29d1ee4ae5
[Rule Tuning] AWS RDS Snapshot Export and AWS RDS Instance Created ( #1514 )
...
(cherry picked from commit 0a3c44e8db
2021-10-04 21:32:40 +00:00
89cba0af95
[Rule Tuning] Volume Shadow Copy Deletion or Resized via VssAdmin ( #1524 )
...
* Updated rule to include resizing
* lint
Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com >
(cherry picked from commit d5a8f41864
2021-10-04 19:01:39 +00:00
3471522807
[New Rule] Backup Files Deletion ( #1516 )
...
* Add Backup Files Deletion Initial Rule
* Fix creation date
* Add updated_date
* Adjust description and query
* Update Description
* Update rules/windows/impact_backup_file_deletion.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Add false_positives
* Update impact_backup_file_deletion.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
(cherry picked from commit f2b58cc0ab
2021-10-04 18:56:48 +00:00
c2fc2af03b
[New Rule] AWS ElastiCache Security Group Modified or Deleted ( #1364 )
...
* Create impact_aws_elasticache_security_group_modified_or_deleted.toml
* Rename impact_aws_elasticache_security_group_modified_or_deleted.toml to impact_elasticache_security_group_modified_or_deleted.toml
* Update impact_elasticache_security_group_modified_or_deleted.toml
* Update
* Update rules/integrations/aws/impact_elasticache_security_group_modified_or_deleted.toml
Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com >
* Update impact_elasticache_security_group_modified_or_deleted.toml
* Update impact_elasticache_security_group_modified_or_deleted.toml
* Rename impact_elasticache_security_group_modified_or_deleted.toml to defense_evasion_elasticache_security_group_modified_or_deleted.toml
Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com >
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
(cherry picked from commit f41714642c
2021-10-04 18:39:40 +00:00
d0eaf3ed26
[New Rule] Volume Shadow Copy Deletion via PowerShell ( #1358 )
...
* Create defense_evasion_volume_shadow_copy_deletion_via_powershell.toml
* Update defense_evasion_volume_shadow_copy_deletion_via_powershell.toml
* Update defense_evasion_volume_shadow_copy_deletion_via_powershell.toml
* Update defense_evasion_volume_shadow_copy_deletion_via_powershell.toml
* Update rules/windows/defense_evasion_volume_shadow_copy_deletion_via_powershell.toml
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com >
* Update defense_evasion_volume_shadow_copy_deletion_via_powershell.toml
* Update defense_evasion_volume_shadow_copy_deletion_via_powershell.toml
* Update defense_evasion_volume_shadow_copy_deletion_via_powershell.toml
* Update defense_evasion_volume_shadow_copy_deletion_via_powershell.toml
* Update rules/windows/defense_evasion_volume_shadow_copy_deletion_via_powershell.toml
Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com >
* Update rules/windows/defense_evasion_volume_shadow_copy_deletion_via_powershell.toml
Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com >
* Update defense_evasion_volume_shadow_copy_deletion_via_powershell.toml
* Update defense_evasion_volume_shadow_copy_deletion_via_powershell.toml
* Rename defense_evasion_volume_shadow_copy_deletion_via_powershell.toml to impact_volume_shadow_copy_deletion_via_powershell.toml
* Update impact_volume_shadow_copy_deletion_via_powershell.toml
* Add trailing /
* Update rules/windows/impact_volume_shadow_copy_deletion_via_powershell.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com >
Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com >
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
(cherry picked from commit 6298f7b00a
2021-10-04 17:59:07 +00:00
8033c0a260
Rename new_or_modified_federation_domain.toml to correspond with tactic ( #1511 )
...
(cherry picked from commit ba9c01be50
2021-09-30 21:09:35 +00:00
ed57d46d15
[Rule Tuning] Small update on rule descriptions ( #1508 )
...
(cherry picked from commit 5e4a7e67df
2021-09-30 20:55:18 +00:00
1c70f69b2f
[New Rule] Virtual Machine Fingerprinting via Grep ( #1510 )
...
* [New Rule] Virtual Machine Fingerprinting via Grep
* format
* Update rules/cross-platform/discovery_virtual_machine_fingerprinting_grep.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/cross-platform/discovery_virtual_machine_fingerprinting_grep.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* added reference url
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
(cherry picked from commit 76a0224f60
2021-09-30 18:41:03 +00:00
6f30bf3f7f
[New Rule] Potential Lsass Memory Dump via MirrorDump ( #1504 )
...
