ed15655cb69e22bf2eed",
"sha256": "df0c3ab6007ab01b0442eb8dcd1dc90c541d8fba362f7d3f9beea700be864ac6",
"type": "query",
"version": 100
"version": 101
},
"97359fd8-757d-4b1d-9af1-ef29e4a8680e": {
"min_stack_version": "8.3",
@@ -6602,9 +6602,9 @@
}
},
"rule_name": "GCP Storage Bucket Configuration Modification",
"sha256": "de65ba5837645ec6e9d4f0a7c27f6451405080ded9bd6648c1a1e4f886eebb30",
"sha256": "23227ba904aeacc1007e1bc763fd3b47c14446815d11d7e94c9b551250ca8a8f",
"type": "query",
"version": 100
"version": 101
},
"979729e7-0c52-4c4c-b71e-88103304a79f": {
"min_stack_version": "8.3",
@@ -6618,9 +6618,9 @@
}
},
"rule_name": "AWS SAML Activity",
"sha256": "8e49254aba6e970d5d329ec1049699b7f4bd30761722bf36b85fe29082c145bc",
"sha256": "3562ea5dacaba4792e94f1cba2be2c388e6626ce6dd758043403775900a9016e",
"type": "query",
"version": 100
"version": 101
},
"97a8e584-fd3b-421f-9b9d-9c9d9e57e9d7": {
"min_stack_version": "8.3",
@@ -6701,9 +6701,9 @@
}
},
"rule_name": "GCP IAM Service Account Key Deletion",
"sha256": "04683dc2a0a34273c1d83c833ee0f3446ea94938f360c153b15449e70532f48f",
"sha256": "1414d88d46470984e304f7aeff112cdd344d67618601150c1774758132123eb3",
"type": "query",
"version": 100
"version": 101
},
"98995807-5b09-4e37-8a54-5cae5dc932d7": {
"min_stack_version": "8.3",
@@ -6717,9 +6717,9 @@
}
},
"rule_name": "Microsoft 365 Exchange Management Group Role Assignment",
"sha256": "bf052babf9f1e5b03d6a841458643cd5adb9fb5799db6ae1e3b70d73ba8e651a",
"sha256": "6471164015e40253d0c1c8e6c4cf9747913ca95c6bc387f9a648fb04097bc611",
"type": "query",
"version": 100
"version": 101
},
"98fd7407-0bd5-5817-cda0-3fcc33113a56": {
"min_stack_version": "8.3",
@@ -6733,9 +6733,9 @@
}
},
"rule_name": "AWS EC2 Snapshot Activity",
"sha256": "67ebbcbc9d7430381394cb2bf82988a1db57169ace220d10d9f8ead323c7bb84",
"sha256": "10e3ca8d573e44ad91cce09df1598249420c0a30e2853bc649329dbb0f460819",
"type": "query",
"version": 101
"version": 102
},
"990838aa-a953-4f3e-b3cb-6ddf7584de9e": {
"min_stack_version": "8.3",
@@ -6921,9 +6921,9 @@
"9cf7a0ae-2404-11ed-ae7d-f661ea17fbce": {
"min_stack_version": "8.3",
"rule_name": "Google Workspace User Group Access Modified to Allow External Access",
"sha256": "3605d9c5b34d2095f131e61cdeb7acafed8c40fafcb72268336d7a792608e0da",
"sha256": "172d2f04879c10e383d6f900e6bb2f9d49626e7a95d7f235e3183c36ab0e80ad",
"type": "query",
"version": 1
"version": 2
},
"9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae1": {
"rule_name": "Trusted Developer Application Usage",
@@ -7119,9 +7119,9 @@
}
},
"rule_name": "AWS Access Secret in Secrets Manager",
"sha256": "224fd69bd46ea7d3e11857b61bac0008649f29e6953f1000e3c51171f9878a85",
"sha256": "8e7c4969b3d2c116adb3fb616c87882c97515b919b1b9e1d1ff80fc52f95b77e",
"type": "query",
"version": 101
"version": 102
},
"a02cb68e-7c93-48d1-93b2-2c39023308eb": {
"min_stack_version": "8.3",
@@ -7142,9 +7142,9 @@
}
},
"rule_name": "GCP Pub/Sub Topic Creation",
"sha256": "ed779b2ab909845631b9060f9683929d4328e5d6adff9fbde0fd678e51558675",
"sha256": "6973822bda7a7ae138c5f65f145efe14c0a4c1bcf6f730567586454f158bd88d",
"type": "query",
"version": 100
"version": 101
},
"a13167f1-eec2-4015-9631-1fee60406dcf": {
"min_stack_version": "8.3",
@@ -7206,9 +7206,9 @@
}
},
"rule_name": "GCP Virtual Private Cloud Route Deletion",
"sha256": "e7fff6d6243de145ee5903dea17c42c8e6503e87b9de5941f5619da8e6e41b1c",
"sha256": "eb71b74468071bfd8d4f2dc0e3362ed1f387d348115ca17e441cf96cecf51ac0",
"type": "query",
"version": 100
"version": 101
},
"a1a0375f-22c2-48c0-81a4-7c2d11cc6856": {
"min_stack_version": "8.3",
@@ -7245,9 +7245,9 @@
"a2795334-2499-11ed-9e1a-f661ea17fbce": {
"min_stack_version": "8.3",
"rule_name": "Google Workspace Restrictions for Google Marketplace Modified to Allow Any App",
"sha256": "1dbe088396c7e8d884dd1a45df0faef44362f085ba0b108a137ca6b12a015fd2",
"sha256": "4c7b59991fca9e2bb874d73b26702beea98e72c40bda59d83f8a795d18fdbcf9",
