[Rule Tuning] Remove all rule timelines (#466)

2020-11-03 19:51:53 +01:00
parent da64bacac1
commit f87f2a46f4
177 changed files with 177 additions and 531 deletions
@@ -2,7 +2,7 @@
 creation_date = "2020/02/18"
 ecs_version = ["1.6.0"]
 maturity = "production"
-updated_date = "2020/11/02"
+updated_date = "2020/11/03"

 [rule]
 author = ["Elastic"]
@@ -26,8 +26,6 @@ risk_score = 21
 rule_id = "7a137d76-ce3d-48e2-947d-2747796a78c0"
 severity = "low"
 tags = ["Elastic", "Host", "Linux", "Threat Detection", "Credential Access"]
-timeline_id = "76e52245-7519-4251-91ab-262fb1a1728c"
-timeline_title = "Generic Process Timeline"
 type = "query"

 query = '''
@@ -2,7 +2,7 @@
 creation_date = "2020/04/24"
 ecs_version = ["1.6.0"]
 maturity = "production"
-updated_date = "2020/11/02"
+updated_date = "2020/11/03"

 [rule]
 author = ["Elastic"]
@@ -19,8 +19,6 @@ risk_score = 47
 rule_id = "125417b8-d3df-479f-8418-12d7e034fee3"
 severity = "medium"
 tags = ["Elastic", "Host", "Linux", "Threat Detection", "Defense Evasion"]
-timeline_id = "76e52245-7519-4251-91ab-262fb1a1728c"
-timeline_title = "Generic Process Timeline"
 type = "query"

 query = '''
@@ -2,7 +2,7 @@
 creation_date = "2020/04/27"
 ecs_version = ["1.6.0"]
 maturity = "production"
-updated_date = "2020/11/02"
+updated_date = "2020/11/03"

 [rule]
 author = ["Elastic"]
@@ -19,8 +19,6 @@ risk_score = 47
 rule_id = "2f8a1226-5720-437d-9c20-e0029deb6194"
 severity = "medium"
 tags = ["Elastic", "Host", "Linux", "Threat Detection", "Defense Evasion"]
-timeline_id = "76e52245-7519-4251-91ab-262fb1a1728c"
-timeline_title = "Generic Process Timeline"
 type = "query"

 query = '''
@@ -2,7 +2,7 @@
 creation_date = "2020/04/17"
 ecs_version = ["1.6.0"]
 maturity = "production"
-updated_date = "2020/11/02"
+updated_date = "2020/11/03"

 [rule]
 author = ["Elastic"]
@@ -22,8 +22,6 @@ risk_score = 21
 rule_id = "debff20a-46bc-4a4d-bae5-5cdd14222795"
 severity = "low"
 tags = ["Elastic", "Host", "Linux", "Threat Detection", "Defense Evasion"]
-timeline_id = "76e52245-7519-4251-91ab-262fb1a1728c"
-timeline_title = "Generic Process Timeline"
 type = "query"

 query = '''
@@ -2,7 +2,7 @@
 creation_date = "2020/04/17"
 ecs_version = ["1.6.0"]
 maturity = "production"
-updated_date = "2020/11/02"
+updated_date = "2020/11/03"

 [rule]
 author = ["Elastic"]
@@ -22,8 +22,6 @@ risk_score = 21
 rule_id = "97f22dab-84e8-409d-955e-dacd1d31670b"
 severity = "low"
 tags = ["Elastic", "Host", "Linux", "Threat Detection", "Defense Evasion"]
-timeline_id = "76e52245-7519-4251-91ab-262fb1a1728c"
-timeline_title = "Generic Process Timeline"
 type = "query"

 query = '''
@@ -2,7 +2,7 @@
 creation_date = "2020/05/04"
 ecs_version = ["1.6.0"]
 maturity = "production"
-updated_date = "2020/11/02"
+updated_date = "2020/11/03"

 [rule]
 author = ["Elastic"]
@@ -19,8 +19,6 @@ risk_score = 47
 rule_id = "7bcbb3ac-e533-41ad-a612-d6c3bf666aba"
 severity = "medium"
 tags = ["Elastic", "Host", "Linux", "Threat Detection", "Defense Evasion"]
-timeline_id = "76e52245-7519-4251-91ab-262fb1a1728c"
-timeline_title = "Generic Process Timeline"
 type = "query"

 query = '''
@@ -2,7 +2,7 @@
 creation_date = "2020/04/22"
 ecs_version = ["1.6.0"]
 maturity = "production"
-updated_date = "2020/11/02"
+updated_date = "2020/11/03"

