security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Lock versions for releases: 7.16,8.0,8.1,8.2,8.3,8.4,8.5,8.6 (#2468)

Browse Source 
* Locked versions for releases: 7.16,8.0,8.1,8.2,8.3,8.4,8.5,8.6

* added newline in version lock file to trigger checks

* removed trailing newline from version lock file

Co-authored-by: terrancedejesus <terrancedejesus@users.noreply.github.com>
Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co>
This commit is contained in:
github-actions[bot]
2023-01-13 15:20:23 -05:00
committed by GitHub
parent b61da98f97
commit d81bc25d09
1 changed files with 221 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files
detection_rules/etc/version.lock.json
+221 -72
View File
@@ -334,11 +334,20 @@
"version": 2
},
"07b5f85a-240f-11ed-b3d9-f661ea17fbce": {
"min_stack_version": "8.3",
"min_stack_version": "8.4",
"previous": {
"8.3": {
"max_allowable_version": 103,
"rule_name": "Google Drive Ownership Transferred via Google Workspace",
"sha256": "1c82ea9b65fada4ec684045bd8b3e5eaa0730b35b41ddef3dd151ff26a9d6be9",
"type": "query",
"version": 4
}
},
"rule_name": "Google Drive Ownership Transferred via Google Workspace",
"sha256": "98600fe4b1c0c882bb99021122279f31ce5cdd2266abf34b56bab33f0cb7f190",
"type": "query",
"version": 3
"version": 104
},
"080bc66a-5d56-4d1f-8071-817671716db9": {
"min_stack_version": "8.3",
@@ -547,9 +556,9 @@
"0d160033-fab7-4e72-85a3-3a9d80c8bff7": {
"min_stack_version": "8.3",
"rule_name": "Multiple Alerts Involving a User",
"sha256": "370e2374f3b2571a3f3119c682a5be649e235d1846b8eec75e7ba4705aac4263",
"sha256": "8d4c07265bf4bd3c24f522e31ba75c8a38f0b8d8b41064fcc50c4dcf0e4e168f",
"type": "threshold",
"version": 1
"version": 2
},
"0d69150b-96f8-467c-a86d-a67a3378ce77": {
"min_stack_version": "8.3",
@@ -764,9 +773,9 @@
"11dd9713-0ec6-4110-9707-32daae1ee68c": {
"min_stack_version": "8.3",
"rule_name": "PowerShell Script with Token Impersonation Capabilities",
"sha256": "571c3c9a9e52d72036dcd37ff012814d9bd65cb35c013e9a5ad0a9cb270ae47b",
"sha256": "0f8e7d4c05e2aa942a177e9e8522674ba38bc37003575e007b6ec8cbaa5c3a49",
"type": "query",
"version": 2
"version": 3
},
"11ea6bec-ebde-4d71-a8e9-784948f8e3e9": {
"min_stack_version": "8.3",
@@ -2184,9 +2193,9 @@
}
},
"rule_name": "Potential Process Injection via PowerShell",
"sha256": "af6f4fb1b2ee6c896750bdd4d73df591989f45ce9e13a9c949f7d8919f5a7fb6",
"sha256": "8c6f27c7e2b39957500b3f0d690080088b823c905b6f202e1b1b0de855c8553f",
"type": "query",
"version": 103
"version": 104
},
"2e580225-2a58-48ef-938b-572933be06fe": {
"min_stack_version": "8.3",
@@ -2248,9 +2257,9 @@
}
},
"rule_name": "PowerShell Suspicious Script with Audio Capture Capabilities",
"sha256": "701e6b024ca7be633acff2c87983ac3cb5f4a1ffcb7f16ff249fcab653225f5d",
"sha256": "7116ad8f42568440dcb1c9bc6b196885c1878eea0730ad2d2b0b7825393a398b",
"type": "query",
"version": 103
"version": 104
},
"2f8a1226-5720-437d-9c20-e0029deb6194": {
"min_stack_version": "8.3",
@@ -3375,11 +3384,20 @@
"version": 100
},
