security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10 (#3108)

Browse Source 
* Locked versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10

* Update detection_rules/etc/version.lock.json

---------

Co-authored-by: terrancedejesus <terrancedejesus@users.noreply.github.com>
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
This commit is contained in:
github-actions[bot]
2023-09-18 11:14:42 -04:00
committed by GitHub
parent b291317ea6
commit de2b97a492
1 changed files with 120 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
detection_rules/etc/version.lock.json
+120 -15
View File
@@ -190,6 +190,13 @@
"type": "eql",
"version": 106
},
"07639887-da3a-4fbf-9532-8ce748ff8c50": {
"min_stack_version": "8.3",
"rule_name": "GitHub Protected Branch Settings Changed",
"sha256": "b801d28bb5398fb531f21cecefae0f3c21b0d7b4c675fc8349ccf4448e7a2b7c",
"type": "eql",
"version": 1
},
"0787daa6-f8c5-453b-a4ec-048037f6c1cd": {
"min_stack_version": "8.3",
"rule_name": "Suspicious Proc Pseudo File System Enumeration",
@@ -340,9 +347,9 @@
"0c41e478-5263-4c69-8f9e-7dfd2c22da64": {
"min_stack_version": "8.5",
"rule_name": "Threat Intel IP Address Indicator Match",
"sha256": "88e3b7fed59fc79874b0d6375168a21a7623b3a38a74c838ea3c3698190a92d1",
"sha256": "421308bb2c832aaa4cdbefbde389b0ff645e12fc5d7ea78c9296139099772abb",
"type": "threat_match",
"version": 2
"version": 3
},
"0c7ca5c2-728d-4ad9-b1c5-bbba83ecb1f4": {
"min_stack_version": "8.3",
@@ -637,6 +644,13 @@
"type": "query",
"version": 102
},
"14dab405-5dd9-450c-8106-72951af2391f": {
"min_stack_version": "8.3",
"rule_name": "Office Test Registry Persistence",
"sha256": "2a26bc9292902c92d9bc73a14ff7e20ffa9c0904b209692b1e8e23bd32c88fb3",
"type": "eql",
"version": 1
},
"14de811c-d60f-11ec-9fd7-f661ea17fbce": {
"min_stack_version": "8.4",
"previous": {
@@ -967,6 +981,13 @@
"type": "query",
"version": 6
},
"1f460f12-a3cf-4105-9ebb-f788cc63f365": {
"min_stack_version": "8.3",
"rule_name": "Unusual Process Execution on WBEM Path",
"sha256": "7d596dca903c48dde13a6b90746947628693b11dd9140e3eb89ca6eba10ae966",
"type": "eql",
"version": 1
},
"1faec04b-d902-4f89-8aff-92cd9043c16f": {
"min_stack_version": "8.3",
"rule_name": "Unusual Linux User Calling the Metadata Service",
@@ -1036,6 +1057,13 @@
"type": "query",
"version": 100
},
"210d4430-b371-470e-b879-80b7182aa75e": {
"min_stack_version": "8.3",
"rule_name": "Mofcomp Activity",
"sha256": "d42c6a1889b42bcd83cb46d9838038cfd4248b792d5fef1abc4cedc81b269d4a",
"type": "eql",
"version": 1
},
"21bafdf0-cf17-11ed-bd57-f661ea17fbcc": {
"min_stack_version": "8.4",
"rule_name": "First Time Seen Google Workspace OAuth Login from Third-Party Application",
@@ -1517,6 +1545,13 @@
"type": "eql",
"version": 1
},
"345889c4-23a8-4bc0-b7ca-756bd17ce83b": {
"min_stack_version": "8.3",
"rule_name": "GitHub Repository Deleted",
"sha256": "82225047c1559d8bba7c15944953088395802e8a1ad8fd0552714eee65b22635",
"type": "eql",
"version": 1
},
"34fde489-94b0-4500-a76f-b8a157cf9269": {
"min_stack_version": "8.3",
"rule_name": "Accepted Default Telnet Port Connection",
@@ -1655,6 +1690,13 @@
"type": "query",
"version": 103
},
"39157d52-4035-44a8-9d1a-6f8c5f580a07": {
"min_stack_version": "8.3",
"rule_name": "Downloaded Shortcut Files",
