Lock versions for releases: 8.14,8.15,8.16,8.17,8.18,9.0 (#4601)

2025-04-08 18:25:47 +05:30
parent a5d9d6400a
commit fbddc2e659
3 changed files with 3603 additions and 3329 deletions
@@ -1,4 +1,9 @@
 {
+  "03a514d9-500e-443e-b6a9-72718c548f6c": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - SSH Process Launched From Inside A Container",
+    "stack_version": "8.14"
+  },
  "041d4d41-9589-43e2-ba13-5680af75ebc2": {
    "deprecation_date": "2023/09/25",
    "rule_name": "Deprecated - Potential DNS Tunneling via Iodine",
@@ -49,11 +54,21 @@
    "rule_name": "SQL Traffic to the Internet",
    "stack_version": "7.14.0"
  },
+  "160896de-b66f-42cb-8fef-20f53a9006ea": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - Potential Container Escape via Modified release_agent File",
+    "stack_version": "8.14"
+  },
  "1859ce38-6a50-422b-a5e8-636e231ea0cd": {
    "deprecation_date": "2022/05/09",
    "rule_name": "Linux Restricted Shell Breakout via c89/c99 Shell evasion",
    "stack_version": "7.16"
  },
+  "1a289854-5b78-49fe-9440-8a8096b1ab50": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - Suspicious Network Tool Launched Inside A Container",
+    "stack_version": "8.14"
+  },
  "20dc4620-3b68-4269-8124-ca5091e00ea8": {
    "deprecation_date": "2022/07/25",
    "rule_name": "Auditd Max Login Sessions",
@@ -89,6 +104,11 @@
    "rule_name": "Malicious Remote File Creation",
    "stack_version": "8.9"
  },
+  "342f834b-21a6-41bf-878c-87d116eba3ee": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - Modification of Dynamic Linker Preload Shared Object Inside A Container",
+    "stack_version": "8.14"
+  },
  "3605a013-6f0c-4f7d-88a5-326f5be262ec": {
    "deprecation_date": "2022/08/01",
    "rule_name": "Potential Privilege Escalation via Local Kerberos Relay over LDAP",
@@ -104,11 +124,26 @@
    "rule_name": "Deprecated - Potential Password Spraying of Microsoft 365 User Accounts",
    "stack_version": "8.12"
  },
+  "41f7da9e-4e9f-4a81-9b58-40d725d83bc0": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - Mount Launched Inside a Privileged Container",
+    "stack_version": "8.14"
+  },
+  "420e5bb4-93bf-40a3-8f4a-4cc1af90eca1": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - Interactive Exec Command Launched Against A Running Container",
+    "stack_version": "8.14"
+  },
  "43303fd4-4839-4e48-b2b2-803ab060758d": {
    "deprecation_date": "2022/09/13",
    "rule_name": "Web Application Suspicious Activity: No User Agent",
    "stack_version": "8.5"
  },
+  "475b42f0-61fb-4ef0-8a85-597458bfb0a1": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - Sensitive Files Compression Inside A Container",
+    "stack_version": "8.14"
+  },
  "47f09343-8d1f-4bb5-8bb0-00c9d18f5010": {
    "deprecation_date": "2021/03/17",
    "rule_name": "Execution via Regsvcs/Regasm",
@@ -129,6 +164,11 @@
    "rule_name": "Deprecated - Potential Reverse Shell via Suspicious Parent Process",
    "stack_version": "8.3"
  },
+  "4b4e9c99-27ea-4621-95c8-82341bc6e512": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - Container Workload Protection",
+    "stack_version": "8.14"
+  },
  "5e87f165-45c2-4b80-bfa5-52822552c997": {
    "deprecation_date": "2022/03/16",
    "rule_name": "Potential PrintNightmare File Modification",
@@ -159,6 +199,11 @@
    "rule_name": "Deprecated - Threat Intel Filebeat Module (v8.x) Indicator Match",
    "stack_version": "8.5"
  },
+  "6c6bb7ea-0636-44ca-b541-201478ef6b50": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - Container Management Utility Run Inside A Container",
+    "stack_version": "8.14"
+  },
  "6ea71ff0-9e95-475b-9506-2580d1ce6154": {
    "deprecation_date": "2022/08/02",
    "rule_name": "DNS Activity to the Internet",
@@ -224,6 +269,11 @@