"type": "query",
"version": 1
"version": 2
},
"a3ea12f3-0d4e-4667-8b44-4230c63f3c75": {
"min_stack_version": "8.3",
@@ -7306,9 +7306,9 @@
}
},
"rule_name": "AWS IAM Assume Role Policy Update",
"sha256": "391b6248787161ac0f1fef423f5d7258e91a763f1f500a49de6798044724354f",
"sha256": "b5b57526e2a7404d7757088dce163fd98f8ee1cd777d093cdab4e2e415bb3629",
"type": "query",
"version": 101
"version": 102
},
"a605c51a-73ad-406d-bf3a-f24cc41d5c97": {
"min_stack_version": "8.3",
@@ -7322,9 +7322,9 @@
}
},
"rule_name": "Azure Active Directory PowerShell Sign-in",
"sha256": "60f4bac3fe46489e6ab9ba2fcadf626760d22098c883a396a660eaa01ca3574b",
"sha256": "6d5eb363ba49b4f22a3d6b82e3e8eea02ef8d63778b70b61097b0c4652595025",
"type": "query",
"version": 101
"version": 102
},
"a624863f-a70d-417f-a7d2-7a404638d47f": {
"min_stack_version": "8.3",
@@ -7424,9 +7424,9 @@
}
},
"rule_name": "Microsoft 365 Exchange Safe Link Policy Disabled",
"sha256": "0fa1301934edafb9577c165beb4d2f30393a0fe81a044fda94de91e7c9eab302",
"sha256": "fca5d6db063f33419f452eb6aafee03ae9dd503fce594e4a95d73d86620c04ee",
"type": "query",
"version": 100
"version": 101
},
"a99f82f5-8e77-4f8b-b3ce-10c0f6afbc73": {
"min_stack_version": "8.3",
@@ -7447,9 +7447,9 @@
}
},
"rule_name": "Google Workspace Password Policy Modified",
"sha256": "15915846907d1997c423e70f43245b842918bc67bf24503e76a20897f6cdadf0",
"sha256": "b2daab0a2fb7c6a49d316684b16b34bc48a433eb4288b640b70d8f7155f44852",
"type": "query",
"version": 100
"version": 101
},
"a9b05c3b-b304-4bf9-970d-acdfaef2944c": {
"min_stack_version": "8.3",
@@ -7495,9 +7495,9 @@
}
},
"rule_name": "GCP IAM Custom Role Creation",
"sha256": "294bf4b8d61d9f3874898e9fef36d04a79dd0134a0b5480a4aa51c49613ffe49",
"sha256": "da0623509f7796f22ca62b96242ea504f076263186a5b77099f970be2ebd74b6",
"type": "query",
"version": 100
"version": 101
},
"aa895aea-b69c-4411-b110-8d7599634b30": {
"min_stack_version": "8.3",
@@ -7646,9 +7646,9 @@
}
},
"rule_name": "Google Workspace API Access Granted via Domain-Wide Delegation of Authority",
"sha256": "4c8958b19960c9a1e57732514e1f40504283902ba203aa4188bb92999137aea8",
"sha256": "17446570b779206b8cae475969306c45b64cbe3a2b933fac52f4a5525d6023b2",
"type": "query",
"version": 100
"version": 101
},
"acd611f3-2b93-47b3-a0a3-7723bcc46f6d": {
"min_stack_version": "8.3",
@@ -7739,9 +7739,9 @@
}
},
"rule_name": "Google Workspace Custom Admin Role Created",
"sha256": "512538be9948d8ee8a4d339c569d5fbdc37e0701050a67f4b26f08a6e36fdb63",
"sha256": "1994f125fb87d27a74be9c4dde9edc895032d5d6fa9897d86f19e87d15ba6b82",
"type": "query",
"version": 100
"version": 101
},
"ad84d445-b1ce-4377-82d9-7c633f28bf9a": {
"min_stack_version": "8.3",
@@ -7889,9 +7889,9 @@
}
},
"rule_name": "Microsoft 365 Unusual Volume of File Deletion",
"sha256": "af13512c9e80f6b0e0f68518c427f2f85b15391d25ecab9801a969c0dcc8988a",
"sha256": "f9ce2b376d71fa22fe26823243794720d947aafa6bba580615d431c8cce57a99",
"type": "query",
"version": 100
"version": 101
},
"b29ee2be-bf99-446c-ab1a-2dc0183394b8": {
"min_stack_version": "8.3",
@@ -7969,9 +7969,9 @@
}
},
"rule_name": "AWS STS GetSessionToken Abuse",
"sha256": "06b29e5ffac1476ee93e6bf42ca20f236d0db705ca158a59a35d234d824b4f03",
"sha256": "a3b7e08e0a1fcb01e4ba8e753901196723bb44511604dd026d0d644d349b08f5",
"type": "query",
"version": 100
"version": 101
},
"b4bb1440-0fcb-4ed1-87e5-b06d58efc5e9": {
"min_stack_version": "8.3",
@@ -7985,9 +7985,9 @@
}
},
"rule_name": "Attempt to Delete an Okta Policy",
"sha256": "edcf5e80215b2447d4f0112ee839c452f063b302f7f8226074947b172e2323f5",
"sha256": "e529946936f72fa7d42c8d61570a67b8e12512acf6459dfa6f5d52a6e88075e1",
"type": "query",
"version": 100
"version": 101
},
"b5877334-677f-4fb9-86d5-a9721274223b": {
"min_stack_version": "8.3",
@@ -8065,9 +8065,9 @@
}
},
"rule_name": "Azure Event Hub Authorization Rule Created or Updated",
"sha256": "04094094355895232041796a086d7abb0aa1ae7d5e22c101de47ae846055575c",
