{ "03a514d9-500e-443e-b6a9-72718c548f6c": { "deprecation_date": "2025/03/14", "rule_name": "Deprecated - SSH Process Launched From Inside A Container", "stack_version": "8.14" }, "041d4d41-9589-43e2-ba13-5680af75ebc2": { "deprecation_date": "2023/09/25", "rule_name": "Deprecated - Potential DNS Tunneling via Iodine", "stack_version": "8.3" }, "08d5d7e2-740f-44d8-aeda-e41f4263efaf": { "deprecation_date": "2021/04/15", "rule_name": "TCP Port 8000 Activity to the Internet", "stack_version": "7.14.0" }, "0968cfbd-40f0-4b1c-b7b1-a60736c7b241": { "deprecation_date": "2022/05/09", "rule_name": "Linux Restricted Shell Breakout via cpulimit Shell Evasion", "stack_version": "7.16" }, "0c9a14d9-d65d-486f-9b5b-91e4e6b22bd0": { "deprecation_date": "2023/07/03", "rule_name": "Deprecated - Threat Intel Indicator Match", "stack_version": "8.5" }, "0f616aee-8161-4120-857e-742366f5eeb3": { "deprecation_date": "2021/04/15", "rule_name": "PowerShell spawning Cmd", "stack_version": "7.14.0" }, "10754992-28c7-4472-be5b-f3770fd04f2d": { "deprecation_date": "2022/05/09", "rule_name": "Linux Restricted Shell Breakout via awk Commands", "stack_version": "7.16" }, "119c8877-8613-416d-a98a-96b6664ee73a5": { "deprecation_date": "2021/08/02", "rule_name": "AWS RDS Snapshot Export", "stack_version": "7.13" }, "120559c6-5e24-49f4-9e30-8ffe697df6b9": { "deprecation_date": "2021/04/15", "rule_name": "User Discovery via Whoami", "stack_version": "7.14.0" }, "125417b8-d3df-479f-8418-12d7e034fee3": { "deprecation_date": "2022/07/25", "rule_name": "Attempt to Disable IPTables or Firewall", "stack_version": "7.16" }, "139c7458-566a-410c-a5cd-f80238d6a5cd": { "deprecation_date": "2021/04/15", "rule_name": "SQL Traffic to the Internet", "stack_version": "7.14.0" }, "160896de-b66f-42cb-8fef-20f53a9006ea": { "deprecation_date": "2025/03/14", "rule_name": "Deprecated - Potential Container Escape via Modified release_agent File", "stack_version": "8.14" }, "1859ce38-6a50-422b-a5e8-636e231ea0cd": { "deprecation_date": "2022/05/09", "rule_name": "Linux Restricted Shell Breakout via c89/c99 Shell evasion", "stack_version": "7.16" }, "1a289854-5b78-49fe-9440-8a8096b1ab50": { "deprecation_date": "2025/03/14", "rule_name": "Deprecated - Suspicious Network Tool Launched Inside A Container", "stack_version": "8.14" }, "20dc4620-3b68-4269-8124-ca5091e00ea8": { "deprecation_date": "2022/07/25", "rule_name": "Auditd Max Login Sessions", "stack_version": "7.16" }, "231876e7-4d1f-4d63-a47c-47dd1acdc1cb": { "deprecation_date": "2023/03/04", "rule_name": "Potential Shell via Web Server", "stack_version": "8.3" }, "2377946d-0f01-4957-8812-6878985f515d": { "deprecation_date": "2024/04/01", "rule_name": "Deprecated - Remote File Creation on a Sensitive Directory", "stack_version": "8.9" }, "28738f9f-7427-4d23-bc69-756708b5f624": { "deprecation_date": "2024/07/18", "rule_name": "Suspicious File Changes Activity Detected", "stack_version": "8.10" }, "28896382-7d4f-4d50-9b72-67091901fd26": { "deprecation_date": "2022/08/03", "rule_name": "Suspicious Process from Conhost", "stack_version": "7.16" }, "2f0bae2d-bf20-4465-be86-1311addebaa3": { "deprecation_date": "2022/10/04", "rule_name": "GCP