Skip to content

Prep for Release 9.0 #4550

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Mar 20, 2025
Merged

Prep for Release 9.0 #4550

merged 6 commits into from
Mar 20, 2025

Conversation

shashank-elastic
Copy link
Contributor

@shashank-elastic shashank-elastic commented Mar 20, 2025
edited
Loading

Pull Request

Issue link(s): As part of Release https://github.com/elastic/ia-trade-team/issues/565

Summary - What I changed

  • Followed Steps in prepare-for-next-elastic-stack-minor-release
    • Back port Version Trimming and removed 8.12
    • Added new version 8.18
    • Ran python -m detection_rules dev trim-version-lock 8.13 (new_min_supported_version) to adjust version lock
Rule Changes 
Loaded config file: /Users/shashankks/elastic_workspace/detection-rules/.detection-rules-cfg.json

█▀▀▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄   ▄      █▀▀▄ ▄  ▄ ▄   ▄▄▄ ▄▄▄
█  █ █▄▄  █  █▄▄ █    █   █  █ █ █▀▄ █      █▄▄▀ █  █ █   █▄▄ █▄▄
█▄▄▀ █▄▄  █  █▄▄ █▄▄  █  ▄█▄ █▄█ █ ▀▄█      █ ▀▄ █▄▄█ █▄▄ █▄▄ ▄▄█

