security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11,8.12,8.13 (#3491)

Browse Source 
(cherry picked from commit bf3932f384)
This commit is contained in:
github-actions[bot]
2024-03-06 23:10:02 +05:30
parent 8cd057dc58
commit 98cfc81c4a
1 changed files with 101 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files
detection_rules/etc/version.lock.json
+101 -101
View File
@@ -39,9 +39,9 @@
"0136b315-b566-482f-866c-1d8e2477ba16": {
"min_stack_version": "8.3",
"rule_name": "Microsoft 365 User Restricted from Sending Email",
"sha256": "3801a06e2eb380734652847208adb12ceb5e1bb394da148a047b8a25afe3bc17",
"sha256": "35df6afe89ac91c72e0499d991574f17f0b1d4567e874f7e65976b6828bfac4f",
"type": "query",
"version": 102
"version": 103
},
"015cca13-8832-49ac-a01b-a396114809f6": {
"min_stack_version": "8.9",
@@ -120,9 +120,9 @@
"03024bd9-d23f-4ec1-8674-3cf1a21e130b": {
"min_stack_version": "8.3",
"rule_name": "Microsoft 365 Exchange Safe Attachment Rule Disabled",
"sha256": "f0f075e54cb17ce304f0d93b12277a29c7b1454d8bec5c05615e31fc6ebee725",
"sha256": "74d0cdf9039c5f529d26a7d3c4c076e387ed8e163e3ae7e021feb78bbd355573",
"type": "query",
"version": 102
"version": 103
},
"035889c4-2686-4583-a7df-67f89c292f2c": {
"min_stack_version": "8.3",
@@ -190,9 +190,9 @@
"054db96b-fd34-43b3-9af2-587b3bd33964": {
"min_stack_version": "8.6",
"rule_name": "Potential Persistence Through Systemd-udevd",
"sha256": "db11dd77c2e7a28b415f709d5c6a4c2f50d6639fac4480ca35e0ccdddd837c96",
"sha256": "f62fb7313ec0d7a280a370adae0caf8ba65410a71d6574ade7ab588a95963763",
"type": "new_terms",
"version": 2
"version": 3
},
"0564fb9d-90b9-4234-a411-82a546dc1343": {
"min_stack_version": "8.3",
@@ -211,9 +211,9 @@
"05cad2fb-200c-407f-b472-02ea8c9e5e4a": {
"min_stack_version": "8.3",
"rule_name": "Tainted Kernel Module Load",
"sha256": "096c4047e2d5c332df1556e653b387ff45bc20f504f8a4b0a6b48151a55674ed",
"sha256": "f667ec2eb15d89e90cf9ae3a10a6976e2b6d29d27d4638c580872961d8ceacf8",
"type": "query",
"version": 2
"version": 3
},
"05e5a668-7b51-4a67-93ab-e9af405c9ef3": {
"min_stack_version": "8.3",
@@ -465,9 +465,9 @@
"0ce6487d-8069-4888-9ddd-61b52490cebc": {
"min_stack_version": "8.3",
"rule_name": "O365 Exchange Suspicious Mailbox Right Delegation",
"sha256": "2dfc5642c7eff9f946739bbe4289e5bd8fe6f4374a492ed1fc5215e7b6e721ff",
"sha256": "68fc02b03cbb322ff078a6a531807bf5fe21ae93726dad1ea16c11ed71d4c746",
"type": "query",
"version": 102
"version": 103
},
"0d160033-fab7-4e72-85a3-3a9d80c8bff7": {
"min_stack_version": "8.3",
@@ -500,9 +500,9 @@
"0e52157a-8e96-4a95-a6e3-5faae5081a74": {
"min_stack_version": "8.3",
"rule_name": "SharePoint Malware File Upload",
"sha256": "e32858e7a0449a506cfe595eabf2e1e82954cf683de287c05d0bf7295253c579",