* [New Rule] Potential Lsass Memory Dump via MirrorDump
* added tactic
* switched to kql
* added sysmon process access non ecs types
* Update rules/windows/credential_access_potential_lsa_memdump_via_mirrordump.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/windows/credential_access_potential_lsa_memdump_via_mirrordump.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* rule.name as suggested by Justin and converted to EQL to add comments
* Update rules/windows/credential_access_potential_lsa_memdump_via_mirrordump.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/windows/credential_access_potential_lsa_memdump_via_mirrordump.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
(cherry picked from commit 521e4dc8f1
2021-09-30 08:17:42 +00:00
09f49da822
[New Rule] Azure Frontdoor Web Application Firewall (WAF) Policy Deleted ( #1393 )
...
(cherry picked from commit d28c48f20f
2021-09-29 17:09:18 +00:00
ba458dea13
[New Rule] New or Modified Federation Domain ( #1212 )
...
* Update impact_iam_deactivate_mfa_device.toml
https://github.com/elastic/detection-rules/issues/1111
* Update impact_iam_deactivate_mfa_device.toml
* Update discovery_post_exploitation_external_ip_lookup.toml
"*ipapi.co",
"*ip-lookup.net",
"*ipstack.com"
* Update rules/aws/impact_iam_deactivate_mfa_device.toml
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
* Revert "Update discovery_post_exploitation_external_ip_lookup.toml"
This reverts commit b57fd60c9511e20a336d32a9c9b8d5cf9954c50e.
* Update
* New Rule: Okta User Attempted Unauthorized Access
* Update privilege_escalation_okta_user_attempted_unauthorized_access.toml
* Update privilege_escalation_okta_user_attempted_unauthorized_access.toml
* Delete privilege_escalation_okta_user_attempted_unauthorized_access.toml
* Create persistence_new-or-modified-federation-domain.toml
* Delete persistence_new-or-modified-federation-domain.toml
* Create persistence_new-or-modified-federation-domain.toml
* Rename persistence_new-or-modified-federation-domain.toml to persistence_new_or_modified_federation_domain.toml
* Update persistence_new_or_modified_federation_domain.toml
* Update .gitignore
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/microsoft-365/persistence_new_or_modified_federation_domain.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/microsoft-365/persistence_new_or_modified_federation_domain.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update persistence_new_or_modified_federation_domain.toml
* Update persistence_new_or_modified_federation_domain.toml
* Update persistence_new_or_modified_federation_domain.toml
* Update
* Update persistence_new_or_modified_federation_domain.toml
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
(cherry picked from commit a51ed86851
2021-09-29 12:17:22 +00:00
17845c2bf9
[New Rule] O365 Exchange Suspicious Mailbox Right Delegation ( #1211 )
...
(cherry picked from commit 5ac7fb639c
2021-09-27 21:19:34 +00:00
371247b0b2
[Rule Tuning] Add system index to Windows Event Logs Cleared ( #1502 )
...
(cherry picked from commit 63d6a54804
2021-09-24 17:06:02 +00:00
5b13666054
[Rule Tuning] Update threat mappings for Windows rules ( #1497 )
...
* Windows Rules Att&ck Mapping review
* Bump updated_date and fix reference URLs
* Fix subtechnique
* Fix test errors
(cherry picked from commit 61afb1c1c0
2021-09-23 17:09:43 +00:00
216d06ef30
[New Rule] AWS STS GetSessionToken Abuse ( #1213 )
...
* Update impact_iam_deactivate_mfa_device.toml
https://github.com/elastic/detection-rules/issues/1111
* Update impact_iam_deactivate_mfa_device.toml
* Update discovery_post_exploitation_external_ip_lookup.toml
"*ipapi.co",
"*ip-lookup.net",
"*ipstack.com"
* Update rules/aws/impact_iam_deactivate_mfa_device.toml
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
* Revert "Update discovery_post_exploitation_external_ip_lookup.toml"
This reverts commit b57fd60c9511e20a336d32a9c9b8d5cf9954c50e.