"sha256": "1af10c98e5fdc8c90fb1130c8fa5664bea45c2903aa7d2ff9cef02fbdac1d6e7",
"type": "query",
"version": 100
"version": 101
},
"b719a170-3bdb-4141-b0e3-13e3cf627bfe": {
"min_stack_version": "8.3",
@@ -8081,9 +8081,9 @@
}
},
"rule_name": "Attempt to Deactivate an Okta Policy",
"sha256": "ff4ea8914e56922c8a23773fda12c35216ec87250d9be3d3d4c720c9d3a51ed3",
"sha256": "300ef1cf29b48608ef4a16d56d027217689f6c7b50e0cbe93fa9affc2e384f53",
"type": "query",
"version": 100
"version": 101
},
"b8075894-0b62-46e5-977c-31275da34419": {
"min_stack_version": "8.3",
@@ -8097,9 +8097,9 @@
}
},
"rule_name": "Administrator Privileges Assigned to an Okta Group",
"sha256": "9bb3a9964ec4649701ded0b07c680d5e1eeb51c19f098c11d5924fcf4e72612c",
"sha256": "6f375a897c5b8d7a5a23e2b35ca57c0891a7c2058fbc9c5d9463c036a0a32039",
"type": "query",
"version": 100
"version": 101
},
"b83a7e96-2eb3-4edf-8346-427b6858d3bd": {
"min_stack_version": "8.3",
@@ -8257,9 +8257,9 @@
}
},
"rule_name": "Azure Resource Group Deletion",
"sha256": "94b90ae01599bc94e246813b4a812f598fcc7446ba02ac19c80c7180d8e9acbe",
"sha256": "3b25861f68b1100642f9a3ed68c945e918ce6d65b653ee7d065ec2ab7378a294",
"type": "query",
"version": 100
"version": 101
},
"bb9b13b2-1700-48a8-a750-b43b0a72ab69": {
"min_stack_version": "8.3",
@@ -8273,9 +8273,9 @@
}
},
"rule_name": "AWS EC2 Encryption Disabled",
"sha256": "205094be6c82e2874f4820a6e6e5c0316ee64f27181cc21b5e579ff7070e325a",
"sha256": "7cd457c3240ddfe26d5d4558b82fdeae39d887ca6d295f77ba3fa54ece53997b",
"type": "query",
"version": 100
"version": 101
},
"bba1b212-b85c-41c6-9b28-be0e5cdfc9b1": {
"min_stack_version": "8.3",
@@ -8289,9 +8289,9 @@
}
},
"rule_name": "OneDrive Malware File Upload",
"sha256": "7dadd14a66fd84409d24d959abfe601368897ba2639a12d15fb7ae75727de751",
"sha256": "271d10e5de2e8992afac079441588c01bb4fea4985be37207a4f63cd14de73f3",
"type": "query",
"version": 100
"version": 101
},
"bbd1a775-8267-41fa-9232-20e5582596ac": {
"min_stack_version": "8.3",
@@ -8305,9 +8305,9 @@
}
},
"rule_name": "Microsoft 365 Teams Custom Application Interaction Allowed",
"sha256": "0be4efbb6ae7b8d50f0cdb4977cde0d5a8bb349d00e13b1e5a79c9f3246fc72e",
"sha256": "93d1b13957ac532ad6ab4712072ffdbed8a3d3107e6aec621b72742431d1c5af",
"type": "query",
"version": 100
"version": 101
},
"bc0c6f0d-dab0-47a3-b135-0925f0a333bc": {
"min_stack_version": "8.3",
@@ -8321,9 +8321,9 @@
}
},
"rule_name": "AWS Root Login Without MFA",
"sha256": "ae97c16aa10ee48a4fe9003d1967c34935754844cce19d913aeb1cc538c0fc20",
"sha256": "940a45911a3b2b5b13e9c9b41b429d1c008def777b0186403f35a218bb9c16f2",
"type": "query",
"version": 101
"version": 102
},
"bc0f2d83-32b8-4ae2-b0e6-6a45772e9331": {
"min_stack_version": "8.3",
@@ -8337,9 +8337,9 @@
}
},
"rule_name": "GCP Storage Bucket Deletion",
"sha256": "93446b0f506e848825ea5e62113b964e8bdb512e73bfe0835a17d08053ee6582",
"sha256": "a026881049df47e46236c24763c0d0b70c2e7f81d0dfabc4f3f95c1867586572",
"type": "query",
"version": 100
"version": 101
},
"bc1eeacf-2972-434f-b782-3a532b100d67": {
"min_stack_version": "8.3",
@@ -8369,9 +8369,9 @@
}
},
"rule_name": "Azure Conditional Access Policy Modified",
"sha256": "bb567cd5db3fc59b967cc96e80182e5299a5d791f77e531f72d79b3c02a477f8",
"sha256": "7d464f589cef8e69158a8ecfcec8ad0e0eb6b9100e4e8a046bc9d7d8331e9e65",
"type": "query",
"version": 100
"version": 101
},
"bca7d28e-4a48-47b1-adb7-5074310e9a61": {
"min_stack_version": "8.3",
@@ -8385,9 +8385,9 @@
}
},
"rule_name": "GCP Service Account Disabled",
"sha256": "344e1bfa420757d88f390edabb32aef5abff288cc9d99b293bdcfa0016267a34",
"sha256": "792b95b26dd07af5573402da08b2cc0c0b9bd500bea0be9c89237fec48f5904f",
"type": "query",
"version": 100
"version": 101
},
"bd2c86a0-8b61-4457-ab38-96943984e889": {
"min_stack_version": "8.3",
@@ -8465,9 +8465,9 @@
}
},
"rule_name": "AWS RDS Snapshot Restored",
"sha256": "96e64f19d7922c69fb0c0dde9c25bdba6c32a2760f8d29c651a310cb1c8a7acf",