"sha256": "815889da8ead699edd9b19124c697cd9038a641d065cf2dbfef062e81dfb5393",
"type": "query",
"version": 102
"version": 103
},
"0e5acaae-6a64-4bbc-adb8-27649c03f7e1": {
"min_stack_version": "8.3",
@@ -1091,9 +1091,9 @@
"1c6a8c7a-5cb6-4a82-ba27-d5a5b8a40a38": {
"min_stack_version": "8.3",
"rule_name": "Possible Consent Grant Attack via Azure-Registered Application",
"sha256": "bf4b6f557cbd3c0c009d3f0aa39401b563a920b2ed64f0d20ef86c9a95fc5e45",
"sha256": "483537ca1f0a318f54568c093b78b5eca0658c9ceb0ab3daeed48949bb0e18c7",
"type": "query",
"version": 106
"version": 107
},
"1c84dd64-7e6c-4bad-ac73-a5014ee37042": {
"min_stack_version": "8.3",
@@ -1481,9 +1481,9 @@
"26f68dba-ce29-497b-8e13-b4fde1db5a2d": {
"min_stack_version": "8.3",
"rule_name": "Attempts to Brute Force a Microsoft 365 User Account",
"sha256": "ab30e15051fb603800f933ba9b3f6539ac75a662fd2dfcbe66c8f7121c7608a9",
"sha256": "a8e968ab16236593316417aca2763610f442cfa6d00fe3c5a4a453085fc7f633",
"type": "threshold",
"version": 103
"version": 104
},
"27071ea3-e806-4697-8abc-e22c92aa4293": {
"min_stack_version": "8.3",
@@ -1495,16 +1495,16 @@
"2724808c-ba5d-48b2-86d2-0002103df753": {
"min_stack_version": "8.3",
"rule_name": "Attempt to Clear Kernel Ring Buffer",
"sha256": "ab06e0853ec7a2402c68a2aa0ced95e3fcaca432ce6fbd3fa620af718b998b19",
"sha256": "effa27b5c3262001b53cad02b8704357c550fc2a33d2186bd1412e8b631859ff",
"type": "eql",
"version": 2
"version": 3
},
"272a6484-2663-46db-a532-ef734bf9a796": {
"min_stack_version": "8.3",
"rule_name": "Microsoft 365 Exchange Transport Rule Modification",
"sha256": "fbfde864c7e1f31e7fcfef374c9517e890a58223969f83a4c15fee6afb623353",
"sha256": "4901f8288ffd58d58227242aedd0caaab898038617870ffef05e9c235a9a082e",
"type": "query",
"version": 102
"version": 103
},
"2772264c-6fb9-4d9d-9014-b416eed21254": {
"min_stack_version": "8.3",
@@ -1523,16 +1523,16 @@
"27f7c15a-91f8-4c3d-8b9e-1f99cc030a51": {
"min_stack_version": "8.3",
"rule_name": "Microsoft 365 Teams External Access Enabled",
"sha256": "94685626f0a0ed06951084baeb71eae9ec250c07e2ccd46be608e1f1321d5726",
"sha256": "0cb5f4c7faf103570f876bb43508577a2927c58a22ed1b35c609f2d195630f56",
"type": "query",
"version": 102
"version": 103
},
"2820c9c2-bcd7-4d6e-9eba-faf3891ba450": {
"min_stack_version": "8.3",
"rule_name": "Account Password Reset Remotely",
"sha256": "a3ad12d5f9099c09f319bd8673a640d823bd711b02d7db6ac84e83966963cfc2",
"sha256": "bd56a7406f9eb92ed5ae5f56f3b907b56ac2f13892cb6f81d1fc8810651fbedb",
"type": "eql",
"version": 108
"version": 109
},
"2856446a-34e6-435b-9fb5-f8f040bfa7ed": {
"min_stack_version": "8.3",
@@ -1735,9 +1735,9 @@
"2de10e77-c144-4e69-afb7-344e7127abd0": {
