From fadd7fe32007e8ef13e6b3823f62e3dfd6aa42c0 Mon Sep 17 00:00:00 2001
From: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
Date: Wed, 27 Sep 2023 16:17:52 -0400
Subject: [PATCH] [Rule Tuning] Update `LMD` Rules Min-Stack to `8.5` (#3142)

* updating min-stack to 8.5

* updated min stack comments

(cherry picked from commit 8650b26002a5d31731f00ff3d8433e0857d574c2)
---
 .../lateral_movement_malicious_remote_file_creation.toml    | 6 +++---
 .../lmd/lateral_movement_ml_high_mean_rdp_process_args.toml | 6 +++---
 .../lateral_movement_ml_high_mean_rdp_session_duration.toml | 6 +++---
 .../lmd/lateral_movement_ml_high_remote_file_size.toml      | 6 +++---
 ...eral_movement_ml_high_variance_rdp_session_duration.toml | 6 +++---
 .../lmd/lateral_movement_ml_rare_remote_file_directory.toml | 6 +++---
 .../lmd/lateral_movement_ml_rare_remote_file_extension.toml | 6 +++---
 ...l_movement_ml_spike_in_connections_from_a_source_ip.toml | 6 +++---
 ...ovement_ml_spike_in_connections_to_a_destination_ip.toml | 6 +++---
 .../lmd/lateral_movement_ml_spike_in_rdp_processes.toml     | 6 +++---
 .../lateral_movement_ml_spike_in_remote_file_transfers.toml | 6 +++---
 ...lateral_movement_ml_unusual_time_for_an_rdp_session.toml | 6 +++---
 ...ovement_remote_file_creation_in_sensitive_directory.toml | 6 +++---
 13 files changed, 39 insertions(+), 39 deletions(-)

diff --git a/rules/integrations/lmd/lateral_movement_malicious_remote_file_creation.toml b/rules/integrations/lmd/lateral_movement_malicious_remote_file_creation.toml
index 19ea2b676..4b1f99bef 100644
--- a/rules/integrations/lmd/lateral_movement_malicious_remote_file_creation.toml
+++ b/rules/integrations/lmd/lateral_movement_malicious_remote_file_creation.toml
@@ -2,9 +2,9 @@
 creation_date = "2023/09/13"
 integration = ["lmd","endpoint"]
 maturity = "production"
-min_stack_comments = "New fields added: required_fields, related_integrations, setup"
-min_stack_version = "8.3.0"
-updated_date = "2023/09/21"
+min_stack_comments = "LMD first package ga available in 8.5.0"
+min_stack_version = "8.5.0"
+updated_date = "2023/09/27"
 
 [rule]
 author = ["Elastic"]
diff --git a/rules/integrations/lmd/lateral_movement_ml_high_mean_rdp_process_args.toml b/rules/integrations/lmd/lateral_movement_ml_high_mean_rdp_process_args.toml
index 1258f9bba..233c5b43a 100644
--- a/rules/integrations/lmd/lateral_movement_ml_high_mean_rdp_process_args.toml
+++ b/rules/integrations/lmd/lateral_movement_ml_high_mean_rdp_process_args.toml
@@ -2,9 +2,9 @@
 creation_date = "2023/09/13"
 integration = ["lmd"]
 maturity = "production"
-min_stack_comments = "New fields added: required_fields, related_integrations, setup"
-min_stack_version = "8.3.0"
-updated_date = "2023/09/21"
+min_stack_comments = "LMD first package ga available in 8.5.0"
+min_stack_version = "8.5.0"
+updated_date = "2023/09/27"
 
 [rule]
 anomaly_threshold = 70
diff --git a/rules/integrations/lmd/lateral_movement_ml_high_mean_rdp_session_duration.toml b/rules/integrations/lmd/lateral_movement_ml_high_mean_rdp_session_duration.toml
index 6a3e1989b..d7ebe48a3 100644
--- a/rules/integrations/lmd/lateral_movement_ml_high_mean_rdp_session_duration.toml
+++ b/rules/integrations/lmd/lateral_movement_ml_high_mean_rdp_session_duration.toml
@@ -2,9 +2,9 @@
 creation_date = "2023/09/12"
 integration = ["lmd"]
 maturity = "production"
-min_stack_comments = "New fields added: required_fields, related_integrations, setup"
-min_stack_version = "8.3.0"
-updated_date = "2023/09/21"
+min_stack_comments = "LMD first package ga available in 8.5.0"
+min_stack_version = "8.5.0"
+updated_date = "2023/09/27"
 