 [rule]
 author = ["Elastic"]
@@ -20,8 +20,6 @@ risk_score = 47
 rule_id = "eb9eb8ba-a983-41d9-9c93-a1c05112ca5e"
 severity = "medium"
 tags = ["Elastic", "Host", "Linux", "Threat Detection", "Defense Evasion"]
-timeline_id = "76e52245-7519-4251-91ab-262fb1a1728c"
-timeline_title = "Generic Process Timeline"
 type = "query"

 query = '''
@@ -2,7 +2,7 @@
 creation_date = "2020/04/27"
 ecs_version = ["1.6.0"]
 maturity = "production"
-updated_date = "2020/11/02"
+updated_date = "2020/11/03"

 [rule]
 author = ["Elastic"]
@@ -20,8 +20,6 @@ risk_score = 21
 rule_id = "a1329140-8de3-4445-9f87-908fb6d824f4"
 severity = "low"
 tags = ["Elastic", "Host", "Linux", "Threat Detection", "Defense Evasion"]
-timeline_id = "76e52245-7519-4251-91ab-262fb1a1728c"
-timeline_title = "Generic Process Timeline"
 type = "query"

 query = '''
@@ -2,7 +2,7 @@
 creation_date = "2020/04/21"
 ecs_version = ["1.6.0"]
 maturity = "production"
-updated_date = "2020/11/02"
+updated_date = "2020/11/03"

 [rule]
 author = ["Elastic"]
@@ -25,8 +25,6 @@ risk_score = 21
 rule_id = "9f9a2a82-93a8-4b1a-8778-1780895626d4"
 severity = "low"
 tags = ["Elastic", "Host", "Linux", "Threat Detection", "Defense Evasion"]
-timeline_id = "76e52245-7519-4251-91ab-262fb1a1728c"
-timeline_title = "Generic Process Timeline"
 type = "query"

 query = '''
@@ -2,7 +2,7 @@
 creation_date = "2020/04/17"
 ecs_version = ["1.6.0"]
 maturity = "production"
-updated_date = "2020/11/02"
+updated_date = "2020/11/03"

 [rule]
 author = ["Elastic"]
@@ -22,8 +22,6 @@ risk_score = 21
 rule_id = "a9198571-b135-4a76-b055-e3e5a476fd83"
 severity = "low"
 tags = ["Elastic", "Host", "Linux", "Threat Detection", "Defense Evasion"]
-timeline_id = "76e52245-7519-4251-91ab-262fb1a1728c"
-timeline_title = "Generic Process Timeline"
 type = "query"

 query = '''
@@ -2,7 +2,7 @@
 creation_date = "2020/04/29"
 ecs_version = ["1.6.0"]
 maturity = "production"
-updated_date = "2020/11/02"
+updated_date = "2020/11/03"

 [rule]
 author = ["Elastic"]
@@ -27,8 +27,6 @@ risk_score = 47
 rule_id = "b9666521-4742-49ce-9ddc-b8e84c35acae"
 severity = "medium"
 tags = ["Elastic", "Host", "Linux", "Threat Detection", "Defense Evasion"]
-timeline_id = "76e52245-7519-4251-91ab-262fb1a1728c"
-timeline_title = "Generic Process Timeline"
 type = "query"

 query = '''
@@ -2,7 +2,7 @@
 creation_date = "2020/04/24"
 ecs_version = ["1.6.0"]
 maturity = "production"
-updated_date = "2020/11/02"
+updated_date = "2020/11/03"

 [rule]
 author = ["Elastic"]
@@ -27,8 +27,6 @@ risk_score = 73
 rule_id = "cd66a5af-e34b-4bb0-8931-57d0a043f2ef"
 severity = "high"
 tags = ["Elastic", "Host", "Linux", "Threat Detection", "Defense Evasion"]
-timeline_id = "76e52245-7519-4251-91ab-262fb1a1728c"
-timeline_title = "Generic Process Timeline"
 type = "query"

 query = '''
@@ -2,7 +2,7 @@
 creation_date = "2020/04/23"
 ecs_version = ["1.6.0"]
 maturity = "production"
-updated_date = "2020/11/02"
+updated_date = "2020/11/03"