"sha256": "c70fa6812d5c09459120e55836e78e4d79aa13572a68b0e7b6c38a22b6266204",
"type": "query",
"version": 100
"version": 101
},
"bfeaf89b-a2a7-48a3-817f-e41829dc61ee": {
"min_stack_version": "8.3",
@@ -8545,9 +8545,9 @@
}
},
"rule_name": "AWS EC2 Full Network Packet Capture Detected",
"sha256": "1c8b9b64822df7751436f08db4f45efe622e20df94d6b8ebee251c2c88bd713f",
"sha256": "eee2c9e0684f2d256680539e87c7efea97488a912d88721c8e0223d8348b8eb1",
"type": "query",
"version": 100
"version": 101
},
"c25e9c87-95e1-4368-bfab-9fd34cf867ec": {
"min_stack_version": "8.3",
@@ -8721,9 +8721,9 @@
}
},
"rule_name": "GCP Virtual Private Cloud Network Deletion",
"sha256": "7a972f51501b28f2921345f60267ef6856109de6b98cc9bdd0fcb8e27e44d021",
"sha256": "aa4803b001bcee2d8402978d64d08d524e6feab40959002f098b8af22d80b979",
"type": "query",
"version": 100
"version": 101
},
"c5c9f591-d111-4cf8-baec-c26a39bc31ef": {
"min_stack_version": "8.3",
@@ -8785,9 +8785,9 @@
}
},
"rule_name": "CyberArk Privileged Access Security Recommended Monitor",
"sha256": "1ee3e28fb47b89be84bd890417f1d0f1b24cff664df7064d72ab91a8142cda07",
"sha256": "f059a8f7ede213e8a714e9da098089e0348d0911cdcfe111f57eb42c02d8ef07",
"type": "query",
"version": 100
"version": 101
},
"c6453e73-90eb-4fe7-a98c-cde7bbfc504a": {
"min_stack_version": "8.3",
@@ -8823,9 +8823,9 @@
}
},
"rule_name": "Attempt to Delete an Okta Network Zone",
"sha256": "f2218dbd58d500ba58b0845e860e823940b702e3d10370caee0def86e1d20018",
"sha256": "265a1e94f2acf57c93587850a7f20003ede2ef0d082f278d593d2ecba108c99b",
"type": "query",
"version": 100
"version": 101
},
"c74fd275-ab2c-4d49-8890-e2943fa65c09": {
"min_stack_version": "8.3",
@@ -8839,9 +8839,9 @@
}
},
"rule_name": "Attempt to Modify an Okta Application",
"sha256": "133f87faebe15890cf4697181eb3ff38eabbab663d367540b89039f1992489aa",
"sha256": "a9a92aef56cb434f718d6d750452f4d66b7ec61a56fda772da9d216ff74df177",
"type": "query",
"version": 100
"version": 101
},
"c7894234-7814-44c2-92a9-f7d851ea246a": {
"min_stack_version": "8.3",
@@ -9053,9 +9053,9 @@
}
},
"rule_name": "Microsoft 365 Exchange Malware Filter Rule Modification",
"sha256": "3ff02ff308fe785c128e067929b76a589d41177cafaff1dd3a0a7f318ebcb793",
"sha256": "d3608aa64d0dd96d0b1a38306836f9ff19f6ed3b68cb7d959eb18eb762fd5149",
"type": "query",
"version": 100
"version": 101
},
"cab4f01c-793f-4a54-a03e-e5d85b96d7af": {
"rule_name": "Auditd Login from Forbidden Location",
@@ -9098,9 +9098,9 @@
}
},
"rule_name": "Google Workspace MFA Enforcement Disabled",
"sha256": "4c6ea3adddccd015216fef41023adb9d7745d2d4155984d929c2556e111b52a0",
"sha256": "05fd75dac5209f44aeb77e65b0b73b52449dd5da76d606e36520fe03365021f7",
"type": "query",
"version": 101
"version": 102
},
"cb71aa62-55c8-42f0-b0dd-afb0bb0b1f51": {
"min_stack_version": "8.3",
@@ -9143,9 +9143,9 @@
"cc6a8a20-2df2-11ed-8378-f661ea17fbce": {
"min_stack_version": "8.3",
"rule_name": "Google Workspace User Organizational Unit Changed",
"sha256": "5c88091d0be8219dace6e31de5418a79dffcf18d3bdc73a1c1006b8e882d43b5",
"sha256": "3518355a90ee6354be595124e70b25d82c59ea2fbdd8bbbcc0d0e2a62512acdb",
"type": "query",
"version": 1
"version": 2
},
"cc89312d-6f47-48e4-a87c-4977bd4633c3": {
"min_stack_version": "8.3",
@@ -9159,9 +9159,9 @@
}
},
"rule_name": "GCP Pub/Sub Subscription Deletion",
"sha256": "c31392904afea3d493c1aaed8fbb19bd0365011c9b16ff72f04f359ad770c763",
"sha256": "98f7bcc1acadcab0ac4d987de027955a2adb2c973f540f044c7c031e6b412813",
"type": "query",
"version": 100
"version": 101
},
"cc92c835-da92-45c9-9f29-b4992ad621a0": {
"min_stack_version": "8.3",
@@ -9175,9 +9175,9 @@
}
},
"rule_name": "Attempt to Deactivate an Okta Policy Rule",
"sha256": "d7cde97c8d9a661b5b7a290af52757e631313dbcf59b0c83a65e015074d089c0",
"sha256": "5d999367838b2c6c6c851f6638262dfdd1ae807364a2836b89f2670ff192397d",
"type": "query",
"version": 100
"version": 101
},
