Lock versions for releases: 8.19,9.1,9.2,9.3 (#5930)

detection_rules/etc/version.lock.json

@@ -1364,9 +1364,9 @@
   },
   "1b5e9d4a-7c2f-4e8b-a3d6-0f9c8e2b1a4d": {
     "rule_name": "Remote Management Access Launch After MSI Install",
-    "sha256": "04339c5baefede30ec62d7622df43d61a7eef47d7e5140c4166a4ef84c05df63",
+    "sha256": "cc1f83a967b60cefd14eb2acfe29dc5ebcafbdac6c0ff14de2939760741d65e3",
     "type": "eql",
-    "version": 1
+    "version": 2
   },
   "1b65429e-bd92-44c0-aff8-e8065869d860": {
     "rule_name": "BPF Program Tampering via bpftool",
@@ -1382,9 +1382,9 @@
   },
   "1bb329a5-2168-4da5-b7b9-d42a51deb6dd": {
     "rule_name": "Correlated Alerts on Similar User Identities",
-    "sha256": "a3ef283129c4f9b2d2ff401a29cf89bafab9d5241edd4760ffc71517c9f865cc",
+    "sha256": "68998d6567c249cc78dcca6818615a5ba8e4f942205978f489fad037876e6b4b",
     "type": "esql",
-    "version": 2
+    "version": 3
   },
   "1c27fa22-7727-4dd3-81c0-de6da5555feb": {
     "rule_name": "Potential Internal Linux SSH Brute Force Detected",
@@ -1707,10 +1707,10 @@
     "version": 210
   },
   "22599847-5d13-48cb-8872-5796fee8692b": {
-    "rule_name": "SUNBURST Command and Control Activity",
+    "rule_name": "Deprecated - SUNBURST Command and Control Activity",
-    "sha256": "c954a580d6a107f3549d5eb9ba4cc18b263b5cecfb80b52f61371d0561a8a053",
+    "sha256": "e436ded1c2bcdb723f2a841740b8072959feceb4095c0086697c55e444763575",
     "type": "eql",
-    "version": 111
+    "version": 112
   },
   "227cf26a-88d1-4bcb-bf4c-925e5875abcf": {
     "min_stack_version": "9.3",
@@ -2922,9 +2922,9 @@
   "3dc4e312-346b-4a10-b05f-450e1eeab91c": {
     "min_stack_version": "9.3",
     "rule_name": "LLM-Based Compromised User Triage by User",
-    "sha256": "f7d7a3d2b3fa34c89c46ec93946265b367223bda8341a57198fb272f8bd91505",
+    "sha256": "08654fdc3bd24c49261ae772ea553f821ca9fe8bd83696f6e95b510b590b2b61",
     "type": "esql",
-    "version": 3
+    "version": 4
   },
   "3df49ff6-985d-11ef-88a1-f661ea17fbcd": {
     "rule_name": "AWS SNS Rare Protocol Subscription by User",
@@ -3545,9 +3545,9 @@
   },
   "4ae94fc1-f08f-419f-b692-053d28219380": {
     "rule_name": "Connection to Common Large Language Model Endpoints",
-    "sha256": "f1c88d3cd852e1d0a2d4aac9a07c89847100fbd5606cae21c47cebfc0a741265",
+    "sha256": "20f23bd803877535a040a877678ccc9f9bf5b382f9fddfa9b16fd9a803a1d4be",
     "type": "eql",
-    "version": 4
+    "version": 5
   },
   "4b1a807a-4e7b-414e-8cea-24bf580f6fc5": {
     "rule_name": "Deprecated - Potential Reverse Shell via Suspicious Parent Process",
@@ -4116,9 +4116,9 @@
   },
   "590fc62d-7386-4c75-92b0-af4517018da1": {
     "rule_name": "Unusual Process Modifying GenAI Configuration File",
-    "sha256": "e545844a7c0d04bacd4149972e5530758f6f5fcfaad5eb85dbc690ef57aacdf0",
+    "sha256": "4c8318ca5f58fb1f5df70040197b63e88f8b5f390e666cc85e3eac0c39129222",
     "type": "new_terms",
-    "version": 5
+    "version": 6
   },
   "5919988c-29e1-4908-83aa-1f087a838f63": {
     "rule_name": "File or Directory Deletion Command",
@@ -7581,9 +7581,9 @@
   },
   "a7c3e8f2-4b19-4d6a-9e5c-8f1a2b3c4d5e": {
     "rule_name": "Execution via OpenClaw Agent",
-    "sha256": "57561a090eba3d509ddd4db1e495c4ae3e56bac366975fbf1ea694a59947c35c",
+    "sha256": "a9fb3ddbff42c0d57d6e0002f0d6155ea00cf381999b2af63577940aa8776c47",
     "type": "eql",
-    "version": 3
+    "version": 4
   },
   "a7ccae7b-9d2c-44b2-a061-98e5946971fa": {
     "rule_name": "Suspicious Print Spooler SPL File Created",
@@ -9822,9 +9822,9 @@
   },
   "d9af2479-ad13-4471-a312-f586517f1243": {
     "rule_name": "Curl or Wget Spawned via Node.js",
-    "sha256": "7ca35f6a6c0eba849591ca1295bb52c5a29e74d0845523a9c3dbf72eb58b3b16",
+    "sha256": "951ee0aea30e70bfde8e78165a1547a8b00bdc808aad4a313029de907d78bfc6",
     "type": "eql",
-    "version": 5
+    "version": 6
   },
   "d9bfa475-270d-4b07-93cb-b1f49abe13da": {
     "min_stack_version": "9.3",
@@ -10987,9 +10987,9 @@
   "f236cca1-e887-4d14-9ba9-bb8dd3e16cf1": {
     "min_stack_version": "9.3",
     "rule_name": "LLM-Based Attack Chain Triage by Host",
-    "sha256": "286422b3b4035aa2adeafd1b284e053369eeed39302d7369532e46de03eaff07",
+    "sha256": "c1f09b9398519eeca1ca5751ca9ef554c12bcecc242670114227526c401ca16f",
     "type": "esql",
-    "version": 3
+    "version": 4
   },
   "f243fe39-83a4-46f3-a3b6-707557a102df": {
     "rule_name": "Service Path Modification",

pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "detection_rules"
-version = "1.6.13"
+version = "1.6.14"
 description = "Detection Rules is the home for rules used by Elastic Security. This repository is used for the development, maintenance, testing, validation, and release of rules for Elastic Security’s Detection Engine."
 readme = "README.md"
 requires-python = ">=3.12"