* Update
* New Rule: Okta User Attempted Unauthorized Access
* Update privilege_escalation_okta_user_attempted_unauthorized_access.toml
* Update privilege_escalation_okta_user_attempted_unauthorized_access.toml
* Delete privilege_escalation_okta_user_attempted_unauthorized_access.toml
* Create persistence_new-or-modified-federation-domain.toml
* Delete persistence_new-or-modified-federation-domain.toml
* Create lateral_movement_sts_getsessiontoken_abuse.toml
* Rename lateral_movement_sts_getsessiontoken_abuse.toml to privilege_escalation_sts_getsessiontoken_abuse.toml
* Update privilege_escalation_sts_getsessiontoken_abuse.toml
* Update rules/aws/privilege_escalation_sts_getsessiontoken_abuse.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update .gitignore
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update privilege_escalation_sts_getsessiontoken_abuse.toml
* Update privilege_escalation_sts_getsessiontoken_abuse.toml
* Update
* Update rules/integrations/aws/privilege_escalation_sts_getsessiontoken_abuse.toml
Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com >
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com >
(cherry picked from commit 93b8038d7d
2021-09-22 19:29:04 +00:00
0610e66ec2
[New Rule] Okta User Attempted Unauthorized Access ( #1209 )
...
(cherry picked from commit 3e2cf4f53e
2021-09-22 06:45:27 +00:00
98735808ab
[Rule Tuning] Fix typos in rule metadata ( #1494 )
...
Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com >
(cherry picked from commit 8e3b1d28c4
2021-09-21 19:32:05 +00:00
c1a0398c3f
Additional Att&ck Mappings for credential access Rules ( #1495 )
...
Updates MITRE Technique IDs for Credential Access DRs
(cherry picked from commit f6421d8c53
2021-09-21 16:05:25 +00:00
2bb9fdb724
Add default timestamp condition for threat_query ( #1486 )
...
(cherry picked from commit 10a977914b
2021-09-20 19:20:58 +00:00
143afc4f38
[KQL] Add support for date fields in parser ( #1487 )
...
* [KQL] Add support for date fields in parser
* add test for parsing date value
(cherry picked from commit 582a842e32
2021-09-16 17:26:26 +00:00
0a3bd9130d
Allow CLi config to be multiple formats ( #1485 )
...
(cherry picked from commit 7179942be3
2021-09-16 04:13:51 +00:00
c864538606
[rule-tuning] Adding more context with triage/investigation ( #1481 )
...
* [rule-tuning] Adding more context with triage/investigation
* Adding mimikatz rule
* Fixed updated date on mimikatz rule
* Adding Defender update
* Adding scheduled task
* Adding AdFind
* Adding rare process
* Adding cloudtrail country
* Adding cloudtrail spike
* Adding threat intel
* Fixed minor spelling/syntax
* Fixed minor spelling/syntax p2
* Update rules/cross-platform/threat_intel_module_match.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/integrations/aws/ml_cloudtrail_error_message_spike.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/ml/ml_rare_process_by_host_windows.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/windows/credential_access_mimikatz_powershell_module.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/windows/credential_access_mimikatz_powershell_module.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/windows/defense_evasion_defender_exclusion_via_powershell.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/windows/discovery_adfind_command_activity.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/windows/discovery_adfind_command_activity.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/windows/discovery_adfind_command_activity.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/windows/discovery_adfind_command_activity.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/windows/discovery_adfind_command_activity.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update rules/windows/discovery_adfind_command_activity.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Removed MITRE link, added Microsoft
* Update ml_cloudtrail_error_message_spike.toml
* Update ml_cloudtrail_rare_method_by_country.toml
* Update ml_rare_process_by_host_windows.toml
* Update credential_access_mimikatz_powershell_module.toml
* Update defense_evasion_defender_exclusion_via_powershell.toml
* Update discovery_adfind_command_activity.toml
* Update lateral_movement_dns_server_overflow.toml
* Update lateral_movement_scheduled_task_target.toml
* Update persistence_evasion_registry_startup_shell_folder_modified.toml
* Update defense_evasion_defender_exclusion_via_powershell.toml
* Update lateral_movement_scheduled_task_target.toml
* Update persistence_evasion_registry_startup_shell_folder_modified.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
(cherry picked from commit 9ff3873ee7
2021-09-16 01:08:23 +00:00
31202bf4f6
[Rule tuning] Fix typo in ML rule descriptions ( #1484 )
...
(cherry picked from commit 51a2bc815b
2021-09-14 16:37:55 +00:00
938cc5b8b5
[Bug] CLI Fixes ( #1073 )
...