"min_stack_version": "8.3",
"rule_name": "O365 Excessive Single Sign-On Logon Errors",
"sha256": "6aafdc4d1c33f41d82f7a067cce68c407f9cc905aa5f0bcee8e8a3626f89a88e",
"sha256": "a6c2623e22edf439212d0065ea3329407e43fdc9756008e2a6cc39150c927f46",
"type": "threshold",
"version": 103
"version": 104
},
"2de87d72-ee0c-43e2-b975-5f0b029ac600": {
"min_stack_version": "8.3",
@@ -1847,9 +1847,9 @@
"30bfddd7-2954-4c9d-bbc6-19a99ca47e23": {
"min_stack_version": "8.5",
"rule_name": "ESXI Timestomping using Touch Command",
"sha256": "c5d4a3001d7351c602369af6c986ac059de87c9b83a9217a63faaacf66a54a0f",
"sha256": "41a17a81e7dbbf1e337709a394e0be029ac4d83690a5bae894f24d09e5939b60",
"type": "eql",
"version": 6
"version": 7
},
"30e1e9f2-eb9c-439f-aff6-1e3068e99384": {
"min_stack_version": "8.3",
@@ -2030,9 +2030,9 @@
"3728c08d-9b70-456b-b6b8-007c7d246128": {
"min_stack_version": "8.3",
"rule_name": "Potential Suspicious File Edit",
"sha256": "0f9b9c003bc39253a948a9da6d7c5b5263d9d1dc3c73abf730550e6c0c3ff687",
"sha256": "ad661308418ae98d99acfbe93160fc7b79bd560af7e212b8b2d582ca93665254",
"type": "eql",
"version": 3
"version": 4
},
"378f9024-8a0c-46a5-aa08-ce147ac73a4e": {
"min_stack_version": "8.9",
@@ -2269,9 +2269,9 @@
"3e12a439-d002-4944-bc42-171c0dcb9b96": {
"min_stack_version": "8.3",
"rule_name": "Kernel Driver Load",
"sha256": "943b3b49ddeb5d7f3cedcc5cd924db6f3c7c44435aa3913ee577e89925ae0651",
"sha256": "0d805e30368d7d1a1c774e0e29386cb807ff617bc0d294c11a6ecf97e9cf3bdc",
"type": "eql",
"version": 3
"version": 4
},
"3e3d15c6-1509-479a-b125-21718372157e": {
"min_stack_version": "8.3",
@@ -2313,9 +2313,9 @@
"3efee4f0-182a-40a8-a835-102c68a4175d": {
"min_stack_version": "8.3",
"rule_name": "Potential Password Spraying of Microsoft 365 User Accounts",
"sha256": "6f5fb726f163898f2ca5b0b8de75a346cda8451de239adb986ada4f3128b4c67",
"sha256": "3ee6a597bfe462c8b9132d7ca83768025a28634b18c009db462cb0c3bd7bfe39",
"type": "threshold",
"version": 103
"version": 104
},
"3f0e5410-a4bf-4e8c-bcfc-79d67a285c54": {
"min_stack_version": "8.3",
@@ -2596,9 +2596,9 @@
"48819484-9826-4083-9eba-1da74cd0eaf2": {
"min_stack_version": "8.6",
"rule_name": "Suspicious Microsoft 365 Mail Access by ClientAppId",
"sha256": "fadad966a91f932ed17c91f28dccd142d23d55cd4ae7ea7c57bdd1571b0c95ea",
"sha256": "25daf6eb0539fcc0694b22088a27dd0f67fcba06669cc69450e34b994cc642ea",
"type": "new_terms",
"version": 1
"version": 2
},
"48b3d2e3-f4e8-41e6-95e6-9b2091228db3": {
"min_stack_version": "8.3",
@@ -2724,9 +2724,9 @@
"4b868f1f-15ff-4ba3-8c11-d5a7a6356d37": {
"min_stack_version": "8.3",
"rule_name": "ProxyChains Activity",
"sha256": "b6d4b380b3738c08ae7418cf9bf2094fea2128d43315465e741e17fb6bf6c361",
