From 63e983635ec55154f3d96c1f1826e99700581e08 Mon Sep 17 00:00:00 2001 From: terrancedejesus Date: Fri, 17 Jan 2025 09:53:59 -0500 Subject: [PATCH 1/4] Deprecating 'Potential Password Spraying of Microsoft 365 User Accounts' --- ..._access_microsoft_365_potential_password_spraying_attack.toml | 1 + 1 file changed, 1 insertion(+) rename rules/{integrations/o365 => _deprecated}/credential_access_microsoft_365_potential_password_spraying_attack.toml (98%) diff --git a/rules/integrations/o365/credential_access_microsoft_365_potential_password_spraying_attack.toml b/rules/_deprecated/credential_access_microsoft_365_potential_password_spraying_attack.toml similarity index 98% rename from rules/integrations/o365/credential_access_microsoft_365_potential_password_spraying_attack.toml rename to rules/_deprecated/credential_access_microsoft_365_potential_password_spraying_attack.toml index 7b2baeefe60..71137d3843e 100644 --- a/rules/integrations/o365/credential_access_microsoft_365_potential_password_spraying_attack.toml +++ b/rules/_deprecated/credential_access_microsoft_365_potential_password_spraying_attack.toml @@ -2,6 +2,7 @@ creation_date = "2020/12/01" integration = ["o365"] maturity = "production" +deprecation_date = "2025/01/17" updated_date = "2024/09/05" [rule] From d1cc91f2b7ab3ca1b5d953e5e9e0a586b2d21277 Mon Sep 17 00:00:00 2001 From: terrancedejesus Date: Fri, 17 Jan 2025 10:05:02 -0500 Subject: [PATCH 2/4] adding 'Deprecated - Suspicious JAVA Child Process' --- .../execution_suspicious_jar_child_process.toml | 1 + 1 file changed, 1 insertion(+) rename rules/{cross-platform => _deprecated}/execution_suspicious_jar_child_process.toml (99%) diff --git a/rules/cross-platform/execution_suspicious_jar_child_process.toml b/rules/_deprecated/execution_suspicious_jar_child_process.toml similarity index 99% rename from rules/cross-platform/execution_suspicious_jar_child_process.toml rename to rules/_deprecated/execution_suspicious_jar_child_process.toml index c4e9ce9e816..f599822af82 100644 --- a/rules/cross-platform/execution_suspicious_jar_child_process.toml +++ b/rules/_deprecated/execution_suspicious_jar_child_process.toml @@ -2,6 +2,7 @@ creation_date = "2021/01/19" integration = ["endpoint"] maturity = "production" +deprecation_date = "2025/01/17" updated_date = "2024/10/18" [rule] From 9a6955e5c1587dd47b69e1a8bf71ffa122d10ce3 Mon Sep 17 00:00:00 2001 From: terrancedejesus Date: Fri, 17 Jan 2025 10:12:08 -0500 Subject: [PATCH 3/4] updated dates --- ...access_microsoft_365_potential_password_spraying_attack.toml | 2 +- rules/_deprecated/execution_suspicious_jar_child_process.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/_deprecated/credential_access_microsoft_365_potential_password_spraying_attack.toml b/rules/_deprecated/credential_access_microsoft_365_potential_password_spraying_attack.toml index 71137d3843e..ba3693ec1bb 100644 --- a/rules/_deprecated/credential_access_microsoft_365_potential_password_spraying_attack.toml +++ b/rules/_deprecated/credential_access_microsoft_365_potential_password_spraying_attack.toml @@ -3,7 +3,7 @@ creation_date = "2020/12/01" integration = ["o365"] maturity = "production" deprecation_date = "2025/01/17" -updated_date = "2024/09/05" +updated_date = "2025/01/17" [rule] author = ["Elastic"] diff --git a/rules/_deprecated/execution_suspicious_jar_child_process.toml b/rules/_deprecated/execution_suspicious_jar_child_process.toml index f599822af82..2183dd1cc10 100644 --- a/rules/_deprecated/execution_suspicious_jar_child_process.toml +++ b/rules/_deprecated/execution_suspicious_jar_child_process.toml @@ -3,7 +3,7 @@ creation_date = "2021/01/19" integration = ["endpoint"] maturity = "production" deprecation_date = "2025/01/17" -updated_date = "2024/10/18" +updated_date = "2025/01/17" [rule] author = ["Elastic"] From 810cb1cfa9e18a9d23d1a5da7278938c3f1429dd Mon Sep 17 00:00:00 2001 From: terrancedejesus Date: Fri, 17 Jan 2025 10:19:38 -0500 Subject: [PATCH 4/4] changed to deprecated maturity --- ...access_microsoft_365_potential_password_spraying_attack.toml | 2 +- rules/_deprecated/execution_suspicious_jar_child_process.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/_deprecated/credential_access_microsoft_365_potential_password_spraying_attack.toml b/rules/_deprecated/credential_access_microsoft_365_potential_password_spraying_attack.toml index ba3693ec1bb..8a55c136cc3 100644 --- a/rules/_deprecated/credential_access_microsoft_365_potential_password_spraying_attack.toml +++ b/rules/_deprecated/credential_access_microsoft_365_potential_password_spraying_attack.toml @@ -1,7 +1,7 @@ [metadata] creation_date = "2020/12/01" integration = ["o365"] -maturity = "production" +maturity = "deprecated" deprecation_date = "2025/01/17" updated_date = "2025/01/17" diff --git a/rules/_deprecated/execution_suspicious_jar_child_process.toml b/rules/_deprecated/execution_suspicious_jar_child_process.toml index 2183dd1cc10..78fdaec6ff6 100644 --- a/rules/_deprecated/execution_suspicious_jar_child_process.toml +++ b/rules/_deprecated/execution_suspicious_jar_child_process.toml @@ -1,7 +1,7 @@ [metadata] creation_date = "2021/01/19" integration = ["endpoint"] -maturity = "production" +maturity = "deprecated" deprecation_date = "2025/01/17" updated_date = "2025/01/17"