Kubernetes Rolebindings Created or Patched", "stack_version": "8.3" }, "301571f3-b316-4969-8dd0-7917410030d3": { "deprecation_date": "2023/12/14", "rule_name": "Malicious Remote File Creation", "stack_version": "8.9" }, "342f834b-21a6-41bf-878c-87d116eba3ee": { "deprecation_date": "2025/03/14", "rule_name": "Deprecated - Modification of Dynamic Linker Preload Shared Object Inside A Container", "stack_version": "8.14" }, "3605a013-6f0c-4f7d-88a5-326f5be262ec": { "deprecation_date": "2022/08/01", "rule_name": "Potential Privilege Escalation via Local Kerberos Relay over LDAP", "stack_version": "7.16" }, "3a86e085-094c-412d-97ff-2439731e59cb": { "deprecation_date": "2021/03/03", "rule_name": "Setgid Bit Set via chmod", "stack_version": "7.13" }, "3efee4f0-182a-40a8-a835-102c68a4175d": { "deprecation_date": "2025/01/17", "rule_name": "Deprecated - Potential Password Spraying of Microsoft 365 User Accounts", "stack_version": "8.12" }, "41f7da9e-4e9f-4a81-9b58-40d725d83bc0": { "deprecation_date": "2025/03/14", "rule_name": "Deprecated - Mount Launched Inside a Privileged Container", "stack_version": "8.14" }, "420e5bb4-93bf-40a3-8f4a-4cc1af90eca1": { "deprecation_date": "2025/03/14", "rule_name": "Deprecated - Interactive Exec Command Launched Against A Running Container", "stack_version": "8.14" }, "43303fd4-4839-4e48-b2b2-803ab060758d": { "deprecation_date": "2022/09/13", "rule_name": "Web Application Suspicious Activity: No User Agent", "stack_version": "8.5" }, "475b42f0-61fb-4ef0-8a85-597458bfb0a1": { "deprecation_date": "2025/03/14", "rule_name": "Deprecated - Sensitive Files Compression Inside A Container", "stack_version": "8.14" }, "47f09343-8d1f-4bb5-8bb0-00c9d18f5010": { "deprecation_date": "2021/03/17", "rule_name": "Execution via Regsvcs/Regasm", "stack_version": "7.14.0" }, "4973e46b-a663-41b8-a875-ced16dda2bb0": { "deprecation_date": "2023/09/25", "rule_name": "Deprecated - Potential Process Injection via LD_PRELOAD Environment Variable", "stack_version": "8.6" }, "4aa58ac6-4dc0-4d18-b713-f58bf8bd015c": { "deprecation_date": "2025/03/04", "rule_name": "Potential Cross Site Scripting (XSS)", "stack_version": "8.12" }, "4b1a807a-4e7b-414e-8cea-24bf580f6fc5": { "deprecation_date": "2023/11/02", "rule_name": "Deprecated - Potential Reverse Shell via Suspicious Parent Process", "stack_version": "8.3" }, "4b4e9c99-27ea-4621-95c8-82341bc6e512": { "deprecation_date": "2025/03/14", "rule_name": "Deprecated - Container Workload Protection", "stack_version": "8.14" }, "5e87f165-45c2-4b80-bfa5-52822552c997": { "deprecation_date": "2022/03/16", "rule_name": "Potential PrintNightmare File Modification", "stack_version": "7.13" }, "61c31c14-507f-4627-8c31-072556b89a9c": { "deprecation_date": "2021/04/15", "rule_name": "Mknod Process Activity", "stack_version": "7.14.0" }, "6506c9fd-229e-4722-8f0f-69be759afd2a": { "deprecation_date": "2022/03/16", "rule_name": "Potential PrintNightmare Exploit Registry Modification", "stack_version": "7.13" }, "67a9beba-830d-4035-bfe8-40b7e28f8ac4": { "deprecation_date": "2021/04/15", "rule_name": "SMTP to the