"sha256": "57ef2c8bafe0c644017773b4793d326d1eaa88d8b6cc8a764ce142cbd468a448",
"type": "eql",
"version": 2
"version": 3
},
"4b95ecea-7225-4690-9938-2a2c0bad9c99": {
"min_stack_version": "8.9",
@@ -2868,9 +2868,9 @@
"514121ce-c7b6-474a-8237-68ff71672379": {
"min_stack_version": "8.3",
"rule_name": "Microsoft 365 Exchange DKIM Signing Configuration Disabled",
"sha256": "a5c1852e0f0b5d54d522bc9d34146368b3966050fdbb0b514ad8a5c883a865c3",
"sha256": "51cc46687ba4f2ec1ce8b6d3af9bcf1d8e6449e6300a2dfde2ec5442af150b87",
"type": "query",
"version": 102
"version": 103
},
"51859fa0-d86b-4214-bf48-ebb30ed91305": {
"min_stack_version": "8.3",
@@ -2882,9 +2882,9 @@
"51a09737-80f7-4551-a3be-dac8ef5d181a": {
"min_stack_version": "8.3",
"rule_name": "Tainted Out-Of-Tree Kernel Module Load",
"sha256": "906a021911de5e8f4437da9087e7b52974e5ae6d5decb416ebc494866bf4ecc9",
"sha256": "ade59253fc0de2627984007ba84a2d944a16000aa69c83193c63f1dda8b806fa",
"type": "query",
"version": 1
"version": 2
},
"51ce96fb-9e52-4dad-b0ba-99b54440fc9a": {
"min_stack_version": "8.3",
@@ -3201,9 +3201,9 @@
"5930658c-2107-4afc-91af-e0e55b7f7184": {
"min_stack_version": "8.3",
"rule_name": "O365 Email Reported by User as Malware or Phish",
"sha256": "6f1117902fd841998a715673511a3831fe99e7a953113854fd094e8aaf57d935",
"sha256": "a384ae4e6ee0a0f14a297dd9980b3aae52fcba5a63e3fca63e28559480b62bef",
"type": "query",
"version": 102
"version": 103
},
"594e0cbf-86cc-45aa-9ff7-ff27db27d3ed": {
"min_stack_version": "8.9",
@@ -3280,9 +3280,9 @@
"5b18eef4-842c-4b47-970f-f08d24004bde": {
"min_stack_version": "8.3",
"rule_name": "Suspicious which Enumeration",
"sha256": "7d7caddbf4b4d96f05ac6949cb45758377a5e3bf4b700ccf482055409ec6f2c2",
"sha256": "69d468e7d20c3791c53b93dada74a299db61b105a4bc22ed3b5e08711a47bfd7",
"type": "eql",
"version": 3
"version": 4
},
"5b9eb30f-87d6-45f4-9289-2bf2024f0376": {
"min_stack_version": "8.3",
@@ -3417,9 +3417,9 @@
"5e552599-ddec-4e14-bad1-28aa42404388": {
"min_stack_version": "8.3",
"rule_name": "Microsoft 365 Teams Guest Access Enabled",
"sha256": "4e4a262b9c4e5ab8a6ad524df85e1f6b13bdcae8c45ccea1db5bb31e2acd028f",
"sha256": "92a0588bb516c3bf59cc84e1a9a07051d183c3a54df36ce698c176fe0a02d838",
"type": "query",
"version": 102
"version": 103
},
"5e87f165-45c2-4b80-bfa5-52822552c997": {
"rule_name": "Potential PrintNightmare File Modification",
@@ -3444,9 +3444,9 @@
"60f3adec-1df9-4104-9c75-b97d9f078b25": {
"min_stack_version": "8.3",
"rule_name": "Microsoft 365 Exchange DLP Policy Removed",
"sha256": "0886a8d4f32a069d4f64c2559bfc5d527f4a2d24045aab00ae97f1de9ad9efb7",
"sha256": "807f4b28328d1f7ad9211882227887a21f3d288a8ad35dd75b1e3578f37251e9",
"type": "query",
"version": 102
"version": 103
},