"sha256": "362ab87565072831948627491a1ba91889340030ce6f1438122322ffa57acb5d",
"type": "eql",
"version": 1
},
"397945f3-d39a-4e6f-8bcb-9656c2031438": {
"min_stack_version": "8.3",
"rule_name": "Persistence via Microsoft Outlook VBA",
@@ -1706,9 +1748,9 @@
"3b47900d-e793-49e8-968f-c90dc3526aa1": {
"min_stack_version": "8.3",
"rule_name": "Unusual Parent Process for cmd.exe",
"sha256": "a9acccb7d18adc13099ab88eb003c037bf57f2defa18fc91c8945299c38cba92",
"sha256": "97b3141cf72282ca02c73091a527edf31e31d10d22d241e91c6d173bc1abd792",
"type": "eql",
"version": 106
"version": 107
},
"3bc6deaa-fbd4-433a-ae21-3e892f95624f": {
"min_stack_version": "8.3",
@@ -2334,12 +2376,19 @@
"type": "eql",
"version": 106
},
"53dedd83-1be7-430f-8026-363256395c8b": {
"min_stack_version": "8.3",
"rule_name": "Binary Content Copy via Cmd.exe",
"sha256": "3ab2b049abaa1462ebed7b019dcd5da6957b5328c2ce7d2eb86b87e74a4ec28d",
"type": "eql",
"version": 1
},
"54902e45-3467-49a4-8abc-529f2c8cfb80": {
"min_stack_version": "8.3",
"rule_name": "Uncommon Registry Persistence Change",
"sha256": "950bfce6a55758ef6c60b1fd13ef84531915c61992e405c7217f3bcb40df0f3f",
"sha256": "470d8e6c5c1dfd3564bd5f3b59d7853db9137942de25c38e4281b2d16df70ede",
"type": "eql",
"version": 104
"version": 105
},
"54a81f68-5f2a-421e-8eed-f888278bb712": {
"min_stack_version": "8.3",
@@ -2586,6 +2635,13 @@
"type": "new_terms",
"version": 6
},
"5c895b4f-9133-4e68-9e23-59902175355c": {
"min_stack_version": "8.6",
"rule_name": "Potential Meterpreter Reverse Shell",
"sha256": "5941e6650b12bc02b03d289fa389b9f2347c53636e6368753bd5917b5a776cd5",
"type": "eql",
"version": 1
},
"5c983105-4681-46c3-9890-0c66d05e776b": {
"min_stack_version": "8.3",
"rule_name": "Unusual Linux Process Discovery Activity",
@@ -3537,6 +3593,13 @@
"type": "eql",
"version": 3
},
"800e01be-a7a4-46d0-8de9-69f3c9582b44": {
"min_stack_version": "8.3",
"rule_name": "Unusual Process Extension",
"sha256": "15e1dd225bae684eac522b61872faae250a8aac0c4cb71b4e6d68986665587ed",
"type": "eql",
"version": 1
},
"809b70d3-e2c3-455e-af1b-2626a5a1a276": {
"min_stack_version": "8.3",
"rule_name": "Unusual City For an AWS Command",
@@ -4577,6 +4640,13 @@
"type": "eql",
"version": 2
},
"a5eb21b7-13cc-4b94-9fe2-29bb2914e037": {
"min_stack_version": "8.6",
"rule_name": "Potential Reverse Shell via UDP",
"sha256": "2bb373420b8f04de56b4e10442d426787ff255a9ed14d92c64f05a0c3334871f",
"type": "eql",
"version": 1
},
"a5f0d057-d540-44f5-924d-c6a2ae92f045": {
"min_stack_version": "8.3",
"rule_name": "Potential SSH Brute Force Detected on Privileged Account",
@@ -4601,9 +4671,9 @@
"a61809f3-fb5b-465c-8bff-23a8a068ac60": {
"min_stack_version": "8.5",
"rule_name": "Threat Intel Windows Registry Indicator Match",
"sha256": "1867577987b72a8cb67a4b74b89643d3df862354ae3eadfd616c9b51ec1000a0",
"sha256": "4c02e860e8200660cdd059bfaa155532f5b584f3325ac7ffbdafbebcefe5a234",
"type": "threat_match",
"version": 2
"version": 3
},
"a624863f-a70d-417f-a7d2-7a404638d47f": {
"min_stack_version": "8.3",
@@ -4714,9 +4784,9 @@
"aab184d3-72b3-4639-b242-6597c99d8bca": {
"min_stack_version": "8.5",
"rule_name": "Threat Intel Hash Indicator Match",
"sha256": "b84f93be7b12d9e7b6dc37e4b6f6f68f717bbb33d181321aaa4a2f77ed66a60d",
"sha256": "1532d5577abdf44288ebeb628cd80e676e02e99367876b31e9c46200d37d5e81",
"type": "threat_match",
