From c82e89ad3477dec3983aa98cf6be38e8136d1fef Mon Sep 17 00:00:00 2001
From: Ross Wolf <31489089+rw-access@users.noreply.github.com>
Date: Tue, 6 Jul 2021 13:42:09 -0600
Subject: [PATCH] Add min_stack_version to 7.14+ only rules (#1321)

---
 rules/ml/ml_auth_rare_hour_for_a_user_to_logon.toml          | 1 +
 rules/ml/ml_auth_rare_source_ip_for_a_user.toml              | 1 +
 rules/ml/ml_auth_rare_user_logon.toml                        | 1 +
 rules/ml/ml_auth_spike_in_failed_logon_events.toml           | 1 +
 rules/ml/ml_auth_spike_in_logon_events.toml                  | 1 +
 rules/ml/ml_auth_spike_in_logon_events_from_a_source_ip.toml | 1 +
 6 files changed, 6 insertions(+)

diff --git a/rules/ml/ml_auth_rare_hour_for_a_user_to_logon.toml b/rules/ml/ml_auth_rare_hour_for_a_user_to_logon.toml
index 18f07d597..dddd7aa05 100644
--- a/rules/ml/ml_auth_rare_hour_for_a_user_to_logon.toml
+++ b/rules/ml/ml_auth_rare_hour_for_a_user_to_logon.toml
@@ -2,6 +2,7 @@
 creation_date = "2021/06/10"
 maturity = "production"
 updated_date = "2021/06/10"
+min_stack_version = "7.14.0"
 
 [rule]
 anomaly_threshold = 75
diff --git a/rules/ml/ml_auth_rare_source_ip_for_a_user.toml b/rules/ml/ml_auth_rare_source_ip_for_a_user.toml
index fae680541..04dabb0ef 100644
--- a/rules/ml/ml_auth_rare_source_ip_for_a_user.toml
+++ b/rules/ml/ml_auth_rare_source_ip_for_a_user.toml
@@ -2,6 +2,7 @@
 creation_date = "2021/06/10"
 maturity = "production"
 updated_date = "2021/06/10"
+min_stack_version = "7.14.0"
 
 [rule]
 anomaly_threshold = 75
diff --git a/rules/ml/ml_auth_rare_user_logon.toml b/rules/ml/ml_auth_rare_user_logon.toml
index be0c16360..be6fee529 100644
--- a/rules/ml/ml_auth_rare_user_logon.toml
+++ b/rules/ml/ml_auth_rare_user_logon.toml
@@ -2,6 +2,7 @@
 creation_date = "2021/06/10"
 maturity = "production"
 updated_date = "2021/06/10"
+min_stack_version = "7.14.0"
 
 [rule]
 anomaly_threshold = 75
diff --git a/rules/ml/ml_auth_spike_in_failed_logon_events.toml b/rules/ml/ml_auth_spike_in_failed_logon_events.toml
index 6c7cfbb72..780b21760 100644
--- a/rules/ml/ml_auth_spike_in_failed_logon_events.toml
+++ b/rules/ml/ml_auth_spike_in_failed_logon_events.toml
@@ -2,6 +2,7 @@
 creation_date = "2021/06/10"
 maturity = "production"
 updated_date = "2021/06/10"
+min_stack_version = "7.14.0"
 
 [rule]
 anomaly_threshold = 75
diff --git a/rules/ml/ml_auth_spike_in_logon_events.toml b/rules/ml/ml_auth_spike_in_logon_events.toml
index 50517f4d1..6493aa2b7 100644
--- a/rules/ml/ml_auth_spike_in_logon_events.toml
+++ b/rules/ml/ml_auth_spike_in_logon_events.toml
@@ -2,6 +2,7 @@
 creation_date = "2021/06/10"
 maturity = "production"
 updated_date = "2021/06/10"
+min_stack_version = "7.14.0"
 
 [rule]
 anomaly_threshold = 75
diff --git a/rules/ml/ml_auth_spike_in_logon_events_from_a_source_ip.toml b/rules/ml/ml_auth_spike_in_logon_events_from_a_source_ip.toml
index 0c8c8d4da..bdca7a4bb 100644
--- a/rules/ml/ml_auth_spike_in_logon_events_from_a_source_ip.toml
+++ b/rules/ml/ml_auth_spike_in_logon_events_from_a_source_ip.toml
@@ -2,6 +2,7 @@
 creation_date = "2021/06/10"
 maturity = "production"
 updated_date = "2021/06/10"
+min_stack_version = "7.14.0"
 
 [rule]
 anomaly_threshold = 75