"610949a1-312f-4e04-bb55-3a79b8c95267": {
"min_stack_version": "8.3",
@@ -3625,10 +3625,10 @@
},
"66c058f3-99f4-4d18-952b-43348f2577a0": {
"min_stack_version": "8.3",
"rule_name": "Linux Secret Dumping via GDB",
"sha256": "69b91af7c13fbc10668c950da9d070e9350d6f40ae5115d828703884de988e06",
"rule_name": "Linux Process Hooking via GDB",
"sha256": "b3318b7675f46ff6010f0b14354de0fc80b653f22835e38f76217b88dc3ab892",
"type": "eql",
"version": 1
"version": 2
},
"66da12b1-ac83-40eb-814c-07ed1d82b7b9": {
"min_stack_version": "8.3",
@@ -3663,9 +3663,9 @@
"675239ea-c1bc-4467-a6d3-b9e2cc7f676d": {
"min_stack_version": "8.3",
"rule_name": "O365 Mailbox Audit Logging Bypass",
"sha256": "cac04714049b7a004fe00585d8cc3e351f442896feb07e367f5e3406853f595d",
"sha256": "a61d567175526ad5bc735b093f276d0725a0ca9784d8b72754091e0b9abf70bb",
"type": "query",
"version": 102
"version": 103
},
"676cff2b-450b-4cf1-8ed2-c0c58a4a2dd7": {
"min_stack_version": "8.10",
@@ -3712,9 +3712,9 @@
"684554fc-0777-47ce-8c9b-3d01f198d7f8": {
"min_stack_version": "8.3",
"rule_name": "New or Modified Federation Domain",
"sha256": "c12b7d94ddd9ac7a54891cd86831775b8622d2c0681fcaf612e2842bed646cf6",
"sha256": "0fad0589541a8950f5f88b2a261cb0045389b6c80956518f1a66aad4d72394a8",
"type": "query",
"version": 102
"version": 103
},
"6885d2ae-e008-4762-b98a-e8e1cd3a81e9": {
"min_stack_version": "8.10",
@@ -3857,9 +3857,9 @@
"6ace94ba-f02c-4d55-9f53-87d99b6f9af4": {
"min_stack_version": "8.3",
"rule_name": "Suspicious Utility Launched via ProxyChains",
"sha256": "7cf65464523d24beeac567cd5b9693fec22ad30bbfe4cb108c18b3cfc557ca40",
"sha256": "2442d8e0afa98b686eab3bcb1903abd546f86596652f60691f6efdfd621713e3",
"type": "eql",
"version": 5
"version": 6
},
"6b84d470-9036-4cc0-a27c-6d90bbfe81ab": {
"min_stack_version": "8.6",
@@ -4109,9 +4109,9 @@
"721999d0-7ab2-44bf-b328-6e63367b9b29": {
"min_stack_version": "8.3",
"rule_name": "Microsoft 365 Potential ransomware activity",
"sha256": "065cd0cc51b5457baa9bc37901045907810e07d074eef16982399654fae10302",
"sha256": "c4aa9e181be0c938309c1841f3a5de34116bfe2a8a734e1a92fd928af5ef644f",
"type": "query",
"version": 102
"version": 103
},
"729aa18d-06a6-41c7-b175-b65b739b1181": {
"min_stack_version": "8.10",
@@ -4771,9 +4771,9 @@
"88671231-6626-4e1b-abb7-6e361a171fbb": {
"min_stack_version": "8.3",
"rule_name": "Microsoft 365 Global Administrator Role Assigned",
"sha256": "bb6703bc49a5b12297b62e2aa1b7a9e5f01ce6108eabbd1d541ec655dd35ac50",
"sha256": "1bc2ee513c9a3702d258107ccaa36ce6f728f37804a83afe41ec0386f3386f66",
"type": "query",
"version": 102
"version": 103
},
"88817a33-60d3-411f-ba79-7c905d865b2a": {
"min_stack_version": "8.3",
@@ -5338,9 +5338,9 @@
"97314185-2568-4561-ae81-f3e480e5e695": {
