Skip to content

Commit 2275381

Browse files
github-actions[bot]github-actions[bot]
committed
Locked versions for releases: 7.16,8.0,8.1,8.2,8.3 (elastic#2041)
Co-authored-by: terrancedejesus <terrancedejesus@users.noreply.github.com> (cherry picked from commit fd9c9f8)
1 parent 3e03f7c commit 2275381

File tree

2 files changed

+720
-316
lines changed

2 files changed

+720
-316
lines changed

detection_rules/etc/deprecated_rules.json

Lines changed: 71 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,11 +4,21 @@
44
"rule_name": "TCP Port 8000 Activity to the Internet",
55
"stack_version": "7.14.0"
66
},
7+
"0968cfbd-40f0-4b1c-b7b1-a60736c7b241": {
8+
"deprecation_date": "2022/05/09",
9+
"rule_name": "Linux Restricted Shell Breakout via cpulimit Shell Evasion",
10+
"stack_version": "7.16"
11+
},
712
"0f616aee-8161-4120-857e-742366f5eeb3": {
813
"deprecation_date": "2021/04/15",
914
"rule_name": "PowerShell spawning Cmd",
1015
"stack_version": "7.14.0"
1116
},
17+
"10754992-28c7-4472-be5b-f3770fd04f2d": {
18+
"deprecation_date": "2022/05/09",
19+
"rule_name": "Linux Restricted Shell Breakout via awk Commands",
20+
"stack_version": "7.16"
21+
},
1222
"119c8877-8613-416d-a98a-96b6664ee73a5": {
1323
"deprecation_date": "2021/08/02",
1424
"rule_name": "AWS RDS Snapshot Export",
@@ -24,6 +34,11 @@
2434
"rule_name": "SQL Traffic to the Internet",
2535
"stack_version": "7.14.0"
2636
},
37+
"1859ce38-6a50-422b-a5e8-636e231ea0cd": {
38+
"deprecation_date": "2022/05/09",
39+
"rule_name": "Linux Restricted Shell Breakout via c89/c99 Shell evasion",
40+
"stack_version": "7.16"
41+
},
2742
"3a86e085-094c-412d-97ff-2439731e59cb": {
2843
"deprecation_date": "2021/03/03",
2944
"rule_name": "Setgid Bit Set via chmod",
@@ -64,6 +79,16 @@
6479
"rule_name": "SSH (Secure Shell) to the Internet",
6580
"stack_version": "7.14.0"
6681
},
82+
"6f683345-bb10-47a7-86a7-71e9c24fb358": {
83+
"deprecation_date": "2022/05/09",
84+
"rule_name": "Linux Restricted Shell Breakout via the find command",
85+
"stack_version": "7.16"
86+
},
87+
"72d33577-f155-457d-aad3-379f9b750c97": {
88+
"deprecation_date": "2022/05/09",
89+
"rule_name": "Linux Restricted Shell Breakout via env Shell Evasion",
90+
"stack_version": "7.16"
91+
},
6792
"7a137d76-ce3d-48e2-947d-2747796a78c0": {
6893
"deprecation_date": "2021/04/15",
6994
"rule_name": "Network Sniffing via Tcpdump",
@@ -79,11 +104,31 @@
79104
"rule_name": "Persistence via Kernel Module Modification",
80105
"stack_version": "7.14.0"
81106
},
107+
"83b2c6e5-e0b2-42d7-8542-8f3af86a1acb": {
108+
"deprecation_date": "2022/05/09",
109+
"rule_name": "Linux Restricted Shell Breakout via the mysql command",
110+
"stack_version": "7.16"
111+
},
82112
"87ec6396-9ac4-4706-bcf0-2ebb22002f43": {
83113
"deprecation_date": "2021/04/15",
84114
"rule_name": "FTP (File Transfer Protocol) Activity to the Internet",
85115
"stack_version": "7.14.0"
86116
},
117+
"89583d1b-3c2e-4606-8b74-0a9fd2248e88": {
118+
"deprecation_date": "2022/05/09",
119+
"rule_name": "Linux Restricted Shell Breakout via the vi command",
120+
"stack_version": "7.16"
121+
},
122+
"8fed8450-847e-43bd-874c-3bbf0cd425f3": {
123+
"deprecation_date": "2022/05/09",
124+
"rule_name": "Linux Restricted Shell Breakout via apt/apt-get Changelog Escape",
125+
"stack_version": "7.16"
126+
},
127+
"97da359b-2b61-4a40-b2e4-8fc48cf7a294": {
128+
"deprecation_date": "2022/05/09",
129+
"rule_name": "Linux Restricted Shell Breakout via the SSH command",
130+
"stack_version": "7.16"
131+
},
87132
"97f22dab-84e8-409d-955e-dacd1d31670b": {
88133
"deprecation_date": "2021/04/15",
89134
"rule_name": "Base64 Encoding/Decoding Activity",
@@ -139,6 +184,11 @@
139184
"rule_name": "PPTP (Point to Point Tunneling Protocol) Activity",
140185
"stack_version": "7.14.0"
141186
},
187+
"da986d2c-ffbf-4fd6-af96-a88dbf68f386": {
188+
"deprecation_date": "2022/05/09",
189+
"rule_name": "Linux Restricted Shell Breakout via the gcc command",
190+
"stack_version": "7.16"
191+
},
142192
"dc672cb7-d5df-4d1f-a6d7-0841b1caafb9": {
143193
"deprecation_date": "2022/01/12",
144194
"rule_name": "Threat Intel Filebeat Module (v7.x) Indicator Match",
@@ -149,9 +199,29 @@
149199
"rule_name": "RDP (Remote Desktop Protocol) to the Internet",
150200
"stack_version": "7.14.0"
151201
},
202+
"e9b4a3c7-24fc-49fd-a00f-9c938031eef1": {
203+
"deprecation_date": "2022/05/09",
204+
"rule_name": "Linux Restricted Shell Breakout via busybox Shell Evasion",
205+
"stack_version": "7.16"
206+
},
152207
"ea0784f0-a4d7-4fea-ae86-4baaf27a6f17": {
153208
"deprecation_date": "2021/04/15",
154209
"rule_name": "SSH (Secure Shell) from the Internet",
155210
"stack_version": "7.14.0"
211+
},
212+
"ee619805-54d7-4c56-ba6f-7717282ddd73": {
213+
"deprecation_date": "2022/05/09",
214+
"rule_name": "Linux Restricted Shell Breakout via crash Shell evasion",
215+
"stack_version": "7.16"
216+
},
217+
"f52362cd-baf1-4b6d-84be-064efc826461": {
218+
"deprecation_date": "2022/05/09",
219+
"rule_name": "Linux Restricted Shell Breakout via flock Shell evasion",
220+
"stack_version": "7.16"
221+
},
222+
"fd3fc25e-7c7c-4613-8209-97942ac609f6": {
223+
"deprecation_date": "2022/05/09",
224+
"rule_name": "Linux Restricted Shell Breakout via the expect command",
225+
"stack_version": "7.16"
156226
}
157-
}
227+
}

0 commit comments

Comments
 (0)