Internet", "stack_version": "7.14.0" }, "68113fdc-3105-4cdd-85bb-e643c416ef0b": { "deprecation_date": "2021/04/15", "rule_name": "Query Registry via reg.exe", "stack_version": "7.14.0" }, "699e9fdb-b77c-4c01-995c-1c15019b9c43": { "deprecation_date": "2023/07/03", "rule_name": "Deprecated - Threat Intel Filebeat Module (v8.x) Indicator Match", "stack_version": "8.5" }, "6c6bb7ea-0636-44ca-b541-201478ef6b50": { "deprecation_date": "2025/03/14", "rule_name": "Deprecated - Container Management Utility Run Inside A Container", "stack_version": "8.14" }, "6ea71ff0-9e95-475b-9506-2580d1ce6154": { "deprecation_date": "2022/08/02", "rule_name": "DNS Activity to the Internet", "stack_version": "7.16" }, "6f1500bc-62d7-4eb9-8601-7485e87da2f4": { "deprecation_date": "2021/04/15", "rule_name": "SSH (Secure Shell) to the Internet", "stack_version": "7.14.0" }, "6f683345-bb10-47a7-86a7-71e9c24fb358": { "deprecation_date": "2022/05/09", "rule_name": "Linux Restricted Shell Breakout via the find command", "stack_version": "7.16" }, "72d33577-f155-457d-aad3-379f9b750c97": { "deprecation_date": "2022/05/09", "rule_name": "Linux Restricted Shell Breakout via env Shell Evasion", "stack_version": "7.16" }, "7a137d76-ce3d-48e2-947d-2747796a78c0": { "deprecation_date": "2021/04/15", "rule_name": "Network Sniffing via Tcpdump", "stack_version": "7.14.0" }, "7b08314d-47a0-4b71-ae4e-16544176924f": { "deprecation_date": "2022/08/02", "rule_name": "File and Directory Discovery", "stack_version": "7.16" }, "7d2c38d7-ede7-4bdf-b140-445906e6c540": { "deprecation_date": "2021/04/15", "rule_name": "Tor Activity to the Internet", "stack_version": "7.14.0" }, "81cc58f5-8062-49a2-ba84-5cc4b4d31c40": { "deprecation_date": "2021/04/15", "rule_name": "Persistence via Kernel Module Modification", "stack_version": "7.14.0" }, "83b2c6e5-e0b2-42d7-8542-8f3af86a1acb": { "deprecation_date": "2022/05/09", "rule_name": "Linux Restricted Shell Breakout via the mysql command", "stack_version": "7.16" }, "86c3157c-a951-4a4f-989b-2f0d0f1f9518": { "deprecation_date": "2024/02/22", "rule_name": "Potential Linux Reverse Connection through Port Knocking", "stack_version": "8.3" }, "87ec6396-9ac4-4706-bcf0-2ebb22002f43": { "deprecation_date": "2021/04/15", "rule_name": "FTP (File Transfer Protocol) Activity to the Internet", "stack_version": "7.14.0" }, "89583d1b-3c2e-4606-8b74-0a9fd2248e88": { "deprecation_date": "2022/05/09", "rule_name": "Linux Restricted Shell Breakout via the vi command", "stack_version": "7.16" }, "8acb7614-1d92-4359-bfcf-478b6d9de150": { "deprecation_date": "2025/01/17", "rule_name": "Deprecated - Suspicious JAVA Child Process", "stack_version": "8.12" }, "8d3d0794-c776-476b-8674-ee2e685f6470": { "deprecation_date": "2025/03/14", "rule_name": "Deprecated - Suspicious Interactive Shell Spawned From Inside A Container", "stack_version": "8.14" }, "8fed8450-847e-43bd-874c-3bbf0cd425f3": { "deprecation_date": "2022/05/09", "rule_name": "Linux Restricted Shell Breakout via apt/apt-get Changelog Escape", "stack_version": "7.16" }, "90e28af7-1d96-4582-bf11-9a1eff21d0e5": { "deprecation_date": "2022/07/25", "rule_name": "Auditd Login Attempt at Forbidden