"min_stack_version": "8.3",
"rule_name": "Microsoft 365 Exchange Anti-Phish Rule Modification",
"sha256": "5e3900d8aa0de4868a0980ccd44983433b4f857bddf099cf73275a57e5145c8f",
"sha256": "9c1981f0822634de6f020d5301b100c703d19724dd486e288398596ff23b18e6",
"type": "query",
"version": 102
"version": 103
},
"97359fd8-757d-4b1d-9af1-ef29e4a8680e": {
"min_stack_version": "8.3",
@@ -5445,9 +5445,9 @@
"98995807-5b09-4e37-8a54-5cae5dc932d7": {
"min_stack_version": "8.3",
"rule_name": "Microsoft 365 Exchange Management Group Role Assignment",
"sha256": "a8d4e67d87194878313ca642bb0cfef0c9fc3750c6cf26a8b74eeac52d8a0c9e",
"sha256": "e5669429abd5547d912048bcc97739ccf3bfa45d4d74e324d1ab2bfd2076322c",
"type": "query",
"version": 102
"version": 103
},
"98fd7407-0bd5-5817-cda0-3fcc33113a56": {
"min_stack_version": "8.9",
@@ -6001,9 +6001,9 @@
"a989fa1b-9a11-4dd8-a3e9-f0de9c6eb5f2": {
"min_stack_version": "8.3",
"rule_name": "Microsoft 365 Exchange Safe Link Policy Disabled",
"sha256": "6414cc66c7c80d4240492b269f8c591d61734d2cec368c51642c367fcb0a0fda",
"sha256": "3d299427823ca14b62de2ac6ceb1e378df0601897aea618d82aaf2ac27a5b9e2",
"type": "query",
"version": 102
"version": 103
},
"a99f82f5-8e77-4f8b-b3ce-10c0f6afbc73": {
"min_stack_version": "8.4",
@@ -6110,9 +6110,9 @@
"ac8805f6-1e08-406c-962e-3937057fa86f": {
"min_stack_version": "8.3",
"rule_name": "Potential Protocol Tunneling via Chisel Server",
"sha256": "8c1fcd1ccc01b7c092eac3e49fb246f3f883093d07485ca2528b0212e66d1421",
"sha256": "34b6716c496b1178e904c674b9e693a568ca3f5cc14b35679edfebdcbe819cb1",
"type": "eql",
"version": 4
"version": 5
},
"ac96ceb8-4399-4191-af1d-4feeac1f1f46": {
"min_stack_version": "8.3",
@@ -6322,9 +6322,9 @@
"b2951150-658f-4a60-832f-a00d1e6c6745": {
"min_stack_version": "8.3",
"rule_name": "Microsoft 365 Unusual Volume of File Deletion",
"sha256": "0e2607bb68d167a217bd28be737c707eb6729cb8c449efd2f3c45064ba35fb07",
"sha256": "1dbef7993a821421fc2fa12a51dab4936081be0382afeb3ebd8f36b93c07bdcf",
"type": "query",
"version": 102
"version": 103
},
"b29ee2be-bf99-446c-ab1a-2dc0183394b8": {
"min_stack_version": "8.3",
@@ -6612,9 +6612,9 @@
"bba1b212-b85c-41c6-9b28-be0e5cdfc9b1": {
"min_stack_version": "8.3",
"rule_name": "OneDrive Malware File Upload",
"sha256": "4f273dae13ee4bb9564a60c6771439fc10cd7f3357de2aa65839ff10d4cde814",
"sha256": "b2abdce89d919f7eaeb571349e52d6d14eac86020237f33d935576d9f83954aa",
"type": "query",
"version": 102
"version": 103
},
"bbaa96b9-f36c-4898-ace2-581acb00a409": {
"min_stack_version": "8.3",
@@ -6626,9 +6626,9 @@
"bbd1a775-8267-41fa-9232-20e5582596ac": {
"min_stack_version": "8.3",
"rule_name": "Microsoft 365 Teams Custom Application Interaction Allowed",