"version": 3
"version": 4
},
"ab75c24b-2502-43a0-bf7c-e60e662c811e": {
"min_stack_version": "8.3",
@@ -4889,6 +4959,13 @@
"type": "eql",
"version": 105
},
"afd04601-12fc-4149-9b78-9c3f8fe45d39": {
"min_stack_version": "8.3",
"rule_name": "Network Activity Detected via cat",
"sha256": "842200b53b379cfcfe0e98cce8c0775e7120c7312edc3aecaa2cae7783559566",
"type": "eql",
"version": 1
},
"afe6b0eb-dd9d-4922-b08a-1910124d524d": {
"min_stack_version": "8.3",
"rule_name": "Potential Privilege Escalation via Container Misconfiguration",
@@ -5091,6 +5168,13 @@
"type": "eql",
"version": 104
},
"b8f8da2d-a9dc-48c0-90e4-955c0aa1259a": {
"min_stack_version": "8.3",
"rule_name": "Kirbi File Creation",
"sha256": "5cc88228ed8f2119aba7d21bef4e172fec1499a3b3b8168eb439cb581d94c2ac",
"type": "eql",
"version": 1
},
"b90cdde7-7e0d-4359-8bf0-2c112ce2008a": {
"min_stack_version": "8.3",
"rule_name": "UAC Bypass Attempt with IEditionUpgradeManager Elevated COM Interface",
@@ -5745,6 +5829,13 @@
"type": "eql",
"version": 105
},
"cd82e3d6-1346-4afd-8f22-38388bbf34cb": {
"min_stack_version": "8.3",
"rule_name": "Downloaded URL Files",
"sha256": "3b2b2822568470b436f1a1db2ca7db260343faeb5f156b1b3b697a4393137938",
"type": "eql",
"version": 1
},
"cd89602e-9db0-48e3-9391-ae3bf241acd8": {
"min_stack_version": "8.3",
"rule_name": "Attempt to Deactivate MFA for an Okta User Account",
@@ -5886,6 +5977,13 @@
"type": "eql",
"version": 6
},
"d3551433-782f-4e22-bbea-c816af2d41c6": {
"min_stack_version": "8.3",
"rule_name": "WMI WBEMTEST Utility Execution",
"sha256": "687d0e851309a066fb0d13b00750846d62e6da9fca5b2a80f9f8b6864ada9b76",
"type": "eql",
"version": 1
},
"d461fac0-43e8-49e2-85ea-3a58fe120b4f": {
"min_stack_version": "8.3",
"rule_name": "Shell Execution via Apple Scripting",
@@ -6492,7 +6590,7 @@
"rule_name": "Suspicious WMI Event Subscription Created",
"sha256": "bee333bfc8d77b96f009283d0b8dc93b5e2e38ef6b27b38b21daccf6fe50833a",
"type": "eql",
"version": 2
"version": 4
},
"e74d645b-fec6-431e-bf93-ca64a538e0de": {
"min_stack_version": "8.3",
@@ -6886,9 +6984,9 @@
"f3e22c8b-ea47-45d1-b502-b57b6de950b3": {
"min_stack_version": "8.5",
"rule_name": "Threat Intel URL Indicator Match",
"sha256": "b03b79e60e32f4744d7db406946e56fc43bf99671ae3c7cd9af2dabdb17d171f",
"sha256": "f8210c3d8a13d1354dfe9c14053034eafc71b8bef3477f9e8e7279672ce95601",
"type": "threat_match",
"version": 2
"version": 3
},
"f44fa4b6-524c-4e87-8d9e-a32599e4fb7c": {
"min_stack_version": "8.3",
@@ -6938,6 +7036,13 @@
"type": "query",
"version": 1
},
"f59668de-caa0-4b84-94c1-3a1549e1e798": {
"min_stack_version": "8.3",
"rule_name": "WMIC Remote Command",
"sha256": "dc6e94a20b8f1618cea407e2ac25227adc96daf497e2c1b5b034408f0e1aa3c9",
"type": "eql",
"version": 1
},
"f5fb4598-4f10-11ed-bdc3-0242ac120002": {
"min_stack_version": "8.3",
"rule_name": "Masquerading Space After Filename",
@@ -7004,9 +7109,9 @@
"f7c4dc5a-a58d-491d-9f14-9b66507121c0": {
"min_stack_version": "8.3",
"rule_name": "Persistent Scripts in the Startup Directory",
"sha256": "b1b304251797d95d12cc192562063ef62b6569b453974d77fb9f017320ae1731",
"sha256": "afb59ffb04d13b21e0f2cff08ed6f27c27dde808d3cb5b84a5eb3ddb2d566665",
"type": "eql",
"version": 107
"version": 108
},
"f81ee52c-297e-46d9-9205-07e66931df26": {
"min_stack_version": "8.3",