forked from elastic/detection-rules
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdeprecated_rules.json
132 lines (132 loc) · 4.33 KB
/
deprecated_rules.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
{
"08d5d7e2-740f-44d8-aeda-e41f4263efaf": {
"deprecation_date": "2021/04/15",
"rule_name": "TCP Port 8000 Activity to the Internet",
"stack_version": "7.14.0"
},
"0f616aee-8161-4120-857e-742366f5eeb3": {
"deprecation_date": "2021/04/15",
"rule_name": "PowerShell spawning Cmd",
"stack_version": "7.14.0"
},
"120559c6-5e24-49f4-9e30-8ffe697df6b9": {
"deprecation_date": "2021/04/15",
"rule_name": "User Discovery via Whoami",
"stack_version": "7.14.0"
},
"139c7458-566a-410c-a5cd-f80238d6a5cd": {
"deprecation_date": "2021/04/15",
"rule_name": "SQL Traffic to the Internet",
"stack_version": "7.14.0"
},
"3a86e085-094c-412d-97ff-2439731e59cb": {
"deprecation_date": "2021-03-03",
"rule_name": "Setgid Bit Set via chmod",
"stack_version": "7.13"
},
"47f09343-8d1f-4bb5-8bb0-00c9d18f5010": {
"deprecation_date": "2021/03/17",
"rule_name": "Execution via Regsvcs/Regasm",
"stack_version": "7.14.0"
},
"61c31c14-507f-4627-8c31-072556b89a9c": {
"deprecation_date": "2021/04/15",
"rule_name": "Mknod Process Activity",
"stack_version": "7.14.0"
},
"67a9beba-830d-4035-bfe8-40b7e28f8ac4": {
"deprecation_date": "2021/04/15",
"rule_name": "SMTP to the Internet",
"stack_version": "7.14.0"
},
"68113fdc-3105-4cdd-85bb-e643c416ef0b": {
"deprecation_date": "2021/04/15",
"rule_name": "Query Registry via reg.exe",
"stack_version": "7.14.0"
},
"6f1500bc-62d7-4eb9-8601-7485e87da2f4": {
"deprecation_date": "2021/04/15",
"rule_name": "SSH (Secure Shell) to the Internet",
"stack_version": "7.14.0"
},
"7a137d76-ce3d-48e2-947d-2747796a78c0": {
"deprecation_date": "2021/04/15",
"rule_name": "Network Sniffing via Tcpdump",
"stack_version": "7.14.0"
},
"7d2c38d7-ede7-4bdf-b140-445906e6c540": {
"deprecation_date": "2021/04/15",
"rule_name": "Tor Activity to the Internet",
"stack_version": "7.14.0"
},
"81cc58f5-8062-49a2-ba84-5cc4b4d31c40": {
"deprecation_date": "2021/04/15",
"rule_name": "Persistence via Kernel Module Modification",
"stack_version": "7.14.0"
},
"87ec6396-9ac4-4706-bcf0-2ebb22002f43": {
"deprecation_date": "2021/04/15",
"rule_name": "FTP (File Transfer Protocol) Activity to the Internet",
"stack_version": "7.14.0"
},
"97f22dab-84e8-409d-955e-dacd1d31670b": {
"deprecation_date": "2021/04/15",
"rule_name": "Base64 Encoding/Decoding Activity",
"stack_version": "7.14.0"
},
"9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae1": {
"deprecation_date": "2021/04/15",
"rule_name": "Trusted Developer Application Usage",
"stack_version": "7.14.0"
},
"a9198571-b135-4a76-b055-e3e5a476fd83": {
"deprecation_date": "2021/04/15",
"rule_name": "Hex Encoding/Decoding Activity",
"stack_version": "7.14.0"
},
"ad0e5e75-dd89-4875-8d0a-dfdc1828b5f3": {
"deprecation_date": "2021/04/15",
"rule_name": "Proxy Port Activity to the Internet",
"stack_version": "7.14.0"
},
"b1c14366-f4f8-49a0-bcbb-51d2de8b0bb8": {
"deprecation_date": "2021/04/15",
"rule_name": "Potential Persistence via Cron Job",
"stack_version": "7.14.0"
},
"c6474c34-4953-447a-903e-9fcb7b6661aa": {
"deprecation_date": "2021/04/15",
"rule_name": "IRC (Internet Relay Chat) Protocol Activity to the Internet",
"stack_version": "7.14.0"
},
"c87fca17-b3a9-4e83-b545-f30746c53920": {
"deprecation_date": "2021/04/15",
"rule_name": "Nmap Process Activity",
"stack_version": "7.14.0"
},
"cc16f774-59f9-462d-8b98-d27ccd4519ec": {
"deprecation_date": "2021/04/15",
"rule_name": "Process Discovery via Tasklist",
"stack_version": "7.14.0"
},
"cd4d5754-07e1-41d4-b9a5-ef4ea6a0a126": {
"deprecation_date": "2021/04/15",
"rule_name": "Socat Process Activity",
"stack_version": "7.14.0"
},
"d2053495-8fe7-4168-b3df-dad844046be3": {
"deprecation_date": "2021/04/15",
"rule_name": "PPTP (Point to Point Tunneling Protocol) Activity",
"stack_version": "7.14.0"
},
"e56993d2-759c-4120-984c-9ec9bb940fd5": {
"deprecation_date": "2021/04/15",
"rule_name": "RDP (Remote Desktop Protocol) to the Internet",
"stack_version": "7.14.0"
},
"ea0784f0-a4d7-4fea-ae86-4baaf27a6f17": {
"deprecation_date": "2021/04/15",
"rule_name": "SSH (Secure Shell) from the Internet",
"stack_version": "7.14.0"
}
}