"sha256": "f4f0da241f45040111a47879928011d3b90da922010348154b5cb1c44d2f24ee",
"sha256": "bfeee6d64b53fd5857ae139679a0455df0d0127f55134eadfdf8053869f558f3",
"type": "query",
"version": 103
"version": 104
},
"bc0c6f0d-dab0-47a3-b135-0925f0a333bc": {
"min_stack_version": "8.9",
@@ -7156,9 +7156,9 @@
"ca79768e-40e1-4e45-a097-0e5fbc876ac2": {
"min_stack_version": "8.3",
"rule_name": "Microsoft 365 Exchange Malware Filter Rule Modification",
"sha256": "fdddb91dc8eaf01e3cca5626ab5e3b2c4ef51e15a8544385057399574b3d9b3b",
"sha256": "35f6d54b3e3c26169e00e55122b6e68ac8018946a2b9dd31d26fdb36faa90d82",
"type": "query",
"version": 102
"version": 103
},
"ca98c7cf-a56e-4057-a4e8-39603f7f0389": {
"min_stack_version": "8.4",
@@ -7562,9 +7562,9 @@
"d4ff2f53-c802-4d2e-9fb9-9ecc08356c3f": {
"min_stack_version": "8.3",
"rule_name": "Linux init (PID 1) Secret Dump via GDB",
"sha256": "ce07cc502120394f374d4b4f5e5f706cfe97c593a8d2e56b9d4e8800acffad99",
"sha256": "a52643d7321caf85380a4ed6148bef35c8425b00082a0ae6d7b352f82ecb391b",
"type": "eql",
"version": 4
"version": 5
},
"d55436a8-719c-445f-92c4-c113ff2f9ba5": {
"min_stack_version": "8.3",
@@ -7649,9 +7649,9 @@
"d68eb1b5-5f1c-4b6d-9e63-5b6b145cd4aa": {
"min_stack_version": "8.3",
"rule_name": "Microsoft 365 Exchange Anti-Phish Policy Deletion",
"sha256": "3fa1ccf28083380bbb7d71135b1b5ab0753f90d5fde3ecdeda2cb4ffc6ae81aa",
"sha256": "e1c61b6847b137835d630c3eba3b8bf7a5da03bf08a0e81a27ca46637b093b91",
"type": "query",
"version": 102
"version": 103
},
"d703a5af-d5b0-43bd-8ddb-7a5d500b7da5": {
"min_stack_version": "8.3",
@@ -7670,9 +7670,9 @@
"d743ff2a-203e-4a46-a3e3-40512cfe8fbb": {
"min_stack_version": "8.3",
"rule_name": "Microsoft 365 Exchange Malware Filter Policy Deletion",
"sha256": "4a8ffe50aa43eaf2654ac6a51517203a86c2951828434a1cb60bb435707c5a6b",
"sha256": "8ac44c71af4271eb13db4ef37b755bdfb7b4c9aa8f3ec7041a7a2ec06b98482d",
"type": "query",
"version": 102
"version": 103
},
"d74d6506-427a-4790-b170-0c2a6ddac799": {
"min_stack_version": "8.3",
@@ -7824,9 +7824,9 @@
"dc71c186-9fe4-4437-a4d0-85ebb32b8204": {
"min_stack_version": "8.3",
"rule_name": "Potential Hidden Process via Mount Hidepid",
"sha256": "2dec4f8780da5987b36ab32a471d2c70a5eaee968d608b8ce70ea52290021878",
"sha256": "e5650e2474aae5fab08118c262adeb299cbaee2b02a70d5ffec40097ada719ca",
"type": "eql",
"version": 6
"version": 7
},
"dc9c1f74-dac3-48e3-b47f-eb79db358f57": {
"min_stack_version": "8.3",
@@ -7889,9 +7889,9 @@
"debff20a-46bc-4a4d-bae5-5cdd14222795": {
"min_stack_version": "8.3",
"rule_name": "Base16 or Base32 Encoding/Decoding Activity",
"sha256": "0f2e6ac845f8b90178b87d34179c8221ebb916e5b879e1acba116f2bc751ead8",
"sha256": "9e0b0fb6936bd328d5d7b6e23154e6cc371ebce8171a2047be0575e8763fbace",