 [rule]
 anomaly_threshold = 70
diff --git a/rules/integrations/lmd/lateral_movement_ml_high_remote_file_size.toml b/rules/integrations/lmd/lateral_movement_ml_high_remote_file_size.toml
index 2861af3bd..3323a6915 100644
--- a/rules/integrations/lmd/lateral_movement_ml_high_remote_file_size.toml
+++ b/rules/integrations/lmd/lateral_movement_ml_high_remote_file_size.toml
@@ -2,9 +2,9 @@
 creation_date = "2023/09/13"
 integration = ["lmd"]
 maturity = "production"
-min_stack_comments = "New fields added: required_fields, related_integrations, setup"
-min_stack_version = "8.3.0"
-updated_date = "2023/09/21"
+min_stack_comments = "LMD first package ga available in 8.5.0"
+min_stack_version = "8.5.0"
+updated_date = "2023/09/27"
 
 [rule]
 anomaly_threshold = 70
diff --git a/rules/integrations/lmd/lateral_movement_ml_high_variance_rdp_session_duration.toml b/rules/integrations/lmd/lateral_movement_ml_high_variance_rdp_session_duration.toml
index 55a84e1d7..eff288b76 100644
--- a/rules/integrations/lmd/lateral_movement_ml_high_variance_rdp_session_duration.toml
+++ b/rules/integrations/lmd/lateral_movement_ml_high_variance_rdp_session_duration.toml
@@ -2,9 +2,9 @@
 creation_date = "2023/09/13"
 integration = ["lmd"]
 maturity = "production"
-min_stack_comments = "New fields added: required_fields, related_integrations, setup"
-min_stack_version = "8.3.0"
-updated_date = "2023/09/21"
+min_stack_comments = "LMD first package ga available in 8.5.0"
+min_stack_version = "8.5.0"
+updated_date = "2023/09/27"
 
 [rule]
 anomaly_threshold = 70
diff --git a/rules/integrations/lmd/lateral_movement_ml_rare_remote_file_directory.toml b/rules/integrations/lmd/lateral_movement_ml_rare_remote_file_directory.toml
index 27da10305..218797237 100644
--- a/rules/integrations/lmd/lateral_movement_ml_rare_remote_file_directory.toml
+++ b/rules/integrations/lmd/lateral_movement_ml_rare_remote_file_directory.toml
@@ -2,9 +2,9 @@
 creation_date = "2023/09/12"
 integration = ["lmd"]
 maturity = "production"
-min_stack_comments = "New fields added: required_fields, related_integrations, setup"
-min_stack_version = "8.3.0"
-updated_date = "2023/09/21"
+min_stack_comments = "LMD first package ga available in 8.5.0"
+min_stack_version = "8.5.0"
+updated_date = "2023/09/27"
 
 [rule]
 anomaly_threshold = 70
diff --git a/rules/integrations/lmd/lateral_movement_ml_rare_remote_file_extension.toml b/rules/integrations/lmd/lateral_movement_ml_rare_remote_file_extension.toml
index 6e6949a6c..437aaf652 100644
--- a/rules/integrations/lmd/lateral_movement_ml_rare_remote_file_extension.toml
+++ b/rules/integrations/lmd/lateral_movement_ml_rare_remote_file_extension.toml
@@ -2,9 +2,9 @@
 creation_date = "2023/09/13"
 integration = ["lmd"]
 maturity = "production"
-min_stack_comments = "New fields added: required_fields, related_integrations, setup"
-min_stack_version = "8.3.0"
-updated_date = "2023/09/21"
+min_stack_comments = "LMD first package ga available in 8.5.0"
+min_stack_version = "8.5.0"
+updated_date = "2023/09/27"
 
 [rule]
 anomaly_threshold = 70
diff --git a/rules/integrations/lmd/lateral_movement_ml_spike_in_connections_from_a_source_ip.toml b/rules/integrations/lmd/lateral_movement_ml_spike_in_connections_from_a_source_ip.toml
index 94fbb3d40..5b38eff6a 100644
--- a/rules/integrations/lmd/lateral_movement_ml_spike_in_connections_from_a_source_ip.toml
+++ b/rules/integrations/lmd/lateral_movement_ml_spike_in_connections_from_a_source_ip.toml
@@ -2,9 +2,9 @@
 creation_date = "2023/09/13"
 integration = ["lmd"]
 maturity = "production"
-min_stack_comments = "New fields added: required_fields, related_integrations, setup"
-min_stack_version = "8.3.0"
-updated_date = "2023/09/21"
+min_stack_comments = "LMD first package ga available in 8.5.0"
+min_stack_version = "8.5.0"
+updated_date = "2023/09/27"
 