 [rule]
 author = ["Elastic"]
@@ -26,8 +26,6 @@ risk_score = 47
 rule_id = "2d8043ed-5bda-4caf-801c-c1feb7410504"
 severity = "medium"
 tags = ["Elastic", "Host", "Linux", "Threat Detection", "Discovery"]
-timeline_id = "76e52245-7519-4251-91ab-262fb1a1728c"
-timeline_title = "Generic Process Timeline"
 type = "query"

 query = '''
@@ -2,7 +2,7 @@
 creation_date = "2020/04/27"
 ecs_version = ["1.6.0"]
 maturity = "production"
-updated_date = "2020/11/02"
+updated_date = "2020/11/03"

 [rule]
 author = ["Elastic"]
@@ -26,8 +26,6 @@ risk_score = 73
 rule_id = "5b03c9fb-9945-4d2f-9568-fd690fee3fba"
 severity = "high"
 tags = ["Elastic", "Host", "Linux", "Threat Detection", "Discovery"]
-timeline_id = "76e52245-7519-4251-91ab-262fb1a1728c"
-timeline_title = "Generic Process Timeline"
 type = "query"

 query = '''
@@ -2,7 +2,7 @@
 creation_date = "2020/02/18"
 ecs_version = ["1.6.0"]
 maturity = "production"
-updated_date = "2020/11/02"
+updated_date = "2020/11/03"

 [rule]
 author = ["Elastic"]
@@ -25,8 +25,6 @@ risk_score = 21
 rule_id = "120559c6-5e24-49f4-9e30-8ffe697df6b9"
 severity = "low"
 tags = ["Elastic", "Host", "Linux", "Threat Detection", "Discovery"]
-timeline_id = "76e52245-7519-4251-91ab-262fb1a1728c"
-timeline_title = "Generic Process Timeline"
 type = "query"

 query = '''
@@ -2,7 +2,7 @@
 creation_date = "2020/04/16"
 ecs_version = ["1.6.0"]
 maturity = "production"
-updated_date = "2020/11/02"
+updated_date = "2020/11/03"

 [rule]
 author = ["Elastic"]
@@ -19,8 +19,6 @@ risk_score = 73
 rule_id = "05e5a668-7b51-4a67-93ab-e9af405c9ef3"
 severity = "high"
 tags = ["Elastic", "Host", "Linux", "Threat Detection", "Execution"]
-timeline_id = "76e52245-7519-4251-91ab-262fb1a1728c"
-timeline_title = "Generic Process Timeline"
 type = "query"

 query = '''
@@ -2,7 +2,7 @@
 creation_date = "2020/04/15"
 ecs_version = ["1.6.0"]
 maturity = "production"
-updated_date = "2020/11/02"
+updated_date = "2020/11/03"

 [rule]
 author = ["Elastic"]
@@ -19,8 +19,6 @@ risk_score = 73
 rule_id = "d76b02ef-fc95-4001-9297-01cb7412232f"
 severity = "high"
 tags = ["Elastic", "Host", "Linux", "Threat Detection", "Execution"]
-timeline_id = "76e52245-7519-4251-91ab-262fb1a1728c"
-timeline_title = "Generic Process Timeline"
 type = "query"

 query = '''
@@ -2,7 +2,7 @@
 creation_date = "2020/04/23"
 ecs_version = ["1.6.0"]
 maturity = "production"
-updated_date = "2020/11/02"
+updated_date = "2020/11/03"

 [rule]
 author = ["Elastic"]
@@ -27,8 +27,6 @@ risk_score = 47
 rule_id = "e19e64ee-130e-4c07-961f-8a339f0b8362"
 severity = "medium"
 tags = ["Elastic", "Host", "Linux", "Threat Detection", "Lateral Movement"]
-timeline_id = "76e52245-7519-4251-91ab-262fb1a1728c"
-timeline_title = "Generic Process Timeline"
 type = "eql"

 query = '''
@@ -2,7 +2,7 @@
 creation_date = "2020/04/23"
 ecs_version = ["1.6.0"]
 maturity = "production"
-updated_date = "2020/11/02"
+updated_date = "2020/11/03"

 [rule]
 author = ["Elastic"]
@@ -27,8 +27,6 @@ risk_score = 47
 rule_id = "1b21abcc-4d9f-4b08-a7f5-316f5f94b973"
 severity = "medium"
 tags = ["Elastic", "Host", "Linux", "Threat Detection", "Lateral Movement"]
-timeline_id = "76e52245-7519-4251-91ab-262fb1a1728c"
-timeline_title = "Generic Process Timeline"
 type = "eql"

 query = '''
@@ -2,7 +2,7 @@
 creation_date = "2020/02/18"
 ecs_version = ["1.6.0"]
 maturity = "production"
-updated_date = "2020/11/02"
+updated_date = "2020/11/03"