Loading rules ...
Changes  applied:
000047bb-b27a-47ec-8b62-ef1a5d2c9e19: 8.12 updated to: 8.13
00140285-b827-4aee-aa09-8113f58a08f3: 8.12 updated to: 8.13
0022d47d-39c7-4f69-a232-4fe9dc7a3acd: 8.12 updated to: 8.13
01c49712-25bc-49d2-a27d-d7ce52f5dc49: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
027ff9ea-85e7-42e3-99d2-bbb7069e02eb: 8.12 updated to: 8.13
0294f105-d7af-4a02-ae90-35f56763ffa2: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
02a4576a-7480-4284-9327-548a806b5e48: 8.12 updated to: 8.13
035889c4-2686-4583-a7df-67f89c292f2c: 8.12 updated to: 8.13
0369e8a6-0fa7-4e7a-961a-53180a4c966e: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
043d80a3-c49e-43ef-9c72-1088f0c7b278: 8.12 updated to: 8.13
053a0387-f3b5-4ba5-8245-8002cca2bd08: 8.12 updated to: 8.13
0564fb9d-90b9-4234-a411-82a546dc1343: 8.12 updated to: 8.13
05b358de-aa6d-4f6c-89e6-78f74018b43b: 8.12 updated to: 8.13
0635c542-1b96-4335-9b47-126582d2c19a: 8.12 updated to: 8.13
06568a02-af29-4f20-929c-f3af281e41aa: 8.12 updated to: 8.13
06a7a03c-c735-47a6-a313-51c354aef6c3: 8.12 updated to: 8.13
06d555e4-c8ce-4d90-90e1-ec7f66df5a6a: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
06dceabf-adca-48af-ac79-ffdf4c3b1e9a: 8.12 updated to: 8.13
074464f9-f30d-4029-8c03-0ed237fffec7: 8.12 updated to: 8.13
07639887-da3a-4fbf-9532-8ce748ff8c50: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
07b1ef73-1fde-4a49-a34a-5dd40011b076: 8.12 updated to: 8.13
0859355c-0f08-4b43-8ff5-7d2a4789fc08: 8.12 updated to: 8.13
095b6a58-8f88-4b59-827c-ab584ad4e759: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
0abf0c5b-62dd-48d2-ac4e-6b43fe3a6e83: 8.12 updated to: 8.13
0b29cab4-dbbd-4a3f-9e8e-1287c7c11ae5: 8.12 updated to: 8.13
0b2f3da5-b5ec-47d1-908b-6ebb74814289: 8.12 updated to: 8.13
0b803267-74c5-444d-ae29-32b5db2d562a: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
0c1e8fda-4f09-451e-bc77-a192b6cbfc32: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
0c7ca5c2-728d-4ad9-b1c5-bbba83ecb1f4: 8.12 updated to: 8.13
0cd2f3e6-41da-40e6-b28b-466f688f00a6: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
0d69150b-96f8-467c-a86d-a67a3378ce77: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
0e1af929-42ed-4262-a846-55a7c54e7c84: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
0e4367a0-a483-439d-ad2e-d90500b925fd: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
0e524fa6-eed3-11ef-82b4-f661ea17fbce: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
0e79980b-4250-4a50-a509-69294c14e84b: 8.12 updated to: 8.13
0f54e947-9ab3-4dff-9e8d-fb42493eaa2f: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
0f56369f-eb3d-459c-a00b-87c2bf7bdfc5: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
0f93cb9a-1931-48c2-8cd0-f173fd3e5283: 8.12 updated to: 8.13
1160dcdb-0a0a-4a79-91d8-9b84616edebd: 8.12 updated to: 8.13
1178ae09-5aff-460a-9f2f-455cd0ac4d8e: 8.12 updated to: 8.13
11dd9713-0ec6-4110-9707-32daae1ee68c: 8.12 updated to: 8.13
11ea6bec-ebde-4d71-a8e9-784948f8e3e9: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
1224da6c-0326-4b4f-8454-68cdc5ae542b: 8.12 updated to: 8.13
128468bf-cab1-4637-99ea-fdf3780a4609: 8.12 updated to: 8.13
12de29d4-bbb0-4eef-b687-857e8a163870: 8.12 updated to: 8.13
12f07955-1674-44f7-86b5-c35da0a6f41a: 8.12 updated to: 8.13
1327384f-00f3-44d5-9a8c-2373ba071e92: 8.12 updated to: 8.13
135abb91-dcf4-48aa-b81a-5ad036b67c68: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
1397e1b9-0c90-4d24-8d7b-80598eb9bc9a: 8.12 updated to: 8.13
14dab405-5dd9-450c-8106-72951af2391f: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
14ed1aa9-ebfd-4cf9-a463-0ac59ec55204: 8.12 updated to: 8.13
1502a836-84b2-11ef-b026-f661ea17fbcc: 8.12 updated to: 8.13
15a8ba77-1c13-4274-88fe-6bd14133861e: 8.12 updated to: 8.13
15c0b7a7-9c34-4869-b25b-fa6518414899: 8.12 updated to: 8.13
166727ab-6768-4e26-b80c-948b228ffc06: 8.12 updated to: 8.13
16fac1a1-21ee-4ca6-b720-458e3855d046: 8.12 updated to: 8.13
17261da3-a6d0-463c-aac8-ea1718afcd20: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
1781d055-5c66-4adf-9c59-fc0fa58336a5: 8.12 updated to: 8.13
1781d055-5c66-4adf-9c71-fc0fa58338c7: 8.12 updated to: 8.13
1781d055-5c66-4adf-9d60-fc0fa58337b6: 8.12 updated to: 8.13
1781d055-5c66-4adf-9d82-fc0fa58449c8: 8.12 updated to: 8.13
1781d055-5c66-4adf-9e93-fc0fa69550c9: 8.12 updated to: 8.13
17b3fcd1-90fb-4f5d-858c-dc1d998fa368: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
17c7f6a5-5bc9-4e1f-92bf-13632d24384d: 8.12 updated to: 8.13
181f6b23-3799-445e-9589-0018328a9e46: 8.12 updated to: 8.13
1a6075b0-7479-450e-8fe7-b8b8438ac570: 8.12 updated to: 8.13
1aa9181a-492b-4c01-8b16-fa0735786b2b: 8.12 updated to: 8.13
1b21abcc-4d9f-4b08-a7f5-316f5f94b973: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
1ca62f14-4787-4913-b7af-df11745a49da: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
1cd01db9-be24-4bef-8e7c-e923f0ff78ab: 8.12 updated to: 8.13
1ceb05c4-7d25-11ee-9562-f661ea17fbcd: 8.12 updated to: 8.13
1d276579-3380-4095-ad38-e596a01bc64f: 8.12 updated to: 8.13
1d9aeb0b-9549-46f6-a32d-05e2a001b7fd: 8.12 updated to: 8.13
1dcc51f6-ba26-49e7-9ef4-2655abb2361e: 8.12 updated to: 8.13
1defdd62-cd8d-426e-a246-81a37751bb2b: 8.12 updated to: 8.13
1df1152b-610a-4f48-9d7a-504f6ee5d9da: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
1e0a3f7c-21e7-4bb1-98c7-2036612fb1be: 8.12 updated to: 8.13
1e1b2e7e-b8f5-45e5-addc-66cc1224ffbc: 8.12 updated to: 8.13
1e6363a6-3af5-41d4-b7ea-d475389c0ceb: 8.12 updated to: 8.13
1e9b271c-8caa-4e20-aed8-e91e34de9283: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
1f0a69c0-3392-4adf-b7d5-6012fd292da8: 8.12 updated to: 8.13
1f45720e-5ea8-11ef-90d2-f661ea17fbce: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
1f460f12-a3cf-4105-9ebb-f788cc63f365: 8.12 updated to: 8.13
1fa350e0-0aa2-4055-bf8f-ab8b59233e59: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
1fe3b299-fbb5-4657-a937-1d746f2c711a: 8.12 updated to: 8.13
201200f1-a99b-43fb-88ed-f65a45c4972c: 8.12 updated to: 8.13
202829f6-0271-4e88-b882-11a655c590d4: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
203ab79b-239b-4aa5-8e54-fc50623ee8e4: 8.12 updated to: 8.13
205b52c4-9c28-4af4-8979-935f3278d61a: 8.12 updated to: 8.13
208dbe77-01ed-4954-8d44-1e5751cb20de: 8.12 updated to: 8.13
220be143-5c67-4fdb-b6ce-dd6826d024fd: 8.12 updated to: 8.13
2339f03c-f53f-40fa-834b-40c5983fc41f: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
24401eca-ad0b-4ff9-9431-487a8e183af9: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
25224a80-5a4a-4b8a-991e-6ab390465c4f: 8.12 updated to: 8.13
2553a9af-52a4-4a05-bb03-85b2a479a0a0: 8.12 updated to: 8.13
259be2d8-3b1a-4c2c-a0eb-0c8e77f35e39: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
260486ee-7d98-11ee-9599-f661ea17fbcd: 8.12 updated to: 8.13
263481c8-1e9b-492e-912d-d1760707f810: 8.12 updated to: 8.13
265db8f5-fc73-4d0d-b434-6483b56372e2: 8.12 updated to: 8.13
266bbea8-fcf9-4b0e-ba7b-fc00f6b1dc73: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
26a726d7-126e-4267-b43d-e9a70bfdee1e: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
26f68dba-ce29-497b-8e13-b4fde1db5a2d: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
27071ea3-e806-4697-8abc-e22c92aa4293: 8.12 updated to: 8.13
2724808c-ba5d-48b2-86d2-0002103df753: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
2772264c-6fb9-4d9d-9014-b416eed21254: 8.12 updated to: 8.13
2820c9c2-bcd7-4d6e-9eba-faf3891ba450: 8.12 updated to: 8.13
28371aa1-14ed-46cf-ab5b-2fc7d1942278: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
2856446a-34e6-435b-9fb5-f8f040bfa7ed: 8.12 updated to: 8.13
28d39238-0c01-420a-b77a-24e5a7378663: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
28eb3afe-131d-48b0-a8fc-9784f3d54f3c: 8.12 updated to: 8.13
290aca65-e94d-403b-ba0f-62f320e63f51: 8.12 updated to: 8.13
2917d495-59bd-4250-b395-c29409b76086: 8.12 updated to: 8.13
291a0de9-937a-4189-94c0-3e847c8b13e4: 8.12 updated to: 8.13
29b53942-7cd4-11ee-b70e-f661ea17fbcd: 8.12 updated to: 8.13
29f0cf93-d17c-4b12-b4f3-a433800539fa: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
2b662e21-dc6e-461e-b5cf-a6eb9b235ec4: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
2bf78aa2-9c56-48de-b139-f169bf99cf86: 8.12 updated to: 8.13
2c17e5d7-08b9-43b2-b58a-0270d65ac85b: 8.12 updated to: 8.13
2c3c29a4-f170-42f8-a3d8-2ceebc18eb6a: 8.12 updated to: 8.13
2c6a6acf-0dcb-404d-89fb-6b0327294cfa: 8.12 updated to: 8.13
2d62889e-e758-4c5e-b57e-c735914ee32a: 8.12 updated to: 8.13
2dd480be-1263-4d9c-8672-172928f6789a: 8.12 updated to: 8.13
2ddc468e-b39b-4f5b-9825-f3dcb0e998ea: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
2de87d72-ee0c-43e2-b975-5f0b029ac600: 8.12 updated to: 8.13
2e1e835d-01e5-48ca-b9fc-7a61f7f11902: 8.12 updated to: 8.13
2e29e96a-b67c-455a-afe4-de6183431d0d: 8.12 updated to: 8.13
2e311539-cd88-4a85-a301-04f38795007c: 8.12 updated to: 8.13
2e56e1bc-867a-11ee-b13e-f661ea17fbcd: 8.12 updated to: 8.13
2edc8076-291e-41e9-81e4-e3fcbc97ae5e: 8.12 updated to: 8.13
2f2f4939-0b34-40c2-a0a3-844eb7889f43: 8.12 updated to: 8.13
2f8a1226-5720-437d-9c20-e0029deb6194: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
2ffa1f1e-b6db-47fa-994b-1512743847eb: 8.12 updated to: 8.13
30bfddd7-2954-4c9d-bbc6-19a99ca47e23: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
31b4c719-f2b4-41f6-a9bd-fce93c2eaf62: 8.12 updated to: 8.13
3216949c-9300-4c53-b57a-221e364c6457: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
32c5cf9c-2ef8-4e87-819e-5ccb7cd18b14: 8.12 updated to: 8.13
32f4675e-6c49-4ace-80f9-97c9259dca2e: 8.12 updated to: 8.13
3302835b-0049-4004-a325-660b1fba1f67: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
33a6752b-da5e-45f8-b13a-5f094c09522f: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
345889c4-23a8-4bc0-b7ca-756bd17ce83b: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
3535c8bb-3bd5-40f4-ae32-b7cd589d5372: 8.12 updated to: 8.13
35ab3cfa-6c67-11ef-ab4d-f661ea17fbcc: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
35df0dd8-092d-4a83-88c1-5151a804f31b: 8.12 updated to: 8.13
36a8e048-d888-4f61-a8b9-0f9e2e40f317: 8.12 updated to: 8.13
3728c08d-9b70-456b-b6b8-007c7d246128: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
3805c3dc-f82c-4f8d-891e-63c24d3102b0: 8.12 updated to: 8.13
3838e0e3-1850-4850-a411-2e8c5ba40ba8: 8.12 updated to: 8.13
397945f3-d39a-4e6f-8bcb-9656c2031438: 8.12 updated to: 8.13
3a59fc81-99d3-47ea-8cd6-d48d561fca20: 8.12 updated to: 8.13
3a657da0-1df2-11ef-a327-f661ea17fbcc: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
3af4cb9b-973f-4c54-be2b-7623c0e21b2b: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
3b47900d-e793-49e8-968f-c90dc3526aa1: 8.12 updated to: 8.13
3bc6deaa-fbd4-433a-ae21-3e892f95624f: 8.12 updated to: 8.13
3ca81a95-d5af-4b77-b0ad-b02bc746f640: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
3d00feab-e203-4acc-a463-c3e15b7e9a73: 8.12 updated to: 8.13
3d3aa8f9-12af-441f-9344-9f31053e316d: 8.12 updated to: 8.13
3e0eeb75-16e8-4f2f-9826-62461ca128b7: 8.12 updated to: 8.13
3ecbdc9e-e4f2-43fa-8cca-63802125e582: 8.12 updated to: 8.13
3ed032b2-45d8-4406-bc79-7ad1eabb2c72: 8.12 updated to: 8.13
3fac01b2-b811-11ef-b25b-f661ea17fbce: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
3fe4e20c-a600-4a86-9d98-3ecb1ef23550: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
40155ee4-1e6a-4e4d-a63b-e8ba16980cfb: 8.12 updated to: 8.13
4021e78d-5293-48d3-adee-a70fa4c18fab: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
4030c951-448a-4017-a2da-ed60f6d14f4f: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
403ef0d3-8259-40c9-a5b6-d48354712e49: 8.12 updated to: 8.13
41284ba3-ed1a-4598-bfba-a97f75d9aba2: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
416697ae-e468-4093-a93d-59661fa619ec: 8.12 updated to: 8.13
41761cd3-380f-4d4d-89f3-46d6853ee35d: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
4182e486-fc61-11ee-a05d-f661ea17fbce: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
42bf698b-4738-445b-8231-c834ddefd8a0: 8.12 updated to: 8.13
42eeee3d-947f-46d3-a14d-7036b962c266: 8.12 updated to: 8.13
43d6ec12-2b1c-47b5-8f35-e9de65551d3b: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
440e2db4-bc7f-4c96-a068-65b78da59bde: 8.12 updated to: 8.13
445a342e-03fb-42d0-8656-0367eb2dead5: 8.12 updated to: 8.13
44fc462c-1159-4fa8-b1b7-9b6296ab4f96: 8.12 updated to: 8.13
45ac4800-840f-414c-b221-53dd36a5aaf7: 8.12 updated to: 8.13
45d273fb-1dca-457d-9855-bcb302180c21: 8.12 updated to: 8.13
4630d948-40d4-4cef-ac69-4002e29bc3db: 8.12 updated to: 8.13
4682fd2c-cfae-47ed-a543-9bed37657aa6: 8.12 updated to: 8.13
474fd20e-14cc-49c5-8160-d9ab4ba16c8b: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
476267ff-e44f-476e-99c1-04c78cb3769d: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
47e22836-4a16-4b35-beee-98f6c4ee9bf2: 8.12 updated to: 8.13
483c4daf-b0c6-49e0-adf3-0bfa93231d6b: 8.12 updated to: 8.13
48b6edfc-079d-4907-b43c-baffa243270d: 8.12 updated to: 8.13
494ebba4-ecb7-4be4-8c6f-654c686549ad: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
4982ac3e-d0ee-4818-b95d-d9522d689259: 8.12 updated to: 8.13
4a99ac6f-9a54-4ba5-a64f-6eb65695841b: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
4b438734-3793-4fda-bd42-ceeada0be8f9: 8.12 updated to: 8.13
4b868f1f-15ff-4ba3-8c11-d5a7a6356d37: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
4bd1c1af-79d4-4d37-9efa-6e0240640242: 8.12 updated to: 8.13
4c59cff1-b78a-41b8-a9f1-4231984d1fb6: 8.12 updated to: 8.13
4d4c35f4-414e-4d0c-bb7e-6db7c80a6957: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
4de76544-f0e5-486a-8f84-eae0b6063cdc: 8.12 updated to: 8.13
4e85dc8a-3e41-40d8-bc28-91af7ac6cf60: 8.12 updated to: 8.13
4ec47004-b34a-42e6-8003-376a123ea447: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
4ed493fc-d637-4a36-80ff-ac84937e5461: 8.12 updated to: 8.13
4ed678a9-3a4f-41fb-9fea-f85a6e0a0dff: 8.12 updated to: 8.13
4edd3e1a-3aa0-499b-8147-4d2ea43b1613: 8.12 updated to: 8.13
4f855297-c8e0-4097-9d97-d653f7e471c4: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
4fe9d835-40e1-452d-8230-17c147cafad8: 8.12 updated to: 8.13
50887ba8-7ff7-11ee-a038-f661ea17fbcd: 8.12 updated to: 8.13
51176ed2-2d90-49f2-9f3d-17196428b169: 8.12 updated to: 8.13
5124e65f-df97-4471-8dcb-8e3953b3ea97: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
513f0ffd-b317-4b9c-9494-92ce861f22c7: 8.12 updated to: 8.13
5188c68e-d3de-4e96-994d-9e242269446f: 8.12 updated to: 8.13
51ce96fb-9e52-4dad-b0ba-99b54440fc9a: 8.12 updated to: 8.13
52aaab7b-b51c-441a-89ce-4387b3aea886: 8.12 updated to: 8.13
53a26770-9cbd-40c5-8b57-61d01a325e14: 8.12 updated to: 8.13
53dedd83-1be7-430f-8026-363256395c8b: 8.12 updated to: 8.13
54902e45-3467-49a4-8abc-529f2c8cfb80: 8.12 updated to: 8.13
54a81f68-5f2a-421e-8eed-f888278bb712: 8.12 updated to: 8.13
54c3d186-0461-4dc3-9b33-2dc5c7473936: 8.12 updated to: 8.13
55c2bf58-2a39-4c58-a384-c8b1978153c2: 8.12 updated to: 8.13
55d551c6-333b-4665-ab7e-5d14a59715ce: 8.12 updated to: 8.13
56004189-4e69-4a39-b4a9-195329d226e9: 8.12 updated to: 8.13
5610b192-7f18-11ee-825b-f661ea17fbcd: 8.12 updated to: 8.13
56557cde-d923-4b88-adee-c61b3f3b5dc3: 8.12 updated to: 8.13
56f2e9b5-4803-4e44-a0a4-a52dc79d57fe: 8.12 updated to: 8.13
577ec21e-56fe-4065-91d8-45eb8224fe77: 8.12 updated to: 8.13
57bccf1d-daf5-4e1a-9049-ff79b5254704: 8.12 updated to: 8.13
57bfa0a9-37c0-44d6-b724-54bf16787492: 8.12 updated to: 8.13
581add16-df76-42bb-af8e-c979bfb39a59: 8.12 updated to: 8.13
58aa72ca-d968-4f34-b9f7-bea51d75eb50: 8.12 updated to: 8.13
5a138e2e-aec3-4240-9843-56825d0bc569: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
5a14d01d-7ac8-4545-914c-b687c2cf66b3: 8.12 updated to: 8.13
5ae02ebc-a5de-4eac-afe6-c88de696477d: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
5aee924b-6ceb-4633-980e-1bde8cdb40c5: 8.12 updated to: 8.13
5b18eef4-842c-4b47-970f-f08d24004bde: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
5bb4a95d-5a08-48eb-80db-4c3a63ec78a8: 8.12 updated to: 8.13
5bda8597-69a6-4b9e-87a2-69a7c963ea83: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
5c602cba-ae00-4488-845d-24de2b6d8055: 8.12 updated to: 8.13
5c6f4c58-b381-452a-8976-f1b1c6aa0def: 8.12 updated to: 8.13
5c832156-5785-4c9c-a2e7-0d80d2ba3daa: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
5c9ec990-37fa-4d5c-abfc-8d432f3dedd0: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
5cd55388-a19c-47c7-8ec4-f41656c2fded: 8.12 updated to: 8.13
5cd8e1f7-0050-4afc-b2df-904e40b2f5ae: 8.12 updated to: 8.13
5cf6397e-eb91-4f31-8951-9f0eaa755a31: 8.12 updated to: 8.13
5d1d6907-0747-4d5d-9b24-e4a18853dc0a: 8.12 updated to: 8.13
5d676480-9655-4507-adc6-4eec311efff8: 8.12 updated to: 8.13
5e4023e7-6357-4061-ae1c-9df33e78c674: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
5f0234fd-7f21-42af-8391-511d5fd11d5c: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
5f2f463e-6997-478c-8405-fb41cc283281: 8.12 updated to: 8.13
610949a1-312f-4e04-bb55-3a79b8c95267: 8.12 updated to: 8.13
61336fe6-c043-4743-ab6e-41292f439603: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
61766ef9-48a5-4247-ad74-3349de7eb2ad: 8.12 updated to: 8.13
61ac3638-40a3-44b2-855a-985636ca985e: 8.12 updated to: 8.13
61d29caf-6c15-4d1e-9ccb-7ad12ccc0bc7: 8.12 updated to: 8.13
621e92b6-7e54-11ee-bdc0-f661ea17fbcd: 8.12 updated to: 8.13
622ecb68-fa81-4601-90b5-f8cd661e4520: 8.12 updated to: 8.13
627374ab-7080-4e4d-8316-bef1122444af: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
62a70f6f-3c37-43df-a556-f64fa475fba2: 8.12 updated to: 8.13
63153282-12da-415f-bad8-c60c9b36cbe3: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
63e65ec3-43b1-45b0-8f2d-45b34291dc44: 8.12 updated to: 8.13
65432f4a-e716-4cc1-ab11-931c4966da2d: 8.12 updated to: 8.13
6649e656-6f85-11ef-8876-f661ea17fbcc: 8.12 updated to: 8.13
665e7a4f-c58e-4fc6-bc83-87a7572670ac: 8.12 updated to: 8.13
66c058f3-99f4-4d18-952b-43348f2577a0: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
670b3b5a-35e5-42db-bd36-6c5b9b4b7313: 8.12 updated to: 8.13
6731fbf2-8f28-49ed-9ab9-9a918ceb5a45: 8.12 updated to: 8.13
676cff2b-450b-4cf1-8ed2-c0c58a4a2dd7: 8.12 updated to: 8.13
6839c821-011d-43bd-bd5b-acff00257226: 8.12 updated to: 8.13
6885d2ae-e008-4762-b98a-e8e1cd3a81e9: 8.12 updated to: 8.13
68921d85-d0dc-48b3-865f-43291ca2c4f2: 8.12 updated to: 8.13
689b9d57-e4d5-4357-ad17-9c334609d79a: 8.12 updated to: 8.13
68ad737b-f90a-4fe5-bda6-a68fa460044e: 8.12 updated to: 8.13
68d56fdc-7ffa-4419-8e95-81641bd6f845: 8.12 updated to: 8.13
696015ef-718e-40ff-ac4a-cc2ba88dbeeb: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
69c251fb-a5d6-4035-b5ec-40438bd829ff: 8.12 updated to: 8.13
6a058ed6-4e9f-49f3-8f8e-f32165ae7ebf: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
6a8ab9cc-4023-4d17-b5df-1a3e16882ce7: 8.12 updated to: 8.13
6aace640-e631-4870-ba8e-5fdda09325db: 8.12 updated to: 8.13
6ace94ba-f02c-4d55-9f53-87d99b6f9af4: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
6b341d03-1d63-41ac-841a-2009c86959ca: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
6bed021a-0afb-461c-acbe-ffdb9574d3f3: 8.12 updated to: 8.13
6cd1779c-560f-4b68-a8f1-11009b27fe63: 8.12 updated to: 8.13
6cea88e4-6ce2-4238-9981-a54c140d6336: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
6d448b96-c922-4adb-b51c-b767f1ea5b76: 8.12 updated to: 8.13
6ded0996-7d4b-40f2-bf4a-6913e7591795: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
6e1a2cc4-d260-11ed-8829-f661ea17fbcc: 8.12 updated to: 8.13
6e40d56f-5c0e-4ac6-aece-bee96645b172: 8.12 updated to: 8.13
6e9130a5-9be6-48e5-943a-9628bfc74b18: 8.12 updated to: 8.13
6ea41894-66c3-4df7-ad6b-2c5074eb3df8: 8.12 updated to: 8.13
6ea55c81-e2ba-42f2-a134-bccf857ba922: 8.12 updated to: 8.13
6ee947e9-de7e-4281-a55d-09289bdf947e: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
6f024bde-7085-489b-8250-5957efdf1caf: 8.12 updated to: 8.13
6f1bb4b2-7dc8-11ee-92b2-f661ea17fbcd: 8.12 updated to: 8.13
708c9d92-22a3-4fe0-b6b9-1f861c55502d: 8.12 updated to: 8.13
71bccb61-e19b-452f-b104-79a60e546a95: 8.12 updated to: 8.13
71c5cb27-eca5-4151-bb47-64bc3f883270: 8.12 updated to: 8.13
725a048a-88c5-4fc7-8677-a44fc0031822: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
729aa18d-06a6-41c7-b175-b65b739b1181: 8.12 updated to: 8.13
730ed57d-ae0f-444f-af50-78708b57edd5: 8.12 updated to: 8.13
7405ddf1-6c8e-41ce-818f-48bea6bcaed8: 8.12 updated to: 8.13
74f45152-9aee-11ef-b0a5-f661ea17fbcd: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
764c9fcd-4c4c-41e6-a0c7-d6c46c2eff66: 8.12 updated to: 8.13
766d3f91-3f12-448c-b65f-20123e9e9e8c: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
76ddb638-abf7-42d5-be22-4a70b0bf7241: 8.12 updated to: 8.13
76fd43b7-3480-4dd9-8ad7-8bd36bfad92f: 8.12 updated to: 8.13
770e0c4d-b998-41e5-a62e-c7901fd7f470: 8.12 updated to: 8.13
77122db4-5876-4127-b91b-6c179eb21f88: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
78390eb5-c838-4c1d-8240-69dd7397cfb7: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
78de1aeb-5225-4067-b8cc-f4a1de8a8546: 8.12 updated to: 8.13
7957f3b9-f590-4062-b9f9-003c32bfc7d6: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
79f0a1f7-ed6b-471c-8eb1-23abd6470b1c: 8.12 updated to: 8.13
79f97b31-480e-4e63-a7f4-ede42bf2c6de: 8.12 updated to: 8.13
7b8bfc26-81d2-435e-965c-d722ee397ef1: 8.12 updated to: 8.13
7b981906-86b7-4544-8033-c30ec6eb45fc: 8.12 updated to: 8.13
7ba58110-ae13-439b-8192-357b0fcfa9d7: 8.12 updated to: 8.13
7ce5e1c7-6a49-45e6-a101-0720d185667f: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
7df3cb8b-5c0c-4228-b772-bb6cd619053c: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
7e23dfef-da2c-4d64-b11d-5f285b638853: 8.12 updated to: 8.13
7efca3ad-a348-43b2-b544-c93a78a0ef92: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
7f370d54-c0eb-4270-ac5a-9a6020585dc6: 8.12 updated to: 8.13
7fda9bb2-fd28-11ee-85f9-f661ea17fbce: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
8025db49-c57c-4fc0-bd86-7ccd6d10a35a: 8.12 updated to: 8.13
808291d3-e918-4a3a-86cd-73052a0c9bdc: 8.12 updated to: 8.13