    "rule_name": "Deprecated - Suspicious JAVA Child Process",
    "stack_version": "8.12"
  },
+  "8d3d0794-c776-476b-8674-ee2e685f6470": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - Suspicious Interactive Shell Spawned From Inside A Container",
+    "stack_version": "8.14"
+  },
  "8fed8450-847e-43bd-874c-3bbf0cd425f3": {
    "deprecation_date": "2022/05/09",
    "rule_name": "Linux Restricted Shell Breakout via  apt/apt-get Changelog Escape",
@@ -234,6 +284,16 @@
    "rule_name": "Auditd Login Attempt at Forbidden Time",
    "stack_version": "7.16"
  },
+  "9661ed8b-001c-40dc-a777-0983b7b0c91a": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - Sensitive Keys Or Passwords Searched For Inside A Container",
+    "stack_version": "8.14"
+  },
+  "97697a52-4a76-4f0a-aa4f-25c178aae6eb": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - File System Debugger Launched Inside a Privileged Container",
+    "stack_version": "8.14"
+  },
  "97da359b-2b61-4a40-b2e4-8fc48cf7a294": {
    "deprecation_date": "2022/05/09",
    "rule_name": "Linux Restricted Shell Breakout via the SSH command",
@@ -259,6 +319,11 @@
    "rule_name": "Network Connection via Mshta",
    "stack_version": "7.10.0"
  },
+  "a52a9439-d52c-401c-be37-2785235c6547": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - Netcat Listener Established Inside A Container",
+    "stack_version": "8.14"
+  },
  "a5f0d057-d540-44f5-924d-c6a2ae92f045": {
    "deprecation_date": "2023/06/22",
    "rule_name": "Potential SSH Brute Force Detected on Privileged Account",
@@ -309,6 +374,11 @@
    "rule_name": "Socat Process Activity",
    "stack_version": "7.14.0"
  },
+  "d0b0f3ed-0b37-44bf-adee-e8cb7de92767": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - AWS Credentials Searched For Inside A Container",
+    "stack_version": "8.14"
+  },
  "d2053495-8fe7-4168-b3df-dad844046be3": {
    "deprecation_date": "2021/04/15",
    "rule_name": "PPTP (Point to Point Tunneling Protocol) Activity",
@@ -364,16 +434,36 @@
    "rule_name": "Suspicious Network Connection Attempt by Root",
    "stack_version": "8.3"
  },
+  "ec604672-bed9-43e1-8871-cf591c052550": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - File Made Executable via Chmod Inside A Container",
+    "stack_version": "8.14"
+  },
  "ee619805-54d7-4c56-ba6f-7717282ddd73": {
    "deprecation_date": "2022/05/09",
    "rule_name": "Linux Restricted Shell Breakout via crash Shell evasion",
    "stack_version": "7.16"
  },
+  "ef65e82c-d8b4-4895-9824-5f6bc6166804": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - Potential Container Escape via Modified notify_on_release File",
+    "stack_version": "8.14"
+  },
  "f52362cd-baf1-4b6d-84be-064efc826461": {
    "deprecation_date": "2022/05/09",
    "rule_name": "Linux Restricted Shell Breakout via flock Shell evasion",
    "stack_version": "7.16"
  },
+  "f5488ac1-099e-4008-a6cb-fb638a0f0828": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - SSH Connection Established Inside A Running Container",
+    "stack_version": "8.14"
+  },
+  "f7769104-e8f9-4931-94a2-68fc04eadec3": {
+    "deprecation_date": "2025/03/14",
+    "rule_name": "Deprecated - SSH Authorized Keys File Modified Inside a Container",
+    "stack_version": "8.14"
+  },
  "fb9937ce-7e21-46bf-831d-1ad96eac674d": {
    "deprecation_date": "2022/07/25",
    "rule_name": "Auditd Max Failed Login Attempts",
@@ -1,6 +1,6 @@
 [project]
 name = "detection_rules"
-version = "1.0.4"
+version = "1.0.5"
 description = "Detection Rules is the home for rules used by Elastic Security. This repository is used for the development, maintenance, testing, validation, and release of rules for Elastic Security’s Detection Engine."
 readme = "README.md"
 requires-python = ">=3.12"