From 8d34416049d52eb45c57f68c78e6020e46ada2f7 Mon Sep 17 00:00:00 2001
From: Samirbous <64742097+Samirbous@users.noreply.github.com>
Date: Mon, 1 Aug 2022 18:28:26 +0200
Subject: [PATCH] =?UTF-8?q?[Deprecated=20Rule]=20Potential=20Privilege=20E?=
 =?UTF-8?q?scalation=20via=20Local=20Kerberos=20R=E2=80=A6=20(#2209)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* [Deprecated Rule] Potential Privilege Escalation via Local Kerberos Relay over LDAP

FPs in certain cases with no room for tuning.

* Update privilege_escalation_krbrelayup_suspicious_logon.toml

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
---
 .../privilege_escalation_krbrelayup_suspicious_logon.toml    | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
 rename rules/{windows => _deprecated}/privilege_escalation_krbrelayup_suspicious_logon.toml (96%)

diff --git a/rules/windows/privilege_escalation_krbrelayup_suspicious_logon.toml b/rules/_deprecated/privilege_escalation_krbrelayup_suspicious_logon.toml
similarity index 96%
rename from rules/windows/privilege_escalation_krbrelayup_suspicious_logon.toml
rename to rules/_deprecated/privilege_escalation_krbrelayup_suspicious_logon.toml
index 7c1738470..8301e787f 100644
--- a/rules/windows/privilege_escalation_krbrelayup_suspicious_logon.toml
+++ b/rules/_deprecated/privilege_escalation_krbrelayup_suspicious_logon.toml
@@ -1,7 +1,8 @@
 [metadata]
 creation_date = "2022/04/26"
-maturity = "production"
-updated_date = "2022/04/26"
+deprecation_date = "2022/08/01"
+maturity = "deprecated"
+updated_date = "2022/08/01"
 
 [rule]
 author = ["Elastic"]