"495e5f2e-2480-11ed-bea8-f661ea17fbce": {
"min_stack_version": "8.3",
"min_stack_version": "8.4",
"previous": {
"8.3": {
"max_allowable_version": 103,
"rule_name": "Application Removed from Blocklist in Google Workspace",
"sha256": "f65ab660ff049917ef0d56928b4115a2675fd3a83ade36c9569b28cd3cf3397d",
"type": "query",
"version": 4
}
},
"rule_name": "Application Removed from Blocklist in Google Workspace",
"sha256": "1425ad887371020ed16a18072658404fa91af9a56fbbdc316e44823c9370d614",
"type": "query",
"version": 3
"version": 104
},
"4a4e23cf-78a2-449c-bac3-701924c269d3": {
"min_stack_version": "8.3",
@@ -3432,9 +3450,9 @@
"4c59cff1-b78a-41b8-a9f1-4231984d1fb6": {
"min_stack_version": "8.3",
"rule_name": "PowerShell Share Enumeration Script",
"sha256": "0d9859995c28fa581240cc5695b8aa93e8f7c2595ec329b3422380c3d25fa676",
"sha256": "74c65a7829bcc251f06c98c0d4f413e59c86158ee47f518c8c9b158a3166ef82",
"type": "query",
"version": 3
"version": 4
},
"4d50a94f-2844-43fa-8395-6afbd5e1c5ef": {
"min_stack_version": "8.3",
@@ -3782,6 +3800,13 @@
"type": "eql",
"version": 101
},
"54a81f68-5f2a-421e-8eed-f888278bb712": {
"min_stack_version": "8.3",
"rule_name": "Exchange Mailbox Export via PowerShell",
"sha256": "a48a9cbb679372bd144a77cbe76de0fbd8975e021e3052cbc9a8b7b217712c04",
"type": "query",
"version": 1
},
"54c3d186-0461-4dc3-9b33-2dc5c7473936": {
"min_stack_version": "8.3",
"previous": {
@@ -3906,9 +3931,9 @@
}
},
"rule_name": "PowerShell PSReflect Script",
"sha256": "091b0bb0507a9ca860cb1eab4a5b50c137b839deb2ce342decf68176ab91b4c6",
"sha256": "11eb65e63a95ed292472ba5a64844f98470b90ed7eaef8847ba571ec81dffaa1",
"type": "query",
"version": 103
"version": 104
},
"5700cb81-df44-46aa-a5d7-337798f53eb8": {
"min_stack_version": "8.3",
@@ -3970,9 +3995,9 @@
}
},
"rule_name": "PowerShell MiniDump Script",
"sha256": "58816e1e395d2b3dd424fe52412a8e0c6f41b45ac111e2135e28291a443f1ecb",
"sha256": "efa8737d826a936ed57d1404ea8b8ea907281530808f0add72c400af16dc720d",
"type": "query",
"version": 103
"version": 104
},
"581add16-df76-42bb-af8e-c979bfb39a59": {
"min_stack_version": "8.3",
@@ -4302,11 +4327,20 @@
"version": 101
},
"5e161522-2545-11ed-ac47-f661ea17fbce": {
"min_stack_version": "8.3",
"min_stack_version": "8.4",
"previous": {
"8.3": {
"max_allowable_version": 103,
"rule_name": "Google Workspace 2SV Policy Disabled",
"sha256": "0e4f796c44b12756ec86c03bef7bca532a986bd70cbe34fda071162af183bb2e",
"type": "query",
"version": 4
}
},
"rule_name": "Google Workspace 2SV Policy Disabled",
"sha256": "a5a33cf12e70b976a8a202090de8c4e819f48cfb96c7be5ca799a3cd710da520",
"type": "query",
"version": 3
"version": 104
},
"5e552599-ddec-4e14-bad1-28aa42404388": {
"min_stack_version": "8.3",
@@ -4406,9 +4440,9 @@
}
},
"rule_name": "PowerShell Suspicious Discovery Related Windows API Functions",
"sha256": "5e289255b3744f6c6d02f444ed0e5b133a67e62aed318d241d24a1fd7db26417",
"sha256": "40e4e50e213f12414a720dbad1084ac9c5c66f7327c57db4a0983cd0f76293aa",
"type": "query",
"version": 103
"version": 104
},
"61c31c14-507f-4627-8c31-072556b89a9c": {