"ccc55af4-9882-4c67-87b4-449a7ae8079c": {
"min_stack_version": "8.3",
@@ -9207,9 +9207,9 @@
}
},
"rule_name": "Modification or Removal of an Okta Application Sign-On Policy",
"sha256": "a426f223e9e1dd9112d3cd717f84671ff7d63875d60d5dce16ebdc3568a04aa3",
"sha256": "000c3451ea82378a6246a9f6f0ba19547411b2cd485bd18f88c57a51f1914ac4",
"type": "query",
"version": 100
"version": 101
},
"cd4d5754-07e1-41d4-b9a5-ef4ea6a0a126": {
"rule_name": "Socat Process Activity",
@@ -9261,9 +9261,9 @@
}
},
"rule_name": "Attempt to Deactivate MFA for an Okta User Account",
"sha256": "1bcabbb99bc40c24f88f8514ba0d56999857fa558bc42918f7a26088cba56a08",
"sha256": "fee48d682975fbd154aa3d57b38b63d2f5b6ad9ffe5facb8a01ec97467fc61e5",
"type": "query",
"version": 100
"version": 101
},
"cdbebdc1-dc97-43c6-a538-f26a20c0a911": {
"min_stack_version": "8.3",
@@ -9277,9 +9277,9 @@
}
},
"rule_name": "Okta User Session Impersonation",
"sha256": "d74bce14eca816f10062503c436a8f5ab108761b5554f8c7439644ca4088eee8",
"sha256": "ca6216971f6482493b9d7ed49dc36a984892a3a066c4667255763427bcde1c4c",
"type": "query",
"version": 100
"version": 101
},
"ce64d965-6cb0-466d-b74f-8d2c76f47f05": {
"min_stack_version": "8.3",
@@ -9332,9 +9332,9 @@
}
},
"rule_name": "Domain Added to Google Workspace Trusted Domains",
"sha256": "01c48dc0838a6a2c291d22a40540e1bd4b156aa8b707b0e1eceb1ed6c66e31c3",
"sha256": "2422828361db58c9cb60d2f0b2d137390daca7d29b102789915ec3e3aa883430",
"type": "query",
"version": 100
"version": 101
},
"cff92c41-2225-4763-b4ce-6f71e5bda5e6": {
"min_stack_version": "8.3",
@@ -9473,9 +9473,9 @@
}
},
"rule_name": "Attempt to Delete an Okta Application",
"sha256": "5775f8988ecf8ce2b7d4d780a1a2c5fd46e2b253c21143d53d918ed3ed0b1ea8",
"sha256": "0282c021304f537f3b7f79410e3cb51189f8fd9ac73d9170c8cad2ef25179626",
"type": "query",
"version": 100
"version": 101
},
"d49cc73f-7a16-4def-89ce-9fc7127d7820": {
"min_stack_version": "8.3",
@@ -9553,9 +9553,9 @@
}
},
"rule_name": "Attempt to Delete an Okta Policy Rule",
"sha256": "f46efadc5223126d7d2b269800e56bd1bfe7414df41232e503770f4d7f394e5a",
"sha256": "2eceff2f08e547b98b4a4fd273ebc5ff1002b5ea012653e10cafb5400c0d0750",
"type": "query",
"version": 100
"version": 101
},
"d61cbcf8-1bc1-4cff-85ba-e7b21c5beedc": {
"min_stack_version": "8.3",
@@ -9585,9 +9585,9 @@
}
},
"rule_name": "AWS CloudWatch Log Stream Deletion",
"sha256": "8b6f1ad4f0aeb7cde5409bde164e14b36b7b13265435612370410309afac2c13",
"sha256": "c8974712024f97ac7f5da1ae93f1c55d8aacd77df8244aaf05968503a0bbab27",
"type": "query",
"version": 101
"version": 102
},
"d62b64a8-a7c9-43e5-aee3-15a725a794e7": {
"min_stack_version": "8.3",
@@ -9601,9 +9601,9 @@
}
},
"rule_name": "GCP Pub/Sub Subscription Creation",
"sha256": "e4952632295f7786983b529846c2a56aa18d946bdfe8c592ec3c1253600b8b1d",
"sha256": "82b6769fa6453b254624c5e78eb7879b4a85c11d5e645d3d59e93b2ed496617e",
"type": "query",
"version": 100
"version": 101
},
"d6450d4e-81c6-46a3-bd94-079886318ed5": {
"rule_name": "Strace Process Activity",
@@ -9623,9 +9623,9 @@
}
},
"rule_name": "Microsoft 365 Exchange Anti-Phish Policy Deletion",
"sha256": "a50d37bbe9b43e7724a7eb24505e7aa03927a2ec67370f69ca28127d662d68fc",
"sha256": "dbf20a1e2bc0d4cdedbccc5865bddda69aca58f70f18ee6ac68eeabd3379e3fd",
"type": "query",
"version": 100
"version": 101
},
"d703a5af-d5b0-43bd-8ddb-7a5d500b7da5": {
"min_stack_version": "8.3",
@@ -9671,9 +9671,9 @@
}
},
"rule_name": "Microsoft 365 Exchange Malware Filter Policy Deletion",
"sha256": "f57519c1aa31055750c5639076d19820fd5ac67f477ad74655a84276f0c2ff6d",
"sha256": "f03f35ec4391254bd5a95e3213e02d739334563e9a20bd8f98055f0bd56f984f",
"type": "query",
"version": 100
"version": 101
},
"d75991f2-b989-419d-b797-ac1e54ec2d61": {
"min_stack_version": "8.3",
@@ -9726,9 +9726,9 @@
}
},
"rule_name": "Azure Blob Permissions Modification",
"sha256": "93f9f5b59ff0b2dda8d48b18b5d29f3434d7d8c95026e6d3029877c99182109c",