"type": "eql",
"version": 108
"version": 109
},
"ded09d02-0137-4ccc-8005-c45e617e8d4c": {
"min_stack_version": "8.6",
@@ -8006,9 +8006,9 @@
"e0cc3807-e108-483c-bf66-5a4fbe0d7e89": {
"min_stack_version": "8.3",
"rule_name": "Potentially Suspicious Process Started via tmux or screen",
"sha256": "e1ed4e0365edf2d5b5f63fc4a633c8d5520823cbb25d79826c9bde9fb5648a6a",
"sha256": "0893951b70d630aef74cd34abc894e0ab6951ccac37a819c449f7b459f1a4eb5",
"type": "eql",
"version": 2
"version": 3
},
"e0dacebe-4311-4d50-9387-b17e89c2e7fd": {
"min_stack_version": "7.16",
@@ -8533,9 +8533,9 @@
"eb9eb8ba-a983-41d9-9c93-a1c05112ca5e": {
"min_stack_version": "8.3",
"rule_name": "Potential Disabling of SELinux",
"sha256": "23a5f7e32120fdb45c8175f8b7d7466b7f576e9d71127c5cbf486776602a7d54",
"sha256": "4b41664ac4de90d5a6911bca73f92933f49cf46f25ba5c3e4852456e8bece7ba",
"type": "eql",
"version": 108
"version": 109
},
"ebb200e8-adf0-43f8-a0bb-4ee5b5d852c6": {
"min_stack_version": "8.3",
@@ -8568,9 +8568,9 @@
"ec8efb0c-604d-42fa-ac46-ed1cfbc38f78": {
"min_stack_version": "8.3",
"rule_name": "Microsoft 365 Inbox Forwarding Rule Created",
"sha256": "ccb7629ab98a47b76d488ad0234349226bd54d20ba68a72bfa6d504471d57576",
"sha256": "98615f87ce24445df876a6f771b6899cfdecbd5028d5167fb5f060c7d2cb44df",
"type": "query",
"version": 102
"version": 103
},
"ecd4857b-5bac-455e-a7c9-a88b66e56a9e": {
"min_stack_version": "8.3",
@@ -8905,9 +8905,9 @@
"f530ca17-153b-4a7a-8cd3-98dd4b4ddf73": {
"min_stack_version": "8.3",
"rule_name": "Suspicious Data Encryption via OpenSSL Utility",
"sha256": "ddced9a0cc70d7a97aff4223b6abe5ed8faf61be30e7e56fbc87b2d124b9e693",
"sha256": "cfb1b743b6fa0a445ac73256b1e736171185b9c296f9d73efac25b538d64ea02",
"type": "eql",
"version": 4
"version": 5
},
"f545ff26-3c94-4fd0-bd33-3c7f95a3a0fc": {
"min_stack_version": "8.3",
@@ -9147,9 +9147,9 @@
"fac52c69-2646-4e79-89c0-fd7653461010": {
"min_stack_version": "8.3",
"rule_name": "Potential Disabling of AppArmor",
"sha256": "4f8a4b5f58afc63fe8e1fef64b1f0f5ed48bce8b895a9f80afb8ff33e8f74f3e",
"sha256": "59fdb01847d36f82c27f340f9e7aaa3aeef098f8f2eb04f77cc178331a36c8e1",
"type": "eql",
"version": 4
"version": 5
},
"fb01d790-9f74-4e76-97dd-b4b0f7bf6435": {
"min_stack_version": "8.4",
@@ -9347,9 +9347,9 @@
"ff4dd44a-0ac6-44c4-8609-3f81bc820f02": {
"min_stack_version": "8.3",
"rule_name": "Microsoft 365 Exchange Transport Rule Creation",
"sha256": "e247dbb68f81f5c55155bea1dd2a757717bdc740b8259a933165e5a612d3cdb7",
"sha256": "24df1fab9f47005a3dcf144bdd7993c237e1da4de8b6ed8ee44d4513417e0f88",
"type": "query",
"version": 102
"version": 103
},
"ff9b571e-61d6-4f6c-9561-eb4cca3bafe1": {
"min_stack_version": "8.3",