"rule_name": "Mknod Process Activity",
@@ -4774,7 +4808,7 @@
"version": 102
},
"68994a6c-c7ba-4e82-b476-26a26877adf6": {
"min_stack_version": "8.3",
"min_stack_version": "8.4",
"previous": {
"7.16": {
"max_allowable_version": 14,
@@ -4789,12 +4823,19 @@
"sha256": "b21a45d51ea3f04918d7eeaabb24efea888bc2f7a9c326ed3858bc775f4243e0",
"type": "query",
"version": 15
},
"8.3": {
"max_allowable_version": 203,
"rule_name": "Google Workspace Admin Role Assigned to a User",
"sha256": "2c52d4ab28968599f73fc69986af4d6bb32fa1a7990400dedb69a00d27923991",
"type": "query",
"version": 104
}
},
"rule_name": "Google Workspace Admin Role Assigned to a User",
"sha256": "900e09e88ba2b9b8a350387557983bccad76402efaa5f254d620c7a35f2dc7e7",
"type": "query",
"version": 103
"version": 204
},
"689b9d57-e4d5-4357-ad17-9c334609d79a": {
"min_stack_version": "8.3",
@@ -4927,9 +4968,9 @@
}
},
"rule_name": "Exporting Exchange Mailbox via PowerShell",
"sha256": "66727f73174ac2f2c261e172136cf6c6fb2cb140f447a85b4f37da5356af8d64",
"sha256": "c67ead923f191802c3f4b9ac87ce88c947bd2556188ad794e916a19872202460",
"type": "eql",
"version": 103
"version": 104
},
"6b84d470-9036-4cc0-a27c-6d90bbfe81ab": {
"min_stack_version": "8.3",
@@ -5088,7 +5129,7 @@
"version": 100
},
"6f435062-b7fc-4af9-acea-5b1ead65c5a5": {
"min_stack_version": "8.3",
"min_stack_version": "8.4",
"previous": {
"7.16": {
"max_allowable_version": 14,
@@ -5103,12 +5144,19 @@
"sha256": "244dc1f48bcc75832806b71e104f30425388ca2f33f6810e00dd12f2906b426f",
"type": "query",
"version": 15
},
"8.3": {
"max_allowable_version": 202,
"rule_name": "Google Workspace Role Modified",
"sha256": "daef89c776f6dbbe4af324d1e25088b7050e7ea1d1e9ab4726f530b8a5b4a5a5",
"type": "query",
"version": 103
}
},
"rule_name": "Google Workspace Role Modified",
"sha256": "ecaaefd4c78cf905024b3584372e31dd778a12b5a3a53cbc478adf8099648e69",
"type": "query",
"version": 102
"version": 203
},
"6f683345-bb10-47a7-86a7-71e9c24fb358": {
"rule_name": "Linux Restricted Shell Breakout via the find command",
@@ -5496,7 +5544,7 @@
"version": 101
},
"785a404b-75aa-4ffd-8be5-3334a5a544dd": {
"min_stack_version": "8.3",
"min_stack_version": "8.4",
"previous": {
"7.16": {
"max_allowable_version": 14,
@@ -5511,12 +5559,19 @@
"sha256": "5e45bae76ca5b927ec5755d9bb797b2012a6884ff93d4deb09b0127a0b0e273f",
"type": "query",
"version": 15
},
"8.3": {
"max_allowable_version": 202,
"rule_name": "Application Added to Google Workspace Domain",
"sha256": "a3cc84e17ebd0f9217243f6d5128ebb437ecb8d4e643a5ea8d1b3e3e40f343be",
"type": "query",
"version": 103
}
},
"rule_name": "Application Added to Google Workspace Domain",
"sha256": "ea4f94ba987a5d1684dd0f0d8c07ad19ab402403f98ab0c3f6c90db032a9a1e4",
"type": "query",
"version": 102
"version": 203
},
"7882cebf-6cf1-4de3-9662-213aa13e8b80": {
"min_stack_version": "8.3",
@@ -5659,11 +5714,20 @@
"version": 101
},
"7caa8e60-2df0-11ed-b814-f661ea17fbce": {
"min_stack_version": "8.3",
"min_stack_version": "8.4",
"previous": {
"8.3": {
"max_allowable_version": 103,