* add support for self-signed certs in es and kibana
* allow Kibana to auth against any providerType
* fix export-rules command
* fix kibana upload-rule command
* fix view-rule command
* fix validate-rule command
* fix search-rules command
* fix dev kibana-diff command
* fix dev package-stats command
* fix dev search-rule-prs command
* fix dev deprecate-rule command
* replace toml with pytoml to fix import-rules command
* use no_verify in get_kibana_client
* use Path for rule-file type in view-rule
* update schemas to resolve additionalProperties type bug
* fix missing unique_fields in package rule filter
* fix github pr loader
* Load gh rules as TOMLRule instead of dict
* remove unnecessary version insertion
(cherry picked from commit 5b24eca0bc
2021-09-10 18:07:10 +00:00
105a1fd023
[New Rule] Behavior Rule for CVE-2021-40444 Exploitation ( #1479 )
...
* [New Rule] Behavior Rule for CVE-2021-40444 Exploitation
* added a ref
* replaced \ with /
* removed unecessary wildcard
(cherry picked from commit 0875c1e4c4
2021-09-08 19:27:16 +00:00
88bfc67638
Adding control.exe ( #1477 )
...
(cherry picked from commit cb27c686e0
2021-09-08 18:31:51 +00:00
2ed00c3f95
Lock versions for releases: 7.13,7.14,7.15 ( #1474 )
...
* Locked versions for releases: 7.13,7.14,7.15
* remove extra previous sections
* add backport label to workflow
(cherry picked from commit 58a4483222
2021-09-07 20:33:39 +00:00
f77e18977a
Generate detection rule to alert on traffic to typosquatting/homonym domains ( #1199 )
...
* create new cli commands
* add kibana object to create_dnstwist_rule
* Adding code for index-dnstwist-results
* Changed es to es_client
* Tested. it works!
* flake8-ed
* Adding timestamps
* use eql.utils.load_dump to load json file
* rename data to dnstwist_data
* start working on create-dnstwist-rule command
* add print statements for user
* tweak formatting for line length
* add template threat match rule file
* continue working on threat match rule creation
* create rule using TomlRuleContents
* save rule to toml file
* Moving rule creation to eswrap.py
* Moving create dnstwist rule stuff to eswrap
* Fixed imports
* flake8 fixes
* More flake8 fixes
* fix usage of @add_client('kibana')
* use ctx.invoke to upload rule
* cleanup record assembly and use bulk api
* swap order of notes in `note` for sample rule
* small modifications
* move command to root click group
* remove unused click group
* Update detection_rules/main.py
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* remove rule upload and convert template to ndjson
* Adding docs for typosquatting rule
* renaming the file
* Adding a note
* separate index and rule prep commands
* Final changes
Co-authored-by: Apoorva <appujo@gmail.com >
Co-authored-by: brokensound77 <brokensound77@users.noreply.github.com >
Co-authored-by: Apoorva Joshi <30438249+ajosh0504@users.noreply.github.com >
(cherry picked from commit 90aa65aed3
2021-09-03 20:36:52 +00:00
2ef59e918f
Revert #1440 new endpoint promotion rule ( #1470 )
...
* Revert #1440 new endpoint promotion rule
* Set the updated_at date
Removed changes from:
- rules/integrations/endpoint/elastic_endpoint_security_behavior_protection.toml
(selectively cherry picked from commit c9d6527280
2021-09-03 14:08:22 +00:00
eb37f07417
Add DeprecatedCollection to RuleCollection to bypass validation ( #1454 )
...
* Add DeprecatedCollection to RuleCollection to bypass validation
* use DeprecatedRule properties in RuleCollection
* use RuleCollection filter for max/min filtering in Package
(cherry picked from commit 7710e2b798
2021-09-01 23:31:06 +00:00
e9d67898d9
[CI] Notify slack on backport failure ( #1468 )
...
(cherry picked from commit c395d799b4
2021-09-01 12:48:45 +00:00
21628611a9
[Bug] Community label: use getMembershipForUser ( #1469 )
...
Use getMembershipForUser to determine the proper org membership status
(cherry picked from commit 2a7d036443
2021-09-01 05:33:32 +00:00
7371608d39
[Bug] RuleTOMLContents.to_dict serialize with proper schema ( #1460 )
...
(cherry picked from commit 9d10458be4
2021-09-01 05:07:14 +00:00
2a2bcbd870
[Rule tuning] Fix spacing in reference URLs ( #1455 )
...
(cherry picked from commit 655f7d91d0
2021-09-01 00:00:06 +00:00
20a814c47f
[Rule tuning] Azure Active Directory High Risk Sign-in ( #1463 )
...
* Add Aggregated Risk Level
* There can be a risk_level_during_signin:low but have a risk_level_aggregated:high which is also just as concerning and must be alerted on.