818e23e6-2094-4f0e-8c01-22d30f3506c6: 8.12 updated to: 8.13
81fe9dc6-a2d7-4192-a2d8-eed98afc766a: 8.12 updated to: 8.13
81ff45f8-f8c2-4e28-992e-5a0e8d98e0fe: 8.12 updated to: 8.13
834ee026-f9f9-4ec7-b5e0-7fbfe84765f4: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
83bf249e-4348-47ba-9741-1202a09556ad: 8.12 updated to: 8.13
83e9c2b3-24ef-4c1d-a8cd-5ebafb5dfa2f: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
846fe13f-6772-4c83-bd39-9d16d4ad1a81: 8.12 updated to: 8.13
84d1f8db-207f-45ab-a578-921d91c23eb2: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
84da2554-e12a-11ec-b896-f661ea17fbcd: 8.12 updated to: 8.13
860f2a03-a1cf-48d6-a674-c6d62ae608a1: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
86aa8579-1526-4dff-97cd-3635eb0e0545: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
871ea072-1b71-4def-b016-6278b505138d: 8.12 updated to: 8.13
891cb88e-441a-4c3e-be2d-120d99fe7b0d: 8.12 updated to: 8.13
894326d2-56c0-4342-b553-4abfaf421b5b: 8.12 updated to: 8.13
894b7cc9-040b-427c-aca5-36b40d3667bf: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
897dc6b5-b39f-432a-8d75-d3730d50c782: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
89f9a4b0-9f8f-4ee0-8823-c4751a6d6696: 8.12 updated to: 8.13
8a0fbd26-867f-11ee-947c-f661ea17fbcd: 8.12 updated to: 8.13
8a0fd93a-7df8-410d-8808-4cc5e340f2b9: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
8a1d4831-3ce6-4859-9891-28931fa6101d: 8.12 updated to: 8.13
8a5c1e5f-ad63-481e-b53a-ef959230f7f1: 8.12 updated to: 8.13
8a7933b4-9d0a-4c1c-bda5-e39fb045ff1d: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
8af5b42f-8d74-48c8-a8d0-6d14b4197288: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
8b2b3a62-a598-4293-bc14-3d5fa22bb98f: 8.12 updated to: 8.13
8b4f0816-6a65-4630-86a6-c21c179c0d09: 8.12 updated to: 8.13
8c37dc0e-e3ac-4c97-8aa0-cf6a9122de45: 8.12 updated to: 8.13
8da41fc9-7735-4b24-9cc6-c78dfc9fc9c9: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
8e2485b6-a74f-411b-bf7f-38b819f3a846: 8.12 updated to: 8.13
8eec4df1-4b4b-4502-b6c3-c788714604c9: 8.12 updated to: 8.13
8eeeda11-dca6-4c3e-910f-7089db412d1c: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
8f242ffb-b191-4803-90ec-0f19942e17fd: 8.12 updated to: 8.13
8f919d4b-a5af-47ca-a594-6be59cd924a4: 8.12 updated to: 8.13
90169566-2260-4824-b8e4-8615c3b4ed52: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
907a26f5-3eb6-4338-a70e-6c375c1cde8a: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
90babaa8-5216-4568-992d-d4a01a105d98: 8.12 updated to: 8.13
929223b4-fba3-4a1c-a943-ec4716ad23ec: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
92984446-aefb-4d5e-ad12-598042ca80ba: 8.12 updated to: 8.13
92a6faf5-78ec-4e25-bea1-73bacc9b59d9: 8.12 updated to: 8.13
92d3a04e-6487-4b62-892d-70e640a590dc: 8.12 updated to: 8.13
93b22c0a-06a0-4131-b830-b10d5e166ff4: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
93c1ce76-494c-4f01-8167-35edfb52f7b1: 8.12 updated to: 8.13
94418745-529f-4259-8d25-a713a6feb6ae: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
94a401ba-4fa2-455c-b7ae-b6e037afc0b7: 8.12 updated to: 8.13
951779c2-82ad-4a6c-82b8-296c1f691449: 8.12 updated to: 8.13
952c92af-d67f-4f01-8a9c-725efefa7e07: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
954ee7c8-5437-49ae-b2d6-2960883898e9: 8.12 updated to: 8.13
959a7353-1129-4aa7-9084-30746b256a70: 8.12 updated to: 8.13
968ccab9-da51-4a87-9ce2-d3c9782fd759: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
96b9f4ea-0e8c-435b-8d53-2096e75fcac5: 8.12 updated to: 8.13
97020e61-e591-4191-8a3b-2861a2b887cd: 8.12 updated to: 8.13
9705b458-689a-4ec6-afe8-b4648d090612: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
976b2391-413f-4a94-acb4-7911f3803346: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
97a8e584-fd3b-421f-9b9d-9c9d9e57e9d7: 8.12 updated to: 8.13
97aba1ef-6034-4bd3-8c1a-1e0996b27afa: 8.12 updated to: 8.13
986361cd-3dac-47fe-afa1-5c5dd89f2fb4: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
98843d35-645e-4e66-9d6a-5049acd96ce1: 8.12 updated to: 8.13
994e40aa-8c85-43de-825e-15f665375ee8: 8.12 updated to: 8.13
9960432d-9b26-409f-972b-839a959e79e2: 8.12 updated to: 8.13
999565a2-fc52-4d72-91e4-ba6712c0377e: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
99c2b626-de44-4322-b1f9-157ca408c17e: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
9a1a2dae-0b5f-4c3d-8305-a268d404c306: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
9a5b4e31-6cde-4295-9ff7-6be1b8567e1b: 8.12 updated to: 8.13
9aa0e1f6-52ce-42e1-abb3-09657cee2698: 8.12 updated to: 8.13
9aa4be8d-5828-417d-9f54-7cd304571b24: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
9b343b62-d173-4cfd-bd8b-e6379f964ca4: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
9b6813a1-daf1-457e-b0e6-0bb4e55b8a4c: 8.12 updated to: 8.13
9c260313-c811-4ec8-ab89-8f6530e0246c: 8.12 updated to: 8.13
9c865691-5599-447a-bac9-b3f2df5f9a9d: 8.12 updated to: 8.13
9ccf3ce0-0057-440a-91f5-870c6ad39093: 8.12 updated to: 8.13
9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae2: 8.12 updated to: 8.13
9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae3: 8.12 updated to: 8.13
9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae4: 8.12 updated to: 8.13
9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae5: 8.12 updated to: 8.13
9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae6: 8.12 updated to: 8.13
9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae9: 8.12 updated to: 8.13
9f1c4ca3-44b5-481d-ba42-32dc215a2769: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
9f962927-1a4f-45f3-a57b-287f2c7029c1: 8.12 updated to: 8.13
a02cb68e-7c93-48d1-93b2-2c39023308eb: 8.12 updated to: 8.13
a13167f1-eec2-4015-9631-1fee60406dcf: 8.12 updated to: 8.13
a1329140-8de3-4445-9f87-908fb6d824f4: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
a16612dd-b30e-4d41-86a0-ebe70974ec00: 8.12 updated to: 8.13
a1699af0-8e1e-4ed0-8ec1-89783538a061: 8.12 updated to: 8.13
a22a09c2-2162-4df0-a356-9aacbeb56a04: 8.12 updated to: 8.13
a2d04374-187c-4fd9-b513-3ad4e7fdd67a: 8.12 updated to: 8.13
a3ea12f3-0d4e-4667-8b44-4230c63f3c75: 8.12 updated to: 8.13
a624863f-a70d-417f-a7d2-7a404638d47f: 8.12 updated to: 8.13
a7e7bfa3-088e-4f13-b29e-3986e0e756b8: 8.12 updated to: 8.13
a9b05c3b-b304-4bf9-970d-acdfaef2944c: 8.12 updated to: 8.13
aa895aea-b69c-4411-b110-8d7599634b30: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
aa9a274d-6b53-424d-ac5e-cb8ca4251650: 8.12 updated to: 8.13
aabdad51-51fb-4a66-9d82-3873e42accb8: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
ab8f074c-5565-4bc4-991c-d49770e19fc9: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
abae61a8-c560-4dbd-acca-1e1438bff36b: 8.12 updated to: 8.13
ac5012b8-8da8-440b-aaaf-aedafdea2dff: 8.12 updated to: 8.13
ac531fcc-1d3b-476d-bbb5-1357728c9a37: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
ac5a2759-5c34-440a-b0c4-51fe674611d6: 8.12 updated to: 8.13
ac6bc744-e82b-41ad-b58d-90654fa4ebfb: 8.12 updated to: 8.13
ac96ceb8-4399-4191-af1d-4feeac1f1f46: 8.12 updated to: 8.13
acf738b5-b5b2-4acc-bad9-1e18ee234f40: 8.12 updated to: 8.13
ad0d2742-9a49-11ec-8d6b-acde48001122: 8.12 updated to: 8.13
ad5a3757-c872-4719-8c72-12d3f08db655: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
ad84d445-b1ce-4377-82d9-7c633f28bf9a: 8.12 updated to: 8.13
ad959eeb-2b7b-4722-ba08-a45f6622f005: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
adb961e0-cb74-42a0-af9e-29fc41f88f5f: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
ae343298-97bc-47bc-9ea2-5f2ad831c16e: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
ae8a142c-6a1d-4918-bea7-0b617e99ecfa: 8.12 updated to: 8.13
afcce5ad-65de-4ed2-8516-5e093d3ac99a: 8.12 updated to: 8.13
b0450411-46e5-46d2-9b35-8b5dd9ba763e: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
b0638186-4f12-48ac-83d2-47e686d08e82: 8.12 updated to: 8.13
b15a15f2-becf-475d-aa69-45c9e0ff1c49: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
b1773d05-f349-45fb-9850-287b8f92f02d: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
b2318c71-5959-469a-a3ce-3a0768e63b9c: 8.12 updated to: 8.13
b25a7df2-120a-4db2-bd3f-3e4b86b24bee: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
b29ee2be-bf99-446c-ab1a-2dc0183394b8: 8.12 updated to: 8.13
b41a13c6-ba45-4bab-a534-df53d0cfed6a: 8.12 updated to: 8.13
b43570de-a908-4f7f-8bdb-b2df6ffd8c80: 8.12 updated to: 8.13
b483365c-98a8-40c0-92d8-0458ca25058a: 8.12 updated to: 8.13
b4bb1440-0fcb-4ed1-87e5-b06d58efc5e9: 8.12 updated to: 8.13
b5877334-677f-4fb9-86d5-a9721274223b: 8.12 updated to: 8.13
b5ea4bfe-a1b2-421f-9d47-22a75a6f2921: 8.12 updated to: 8.13
b64b183e-1a76-422d-9179-7b389513e74d: 8.12 updated to: 8.13
b661f86d-1c23-4ce7-a59e-2edbdba28247: 8.12 updated to: 8.13
b66b7e2b-d50a-49b9-a6fc-3a383baedc6b: 8.12 updated to: 8.13
b719a170-3bdb-4141-b0e3-13e3cf627bfe: 8.12 updated to: 8.13
b8075894-0b62-46e5-977c-31275da34419: 8.12 updated to: 8.13
b8386923-b02c-4b94-986a-d223d9b01f88: 8.12 updated to: 8.13
b83a7e96-2eb3-4edf-8346-427b6858d3bd: 8.12 updated to: 8.13
b86afe07-0d98-4738-b15d-8d7465f95ff5: 8.12 updated to: 8.13
b8f8da2d-a9dc-48c0-90e4-955c0aa1259a: 8.12 updated to: 8.13
b90cdde7-7e0d-4359-8bf0-2c112ce2008a: 8.12 updated to: 8.13
b910f25a-2d44-47f2-a873-aabdc0d355e6: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
b9554892-5e0e-424b-83a0-5aef95aa43bf: 8.12 updated to: 8.13
b9960fef-82c6-4816-befa-44745030e917: 8.12 updated to: 8.13
b9b14be7-b7f4-4367-9934-81f07d2f63c4: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
ba342eb2-583c-439f-b04d-1fdd7c1417cc: 8.12 updated to: 8.13
baa5d22c-5e1c-4f33-bfc9-efa73bb53022: 8.12 updated to: 8.13
bd2c86a0-8b61-4457-ab38-96943984e889: 8.12 updated to: 8.13
bd3d058d-5405-4cee-b890-337f09366ba2: 8.12 updated to: 8.13
bd7eefee-f671-494e-98df-f01daf9e5f17: 8.12 updated to: 8.13
bdcf646b-08d4-492c-870a-6c04e3700034: 8.12 updated to: 8.13
bdfebe11-e169-42e3-b344-c5d2015533d3: 8.12 updated to: 8.13
be8afaed-4bcd-4e0a-b5f9-5562003dde81: 8.12 updated to: 8.13
bfeaf89b-a2a7-48a3-817f-e41829dc61ee: 8.12 updated to: 8.13
c0429aa8-9974-42da-bfb6-53a0a515a145: 8.12 updated to: 8.13
c04be7e0-b0fc-11ef-a826-f661ea17fbce: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
c124dc1b-cef2-4d01-8d74-ff6b0d5096b6: 8.12 updated to: 8.13
c25e9c87-95e1-4368-bfab-9fd34cf867ec: 8.12 updated to: 8.13
c2d90150-0133-451c-a783-533e736c12d7: 8.12 updated to: 8.13
c3b915e0-22f3-4bf7-991d-b643513c722f: 8.12 updated to: 8.13
c4210e1c-64f2-4f48-b67e-b5a8ffe3aa14: 8.12 updated to: 8.13
c4818812-d44f-47be-aaef-4cfb2f9cc799: 8.12 updated to: 8.13
c55badd3-3e61-4292-836f-56209dc8a601: 8.12 updated to: 8.13
c5637438-e32d-4bb3-bc13-bd7932b3289f: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
c5677997-f75b-4cda-b830-a75920514096: 8.12 updated to: 8.13
c57f8579-e2a5-4804-847f-f2732edc5156: 8.12 updated to: 8.13
c5c9f591-d111-4cf8-baec-c26a39bc31ef: 8.12 updated to: 8.13
c5ce48a6-7f57-4ee8-9313-3d0024caee10: 8.12 updated to: 8.13
c5dc3223-13a2-44a2-946c-e9dc0aa0449c: 8.12 updated to: 8.13
c5fc788c-7576-4a02-b3d6-d2c016eb85a6: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
c6453e73-90eb-4fe7-a98c-cde7bbfc504a: 8.12 updated to: 8.13
c6655282-6c79-11ef-bbb5-f661ea17fbcc: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
c749e367-a069-4a73-b1f2-43a3798153ad: 8.12 updated to: 8.13
c74fd275-ab2c-4d49-8890-e2943fa65c09: 8.12 updated to: 8.13
c7894234-7814-44c2-92a9-f7d851ea246a: 8.12 updated to: 8.13
c7ce36c0-32ff-4f9a-bfc2-dcb242bf99f9: 8.12 updated to: 8.13
c8b150f0-0164-475b-a75e-74b47800a9ff: 8.12 updated to: 8.13
c8cccb06-faf2-4cd5-886e-2c9636cfcb87: 8.12 updated to: 8.13
ca3bcacc-9285-4452-a742-5dae77538f61: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
cc382a2e-7e52-11ee-9aac-f661ea17fbcd: 8.12 updated to: 8.13
cc92c835-da92-45c9-9f29-b4992ad621a0: 8.12 updated to: 8.13
cca64114-fb8b-11ef-86e2-f661ea17fbce: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
cd16fb10-0261-46e8-9932-a0336278cdbe: 8.12 updated to: 8.13
cd66a5af-e34b-4bb0-8931-57d0a043f2ef: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
cd89602e-9db0-48e3-9391-ae3bf241acd8: 8.12 updated to: 8.13
cdbebdc1-dc97-43c6-a538-f26a20c0a911: 8.12 updated to: 8.13
cde1bafa-9f01-4f43-a872-605b678968b0: 8.12 updated to: 8.13
ce08b55a-f67d-4804-92b5-617b0fe5a5b5: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
ce4a32e5-32aa-47e6-80da-ced6d234387d: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
ce64d965-6cb0-466d-b74f-8d2c76f47f05: 8.12 updated to: 8.13
cff92c41-2225-4763-b4ce-6f71e5bda5e6: 8.12 updated to: 8.13
d00f33e7-b57d-4023-9952-2db91b1767c4: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
d0e159cf-73e9-40d1-a9ed-077e3158a855: 8.12 updated to: 8.13
d117cbb4-7d56-41b4-b999-bdf8c25648a0: 8.12 updated to: 8.13
d31f183a-e5b1-451b-8534-ba62bca0b404: 8.12 updated to: 8.13
d331bbe2-6db4-4941-80a5-8270db72eb61: 8.12 updated to: 8.13
d33ea3bf-9a11-463e-bd46-f648f2a0f4b1: 8.12 updated to: 8.13
d3551433-782f-4e22-bbea-c816af2d41c6: 8.12 updated to: 8.13
d48e1c13-4aca-4d1f-a7b1-a9161c0ad86f: 8.12 updated to: 8.13
d4ff2f53-c802-4d2e-9fb9-9ecc08356c3f: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
d563aaba-2e72-462b-8658-3e5ea22db3a6: 8.12 updated to: 8.13
d5d86bf5-cf0c-4c06-b688-53fdc072fdfd: 8.12 updated to: 8.13
d61cbcf8-1bc1-4cff-85ba-e7b21c5beedc: 8.12 updated to: 8.13
d68e95ad-1c82-4074-a12a-125fe10ac8ba: 8.12 updated to: 8.13
d703a5af-d5b0-43bd-8ddb-7a5d500b7da5: 8.12 updated to: 8.13
d72e33fc-6e91-42ff-ac8b-e573268c5a87: 8.12 updated to: 8.13
d74d6506-427a-4790-b170-0c2a6ddac799: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
d76b02ef-fc95-4001-9297-01cb7412232f: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
d93e61db-82d6-4095-99aa-714988118064: 8.12 updated to: 8.13
d99a037b-c8e2-47a5-97b9-170d076827c4: 8.12 updated to: 8.13
d9ffc3d6-9de9-4b29-9395-5757d0695ecf: 8.12 updated to: 8.13
da7733b1-fe08-487e-b536-0a04c6d8b0cd: 8.12 updated to: 8.13
da87eee1-129c-4661-a7aa-57d0b9645fad: 8.12 updated to: 8.13
daafdf96-e7b1-4f14-b494-27e0d24b11f6: 8.12 updated to: 8.13
db65f5ba-d1ef-4944-b9e8-7e51060c2b42: 8.12 updated to: 8.13
db7dbad5-08d2-4d25-b9b1-d3a1e4a15efd: 8.12 updated to: 8.13
dc0b7782-0df0-47ff-8337-db0d678bdb66: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
dc61f382-dc0c-4cc0-a845-069f2a071704: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
dc71c186-9fe4-4437-a4d0-85ebb32b8204: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
dc765fb2-0c99-4e57-8c11-dafdf1992b66: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
dc9c1f74-dac3-48e3-b47f-eb79db358f57: 8.12 updated to: 8.13
dca6b4b0-ae70-44eb-bb7a-ce6db502ee78: 8.12 updated to: 8.13
dd34b062-b9e3-4a6b-8c0c-6c8ca6dd450e: 8.12 updated to: 8.13
dd983e79-22e8-44d1-9173-d57dba514cac: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
ddab1f5f-7089-44f5-9fda-de5b11322e77: 8.12 updated to: 8.13
dde13d58-bc39-4aa0-87fd-b4bdbf4591da: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
de9bd7e0-49e9-4e92-a64d-53ade2e66af1: 8.12 updated to: 8.13
debff20a-46bc-4a4d-bae5-5cdd14222795: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
df197323-72a8-46a9-a08e-3f5b04a4a97a: 8.12 updated to: 8.13
df6f62d9-caab-4b88-affa-044f4395a1e0: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
df919b5e-a0f6-4fd8-8598-e3ce79299e3b: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
dffbd37c-d4c5-46f8-9181-5afdd9172b4c: 8.12 updated to: 8.13
e052c845-48d0-4f46-8a13-7d0aba05df82: 8.12 updated to: 8.13
e0881d20-54ac-457f-8733-fe0bc5d44c55: 8.12 updated to: 8.13
e08ccd49-0380-4b2b-8d71-8000377d6e49: 8.12 updated to: 8.13
e0cc3807-e108-483c-bf66-5a4fbe0d7e89: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
e19e64ee-130e-4c07-961f-8a339f0b8362: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
e2258f48-ba75-4248-951b-7c885edf18c2: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
e26f042e-c590-4e82-8e05-41e81bd822ad: 8.12 updated to: 8.13
e2e0537d-7d8f-4910-a11d-559bcf61295a: 8.12 updated to: 8.13
e2f9fdf5-8076-45ad-9427-41e0e03dc9c2: 8.12 updated to: 8.13
e302e6c3-448c-4243-8d9b-d41da70db582: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
e3343ab9-4245-4715-b344-e11c56b0a47f: 8.12 updated to: 8.13
e3cf38fa-d5b8-46cc-87f9-4a7513e4281d: 8.12 updated to: 8.13
e3e904b3-0a8e-4e68-86a8-977a163e21d3: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
e468f3f6-7c4c-45bb-846a-053738b3fe5d: 8.12 updated to: 8.13
e48236ca-b67a-4b4e-840c-fdc7782bc0c3: 8.12 updated to: 8.13
e4e31051-ee01-4307-a6ee-b21b186958f4: 8.12 updated to: 8.13
e514d8cd-ed15-4011-84e2-d15147e059f1: 8.12 updated to: 8.13
e6e3ecff-03dd-48ec-acbd-54a04de10c68: 8.12 updated to: 8.13
e7125cea-9fe1-42a5-9a05-b0792cf86f5a: 8.12 updated to: 8.13
e72f87d0-a70e-4f8d-8443-a6407bc34643: 8.12 updated to: 8.13
e760c72b-bb1f-44f0-9f0d-37d51744ee75: 8.12 updated to: 8.13
e7cb3cfd-aaa3-4d7b-af18-23b89955062c: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
e8571d5f-bea1-46c2-9f56-998de2d3ed95: 8.12 updated to: 8.13
e86da94d-e54b-4fb5-b96c-cecff87e8787: 8.12 updated to: 8.13
e88d1fe9-b2f4-48d4-bace-a026dc745d4b: 8.12 updated to: 8.13
e90ee3af-45fc-432e-a850-4a58cf14a457: 8.12 updated to: 8.13
e94262f2-c1e9-4d3f-a907-aeab16712e1a: 8.12 updated to: 8.13
ea09ff26-3902-4c53-bb8e-24b7a5d029dd: 8.12 updated to: 8.13
eb44611f-62a8-4036-a5ef-587098be6c43: 8.12 updated to: 8.13
eb610e70-f9e6-4949-82b9-f1c5bcd37c39: 8.12 updated to: 8.13
eb9eb8ba-a983-41d9-9c93-a1c05112ca5e: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
ebb200e8-adf0-43f8-a0bb-4ee5b5d852c6: 8.12 updated to: 8.13
ebf1adea-ccf2-4943-8b96-7ab11ca173a5: 8.12 updated to: 8.13
ebfe1448-7fac-4d59-acea-181bd89b1f7f: 8.12 updated to: 8.13
eda499b8-a073-4e35-9733-22ec71f57f3a: 8.12 updated to: 8.13
edb91186-1c7e-4db8-b53e-bfa33a1a0a8a: 8.12 updated to: 8.13
edf8ee23-5ea7-4123-ba19-56b41e424ae3: 8.12 updated to: 8.13
ee39a9f7-5a79-4b0a-9815-d36b3cf28d3e: 8.12 updated to: 8.13
ee5300a7-7e31-4a72-a258-250abb8b3aa1: 8.12 updated to: 8.13
ef04a476-07ec-48fc-8f3d-5e1742de76d3: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
ef100a2e-ecd4-4f72-9d1e-2f779ff3c311: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
ef862985-3f13-4262-a686-5f357bbb9bc2: 8.12 updated to: 8.13
f036953a-4615-4707-a1ca-dc53bf69dcd5: 8.12 updated to: 8.13
f06414a6-f2a4-466d-8eba-10f85e8abf71: 8.12 updated to: 8.13
f16fca20-4d6c-43f9-aec1-20b6de3b0aeb: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
f18a474c-3632-427f-bcf5-363c994309ee: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
f243fe39-83a4-46f3-a3b6-707557a102df: 8.12 updated to: 8.13
f28e2be4-6eca-4349-bdd9-381573730c22: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
f2c653b7-7daf-4774-86f2-34cdbd1fc528: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
f2c7b914-eda3-40c2-96ac-d23ef91776ca: 8.12 updated to: 8.13
f2f46686-6f3c-4724-bd7d-24e31c70f98f: 8.12 updated to: 8.13
f3475224-b179-4f78-8877-c2bd64c26b88: 8.12 updated to: 8.13
f44fa4b6-524c-4e87-8d9e-a32599e4fb7c: 8.12 updated to: 8.13
f494c678-3c33-43aa-b169-bb3d5198c41d: 8.12 updated to: 8.13
f4b857b3-faef-430d-b420-90be48647f00: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
f4c2515a-18bb-47ce-a768-1dc4e7b0fe6c: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
f545ff26-3c94-4fd0-bd33-3c7f95a3a0fc: 8.12 updated to: 8.13
f580bf0a-2d23-43bb-b8e1-17548bb947ec: 8.12 updated to: 8.13
f5861570-e39a-4b8a-9259-abd39f84cb97: 8.12 updated to: 8.13
f59668de-caa0-4b84-94c1-3a1549e1e798: 8.12 updated to: 8.13
f5c005d3-4e17-48b0-9cd7-444d48857f97: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
f5d9d36d-7c30-4cdb-a856-9f653c13d4e0: 8.12 updated to: 8.13
f63c8e3c-d396-404f-b2ea-0379d3942d73: 8.12 updated to: 8.13
f675872f-6d85-40a3-b502-c0d2ef101e92: 8.12 updated to: 8.13
f7c4dc5a-a58d-491d-9f14-9b66507121c0: 8.12 updated to: 8.13
f81ee52c-297e-46d9-9205-07e66931df26: 8.12 updated to: 8.13
f874315d-5188-4b4a-8521-d1c73093a7e4: 8.12 updated to: 8.13
f8822053-a5d2-46db-8c96-d460b12c36ac: 8.12 updated to: 8.13
f909075d-afc7-42d7-b399-600b94352fd9: 8.12 updated to: 8.13
f94e898e-94f1-4545-8923-03e4b2866211: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
f97504ac-1053-498f-aeaa-c6d01e76b379: 8.12 updated to: 8.13
f9790abf-bd0c-45f9-8b5f-d0b74015e029: 8.12 updated to: 8.13
f994964f-6fce-4d75-8e79-e16ccc412588: 8.12 updated to: 8.13
fa01341d-6662-426b-9d0c-6d81e33c8a9d: 8.12 updated to: 8.13
fa488440-04cc-41d7-9279-539387bf2a17: 8.12 updated to: 8.13
fac52c69-2646-4e79-89c0-fd7653461010: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
fb02b8d3-71ee-4af1-bacd-215d23f17efa: 8.12 updated to: 8.13
fb0afac5-bbd6-49b0-b4f8-44e5381e1587: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
fb16f9ef-cb03-4234-adc2-44641f3b71ee: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped
fc7c0fa4-8f03-4b3e-8336-c5feab0be022: 8.12 updated to: 8.13
fc909baa-fb34-4c46-9691-be276ef4234c: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
fd01b949-81be-46d5-bcf8-284395d5f56d: locked min_stack_version <= 8.13.0 - removing!, rule min_stack_version dropped, 8.12.0 dropped
fd4a992d-6130-4802-9ff8-829b89ae801f: 8.12 updated to: 8.13
fd70c98a-c410-42dc-a2e3-761c71848acf: 8.12 updated to: 8.13
fd7a6052-58fa-4397-93c3-4795249ccfa2: 8.12 updated to: 8.13
fddff193-48a3-484d-8d35-90bb3d323a56: 8.12 updated to: 8.13
fe25d5bc-01fa-494a-95ff-535c29cc4c96: 8.12 updated to: 8.13
fe794edd-487f-4a90-b285-3ee54f2af2d3: 8.12 updated to: 8.13
feeed87c-5e95-4339-aef1-47fd79bcfbe3: 8.12 updated to: 8.13
ff6cf8b9-b76c-4cc1-ac1b-4935164d1029: 8.12 updated to: 8.13
ff9bc8b9-f03b-4283-be58-ee0a16f5a11b: 8.12 updated to: 8.13
  • Updated Next Version in packages.yml which is 9.0.0
  • Add next minor migrate function in /schemas/init.py
  • Add next entry in stack-schema-map.yaml
  • Updated latest ECS and Beats schema
  • Update and freeze API schemas
  • Update integration manifests and schemas
  • Refresh and update MITRE ATT&CK mappings ( No New changes )