"rule_name": "Google Workspace Bitlocker Setting Disabled",
"sha256": "e433cddd2695f67bea309beea9d1d29197cb7f724fd7e8b1fe04b09657cfb195",
"type": "query",
"version": 4
}
},
"rule_name": "Google Workspace Bitlocker Setting Disabled",
"sha256": "93dc8b13643b49a519faaa37a39d18e52b52eff11913929d9063bf0040ad8880",
"type": "query",
"version": 3
"version": 104
},
"7ceb2216-47dd-4e64-9433-cddc99727623": {
"min_stack_version": "8.3",
@@ -5769,9 +5833,9 @@
}
},
"rule_name": "PowerShell Suspicious Payload Encoded and Compressed",
"sha256": "83d4da9cb153ddbf63e9d180a6f581c16db23d16b1f8d457e680f84498386dd3",
"sha256": "8d5dd848650d0aa7e36c11cb01d8832928c0dc44d91d010b25bc66eb8e0caa76",
"type": "query",
"version": 103
"version": 104
},
"81ff45f8-f8c2-4e28-992e-5a0e8d98e0fe": {
"min_stack_version": "8.3",
@@ -6568,7 +6632,7 @@
"version": 102
},
"93e63c3e-4154-4fc6-9f86-b411e0987bbf": {
"min_stack_version": "8.3",
"min_stack_version": "8.4",
"previous": {
"7.16": {
"max_allowable_version": 14,
@@ -6583,12 +6647,19 @@
"sha256": "213d54562eb126f314c2a6e1a102b4d4987ee2333524f5466bcf10b27609a92e",
"type": "query",
"version": 15
},
"8.3": {
"max_allowable_version": 202,
"rule_name": "Google Workspace Admin Role Deletion",
"sha256": "ef6d929dc2c2361a81de3f98368a4b583d1b79accfccf61f4bd2660192e320d0",
"type": "query",
"version": 103
}
},
"rule_name": "Google Workspace Admin Role Deletion",
"sha256": "7b6697a97cdf6019e2920baed1a4b6396b33c1f4589dc81aab2539b378a9cdd9",
"type": "query",
"version": 102
"version": 203
},
"93f47b6f-5728-4004-ba00-625083b3dcb0": {
"min_stack_version": "8.3",
@@ -6607,11 +6678,20 @@
"version": 101
},
"9510add4-3392-11ed-bd01-f661ea17fbce": {
"min_stack_version": "8.3",
"min_stack_version": "8.4",
"previous": {
"8.3": {
"max_allowable_version": 103,
"rule_name": "Google Workspace Custom Gmail Route Created or Modified",
"sha256": "5fd3d2b8c4d529473f1faf8da5346efc3e1c194556689eb7bba24604dfea18db",
"type": "query",
"version": 4
}
},
"rule_name": "Google Workspace Custom Gmail Route Created or Modified",
"sha256": "c316a06037035aae30e827897a80b0b965715ee7b63e7e6b1863c59d617d1292",
"type": "query",
"version": 3
"version": 104
},
"954ee7c8-5437-49ae-b2d6-2960883898e9": {
"min_stack_version": "8.3",
@@ -6641,9 +6721,9 @@
}
},
"rule_name": "PowerShell Suspicious Script with Screenshot Capabilities",
"sha256": "a361b95af4c8021091d89dc9a338520d4b43e6423cb8d0df588ad670d16955ad",
"sha256": "6e6d3db2b74e72a7814e88a22790a69b7bad458685f57587be4f172643d4f0f7",
"type": "query",
"version": 103
"version": 104
},
"968ccab9-da51-4a87-9ce2-d3c9782fd759": {
"min_stack_version": "8.3",
@@ -7045,11 +7125,20 @@
"version": 102
},
"9cf7a0ae-2404-11ed-ae7d-f661ea17fbce": {
"min_stack_version": "8.3",
"min_stack_version": "8.4",
"previous": {
"8.3": {
"max_allowable_version": 103,
"rule_name": "Google Workspace User Group Access Modified to Allow External Access",
"sha256": "172d2f04879c10e383d6f900e6bb2f9d49626e7a95d7f235e3183c36ab0e80ad",
"type": "query",
"version": 4
}
},