* An example is a password spray attack and have a successful login. Which makes me consider a new rule for interesting risk event types
(cherry picked from commit 8b2c8c2e03
2021-08-30 22:34:47 +00:00
3204a5c366
Update main to point to 7.16 ( #1457 )
...
* Update main to point to 7.16
* Add 7.16 -> 7.15 migration
* Update stack-schema-map
* Update conditions.kibana.version
Removed changes from:
- etc/packages.yml
(selectively cherry picked from commit 7b8b18cb20
2021-08-26 20:24:53 +00:00
79d3b60c9a
[CI] Add GitHub actions workflow to lock versions across branches ( #1456 )
...
* Start job to lock versions
* Update lock-versions workflow
* Call lock-multiple script
* Fix script
* Add the lock file to staging
* pass branches to the job
* Fetch all branches and tags
* Push the branch first
* Push with upstream
* Change PR params
* Remove protections machine token
* Add 7.14.0 to the lock for min_stack_version=7.14.0
* Fix branch prefix
* Add trailing newline
* Trailing newline
* Restrict to main branch
(cherry picked from commit 4adad703fc
2021-08-26 20:18:34 +00:00
1f7c404548
Remove the 7.15+ behavior protection promotion rule
2021-08-26 08:51:38 -06:00
b883415914
Small update to docs ( #1442 )
...
(cherry picked from commit 227b67e636
2021-08-26 06:41:40 +00:00
34ab6c81d3
[New Rule] Endpoint Security Behavior Protection ( #1440 )
...
* [New Rule] Endpoint Security Behavioral Protection
* Update readme and labeler for endpoint integration
* Fix new rule to use event.code
* Fix old rule to use event.code
* Changed from behavioral to behavior
* Rename elastic_endpoint_security_behavioral.toml to elastic_endpoint_security_behavior_protection.toml
* Back from the future (updated_date)
Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com >
(cherry picked from commit 3b338baab0
2021-08-25 15:58:03 +00:00
8a3220ef6a
Track multiple stacks in lock ( #1434 )
...
* Save the stack versions in the lock file
* Support tracking of multiple stacks in the lock
* Update the version locking logic
* Fix bugs and test lock file
* Restore version lock
* Fix lint errors
* Call both click.echo and verbose echo separately
* Change when the change_rules message is output
(cherry picked from commit 0d47cb324a
2021-08-24 22:57:14 +00:00
689e690f8c
[New rule] Webshell Detection ( #1448 )
...
* [new-rule] Webshell Detection
* Update rules/windows/persistence_webshell_detection.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Added FP note section
* Update rules/windows/persistence_webshell_detection.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
(cherry picked from commit 8ddffc298b
2021-08-24 20:19:32 +00:00
cc75f645b6
[Rule Tuning] Add technique T1005 to 2 rules ( #1405 )
...
(cherry picked from commit 8099e1c733
2021-08-20 08:20:32 +00:00
632a322431
Fix encoding of 'Any' type in jsonschema ( #1438 )
...
(cherry picked from commit 11c443ba26
2021-08-19 16:16:40 +00:00
60caedc026
Bump package versions ( #1418 )
...
* Bump package versions
* Add 7.14 migration; use master schema map if one does not exist
* add test to ensure an entry exists in the stack-schema-map for the current package version
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com >
Removed changes from:
- etc/packages.yml
(selectively cherry picked from commit 2d517432e3
2021-08-19 05:26:47 +00:00
c1b774cdb6
Skip etc/packages.yml from backport: auto ( #1437 )
...
(cherry picked from commit d647c7b809
2021-08-18 22:57:34 +00:00
94190321c1
[Rule Tuning] AWS Security Group Configuration Change Detection ( #1426 )
...
* move rule "AWS Security Group Configuration Change Detection" to integrations directory and add "aws" integration
(cherry picked from commit 3b29498907
2021-08-15 04:35:07 +00:00
604fd2a18f
Fix typos discovered by codespell ( #1430 )
...
(cherry picked from commit ddec37b731
2021-08-15 04:30:11 +00:00
16bc2a24f1
Remove labeling from community workflow ( #1432 )
...
(cherry picked from commit 4a3bacae48
2021-08-14 10:44:37 +00:00
52dee0d0c6
Add revised workflow for community label ( #1431 )
...
(cherry picked from commit f63a72f1ac
2021-08-14 10:19:55 +00:00
Austin Songer