How To Test

  • Unit test to pass

Checklist

  • Added a label for the type of pr: bug, enhancement, schema, maintenance, Rule: New, Rule: Deprecation, Rule: Tuning, Hunt: New, or Hunt: Tuning so guidelines can be generated
  • Added the meta:rapid-merge label if planning to merge within 24 hours
  • Secret and sensitive material has been managed correctly
  • Automated testing was updated or added to match the most common scenarios
  • Documentation and comments were added for features that require explanation

Contributor checklist

@botelastic botelastic bot added bbr Building Block Rules Domain: Cloud Workloads Domain: Endpoint Integration: AWS AWS related rules Integration: Azure azure related rules Integration: Endpoint Elastic Endpoint Security Integration: Microsoft 365 OS: Linux OS: Windows windows related rules python Internal python for the repository schema labels Mar 20, 2025
@shashank-elastic shashank-elastic self-assigned this Mar 20, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Mar 20, 2025
edited
Loading

Enhancement - Guidelines

These guidelines serve as a reminder set of considerations when addressing adding a feature to the code.

Documentation and Context

  • Describe the feature enhancement in detail (alternative solutions, description of the solution, etc.) if not already documented in an issue.
  • Include additional context or screenshots.
  • Ensure the enhancement includes necessary updates to the documentation and versioning.

Code Standards and Practices

  • Code follows established design patterns within the repo and avoids duplication.
  • Code changes do not introduce new warnings or errors.
  • Variables and functions are well-named and descriptive.
  • Any unnecessary / commented-out code is removed.
  • Ensure that the code is modular and reusable where applicable.
  • Check for proper exception handling and messaging.