"rule_name": "Google Workspace User Group Access Modified to Allow External Access",
"sha256": "3de5e59006729a058c18b93a17cacead586bbf1a2893756ce0951d59aa5bfdfd",
"type": "query",
"version": 3
"version": 104
},
"9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae1": {
"rule_name": "Trusted Developer Application Usage",
@@ -7369,11 +7458,20 @@
"version": 102
},
"a2795334-2499-11ed-9e1a-f661ea17fbce": {
"min_stack_version": "8.3",
"min_stack_version": "8.4",
"previous": {
"8.3": {
"max_allowable_version": 103,
"rule_name": "Google Workspace Restrictions for Google Marketplace Modified to Allow Any App",
"sha256": "4c7b59991fca9e2bb874d73b26702beea98e72c40bda59d83f8a795d18fdbcf9",
"type": "query",
"version": 4
}
},
"rule_name": "Google Workspace Restrictions for Google Marketplace Modified to Allow Any App",
"sha256": "ebe6d8d11a370fe917eae7f3b885397f87978a7afb50ab4626fdb93bd08ef4f1",
"type": "query",
"version": 3
"version": 104
},
"a3ea12f3-0d4e-4667-8b44-4230c63f3c75": {
"min_stack_version": "8.3",
@@ -7555,7 +7653,7 @@
"version": 101
},
"a99f82f5-8e77-4f8b-b3ce-10c0f6afbc73": {
"min_stack_version": "8.3",
"min_stack_version": "8.4",
"previous": {
"7.16": {
"max_allowable_version": 15,
@@ -7570,12 +7668,19 @@
"sha256": "c4909172dfd50108f0abed3aba686e685089632adfc228255d684fb7b32e2c7d",
"type": "query",
"version": 16
},
"8.3": {
"max_allowable_version": 202,
"rule_name": "Google Workspace Password Policy Modified",
"sha256": "b2daab0a2fb7c6a49d316684b16b34bc48a433eb4288b640b70d8f7155f44852",
"type": "query",
"version": 103
}
},
"rule_name": "Google Workspace Password Policy Modified",
"sha256": "d24e6279427b06647bf3fd06e31435ede2a5935b00f6d945edc95bb76184920f",
"type": "query",
"version": 102
"version": 203
},
"a9b05c3b-b304-4bf9-970d-acdfaef2944c": {
"min_stack_version": "8.3",
@@ -7717,9 +7822,9 @@
}
},
"rule_name": "Suspicious WerFault Child Process",
"sha256": "789f1a87e9509a8349805cf16c8fd134c08e9bd3105f7071f23d7bde6ccd3d06",
"sha256": "23935934e5f6286a952467374de45be57eaf2f087a3a5d7173ca4dd442eab89a",
"type": "eql",
"version": 103
"version": 104
},
"ac706eae-d5ec-4b14-b4fd-e8ba8086f0e1": {
"min_stack_version": "8.3",
@@ -7749,12 +7854,12 @@
}
},
"rule_name": "Potential Invoke-Mimikatz PowerShell Script",
"sha256": "d725f48824504ebcff898cc7a18afb3909944fe43308737abf93e1ea5df258fd",
"sha256": "0c8d4a72c696e4332bfa9e13eb0dbd1124b52d8b7d0539a2ef5acffbd89393b6",
"type": "query",
"version": 103
"version": 104
},
"acbc8bb9-2486-49a8-8779-45fb5f9a93ee": {
"min_stack_version": "8.3",
"min_stack_version": "8.4",
"previous": {
"7.16": {
"max_allowable_version": 14,
@@ -7769,12 +7874,19 @@
"sha256": "e83a4b6239ffd937ca01ed100a5d9d4f28967445797a34ee411768d8991f212b",
"type": "query",
"version": 15
},
"8.3": {
"max_allowable_version": 202,
"rule_name": "Google Workspace API Access Granted via Domain-Wide Delegation of Authority",
"sha256": "17446570b779206b8cae475969306c45b64cbe3a2b933fac52f4a5525d6023b2",
"type": "query",
"version": 103
}
},
