{ "08d5d7e2-740f-44d8-aeda-e41f4263efaf": { "deprecation_date": "2021/04/15", "rule_name": "TCP Port 8000 Activity to the Internet", "stack_version": "7.14.0" }, "0f616aee-8161-4120-857e-742366f5eeb3": { "deprecation_date": "2021/04/15", "rule_name": "PowerShell spawning Cmd", "stack_version": "7.14.0" }, "120559c6-5e24-49f4-9e30-8ffe697df6b9": { "deprecation_date": "2021/04/15", "rule_name": "User Discovery via Whoami", "stack_version": "7.14.0" }, "139c7458-566a-410c-a5cd-f80238d6a5cd": { "deprecation_date": "2021/04/15", "rule_name": "SQL Traffic to the Internet", "stack_version": "7.14.0" }, "3a86e085-094c-412d-97ff-2439731e59cb": { "deprecation_date": "2021-03-03", "rule_name": "Setgid Bit Set via chmod", "stack_version": "7.13" }, "47f09343-8d1f-4bb5-8bb0-00c9d18f5010": { "deprecation_date": "2021/03/17", "rule_name": "Execution via Regsvcs/Regasm", "stack_version": "7.14.0" }, "61c31c14-507f-4627-8c31-072556b89a9c": { "deprecation_date": "2021/04/15", "rule_name": "Mknod Process Activity", "stack_version": "7.14.0" }, "67a9beba-830d-4035-bfe8-40b7e28f8ac4": { "deprecation_date": "2021/04/15", "rule_name": "SMTP to the Internet", "stack_version": "7.14.0" }, "68113fdc-3105-4cdd-85bb-e643c416ef0b": { "deprecation_date": "2021/04/15", "rule_name": "Query Registry via reg.exe", "stack_version": "7.14.0" }, "6f1500bc-62d7-4eb9-8601-7485e87da2f4": { "deprecation_date": "2021/04/15", "rule_name": "SSH (Secure Shell) to the Internet", "stack_version": "7.14.0" }, "7a137d76-ce3d-48e2-947d-2747796a78c0": { "deprecation_date": "2021/04/15", "rule_name": "Network Sniffing via Tcpdump", "stack_version": "7.14.0" }, "7d2c38d7-ede7-4bdf-b140-445906e6c540": { "deprecation_date": "2021/04/15", "rule_name": "Tor Activity to the Internet", "stack_version": "7.14.0" }, "81cc58f5-8062-49a2-ba84-5cc4b4d31c40": { "deprecation_date": "2021/04/15", "rule_name": "Persistence via Kernel Module Modification", "stack_version": "7.14.0" }, "87ec6396-9ac4-4706-bcf0-2ebb22002f43": { "deprecation_date": "2021/04/15", "rule_name": "FTP (File Transfer Protocol) Activity to the Internet", "stack_version": "7.14.0" }, "97f22dab-84e8-409d-955e-dacd1d31670b": { "deprecation_date": "2021/04/15", "rule_name": "Base64 Encoding/Decoding Activity", "stack_version": "7.14.0" }, "9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae1": { "deprecation_date": "2021/04/15", "rule_name": "Trusted Developer Application Usage", "stack_version": "7.14.0" }, "a9198571-b135-4a76-b055-e3e5a476fd83": { "deprecation_date": "2021/04/15", "rule_name": "Hex Encoding/Decoding Activity", "stack_version": "7.14.0" }, "ad0e5e75-dd89-4875-8d0a-dfdc1828b5f3": { "deprecation_date": "2021/04/15", "rule_name": "Proxy Port Activity to the Internet", "stack_version": "7.14.0" }, "b1c14366-f4f8-49a0-bcbb-51d2de8b0bb8": { "deprecation_date": "2021/04/15", "rule_name": "Potential Persistence via Cron Job", "stack_version": "7.14.0" }, "c6474c34-4953-447a-903e-9fcb7b6661aa": { "deprecation_date": "2021/04/15", "rule_name": "IRC (Internet Relay Chat) Protocol Activity to the Internet", "stack_version": "7.14.0" }, "c87fca17-b3a9-4e83-b545-f30746c53920": { "deprecation_date": "2021/04/15", "rule_name": "Nmap Process Activity", "stack_version": "7.14.0" }, "cc16f774-59f9-462d-8b98-d27ccd4519ec": { "deprecation_date": "2021/04/15", "rule_name": "Process Discovery via Tasklist", "stack_version": "7.14.0" }, "cd4d5754-07e1-41d4-b9a5-ef4ea6a0a126": { "deprecation_date": "2021/04/15", "rule_name": "Socat Process Activity", "stack_version": "7.14.0" }, "d2053495-8fe7-4168-b3df-dad844046be3": { "deprecation_date": "2021/04/15", "rule_name": "PPTP (Point to Point Tunneling Protocol) Activity", "stack_version": "7.14.0" }, "e56993d2-759c-4120-984c-9ec9bb940fd5": { "deprecation_date": "2021/04/15", "rule_name": "RDP (Remote Desktop Protocol) to the Internet", "stack_version": "7.14.0" }, "ea0784f0-a4d7-4fea-ae86-4baaf27a6f17": { "deprecation_date": "2021/04/15", "rule_name": "SSH (Secure Shell) from the Internet", "stack_version": "7.14.0" } }