"sha256": "e0d97c1b1c32137b6a20954682acc691d3e3b8865b7232a8796d2220df76c2d9",
"type": "query",
"version": 100
"version": 101
},
"d7d5c059-c19a-4a96-8ae3-41496ef3bcf9": {
"min_stack_version": "8.3",
@@ -9774,9 +9774,9 @@
}
},
"rule_name": "AWS IAM Deactivation of MFA Device",
"sha256": "f7167839f8278786db6a2fee0112a03481d54df9f6f705ed9ba17e213a773842",
"sha256": "bf26336bfd7923642699c1afeef4e3883c311418a401723897117581fe882e16",
"type": "query",
"version": 101
"version": 102
},
"d99a037b-c8e2-47a5-97b9-170d076827c4": {
"min_stack_version": "8.3",
@@ -9812,9 +9812,9 @@
}
},
"rule_name": "Multi-Factor Authentication Disabled for an Azure User",
"sha256": "36086e35de121c47de4592fa3c4e7265ca731b3d1c4d5b117eb63c3d8d84afbe",
"sha256": "a9ea3b79a78beefb62ab8a2e7c3c743a0c2c2060c565d603d0988b78b74fa249",
"type": "query",
"version": 101
"version": 102
},
"db8c33a8-03cd-4988-9e2c-d0a4863adb13": {
"min_stack_version": "8.3",
@@ -9946,9 +9946,9 @@
}
},
"rule_name": "Azure Automation Account Created",
"sha256": "b6e3b2811b688e3537fac8a996aee5ea20ea6ac92c3d0c09282606659b5d43d6",
"sha256": "926e09c01d9a28535ee45c6b2e542a020fff0bc9b9b3876217cca6ac5d084ce3",
"type": "query",
"version": 100
"version": 101
},
"df6f62d9-caab-4b88-affa-044f4395a1e0": {
"min_stack_version": "8.3",
@@ -10000,9 +10000,9 @@
}
},
"rule_name": "Azure Firewall Policy Deletion",
"sha256": "cec609b5bd2ed5b821240b2725a14f9f43703ed66c1eb444a3a3eeb917f845bd",
"sha256": "601b09f07040a7a4aae2b737306da9624a2ac0a71eabee5f238ce4bd2a827679",
"type": "query",
"version": 100
"version": 101
},
"e052c845-48d0-4f46-8a13-7d0aba05df82": {
"min_stack_version": "8.3",
@@ -10032,9 +10032,9 @@
}
},
"rule_name": "Attempts to Brute Force an Okta User Account",
"sha256": "292a18aa33370f4a3def19295acca57a4ca7740abbadcf44671a34b77f78c7ab",
"sha256": "8dc167f9c34553aac49e9c99d5f221c55b7fc4214f922437fcb90476a82719f4",
"type": "threshold",
"version": 100
"version": 101
},
"e0dacebe-4311-4d50-9387-b17e89c2e7fd": {
"min_stack_version": "7.16",
@@ -10064,9 +10064,9 @@
}
},
"rule_name": "Azure Event Hub Deletion",
"sha256": "fcaa244c4b85d912fc2186203edf3c756e86fe0f326986965d47b64b049e9a53",
"sha256": "dd78a77f8220a57fac6347ca0f4ada237ce03b1bea7e8f46129e55b0cb9dc04f",
"type": "query",
"version": 100
"version": 101
},
"e12c0318-99b1-44f2-830c-3a38a43207ca": {
"min_stack_version": "8.3",
@@ -10080,9 +10080,9 @@
}
},
"rule_name": "AWS Route Table Created",
"sha256": "91f22a4cab37c8825bcd6d20d125eb71c27ea27151cbc76e1b597d889a832b7d",
"sha256": "e4d2ee157705e436b92c63f5f18e3fd0df6c0dc7b3d7924b35572f3231d54b0f",
"type": "query",
"version": 100
"version": 101
},
"e14c5fd7-fdd7-49c2-9e5b-ec49d817bc8d": {
"min_stack_version": "8.3",
@@ -10096,9 +10096,9 @@
}
},
"rule_name": "AWS RDS Cluster Creation",
"sha256": "9d940646c93297f6f313fd20534a4ae320b2a9ff5921954ff8c1f05ef597333c",
"sha256": "19e68c72224ffbd5ec27a7e9eb60ec744c5074b38262ecb6ad00c2fdda82d2e6",
"type": "query",
"version": 100
"version": 101
},
"e19e64ee-130e-4c07-961f-8a339f0b8362": {
"min_stack_version": "8.3",
@@ -10160,9 +10160,9 @@
}
},
"rule_name": "AWS Management Console Root Login",
"sha256": "cc28748f395bbdc3f948a148609c3b576a04d876907757313a706f4dff387f92",
"sha256": "9df7d5838d0c4e559ca85a90db69833ac5d9cbebbdc5307b1c041066e02503d3",
"type": "query",
"version": 101
"version": 102
},
"e2f9fdf5-8076-45ad-9427-41e0e03dc9c2": {
"min_stack_version": "8.3",
@@ -10192,9 +10192,9 @@
}
},
"rule_name": "GCP IAM Role Deletion",
"sha256": "596582abda1952e5ff855671798f64d01d0fe5088e7bf77e43841f20bf51117c",
"sha256": "a261c12a2575b204a26239d99fdedd6621ebd1e74766d317d83e32e4f4d880b6",
"type": "query",
"version": 100
"version": 101
},
"e3343ab9-4245-4715-b344-e11c56b0a47f": {
"min_stack_version": "8.3",
@@ -10224,9 +10224,9 @@
}
},
"rule_name": "AWS Route53 private hosted zone associated with a VPC",
"sha256": "1987a386d6d4a8d7181dddd2f93a6ae937be94af71202370a5b903ea82e740ce",