Testing

  • New unit tests have been added to cover the enhancement.
  • Existing unit tests have been updated to reflect the changes.
  • Provide evidence of testing and validating the enhancement (e.g., test logs, screenshots).
  • Validate that any rules affected by the enhancement are correctly updated.
  • Ensure that performance is not negatively impacted by the changes.
  • Verify that any release artifacts are properly generated and tested.

Additional Checks

  • Ensure that the enhancement does not break existing functionality.
  • Review the enhancement with a peer or team member for additional insights.
  • Verify that the enhancement works across all relevant environments (e.g., different OS versions).
  • Confirm that all dependencies are up-to-date and compatible with the changes.
  • Confirm that the proper version label is applied to the PR patch, minor, major.

@tradebot-elastic
Copy link

tradebot-elastic commented Mar 20, 2025
edited
Loading

⛔️ Tests failed:

  • ❌ Suspicious Dynamic Linker Discovery via od (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Dynamic Linker (ld.so) Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GitHub Protected Branch Settings Changed (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Shell via Wildcard Injection Detected (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Hex Payload Execution (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Bedrock Guardrails Detected Multiple Violations by a Single User Over a Session (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Nping Process Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual High Denied Sensitive Information Policy Blocks Detected (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ M365 OneDrive Excessive File Downloads with OAuth Token (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Polkit Policy Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Netcat Listener Established via rlwrap (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Third-party Backup Files Deleted via Unexpected Process (eql)
  • ❌ Pluggable Authentication Module (PAM) Version Discovery (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Office Test Registry Persistence (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Bedrock Detected Multiple Attempts to use Denied Models by a Single User (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Initramfs Extraction via CPIO (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Connection to Internal Network via Telnet (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ New GitHub App Installed (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Potential Linux Hack Tool Launched (eql)
  • ❌ AWS Signin Single Factor Console Login with Federated User (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ High Number of Egress Network Connections from Unusual Executable (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Executable Masquerading as Kernel Process (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Kernel Module Load via insmod (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ New GitHub Owner Added (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Reverse Shell via Background Process (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual High Denied Topic Blocks Detected (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Defense Evasion via Doas (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Attempts to Brute Force a Microsoft 365 User Account (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Attempt to Clear Kernel Ring Buffer (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Widespread Malware Infection Across Multiple Hosts (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Sudo Command Enumeration Detected (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Linux SSH X11 Forwarding (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ ESXI Discovery via Grep (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential SSH-IT SSH Worm Downloaded (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Attempt to Disable Syslog Service (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ ESXI Timestomping using Touch Command (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual High Word Policy Blocks Detected (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Directory Creation in /bin directory (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ ESXI Discovery via Find (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GitHub Repository Deleted (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Azure Entra Sign-in Brute Force against Microsoft 365 Accounts (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Suspicious File Edit (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Rapid7 Threat Command CVEs Correlation (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual Pkexec Execution (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Azure Entra MFA TOTP Brute Force Attempts (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ DNF Package Manager Plugin File Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Azure OpenAI Model Theft (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unix Socket Connection (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS EC2 EBS Snapshot Shared or Made Public (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Linux User Added to Privileged Group (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ System V Init Script Created (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Cupsd or Foomatic-rip Shell Execution (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Linux Backdoor User Account Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Unauthorized Access via Wildcard Injection Detected (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ ProxyChains Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Kernel Load or Unload via Kexec Detected (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Process Spawned from Message-of-the-Day (MOTD) (eql)
    • stack_validation_failed: no_alerts - 0 alerts
  • ❌ Unusual High Confidence Content Filter Blocks Detected (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Hidden Files and Directories via Hidden Flag (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ IPv4/IPv6 Forwarding Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Chroot Container Escape via Mount (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious which Enumeration (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Boot File Copy (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Pluggable Authentication Module (PAM) Creation in Unusual Directory (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Defense Evasion via PRoot (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Memory Swap Modification (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS S3 Bucket Enumeration or Brute Force (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Private Key Searching Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Process Backgrounded by Unusual Parent (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Linux Process Hooking via GDB (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS IAM User Created Access Keys For Another User (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Attempt to Disable Auditd Service (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious Utility Launched via ProxyChains (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Port Scanning Activity from Compromised Host (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Root Certificate Installation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Linux Tunneling and/or Port Forwarding (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Bedrock Detected Multiple Validation Exception Errors by a Single User (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Discovery API Calls via CLI from a Single Resource (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Creation of Hidden Shared Object File (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Malware-Driven SSH Brute Force Attempt (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Yum/DNF Plugin Status Discovery (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ SSL Certificate Deletion (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Git Hook Child Process (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ SSH Key Generated via ssh-keygen (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Security File Access via Common Utilities (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential AWS S3 Bucket Ransomware Note Uploaded (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Manual Dracut Execution (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Attempt to Disable IPTables or Firewall (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Upgrade of Non-interactive Shell (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Subnet Scanning Activity from Compromised Host (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ NetworkManager Dispatcher Script Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Kerberos Traffic from Unusual Process (eql)
    • stack_validation_failed: no_alerts - 0 alerts
  • ❌ Unusual Command Execution from Web Server Parent (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Potential Sudo Privilege Escalation via CVE-2019-14287 (eql)
  • ❌ Potential Privilege Escalation via PKEXEC (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual File Transfer Utility Launched (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Hping Process Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Simple HTTP Web Server Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GitHub UEBA - Multiple Alerts from a GitHub Account (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Suspicious SolarWinds Child Process (eql)
  • ❌ Executable Bit Set for Potential Persistence Script (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ D-Bus Service Created (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ File made Immutable by Chattr (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual D-Bus Daemon Child Process (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual Process Spawned from Web Server Parent (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious Execution from Foomatic-rip or Cupsd Parent (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Access Control List Modification via setfacl (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Web Server Spawned via Python (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Endpoint Security (Elastic Defend) (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS IAM AdministratorAccess Policy Attached to User (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GitHub Owner Role Granted To User (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Protocol Tunneling via EarthWorm (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ File Deletion via Shred (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ System Log File Deletion (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GRUB Configuration Generation through Built-in Utilities (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS S3 Object Encryption Using External KMS Key (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Git Hook Created or Modified (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Openssl Client or Server Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious APT Package Manager Execution (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ File Transfer or Listener Established via Netcat (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Suspicious File Creation via Kworker (eql)
  • ❌ Potential Denial of Azure OpenAI ML Service (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Hidden Directory Creation via Unusual Parent (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Abuse of Resources by High Token Count and Large Response Sizes (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Remote File Copy via TeamViewer (eql)
  • ❌ Chkconfig Service Add (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ File Creation by Cups or Foomatic-rip Child (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS IAM Login Profile Added for Root (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual Base64 Encoding/Decoding Activity (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Initramfs Unpacking via unmkinitramfs (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Azure Entra Sign-in Brute Force Microsoft 365 Accounts by Repeat Source (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Polkit Version Discovery (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Azure Entra ID Password Spraying (Non-Interactive SFA) (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Kernel Module Removal (eql)
  • ❌ GRUB Configuration File Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Namespace Manipulation Using Unshare (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Linux init (PID 1) Secret Dump via GDB (eql)
  • ❌ Suspicious Memory grep Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Interactive Terminal Spawned via Python (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious Content Extracted or Decompressed via Funzip (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Git Hook Command Execution (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Hidden Process via Mount Hidepid (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Dracut Module Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Docker Socket Enumeration (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS IAM AdministratorAccess Policy Attached to Role (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Base16 or Base32 Encoding/Decoding Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Dynamic Linker Copy (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS IAM AdministratorAccess Policy Attached to Group (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potentially Suspicious Process Started via tmux or screen (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Connection to External Network via Telnet (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious Mining Process Creation Event (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Data Splitting Detected (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Persistence via KDE AutoStart Script or Desktop File Modification (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Linux Credential Dumping via Unshadow (eql)
    • stack_validation_failed: no_alerts - 0 alerts
  • ❌ Potential Disabling of SELinux (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ BPF filter applied using TC (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Potential Linux Credential Dumping via Proc Filesystem (eql)
  • ❌ Potential Remote Code Execution via Web Server (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Process Capability Set via setcap Utility (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential OpenSSH Backdoor Logging Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Bedrock Invocations without Guardrails Detected by a Single User Over a Session (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ OpenSSL Password Hash Generation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Bedrock Guardrails Detected Multiple Policy Violations Within a Single Blocked Request (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Setcap setuid/setgid Capability Set (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Disabling of AppArmor (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ High Number of Cloned GitHub Repos From PAT (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Azure OpenAI Insecure Output Handling (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GitHub App Deleted (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta

@shashank-elastic shashank-elastic requested a review from traut March 20, 2025 06:17
@tradebot-elastic
Copy link

tradebot-elastic commented Mar 20, 2025
edited
Loading

⛔️ Tests failed:

  • ❌ Suspicious Dynamic Linker Discovery via od (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Dynamic Linker (ld.so) Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GitHub Protected Branch Settings Changed (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Shell via Wildcard Injection Detected (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Hex Payload Execution (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Bedrock Guardrails Detected Multiple Violations by a Single User Over a Session (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Nping Process Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual High Denied Sensitive Information Policy Blocks Detected (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ M365 OneDrive Excessive File Downloads with OAuth Token (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Polkit Policy Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Netcat Listener Established via rlwrap (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Third-party Backup Files Deleted via Unexpected Process (eql)
  • ❌ Pluggable Authentication Module (PAM) Version Discovery (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Office Test Registry Persistence (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Bedrock Detected Multiple Attempts to use Denied Models by a Single User (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Initramfs Extraction via CPIO (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Connection to Internal Network via Telnet (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ New GitHub App Installed (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Potential Linux Hack Tool Launched (eql)
  • ❌ AWS Signin Single Factor Console Login with Federated User (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ High Number of Egress Network Connections from Unusual Executable (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Executable Masquerading as Kernel Process (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Kernel Module Load via insmod (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ New GitHub Owner Added (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Reverse Shell via Background Process (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual High Denied Topic Blocks Detected (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Defense Evasion via Doas (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Attempts to Brute Force a Microsoft 365 User Account (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Attempt to Clear Kernel Ring Buffer (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Widespread Malware Infection Across Multiple Hosts (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Sudo Command Enumeration Detected (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Linux SSH X11 Forwarding (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ ESXI Discovery via Grep (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential SSH-IT SSH Worm Downloaded (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Attempt to Disable Syslog Service (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ ESXI Timestomping using Touch Command (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual High Word Policy Blocks Detected (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Directory Creation in /bin directory (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ ESXI Discovery via Find (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GitHub Repository Deleted (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Azure Entra Sign-in Brute Force against Microsoft 365 Accounts (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Suspicious File Edit (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Rapid7 Threat Command CVEs Correlation (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual Pkexec Execution (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Azure Entra MFA TOTP Brute Force Attempts (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ DNF Package Manager Plugin File Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Azure OpenAI Model Theft (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unix Socket Connection (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS EC2 EBS Snapshot Shared or Made Public (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Linux User Added to Privileged Group (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ System V Init Script Created (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Cupsd or Foomatic-rip Shell Execution (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Linux Backdoor User Account Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Unauthorized Access via Wildcard Injection Detected (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ ProxyChains Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Kernel Load or Unload via Kexec Detected (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Process Spawned from Message-of-the-Day (MOTD) (eql)
    • stack_validation_failed: no_alerts - 0 alerts
  • ❌ Unusual High Confidence Content Filter Blocks Detected (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Hidden Files and Directories via Hidden Flag (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ IPv4/IPv6 Forwarding Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Chroot Container Escape via Mount (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious which Enumeration (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Boot File Copy (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Pluggable Authentication Module (PAM) Creation in Unusual Directory (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Defense Evasion via PRoot (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Memory Swap Modification (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS S3 Bucket Enumeration or Brute Force (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Private Key Searching Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Process Backgrounded by Unusual Parent (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Linux Process Hooking via GDB (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS IAM User Created Access Keys For Another User (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Attempt to Disable Auditd Service (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious Utility Launched via ProxyChains (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Port Scanning Activity from Compromised Host (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Root Certificate Installation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Linux Tunneling and/or Port Forwarding (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Bedrock Detected Multiple Validation Exception Errors by a Single User (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Discovery API Calls via CLI from a Single Resource (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Creation of Hidden Shared Object File (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Malware-Driven SSH Brute Force Attempt (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Yum/DNF Plugin Status Discovery (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ SSL Certificate Deletion (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Git Hook Child Process (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ SSH Key Generated via ssh-keygen (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Security File Access via Common Utilities (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential AWS S3 Bucket Ransomware Note Uploaded (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Manual Dracut Execution (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Attempt to Disable IPTables or Firewall (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Upgrade of Non-interactive Shell (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Subnet Scanning Activity from Compromised Host (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ NetworkManager Dispatcher Script Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Kerberos Traffic from Unusual Process (eql)
    • stack_validation_failed: no_alerts - 0 alerts
  • ❌ Unusual Command Execution from Web Server Parent (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Potential Sudo Privilege Escalation via CVE-2019-14287 (eql)
  • ❌ Potential Privilege Escalation via PKEXEC (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual File Transfer Utility Launched (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Hping Process Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Simple HTTP Web Server Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GitHub UEBA - Multiple Alerts from a GitHub Account (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Suspicious SolarWinds Child Process (eql)
  • ❌ Executable Bit Set for Potential Persistence Script (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ D-Bus Service Created (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ File made Immutable by Chattr (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual D-Bus Daemon Child Process (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual Process Spawned from Web Server Parent (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious Execution from Foomatic-rip or Cupsd Parent (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Access Control List Modification via setfacl (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Web Server Spawned via Python (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Endpoint Security (Elastic Defend) (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS IAM AdministratorAccess Policy Attached to User (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GitHub Owner Role Granted To User (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Protocol Tunneling via EarthWorm (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ File Deletion via Shred (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ System Log File Deletion (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GRUB Configuration Generation through Built-in Utilities (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS S3 Object Encryption Using External KMS Key (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Git Hook Created or Modified (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Openssl Client or Server Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious APT Package Manager Execution (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ File Transfer or Listener Established via Netcat (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Suspicious File Creation via Kworker (eql)
  • ❌ Potential Denial of Azure OpenAI ML Service (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Hidden Directory Creation via Unusual Parent (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Abuse of Resources by High Token Count and Large Response Sizes (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Remote File Copy via TeamViewer (eql)
  • ❌ Chkconfig Service Add (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ File Creation by Cups or Foomatic-rip Child (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS IAM Login Profile Added for Root (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual Base64 Encoding/Decoding Activity (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Initramfs Unpacking via unmkinitramfs (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Azure Entra Sign-in Brute Force Microsoft 365 Accounts by Repeat Source (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Polkit Version Discovery (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Azure Entra ID Password Spraying (Non-Interactive SFA) (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Kernel Module Removal (eql)
  • ❌ GRUB Configuration File Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Namespace Manipulation Using Unshare (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Linux init (PID 1) Secret Dump via GDB (eql)
  • ❌ Suspicious Memory grep Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Interactive Terminal Spawned via Python (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious Content Extracted or Decompressed via Funzip (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Git Hook Command Execution (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Hidden Process via Mount Hidepid (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Dracut Module Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Docker Socket Enumeration (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS IAM AdministratorAccess Policy Attached to Role (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Base16 or Base32 Encoding/Decoding Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Dynamic Linker Copy (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS IAM AdministratorAccess Policy Attached to Group (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potentially Suspicious Process Started via tmux or screen (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Connection to External Network via Telnet (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious Mining Process Creation Event (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Data Splitting Detected (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Persistence via KDE AutoStart Script or Desktop File Modification (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Linux Credential Dumping via Unshadow (eql)
    • stack_validation_failed: no_alerts - 0 alerts
  • ❌ Potential Disabling of SELinux (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ BPF filter applied using TC (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Potential Linux Credential Dumping via Proc Filesystem (eql)
  • ❌ Potential Remote Code Execution via Web Server (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Process Capability Set via setcap Utility (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential OpenSSH Backdoor Logging Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Bedrock Invocations without Guardrails Detected by a Single User Over a Session (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ OpenSSL Password Hash Generation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Bedrock Guardrails Detected Multiple Policy Violations Within a Single Blocked Request (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Setcap setuid/setgid Capability Set (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Disabling of AppArmor (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ High Number of Cloned GitHub Repos From PAT (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Azure OpenAI Insecure Output Handling (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GitHub App Deleted (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta

@shashank-elastic shashank-elastic added enhancement New feature or request patch labels Mar 20, 2025
@tradebot-elastic
Copy link

tradebot-elastic commented Mar 20, 2025
edited
Loading

⛔️ Tests failed:

  • ❌ Suspicious Dynamic Linker Discovery via od (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Dynamic Linker (ld.so) Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GitHub Protected Branch Settings Changed (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Shell via Wildcard Injection Detected (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Hex Payload Execution (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Bedrock Guardrails Detected Multiple Violations by a Single User Over a Session (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Nping Process Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual High Denied Sensitive Information Policy Blocks Detected (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ M365 OneDrive Excessive File Downloads with OAuth Token (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Polkit Policy Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Netcat Listener Established via rlwrap (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Third-party Backup Files Deleted via Unexpected Process (eql)
  • ❌ Pluggable Authentication Module (PAM) Version Discovery (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Office Test Registry Persistence (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Bedrock Detected Multiple Attempts to use Denied Models by a Single User (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Initramfs Extraction via CPIO (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Connection to Internal Network via Telnet (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ New GitHub App Installed (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Potential Linux Hack Tool Launched (eql)
  • ❌ AWS Signin Single Factor Console Login with Federated User (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ High Number of Egress Network Connections from Unusual Executable (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Executable Masquerading as Kernel Process (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Kernel Module Load via insmod (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ New GitHub Owner Added (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Reverse Shell via Background Process (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual High Denied Topic Blocks Detected (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Defense Evasion via Doas (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Attempts to Brute Force a Microsoft 365 User Account (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Attempt to Clear Kernel Ring Buffer (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Widespread Malware Infection Across Multiple Hosts (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Sudo Command Enumeration Detected (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Linux SSH X11 Forwarding (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ ESXI Discovery via Grep (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential SSH-IT SSH Worm Downloaded (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Attempt to Disable Syslog Service (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ ESXI Timestomping using Touch Command (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual High Word Policy Blocks Detected (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Directory Creation in /bin directory (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ ESXI Discovery via Find (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GitHub Repository Deleted (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Azure Entra Sign-in Brute Force against Microsoft 365 Accounts (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Suspicious File Edit (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Rapid7 Threat Command CVEs Correlation (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual Pkexec Execution (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Azure Entra MFA TOTP Brute Force Attempts (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ DNF Package Manager Plugin File Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Azure OpenAI Model Theft (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unix Socket Connection (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS EC2 EBS Snapshot Shared or Made Public (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Linux User Added to Privileged Group (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ System V Init Script Created (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Cupsd or Foomatic-rip Shell Execution (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Linux Backdoor User Account Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Unauthorized Access via Wildcard Injection Detected (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ ProxyChains Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Kernel Load or Unload via Kexec Detected (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Process Spawned from Message-of-the-Day (MOTD) (eql)
    • stack_validation_failed: no_alerts - 0 alerts
  • ❌ Unusual High Confidence Content Filter Blocks Detected (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Hidden Files and Directories via Hidden Flag (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ IPv4/IPv6 Forwarding Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Chroot Container Escape via Mount (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious which Enumeration (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Boot File Copy (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Pluggable Authentication Module (PAM) Creation in Unusual Directory (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Defense Evasion via PRoot (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Memory Swap Modification (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS S3 Bucket Enumeration or Brute Force (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Private Key Searching Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Process Backgrounded by Unusual Parent (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Linux Process Hooking via GDB (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS IAM User Created Access Keys For Another User (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Attempt to Disable Auditd Service (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious Utility Launched via ProxyChains (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Port Scanning Activity from Compromised Host (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Root Certificate Installation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Linux Tunneling and/or Port Forwarding (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Bedrock Detected Multiple Validation Exception Errors by a Single User (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Discovery API Calls via CLI from a Single Resource (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Creation of Hidden Shared Object File (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Malware-Driven SSH Brute Force Attempt (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Yum/DNF Plugin Status Discovery (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ SSL Certificate Deletion (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Git Hook Child Process (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ SSH Key Generated via ssh-keygen (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Security File Access via Common Utilities (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential AWS S3 Bucket Ransomware Note Uploaded (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Manual Dracut Execution (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Attempt to Disable IPTables or Firewall (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Upgrade of Non-interactive Shell (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Subnet Scanning Activity from Compromised Host (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ NetworkManager Dispatcher Script Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Kerberos Traffic from Unusual Process (eql)
    • stack_validation_failed: no_alerts - 0 alerts
  • ❌ Unusual Command Execution from Web Server Parent (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Potential Sudo Privilege Escalation via CVE-2019-14287 (eql)
  • ❌ Potential Privilege Escalation via PKEXEC (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual File Transfer Utility Launched (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Hping Process Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Simple HTTP Web Server Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GitHub UEBA - Multiple Alerts from a GitHub Account (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Suspicious SolarWinds Child Process (eql)
  • ❌ Executable Bit Set for Potential Persistence Script (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ D-Bus Service Created (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ File made Immutable by Chattr (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual D-Bus Daemon Child Process (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual Process Spawned from Web Server Parent (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious Execution from Foomatic-rip or Cupsd Parent (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Access Control List Modification via setfacl (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Web Server Spawned via Python (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Endpoint Security (Elastic Defend) (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS IAM AdministratorAccess Policy Attached to User (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GitHub Owner Role Granted To User (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Protocol Tunneling via EarthWorm (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ File Deletion via Shred (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ System Log File Deletion (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GRUB Configuration Generation through Built-in Utilities (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS S3 Object Encryption Using External KMS Key (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Git Hook Created or Modified (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Openssl Client or Server Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious APT Package Manager Execution (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ File Transfer or Listener Established via Netcat (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Suspicious File Creation via Kworker (eql)
  • ❌ Potential Denial of Azure OpenAI ML Service (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Hidden Directory Creation via Unusual Parent (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Abuse of Resources by High Token Count and Large Response Sizes (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Remote File Copy via TeamViewer (eql)
  • ❌ Chkconfig Service Add (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ File Creation by Cups or Foomatic-rip Child (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS IAM Login Profile Added for Root (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual Base64 Encoding/Decoding Activity (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Initramfs Unpacking via unmkinitramfs (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Azure Entra Sign-in Brute Force Microsoft 365 Accounts by Repeat Source (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Polkit Version Discovery (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Azure Entra ID Password Spraying (Non-Interactive SFA) (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Kernel Module Removal (eql)
  • ❌ GRUB Configuration File Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Namespace Manipulation Using Unshare (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Linux init (PID 1) Secret Dump via GDB (eql)
  • ❌ Suspicious Memory grep Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Interactive Terminal Spawned via Python (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious Content Extracted or Decompressed via Funzip (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Git Hook Command Execution (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Hidden Process via Mount Hidepid (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Dracut Module Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Docker Socket Enumeration (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS IAM AdministratorAccess Policy Attached to Role (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Base16 or Base32 Encoding/Decoding Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Dynamic Linker Copy (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS IAM AdministratorAccess Policy Attached to Group (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potentially Suspicious Process Started via tmux or screen (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Connection to External Network via Telnet (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious Mining Process Creation Event (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Data Splitting Detected (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Persistence via KDE AutoStart Script or Desktop File Modification (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Linux Credential Dumping via Unshadow (eql)
    • stack_validation_failed: no_alerts - 0 alerts
  • ❌ Potential Disabling of SELinux (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ BPF filter applied using TC (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Potential Linux Credential Dumping via Proc Filesystem (eql)
  • ❌ Potential Remote Code Execution via Web Server (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Process Capability Set via setcap Utility (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential OpenSSH Backdoor Logging Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Bedrock Invocations without Guardrails Detected by a Single User Over a Session (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ OpenSSL Password Hash Generation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Bedrock Guardrails Detected Multiple Policy Violations Within a Single Blocked Request (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Setcap setuid/setgid Capability Set (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Disabling of AppArmor (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ High Number of Cloned GitHub Repos From PAT (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Azure OpenAI Insecure Output Handling (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GitHub App Deleted (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta

@tradebot-elastic
Copy link

tradebot-elastic commented Mar 20, 2025
edited
Loading

⛔️ Tests failed:

  • ❌ Suspicious Dynamic Linker Discovery via od (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Dynamic Linker (ld.so) Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GitHub Protected Branch Settings Changed (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Shell via Wildcard Injection Detected (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Hex Payload Execution (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Bedrock Guardrails Detected Multiple Violations by a Single User Over a Session (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Nping Process Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual High Denied Sensitive Information Policy Blocks Detected (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ M365 OneDrive Excessive File Downloads with OAuth Token (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Polkit Policy Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Netcat Listener Established via rlwrap (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Third-party Backup Files Deleted via Unexpected Process (eql)
  • ❌ Pluggable Authentication Module (PAM) Version Discovery (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Office Test Registry Persistence (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Bedrock Detected Multiple Attempts to use Denied Models by a Single User (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Initramfs Extraction via CPIO (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Connection to Internal Network via Telnet (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ New GitHub App Installed (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Potential Linux Hack Tool Launched (eql)
  • ❌ AWS Signin Single Factor Console Login with Federated User (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ High Number of Egress Network Connections from Unusual Executable (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Executable Masquerading as Kernel Process (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Kernel Module Load via insmod (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ New GitHub Owner Added (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Reverse Shell via Background Process (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual High Denied Topic Blocks Detected (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Defense Evasion via Doas (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Attempts to Brute Force a Microsoft 365 User Account (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Attempt to Clear Kernel Ring Buffer (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Widespread Malware Infection Across Multiple Hosts (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Sudo Command Enumeration Detected (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Linux SSH X11 Forwarding (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ ESXI Discovery via Grep (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential SSH-IT SSH Worm Downloaded (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Attempt to Disable Syslog Service (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ ESXI Timestomping using Touch Command (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual High Word Policy Blocks Detected (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Directory Creation in /bin directory (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ ESXI Discovery via Find (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GitHub Repository Deleted (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Azure Entra Sign-in Brute Force against Microsoft 365 Accounts (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Suspicious File Edit (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Rapid7 Threat Command CVEs Correlation (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual Pkexec Execution (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Azure Entra MFA TOTP Brute Force Attempts (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ DNF Package Manager Plugin File Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Azure OpenAI Model Theft (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unix Socket Connection (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS EC2 EBS Snapshot Shared or Made Public (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Linux User Added to Privileged Group (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ System V Init Script Created (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Cupsd or Foomatic-rip Shell Execution (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Linux Backdoor User Account Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Unauthorized Access via Wildcard Injection Detected (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ ProxyChains Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Kernel Load or Unload via Kexec Detected (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Process Spawned from Message-of-the-Day (MOTD) (eql)
    • stack_validation_failed: no_alerts - 0 alerts
  • ❌ Unusual High Confidence Content Filter Blocks Detected (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Hidden Files and Directories via Hidden Flag (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ IPv4/IPv6 Forwarding Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Chroot Container Escape via Mount (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious which Enumeration (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Boot File Copy (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Pluggable Authentication Module (PAM) Creation in Unusual Directory (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Defense Evasion via PRoot (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Memory Swap Modification (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS S3 Bucket Enumeration or Brute Force (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Private Key Searching Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Process Backgrounded by Unusual Parent (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Linux Process Hooking via GDB (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS IAM User Created Access Keys For Another User (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Attempt to Disable Auditd Service (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious Utility Launched via ProxyChains (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Port Scanning Activity from Compromised Host (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Root Certificate Installation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Linux Tunneling and/or Port Forwarding (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Bedrock Detected Multiple Validation Exception Errors by a Single User (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Discovery API Calls via CLI from a Single Resource (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Creation of Hidden Shared Object File (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Malware-Driven SSH Brute Force Attempt (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Yum/DNF Plugin Status Discovery (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ SSL Certificate Deletion (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Git Hook Child Process (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ SSH Key Generated via ssh-keygen (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Security File Access via Common Utilities (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential AWS S3 Bucket Ransomware Note Uploaded (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Manual Dracut Execution (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Attempt to Disable IPTables or Firewall (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Upgrade of Non-interactive Shell (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Subnet Scanning Activity from Compromised Host (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ NetworkManager Dispatcher Script Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Kerberos Traffic from Unusual Process (eql)
    • stack_validation_failed: no_alerts - 0 alerts
  • ❌ Unusual Command Execution from Web Server Parent (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Potential Sudo Privilege Escalation via CVE-2019-14287 (eql)
  • ❌ Potential Privilege Escalation via PKEXEC (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual File Transfer Utility Launched (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Hping Process Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Simple HTTP Web Server Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GitHub UEBA - Multiple Alerts from a GitHub Account (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Suspicious SolarWinds Child Process (eql)
  • ❌ Executable Bit Set for Potential Persistence Script (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ D-Bus Service Created (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ File made Immutable by Chattr (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual D-Bus Daemon Child Process (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual Process Spawned from Web Server Parent (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious Execution from Foomatic-rip or Cupsd Parent (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Access Control List Modification via setfacl (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Web Server Spawned via Python (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Endpoint Security (Elastic Defend) (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS IAM AdministratorAccess Policy Attached to User (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GitHub Owner Role Granted To User (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Protocol Tunneling via EarthWorm (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ File Deletion via Shred (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ System Log File Deletion (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GRUB Configuration Generation through Built-in Utilities (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS S3 Object Encryption Using External KMS Key (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Git Hook Created or Modified (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Openssl Client or Server Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious APT Package Manager Execution (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ File Transfer or Listener Established via Netcat (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Suspicious File Creation via Kworker (eql)
  • ❌ Potential Denial of Azure OpenAI ML Service (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Hidden Directory Creation via Unusual Parent (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Abuse of Resources by High Token Count and Large Response Sizes (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Remote File Copy via TeamViewer (eql)
  • ❌ Chkconfig Service Add (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ File Creation by Cups or Foomatic-rip Child (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS IAM Login Profile Added for Root (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual Base64 Encoding/Decoding Activity (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Initramfs Unpacking via unmkinitramfs (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Azure Entra Sign-in Brute Force Microsoft 365 Accounts by Repeat Source (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Polkit Version Discovery (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Azure Entra ID Password Spraying (Non-Interactive SFA) (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Kernel Module Removal (eql)
  • ❌ GRUB Configuration File Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Namespace Manipulation Using Unshare (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Linux init (PID 1) Secret Dump via GDB (eql)
  • ❌ Suspicious Memory grep Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Interactive Terminal Spawned via Python (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious Content Extracted or Decompressed via Funzip (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Git Hook Command Execution (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Hidden Process via Mount Hidepid (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Dracut Module Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Docker Socket Enumeration (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS IAM AdministratorAccess Policy Attached to Role (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Base16 or Base32 Encoding/Decoding Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Dynamic Linker Copy (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS IAM AdministratorAccess Policy Attached to Group (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potentially Suspicious Process Started via tmux or screen (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Connection to External Network via Telnet (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious Mining Process Creation Event (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Data Splitting Detected (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Persistence via KDE AutoStart Script or Desktop File Modification (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Linux Credential Dumping via Unshadow (eql)
    • stack_validation_failed: no_alerts - 0 alerts
  • ❌ Potential Disabling of SELinux (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ BPF filter applied using TC (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Potential Linux Credential Dumping via Proc Filesystem (eql)
  • ❌ Potential Remote Code Execution via Web Server (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Process Capability Set via setcap Utility (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential OpenSSH Backdoor Logging Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Bedrock Invocations without Guardrails Detected by a Single User Over a Session (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ OpenSSL Password Hash Generation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Bedrock Guardrails Detected Multiple Policy Violations Within a Single Blocked Request (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Setcap setuid/setgid Capability Set (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Disabling of AppArmor (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ High Number of Cloned GitHub Repos From PAT (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Azure OpenAI Insecure Output Handling (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GitHub App Deleted (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta

@tradebot-elastic
Copy link

tradebot-elastic commented Mar 20, 2025
edited
Loading

⛔️ Tests failed:

  • ❌ Suspicious Dynamic Linker Discovery via od (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Dynamic Linker (ld.so) Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GitHub Protected Branch Settings Changed (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Shell via Wildcard Injection Detected (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Hex Payload Execution (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Bedrock Guardrails Detected Multiple Violations by a Single User Over a Session (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Nping Process Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual High Denied Sensitive Information Policy Blocks Detected (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ M365 OneDrive Excessive File Downloads with OAuth Token (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Polkit Policy Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Netcat Listener Established via rlwrap (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Third-party Backup Files Deleted via Unexpected Process (eql)
  • ❌ Pluggable Authentication Module (PAM) Version Discovery (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Office Test Registry Persistence (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Bedrock Detected Multiple Attempts to use Denied Models by a Single User (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Initramfs Extraction via CPIO (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Connection to Internal Network via Telnet (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ New GitHub App Installed (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Potential Linux Hack Tool Launched (eql)
  • ❌ AWS Signin Single Factor Console Login with Federated User (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ High Number of Egress Network Connections from Unusual Executable (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Executable Masquerading as Kernel Process (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Kernel Module Load via insmod (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ New GitHub Owner Added (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Reverse Shell via Background Process (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual High Denied Topic Blocks Detected (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Defense Evasion via Doas (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Attempts to Brute Force a Microsoft 365 User Account (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Attempt to Clear Kernel Ring Buffer (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Widespread Malware Infection Across Multiple Hosts (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Sudo Command Enumeration Detected (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Linux SSH X11 Forwarding (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ ESXI Discovery via Grep (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential SSH-IT SSH Worm Downloaded (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Attempt to Disable Syslog Service (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ ESXI Timestomping using Touch Command (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual High Word Policy Blocks Detected (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Directory Creation in /bin directory (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ ESXI Discovery via Find (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GitHub Repository Deleted (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Azure Entra Sign-in Brute Force against Microsoft 365 Accounts (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Suspicious File Edit (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Rapid7 Threat Command CVEs Correlation (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual Pkexec Execution (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Azure Entra MFA TOTP Brute Force Attempts (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ DNF Package Manager Plugin File Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Azure OpenAI Model Theft (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unix Socket Connection (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS EC2 EBS Snapshot Shared or Made Public (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Linux User Added to Privileged Group (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ System V Init Script Created (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Cupsd or Foomatic-rip Shell Execution (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Linux Backdoor User Account Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Unauthorized Access via Wildcard Injection Detected (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ ProxyChains Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Kernel Load or Unload via Kexec Detected (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Process Spawned from Message-of-the-Day (MOTD) (eql)
    • stack_validation_failed: no_alerts - 0 alerts
  • ❌ Unusual High Confidence Content Filter Blocks Detected (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Hidden Files and Directories via Hidden Flag (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ IPv4/IPv6 Forwarding Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Chroot Container Escape via Mount (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious which Enumeration (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Boot File Copy (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Pluggable Authentication Module (PAM) Creation in Unusual Directory (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Defense Evasion via PRoot (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Memory Swap Modification (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS S3 Bucket Enumeration or Brute Force (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Private Key Searching Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Process Backgrounded by Unusual Parent (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Linux Process Hooking via GDB (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS IAM User Created Access Keys For Another User (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Attempt to Disable Auditd Service (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious Utility Launched via ProxyChains (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Port Scanning Activity from Compromised Host (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Root Certificate Installation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Linux Tunneling and/or Port Forwarding (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Bedrock Detected Multiple Validation Exception Errors by a Single User (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Discovery API Calls via CLI from a Single Resource (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Creation of Hidden Shared Object File (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Malware-Driven SSH Brute Force Attempt (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Yum/DNF Plugin Status Discovery (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ SSL Certificate Deletion (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Git Hook Child Process (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ SSH Key Generated via ssh-keygen (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Security File Access via Common Utilities (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential AWS S3 Bucket Ransomware Note Uploaded (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Manual Dracut Execution (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Attempt to Disable IPTables or Firewall (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Upgrade of Non-interactive Shell (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Subnet Scanning Activity from Compromised Host (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ NetworkManager Dispatcher Script Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Kerberos Traffic from Unusual Process (eql)
    • stack_validation_failed: no_alerts - 0 alerts
  • ❌ Unusual Command Execution from Web Server Parent (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Potential Sudo Privilege Escalation via CVE-2019-14287 (eql)
  • ❌ Potential Privilege Escalation via PKEXEC (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual File Transfer Utility Launched (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Hping Process Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Simple HTTP Web Server Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GitHub UEBA - Multiple Alerts from a GitHub Account (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Suspicious SolarWinds Child Process (eql)
  • ❌ Executable Bit Set for Potential Persistence Script (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ D-Bus Service Created (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ File made Immutable by Chattr (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual D-Bus Daemon Child Process (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual Process Spawned from Web Server Parent (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious Execution from Foomatic-rip or Cupsd Parent (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Access Control List Modification via setfacl (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Web Server Spawned via Python (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Endpoint Security (Elastic Defend) (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS IAM AdministratorAccess Policy Attached to User (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GitHub Owner Role Granted To User (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Protocol Tunneling via EarthWorm (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ File Deletion via Shred (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ System Log File Deletion (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GRUB Configuration Generation through Built-in Utilities (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS S3 Object Encryption Using External KMS Key (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Git Hook Created or Modified (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Openssl Client or Server Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious APT Package Manager Execution (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ File Transfer or Listener Established via Netcat (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Suspicious File Creation via Kworker (eql)
  • ❌ Potential Denial of Azure OpenAI ML Service (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Hidden Directory Creation via Unusual Parent (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Abuse of Resources by High Token Count and Large Response Sizes (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Remote File Copy via TeamViewer (eql)
  • ❌ Chkconfig Service Add (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ File Creation by Cups or Foomatic-rip Child (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS IAM Login Profile Added for Root (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual Base64 Encoding/Decoding Activity (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Initramfs Unpacking via unmkinitramfs (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Azure Entra Sign-in Brute Force Microsoft 365 Accounts by Repeat Source (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Polkit Version Discovery (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Azure Entra ID Password Spraying (Non-Interactive SFA) (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Kernel Module Removal (eql)
  • ❌ GRUB Configuration File Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Namespace Manipulation Using Unshare (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Linux init (PID 1) Secret Dump via GDB (eql)
  • ❌ Suspicious Memory grep Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Interactive Terminal Spawned via Python (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious Content Extracted or Decompressed via Funzip (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Git Hook Command Execution (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Hidden Process via Mount Hidepid (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Dracut Module Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Docker Socket Enumeration (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS IAM AdministratorAccess Policy Attached to Role (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Base16 or Base32 Encoding/Decoding Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Dynamic Linker Copy (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS IAM AdministratorAccess Policy Attached to Group (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potentially Suspicious Process Started via tmux or screen (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Connection to External Network via Telnet (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious Mining Process Creation Event (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Data Splitting Detected (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Persistence via KDE AutoStart Script or Desktop File Modification (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Linux Credential Dumping via Unshadow (eql)
    • stack_validation_failed: no_alerts - 0 alerts
  • ❌ Potential Disabling of SELinux (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ BPF filter applied using TC (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Potential Linux Credential Dumping via Proc Filesystem (eql)
  • ❌ Potential Remote Code Execution via Web Server (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Process Capability Set via setcap Utility (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential OpenSSH Backdoor Logging Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Bedrock Invocations without Guardrails Detected by a Single User Over a Session (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ OpenSSL Password Hash Generation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Bedrock Guardrails Detected Multiple Policy Violations Within a Single Blocked Request (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Setcap setuid/setgid Capability Set (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Disabling of AppArmor (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ High Number of Cloned GitHub Repos From PAT (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Azure OpenAI Insecure Output Handling (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GitHub App Deleted (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta

@tradebot-elastic
Copy link

tradebot-elastic commented Mar 20, 2025
edited
Loading

⛔️ Tests failed:

  • ❌ Suspicious Dynamic Linker Discovery via od (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Dynamic Linker (ld.so) Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GitHub Protected Branch Settings Changed (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Shell via Wildcard Injection Detected (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Hex Payload Execution (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Bedrock Guardrails Detected Multiple Violations by a Single User Over a Session (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Nping Process Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual High Denied Sensitive Information Policy Blocks Detected (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ M365 OneDrive Excessive File Downloads with OAuth Token (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Polkit Policy Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Netcat Listener Established via rlwrap (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Third-party Backup Files Deleted via Unexpected Process (eql)
  • ❌ Pluggable Authentication Module (PAM) Version Discovery (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Office Test Registry Persistence (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Bedrock Detected Multiple Attempts to use Denied Models by a Single User (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Initramfs Extraction via CPIO (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Connection to Internal Network via Telnet (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ New GitHub App Installed (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Potential Linux Hack Tool Launched (eql)
  • ❌ AWS Signin Single Factor Console Login with Federated User (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ High Number of Egress Network Connections from Unusual Executable (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Executable Masquerading as Kernel Process (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Kernel Module Load via insmod (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ New GitHub Owner Added (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Reverse Shell via Background Process (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual High Denied Topic Blocks Detected (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Defense Evasion via Doas (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Attempts to Brute Force a Microsoft 365 User Account (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Attempt to Clear Kernel Ring Buffer (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Widespread Malware Infection Across Multiple Hosts (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Sudo Command Enumeration Detected (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Linux SSH X11 Forwarding (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ ESXI Discovery via Grep (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential SSH-IT SSH Worm Downloaded (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Attempt to Disable Syslog Service (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ ESXI Timestomping using Touch Command (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual High Word Policy Blocks Detected (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Directory Creation in /bin directory (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ ESXI Discovery via Find (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GitHub Repository Deleted (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Azure Entra Sign-in Brute Force against Microsoft 365 Accounts (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Suspicious File Edit (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Rapid7 Threat Command CVEs Correlation (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual Pkexec Execution (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Azure Entra MFA TOTP Brute Force Attempts (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ DNF Package Manager Plugin File Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Azure OpenAI Model Theft (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unix Socket Connection (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS EC2 EBS Snapshot Shared or Made Public (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Linux User Added to Privileged Group (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ System V Init Script Created (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Cupsd or Foomatic-rip Shell Execution (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Linux Backdoor User Account Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Unauthorized Access via Wildcard Injection Detected (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ ProxyChains Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Kernel Load or Unload via Kexec Detected (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Process Spawned from Message-of-the-Day (MOTD) (eql)
    • stack_validation_failed: no_alerts - 0 alerts
  • ❌ Unusual High Confidence Content Filter Blocks Detected (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Hidden Files and Directories via Hidden Flag (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ IPv4/IPv6 Forwarding Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Chroot Container Escape via Mount (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious which Enumeration (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Boot File Copy (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Pluggable Authentication Module (PAM) Creation in Unusual Directory (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Defense Evasion via PRoot (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Memory Swap Modification (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS S3 Bucket Enumeration or Brute Force (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Private Key Searching Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Process Backgrounded by Unusual Parent (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Linux Process Hooking via GDB (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS IAM User Created Access Keys For Another User (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Attempt to Disable Auditd Service (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious Utility Launched via ProxyChains (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Port Scanning Activity from Compromised Host (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Root Certificate Installation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Linux Tunneling and/or Port Forwarding (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Bedrock Detected Multiple Validation Exception Errors by a Single User (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Discovery API Calls via CLI from a Single Resource (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Creation of Hidden Shared Object File (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Malware-Driven SSH Brute Force Attempt (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Yum/DNF Plugin Status Discovery (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ SSL Certificate Deletion (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Git Hook Child Process (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ SSH Key Generated via ssh-keygen (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Security File Access via Common Utilities (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential AWS S3 Bucket Ransomware Note Uploaded (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Manual Dracut Execution (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Attempt to Disable IPTables or Firewall (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Upgrade of Non-interactive Shell (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Subnet Scanning Activity from Compromised Host (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ NetworkManager Dispatcher Script Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Kerberos Traffic from Unusual Process (eql)
    • stack_validation_failed: no_alerts - 0 alerts
  • ❌ Unusual Command Execution from Web Server Parent (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Potential Sudo Privilege Escalation via CVE-2019-14287 (eql)
  • ❌ Potential Privilege Escalation via PKEXEC (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual File Transfer Utility Launched (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Hping Process Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Simple HTTP Web Server Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GitHub UEBA - Multiple Alerts from a GitHub Account (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Suspicious SolarWinds Child Process (eql)
  • ❌ Executable Bit Set for Potential Persistence Script (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ D-Bus Service Created (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ File made Immutable by Chattr (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual D-Bus Daemon Child Process (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual Process Spawned from Web Server Parent (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious Execution from Foomatic-rip or Cupsd Parent (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Access Control List Modification via setfacl (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Web Server Spawned via Python (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Endpoint Security (Elastic Defend) (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS IAM AdministratorAccess Policy Attached to User (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GitHub Owner Role Granted To User (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Protocol Tunneling via EarthWorm (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ File Deletion via Shred (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ System Log File Deletion (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GRUB Configuration Generation through Built-in Utilities (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS S3 Object Encryption Using External KMS Key (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Git Hook Created or Modified (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Openssl Client or Server Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious APT Package Manager Execution (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ File Transfer or Listener Established via Netcat (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Suspicious File Creation via Kworker (eql)
  • ❌ Potential Denial of Azure OpenAI ML Service (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Hidden Directory Creation via Unusual Parent (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Abuse of Resources by High Token Count and Large Response Sizes (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Remote File Copy via TeamViewer (eql)
  • ❌ Chkconfig Service Add (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ File Creation by Cups or Foomatic-rip Child (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS IAM Login Profile Added for Root (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Unusual Base64 Encoding/Decoding Activity (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Initramfs Unpacking via unmkinitramfs (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Azure Entra Sign-in Brute Force Microsoft 365 Accounts by Repeat Source (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Polkit Version Discovery (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Azure Entra ID Password Spraying (Non-Interactive SFA) (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Kernel Module Removal (eql)
  • ❌ GRUB Configuration File Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Namespace Manipulation Using Unshare (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Linux init (PID 1) Secret Dump via GDB (eql)
  • ❌ Suspicious Memory grep Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Interactive Terminal Spawned via Python (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious Content Extracted or Decompressed via Funzip (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Git Hook Command Execution (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Hidden Process via Mount Hidepid (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Dracut Module Creation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Docker Socket Enumeration (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS IAM AdministratorAccess Policy Attached to Role (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Base16 or Base32 Encoding/Decoding Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Dynamic Linker Copy (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS IAM AdministratorAccess Policy Attached to Group (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potentially Suspicious Process Started via tmux or screen (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Connection to External Network via Telnet (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Suspicious Mining Process Creation Event (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Data Splitting Detected (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Persistence via KDE AutoStart Script or Desktop File Modification (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Linux Credential Dumping via Unshadow (eql)
    • stack_validation_failed: no_alerts - 0 alerts
  • ❌ Potential Disabling of SELinux (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ BPF filter applied using TC (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ✅ Potential Linux Credential Dumping via Proc Filesystem (eql)
  • ❌ Potential Remote Code Execution via Web Server (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Process Capability Set via setcap Utility (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential OpenSSH Backdoor Logging Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Bedrock Invocations without Guardrails Detected by a Single User Over a Session (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ OpenSSL Password Hash Generation (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ AWS Bedrock Guardrails Detected Multiple Policy Violations Within a Single Blocked Request (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Setcap setuid/setgid Capability Set (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Potential Disabling of AppArmor (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ High Number of Cloned GitHub Repos From PAT (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ Azure OpenAI Insecure Output Handling (esql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GitHub App Deleted (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta

eric-forte-elastic
eric-forte-elastic reviewed Mar 20, 2025
View reviewed changes
detection_rules/etc/stack-schema-map.yaml
endgame: "8.4.0"

"9.0.0":
beats: "9.0.0-beta1"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note, the beta and rc packages are abnormal and not recommended. However, we have little choice as there are not full release packages available.

eric-forte-elastic
eric-forte-elastic approved these changes Mar 20, 2025
View reviewed changes
Copy link
Contributor

@eric-forte-elastic eric-forte-elastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟢 Manual review, looks good to me! 👍

@shashank-elastic shashank-elastic merged commit 059d7ef into main Mar 20, 2025
13 checks passed
@shashank-elastic shashank-elastic deleted the prep-for-next-release-9.0_1 branch March 20, 2025 15:02
@shashank-elastic shashank-elastic mentioned this pull request Mar 20, 2025
Merged
5 tasks
r0ot added a commit to VigilantSec/detection-rules that referenced this pull request Apr 16, 2025
@r0ot @eric-forte-elastic
@sodhikirti07 @Samirbous @w0rk3r @shashank-elastic @Mpdreamz @Mikaayenson @terrancedejesus @reakaleek @traut @DefSecSentinel @BugOrFeature @github-actions @Aegrah @imays11 @frederikb96
Upstream merge 16 apr 25 (#24)
a7cd726 
* Temporaily Disable Changed FIles Workflow (elastic#4538)

* Temporaily Disable Changed FIles Workflow

* bump version

* Add new ML detection rules for Privileged Access Detection (elastic#4516)

Add detection-rules for privileged access detection integration

* Revert "Add new ML detection rules for Privileged Access Detection (elastic#4516)" (elastic#4548)

This reverts commit 2ff8d1b.

* Min stack rules from 4516 (elastic#4549)

* Update defense_evasion_posh_assembly_load.toml (elastic#4543)

Co-authored-by: Jonhnathan <[email protected]>

* Change description and name of problemchild ML detection-rules (elastic#4545)

Changed description and name of problemchild ML detection-rules

* Prep for Release 9.0 (elastic#4550)

* [ci] Add new docs-builder automation. (elastic#4507)

* Add new docs automation

* Add path-pattern filters for documentation folders

* Update .github/workflows/docs-build.yml

Co-authored-by: Jan Calanog <[email protected]>

---------

Co-authored-by: Mika Ayenson, PhD <[email protected]>
Co-authored-by: Terrance DeJesus <[email protected]>
Co-authored-by: Jan Calanog <[email protected]>
Co-authored-by: Sergey Polzunov <[email protected]>

* [FR] Bump changed-files Version to Patched Version (elastic#4542)

* Bump changed-files Version to Patched Version

* patch bump

* reenable workflow

* Use full length commit hash

* Bump 44 to 46

---------

Co-authored-by: shashank-elastic <[email protected]>

* [New Rule] Adding Coverage for DynamoDB Exfiltration Behaviors (elastic#4535)

* new rules for AWS DynamoDB data exfiltration

* bumping patch version

* adjusting investigation guide

* updating patch version

* updating patch version

* updating patch version

---------

Co-authored-by: Colson Wilhoit <[email protected]>

* fix: removing outdated code in Kibana client auth (elastic#4495)

* Simplify kibana session management

* Drop removed options from `kibana_args` set

* Style fix

* Patch version bump

* Bumping kibana lib version

* Relax CLI requirement, making `api_key` optional, to allow `help` to run

* Create new detection rule set documentation to be included in the new docs. (elastic#4508)

* move docs folder to docs-dev

* Add new docs folder

* update docset.yml to reflect latest usage

* Add rules_building_block folder

* revert changes to docs-dev/experimental-machine-learning/url-spoof.md

* bump patch versions

* revert bump

---------

Co-authored-by: Mika Ayenson, PhD <[email protected]>
Co-authored-by: Terrance DeJesus <[email protected]>

* fixing double header in investigation notes (elastic#4490)

* [Bug] Update Custom Rules Markdown Location (elastic#4565)

* Update to custom-rules markdown location

* bump version

* Update link reference

* Prep main for 9.1 (elastic#4555)

* Prep for Release 9.1

* Update Patch Version

* Update Patch version

* Update Patch version

* [Rule Tuning] Added OWA (outlook for web) new AppID (elastic#4568)

* Added OWA (outlook for web) new AppID

**Title:** Add new Outlook for Web AppID to abnormal Microsoft 365 ClientAppID rule

**Description:**

This pull request updates the `initial_access_microsoft_365_abnormal_clientappid` rule to include the newly introduced Outlook for Web AppID:
- **New AppID**: `9199bf20-a13f-4107-85dc-02114787ef48`

### Context

Outlook for Web (OWA) is migrating to a new authentication platform using MSAL and a Single Page Application (SPA) auth model. As part of this backend change, Microsoft is replacing the existing OWA AppID with a new one. This change is being rolled out during the first half of calendar year 2024, with full deployment expected by Q4 2024.
- **Old OWA AppID**: `00000002-0000-0ff1-ce00-000000000000`
- **New OWA AppID**: `9199bf20-a13f-4107-85dc-02114787ef48`
    

Although no action is required for tenant administrators, this new AppID may show up in logs and should be accounted for in detections relying on known legitimate ClientAppIDs.

### Why this change?

The rule `initial_access_microsoft_365_abnormal_clientappid` flags potentially suspicious or unauthorized client applications accessing Microsoft 365 services. To prevent false positives caused by this official change from Microsoft, this PR adds the new OWA AppID to the allowlist.

### References
- Microsoft 365 Message Center notice (ref: MC715025)
- [MSAL documentation](https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-overview)

* Update initial_access_microsoft_365_abnormal_clientappid.toml

Updated updated_date

* Update Max signals value to supported limits (elastic#4556)

* Update ATT&CK coverage URL(s) in docs-dev/ATT&CK-coverage.md (elastic#4571)

* deprecating 'Azure Virtual Network Device Modified or Deleted' (elastic#4559)

* tuning 'Azure Conditional Access Policy Modified' (elastic#4558)

* [Rule Tuning] Tuning Illicit Grant Consent Detections in Azure and M365 (elastic#4557)

* tuning Azure rule for illicit grant activity; creating new rule for M365

* Update rules/integrations/o365/initial_access_microsoft_365_illicit_consent_grant_via_registered_application.toml

* Update rules/integrations/azure/initial_access_entra_illicit_consent_grant_via_registered_application.toml

* adjusted tags

* Update rules/integrations/azure/initial_access_entra_illicit_consent_grant_via_registered_application.toml

* Update defense_evasion_microsoft_defender_tampering.toml (elastic#4573)

Co-authored-by: Jonhnathan <[email protected]>

* [Rule Tuning] O365 Exchange Suspicious Mailbox Right Delegation (elastic#4589)

* Update docset.yml (elastic#4590)

Remove diagnostic hint

* [New] Unusual Network Connection to Suspicious Web Service (elastic#4569)

* [New] Unusual Network Connection to Suspicious Web Service

* Update rule threat order

---------

Co-authored-by: Eric Forte <[email protected]>
Co-authored-by: eric-forte-elastic <[email protected]>
Co-authored-by: Mika Ayenson, PhD <[email protected]>

* [New] Unusual Network Connection to Suspicious Top Level Domain (elastic#4563)

* [Rule Tuning] Add Host Metadata to ES|QL Aggregation Rules (elastic#4592)

Co-authored-by: Mika Ayenson, PhD <[email protected]>

* Add investigation guides (elastic#4600)

* [Rule Tuning] Suspicious Execution via Scheduled Task (elastic#4599)

* Lock versions for releases: 8.14,8.15,8.16,8.17,8.18,9.0 (elastic#4601)

* [FN Tuning] Shared Object Created or Changed by Previously Unknown Pr… (elastic#4529)

* [FN Tuning] Shared Object Created or Changed by Previously Unknown Process

* Update process exclusions in TOML file

---------

Co-authored-by: Colson Wilhoit <[email protected]>
Co-authored-by: shashank-elastic <[email protected]>
Co-authored-by: Terrance DeJesus <[email protected]>
Co-authored-by: Eric Forte <[email protected]>

* [D4C Conversion] Converting Compatible D4C Rules to DR (elastic#4532)

* [D4C Conversion] Converting Compatible D4C Rules to DR

* added host.os.type

* Rename

* Update rules/linux/execution_container_management_binary_launched_inside_container.toml

Co-authored-by: Isai <[email protected]>

* Update rules/linux/privilege_escalation_debugfs_launched_inside_container.toml

Co-authored-by: Isai <[email protected]>

* Update rules/linux/privilege_escalation_debugfs_launched_inside_container.toml

Co-authored-by: Isai <[email protected]>

* Update rules/linux/privilege_escalation_mount_launched_inside_container.toml

Co-authored-by: Isai <[email protected]>

* Update rules/linux/privilege_escalation_mount_launched_inside_container.toml

Co-authored-by: Isai <[email protected]>

---------

Co-authored-by: Isai <[email protected]>
Co-authored-by: shashank-elastic <[email protected]>
Co-authored-by: Terrance DeJesus <[email protected]>
Co-authored-by: Mika Ayenson, PhD <[email protected]>

* Remove Task List reference (elastic#4605)

* [FR] Update Detection Rules MITRE Workflow to SHA Pin  (elastic#4581)

* Update to pinned hash

* version bump

* [FR] Add Kibana Action Connector Error to Exception List Workaround (elastic#4583)

* Add error catch for workaround

* Switch to set for efficiency

* Patch version bump

---------

Co-authored-by: Mika Ayenson, PhD <[email protected]>

* [Rule Tuning] SSH Authorized Keys File Deletion (elastic#4591)

Co-authored-by: Mika Ayenson, PhD <[email protected]>

* [Rule Tuning] Suspicious WMI Event Subscription Created (elastic#4618)

* [Rule Tuning] Suspicious Execution via Scheduled Task

* [Rule Tuning] Suspicious WMI Event Subscription Created

* [Rule Tuning] Adjusting `Microsoft Entra ID Rare Authentication Requirement for Principal User` (elastic#4562)

* tuning 'Microsoft Entra ID Rare Authentication Requirement for Principal User'

* updated MITRE ATT&CK mappings

* updated index target

* updated patch version

* updating patch version

* bumping patch version

* updating patch version

* [Rule Tuning] Tuning `Azure Service Principal Credentials Added` (elastic#4570)

* tuning 'Azure Service Principal Credentials Added'

* updated patch version

* added investigation guide

* updating patch version

* updating patch version

* [FR] Add Support for Local Dates Flag (elastic#4582)

* Add support for local dates flag

* Use two variables

* Add support for import-rules-to-repo

* Revert arg formatting

* Update comment

* Pass Rule Path as Path Object

* Update to rule loader function

* Streamline metadata function

* Also support dictionaries

* Bump patch version

* Reduce complexity

* Add if path exists check

* Fix version bump

* Feature exclude tactic name (elastic#4593)

* Added new cli flag to exclude tactic name in rule file name

* added a shortcut for the flag and adjusted CLI readme

* Add no tactic flag also to import to prevent warnings

* Added info about unit test

* version bump

* Added no_tactic_filename as config option + fixed linting

* pyproject version bump

---------

Co-authored-by: Mika Ayenson, PhD <[email protected]>
Co-authored-by: Eric Forte <[email protected]>

---------

Co-authored-by: Eric Forte <[email protected]>
Co-authored-by: Kirti Sodhi <[email protected]>
Co-authored-by: Samirbous <[email protected]>
Co-authored-by: Jonhnathan <[email protected]>
Co-authored-by: shashank-elastic <[email protected]>
Co-authored-by: Martijn Laarman <[email protected]>
Co-authored-by: Mika Ayenson, PhD <[email protected]>
Co-authored-by: Terrance DeJesus <[email protected]>
Co-authored-by: Jan Calanog <[email protected]>
Co-authored-by: Sergey Polzunov <[email protected]>
Co-authored-by: Colson Wilhoit <[email protected]>
Co-authored-by: M. Visser <[email protected]>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: eric-forte-elastic <[email protected]>
Co-authored-by: Ruben Groenewoud <[email protected]>
Co-authored-by: Isai <[email protected]>
Co-authored-by: Frederik Berg <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@traut traut traut approved these changes

@Samirbous Samirbous Samirbous approved these changes

@eric-forte-elastic eric-forte-elastic eric-forte-elastic approved these changes

@Mikaayenson Mikaayenson Awaiting requested review from Mikaayenson Mikaayenson is a code owner

@terrancedejesus terrancedejesus Awaiting requested review from terrancedejesus terrancedejesus is a code owner

Assignees

@shashank-elastic shashank-elastic

Labels
backport: auto bbr Building Block Rules Domain: Cloud Workloads Domain: Endpoint enhancement New feature or request Integration: AWS AWS related rules Integration: Azure azure related rules Integration: Endpoint Elastic Endpoint Security Integration: Microsoft 365 OS: Linux OS: Windows windows related rules patch python Internal python for the repository schema
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@shashank-elastic @tradebot-elastic @traut @Samirbous @eric-forte-elastic