Bobby Filar
e57cf31867
Modifying rules assoc w/ deprecation of v2 ML jobs (#1846)
* modifying rules assoc w/ deprecation of v2 ML jobs
* modified updated_date field
* fixed machine_learning_job_id and added min_stack_version
* replacing rest of deprecated jobs with new naming convention
* Update ml_suspicious_login_activity.toml
* removing rules assoc w/ deprecated ML jobs
* Update rules/ml/ml_linux_anomalous_compiler_activity.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
* Update rules/ml/ml_linux_anomalous_compiler_activity.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
* updated ml job rules to reflect 8.3 changes
* updating min_stack_version for ml detection rules
Co-authored-by: Craig Chamberlain <randomuserid@users.noreply.github.com>
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
Co-authored-by: Apoorva Joshi <30438249+ajosh0504@users.noreply.github.com>
Removed changes from:
- rules/ml/ml_linux_anomalous_compiler_activity.toml
- rules/ml/ml_linux_anomalous_metadata_process.toml
- rules/ml/ml_linux_anomalous_metadata_user.toml
- rules/ml/ml_linux_anomalous_network_activity.toml
- rules/ml/ml_linux_anomalous_network_port_activity.toml
- rules/ml/ml_linux_anomalous_process_all_hosts.toml
- rules/ml/ml_linux_anomalous_sudo_activity.toml
- rules/ml/ml_linux_anomalous_user_name.toml
- rules/ml/ml_linux_system_information_discovery.toml
- rules/ml/ml_linux_system_network_configuration_discovery.toml
- rules/ml/ml_linux_system_network_connection_discovery.toml
- rules/ml/ml_linux_system_process_discovery.toml
- rules/ml/ml_linux_system_user_discovery.toml
- rules/ml/ml_rare_process_by_host_linux.toml
- rules/ml/ml_rare_process_by_host_windows.toml
- rules/ml/ml_suspicious_login_activity.toml
- rules/ml/ml_windows_anomalous_metadata_process.toml
- rules/ml/ml_windows_anomalous_metadata_user.toml
- rules/ml/ml_windows_anomalous_network_activity.toml
- rules/ml/ml_windows_anomalous_path_activity.toml
- rules/ml/ml_windows_anomalous_process_all_hosts.toml
- rules/ml/ml_windows_anomalous_process_creation.toml
- rules/ml/ml_windows_anomalous_script.toml
- rules/ml/ml_windows_anomalous_service.toml
- rules/ml/ml_windows_anomalous_user_name.toml
- rules/ml/ml_windows_rare_user_runas_event.toml
- rules/ml/ml_windows_rare_user_type10_remote_login.toml
(selectively cherry picked from commit 9a739b7e4c)
2022-05-20 20:04:28 +00:00
..
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00
2022-03-29 21:03:35 -04:00