"rule_name": "Google Workspace API Access Granted via Domain-Wide Delegation of Authority",
"sha256": "a053c9d367e47803d813b89bafecf8c714193d46da3a2ec7eadea82da11342cc",
"type": "query",
"version": 102
"version": 203
},
"acd611f3-2b93-47b3-a0a3-7723bcc46f6d": {
"min_stack_version": "8.3",
@@ -7847,7 +7959,7 @@
"version": 100
},
"ad3f2807-2b3e-47d7-b282-f84acbbe14be": {
"min_stack_version": "8.3",
"min_stack_version": "8.4",
"previous": {
"7.16": {
"max_allowable_version": 14,
@@ -7862,12 +7974,19 @@
"sha256": "c8bca11e5b1732bfc4bffb9bf1377db165824c647a7bc60bf84ec0f947cbde14",
"type": "query",
"version": 15
},
"8.3": {
"max_allowable_version": 202,
"rule_name": "Google Workspace Custom Admin Role Created",
"sha256": "1994f125fb87d27a74be9c4dde9edc895032d5d6fa9897d86f19e87d15ba6b82",
"type": "query",
"version": 103
}
},
"rule_name": "Google Workspace Custom Admin Role Created",
"sha256": "3c372d8580234e86ab7782b92f0f70b058b1cb50f36a7f7a9e6a90d83124659a",
"type": "query",
"version": 102
"version": 203
},
"ad84d445-b1ce-4377-82d9-7c633f28bf9a": {
"min_stack_version": "8.3",
@@ -7881,9 +8000,9 @@
}
},
"rule_name": "Suspicious Portable Executable Encoded in Powershell Script",
"sha256": "fef8bce965a84d33e4643b75262aa8da05a0edd85836287ebc090895c94d2246",
"sha256": "f657373af800c74ccef1ecd06cc71ed81e019056eb98a34716f2226c6016582e",
"type": "query",
"version": 103
"version": 104
},
"ad88231f-e2ab-491c-8fc6-64746da26cfe": {
"min_stack_version": "8.3",
@@ -8294,9 +8413,9 @@
"b946c2f7-df06-4c00-a5aa-1f6fbc7bb72c": {
"min_stack_version": "8.3",
"rule_name": "Multiple Alerts in Different ATT&CK Tactics on a Single Host",
"sha256": "02f6fe3d4d2515b002c8108cdcc4be44a4379be8edb2d52bfc6f36a6dc956eae",
"sha256": "c0cab21b20611d9b1a263e9298c27e29fb538f6289afccfb13bb814958052974",
"type": "threshold",
"version": 2
"version": 3
},
"b9554892-5e0e-424b-83a0-5aef95aa43bf": {
"min_stack_version": "8.3",
@@ -8541,9 +8660,9 @@
}
},
"rule_name": "PowerShell Keylogging Script",
"sha256": "03ce6493c19d1a809851b4007f1eac51dc3cb71a800286ceccb48c38d35002d7",
"sha256": "cf831ea0e6e09584f2304383208a6412f6948628b50083815985e0281224fda7",
"type": "query",
"version": 103
"version": 104
},
"bd7eefee-f671-494e-98df-f01daf9e5f17": {
"min_stack_version": "8.3",
@@ -9227,7 +9346,7 @@
"version": 103
},
"cad4500a-abd7-4ef3-b5d3-95524de7cfe1": {
"min_stack_version": "8.3",
"min_stack_version": "8.4",
"previous": {
"7.16": {
"max_allowable_version": 15,
@@ -9242,12 +9361,19 @@
"sha256": "3ffdd0f16144e0dd0d207c2e8604c3cfc075b03c9e2c2bc68530c26c20242b35",
"type": "query",
"version": 16
},
"8.3": {
"max_allowable_version": 205,
"rule_name": "Google Workspace MFA Enforcement Disabled",
"sha256": "c2c4cecb5067e1562eb9b4381cb2f02f94d8eb714461d1985ff84449ddb93285",
"type": "query",
"version": 106
}
},
"rule_name": "Google Workspace MFA Enforcement Disabled",
"sha256": "34e19b874f33327105443e1ceee3593b9bcb1b30eb30f5795bf9102bb91339c1",
"type": "query",
"version": 105
"version": 206
},
"cb71aa62-55c8-42f0-b0dd-afb0bb0b1f51": {
"min_stack_version": "8.3",