 [rule]
 author = ["Elastic"]
@@ -26,8 +26,6 @@ risk_score = 73
 rule_id = "90169566-2260-4824-b8e4-8615c3b4ed52"
 severity = "high"
 tags = ["Elastic", "Host", "Linux", "Threat Detection"]
-timeline_id = "76e52245-7519-4251-91ab-262fb1a1728c"
-timeline_title = "Generic Process Timeline"
 type = "query"

 query = '''
@@ -2,7 +2,7 @@
 creation_date = "2020/02/18"
 ecs_version = ["1.6.0"]
 maturity = "production"
-updated_date = "2020/11/02"
+updated_date = "2020/11/03"

 [rule]
 author = ["Elastic"]
@@ -26,8 +26,6 @@ risk_score = 73
 rule_id = "041d4d41-9589-43e2-ba13-5680af75ebc2"
 severity = "high"
 tags = ["Elastic", "Host", "Linux", "Threat Detection"]
-timeline_id = "76e52245-7519-4251-91ab-262fb1a1728c"
-timeline_title = "Generic Process Timeline"
 type = "query"

 query = '''
@@ -2,7 +2,7 @@
 creation_date = "2020/02/18"
 ecs_version = ["1.6.0"]
 maturity = "production"
-updated_date = "2020/11/02"
+updated_date = "2020/11/03"

 [rule]
 author = ["Elastic"]
@@ -28,8 +28,6 @@ risk_score = 21
 rule_id = "61c31c14-507f-4627-8c31-072556b89a9c"
 severity = "low"
 tags = ["Elastic", "Host", "Linux", "Threat Detection"]
-timeline_id = "76e52245-7519-4251-91ab-262fb1a1728c"
-timeline_title = "Generic Process Timeline"
 type = "query"

 query = '''
@@ -2,7 +2,7 @@
 creation_date = "2020/02/18"
 ecs_version = ["1.6.0"]
 maturity = "production"
-updated_date = "2020/11/02"
+updated_date = "2020/11/03"

 [rule]
 author = ["Elastic"]
@@ -32,8 +32,6 @@ risk_score = 47
 rule_id = "adb961e0-cb74-42a0-af9e-29fc41f88f5f"
 severity = "medium"
 tags = ["Elastic", "Host", "Linux", "Threat Detection"]
-timeline_id = "76e52245-7519-4251-91ab-262fb1a1728c"
-timeline_title = "Generic Process Timeline"
 type = "eql"

 query = '''
@@ -2,7 +2,7 @@
 creation_date = "2020/02/18"
 ecs_version = ["1.6.0"]
 maturity = "production"
-updated_date = "2020/11/02"
+updated_date = "2020/11/03"

 [rule]
 author = ["Elastic"]
@@ -28,8 +28,6 @@ risk_score = 21
 rule_id = "c87fca17-b3a9-4e83-b545-f30746c53920"
 severity = "low"
 tags = ["Elastic", "Host", "Linux", "Threat Detection"]
-timeline_id = "76e52245-7519-4251-91ab-262fb1a1728c"
-timeline_title = "Generic Process Timeline"
 type = "query"

 query = '''
@@ -2,7 +2,7 @@
 creation_date = "2020/02/18"
 ecs_version = ["1.6.0"]
 maturity = "production"
-updated_date = "2020/11/02"
+updated_date = "2020/11/03"

 [rule]
 author = ["Elastic"]
@@ -26,8 +26,6 @@ risk_score = 47
 rule_id = "0d69150b-96f8-467c-a86d-a67a3378ce77"
 severity = "medium"
 tags = ["Elastic", "Host", "Linux", "Threat Detection"]
-timeline_id = "76e52245-7519-4251-91ab-262fb1a1728c"
-timeline_title = "Generic Process Timeline"
 type = "query"

 query = '''
@@ -2,7 +2,7 @@
 creation_date = "2020/02/18"
 ecs_version = ["1.6.0"]
 maturity = "production"
-updated_date = "2020/11/02"
+updated_date = "2020/11/03"