Time", "stack_version": "7.16" }, "9661ed8b-001c-40dc-a777-0983b7b0c91a": { "deprecation_date": "2025/03/14", "rule_name": "Deprecated - Sensitive Keys Or Passwords Searched For Inside A Container", "stack_version": "8.14" }, "97697a52-4a76-4f0a-aa4f-25c178aae6eb": { "deprecation_date": "2025/03/14", "rule_name": "Deprecated - File System Debugger Launched Inside a Privileged Container", "stack_version": "8.14" }, "97da359b-2b61-4a40-b2e4-8fc48cf7a294": { "deprecation_date": "2022/05/09", "rule_name": "Linux Restricted Shell Breakout via the SSH command", "stack_version": "7.16" }, "97f22dab-84e8-409d-955e-dacd1d31670b": { "deprecation_date": "2021/04/15", "rule_name": "Base64 Encoding/Decoding Activity", "stack_version": "7.14.0" }, "9cf7a0ae-2404-11ed-ae7d-f661ea17fbce": { "deprecation_date": "2023/02/16", "rule_name": "Google Workspace User Group Access Modified to Allow External Access", "stack_version": "8.4" }, "9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae1": { "deprecation_date": "2021/04/15", "rule_name": "Trusted Developer Application Usage", "stack_version": "7.14.0" }, "a4ec1382-4557-452b-89ba-e413b22ed4b8": { "deprecation_date": "2020/10/30", "rule_name": "Network Connection via Mshta", "stack_version": "7.10.0" }, "a52a9439-d52c-401c-be37-2785235c6547": { "deprecation_date": "2025/03/14", "rule_name": "Deprecated - Netcat Listener Established Inside A Container", "stack_version": "8.14" }, "a5f0d057-d540-44f5-924d-c6a2ae92f045": { "deprecation_date": "2023/06/22", "rule_name": "Potential SSH Brute Force Detected on Privileged Account", "stack_version": "8.3" }, "a9198571-b135-4a76-b055-e3e5a476fd83": { "deprecation_date": "2021/04/15", "rule_name": "Hex Encoding/Decoding Activity", "stack_version": "7.14.0" }, "ad0e5e75-dd89-4875-8d0a-dfdc1828b5f3": { "deprecation_date": "2021/04/15", "rule_name": "Proxy Port Activity to the Internet", "stack_version": "7.14.0" }, "b1c14366-f4f8-49a0-bcbb-51d2de8b0bb8": { "deprecation_date": "2021/04/15", "rule_name": "Potential Persistence via Cron Job", "stack_version": "7.14.0" }, "c6474c34-4953-447a-903e-9fcb7b6661aa": { "deprecation_date": "2021/04/15", "rule_name": "IRC (Internet Relay Chat) Protocol Activity to the Internet", "stack_version": "7.14.0" }, "c87fca17-b3a9-4e83-b545-f30746c53920": { "deprecation_date": "2021/04/15", "rule_name": "Nmap Process Activity", "stack_version": "7.14.0" }, "cab4f01c-793f-4a54-a03e-e5d85b96d7af": { "deprecation_date": "2022/07/25", "rule_name": "Auditd Login from Forbidden Location", "stack_version": "7.16" }, "cc16f774-59f9-462d-8b98-d27ccd4519ec": { "deprecation_date": "2021/04/15", "rule_name": "Process Discovery via Tasklist", "stack_version": "7.14.0" }, "ccc55af4-9882-4c67-87b4-449a7ae8079c": { "deprecation_date": "2023/12/15", "rule_name": "Potential Process Herpaderping Attempt", "stack_version": "8.3" }, "cd4d5754-07e1-41d4-b9a5-ef4ea6a0a126": { "deprecation_date": "2021/04/15", "rule_name": "Socat Process Activity", "stack_version": "7.14.0" }, "d0b0f3ed-0b37-44bf-adee-e8cb7de92767": { "deprecation_date": "2025/03/14", "rule_name": "Deprecated - AWS Credentials Searched For Inside A Container", "stack_version": "8.14" }, "d2053495-8fe7-4168-b3df-dad844046be3": { "deprecation_date": "2021/04/15", "rule_name": "PPTP (Point to Point Tunneling Protocol) Activity", "stack_version": "7.14.0" }, "d6450d4e-81c6-46a3-bd94-079886318ed5": { "deprecation_date": "2022/07/28", "rule_name": "Strace Process Activity", "stack_version": "7.16" }, "da986d2c-ffbf-4fd6-af96-a88dbf68f386": { "deprecation_date": "2022/05/09", "rule_name": "Linux Restricted Shell Breakout via the gcc command", "stack_version": "7.16" }, "dc672cb7-d5df-4d1f-a6d7-0841b1caafb9": { "deprecation_date": "2022/01/12", "rule_name": "Threat Intel Filebeat Module (v7.x) Indicator Match", "stack_version": "8.0" }, "dd7f1524-643e-11ed-9e35-f661ea17fbcd": { "deprecation_date": "2023/07/04", "rule_name": "Reverse Shell Created via Named Pipe", "stack_version": "8.3" }, "df959768-b0c9-4d45-988c-5606a2be8e5a": { "deprecation_date": "2022/07/25", "rule_name": "Unusual Process Execution - Temp", "stack_version": "7.16" }, "e0dacebe-4311-4d50-9387-b17e89c2e7fd": { "deprecation_date": "2022/08/02", "rule_name": "Whitespace Padding in Process Command Line", "stack_version": "7.16" }, "e56993d2-759c-4120-984c-9ec9bb940fd5": { "deprecation_date": "2021/04/15", "rule_name": "RDP (Remote Desktop Protocol) to the Internet", "stack_version": "7.14.0" }, "e9b4a3c7-24fc-49fd-a00f-9c938031eef1": { "deprecation_date": "2022/05/09", "rule_name": "Linux Restricted Shell Breakout via busybox Shell Evasion", "stack_version": "7.16" }, "ea0784f0-a4d7-4fea-ae86-4baaf27a6f17": { "deprecation_date": "2021/04/15", "rule_name": "SSH (Secure Shell) from the Internet", "stack_version": "7.14.0" }, "eb6a3790-d52d-11ec-8ce9-f661ea17fbce": { "deprecation_date": "2023/07/31", "rule_name": "Suspicious Network Connection Attempt by Root", "stack_version": "8.3" }, "ec604672-bed9-43e1-8871-cf591c052550": { "deprecation_date": "2025/03/14", "rule_name": "Deprecated - File Made Executable via Chmod Inside A Container", "stack_version": "8.14" }, "ee619805-54d7-4c56-ba6f-7717282ddd73": { "deprecation_date": "2022/05/09", "rule_name": "Linux Restricted Shell Breakout via crash Shell evasion", "stack_version": "7.16" }, "ef65e82c-d8b4-4895-9824-5f6bc6166804": { "deprecation_date": "2025/03/14", "rule_name": "Deprecated - Potential Container Escape via Modified notify_on_release File", "stack_version": "8.14" }, "f52362cd-baf1-4b6d-84be-064efc826461": { "deprecation_date": "2022/05/09", "rule_name": "Linux Restricted Shell Breakout via flock Shell evasion", "stack_version": "7.16" }, "f5488ac1-099e-4008-a6cb-fb638a0f0828": { "deprecation_date": "2025/03/14", "rule_name": "Deprecated - SSH Connection Established Inside A Running Container", "stack_version": "8.14" }, "f7769104-e8f9-4931-94a2-68fc04eadec3": { "deprecation_date": "2025/03/14", "rule_name": "Deprecated - SSH Authorized Keys File Modified Inside a Container", "stack_version": "8.14" }, "fb9937ce-7e21-46bf-831d-1ad96eac674d": { "deprecation_date": "2022/07/25", "rule_name": "Auditd Max Failed Login Attempts", "stack_version": "7.16" }, "fd3fc25e-7c7c-4613-8209-97942ac609f6": { "deprecation_date": "2022/05/09", "rule_name": "Linux Restricted Shell Breakout via the expect command", "stack_version": "7.16" } }