"sha256": "cb12140c90dccd0a4c2824849be30730cffea3848e2d02fa0edfa31fbc9e7c4f",
"type": "query",
"version": 100
"version": 101
},
"e3c5d5cb-41d5-4206-805c-f30561eae3ac": {
"min_stack_version": "8.3",
@@ -10288,9 +10288,9 @@
}
},
"rule_name": "Attempt to Modify an Okta Network Zone",
"sha256": "d8c50abeef3ea56327bef49926aade2c4cb9c4aac52de171ae494e75edd63816",
"sha256": "602a542c8e9959c09c63a8848909e01c8998f2bd603dce697bcad5cf54a8ee41",
"type": "query",
"version": 100
"version": 101
},
"e4e31051-ee01-4307-a6ee-b21b186958f4": {
"min_stack_version": "8.3",
@@ -10343,9 +10343,9 @@
}
},
"rule_name": "MFA Disabled for Google Workspace Organization",
"sha256": "bce03d2540705763734e0aa3aa9e1d29b2311abdce4691366dd58b6d44721a11",
"sha256": "7f4d5eb6734f8c3c60ded7d24a7a3339afd5255c9fd1bf01acfe5972e671f89b",
"type": "query",
"version": 100
"version": 101
},
"e56993d2-759c-4120-984c-9ec9bb940fd5": {
"rule_name": "RDP (Remote Desktop Protocol) to the Internet",
@@ -10397,9 +10397,9 @@
}
},
"rule_name": "Possible Okta DoS Attack",
"sha256": "53c7b993a4b9e4da58773e04d3a9cbb6f33e3b2975c5a88f14c63cc0ea6d1954",
"sha256": "3f076094b7534befc4760d78bea1055a65093435dc039640983afca7242cd674",
"type": "query",
"version": 100
"version": 101
},
"e6e8912f-283f-4d0d-8442-e0dcaf49944b": {
"min_stack_version": "8.3",
@@ -10461,9 +10461,9 @@
}
},
"rule_name": "AWS Route Table Modified or Deleted",
"sha256": "578a5b981a102054ded368e528ee57d95054d91b0072fbcc421641ff6240aa78",
"sha256": "67ea9be0dd5285b162d6349ba7b752221e964b4840555ee6ee3136de789eea4e",
"type": "query",
"version": 100
"version": 101
},
"e8571d5f-bea1-46c2-9f56-998de2d3ed95": {
"min_stack_version": "8.3",
@@ -10509,9 +10509,9 @@
}
},
"rule_name": "High Number of Okta User Password Reset or Unlock Attempts",
"sha256": "fb61c309a0e0f56c96d87b5b2512051b11481a86ee0ea795f757829a50a88a9a",
"sha256": "5299c6e6ef8986d22caff9b0986512d01639fed9249c8fbc90c20ae3e980ac44",
"type": "threshold",
"version": 100
"version": 101
},
"e919611d-6b6f-493b-8314-7ed6ac2e413b": {
"min_stack_version": "8.3",
@@ -10525,9 +10525,9 @@
}
},
"rule_name": "AWS EC2 VM Export Failure",
"sha256": "2c4145f775a63a163c0ab4ba0f428cb98d0671fb1dde6829f9c2b507f433a96a",
"sha256": "1c55611b85f48a6b1fe78fbc7a0924ff4ecb5d3ff1c72dea07fe2188f9ffb39b",
"type": "query",
"version": 100
"version": 101
},
"e94262f2-c1e9-4d3f-a907-aeab16712e1a": {
"min_stack_version": "8.3",
@@ -10579,9 +10579,9 @@
}
},
"rule_name": "Azure Automation Webhook Created",
"sha256": "e5b59d184ef3e24f596458f15e28ad91ef1dbafd5dd5dd70da6cda067330f236",
"sha256": "f4753972bd7ed04f9ed23aaee4f55562c9579bc04e5068ab0ac000dce3afd4d6",
"type": "query",
"version": 100
"version": 101
},
"ea0784f0-a4d7-4fea-ae86-4baaf27a6f17": {
"rule_name": "SSH (Secure Shell) from the Internet",
@@ -10601,9 +10601,9 @@
}
},
"rule_name": "AWS IAM Brute Force of Assume Role Policy",
"sha256": "03c7727b862b2307279c537a9a666c0dd155084645118943f85af92a1c6d5d22",
"sha256": "b286d4dfcdc26c17c56d83d6370caac04c33f1cdec24e753ddce5eac2b43996b",
"type": "threshold",
"version": 101
"version": 102
},
"eaa77d63-9679-4ce3-be25-3ba8b795e5fa": {
"min_stack_version": "8.3",
@@ -10745,9 +10745,9 @@
}
},
"rule_name": "Microsoft 365 Inbox Forwarding Rule Created",
"sha256": "84f6898ed88bde6a64ddb452f651145baeb6c7bada93820ecd01c8d1028f8bab",
"sha256": "4d681383a39e51c0ebda801678fc42df905b3b46c407443db81029f0cf7e60c3",
"type": "query",
"version": 100
"version": 101
},
"ecf2b32c-e221-4bd4-aa3b-c7d59b3bc01d": {
"min_stack_version": "8.3",
@@ -10761,9 +10761,9 @@
}
},
"rule_name": "AWS RDS Instance/Cluster Stoppage",
"sha256": "16f3aa6331c7ab9a27ff61ac841ed9388c880da58d0a9f05015dda9354c2f6f5",
"sha256": "995b22ac9fadbcea67c7e92f61e00859c3b5f691c1429641ec9da77a43020dfd",
"type": "query",
"version": 100
"version": 101
},
"ed9ecd27-e3e6-4fd9-8586-7754803f7fc8": {
"min_stack_version": "8.3",