@@ -9288,11 +9414,20 @@
"version": 101
},
"cc6a8a20-2df2-11ed-8378-f661ea17fbce": {
"min_stack_version": "8.3",
"min_stack_version": "8.4",
"previous": {
"8.3": {
"max_allowable_version": 103,
"rule_name": "Google Workspace User Organizational Unit Changed",
"sha256": "3518355a90ee6354be595124e70b25d82c59ea2fbdd8bbbcc0d0e2a62512acdb",
"type": "query",
"version": 4
}
},
"rule_name": "Google Workspace User Organizational Unit Changed",
"sha256": "d60b7181cd6749f1c0bad9cba1e5b7729a705db850228a659eec5f107737a162",
"type": "query",
"version": 3
"version": 104
},
"cc89312d-6f47-48e4-a87c-4977bd4633c3": {
"min_stack_version": "8.3",
@@ -9461,7 +9596,7 @@
"version": 102
},
"cf549724-c577-4fd6-8f9b-d1b8ec519ec0": {
"min_stack_version": "8.3",
"min_stack_version": "8.4",
"previous": {
"7.16": {
"max_allowable_version": 14,
@@ -9476,12 +9611,19 @@
"sha256": "05fe436d072dffdbdb136a88e93c7636e147f91bf5c02b89ba7eeed8fd336e3e",
"type": "query",
"version": 15
},
"8.3": {
"max_allowable_version": 202,
"rule_name": "Domain Added to Google Workspace Trusted Domains",
"sha256": "2422828361db58c9cb60d2f0b2d137390daca7d29b102789915ec3e3aa883430",
"type": "query",
"version": 103
}
},
"rule_name": "Domain Added to Google Workspace Trusted Domains",
"sha256": "d78af46dd84eb3d641be256da5b6c0645335b47293787741d08ae3dc07ff0ed5",
"type": "query",
"version": 102
"version": 203
},
"cff92c41-2225-4763-b4ce-6f71e5bda5e6": {
"min_stack_version": "8.3",
@@ -10333,9 +10475,9 @@
}
},
"rule_name": "Suspicious .NET Reflection via PowerShell",
"sha256": "b7d9a84b34f7f5c23cdf325de8e97c6d1f72f685f26b659e435f33c59a6153ff",
"sha256": "df2b42656b315cd8e12e0096dabeb608860871497071ca47c3a8d6fe12739c68",
"type": "query",
"version": 103
"version": 104
},
"e2a67480-3b79-403d-96e3-fdd2992c50ef": {
"min_stack_version": "8.3",
@@ -10514,7 +10656,7 @@
"version": 103
},
"e555105c-ba6d-481f-82bb-9b633e7b4827": {
"min_stack_version": "8.3",
"min_stack_version": "8.4",
"previous": {
"7.16": {
"max_allowable_version": 15,
@@ -10529,12 +10671,19 @@
"sha256": "da0c5e7ff098e790a9bbfe529a062110d2e03eeaf932eb822601bed55710c833",
"type": "query",
"version": 16
},
"8.3": {
"max_allowable_version": 202,
"rule_name": "MFA Disabled for Google Workspace Organization",
"sha256": "7f4d5eb6734f8c3c60ded7d24a7a3339afd5255c9fd1bf01acfe5972e671f89b",
"type": "query",
"version": 103
}
},
"rule_name": "MFA Disabled for Google Workspace Organization",
"sha256": "374a8185c7f83236836608b1bd1b4aa5ea94dfbb014a9ecbc59316b18f977a26",
"type": "query",
"version": 102
"version": 203
},
"e56993d2-759c-4120-984c-9ec9bb940fd5": {
"rule_name": "RDP (Remote Desktop Protocol) to the Internet",
@@ -10838,9 +10987,9 @@
}
},
"rule_name": "PowerShell Kerberos Ticket Request",
"sha256": "e2884c04f54ee6d27c4563c9199517c6ad5f56733dc0b0fc51a4cebb6602706e",
"sha256": "61731234033af30d76cb16b67695025f656a28ab6010571fc3eaa82657bcb16e",
"type": "query",
"version": 103
"version": 104
},
"eb6a3790-d52d-11ec-8ce9-f661ea17fbce": {
"min_stack_version": "8.3",