 [rule]
 anomaly_threshold = 70
diff --git a/rules/integrations/lmd/lateral_movement_ml_spike_in_connections_to_a_destination_ip.toml b/rules/integrations/lmd/lateral_movement_ml_spike_in_connections_to_a_destination_ip.toml
index e0cd42f3e..c32204374 100644
--- a/rules/integrations/lmd/lateral_movement_ml_spike_in_connections_to_a_destination_ip.toml
+++ b/rules/integrations/lmd/lateral_movement_ml_spike_in_connections_to_a_destination_ip.toml
@@ -2,9 +2,9 @@
 creation_date = "2023/09/13"
 integration = ["lmd"]
 maturity = "production"
-min_stack_comments = "New fields added: required_fields, related_integrations, setup"
-min_stack_version = "8.3.0"
-updated_date = "2023/09/21"
+min_stack_comments = "LMD first package ga available in 8.5.0"
+min_stack_version = "8.5.0"
+updated_date = "2023/09/27"
 
 [rule]
 anomaly_threshold = 70
diff --git a/rules/integrations/lmd/lateral_movement_ml_spike_in_rdp_processes.toml b/rules/integrations/lmd/lateral_movement_ml_spike_in_rdp_processes.toml
index 540ee068b..cb834fb68 100644
--- a/rules/integrations/lmd/lateral_movement_ml_spike_in_rdp_processes.toml
+++ b/rules/integrations/lmd/lateral_movement_ml_spike_in_rdp_processes.toml
@@ -2,9 +2,9 @@
 creation_date = "2023/09/12"
 integration = ["lmd"]
 maturity = "production"
-min_stack_comments = "New fields added: required_fields, related_integrations, setup"
-min_stack_version = "8.3.0"
-updated_date = "2023/09/21"
+min_stack_comments = "LMD first package ga available in 8.5.0"
+min_stack_version = "8.5.0"
+updated_date = "2023/09/27"
 
 [rule]
 anomaly_threshold = 70
diff --git a/rules/integrations/lmd/lateral_movement_ml_spike_in_remote_file_transfers.toml b/rules/integrations/lmd/lateral_movement_ml_spike_in_remote_file_transfers.toml
index 28b32edd9..ed4402ce0 100644
--- a/rules/integrations/lmd/lateral_movement_ml_spike_in_remote_file_transfers.toml
+++ b/rules/integrations/lmd/lateral_movement_ml_spike_in_remote_file_transfers.toml
@@ -2,9 +2,9 @@
 creation_date = "2023/09/13"
 integration = ["lmd"]
 maturity = "production"
-min_stack_comments = "New fields added: required_fields, related_integrations, setup"
-min_stack_version = "8.3.0"
-updated_date = "2023/09/21"
+min_stack_comments = "LMD first package ga available in 8.5.0"
+min_stack_version = "8.5.0"
+updated_date = "2023/09/27"
 
 [rule]
 anomaly_threshold = 70
diff --git a/rules/integrations/lmd/lateral_movement_ml_unusual_time_for_an_rdp_session.toml b/rules/integrations/lmd/lateral_movement_ml_unusual_time_for_an_rdp_session.toml
index db11bb949..7d1867075 100644
--- a/rules/integrations/lmd/lateral_movement_ml_unusual_time_for_an_rdp_session.toml
+++ b/rules/integrations/lmd/lateral_movement_ml_unusual_time_for_an_rdp_session.toml
@@ -2,9 +2,9 @@
 creation_date = "2023/09/13"
 integration = ["lmd"]
 maturity = "production"
-min_stack_comments = "New fields added: required_fields, related_integrations, setup"
-min_stack_version = "8.3.0"
-updated_date = "2023/09/21"
+min_stack_comments = "LMD first package ga available in 8.5.0"
+min_stack_version = "8.5.0"
+updated_date = "2023/09/27"
 
 [rule]
 anomaly_threshold = 70
diff --git a/rules/integrations/lmd/lateral_movement_remote_file_creation_in_sensitive_directory.toml b/rules/integrations/lmd/lateral_movement_remote_file_creation_in_sensitive_directory.toml
index ae7845747..11f92beec 100644
--- a/rules/integrations/lmd/lateral_movement_remote_file_creation_in_sensitive_directory.toml
+++ b/rules/integrations/lmd/lateral_movement_remote_file_creation_in_sensitive_directory.toml
@@ -2,9 +2,9 @@
 creation_date = "2023/09/13"
 integration = ["lmd","endpoint"]
 maturity = "production"
-min_stack_comments = "New fields added: required_fields, related_integrations, setup"
-min_stack_version = "8.3.0"
-updated_date = "2023/09/21"
+min_stack_comments = "LMD first package ga available in 8.5.0"
+min_stack_version = "8.5.0"
+updated_date = "2023/09/27"
 
 [rule]
 author = ["Elastic"]