@@ -10777,9 +10777,9 @@
}
},
"rule_name": "Azure Global Administrator Role Addition to PIM User",
"sha256": "2bcddb0c020341ebfe3dcf8d5f57f929f17ae536598101452d7d9b1419e6176f",
"sha256": "949a29e953474fdd157968152b5f042ae8ae183a290987734bb6da5531768708",
"type": "query",
"version": 100
"version": 101
},
"eda499b8-a073-4e35-9733-22ec71f57f3a": {
"min_stack_version": "8.3",
@@ -10809,9 +10809,9 @@
}
},
"rule_name": "Attempt to Deactivate an Okta Application",
"sha256": "1d7183696bff8175c0bf7984bac44c90267b9aaf49765a7b877b14bafd1d562f",
"sha256": "840d13b54f7cb11a9f7a9b1051045be50c63876aa56316af95d6c9ac6a2ca649",
"type": "query",
"version": 100
"version": 101
},
"edf8ee23-5ea7-4123-ba19-56b41e424ae3": {
"min_stack_version": "8.3",
@@ -10950,9 +10950,9 @@
}
},
"rule_name": "Administrator Role Assigned to an Okta User",
"sha256": "01e9c35d451ee51ce6555cb2e69118ea0af2b526abe9523361d4adedc8eacb23",
"sha256": "0e2011ae1168527217c41532a9809aca51fe9d23b35546e80a05feee4cb00f20",
"type": "query",
"version": 100
"version": 101
},
"f0b48bbc-549e-4bcf-8ee0-a7a72586c6a7": {
"min_stack_version": "8.3",
@@ -10982,9 +10982,9 @@
}
},
"rule_name": "Azure Alert Suppression Rule Created or Modified",
"sha256": "2183384bcc6041752cf41516ee30721db4d87c33c6cc490a4e40f725792feeff",
"sha256": "1aac937a034e9aa7d16663a9672358b86762197d05247fbf54a3ed273dc682b3",
"type": "query",
"version": 100
"version": 101
},
"f0eb70e9-71e9-40cd-813f-bf8e8c812cb1": {
"min_stack_version": "8.3",
@@ -11085,9 +11085,9 @@
}
},
"rule_name": "AWS RDS Instance Creation",
"sha256": "2df8ac1aaabae7c8c3f0efc22b7851cb24e160195b8a7f7757705c1328737d76",
"sha256": "33ac9a2e003f3ae8f4c6ec126a70fa22a0aedd817546b32ea0e75ea525224168",
"type": "query",
"version": 100
"version": 101
},
"f3475224-b179-4f78-8877-c2bd64c26b88": {
"min_stack_version": "8.3",
@@ -11235,9 +11235,9 @@
}
},
"rule_name": "Azure Service Principal Credentials Added",
"sha256": "60abce2112c71ffdd5cc301d683fe30d4f3ef9462959641be4987634ac452474",
"sha256": "5ce0477a42d9ef224de6a9ce9e33d0348397e764da6da42221c86966aa7e0ab4",
"type": "query",
"version": 100
"version": 101
},
"f772ec8a-e182-483c-91d2-72058f76a44c": {
"min_stack_version": "8.3",
@@ -11251,9 +11251,9 @@
}
},
"rule_name": "AWS CloudWatch Alarm Deletion",
"sha256": "cae5928d19c3ded04dbcbbd3cc24e608df03c569a3706b025aff68ad72bf9480",
"sha256": "9cdd636f05cb4a050455706f0fcecbbda409b1ba3899ef4ef6baae77a96512bd",
"type": "query",
"version": 101
"version": 102
},
"f7c4dc5a-a58d-491d-9f14-9b66507121c0": {
"min_stack_version": "8.3",
@@ -11354,9 +11354,9 @@
}
},
"rule_name": "Suspicious Activity Reported by Okta User",
"sha256": "63bf340350b8b593d28ec081ac9cda0e246500e5115d6613d57001bbfef4a3e9",
"sha256": "f764fb4f4b6247567b46c2d8518615e943ad68fc8a4a3700b508ed1eee602c32",
"type": "query",
"version": 100
"version": 101
},
"fa01341d-6662-426b-9d0c-6d81e33c8a9d": {
"min_stack_version": "8.3",
@@ -11408,9 +11408,9 @@
}
},
"rule_name": "AWS Configuration Recorder Stopped",
"sha256": "fcbbf3876a8263b501994582b3e99b2ddf5a90b3d71dc2b2dbf4a90b4ef5f3d0",
"sha256": "e79304750f220b67d89c08be6ce16930f98a32ab89a07fc60751023170a17e4b",
"type": "query",
"version": 100
"version": 101
},
"fc7c0fa4-8f03-4b3e-8336-c5feab0be022": {
"min_stack_version": "8.3",
@@ -11556,9 +11556,9 @@
}
},
"rule_name": "Microsoft 365 Exchange Transport Rule Creation",
"sha256": "4f9627d3b6b169fbfa945c83748ecb0c9a8e9b3b4ebcbcc162dcc625c469e507",
"sha256": "b2a97a4e796fd889d8a2767c60e251b137c8dd7025a5caf5a1099c25fc09e8c2",
"type": "query",
"version": 100
"version": 101
},
"ff9b571e-61d6-4f6c-9561-eb4cca3bafe1": {
"min_stack_version": "8.3",
@@ -11572,8 +11572,8 @@
}
},
"rule_name": "GCP Firewall Rule Deletion",
"sha256": "03a38acfa70739c8c1ab7c0f205e4f0806de8072b4475c2be8b96f1ac65b2b5d",
"sha256": "c5df9d509835d64ca44b34326499be978473ccd56aae84026f6b7d1acb3e3edd",
"type": "query",
"version": 100
"version": 101
}
}