 [rule]
 author = ["Elastic"]
@@ -22,8 +22,6 @@ risk_score = 47
 rule_id = "df959768-b0c9-4d45-988c-5606a2be8e5a"
 severity = "medium"
 tags = ["Elastic", "Host", "Linux", "Threat Detection"]
-timeline_id = "76e52245-7519-4251-91ab-262fb1a1728c"
-timeline_title = "Generic Process Timeline"
 type = "query"

 query = '''
@@ -2,7 +2,7 @@
 creation_date = "2020/02/18"
 ecs_version = ["1.6.0"]
 maturity = "production"
-updated_date = "2020/11/02"
+updated_date = "2020/11/03"

 [rule]
 author = ["Elastic"]
@@ -27,8 +27,6 @@ risk_score = 47
 rule_id = "cd4d5754-07e1-41d4-b9a5-ef4ea6a0a126"
 severity = "medium"
 tags = ["Elastic", "Host", "Linux", "Threat Detection"]
-timeline_id = "76e52245-7519-4251-91ab-262fb1a1728c"
-timeline_title = "Generic Process Timeline"
 type = "query"

 query = '''
@@ -2,7 +2,7 @@
 creation_date = "2020/02/18"
 ecs_version = ["1.6.0"]
 maturity = "production"
-updated_date = "2020/11/02"
+updated_date = "2020/11/03"

 [rule]
 author = ["Elastic"]
@@ -26,8 +26,6 @@ risk_score = 21
 rule_id = "d6450d4e-81c6-46a3-bd94-079886318ed5"
 severity = "low"
 tags = ["Elastic", "Host", "Linux", "Threat Detection"]
-timeline_id = "76e52245-7519-4251-91ab-262fb1a1728c"
-timeline_title = "Generic Process Timeline"
 type = "query"

 query = '''
@@ -2,7 +2,7 @@
 creation_date = "2020/02/18"
 ecs_version = ["1.6.0"]
 maturity = "production"
-updated_date = "2020/11/02"
+updated_date = "2020/11/03"

 [rule]
 author = ["Elastic"]
@@ -25,8 +25,6 @@ risk_score = 21
 rule_id = "81cc58f5-8062-49a2-ba84-5cc4b4d31c40"
 severity = "low"
 tags = ["Elastic", "Host", "Linux", "Threat Detection", "Persistence"]
-timeline_id = "76e52245-7519-4251-91ab-262fb1a1728c"
-timeline_title = "Generic Process Timeline"
 type = "query"

 query = '''
@@ -2,7 +2,7 @@
 creation_date = "2020/02/18"
 ecs_version = ["1.6.0"]
 maturity = "production"
-updated_date = "2020/11/02"
+updated_date = "2020/11/03"

 [rule]
 author = ["Elastic"]
@@ -23,8 +23,6 @@ risk_score = 47
 rule_id = "231876e7-4d1f-4d63-a47c-47dd1acdc1cb"
 severity = "medium"
 tags = ["Elastic", "Host", "Linux", "Threat Detection", "Persistence"]
-timeline_id = "76e52245-7519-4251-91ab-262fb1a1728c"
-timeline_title = "Generic Process Timeline"
 type = "query"

 query = '''
@@ -2,7 +2,7 @@
 creation_date = "2020/04/23"
 ecs_version = ["1.6.0"]
 maturity = "production"
-updated_date = "2020/11/02"
+updated_date = "2020/11/03"

 [rule]
 author = ["Elastic"]
@@ -22,8 +22,6 @@ risk_score = 21
 rule_id = "3a86e085-094c-412d-97ff-2439731e59cb"
 severity = "low"
 tags = ["Elastic", "Host", "Linux", "Threat Detection", "Privilege Escalation"]
-timeline_id = "76e52245-7519-4251-91ab-262fb1a1728c"
-timeline_title = "Generic Process Timeline"
 type = "query"

 query = '''
@@ -2,7 +2,7 @@
 creation_date = "2020/04/23"
 ecs_version = ["1.6.0"]
 maturity = "production"
-updated_date = "2020/11/02"
+updated_date = "2020/11/03"

 [rule]
 author = ["Elastic"]
@@ -22,8 +22,6 @@ risk_score = 21
 rule_id = "8a1b0278-0f9a-487d-96bd-d4833298e87a"
 severity = "low"
 tags = ["Elastic", "Host", "Linux", "Threat Detection", "Privilege Escalation"]
-timeline_id = "76e52245-7519-4251-91ab-262fb1a1728c"
-timeline_title = "Generic Process Timeline"
 type = "query"

 query = '''