From 829119ffdc4886361b668e1e4a2a05a070152b73 Mon Sep 17 00:00:00 2001 From: tradebot-elastic <178941316+tradebot-elastic@users.noreply.github.com> Date: Sun, 12 Jul 2026 23:13:11 +0000 Subject: [PATCH 1/2] [Security Rules] Update security rules package to v9.5.1-beta.1 --- .../security_detection_engine/changelog.yml | 5 + ...047bb-b27a-47ec-8b62-ef1a5d2c9e19_416.json | 2 +- ...40285-b827-4aee-aa09-8113f58a08f3_321.json | 10 +- ...2d47d-39c7-4f69-a232-4fe9dc7a3acd_422.json | 12 +- ...030f681-0142-4231-b728-49bb9fc12066_1.json | 2 +- ...049cf71-fe13-4d79-b767-f7519921ffb5_7.json | 2 +- ...0546494-5bb0-49d6-9220-5f3b4c12f26a_5.json | 160 ------------ ...0678712-b2df-11ed-afe9-f661ea17fbcc_9.json | 2 +- ...12bfca7-45cb-4507-a3ba-3777167f8b81_1.json | 2 +- ...6b315-b566-482f-866c-1d8e2477ba16_213.json | 2 +- ...71f283-ade7-4f87-9521-ac346c68cc9b_15.json | 4 +- ...17de1e4-ea35-11ee-a417-f661ea17fbce_5.json | 2 +- ...1c1e353-9d86-4344-abdf-523ab80c6f08_1.json | 2 +- ...49712-25bc-49d2-a27d-d7ce52f5dc49_208.json | 2 +- ...1e244f0-fef9-4102-903f-9788052b2c91_1.json | 2 +- ...2137bc2-5cc2-4f7f-a8e4-c52dc239aa69_1.json | 2 +- ...2275e05-57a1-46ab-a443-7fb444da6b28_4.json | 4 +- ...22c37cd-5a4f-422b-8227-b136b7a23180_3.json | 2 +- ...ff9ea-85e7-42e3-99d2-bbb7069e02eb_211.json | 6 +- ...4f105-d7af-4a02-ae90-35f56763ffa2_208.json | 2 +- ...a23ee7-c8f8-4701-b99d-e9038ce313cb_12.json | 2 +- ...4576a-7480-4284-9327-548a806b5e48_312.json | 2 +- ...4420d-eda2-4529-9e46-4a60eccb7e2d_105.json | 4 +- ...2bab13d-fb14-4d7c-b6fe-4a28874d37c5_8.json | 2 +- ...a4563-ec10-4974-b7de-12e65aa4f9b3_112.json | 2 +- ...24bd9-d23f-4ec1-8674-3cf1a21e130b_213.json | 2 +- ...3245b25-3849-4052-ab48-72de65a82c35_3.json | 2 +- ...889c4-2686-4583-a7df-67f89c292f2c_218.json | 6 +- ...35a6f21-4092-471d-9cda-9e379f459b1e_7.json | 2 +- ...9e8a6-0fa7-4e7a-961a-53180a4c966e_108.json | 8 +- ...398c0a2-1237-478e-84c4-84510f1925e6_1.json | 2 +- ...3b150d9-9280-4eb8-9906-38cfb6184666_2.json | 2 +- ...3c23d45-d3cb-4ad4-ab5d-b361ffe8724a_8.json | 8 +- ...3d856c2-7f74-4540-a530-e20af5e39789_3.json | 2 +- ...415258b-a7b2-48a6-891a-3367cd9d4d31_8.json | 2 +- ...5f22a-2336-45fa-ba07-618a5942e22c_115.json | 2 +- ...8c618-27f5-4d94-99e6-b254585aba69_104.json | 2 +- ...42b35f3-afa6-4441-92b2-ef41976b48a3_1.json | 2 +- ...d80a3-c49e-43ef-9c72-1088f0c7b278_207.json | 8 +- ...471a12b-c740-4a72-91f0-12bf95014d3c_1.json | 2 +- ...5a96f-19c5-44fd-9571-a0b033f9086f_108.json | 2 +- ...4e65517-16e9-4fc4-b7f1-94dc21ecea0d_6.json | 2 +- ...a0387-f3b5-4ba5-8245-8002cca2bd08_219.json | 8 +- ...54853f3-2ce0-41f3-a6eb-4a4867f39cdc_2.json | 2 +- ...4db96b-fd34-43b3-9af2-587b3bd33964_13.json | 2 +- ...4fb9d-90b9-4234-a411-82a546dc1343_220.json | 12 +- ...5a50000-9886-4695-ad33-3f990dc142e2_2.json | 2 +- ...358de-aa6d-4f6c-89e6-78f74018b43b_314.json | 8 +- ...cad2fb-200c-407f-b472-02ea8c9e5e4a_10.json | 2 +- ...5a668-7b51-4a67-93ab-e9af405c9ef3_114.json | 8 +- ...5f2b649-dc03-4e9a-8c4e-6762469e8249_4.json | 2 +- ...5c542-1b96-4335-9b47-126582d2c19a_217.json | 4 +- ...64a2e08-25da-11f0-b1f1-f661ea17fbcd_5.json | 2 +- ...68a02-af29-4f20-929c-f3af281e41aa_114.json | 6 +- ...8bc9c-b71a-433b-87e6-2f664b6b3131_109.json | 4 +- ...7a03c-c735-47a6-a313-51c354aef6c3_215.json | 12 +- ...555e4-c8ce-4d90-90e1-ec7f66df5a6a_107.json | 4 +- ...ceabf-adca-48af-ac79-ffdf4c3b1e9a_220.json | 10 +- ...6f3a26c-ea35-11ee-a417-f661ea17fbce_4.json | 2 +- ...464f9-f30d-4029-8c03-0ed237fffec7_318.json | 12 +- ...39887-da3a-4fbf-9532-8ce748ff8c50_210.json | 2 +- ...787daa6-f8c5-453b-a4ec-048037f6c1cd_9.json | 2 +- ...1ef73-1fde-4a49-a34a-5dd40011b076_321.json | 10 +- ...5f85a-240f-11ed-b3d9-f661ea17fbce_112.json | 2 +- ...7cd35a6-c267-4394-a782-6a9428aea9d3_1.json | 2 +- ...bc66a-5d56-4d1f-8071-817671716db9_113.json | 2 +- ...e3f8c-6f80-485c-91eb-5b112cb79b28_112.json | 2 +- ...3383af-b9a4-42b7-a463-29c40efe7797_11.json | 2 +- ...fa162-e790-4d85-9aeb-4fea04188adb_111.json | 2 +- ...9355c-0f08-4b43-8ff5-7d2a4789fc08_214.json | 8 +- ...871a5d8-6b5f-4a12-a568-fd7bc05bd8db_4.json | 6 +- ...89db1af-740d-4d84-9a5b-babd6de143b0_8.json | 2 +- ...e5599-3719-4bbd-8cbc-7e9cff556881_104.json | 6 +- ...9073bf4-a8ea-4bce-9fd5-2bb56b4d31f4_2.json | 8 +- ...b068f-84ac-485d-8a55-7dd9e006715f_113.json | 2 +- ...b6a58-8f88-4b59-827c-ab584ad4e759_206.json | 2 +- ...ef0b8-fb21-4e45-ad89-d81666349c6a_104.json | 6 +- ...98bd5cc-fd55-438f-b354-7d6cd9856a08_4.json | 2 +- ...bc6c90-7501-494d-b015-5d988dc3f233_11.json | 2 +- ...028a5-dcde-409f-8ae0-557cef1b7082_108.json | 2 +- ...ab319ef-92b8-4c7f-989b-5de93c852e93_9.json | 6 +- ...f0c5b-62dd-48d2-ac4e-6b43fe3a6e83_213.json | 2 +- ...15bcad-aff1-4250-a5be-5d1b7eb56d07_10.json | 2 +- ...9cab4-dbbd-4a3f-9e8e-1287c7c11ae5_312.json | 4 +- ...f3da5-b5ec-47d1-908b-6ebb74814289_221.json | 4 +- ...b76ad27-c3f3-4769-9e7e-3237137fdf06_6.json | 2 +- ...b79f5c0-2c31-4fea-86cd-e62644278205_7.json | 2 +- ...03267-74c5-444d-ae29-32b5db2d562a_113.json | 6 +- ...6dfd8-5b8c-4485-9a1c-69ff7839786a_112.json | 12 +- ...bca7e73-e1b5-4fb2-801b-9b5f5be20dfe_7.json | 8 +- ...c04d82f-6def-4659-aa62-ed6355a51f39_1.json | 2 +- ...c093569-dff9-42b6-87b1-0242d9f7d9b4_5.json | 4 +- ...e8fda-4f09-451e-bc77-a192b6cbfc32_107.json | 6 +- ...c3c80de-08c2-11f0-bd11-f661ea17fbcc_8.json | 2 +- ...c74cd7e-ea35-11ee-a417-f661ea17fbce_5.json | 2 +- ...ca5c2-728d-4ad9-b1c5-bbba83ecb1f4_316.json | 12 +- ...bb5e0-f93a-47fe-ab72-8213366c38f1_104.json | 6 +- ...cd2f3e6-41da-40e6-b28b-466f688f00a6_8.json | 2 +- ...6487d-8069-4888-9ddd-61b52490cebc_214.json | 2 +- ...3d2254-2b4a-11f0-a019-f661ea17fbcc_11.json | 4 +- ...9150b-96f8-467c-a86d-a67a3378ce77_213.json | 8 +- ...ad79f-9025-45d8-80c1-4f0cd3c5e8e5_115.json | 2 +- ...2d30a-5f3e-4b71-bc3d-4a0c4914b7e0_208.json | 2 +- ...dd84246-a723-49ba-9f4e-a1e1dfa15990_1.json | 2 +- ...e1af929-42ed-4262-a846-55a7c54e7c84_5.json | 2 +- ...e42f920-047d-4568-b961-2a50db6c4713_3.json | 2 +- ...367a0-a483-439d-ad2e-d90500b925fd_208.json | 2 +- ...2157a-8e96-4a95-a6e3-5faae5081a74_213.json | 2 +- ...e524fa6-eed3-11ef-82b4-f661ea17fbce_9.json | 2 +- ...acaae-6a64-4bbc-adb8-27649c03f7e1_109.json | 2 +- ...9980b-4250-4a50-a509-69294c14e84b_216.json | 2 +- ...5d3eb-67ef-43ab-93b7-305cfa5a21f6_107.json | 4 +- ...f189343-dac7-4c1b-aca7-be8baa6bd02b_1.json | 2 +- ...d35e4-925e-4959-ab24-911be207ee6f_120.json | 2 +- ...4e947-9ab3-4dff-9e8d-fb42493eaa2f_107.json | 4 +- ...6369f-eb3d-459c-a00b-87c2bf7bdfc5_109.json | 6 +- ...f5941c6-3db9-4d2f-91df-06c7c292ba45_1.json | 2 +- ...f5d410c-a594-4cdb-8b48-f36a61838d67_1.json | 2 +- ...f615fe4-eaa2-11ee-ae33-f661ea17fbce_5.json | 2 +- ...3cb9a-1931-48c2-8cd0-f173fd3e5283_314.json | 2 +- ...fb25791-d8d4-42ab-8fc7-4954642de85f_3.json | 2 +- ...fb83aa0-3d17-41e9-b09c-56397bf7a7d9_2.json | 2 +- ...2290a-2664-4c9c-8263-b88904f12f0d_103.json | 4 +- ...84c42-873d-41a2-a4ed-08d74d352d01_110.json | 2 +- ...ffc3d78-44ce-4a55-b2be-98219e0eed05_1.json | 10 +- ...004ad5b-6900-4d28-ab5b-472f02e1fdfb_3.json | 2 +- ...0445cf0-0748-11ef-ba75-f661ea17fbcc_5.json | 2 +- ...500bb-a28f-418e-ba29-ca4c8d1a9f2f_211.json | 2 +- ...0b63b69-9f08-4767-b318-12208f97ad41_1.json | 2 +- ...0f3d520-ea35-11ee-a417-f661ea17fbce_5.json | 2 +- ...13227-0301-4a8c-b150-4db924484475_112.json | 8 +- ...0dcdb-0a0a-4a79-91d8-9b84616edebd_219.json | 10 +- ...8ae09-5aff-460a-9f2f-455cd0ac4d8e_318.json | 8 +- ...d9713-0ec6-4110-9707-32daae1ee68c_119.json | 2 +- ...a6bec-ebde-4d71-a8e9-784948f8e3e9_217.json | 4 +- ...51077-0124-4394-9522-8f4f4db1d674_213.json | 2 +- ...4da6c-0326-4b4f-8454-68cdc5ae542b_211.json | 4 +- ...251b98a-ff45-11ee-89a1-f661ea17fbce_4.json | 2 +- ...468bf-cab1-4637-99ea-fdf3780a4609_212.json | 2 +- ...2f15d-597e-4334-88ff-38a02cb1330b_211.json | 2 +- ...bf709-69e8-4055-94f9-24314385c27e_210.json | 2 +- ...e29d4-bbb0-4eef-b687-857e8a163870_211.json | 12 +- ...07955-1674-44f7-86b5-c35da0a6f41a_322.json | 12 +- ...7384f-00f3-44d5-9a8c-2373ba071e92_416.json | 8 +- ...abb91-dcf4-48aa-b81a-5ad036b67c68_108.json | 6 +- ...520d2-11ff-4288-a80e-a45b36dca4b1_104.json | 4 +- ...c5dd5-838b-446e-b1ac-c995c7f8108a_207.json | 6 +- ...7e1b9-0c90-4d24-8d7b-80598eb9bc9a_215.json | 2 +- ...e908b9-7bf0-4235-abc9-b5deb500d0ad_13.json | 4 +- ...e9b3a-ff37-4756-989d-05d7cbf35b0e_109.json | 2 +- ...cb236-0956-4f42-a706-814bcaa0cf5a_112.json | 10 +- ...ab405-5dd9-450c-8106-72951af2391f_109.json | 10 +- ...e811c-d60f-11ec-9fd7-f661ea17fbce_211.json | 2 +- ...d1aa9-ebfd-4cf9-a463-0ac59ec55204_317.json | 10 +- ...4fa0285-fe78-4843-ac8e-f4b481f49da9_8.json | 2 +- ...2a836-84b2-11ef-b026-f661ea17fbcc_209.json | 2 +- ...51d8f72-0747-11ef-a0c2-f661ea17fbcc_8.json | 2 +- ...542fa53-955e-4330-8e4d-b2d812adeb5f_7.json | 2 +- ...5606250-449d-46a8-aaff-4043e42aefb9_1.json | 2 +- ...56f8c1d-bc54-46c0-a870-04e6a75526a1_1.json | 2 +- ...8ba77-1c13-4274-88fe-6bd14133861e_216.json | 4 +- ...0b7a7-9c34-4869-b25b-fa6518414899_320.json | 12 +- ...acaa0-5b90-466b-acab-63435a59701a_113.json | 2 +- ...0f9e2-5be6-4742-8593-1ba50cd94069_106.json | 10 +- ...896de-b66f-42cb-8fef-20f53a9006ea_104.json | 2 +- ...615230f-beb7-48d8-9b3f-6d10674703bf_2.json | 2 +- ...80f1e-57e6-4242-aa21-bb4d16f13b2f_108.json | 2 +- ...63a8f2f-c8a0-4b7e-9c4a-1184310eb7f3_3.json | 8 +- ...727ab-6768-4e26-b80c-948b228ffc06_111.json | 2 +- ...6708afb-4904-4d3c-af78-63640a075cb0_1.json | 2 +- ...68b5538-4d54-4269-b4f5-786fa49dd850_1.json | 2 +- ...04215-2c95-4ac8-bf5c-12354e047192_112.json | 2 +- ...f3a93-efc7-4df2-94d6-0d9438c310d1_212.json | 2 +- ...52c14-7883-47af-8745-9357803f0d4c_120.json | 2 +- ...6acac42-b2f9-4802-9290-d6c30914db6e_8.json | 2 +- ...ac1a1-21ee-4ca6-b720-458e3855d046_216.json | 4 +- ...719ee47-89b8-4407-9d55-6dff2629dd4c_7.json | 2 +- ...7261da3-a6d0-463c-aac8-ea1718afcd20_7.json | 2 +- ...1d055-5c66-4adf-9c59-fc0fa58336a5_310.json | 4 +- ...1d055-5c66-4adf-9c71-fc0fa58338c7_310.json | 4 +- ...1d055-5c66-4adf-9d60-fc0fa58337b6_311.json | 4 +- ...1d055-5c66-4adf-9d82-fc0fa58449c8_310.json | 4 +- ...1d055-5c66-4adf-9e93-fc0fa69550c9_310.json | 4 +- ...770e0-5c20-4246-b430-e216a2888b23_105.json | 4 +- ...b0a495-4d9f-414c-8ad0-92f018b8e001_20.json | 2 +- ...7b3fcd1-90fb-4f5d-858c-dc1d998fa368_6.json | 8 +- ...7f6a5-5bc9-4e1f-92bf-13632d24384d_218.json | 8 +- ...68559-b274-4948-ad0b-f8415bb31126_209.json | 4 +- ...f6b23-3799-445e-9589-0018328a9e46_210.json | 12 +- ...83f3cd2-4cc6-44c0-917c-c5d29ecdcf74_7.json | 2 +- ...dfe52-2999-42d9-b9d1-d1ca54495a61_109.json | 2 +- ...85c782e-f86a-11ee-9d9f-f661ea17fbce_8.json | 2 +- ...5dd9a-e3fa-4996-99b1-ae533b8f27fc_109.json | 4 +- ...2657ba-ab0e-4901-89a2-911d611eee98_12.json | 2 +- ...3549e8-bb9e-466a-a7f9-7e783f5cb5a6_10.json | 2 +- ...955e925-6679-4535-9c1b-28ebf369f35f_2.json | 2 +- ...965eab8-d17f-4b21-8c48-ad5ff133695d_6.json | 2 +- ...e8096-e2b0-4bd8-80c9-34a820813fff_212.json | 2 +- ...9daf3-f5c5-4bc2-a9af-6b1e97098f03_109.json | 4 +- ...9f3674c-f4a1-43bb-a89c-e4c6212275e0_4.json | 2 +- ...a1046f4-9257-11f0-9a42-f661ea17fbce_3.json | 2 +- ...89854-5b78-49fe-9440-8a8096b1ab50_105.json | 2 +- ...6cace-11a7-43a8-9a10-b497c5a02cd3_109.json | 2 +- ...a3f2a4c-12d0-4b88-961a-2711ee295637_5.json | 8 +- ...075b0-7479-450e-8fe7-b8b8438ac570_320.json | 12 +- ...8fa52-44a7-4dae-b058-f3333b91c8d7_215.json | 2 +- ...9181a-492b-4c01-8b16-fa0735786b2b_317.json | 12 +- ...ac027c2-8c60-4715-af73-927b9c219e20_4.json | 8 +- ...aefed68-eecd-47cc-9044-4a394b60061d_2.json | 8 +- ...b0b4818-5655-409b-9c73-341cac4bb73f_7.json | 2 +- ...b1b4236-175f-4863-89f7-7f0d2da0f0e8_1.json | 4 +- ...1abcc-4d9f-4b08-a7f5-316f5f94b973_212.json | 4 +- ...b5e9d4a-7c2f-4e8b-a3d6-0f9c8e2b1a4d_4.json | 12 +- ...b65429e-bd92-44c0-aff8-e8065869d860_2.json | 8 +- ...27fa22-7727-4dd3-81c0-de6da5555feb_16.json | 2 +- ...c28becc-ec0b-4e6d-81a5-899d00348089_1.json | 2 +- ...c3d9346-4591-4894-935c-dad2824850f2_1.json | 2 +- ...c5a04ae-d034-41bf-b0d8-96439b5cc774_4.json | 2 +- ...a8c7a-5cb6-4a82-ba27-d5a5b8a40a38_220.json | 2 +- ...66416-60c1-436b-bfd0-e002fddbfd89_109.json | 2 +- ...62f14-4787-4913-b7af-df11745a49da_209.json | 2 +- ...01db9-be24-4bef-8e7c-e923f0ff78ab_214.json | 6 +- ...b05c4-7d25-11ee-9562-f661ea17fbcd_213.json | 2 +- ...cfb39e1-4b6c-4dc7-85fe-733e4a1a33ca_3.json | 2 +- ...d0027d4-6717-4a37-bad8-531d8e9fe53f_5.json | 8 +- ...76579-3380-4095-ad38-e596a01bc64f_216.json | 4 +- ...d306bf0-7bcf-4acd-83fd-042f5711acc9_3.json | 4 +- ...d485649-c486-4f1d-a99c-8d64795795ad_3.json | 8 +- ...d4ca9c0-ff1e-11ee-91cc-f661ea17fbce_9.json | 2 +- ...2d014-e2ab-4707-b056-9b96abe7b511_110.json | 2 +- ...aeb0b-9549-46f6-a32d-05e2a001b7fd_114.json | 2 +- ...dc56174-5d02-4ca4-af92-e391f096fb21_2.json | 2 +- ...c51f6-ba26-49e7-9ef4-2655abb2361e_318.json | 12 +- ...ee0500-4aeb-44ca-b24b-4a285d7b6ba1_12.json | 2 +- ...1152b-610a-4f48-9d7a-504f6ee5d9da_109.json | 8 +- ...a3f7c-21e7-4bb1-98c7-2036612fb1be_215.json | 2 +- ...b832e-957e-43ae-b319-db82d228c908_107.json | 2 +- ...b2e7e-b8f5-45e5-addc-66cc1224ffbc_109.json | 4 +- ...363a6-3af5-41d4-b7ea-d475389c0ceb_109.json | 4 +- ...b271c-8caa-4e20-aed8-e91e34de9283_208.json | 2 +- ...fc667-9ff1-4b33-9f40-fefca8537eb0_207.json | 4 +- ...74889-18c5-4f78-8010-d8aceb7a9ef4_101.json | 2 +- ...a69c0-3392-4adf-b7d5-6012fd292da8_118.json | 2 +- ...f45720e-5ea8-11ef-90d2-f661ea17fbce_7.json | 2 +- ...60f12-a3cf-4105-9ebb-f788cc63f365_108.json | 6 +- ...f489c86-d9c4-40de-9316-931721ca9b45_1.json | 2 +- ...f56f548-94ec-4678-b1ed-b1a14cca4e3a_2.json | 4 +- ...a350e0-0aa2-4055-bf8f-ab8b59233e59_12.json | 2 +- ...ec04b-d902-4f89-8aff-92cd9043c16f_207.json | 4 +- ...3b299-fbb5-4657-a937-1d746f2c711a_220.json | 4 +- ...200f1-a99b-43fb-88ed-f65a45c4972c_319.json | 12 +- ...014ebd8-b847-4cc0-a827-d0d61ec88680_1.json | 2 +- ...829f6-0271-4e88-b882-11a655c590d4_109.json | 6 +- ...ab79b-239b-4aa5-8e54-fc50623ee8e4_317.json | 8 +- ...5567e-b0af-444a-8c0b-0b6e2dae9e13_212.json | 2 +- ...57e4f-d1de-4b92-ae69-142e27a4342a_215.json | 2 +- ...b52c4-9c28-4af4-8979-935f3278d61a_209.json | 10 +- ...dbe77-01ed-4954-8d44-1e5751cb20de_218.json | 4 +- ...0d4430-b371-470e-b879-80b7182aa75e_11.json | 8 +- ...112ecce-cd34-11ef-873f-f661ea17fbcd_6.json | 2 +- ...138bb70-5a5e-42fd-be5e-b38edf6a6777_9.json | 2 +- ...14d4e03-90b0-4813-9ab6-672b47158590_3.json | 2 +- ...bafdf0-cf17-11ed-bd57-f661ea17fbcc_12.json | 2 +- ...1c3536f-b674-43db-9bfc-dcf4cf9dcc37_2.json | 2 +- ...be143-5c67-4fdb-b6ce-dd6826d024fd_113.json | 6 +- ...20d92c6-479d-4a49-9cc0-3a29756dad0c_2.json | 2 +- ...5b8bd-1759-4ffa-8ab8-55c8e6b32e7f_210.json | 2 +- ...99847-5d13-48cb-8872-5796fee8692b_112.json | 2 +- ...27cf26a-88d1-4bcb-bf4c-925e5875abcf_3.json | 2 +- ...dc608-e558-43d9-b521-150772250bae_214.json | 2 +- ...302fb59-5201-46ec-b433-6044adb37b0b_1.json | 2 +- ...6d1b2-9acf-4dee-bd21-867ea7378b4d_109.json | 2 +- ...9f03c-f53f-40fa-834b-40c5983fc41f_215.json | 136 ----------- ...9f03c-f53f-40fa-834b-40c5983fc41f_317.json | 2 +- ...8c687-cb2c-4b7b-be8f-6864a2385048_104.json | 8 +- ...3bcd283-2bc0-4db2-81d4-273fc051e5c0_8.json | 2 +- ...3c53c4c-aa8b-4b07-85c0-fe46a9c8acaf_2.json | 2 +- ...3cd4ba2-344e-41bf-bcda-655bea43fdbc_4.json | 2 +- ...3e5407a-b696-4433-9297-087645f2726c_2.json | 4 +- ...18264-2d6d-11ef-9413-f661ea17fbce_212.json | 2 +- ...01eca-ad0b-4ff9-9431-487a8e183af9_211.json | 2 +- ...24a80-5a4a-4b8a-991e-6ab390465c4f_315.json | 8 +- ...5368123-b7b8-4344-9fd4-df28051b4c6e_3.json | 2 +- ...3a9af-52a4-4a05-bb03-85b2a479a0a0_110.json | 2 +- ...572f7e0-7647-4c68-a42b-d3b1973deaae_3.json | 2 +- ...be2d8-3b1a-4c2c-a0eb-0c8e77f35e39_110.json | 6 +- ...d917c4-aa3c-4111-974c-286c0312ff95_10.json | 2 +- ...5e7fee6-fc25-11ee-ba0f-f661ea17fbce_7.json | 2 +- ...486ee-7d98-11ee-9599-f661ea17fbcd_211.json | 2 +- ...05aa59-29ac-4662-afad-8d86257c7c91_11.json | 2 +- ...481c8-1e9b-492e-912d-d1760707f810_110.json | 4 +- ...6aa6c-88b5-4337-9c31-8d0192a8ef45_108.json | 2 +- ...64c641e-c202-11ef-993e-f661ea17fbce_8.json | 2 +- ...db8f5-fc73-4d0d-b434-6483b56372e2_319.json | 10 +- ...66bbea8-fcf9-4b0e-ba7b-fc00f6b1dc73_5.json | 2 +- ...67dace3-a4de-4c94-a7b5-dd6c0f5482e5_6.json | 2 +- ...726d7-126e-4267-b43d-e9a70bfdee1e_106.json | 4 +- ...6a989d2-010e-4dae-b46b-689d03cc22b3_2.json | 2 +- ...b01043-4f04-4d2f-882a-5a1d2e95751b_10.json | 121 ---------- ...b01043-4f04-4d2f-882a-5a1d2e95751b_13.json | 2 +- ...dba02-6979-4bce-920a-70b080a7be81_110.json | 2 +- ...68dba-ce29-497b-8e13-b4fde1db5a2d_418.json | 2 +- ...71ea3-e806-4697-8abc-e22c92aa4293_213.json | 2 +- ...4808c-ba5d-48b2-86d2-0002103df753_111.json | 8 +- ...a6484-2663-46db-a532-ef734bf9a796_213.json | 2 +- ...69131-560e-441e-b556-0b9180af3332_104.json | 6 +- ...75b972d-2fed-44fc-9214-08603b3318e3_1.json | 2 +- ...2264c-6fb9-4d9d-9014-b416eed21254_215.json | 6 +- ...3d84f-5091-4d7d-9319-9fceda8fa71b_109.json | 2 +- ...79e272a-91d9-4780-878c-bfcac76e6e31_3.json | 2 +- ...7c15a-91f8-4c3d-8b9e-1f99cc030a51_214.json | 2 +- ...0c9c2-bcd7-4d6e-9eba-faf3891ba450_222.json | 4 +- ...83683eb-f2ce-40a5-be16-fa931cb5f504_3.json | 2 +- ...83f6c2a-9811-4239-9a40-52b066c67f99_1.json | 2 +- ...6446a-34e6-435b-9fb5-f8f040bfa7ed_216.json | 4 +- ...88a198e-9b9b-11ef-a0a8-f661ea17fbcd_9.json | 2 +- ...8bc620d-b2f7-4132-b372-f77953881d05_7.json | 2 +- ...39238-0c01-420a-b77a-24e5a7378663_111.json | 6 +- ...b3afe-131d-48b0-a8fc-9784f3d54f3c_112.json | 2 +- ...f6f34b-8e16-487a-b5fd-9d22eb903db8_11.json | 2 +- ...52c19-ff3e-42fd-8363-7be14d7c5469_214.json | 2 +- ...aca65-e94d-403b-ba0f-62f320e63f51_323.json | 12 +- ...7d495-59bd-4250-b395-c29409b76086_424.json | 12 +- ...a0de9-937a-4189-94c0-3e847c8b13e4_421.json | 4 +- ...53942-7cd4-11ee-b70e-f661ea17fbcd_210.json | 2 +- ...9e57265-d358-420a-b1cd-845e8a1fd70d_1.json | 2 +- ...0cf93-d17c-4b12-b4f3-a433800539fa_109.json | 6 +- ...a3f38a8-204e-11f0-9c1f-f661ea17fbcd_8.json | 2 +- ...692072-d78d-42f3-a48a-775677d79c4e_13.json | 2 +- ...a7823db-0bc2-48f6-aa2f-e6aef233c6dc_1.json | 12 +- ...da169-416b-4bb3-9a6b-f8d239fd78ba_210.json | 2 +- ...62e21-dc6e-461e-b5cf-a6eb9b235ec4_113.json | 8 +- ...b9a3b7a-0891-4a89-abbe-dca753c403cd_1.json | 6 +- ...a4fcd-5228-4472-9071-148903a31057_104.json | 6 +- ...78aa2-9c56-48de-b139-f169bf99cf86_421.json | 10 +- ...7e5d7-08b9-43b2-b58a-0270d65ac85b_319.json | 12 +- ...c29a4-f170-42f8-a3d8-2ceebc18eb6a_218.json | 10 +- ...c40dfe2-c13e-48a8-8eff-fb9bfb2a7854_3.json | 2 +- ...a6acf-0dcb-404d-89fb-6b0327294cfa_209.json | 12 +- ...c74e26b-dfe3-4644-b62b-d0482f124210_4.json | 4 +- ...d05fefd-40ba-43ae-af0c-3c25e86b54f1_2.json | 8 +- ...d3c27d5-d133-4152-8102-8d051619ec4a_3.json | 2 +- ...d58f67c-156e-480a-a6eb-a698fd8197ff_3.json | 4 +- ...2889e-e758-4c5e-b57e-c735914ee32a_211.json | 10 +- ...f5332-42ea-11f0-b09a-f661ea17fbcd_306.json | 2 +- ...d7822a5-418c-4cde-a96e-e337d77b67e7_1.json | 2 +- ...043ed-5bda-4caf-801c-c1feb7410504_215.json | 2 +- ...dd0d4fd-0cc9-4d18-8b46-1a507e28bbc0_3.json | 2 +- ...480be-1263-4d9c-8672-172928f6789a_316.json | 2 +- ...c468e-b39b-4f5b-9825-f3dcb0e998ea_109.json | 8 +- ...10e77-c144-4e69-afb7-344e7127abd0_215.json | 2 +- ...87d72-ee0c-43e2-b975-5f0b029ac600_217.json | 12 +- ...e0051cb-51f8-492f-9d90-174e16b5e96b_8.json | 12 +- ...8f34c-691c-497e-87de-5d794a1b2a53_102.json | 2 +- ...e835d-01e5-48ca-b9fc-7a61f7f11902_219.json | 8 +- ...9e96a-b67c-455a-afe4-de6183431d0d_219.json | 2 +- ...11539-cd88-4a85-a301-04f38795007c_109.json | 6 +- ...6e1bc-867a-11ee-b13e-f661ea17fbcd_311.json | 2 +- ...e99477f-6099-48a9-ae0e-68801d97079c_1.json | 2 +- ...c8076-291e-41e9-81e4-e3fcbc97ae5e_317.json | 10 +- ...f0ee9fe-4529-4b9e-9f78-6c81ef33c6ba_1.json | 2 +- ...f4939-0b34-40c2-a0a3-844eb7889f43_217.json | 2 +- ...a1226-5720-437d-9c20-e0029deb6194_217.json | 6 +- ...f95540c-923e-4f57-9dae-de30169c68b9_8.json | 8 +- ...a96c0-ade5-4bce-b92f-a5df2509da3f_113.json | 2 +- ...a1f1e-b6db-47fa-994b-1512743847eb_219.json | 6 +- ...0090d40-cdfd-4750-a281-0125fdf22045_1.json | 2 +- ...62697-9859-4ae0-a8c5-dab45d664170_109.json | 2 +- ...0b5bb96-c7db-492c-80e9-1eab00db580b_8.json | 2 +- ...fddd7-2954-4c9d-bbc6-19a99ca47e23_112.json | 8 +- ...0d94e59-e5c7-4828-bc4f-f5809ad1ffe1_4.json | 2 +- ...0f9d940-7d55-4fff-a8b9-4715d20eb204_4.json | 12 +- ...0fbf4db-c502-4e68-a239-2e99af0f70da_9.json | 2 +- ...14557e1-a642-4dbc-af43-321bc04b6618_2.json | 2 +- ...4c719-f2b4-41f6-a9bd-fce93c2eaf62_323.json | 12 +- ...2e172-01b1-4738-a932-d024c514ba72_109.json | 2 +- ...2144184-7bfa-4541-9c3f-b65f16d24df9_4.json | 10 +- ...216949c-9300-4c53-b57a-221e364c6457_5.json | 2 +- ...2300431-c2d5-432d-8ec8-0e03f9924756_9.json | 4 +- ...cb487-279d-4218-bcbd-a568efe930c6_109.json | 2 +- ...8313c-d6cd-4d49-aa24-644e1da6623c_105.json | 4 +- ...23416-763a-4531-bb35-f33b9232ecdb_111.json | 10 +- ...5cf9c-2ef8-4e87-819e-5ccb7cd18b14_321.json | 12 +- ...d3ad0e-6add-11ef-8c7b-f661ea17fbcc_11.json | 2 +- ...4675e-6c49-4ace-80f9-97c9259dca2e_422.json | 12 +- ...95776-6498-4f3c-a90c-d4f6083e3901_104.json | 6 +- ...2835b-0049-4004-a325-660b1fba1f67_107.json | 6 +- ...de828-8190-4cf5-8d7c-7575846f6fe0_215.json | 2 +- ...6752b-da5e-45f8-b13a-5f094c09522f_113.json | 8 +- ...3c27b4e-8ec6-406f-b8e5-345dc024aa97_3.json | 2 +- ...306e8-417c-411b-965c-c2812d6d3f4d_116.json | 2 +- ...3ff31e9-3872-4944-8394-81dae76c12d9_1.json | 2 +- ...41c6e18-9ef1-437e-bf18-b513f3ae2130_3.json | 2 +- ...f834b-21a6-41bf-878c-87d116eba3ee_104.json | 2 +- ...889c4-23a8-4bc0-b7ca-756bd17ce83b_207.json | 2 +- ...49276c0-5fcf-11ef-b1a9-f661ea17fbce_7.json | 8 +- ...de489-94b0-4500-a76f-b8a157cf9269_115.json | 12 +- ...30ba2-c859-4c98-8b7f-c19159ea0e58_111.json | 2 +- ...5c8bb-3bd5-40f4-ae32-b7cd589d5372_419.json | 10 +- ...3b253-eea8-46f0-abd3-68bdd47e6e3d_108.json | 4 +- ...b3cfa-6c67-11ef-ab4d-f661ea17fbcc_111.json | 2 +- ...5c029c3-090e-4a25-b613-0b8099970fc1_3.json | 2 +- ...f0dd8-092d-4a83-88c1-5151a804f31b_320.json | 158 ------------ ...f0dd8-092d-4a83-88c1-5151a804f31b_323.json | 12 +- ...86980-1fb1-4dff-b311-3be941549c8d_109.json | 4 +- ...6188365-f88f-4f70-8c1d-0b9554186b9c_9.json | 2 +- ...6755b43-a1f9-4f2c-9b61-6b240dd0e164_1.json | 2 +- ...8577a-d196-11ec-90b0-f661ea17fbce_115.json | 6 +- ...8e048-d888-4f61-a8b9-0f9e2e40f317_315.json | 10 +- ...48a0c-c63a-4cbc-aee1-8cac87db31a9_109.json | 4 +- ...7148ae6-c6ec-4fe4-88b1-02f40aed93a9_3.json | 12 +- ...8c08d-9b70-456b-b6b8-007c7d246128_110.json | 4 +- ...75132c6-25d5-11f0-8745-f661ea17fbcd_9.json | 2 +- ...94bca-0611-4500-ab67-5588afe73b77_111.json | 2 +- ...211e8-4e2f-440f-86d8-06cc8f158cfa_216.json | 2 +- ...7cb6756-8892-4af3-a6bd-ddc56db0069d_7.json | 10 +- ...ca4d4-92ab-4a33-a4f8-44a7a380ccda_104.json | 6 +- ...638ea-909d-4f94-9248-edd21e4a9906_212.json | 2 +- ...5c3dc-f82c-4f8d-891e-63c24d3102b0_415.json | 2 +- ...8e0e3-1850-4850-a411-2e8c5ba40ba8_219.json | 4 +- ...48d29-3d5d-42e3-8aec-be832aaaf8eb_215.json | 2 +- ...96d4c0-6ad1-11ef-8c7b-f661ea17fbcc_10.json | 2 +- ...5acdd-5f20-4d99-8fe4-f0a1a592077f_109.json | 2 +- ...8f384e0-aef8-11ed-9a38-f661ea17fbcc_8.json | 2 +- ...9029450-8e2d-4034-81b0-15af8e4e3a4e_1.json | 2 +- ...44f38-5284-4f8e-a2ae-e3fd628d90b0_213.json | 2 +- ...9157d52-4035-44a8-9d1a-6f8c5f580a07_7.json | 2 +- ...93ef120-63d1-11ef-8e38-f661ea17fbce_8.json | 2 +- ...945f3-d39a-4e6f-8bcb-9656c2031438_314.json | 10 +- ...9ab0f66-efa0-4649-9c9c-8c64682f5fdd_1.json | 2 +- ...9c06367-b700-4380-848a-cab06e7afede_8.json | 2 +- ...a01e5c6-ce01-46d7-ac9f-52dc349695fb_3.json | 2 +- ...9fc81-99d3-47ea-8cd6-d48d561fca20_314.json | 125 ---------- ...9fc81-99d3-47ea-8cd6-d48d561fca20_317.json | 12 +- ...6001a0-0939-4bbe-86f4-47d8faeb7b97_15.json | 2 +- ...57da0-1df2-11ef-a327-f661ea17fbcc_107.json | 2 +- ...aaf37f3-05a1-40a5-bb6e-e380c4f92c52_7.json | 10 +- ...ad362a9-40cb-4536-8f8b-6a8b5cc24d3c_1.json | 2 +- ...49c61-7adc-42c1-b788-732eda2f5abf_112.json | 6 +- ...77ed4-4dcf-4c51-8bfc-e3f7ce316b2f_110.json | 2 +- ...aec394d-ed2a-4f3e-8ed3-4a2adea39f05_1.json | 2 +- ...4cb9b-973f-4c54-be2b-7623c0e21b2b_207.json | 2 +- ...aff6ab1-18bd-427e-9d4c-c5732110c261_6.json | 4 +- ...7900d-e793-49e8-968f-c90dc3526aa1_418.json | 8 +- ...6deaa-fbd4-433a-ae21-3e892f95624f_321.json | 12 +- ...c216ace-2633-4911-9aac-b61d4dc320e8_6.json | 2 +- ...c3f65b8-e8b4-11ef-9511-f661ea17fbce_6.json | 2 +- ...c59d2e1-8ca1-4f13-b2ac-f4bb99ff69d7_2.json | 2 +- ...685eb-9eaa-43a4-be1b-a7f9f1f5e63d_104.json | 8 +- ...e32e6-6104-46d9-a06e-da0f8b5795a0_209.json | 4 +- ...c82bf84-5941-495b-ac41-0302f28e1a90_3.json | 2 +- ...c9f7901-01d8-465d-8dc0-5d46671035fa_7.json | 2 +- ...81a95-d5af-4b77-b0ad-b02bc746f640_107.json | 4 +- ...0feab-e203-4acc-a463-c3e15b7e9a73_211.json | 12 +- ...d086f43-5382-493d-a018-bce165c88f9f_1.json | 2 +- ...d2e8c90-5be7-4a57-9de4-58be75af933f_1.json | 2 +- ...aa8f9-12af-441f-9344-9f31053e316d_211.json | 2 +- ...db029b3-fbb7-4697-ad07-33cbfd5bd080_6.json | 2 +- ...f49ff6-985d-11ef-88a1-f661ea17fbcd_10.json | 2 +- ...02465-876f-4f04-b016-84ef48ce7e5d_215.json | 2 +- ...561b5-3fac-4461-84cc-19163b9aaa61_109.json | 4 +- ...eeb75-16e8-4f2f-9826-62461ca128b7_213.json | 8 +- ...e12a439-d002-4944-bc42-171c0dcb9b96_8.json | 2 +- ...d15c6-1509-479a-b125-21718372157e_113.json | 2 +- ...e441bdb-596c-44fd-8628-2cfdf4516ada_8.json | 2 +- ...e528511-7316-4a6e-83da-61b5f1c07fd4_7.json | 2 +- ...bdc9e-e4f2-43fa-8cca-63802125e582_319.json | 12 +- ...032b2-45d8-4406-bc79-7ad1eabb2c72_312.json | 2 +- ...ee526ce-1f26-45dd-9358-c23100d1121f_2.json | 4 +- ...e5410-a4bf-4e8c-bcfc-79d67a285c54_106.json | 2 +- ...12325a-4cc6-410b-8d4c-9fbbeb744cfd_12.json | 2 +- ...f9fe2-d095-11ec-95dc-f661ea17fbce_116.json | 2 +- ...f4c2b18-9d2e-4b7a-a3c1-8e6d9f2b5c7e_4.json | 12 +- ...f4d7734-2151-4481-b394-09d7c6c91f75_7.json | 2 +- ...e2dba-828a-452a-af35-fe29c5e78969_109.json | 4 +- ...f7bd5ac-9711-44b4-82c1-fa246d829f15_7.json | 12 +- ...fac01b2-b811-11ef-b25b-f661ea17fbce_9.json | 2 +- ...4e20c-a600-4a86-9d98-3ecb1ef23550_108.json | 4 +- ...55ee4-1e6a-4e4d-a63b-e8ba16980cfb_211.json | 4 +- ...021e78d-5293-48d3-adee-a70fa4c18fab_5.json | 2 +- ...027f24e-b02f-4605-872f-7bafd8fe1b33_1.json | 2 +- ...0c951-448a-4017-a2da-ed60f6d14f4f_206.json | 2 +- ...ef0d3-8259-40c9-a5b6-d48354712e49_318.json | 8 +- ...0c34c8a-b0bc-43bc-83aa-d2b76bf129e1_4.json | 2 +- ...dbcc8-6561-44d9-afc8-eefdbfe0cccd_112.json | 2 +- ...0e60816-5122-11f0-9caa-f661ea17fbcd_5.json | 2 +- ...0fe11c2-376e-11f0-9a82-f661ea17fbcd_5.json | 2 +- ...84ba3-ed1a-4598-bfba-a97f75d9aba2_109.json | 6 +- ...1554afd-d839-4cc2-b185-170ac01cbefc_3.json | 2 +- ...697ae-e468-4093-a93d-59661fa619ec_319.json | 12 +- ...61cd3-380f-4d4d-89f3-46d6853ee35d_207.json | 2 +- ...24afb-d68c-4d0e-bfee-474dac1fa56e_105.json | 90 ------- ...82e486-fc61-11ee-a05d-f661ea17fbce_10.json | 2 +- ...638a1-8ab6-4f8e-86d9-466317ef2db5_111.json | 2 +- ...7da9e-4e9f-4a81-9b58-40d725d83bc0_103.json | 2 +- ...e5bb4-93bf-40a3-8f4a-4cc1af90eca1_104.json | 2 +- ...28e9109-dc13-4ae9-84cb-100464d4c6fa_7.json | 2 +- ...2b5e06d-b297-4286-a004-ae0da92c5b81_1.json | 2 +- ...f698b-4738-445b-8231-c834ddefd8a0_418.json | 2 +- ...2c97e6e-60c3-11f0-832a-f661ea17fbcd_4.json | 2 +- ...2de0740-8ed8-4b8b-995c-635b56a8bbf4_2.json | 2 +- ...eee3d-947f-46d3-a14d-7036b962c266_116.json | 4 +- ...0272b-9724-4bc6-a3ca-f1532b81e5c2_207.json | 6 +- ...6ec12-2b1c-47b5-8f35-e9de65551d3b_115.json | 8 +- ...e2db4-bc7f-4c96-a068-65b78da59bde_316.json | 8 +- ...44c8fad-874f-4f59-b0ea-cf26cea478bd_2.json | 2 +- ...a342e-03fb-42d0-8656-0367eb2dead5_310.json | 4 +- ...494c14f-5ff8-4ed2-8e99-bf816a1642fc_7.json | 2 +- ...4a2de72-fe41-4558-b7ec-3e42de5f0432_1.json | 2 +- ...4b8d933-8fed-485d-a0af-bd97d0093439_1.json | 2 +- ...4cb1d8a-1922-4fc0-a00f-36c1caf57393_2.json | 2 +- ...c462c-1159-4fa8-b1b7-9b6296ab4f96_116.json | 4 +- ...53183fa-f903-11ee-8e88-f661ea17fbce_8.json | 2 +- ...577d441-0c05-4bfb-9068-39a0cb855269_1.json | 4 +- ...577ef08-61d1-4458-909f-25a4b10c87fe_8.json | 2 +- ...c4800-840f-414c-b221-53dd36a5aaf7_216.json | 4 +- ...5d099b4-a12e-4913-951c-0129f73efb41_5.json | 10 +- ...273fb-1dca-457d-9855-bcb302180c21_220.json | 8 +- ...0d948-40d4-4cef-ac69-4002e29bc3db_321.json | 12 +- ...2fd2c-cfae-47ed-a543-9bed37657aa6_318.json | 12 +- ...6b01bb5-cff2-4a00-9f87-c041d9eab554_4.json | 10 +- ...804f5-b289-43d6-a881-9387cf594f75_208.json | 4 +- ...72b4944-d810-43cf-83dc-7d080ae1b8dd_6.json | 8 +- ...7403d72-3ee2-4752-a676-19dc8ff2b9d6_3.json | 2 +- ...fd20e-14cc-49c5-8160-d9ab4ba16c8b_119.json | 4 +- ...7595dea-452b-4d37-b82d-6dd691325139_4.json | 14 +- ...b42f0-61fb-4ef0-8a85-597458bfb0a1_105.json | 2 +- ...267ff-e44f-476e-99c1-04c78cb3769d_107.json | 6 +- ...7661529-15ed-4848-93da-9fbded7a3a0e_2.json | 2 +- ...22836-4a16-4b35-beee-98f6c4ee9bf2_218.json | 4 +- ...7e46d85-3963-44a0-b856-bccff48f8676_2.json | 2 +- ...76567-d58a-4fed-b32b-21f571e28910_113.json | 2 +- ...7fdd8e9-2f53-4648-afbf-0c6dd52f3ce5_2.json | 6 +- ...83832a8-ffdd-4e11-8e96-e0224f7bda9b_2.json | 2 +- ...c4daf-b0c6-49e0-adf3-0bfa93231d6b_318.json | 12 +- ...872671a-c8d2-4847-9891-d3ce08b9e4c9_1.json | 10 +- ...19484-9826-4083-9eba-1da74cd0eaf2_113.json | 2 +- ...886ce11-fca5-433f-bbb9-e33e410ef9ae_1.json | 2 +- ...b3d2e3-f4e8-41e6-95e6-9b2091228db3_15.json | 2 +- ...6edfc-079d-4907-b43c-baffa243270d_119.json | 4 +- ...7f54d-c29e-4430-93a9-9db6b5892270_111.json | 2 +- ...8e60a73-08e8-42aa-8f51-4ed92c64dbea_4.json | 12 +- ...c9452-e1fd-4513-a376-10a1a26d2c83_110.json | 2 +- ...8f657ee-de4f-477c-aa99-ed88ee7af97a_8.json | 2 +- ...9002bbe-7aea-4146-91eb-b2b683bf5ed5_1.json | 2 +- ...91651da-125b-11f1-af7d-f661ea17fbce_4.json | 2 +- ...834ca-f861-414c-8602-150d5505b777_107.json | 2 +- ...ebba4-ecb7-4be4-8c6f-654c686549ad_114.json | 8 +- ...e5f2e-2480-11ed-bea8-f661ea17fbce_112.json | 2 +- ...97a7091-0ebd-44d7-88c4-367ab4d4d852_4.json | 2 +- ...2ac3e-d0ee-4818-b95d-d9522d689259_111.json | 6 +- ...e4094-60e7-11f0-8847-f661ea17fbcd_209.json | 2 +- ...9ac6f-9a54-4ba5-a64f-6eb65695841b_111.json | 8 +- ...ae94fc1-f08f-419f-b692-053d28219380_6.json | 6 +- ...b11dbab-ce37-49c4-bdf1-cdf64b405d96_1.json | 4 +- ...b1ee53e-3fdc-11f0-8c24-f661ea17fbcd_4.json | 2 +- ...38734-3793-4fda-bd42-ceeada0be8f9_317.json | 12 +- ...e9c99-27ea-4621-95c8-82341bc6e512_106.json | 2 +- ...b74d3b0-416e-4099-b432-677e1cd098cc_5.json | 2 +- ...b77d382-b78e-4aae-85a0-8841b80e4fc4_6.json | 2 +- ...68f1f-15ff-4ba3-8c11-d5a7a6356d37_110.json | 8 +- ...5ecea-7225-4690-9938-2a2c0bad9c99_108.json | 4 +- ...bae6c34-57be-403a-a556-e48f9ecef0b7_2.json | 2 +- ...1c1af-79d4-4d37-9efa-6e0240640242_316.json | 10 +- ...bd306f9-ee89-4083-91af-e61ed5c42b9a_3.json | 4 +- ...c3c6c47-e38f-4944-be27-5c80be973bd7_7.json | 4 +- ...9cff1-b78a-41b8-a9f1-4231984d1fb6_116.json | 2 +- ...c5a4e8b-3f2d-4a6e-9b5c-7d8f9e0a1b2c_2.json | 2 +- ...d169db7-0323-4157-9ad3-ea5ece9019c9_5.json | 10 +- ...c35f4-414e-4d0c-bb7e-6db7c80a6957_113.json | 8 +- ...d4cda2b-9aad-4702-a0a2-75952bd6a77c_4.json | 2 +- ...0a94f-2844-43fa-8395-6afbd5e1c5ef_214.json | 2 +- ...13d6e-904f-4636-81d8-6ab14b4e6ae9_111.json | 2 +- ...ddac6c1-e4be-4e2b-95b5-0654cb8d423c_1.json | 2 +- ...76544-f0e5-486a-8f84-eae0b6063cdc_320.json | 12 +- ...df2e3ae-3553-4194-b22e-3e5a6f71466e_1.json | 2 +- ...df91789-7859-4bc4-9c5a-6b56bfa81a8b_1.json | 2 +- ...e2dcdf4-f012-4b67-980b-1551b7149305_1.json | 2 +- ...5dc8a-3e41-40d8-bc28-91af7ac6cf60_117.json | 4 +- ...47004-b34a-42e6-8003-376a123ea447_115.json | 4 +- ...493fc-d637-4a36-80ff-ac84937e5461_319.json | 12 +- ...678a9-3a4f-41fb-9fea-f85a6e0a0dff_214.json | 4 +- ...d3e1a-3aa0-499b-8147-4d2ea43b1613_415.json | 2 +- ...f2654e4-125b-11f1-af7d-f661ea17fbce_2.json | 2 +- ...f725dc5-ae44-46c1-9ac5-99f6f7a70d8a_7.json | 2 +- ...f855297-c8e0-4097-9d97-d653f7e471c4_9.json | 2 +- ...f95e0f8-18b7-459a-b8b5-b2f5c94bf6eb_1.json | 2 +- ...9d835-40e1-452d-8230-17c147cafad8_320.json | 12 +- ...0742e15-c5ef-49c8-9a2d-31221d45af58_3.json | 2 +- ...87ba8-7ff7-11ee-a038-f661ea17fbcd_212.json | 2 +- ...0a2bdea-9876-11ef-89db-f661ea17fbcd_6.json | 2 +- ...0eba7ec-d3f0-474c-a7f4-0906b68e350f_1.json | 2 +- ...76ed2-2d90-49f2-9f3d-17196428b169_112.json | 6 +- ...4e65f-df97-4471-8dcb-8e3953b3ea97_108.json | 6 +- ...134be90-42c1-4ac7-859c-4d82caaddbec_1.json | 2 +- ...f0ffd-b317-4b9c-9494-92ce861f22c7_418.json | 10 +- ...121ce-c7b6-474a-8237-68ff71672379_213.json | 2 +- ...59fa0-d86b-4214-bf48-ebb30ed91305_109.json | 2 +- ...8c68e-d3de-4e96-994d-9e242269446f_209.json | 10 +- ...1a09737-80f7-4551-a3be-dac8ef5d181a_8.json | 2 +- ...e96fb-9e52-4dad-b0ba-99b54440fc9a_213.json | 4 +- ...202697c-313b-4bf0-9029-73fe78cd4b6d_1.json | 2 +- ...116c0-d89d-4d7c-82c2-39e6845a78ef_212.json | 2 +- ...76a86-ee86-4967-97ae-1a05f55816f0_118.json | 145 ----------- ...27d23e6-8b67-4a8e-a6bd-5169b90ab2a8_4.json | 2 +- ...297b7f1-bccd-4611-93fa-ea342a01ff84_4.json | 2 +- ...aab7b-b51c-441a-89ce-4387b3aea886_214.json | 6 +- ...fbdc5-db15-485e-bc24-f5707f820c4b_208.json | 4 +- ...178da-92ea-43ce-94c2-8877a826783d_112.json | 2 +- ...301ac83-7a43-4c92-95e7-c372afea807d_1.json | 2 +- ...617418-17b4-4e9c-8a2c-8deb8086ca4b_15.json | 2 +- ...997f7-ae73-447d-a12d-bff1e8f5f0a0_212.json | 2 +- ...0d4cd-2bb3-4d71-abf5-1e1d0ff5a2de_109.json | 2 +- ...8a829-30c2-435a-a0f2-e3d794bd6f80_101.json | 2 +- ...97080f-34e5-449b-8e9c-4c8083d7ccc6_10.json | 6 +- ...26770-9cbd-40c5-8b57-61d01a325e14_319.json | 12 +- ...3bb8f53-3550-4805-b6bd-728ded8d5564_1.json | 2 +- ...edd83-1be7-430f-8026-363256395c8b_110.json | 6 +- ...3ef31ea-1f8a-493b-9614-df23d8277232_7.json | 4 +- ...4214c47-be7c-4f6b-8ef2-78832f9f8f42_2.json | 2 +- ...02e45-3467-49a4-8abc-529f2c8cfb80_217.json | 4 +- ...81f68-5f2a-421e-8eed-f888278bb712_215.json | 2 +- ...3d186-0461-4dc3-9b33-2dc5c7473936_219.json | 6 +- ...5260656-76d6-427b-bd02-7acdde131b64_1.json | 2 +- ...5a372b9-f5b6-4069-a089-8637c00609a2_4.json | 2 +- ...5be0398-e72d-4c02-a916-b11d62af0e29_1.json | 2 +- ...2bf58-2a39-4c58-a384-c8b1978153c2_218.json | 4 +- ...551c6-333b-4665-ab7e-5d14a59715ce_214.json | 6 +- ...5f07d1b-25bc-4a0f-aa0c-05323c1319d0_4.json | 2 +- ...5f711c1-6b4d-4787-930d-c9317a885adf_4.json | 12 +- ...04189-4e69-4a39-b4a9-195329d226e9_210.json | 4 +- ...0b192-7f18-11ee-825b-f661ea17fbcd_210.json | 4 +- ...619545b-9738-408c-bdb5-a2807e19133e_1.json | 2 +- ...6312ef5-656c-4bf7-ad9a-affed052b102_1.json | 2 +- ...57cde-d923-4b88-adee-c61b3f3b5dc3_212.json | 4 +- ...c2b44-7a21-4818-955f-8d4737967d2e_211.json | 2 +- ...d6ca5-75ba-4c82-9b13-add25353471c_112.json | 2 +- ...3b693-0dea-4f2e-8275-f1ae5ff2de8e_109.json | 2 +- ...6d9cf6c-46ea-4019-9c7f-b1fdb855fee3_4.json | 10 +- ...2e9b5-4803-4e44-a0a4-a52dc79d57fe_318.json | 2 +- ...6fa718c-a0de-4492-97ff-bbc444b015b8_1.json | 2 +- ...dfcf1-ca7c-4fd9-951d-e215ee26e404_109.json | 2 +- ...0cb81-df44-46aa-a5d7-337798f53eb8_112.json | 6 +- ...749282b-7524-4c9d-af9a-e2b3e814e5d4_4.json | 2 +- ...ec21e-56fe-4065-91d8-45eb8224fe77_214.json | 2 +- ...ccf1d-daf5-4e1a-9049-ff79b5254704_109.json | 4 +- ...fa0a9-37c0-44d6-b724-54bf16787492_211.json | 10 +- ...7e118c1-19eb-4c20-93a6-8a6c30a5b48b_3.json | 14 +- ...add16-df76-42bb-af8e-c979bfb39a59_320.json | 12 +- ...841b80f-a1f8-4c00-a966-d2cc4a7a82e4_4.json | 2 +- ...889760c-9858-4b4b-879c-e299df493295_3.json | 2 +- ...a72ca-d968-4f34-b9f7-bea51d75eb50_317.json | 10 +- ...c134c-e8d2-4291-a552-b4b3e537c60b_113.json | 2 +- ...6d58b-a0d3-412d-b3b8-0981a9400607_116.json | 2 +- ...90fc62d-7386-4c75-92b0-af4517018da1_3.json | 111 --------- ...90fc62d-7386-4c75-92b0-af4517018da1_7.json | 2 +- ...919988c-29e1-4908-83aa-1f087a838f63_7.json | 2 +- ...0658c-2107-4afc-91af-e0e55b7f7184_213.json | 2 +- ...e0cbf-86cc-45aa-9ff7-ff27db27d3ed_214.json | 2 +- ...56272-1998-4b8c-be14-e287035c4d10_208.json | 4 +- ...9bf26c2-bcbe-11ef-a215-f661ea17fbce_9.json | 2 +- ...38e2e-aec3-4240-9843-56825d0bc569_108.json | 6 +- ...4d01d-7ac8-4545-914c-b687c2cf66b3_314.json | 8 +- ...3d5447-31c9-409a-aed1-72f9921594fd_14.json | 2 +- ...a876e0d-d39a-49b9-8ad8-19c9b622203b_4.json | 14 +- ...ab49127-b1b3-46e6-8a38-9e8512a2a363_6.json | 2 +- ...02ebc-a5de-4eac-afe6-c88de696477d_108.json | 6 +- ...4e6f8-d1bf-40fa-96ba-e29645e1e4dc_112.json | 2 +- ...e924b-6ceb-4633-980e-1bde8cdb40c5_314.json | 10 +- ...3c9fb-9945-4d2f-9568-fd690fee3fba_114.json | 8 +- ...06a27f-ad72-4499-91db-0c69667bffa5_11.json | 2 +- ...8eef4-842c-4b47-970f-f08d24004bde_112.json | 4 +- ...b8d7b94-23c6-4e3f-baed-3a4d0da4f19d_5.json | 2 +- ...b9eb30f-87d6-45f4-9289-2bf2024f0376_9.json | 2 +- ...4a95d-5a08-48eb-80db-4c3a63ec78a8_323.json | 8 +- ...bda8597-69a6-4b9e-87a2-69a7c963ea83_5.json | 4 +- ...bdad1d5-5001-4a13-ae99-fa8619500f1a_5.json | 160 ------------ ...bdad1d5-5001-4a13-ae99-fa8619500f1a_8.json | 4 +- ...aebc1-cc13-4bfc-9949-776f9e0dc318_212.json | 2 +- ...c351f54-4187-4ad8-abc8-29b0cfbef8b1_9.json | 4 +- ...c495612-9992-49a7-afe3-0f647671fb60_5.json | 2 +- ...02cba-ae00-4488-845d-24de2b6d8055_108.json | 2 +- ...f4c58-b381-452a-8976-f1b1c6aa0def_119.json | 4 +- ...c81fc9d-1eae-437f-ba07-268472967013_4.json | 2 +- ...32156-5785-4c9c-a2e7-0d80d2ba3daa_106.json | 4 +- ...895b4f-9133-4e68-9e23-59902175355c_12.json | 2 +- ...83105-4681-46c3-9890-0c66d05e776b_207.json | 4 +- ...ec990-37fa-4d5c-abfc-8d432f3dedd0_112.json | 6 +- ...55388-a19c-47c7-8ec4-f41656c2fded_215.json | 4 +- ...8e1f7-0050-4afc-b2df-904e40b2f5ae_217.json | 4 +- ...6397e-eb91-4f31-8951-9f0eaa755a31_215.json | 10 +- ...265bf-dea9-41a9-92ad-48a8dcd05080_112.json | 2 +- ...d1c962d-5d2a-48d4-bdcf-e980e3914947_3.json | 4 +- ...d6907-0747-4d5d-9b24-e4a18853dc0a_216.json | 4 +- ...76480-9655-4507-adc6-4eec311efff8_108.json | 4 +- ...f8cfc-0d03-443e-a167-2b0597ce0965_112.json | 2 +- ...dc3519c-1f56-42fc-9a70-7e6b705c2781_1.json | 2 +- ...61522-2545-11ed-ac47-f661ea17fbce_112.json | 2 +- ...e23495f-09e2-4484-8235-bdb150d698c9_4.json | 8 +- ...023e7-6357-4061-ae1c-9df33e78c674_108.json | 6 +- ...52599-ddec-4e14-bad1-28aa42404388_214.json | 2 +- ...c16ab-6d4f-427b-9715-f33e1b745fc7_104.json | 6 +- ...f0234fd-7f21-42af-8391-511d5fd11d5c_9.json | 2 +- ...f0fff18-f340-444b-9a98-c49ade766ff4_2.json | 4 +- ...f463e-6997-478c-8405-fb41cc283281_209.json | 12 +- ...f3ab3ce-7b41-4168-a06a-68d2af8ebc88_5.json | 2 +- ...f73aef2-7abc-4fd9-ac0d-ab8ec3e13891_3.json | 12 +- ...84af6-f553-4a6c-af13-300047455491_109.json | 2 +- ...6b72f-0fbc-47e7-9895-9ba7627a8b50_110.json | 2 +- ...0c814fc-7d06-11f0-b326-f661ea17fbcd_4.json | 2 +- ...0da1bd7-c0b9-4ba2-b487-50a672274c04_2.json | 2 +- ...3adec-1df9-4104-9c75-b97d9f078b25_214.json | 2 +- ...949a1-312f-4e04-bb55-3a79b8c95267_213.json | 6 +- ...36fe6-c043-4743-ab6e-41292f439603_207.json | 2 +- ...148b9f5-5b12-4704-9ef7-f4b4c5dd9bb5_2.json | 2 +- ...16b8d00-05f8-11f1-8f33-f661ea17fbce_3.json | 2 +- ...66ef9-48a5-4247-ad74-3349de7eb2ad_109.json | 4 +- ...18a219d-a363-4ab1-ba30-870d7c22facd_4.json | 2 +- ...18bb351-00f0-467b-8956-8cace8b81f07_3.json | 2 +- ...c3638-40a3-44b2-855a-985636ca985e_320.json | 2 +- ...29caf-6c15-4d1e-9ccb-7ad12ccc0bc7_219.json | 4 +- ...e92b6-7e54-11ee-bdc0-f661ea17fbcd_211.json | 2 +- ...ecb68-fa81-4601-90b5-f8cd661e4520_212.json | 4 +- ...374ab-7080-4e4d-8316-bef1122444af_107.json | 8 +- ...70f6f-3c37-43df-a556-f64fa475fba2_217.json | 4 +- ...2ba8542-1246-4647-9b84-98aa1bc0760a_2.json | 2 +- ...3153282-12da-415f-bad8-c60c9b36cbe3_5.json | 6 +- ...32906c6-ba8f-44c0-8386-ec0bbc8518bf_4.json | 2 +- ...3431796-f813-43af-820b-492ee2efec8e_9.json | 2 +- ...c05204-339a-11ed-a261-0242ac120002_12.json | 2 +- ...c056a0-339a-11ed-a261-0242ac120002_12.json | 2 +- ...c057cc-339a-11ed-a261-0242ac120002_13.json | 2 +- ...3e381a6-0ffe-4afb-9a26-72a59ad16d7b_7.json | 2 +- ...65ec3-43b1-45b0-8f2d-45b34291dc44_213.json | 6 +- ...40f0535-f784-4010-b999-39db99d2daeb_2.json | 8 +- ...40f79d1-571d-4f96-a9af-1194fc8cf763_9.json | 2 +- ...42ce354-4252-4d43-80c9-6603f16571c1_4.json | 8 +- ...47ae821-a80d-4f07-bb12-d40dd433f6b4_1.json | 2 +- ...fc812-7996-4795-8869-9c4ea595fe88_207.json | 4 +- ...2255d-f468-45ea-a5b3-d3a7de1331ae_112.json | 2 +- ...cfca9e-0f6f-4048-8251-9ec56a055e9e_12.json | 2 +- ...f17c52-6c6e-479e-ba72-236f3df18f3d_12.json | 2 +- ...505e02e-28dd-41cd-b18f-64e649caa4e2_4.json | 8 +- ...32f4a-e716-4cc1-ab11-931c4966da2d_206.json | 6 +- ...5613f5e-0d48-4b55-ad61-2fb9567cb1ad_5.json | 4 +- ...56739a8-2786-402b-8ee1-22e0762b63ba_4.json | 4 +- ...5f28c4d-cfc8-4847-9cca-f2fb1e319151_5.json | 2 +- ...9bccd-510b-40df-8263-334f03174fed_209.json | 2 +- ...545b4-1a90-4f45-85ce-2ebd7c6a15d0_112.json | 2 +- ...6229f32-c460-410d-bc37-4b32322cd4bb_3.json | 2 +- ...631a759-4559-4c33-a392-13f146c8bcc4_4.json | 8 +- ...41a5af-fb7e-487a-adc4-9e6503365318_12.json | 4 +- ...9e656-6f85-11ef-8876-f661ea17fbcc_210.json | 2 +- ...e7a4f-c58e-4fc6-bc83-87a7572670ac_211.json | 4 +- ...83649-f908-4a5b-a1e0-54090a1d3a32_131.json | 4 +- ...058f3-99f4-4d18-952b-43348f2577a0_108.json | 8 +- ...a12b1-ac83-40eb-814c-07ed1d82b7b9_213.json | 2 +- ...b3b5a-35e5-42db-bd36-6c5b9b4b7313_120.json | 4 +- ...1fbf2-8f28-49ed-9ab9-9a918ceb5a45_415.json | 2 +- ...239ea-c1bc-4467-a6d3-b9e2cc7f676d_213.json | 2 +- ...756ee27-9152-479b-9b73-54b5bbda301c_9.json | 10 +- ...cff2b-450b-4cf1-8ed2-c0c58a4a2dd7_414.json | 2 +- ...8443a-4ff3-4a70-916d-3cfa3ae9f02b_118.json | 6 +- ...9c821-011d-43bd-bd5b-acff00257226_315.json | 10 +- ...554fc-0777-47ce-8c9b-3d01f198d7f8_214.json | 2 +- ...5d2ae-e008-4762-b98a-e8e1cd3a81e9_413.json | 2 +- ...21d85-d0dc-48b3-865f-43291ca2c4f2_318.json | 12 +- ...94a6c-c7ba-4e82-b476-26a26877adf6_212.json | 2 +- ...b9d57-e4d5-4357-ad17-9c334609d79a_212.json | 4 +- ...7a5a5-a2fc-4a76-ba9f-26849de881b4_215.json | 2 +- ...d737b-f90a-4fe5-bda6-a68fa460044e_110.json | 4 +- ...8c5c9d1-38e5-48bb-b1b2-8b5951d39738_3.json | 2 +- ...56fdc-7ffa-4419-8e95-81641bd6f845_215.json | 6 +- ...8e90a9b-0eab-425e-be3b-902b0cd1fe9c_3.json | 2 +- ...926b708-7964-425f-bed8-6e006379df08_3.json | 4 +- ...1f15e-533c-4a60-8014-a3c3ab851a1b_113.json | 2 +- ...6015ef-718e-40ff-ac4a-cc2ba88dbeeb_13.json | 2 +- ...99fdfb9-8430-4dcb-b5a9-da67dae64808_1.json | 2 +- ...9c116bb-d86f-48b0-857d-3648511a6cac_8.json | 2 +- ...251fb-a5d6-4035-b5ec-40438bd829ff_316.json | 12 +- ...420e8-6c9e-4d28-86c0-8a2be2d1e78c_213.json | 2 +- ...58ed6-4e9f-49f3-8f8e-f32165ae7ebf_106.json | 6 +- ...a309864-fc3f-11ee-b8cc-f661ea17fbce_7.json | 2 +- ...ab9cc-4023-4d17-b5df-1a3e16882ce7_315.json | 8 +- ...aa52f86-18f1-4a5a-a0ac-e2b5db8af589_1.json | 4 +- ...ce640-e631-4870-ba8e-5fdda09325db_423.json | 12 +- ...e94ba-f02c-4d55-9f53-87d99b6f9af4_113.json | 8 +- ...341d03-1d63-41ac-841a-2009c86959ca_12.json | 2 +- ...b82a0ce-10ac-4cb7-8a66-0ba4d24540cf_2.json | 2 +- ...4d470-9036-4cc0-a27c-6d90bbfe81ab_215.json | 6 +- ...d021a-0afb-461c-acbe-ffdb9574d3f3_215.json | 4 +- ...bb7ea-0636-44ca-b541-201478ef6b50_105.json | 2 +- ...1779c-560f-4b68-a8f1-11009b27fe63_314.json | 8 +- ...a88e4-6ce2-4238-9981-a54c140d6336_207.json | 2 +- ...cf17149-a8e3-44ec-9ec9-fdc8535547a1_5.json | 2 +- ...48b96-c922-4adb-b51c-b767f1ea5b76_316.json | 4 +- ...d8685a1-94fa-4ef7-83de-59302e7c4ca8_9.json | 2 +- ...da6f80f-fe41-4814-8010-453e6164bd40_2.json | 2 +- ...db6c33-00ce-4acd-832a-24b251512023_12.json | 2 +- ...d0996-7d4b-40f2-bf4a-6913e7591795_106.json | 4 +- ...a2cc4-d260-11ed-8829-f661ea17fbcc_115.json | 138 ----------- ...a2cc4-d260-11ed-8829-f661ea17fbcc_118.json | 6 +- ...e2355cc-c60a-4d92-a80c-e54a45ad2400_6.json | 2 +- ...0d56f-5c0e-4ac6-aece-bee96645b172_311.json | 4 +- ...e4f6446-67ca-11f0-a148-f661ea17fbcd_1.json | 2 +- ...e5189c4-d3a5-4114-8cb3-bd3a65713f19_2.json | 2 +- ...e6376c1-a71e-4789-a795-198b05664064_1.json | 2 +- ...130a5-9be6-48e5-943a-9628bfc74b18_216.json | 4 +- ...b351e-a531-4bdc-b73e-7034d6eed7ff_213.json | 2 +- ...41894-66c3-4df7-ad6b-2c5074eb3df8_215.json | 4 +- ...55c81-e2ba-42f2-a134-bccf857ba922_217.json | 6 +- ...eb862bb-013d-4d4f-a14b-341433ca1a1f_4.json | 2 +- ...947e9-de7e-4281-a55d-09289bdf947e_115.json | 8 +- ...24bde-7085-489b-8250-5957efdf1caf_108.json | 4 +- ...bb4b2-7dc8-11ee-92b2-f661ea17fbcd_212.json | 2 +- ...35062-b7fc-4af9-acea-5b1ead65c5a5_211.json | 2 +- ...fa0f15b-1926-419b-8de2-fce1429797ba_3.json | 4 +- ...fa3abe3-9cd8-41de-951b-51ed8f710523_5.json | 10 +- ...2280a-d91a-4e64-a97e-1332284d9391_104.json | 6 +- ...fcb4fe4-ac74-449d-855b-2bbd5c51c476_3.json | 2 +- ...0089609-c41a-438e-b132-5b3b43c5fc07_4.json | 2 +- ...020ff25-76d7-4a7d-b95b-266cf27d70e8_3.json | 2 +- ...4e2a0-315d-4334-bb1a-441c593e16ab_216.json | 2 +- ...4e2a0-315d-4334-bb1a-552d604f27bc_214.json | 2 +- ...0558fd5-6448-4c65-804a-8567ce02c3a2_1.json | 2 +- ...c9d92-22a3-4fe0-b6b9-1f861c55502d_105.json | 4 +- ...12c9c-0dbd-4a1a-bc44-1467502c9cf6_114.json | 2 +- ...a1af4-27fd-4f26-bd03-50b6af6b9e24_111.json | 2 +- ...13e0f5f-caf7-4dc2-88a7-3561f61f262a_7.json | 2 +- ...64081a-3930-11ed-a261-0242ac120002_12.json | 2 +- ...f82c2-7741-4f9b-85b8-d06aeb853f4f_215.json | 2 +- ...ccb61-e19b-452f-b104-79a60e546a95_324.json | 8 +- ...5cb27-eca5-4151-bb47-64bc3f883270_214.json | 4 +- ...1d6a53d-abbd-40df-afee-c21fff6aafb0_8.json | 4 +- ...1de53ea-ff3b-11ee-b572-f661ea17fbce_9.json | 2 +- ...20fc1aa-e195-4a1d-81d8-04edfe5313ed_2.json | 2 +- ...999d0-7ab2-44bf-b328-6e63367b9b29_215.json | 2 +- ...25a048a-88c5-4fc7-8677-a44fc0031822_7.json | 2 +- ...290be75-2e10-49ec-b387-d4ed55b920ff_4.json | 2 +- ...aa18d-06a6-41c7-b175-b65b739b1181_415.json | 2 +- ...2c91fc0-4ac0-11f0-811f-f661ea17fbcd_3.json | 2 +- ...ed57d-ae0f-444f-af50-78708b57edd5_210.json | 10 +- ...318affb-bfe8-4d50-a425-f617833be160_7.json | 2 +- ...3344d2d-9cfb-4daf-b3c5-1d40a8182b86_3.json | 2 +- ...34239fe-eda8-48c0-bca8-9e3dafd81a88_7.json | 2 +- ...37626a2-4dca-4195-8ecd-68ef96fd1bad_2.json | 2 +- ...37b5532-cf2e-4d40-9209-d7aec9dd25d5_3.json | 2 +- ...3dd1f2c-3c24-4e13-a64b-dfd510e9fd98_1.json | 2 +- ...5ddf1-6c8e-41ce-818f-48bea6bcaed8_218.json | 6 +- ...4147312-ba03-4bea-91d1-040d54c1e8c3_1.json | 2 +- ...3e19e-3dbf-4e4e-9ae0-33d6c6ed15e1_211.json | 2 +- ...b0119-0560-43ba-860a-7235dd8cee8d_207.json | 6 +- ...edc4c-c54c-49c6-97a1-651223819448_208.json | 4 +- ...4d31cb7-4a2c-44fe-9d1d-f375b9f3cb61_1.json | 2 +- ...5241e-c1a1-4e70-844e-84ee3d73eb7d_103.json | 8 +- ...4ee9a2d-5ed3-40c8-9e6c-523d2e6a17ef_2.json | 2 +- ...45152-9aee-11ef-b0a5-f661ea17fbcd_109.json | 2 +- ...b0329-7295-4682-b9c7-4473b99add69_105.json | 6 +- ...2c127-89fb-4209-a8f6-f9944dfd7e02_112.json | 2 +- ...5c53838-5dcd-11f0-829c-f661ea17fbcd_4.json | 2 +- ...5dcb176-a575-4e33-a020-4a52aaa1b593_6.json | 2 +- ...e75d8-c180-481c-ba88-ee50129a6aef_105.json | 2 +- ...5f9b95f-370b-4ff3-a84c-66d9ec0b84eb_1.json | 2 +- ...52ca1-71d0-4003-9e37-0983e12832da_108.json | 2 +- ...c8437-a581-4537-8060-1fdb0e92c92d_210.json | 2 +- ...c9fcd-4c4c-41e6-a0c7-d6c46c2eff66_119.json | 4 +- ...d3f91-3f12-448c-b65f-20123e9e9e8c_215.json | 4 +- ...69a2e72-11bd-437b-9503-e51e7790d273_1.json | 2 +- ...db638-abf7-42d5-be22-4a70b0bf7241_212.json | 2 +- ...e17b9-af25-49a0-9378-02888b6bb3a2_102.json | 2 +- ...e4d92b-61c1-4a95-ab61-5fd94179a1ee_15.json | 2 +- ...d43b7-3480-4dd9-8ad7-8bd36bfad92f_421.json | 12 +- ...e0c4d-b998-41e5-a62e-c7901fd7f470_321.json | 12 +- ...122db4-5876-4127-b91b-6c179eb21f88_12.json | 2 +- ...f5e28-7b75-4a58-b94e-41bf060fdd86_109.json | 2 +- ...787362c-90ff-4b1a-b313-8808b1020e64_9.json | 2 +- ...811b5f7-9e07-4999-87aa-a950365cd327_1.json | 2 +- ...1f8746-2180-4691-890c-4c96d11ca91d_15.json | 4 +- ...90eb5-c838-4c1d-8240-69dd7397cfb7_108.json | 8 +- ...a404b-75aa-4ffd-8be5-3334a5a544dd_211.json | 2 +- ...2cebf-6cf1-4de3-9662-213aa13e8b80_111.json | 2 +- ...8c6559d-47a7-4f30-91fe-7e2e983206c2_3.json | 2 +- ...3d8d9-b476-451d-a9e0-7a5addd70670_212.json | 2 +- ...e1aeb-5225-4067-b8cc-f4a1de8a8546_313.json | 227 ------------------ ...e1aeb-5225-4067-b8cc-f4a1de8a8546_316.json | 12 +- ...8e9b5d5-7c07-40a7-a591-3dbbf464c386_8.json | 2 +- ...ef0c95-9dc2-40ac-a8da-5deb6293a14e_12.json | 2 +- ...9124edf-30a8-4d48-95c4-11522cad94b1_7.json | 2 +- ...dd7a6-7e00-4a0a-8a9a-a7c24720b5ec_109.json | 2 +- ...43b00-28a5-4461-81ac-644c4dc4012f_307.json | 2 +- ...7f3b9-f590-4062-b9f9-003c32bfc7d6_105.json | 4 +- ...9ce2c96-72f7-44f9-88ef-60fa1ac2ce47_9.json | 2 +- ...9e7291f-9e3b-4a4b-9823-800daa89c8f9_5.json | 2 +- ...0a1f7-ed6b-471c-8eb1-23abd6470b1c_217.json | 12 +- ...97b31-480e-4e63-a7f4-ede42bf2c6de_219.json | 4 +- ...a5cc9a8-5ea3-11ef-beec-f661ea17fbce_7.json | 2 +- ...ab5b02c-0026-4c71-b523-dd1e97e15477_1.json | 2 +- ...cb2de3-8465-472a-8d9c-ccd7b73d0ed8_11.json | 4 +- ...fc6cc9-8800-4c7f-be6b-b688d2dea248_11.json | 2 +- ...bfc26-81d2-435e-965c-d722ee397ef1_216.json | 4 +- ...81906-86b7-4544-8033-c30ec6eb45fc_105.json | 4 +- ...58110-ae13-439b-8192-357b0fcfa9d7_312.json | 2 +- ...bb3ac-e533-41ad-a612-d6c3bf666aba_111.json | 4 +- ...c2e1297-7664-42bc-af11-6d5d35220b6b_9.json | 2 +- ...c7d2a89-b7e9-4e8d-bbf2-5a782fdcc803_1.json | 6 +- ...a8e60-2df0-11ed-b814-f661ea17fbce_112.json | 2 +- ...5e1c7-6a49-45e6-a101-0720d185667f_107.json | 6 +- ...b2216-47dd-4e64-9433-cddc99727623_109.json | 2 +- ...d091a76-0737-11ef-8469-f661ea17fbcc_9.json | 2 +- ...dc45430-7407-4790-b89e-c857c3f6bf23_4.json | 8 +- ...dc921db-4cd3-48ef-88bf-2bfa91f29f5c_2.json | 2 +- ...3cb8b-5c0c-4228-b772-bb6cd619053c_106.json | 4 +- ...dfaaa17-425c-4fe7-bd36-83705fde7c2b_7.json | 2 +- ...3dfef-da2c-4d64-b11d-5f285b638853_316.json | 12 +- ...e2abdb3-c7b0-4e11-ba2f-6657602800a1_1.json | 2 +- ...e3f9a2b-1c4d-5e6f-8a0b-9c8d7e6f5a4b_2.json | 2 +- ...e5c0e5a-95a5-404e-a5b0-278d35dc3325_1.json | 2 +- ...e763fd1-228a-4d43-be88-3ffc14cd7de1_5.json | 8 +- ...b54028-ca72-4eb7-8185-b6864572347db_4.json | 12 +- ...ed84571-58ac-46da-a0ab-9c213ef2927b_1.json | 4 +- ...ca3ad-a348-43b2-b544-c93a78a0ef92_108.json | 6 +- ...f3521dd-fb80-4548-a7eb-8db37b898dc2_5.json | 8 +- ...70d54-c0eb-4270-ac5a-9a6020585dc6_214.json | 4 +- ...f3a9c2e-1d4b-5e6f-8a9b-0c1d2e3f4a5b_1.json | 2 +- ...f3e8b9a-2c4d-5e6f-8a1b-9c2d3e4f5a6b_4.json | 4 +- ...f65f984-5642-4291-a0a0-2bbefce4c617_7.json | 2 +- ...f7a0ee1-7b6f-466a-85b4-110fb105f5e2_1.json | 131 ---------- ...9afef-9fc5-4e7b-bf16-75ffdf27f8db_105.json | 2 +- ...b500fa-8e24-4bd1-9480-2a819352602c_20.json | 2 +- ...fc95782-4bd1-11f0-9838-f661ea17fbcd_4.json | 2 +- ...da9bb2-fd28-11ee-85f9-f661ea17fbce_12.json | 2 +- ...84fa9-8677-4453-8680-b891d3c0c778_111.json | 2 +- ...00e01be-a7a4-46d0-8de9-69f3c9582b44_6.json | 2 +- ...5db49-c57c-4fc0-bd86-7ccd6d10a35a_110.json | 2 +- ...04a7ac8-fc00-11ee-924b-f661ea17fbce_6.json | 2 +- ...291d3-e918-4a3a-86cd-73052a0c9bdc_108.json | 6 +- ...b70d3-e2c3-455e-af1b-2626a5a1a276_213.json | 2 +- ...0aa6cca-b343-457b-877e-5877cd71a1f8_1.json | 2 +- ...0d7f4ef-c3b6-4466-80f4-805bdd10507d_1.json | 2 +- ...1139742-4d3a-49f3-a6dd-e0fb9834f959_1.json | 2 +- ...d96c7-2068-42aa-ba8e-fe0ddd565e2e_109.json | 4 +- ...154d01d-04d1-4695-bcbb-95a1bb606355_2.json | 2 +- ...167c5ae-3310-439a-8a58-be60f55023d2_5.json | 6 +- ...92f44-4946-4b27-95d3-1d8929b114a7_102.json | 2 +- ...e23e6-2094-4f0e-8c01-22d30f3506c6_317.json | 10 +- ...e9dc6-a2d7-4192-a2d8-eed98afc766a_320.json | 2 +- ...f45f8-f8c2-4e28-992e-5a0e8d98e0fe_114.json | 4 +- ...248323e-f888-4134-a26f-37a6362f7231_2.json | 2 +- ...f8d8f-4117-4ae4-b551-f56d54b9da6b_213.json | 2 +- ...293bf1f-8dd0-434e-b52a-1aa6ec101777_1.json | 6 +- ...2f842c2-7c36-438c-b562-5afe54ab11f4_7.json | 2 +- ...34ee026-f9f9-4ec7-b5e0-7fbfe84765f4_7.json | 6 +- ...5c0622-114e-40b5-a346-f843ea5d01f1_14.json | 2 +- ...383a8d0-008b-47a5-94e5-496629dc3590_5.json | 10 +- ...1931d-8136-46fc-b7b9-2db4f639e014_108.json | 2 +- ...f249e-4348-47ba-9741-1202a09556ad_214.json | 12 +- ...9c2b3-24ef-4c1d-a8cd-5ebafb5dfa2f_115.json | 4 +- ...446517c-f789-11ee-8ad0-f661ea17fbce_9.json | 2 +- ...fe13f-6772-4c83-bd39-9d16d4ad1a81_110.json | 2 +- ...4755a05-78c8-4430-8681-89cd6c857d71_7.json | 2 +- ...1f8db-207f-45ab-a578-921d91c23eb2_108.json | 6 +- ...a2554-e12a-11ec-b896-f661ea17fbcd_219.json | 10 +- ...d901a-2a3c-46c6-8b22-55398a01aad8_114.json | 2 +- ...c1f19-68e8-43a6-9dce-340771fe1be3_217.json | 2 +- ...5d9c573-ad77-461b-8315-9a02a280b20b_1.json | 2 +- ...e2d45e-a3df-4acf-83d3-21805f564ff4_11.json | 2 +- ...0f2a03-a1cf-48d6-a674-c6d62ae608a1_12.json | 2 +- ...3535c-1e17-44e1-aa97-7a0699c3037d_212.json | 2 +- ...616ec-41e5-4edc-ada2-ab13ab45de8a_212.json | 2 +- ...6817045-ea22-4038-9959-c3437bc4c064_1.json | 12 +- ...6aa8579-1526-4dff-97cd-3635eb0e0545_7.json | 4 +- ...6b3a245-03de-49a5-ab57-ae44d8f064da_1.json | 4 +- ...aecc0-cea4-4110-af3f-e02e9b373655_113.json | 2 +- ...ea072-1b71-4def-b016-6278b505138d_220.json | 10 +- ...73b5452-074e-11ef-852e-f661ea17fbcc_9.json | 2 +- ...94192-4539-4bc4-8543-23bc3d5bd2b4_213.json | 2 +- ...cc04a-3320-411d-bbe9-53266fa5e107_103.json | 8 +- ...7f8141e-4275-4d49-9e76-d215b4614a0b_1.json | 2 +- ...82a39ad-a404-45e3-b5d4-bc11d2b09818_1.json | 6 +- ...4e87cc-c67b-4c90-a4ed-e1e24a940c82_10.json | 6 +- ...71231-6626-4e1b-abb7-6e361a171fbb_215.json | 2 +- ...17a33-60d3-411f-ba79-7c905d865b2a_113.json | 2 +- ...dcb8c-60e5-46ee-9206-2663adf1b1ce_112.json | 2 +- ...cb88e-441a-4c3e-be2d-120d99fe7b0d_212.json | 4 +- ...326d2-56c0-4342-b553-4abfaf421b5b_108.json | 4 +- ...94b7cc9-040b-427c-aca5-36b40d3667bf_8.json | 2 +- ...96a0a38-eaa0-42e9-be35-dfcc3e3e90ae_2.json | 2 +- ...dc6b5-b39f-432a-8d75-d3730d50c782_215.json | 4 +- ...9a4b0-9f8f-4ee0-8823-c4751a6d6696_215.json | 6 +- ...a6cb7-6b53-4de2-b604-648488841ab8_111.json | 2 +- ...024633-c444-45c0-a4fe-78128d8c1ab6_11.json | 2 +- ...fbd26-867f-11ee-947c-f661ea17fbcd_213.json | 2 +- ...fd93a-7df8-410d-8808-4cc5e340f2b9_206.json | 2 +- ...b0278-0f9a-487d-96bd-d4833298e87a_110.json | 2 +- ...d4831-3ce6-4859-9891-28931fa6101d_214.json | 4 +- ...a1db198-da6f-4500-b985-7fe2457300af_6.json | 2 +- ...a556117-3f05-430e-b2eb-7df0100b4e3b_3.json | 2 +- ...c1e5f-ad63-481e-b53a-ef959230f7f1_415.json | 2 +- ...7933b4-9d0a-4c1c-bda5-e39fb045ff1d_11.json | 173 ------------- ...5b42f-8d74-48c8-a8d0-6d14b4197288_110.json | 8 +- ...b3a62-a598-4293-bc14-3d5fa22bb98f_315.json | 10 +- ...b4d6c3a-2e9f-4b7c-9a5d-6f8e3c1b4d2a_2.json | 2 +- ...f0816-6a65-4630-86a6-c21c179c0d09_316.json | 12 +- ...4d36a-1307-4b2e-a77b-a0027e4d27c8_109.json | 2 +- ...bd1c36a-2c4f-4801-a43d-ba696c13ffc2_4.json | 2 +- ...bdde8-4204-45c0-9e0c-c85ca3902488_109.json | 141 ----------- ...bdde8-4204-45c0-9e0c-c85ca3902488_112.json | 10 +- ...7dc0e-e3ac-4c97-8aa0-cf6a9122de45_320.json | 12 +- ...c707e4c-bd20-4ff4-bda5-4dc3b34ce298_3.json | 2 +- ...1e506-6e82-4884-9b9a-75d3d252f967_113.json | 2 +- ...c8df61f-ed2a-4832-87b8-ee30812606e0_2.json | 8 +- ...ae3e2-f0b1-4b2c-9eba-bd87c2db914f_104.json | 4 +- ...b84371-d053-4f4f-bce0-c74990e28f28_16.json | 2 +- ...cbc7793-9ce4-4b7d-9c20-a30afbde2a05_1.json | 2 +- ...cc72fa3-70ae-4ea1-bee2-8e6aaf3c1fcf_6.json | 2 +- ...cd49fbc-a35a-4418-8688-133cc3a1e548_3.json | 12 +- ...d366588-cbd6-43ba-95b4-0971c3f906e5_6.json | 2 +- ...d0794-c776-476b-8674-ee2e685f6470_105.json | 2 +- ...d696bd0-5756-11f0-8e3b-f661ea17fbcd_4.json | 2 +- ...d8c0b55-ef27-4c20-959f-fa8dd3ac25e6_3.json | 8 +- ...d9c4128-372a-11f0-9d8f-f661ea17fbcd_5.json | 2 +- ...41fc9-7735-4b24-9cc6-c78dfc9fc9c9_213.json | 4 +- ...ab73b-3d15-4e5d-9413-47f05553c1d7_108.json | 2 +- ...485b6-a74f-411b-bf7f-38b819f3a846_213.json | 12 +- ...e39f54e-910b-4adb-a87e-494fbba5fb65_6.json | 2 +- ...e66c55f-8db6-4e3e-bf4f-3a3e242bdf66_1.json | 2 +- ...e7a4f2c-9b3d-4e5a-a1b6-c2d8f7e9b3a5_6.json | 2 +- ...c4df1-4b4b-4502-b6c3-c788714604c9_108.json | 6 +- ...eeda11-dca6-4c3e-910f-7089db412d1c_12.json | 2 +- ...efcd3da-103b-4a65-8ab2-6a3a9df7ba8b_1.json | 2 +- ...42ffb-b191-4803-90ec-0f19942e17fd_108.json | 4 +- ...e91c7-d791-4704-80a1-42c160d7aa27_113.json | 4 +- ...f8004e1-0783-485f-a3da-aca4362f74a7_2.json | 2 +- ...19d4b-a5af-47ca-a594-6be59cd924a4_212.json | 4 +- ...f985da6-66e8-4838-a63e-21636eb9adc5_1.json | 2 +- ...75dda-c47a-4e34-8ecd-34facf7aad13_108.json | 2 +- ...69566-2260-4824-b8e4-8615c3b4ed52_213.json | 8 +- ...04023d7-8307-48bc-ad49-c454dfc2fae3_1.json | 8 +- ...050506c-df6d-4bdf-bc82-fcad0ef1e8c1_5.json | 2 +- ...5ece6-2689-4224-a0e0-b04881e1f8ad_212.json | 2 +- ...056d577-4da5-47bf-8c94-6c0b1bb3f8a5_1.json | 4 +- ...a26f5-3eb6-4338-a70e-6c375c1cde8a_106.json | 6 +- ...2cd6c-650f-4fa3-8a8a-28256c7489c9_114.json | 2 +- ...09bf7c8-d371-11ef-bcc3-f661ea17fbcd_6.json | 2 +- ...abaa8-5216-4568-992d-d4a01a105d98_107.json | 6 +- ...0c0ce77-3fb4-484f-a8ad-4648e12b35b1_1.json | 2 +- ...0e4ceab-79a5-4f8e-879b-513cac7fcad9_5.json | 10 +- ...0e5976d-ed8c-489a-a293-bfc57ff8ba89_5.json | 2 +- ...0efea04-5675-11f0-8f80-f661ea17fbcd_5.json | 2 +- ...0ffdf-f3d0-4db3-bf66-7a14bcff71b8_109.json | 2 +- ...04cd4-47a9-4334-ab14-084abe274d49_212.json | 2 +- ...02f01-969f-4167-8d77-07827ac4cee0_207.json | 4 +- ...02f01-969f-4167-8f55-07827ac3acc9_208.json | 4 +- ...02f01-969f-4167-8f66-07827ac3bdd9_208.json | 4 +- ...84446-aefb-4d5e-ad12-598042ca80ba_214.json | 2 +- ...29d0766-204b-11f0-9c1f-f661ea17fbcd_5.json | 2 +- ...2a36c98-b24a-4bf7-aac7-1eac71fa39cf_2.json | 2 +- ...6faf5-78ec-4e25-bea1-73bacc9b59d9_115.json | 4 +- ...2b11a06-57ab-4f6d-a18b-fb7fdf3cc63f_1.json | 8 +- ...3a04e-6487-4b62-892d-70e640a590dc_111.json | 4 +- ...75852-b0f5-4b8b-89c3-a226efae5726_216.json | 2 +- ...3120a05-caf5-47f6-a305-e8abee463fb9_1.json | 2 +- ...e25a5-0f5e-4ae0-ba0d-9e94eff7e3a4_211.json | 2 +- ...5fd2c-9947-4472-86ef-4aceb2f7e872_213.json | 2 +- ...22c0a-06a0-4131-b830-b10d5e166ff4_214.json | 4 +- ...1ce76-494c-4f01-8167-35edfb52f7b1_419.json | 10 +- ...3d2c5bf-dac1-4e0f-ab52-16f440782bb8_1.json | 2 +- ...3dd73f9-3e59-45be-b023-c681273baf81_2.json | 4 +- ...63c3e-4154-4fc6-9f86-b411e0987bbf_211.json | 2 +- ...18745-529f-4259-8d25-a713a6feb6ae_109.json | 4 +- ...4556bc7-e057-4759-9e49-fa79ee366101_1.json | 2 +- ...401ba-4fa2-455c-b7ae-b6e037afc0b7_216.json | 12 +- ...734c0-2cda-11ef-84e1-f661ea17fbce_211.json | 2 +- ...0add4-3392-11ed-bd01-f661ea17fbce_111.json | 2 +- ...779c2-82ad-4a6c-82b8-296c1f691449_110.json | 2 +- ...52c92af-d67f-4f01-8a9c-725efefa7e07_7.json | 4 +- ...ee7c8-5437-49ae-b2d6-2960883898e9_215.json | 6 +- ...550ec87-e73c-4baa-ad44-e448a33fbc3d_1.json | 2 +- ...563dace-5822-11f0-b1d3-f661ea17fbcd_5.json | 2 +- ...a7353-1129-4aa7-9084-30746b256a70_214.json | 2 +- ...99adc-2cda-11ef-84e1-f661ea17fbce_211.json | 2 +- ...62a71ae-aac9-11ef-9348-f661ea17fbce_8.json | 2 +- ...1ed8b-001c-40dc-a777-0983b7b0c91a_105.json | 2 +- ...679c838-ec24-4e3a-bf0b-68a9878828c3_1.json | 2 +- ...ccab9-da51-4a87-9ce2-d3c9782fd759_217.json | 8 +- ...6b2a03e-003b-11f0-8541-f661ea17fbcd_6.json | 2 +- ...9f4ea-0e8c-435b-8d53-2096e75fcac5_414.json | 2 +- ...d11d31-9a79-480f-8401-da28b194608f_17.json | 2 +- ...6dd08d8-8f3d-4f55-ada8-7dc1e05dbd47_1.json | 2 +- ...90768-c3b7-4df6-b5d9-6237f8bc36a8_212.json | 2 +- ...6f29282-ffcc-4ce7-834b-b17aee905568_4.json | 2 +- ...20e61-e591-4191-8a3b-2861a2b887cd_114.json | 4 +- ...705b458-689a-4ec6-afe8-b4648d090612_6.json | 4 +- ...7266eb4-b8c3-4e3e-9417-7d0ace6b3dfe_1.json | 2 +- ...14185-2568-4561-ae81-f3e480e5e695_212.json | 2 +- ...59fd8-757d-4b1d-9af1-ef29e4a8680e_109.json | 2 +- ...97a52-4a76-4f0a-aa4f-25c178aae6eb_104.json | 2 +- ...6b2391-413f-4a94-acb4-7911f3803346_11.json | 188 --------------- ...729e7-0c52-4c4c-b71e-88103304a79f_214.json | 2 +- ...8e584-fd3b-421f-9b9d-9c9d9e57e9d7_419.json | 2 +- ...ba1ef-6034-4bd3-8c1a-1e0996b27afa_423.json | 12 +- ...db8b42-69d8-4bf3-9fd4-c69a1d895d68_13.json | 2 +- ...c44d3-8dae-4019-ae83-298c3015600f_120.json | 2 +- ...0b70a0-c820-11ed-8799-f661ea17fbcc_10.json | 2 +- ...822c5a1-1494-42de-b197-487197bb540c_7.json | 2 +- ...361cd-3dac-47fe-afa1-5c5dd89f2fb4_107.json | 6 +- ...43d35-645e-4e66-9d6a-5049acd96ce1_107.json | 6 +- ...0ee61-d061-403d-9bf6-64934c51f638_109.json | 2 +- ...95807-5b09-4e37-8a54-5cae5dc932d7_213.json | 2 +- ...c2919-f8b3-4d2d-b85b-e1c13ac0c68b_103.json | 8 +- ...8cfaa44-83f0-4aba-90c4-363fb9d51a75_2.json | 2 +- ...8ebd6a1-77db-4fe1-b4fd-1bd3c737b780_2.json | 2 +- ...39e7d-b0d4-46e3-8609-acafcf99f68c_113.json | 2 +- ...e40aa-8c85-43de-825e-15f665375ee8_116.json | 4 +- ...0432d-9b26-409f-972b-839a959e79e2_314.json | 2 +- ...96e2e09-087e-4e99-a3cc-a9225d24ba3d_1.json | 4 +- ...565a2-fc52-4d72-91e4-ba6712c0377e_107.json | 8 +- ...9ac5005-8a9e-4625-a0af-5f7bb447204b_3.json | 8 +- ...2b626-de44-4322-b1f9-157ca408c17e_106.json | 6 +- ...9c9af5a-67cf-11f0-b69e-f661ea17fbcd_1.json | 2 +- ...cf974-6587-4f65-9252-d866a3fdfd9c_208.json | 6 +- ...a2dae-0b5f-4c3d-8305-a268d404c306_108.json | 2 +- ...a1ba0ac-aa6f-4c0d-8c80-b7f6ea2efa36_1.json | 2 +- ...a3884d0-282d-45ea-86ce-b9c81100f026_5.json | 2 +- ...a3689-8ed1-4cdb-83fb-9506db54c61f_213.json | 2 +- ...b4e31-6cde-4295-9ff7-6be1b8567e1b_315.json | 8 +- ...f5d74-c7e7-4a8b-945e-462c102daee4_104.json | 4 +- ...0e1f6-52ce-42e1-abb3-09657cee2698_316.json | 10 +- ...a4be8d-5828-417d-9f54-7cd304571b24_10.json | 2 +- ...aeca498-1e3d-4496-9e12-6ef40047eb23_4.json | 12 +- ...43b62-d173-4cfd-bd8b-e6379f964ca4_211.json | 2 +- ...b35422b-9102-45a9-8610-2e0c22281c55_1.json | 2 +- ...813a1-daf1-457e-b0e6-0bb4e55b8a4c_319.json | 12 +- ...80cb26-9966-44b5-abbf-764fbdbc3586_10.json | 2 +- ...bed06f5-0c32-488a-9353-d565fc9d1573_1.json | 4 +- ...c0f61fa-abf4-4b11-8d9d-5978c09182dd_3.json | 2 +- ...60313-c811-4ec8-ab89-8f6530e0246c_214.json | 4 +- ...c5b2382-19d2-4b5d-8f14-9e1631a3acdb_6.json | 2 +- ...65691-5599-447a-bac9-b3f2df5f9a9d_115.json | 4 +- ...c951837-7d13-4b0c-be7a-f346623c8795_7.json | 2 +- ...f3ce0-0057-440a-91f5-870c6ad39093_315.json | 8 +- ...10cb3-5f4b-4c9a-b9f5-53f0a1707ae2_318.json | 4 +- ...10cb3-5f4b-4c9a-b9f5-53f0a1707ae3_319.json | 12 +- ...10cb3-5f4b-4c9a-b9f5-53f0a1707ae4_220.json | 8 +- ...10cb3-5f4b-4c9a-b9f5-53f0a1707ae5_214.json | 4 +- ...10cb3-5f4b-4c9a-b9f5-53f0a1707ae6_321.json | 6 +- ...10cb3-5f4b-4c9a-b9f5-53f0a1707ae9_212.json | 2 +- ...02377-d226-4e12-b54c-1906b5aec4f6_207.json | 4 +- ...d312839-339a-4e10-af2e-a49b15b15d13_3.json | 4 +- ...d94d61b-9476-41ff-a8d3-3d24b4bb8158_2.json | 2 +- ...e11faee-fddb-11ef-8257-f661ea17fbcd_8.json | 2 +- ...e5dbd3b-5e19-4648-a1cf-c2649c91b015_1.json | 2 +- ...e81b1fd-e9fb-49a7-8ebe-0d1a14090142_3.json | 2 +- ...e8c185c-8237-4b13-a4da-4a8d4e9bb6ef_1.json | 2 +- ...eaa3fb1-3f70-48ed-bb0e-d7ae4d3c8f28_3.json | 2 +- ...ebd48ac-a0e2-430a-a219-fe072a50146b_3.json | 2 +- ...ed5d08f-aad6-4c03-838c-d686da887c2c_3.json | 2 +- ...edd000e-cbd1-4d6a-be72-2197b5625a05_4.json | 4 +- ...dd1804-83c7-4e48-b97d-c776b4c97564_10.json | 2 +- ...efb3f79-b77b-466a-9fa0-3645d22d1e7f_9.json | 2 +- ...c4ca3-44b5-481d-ba42-32dc215a2769_216.json | 8 +- ...f420cca-cb27-44db-a13d-c43c7b48e04a_1.json | 4 +- ...432a8b-9588-4550-838e-1f77285580d3_12.json | 2 +- ...f8e3c5e-f72e-4e91-93f6-e98a4fae3e4f_2.json | 2 +- ...62927-1a4f-45f3-a57b-287f2c7029c1_221.json | 4 +- ...a2a82-93a8-4b1a-8778-1780895626d4_216.json | 2 +- ...681e3-9ed6-447c-ab2c-be648821c622_319.json | 2 +- ...cb68e-7c93-48d1-93b2-2c39023308eb_118.json | 4 +- ...0ddb77b-0318-41f0-91e4-8c1b5528834f_9.json | 2 +- ...0fbd7a9-1923-4e05-92df-b484168f17bc_2.json | 2 +- ...d3d9d-0f65-48f1-8b25-af175e2594f5_110.json | 2 +- ...167f1-eec2-4015-9631-1fee60406dcf_212.json | 6 +- ...29140-8de3-4445-9f87-908fb6d824f4_216.json | 8 +- ...612dd-b30e-4d41-86a0-ebe70974ec00_213.json | 4 +- ...99af0-8e1e-4ed0-8ec1-89783538a061_215.json | 10 +- ...bcc91-297b-459b-b5ce-bc7460d8f82a_109.json | 2 +- ...17f2e5f-de52-49e8-9d86-ccfe91cd54d4_1.json | 2 +- ...0375f-22c2-48c0-81a4-7c2d11cc6856_112.json | 2 +- ...1b2c3d4-5e6f-7a8b-9c0d-1e2f3a4b5c6d_2.json | 2 +- ...1b2c3d4-e5f6-4789-a0b1-c2d3e4f5a6b7_1.json | 2 +- ...1b2c3d4-e5f6-4a5b-8c9d-0e1f2a3b4c5d_3.json | 4 +- ...1b2c3d4-e5f6-7890-a1b2-c3d4e5f67890_3.json | 2 +- ...1b2c3d4-e5f6-7890-abcd-ef1234567890_1.json | 4 +- ...1b7ffa4-bf80-4bf1-86ad-c3f4dc718b35_5.json | 10 +- ...c2589e-0c8c-4ca8-9eb6-f83c4bbdbe8f_11.json | 2 +- ...a09c2-2162-4df0-a356-9aacbeb56a04_317.json | 10 +- ...22b8486-5c4b-4e05-ad16-28de550b1ccc_6.json | 2 +- ...22f566b-5b23-4412-880d-c6c957acd321_8.json | 2 +- ...95334-2499-11ed-9e1a-f661ea17fbce_113.json | 2 +- ...2951930-dd35-438c-b10e-1bbdc5881cb4_2.json | 2 +- ...04374-187c-4fd9-b513-3ad4e7fdd67a_113.json | 2 +- ...2e5e290-f534-4b71-bc3f-2dd1932b4cd6_1.json | 8 +- ...0dea6-e228-40e1-9123-a339e207378b_104.json | 4 +- ...337c3f8-e264-4eb4-9998-22669ca52791_2.json | 2 +- ...3cc60d8-2701-11f0-accf-f661ea17fbcd_6.json | 2 +- ...a12f3-0d4e-4667-8b44-4230c63f3c75_315.json | 10 +- ...44bcb58-5109-4870-a7c6-11f5fe7dd4b1_4.json | 2 +- ...740e4-be17-4048-9aa4-1e6f42b455b1_101.json | 2 +- ...7473a-5cb4-4bc1-9d06-e4a75adbc494_114.json | 2 +- ...4c8e901-2b7f-4d6e-9a3c-8e1f0d5b6c2a_1.json | 2 +- ...4f7a295-aba1-4382-9c00-f7b02097acbc_3.json | 2 +- ...a9439-d52c-401c-be37-2785235c6547_105.json | 2 +- ...eb21b7-13cc-4b94-9fe2-29bb2914e037_12.json | 2 +- ...326d7-dca7-4fb7-93eb-1ca03a1febbd_317.json | 2 +- ...5c51a-73ad-406d-bf3a-f24cc41d5c97_110.json | 2 +- ...6129187-c47b-48ab-a412-67a44836d918_2.json | 2 +- ...4863f-a70d-417f-a7d2-7a404638d47f_320.json | 12 +- ...640ef5b-e1da-4b17-8391-468fdbd1b517_3.json | 14 +- ...643e6b8-ba2a-45f1-8d71-d265bfe2ae43_1.json | 2 +- ...6788d4b-b241-4bf0-8986-a3b4315c5b70_7.json | 2 +- ...68da7d6-7eab-45bd-97c5-93b469c0706e_1.json | 2 +- ...698a653-e144-4e40-bade-35135935be45_2.json | 4 +- ...f4dd4-743e-4da8-8c03-3ebd753a6c90_113.json | 2 +- ...6d4e070-b9b9-4294-b028-d9e21ad47413_4.json | 2 +- ...c60cb-70ee-4629-a127-608ead14ebf1_109.json | 4 +- ...750bbcc-863f-41ef-9924-fd8224e23694_3.json | 2 +- ...7577205-88a1-4a08-85d4-7b72a9a2e969_3.json | 2 +- ...7b984e4-16ff-405b-80be-31a94a03e929_1.json | 2 +- ...7c3e8f2-4b19-4d6a-9e5c-8f1a2b3c4d5e_4.json | 2 +- ...cae7b-9d2c-44b2-a061-98e5946971fa_118.json | 4 +- ...7bfa3-088e-4f13-b29e-3986e0e756b8_315.json | 133 ---------- ...7bfa3-088e-4f13-b29e-3986e0e756b8_318.json | 12 +- ...7e9e2e8-3c5d-4b9a-8e7f-1a2b3c4d5e6f_1.json | 2 +- ...7f2c1b4-5d8e-4f3a-9b0c-2e1d4a6b8f3e_3.json | 2 +- ...80d96cd-1164-41b3-9852-ef58724be496_7.json | 4 +- ...80ffc40-a256-475a-a86a-74361930cdb1_3.json | 2 +- ...8256685-9736-465b-b159-f25a172d08e8_2.json | 2 +- ...83b3dac-325a-11ef-b3e6-f661ea17fbce_8.json | 4 +- ...a4e42-1d82-44bd-b0bf-d9b7f91fb89e_105.json | 2 +- ...87d49f0-24ae-4d6e-a0b4-5fd2f6188d6a_2.json | 10 +- ...8a48752-58f3-43a9-beb5-14b9e9f6a8b0_1.json | 2 +- ...8aaa49d-9834-462d-bf8f-b1255cebc004_6.json | 2 +- ...8afdce2-0ec1-11ee-b843-f661ea17fbcd_9.json | 4 +- ...8b08d2d-6dfe-453f-87d1-11d5fc3ec746_1.json | 137 ----------- ...8b08d2d-6dfe-453f-87d1-11d5fc3ec746_4.json | 2 +- ...8b2c4d6-e8f0-12a4-b6c8-d0e2f4a6b8c0_3.json | 2 +- ...8b3c4d5-e6f7-8901-a2b3-c4d5e6f78901_3.json | 2 +- ...8b3e2f0-8c7d-11ef-b4c6-f661ea17fbcd_4.json | 4 +- ...35ca0-ad8d-48a9-9f6c-553622dca61a_109.json | 4 +- ...8e7d6c5-b4a3-2918-0f9e-8d7c6b5a4032_1.json | 2 +- ...8f3c2e1-4d5b-4e6f-8a9b-0c1d2e3f4a5b_1.json | 2 +- ...7187f-76d6-4c1d-a1d5-1ff301ccc120_104.json | 4 +- ...8f7e9d4-3b2c-4d5e-8f1a-6c9b0e2d4a7f_1.json | 2 +- ...953f6d5-01cd-4f4c-94dc-207e34965cac_1.json | 2 +- ...9fa1b-9a11-4dd8-a3e9-f0de9c6eb5f2_213.json | 2 +- ...f82f5-8e77-4f8b-b3ce-10c0f6afbc73_211.json | 2 +- ...05c3b-b304-4bf9-970d-acdfaef2944c_216.json | 10 +- ...b3641-ff4b-4cdc-a063-b4b8d02a67c7_109.json | 98 -------- ...b3641-ff4b-4cdc-a063-b4b8d02a67c7_112.json | 8 +- ...a04377a-19b5-4940-952f-aad173790d23_1.json | 4 +- ...a1e007a-2997-4247-b048-dd9344742560_2.json | 2 +- ...8f01d-bc93-4c8f-bc01-6f67f2a0a833_104.json | 4 +- ...007f0-d1df-49ef-8520-407857594827_109.json | 2 +- ...95aea-b69c-4411-b110-8d7599634b30_218.json | 4 +- ...a274d-6b53-424d-ac5e-cb8ca4251650_218.json | 4 +- ...aab30ec-b004-4191-95e1-4a14387ef6a6_6.json | 2 +- ...abdad51-51fb-4a66-9d82-3873e42accb8_6.json | 6 +- ...5c24b-2502-43a0-bf7c-e60e662c811e_123.json | 2 +- ...b7795cc-0e0b-4f9d-a934-1f17a58f869a_3.json | 6 +- ...8f074c-5565-4bc4-991c-d49770e19fc9_12.json | 2 +- ...b9a334a-f2c3-4f49-879f-480de71020d3_2.json | 2 +- ...ba3bc11-e02f-4a03-8889-d86ea1a44f76_2.json | 2 +- ...e61a8-c560-4dbd-acca-1e1438bff36b_310.json | 4 +- ...bb7bc31-b865-4318-80a9-b9ee4edd57b6_1.json | 2 +- ...bc7a2be-479e-428b-b0b3-1d22bda46dd9_2.json | 2 +- ...12404-57a5-476f-858f-4e8fbb4f48d8_112.json | 2 +- ...012b8-8da8-440b-aaaf-aedafdea2dff_420.json | 8 +- ...31fcc-1d3b-476d-bbb5-1357728c9a37_108.json | 4 +- ...a2759-5c34-440a-b0c4-51fe674611d6_209.json | 10 +- ...bc744-e82b-41ad-b58d-90654fa4ebfb_106.json | 4 +- ...06eae-d5ec-4b14-b4fd-e8ba8086f0e1_313.json | 2 +- ...6ceb8-4399-4191-af1d-4feeac1f1f46_216.json | 2 +- ...c8bb9-2486-49a8-8779-45fb5f9a93ee_212.json | 2 +- ...611f3-2b93-47b3-a0a3-7723bcc46f6d_111.json | 2 +- ...1e989-a541-44df-93a8-a8b0591b63c0_113.json | 2 +- ...738b5-b5b2-4acc-bad9-1e18ee234f40_315.json | 10 +- ...d02da2f-443d-454c-a12e-d9e6c65831ff_1.json | 2 +- ...d2742-9a49-11ec-8d6b-acde48001122_317.json | 10 +- ...f2807-2b3e-47d7-b282-f84acbbe14be_211.json | 2 +- ...a3757-c872-4719-8c72-12d3f08db655_108.json | 4 +- ...6db2e-1cc7-4a2c-8fa5-5f3895e44a18_105.json | 2 +- ...4d445-b1ce-4377-82d9-7c633f28bf9a_217.json | 2 +- ...8231f-e2ab-491c-8fc6-64746da26cfe_111.json | 2 +- ...59eeb-2b7b-4722-ba08-a45f6622f005_111.json | 6 +- ...961e0-cb74-42a0-af9e-29fc41f88f5f_216.json | 8 +- ...bfa3ee-777e-4747-b6b0-7bd645f30880_14.json | 4 +- ...e32268b-bfd0-4c35-b002-13461b5830ca_2.json | 2 +- ...43298-97bc-47bc-9ea2-5f2ad831c16e_111.json | 4 +- ...e3e9625-89ad-4fc3-a7bf-fced5e64f01b_3.json | 8 +- ...a142c-6a1d-4918-bea7-0b617e99ecfa_211.json | 8 +- ...baa51f-2a91-4f6a-850b-b601db2293f4_15.json | 2 +- ...ed4b9d5-f853-40cf-8489-4fdcff03e272_1.json | 2 +- ...eebe561-c338-4118-9924-8cb4e478aa58_2.json | 2 +- ...f1e36fe-0abd-4463-b5ec-4e276dec0b26_5.json | 8 +- ...22d970-7106-45b4-b5e3-460d15333727_10.json | 4 +- ...f2d8e4c-3b7c-4e91-8f5a-6c9d0e1f2a3b_3.json | 2 +- ...a135c0-a365-43ab-aa35-fd86df314a47_10.json | 2 +- ...ce5ad-65de-4ed2-8516-5e093d3ac99a_213.json | 4 +- ...d04601-12fc-4149-9b78-9c3f8fe45d39_12.json | 2 +- ...fdca1e0-0f8a-4fcf-9e1e-95e09791e3cd_2.json | 2 +- ...e6b0eb-dd9d-4922-b08a-1910124d524d_11.json | 2 +- ...ff74d85-5bfa-4ff1-ace2-4e3995a37cfa_1.json | 2 +- ...46934-486e-462f-9487-0d4cf9e429c6_110.json | 2 +- ...bcd89-000c-4425-b94c-716ef67762f6_111.json | 2 +- ...0450411-46e5-46d2-9b35-8b5dd9ba763e_5.json | 2 +- ...38186-4f12-48ac-83d2-47e686d08e82_208.json | 10 +- ...07f0fba-0a78-11f0-8311-b66272739ecb_6.json | 2 +- ...c98cfb-0745-4513-b6f9-08dddb033490_11.json | 2 +- ...116fd-023c-4718-aeb8-fa9d283fc53b_104.json | 4 +- ...a15f2-becf-475d-aa69-45c9e0ff1c49_106.json | 4 +- ...1773d05-f349-45fb-9850-287b8f92f02d_7.json | 2 +- ...18c71-5959-469a-a3ce-3a0768e63b9c_110.json | 4 +- ...0bfb8-26b7-4e5e-924e-218144a3fa71_108.json | 4 +- ...a7df2-120a-4db2-bd3f-3e4b86b24bee_218.json | 4 +- ...51150-658f-4a60-832f-a00d1e6c6745_213.json | 2 +- ...29b7652-219f-468b-aa1f-5da7bcc24b03_3.json | 12 +- ...ee2be-bf99-446c-ab1a-2dc0183394b8_214.json | 6 +- ...2c3d4e5-6f7a-8b9c-0d1e-2f3a4b5c6d7e_2.json | 2 +- ...2c3d4e5-f6a7-4890-b1c2-d3e4f5a60789_1.json | 2 +- ...2c3d4e5-f6a7-5b6c-9d0e-1f2a3b4c5d6e_3.json | 4 +- ...2c3d4e5-f6a7-8901-bcde-f123456789ab_3.json | 10 +- ...2c3d4e5-f6a7-8901-bcde-f23456789012_3.json | 8 +- ...2f0ea08-2b60-4a2d-93d7-fe996a30031a_2.json | 2 +- ...2f8c4e1-6a73-4f1e-9c2d-8e5b0a1d3f7c_1.json | 2 +- ...7b919-665f-4aac-b9e8-68369bf2340c_207.json | 4 +- ...36c99af-b944-4509-a523-7e0fad275be1_9.json | 2 +- ...a13c6-ba45-4bab-a534-df53d0cfed6a_322.json | 10 +- ...42e4b88-fc4a-417b-a45e-4d4a3db9fd41_4.json | 2 +- ...570de-a908-4f7f-8bdb-b2df6ffd8c80_216.json | 12 +- ...49455-f986-4b5a-82ed-e36b129331f7_111.json | 2 +- ...ab1d2-712f-4f01-a751-df3826969807_211.json | 2 +- ...3365c-98a8-40c0-92d8-0458ca25058a_108.json | 6 +- ...4a80990-e028-4792-83eb-09e59959059f_1.json | 2 +- ...b1440-0fcb-4ed1-87e5-b06d58efc5e9_415.json | 2 +- ...4bd186b-69c6-45ad-8bef-5c35bbadeaef_3.json | 2 +- ...4c8e2a1-9f3d-4e7c-a2b1-0d5e6f7a8b9c_2.json | 2 +- ...1dbc92-84e2-4af1-ba47-65183fcd0c57_12.json | 2 +- ...f1d73-150d-484d-8f02-222abeb5d5fa_104.json | 14 +- ...77334-677f-4fb9-86d5-a9721274223b_320.json | 12 +- ...a4bfe-a1b2-421f-9d47-22a75a6f2921_318.json | 12 +- ...5f94e78-fb4d-4f4b-879e-e51ea667d09c_1.json | 2 +- ...605f262-f7dc-41b5-9ebc-06bafe7a83b6_8.json | 2 +- ...625c9ad-16e5-4f16-8d38-3e9631952554_3.json | 2 +- ...7cd12-dac4-11ec-9582-f661ea17fbcd_114.json | 2 +- ...b183e-1a76-422d-9179-7b389513e74d_215.json | 4 +- ...1f86d-1c23-4ce7-a59e-2edbdba28247_210.json | 12 +- ...b7e2b-d50a-49b9-a6fc-3a383baedc6b_110.json | 10 +- ...ce542-2b75-4ffb-b7d6-38787298ba9d_109.json | 2 +- ...9a170-3bdb-4141-b0e3-13e3cf627bfe_415.json | 2 +- ...799720e-40d0-4dd6-9c9c-4f193a6ed643_1.json | 2 +- ...7e2a04d-4f8a-4e12-8c9a-1d5e6f7a8b9c_3.json | 2 +- ...75894-0b62-46e5-977c-31275da34419_414.json | 2 +- ...81bd314-db5b-4d97-82e8-88e3e5fc9de5_8.json | 4 +- ...86923-b02c-4b94-986a-d223d9b01f88_113.json | 2 +- ...a7e96-2eb3-4edf-8346-427b6858d3bd_418.json | 10 +- ...84264aa-37a3-49f8-8bbc-60acbe9d4f86_1.json | 2 +- ...afe07-0d98-4738-b15d-8d7465f95ff5_212.json | 6 +- ...8c3e5d0-8a1a-11ef-9b4a-f661ea17fbce_1.json | 2 +- ...8c7d6e5-f4a3-4b2c-9d8e-7f6a5b4c3d2e_1.json | 2 +- ...8e4c2a1-7f3d-4e9b-8c5a-1d0e6f2a4b8c_1.json | 2 +- ...8f54e38-7a1d-4c9b-9e2f-3a4b5c6d7e8f_2.json | 2 +- ...8da2d-a9dc-48c0-90e4-955c0aa1259a_316.json | 10 +- ...cdde7-7e0d-4359-8bf0-2c112ce2008a_314.json | 8 +- ...0f25a-2d44-47f2-a873-aabdc0d355e6_219.json | 4 +- ...92d5eae-70bb-4b66-be27-f98ba9d0ccdc_6.json | 6 +- ...946c2f7-df06-4c00-a5aa-1f6fbc7bb72c_4.json | 56 ----- ...54892-5e0e-424b-83a0-5aef95aa43bf_215.json | 4 +- ...66521-4742-49ce-9ddc-b8e84c35acae_116.json | 2 +- ...60fef-82c6-4816-befa-44745030e917_317.json | 10 +- ...14be7-b7f4-4367-9934-81f07d2f63c4_107.json | 4 +- ...9c8d7e6-5a4f-3c2b-1d0e-9f8a7b6c5d4e_1.json | 2 +- ...42eb2-583c-439f-b04d-1fdd7c1417cc_311.json | 4 +- ...a5a0b0c-b477-4729-a3dc-0147c2049cf1_6.json | 2 +- ...a81c182-4287-489d-af4d-8ae834b06040_8.json | 2 +- ...5d22c-5e1c-4f33-bfc9-efa73bb53022_214.json | 4 +- ...ab88bb8-cdd9-11ef-bd9a-f661ea17fbcd_8.json | 2 +- ...b3ac0e3-2c9c-4069-a26d-75ca6a6e547b_1.json | 2 +- ...fe8d2-7ae2-475c-8b5d-55b449e4264f_109.json | 2 +- ...b13b2-1700-48a8-a750-b43b0a72ab69_213.json | 2 +- ...1b212-b85c-41c6-9b28-be0e5cdfc9b1_213.json | 2 +- ...ba8c7d1-172b-435d-9034-02ed9289c628_2.json | 2 +- ...aa96b9-f36c-4898-ace2-581acb00a409_14.json | 4 +- ...1a775-8267-41fa-9232-20e5582596ac_214.json | 2 +- ...f2d83-32b8-4ae2-b0e6-6a45772e9331_108.json | 2 +- ...c0fc359-68db-421e-a435-348ced7a7f92_7.json | 2 +- ...eeacf-2972-434f-b782-3a532b100d67_110.json | 2 +- ...8bba7-4a23-4232-b551-eca3ca1e3f20_110.json | 2 +- ...c9e4f5a-e263-4213-a2ac-1edf9b417ada_4.json | 2 +- ...7d28e-4a48-47b1-adb7-5074310e9a61_108.json | 2 +- ...aa15ce-2d41-44d7-a322-918f9db77766_10.json | 6 +- ...cf0e362-0a2f-4f5e-9dd8-0d34f901781f_5.json | 2 +- ...d18f4a3-c4c6-43b9-a1e4-b05e09998110_4.json | 8 +- ...eadf6-3ac6-4e66-91aa-4a1e6711915f_104.json | 6 +- ...c86a0-8b61-4457-ab38-96943984e889_219.json | 2 +- ...d058d-5405-4cee-b890-337f09366ba2_109.json | 6 +- ...eefee-f671-494e-98df-f01daf9e5f17_215.json | 8 +- ...f646b-08d4-492c-870a-6c04e3700034_216.json | 4 +- ...addc4-4438-48b4-bc43-9f5cf8151c46_111.json | 12 +- ...ebe11-e169-42e3-b344-c5d2015533d3_211.json | 4 +- ...c5aed-90f5-4221-8bd5-7ab3a4334751_109.json | 4 +- ...e70614d-4295-473c-a953-582aef41c865_8.json | 12 +- ...afaed-4bcd-4e0a-b5f9-5562003dde81_318.json | 12 +- ...ea0589d-c7a4-4dc6-a931-9fecaa8689fb_1.json | 2 +- ...073bf-ce26-4607-b405-ba1ed8e9e204_214.json | 2 +- ...f8c007c-7dee-4842-8e9a-ee534c09d205_8.json | 4 +- ...a5158-1fd6-4937-a205-77d96213b341_107.json | 6 +- ...af89b-a2a7-48a3-817f-e41829dc61ee_219.json | 4 +- ...0136397-f82a-45e5-9b9f-a3651d77e21a_5.json | 157 ------------ ...0136397-f82a-45e5-9b9f-a3651d77e21a_8.json | 2 +- ...c8b9f-5e1d-463c-a1b0-04edcdfe1a3d_114.json | 2 +- ...040c962-1c60-4259-8ea3-601a40d4ab9f_1.json | 2 +- ...29aa8-9974-42da-bfb6-53a0a515a145_316.json | 8 +- ...04be7e0-b0fc-11ef-a826-f661ea17fbce_7.json | 2 +- ...07f7898-5dc3-11f0-9f27-f661ea17fbcd_9.json | 2 +- ...0b9dc99-c696-4779-b086-0d37dc2b3778_4.json | 2 +- ...4dc1b-cef2-4d01-8d74-ff6b0d5096b6_108.json | 2 +- ...1326e45-6d3c-4a2d-9882-606a0c310299_1.json | 2 +- ...ffbf9-595a-4c0b-a126-aacedb6dd179_101.json | 2 +- ...12764-0788-470f-8e74-eb4a14d47573_213.json | 2 +- ...18975f5-676c-4091-b626-81e8938aa2ee_7.json | 8 +- ...1a3e2f0-8a1b-11ef-9b4a-f661ea17fbce_2.json | 2 +- ...1a9ed70-d349-11ef-841c-f661ea17fbcd_8.json | 2 +- ...1e79a70-fa6f-11ee-8bc8-f661ea17fbce_9.json | 2 +- ...cd758-07b1-46a1-b03f-fa66158258b8_107.json | 2 +- ...22f89d9-b674-4650-8454-02242c8b35eb_1.json | 2 +- ...24e9a43-f67e-431d-991b-09cdb83b3c0c_7.json | 4 +- ...e9c87-95e1-4368-bfab-9fd34cf867ec_319.json | 12 +- ...c4d8c-f014-40ef-88b6-79a1d67cd499_207.json | 4 +- ...2fa52-4115-408a-b897-e14f684b3cb7_113.json | 2 +- ...296f888-eac6-4543-8da5-b6abb0d3304f_7.json | 2 +- ...2a91e88-4f4b-4e1d-9c7b-8fde112a9403_2.json | 2 +- ...90150-0133-451c-a783-533e736c12d7_213.json | 6 +- ...371e9fc-6a10-11ef-a0ac-f661ea17fbcc_7.json | 4 +- ...37ffc64-da75-447e-ad1c-cbc64727b3b8_5.json | 2 +- ...915e0-22f3-4bf7-991d-b643513c722f_415.json | 8 +- ...3d4e5f6-7a8b-9c0d-1e2f-3a4b5c6d7e8f_2.json | 2 +- ...3d4e5f6-a7b8-6c9d-0e1f-2a3b4c5d6e7f_3.json | 2 +- ...3d4e5f6-a7b8-9012-cdef-123456789abc_3.json | 8 +- ...5e1d8-910e-43b4-8d44-d748e498ca86_108.json | 2 +- ...3f8a1d2-4b5e-4c6f-9a8b-1e2d3f4a5b6c_1.json | 129 ---------- ...3f8a1d2-4b5e-4c6f-9a8b-1e2d3f4a5b6c_4.json | 12 +- ...10e1c-64f2-4f48-b67e-b5a8ffe3aa14_317.json | 12 +- ...435defe-8438-4d5a-b4d0-86ab0faf9a49_1.json | 2 +- ...18812-d44f-47be-aaef-4cfb2f9cc799_313.json | 8 +- ...4e9ed3e-55a2-4309-a012-bc3c78dad10a_7.json | 2 +- ...badd3-3e61-4292-836f-56209dc8a601_111.json | 6 +- ...562a800-cf97-464e-9d6f-84db91e86e10_4.json | 4 +- ...637438-e32d-4bb3-bc13-bd7932b3289f_11.json | 2 +- ...77997-f75b-4cda-b830-a75920514096_109.json | 6 +- ...f8579-e2a5-4804-847f-f2732edc5156_316.json | 8 +- ...c3081-2e1d-4497-8491-e73a45d1a6d6_109.json | 2 +- ...595363f-52a6-49e1-9257-0e08ae043dbd_2.json | 8 +- ...9f591-d111-4cf8-baec-c26a39bc31ef_214.json | 2 +- ...e48a6-7f57-4ee8-9313-3d0024caee10_315.json | 10 +- ...5da2519-160c-4cc9-bf69-b0223e99d0db_3.json | 8 +- ...c3223-13a2-44a2-946c-e9dc0aa0449c_318.json | 12 +- ...81243-56e0-47f9-b5bb-55a5ed89ba57_107.json | 2 +- ...5fc788c-7576-4a02-b3d6-d2c016eb85a6_6.json | 8 +- ...62733ff-9373-4fdf-9733-3d992e148c93_1.json | 2 +- ...53e73-90eb-4fe7-a98c-cde7bbfc504a_320.json | 12 +- ...6b40f4c-c6a9-434e-adb8-989b0d06d005_3.json | 154 ------------ ...6b40f4c-c6a9-434e-adb8-989b0d06d005_6.json | 6 +- ...d9f0d-8cb6-4cfc-85df-a95c1ccf4eab_108.json | 2 +- ...73cc6ab-b30e-46bf-b5f2-29d9ab4caf7b_3.json | 2 +- ...9e367-a069-4a73-b1f2-43a3798153ad_414.json | 2 +- ...fd275-ab2c-4d49-8890-e2943fa65c09_413.json | 2 +- ...75d0c86-38d6-4821-98a1-465cff8ff4c8_7.json | 2 +- ...766bc56-fdca-11ef-b194-f661ea17fbcd_7.json | 2 +- ...94234-7814-44c2-92a9-f7d851ea246a_213.json | 6 +- ...08cac-337a-4f38-b50d-5eeb78bdb531_210.json | 2 +- ...e36c0-32ff-4f9a-bfc2-dcb242bf99f9_218.json | 4 +- ...b5533-ca2a-41f6-a8b0-ee98abe0f573_110.json | 4 +- ...cefcb-82b9-4408-a533-3c3df549e62d_112.json | 2 +- ...b2bd8-d701-420c-ba43-f11a155b681a_112.json | 10 +- ...c7d8f-fb9e-4874-a4bd-fd9e3f9becf1_117.json | 2 +- ...eb82c-d2c8-485c-a36f-534f914b7663_109.json | 2 +- ...d4bd0-5649-4c52-87ea-9be59dbfbcf2_111.json | 2 +- ...935a8b-634a-4449-98f7-bb24d3b2c0af_15.json | 2 +- ...150f0-0164-475b-a75e-74b47800a9ff_320.json | 10 +- ...8cc8192-f4f5-4ed3-8368-544ca738d506_1.json | 2 +- ...ccb06-faf2-4cd5-886e-2c9636cfcb87_319.json | 12 +- ...8e4f1a2-9b3d-4c5e-a6f7-8b9c0d1e2f3a_1.json | 2 +- ...8e5f6a2-1234-4d5e-9f8a-b7c6d5e4f3a2_4.json | 2 +- ...8f4a2e1-9b3d-4c7e-8f2a-1d0e5b6c7a89_1.json | 2 +- ...482bfa-a553-4226-8ea2-4959bd4f7923_13.json | 4 +- ...9636a6e-125e-11f1-9cd3-f661ea17fbce_3.json | 2 +- ...9847fe9-3bed-4e6b-b319-f9956d6dd02a_5.json | 12 +- ...9d4e8f1-2a3b-4c5d-8e9f-0a1b2c3d4e5f_1.json | 2 +- ...a3bcacc-9285-4452-a742-5dae77538f61_8.json | 8 +- ...9768e-40e1-4e45-a097-0e5fbc876ac2_213.json | 2 +- ...98c7cf-a56e-4057-a4e8-39603f7f0389_15.json | 2 +- ...aaa8b78-367c-11f0-beb8-f661ea17fbcd_6.json | 2 +- ...91072-d165-11ec-a764-f661ea17fbce_219.json | 2 +- ...4500a-abd7-4ef3-b5d3-95524de7cfe1_213.json | 2 +- ...1aa62-55c8-42f0-b0dd-afb0bb0b1f51_110.json | 2 +- ...b9554e8-9f31-41a8-b4f5-d82144e6dc33_1.json | 4 +- ...bbe0523-33f3-4420-b88d-5c940d9e72c1_2.json | 2 +- ...bda9a0e-2be4-4eaa-9571-8d6a503e9828_3.json | 2 +- ...fd2d0-ba3a-4939-b87f-2901764ed036_111.json | 2 +- ...82a2e-7e52-11ee-9aac-f661ea17fbcd_311.json | 2 +- ...53d77-ddd2-45b1-9197-c75ad19df66c_107.json | 6 +- ...a8a20-2df2-11ed-8378-f661ea17fbce_112.json | 2 +- ...9312d-6f47-48e4-a87c-4977bd4633c3_109.json | 2 +- ...2c835-da92-45c9-9f29-b4992ad621a0_416.json | 2 +- ...ca64114-fb8b-11ef-86e2-f661ea17fbce_9.json | 2 +- ...ccc9be5-d8b0-466e-8a37-617eae57351a_2.json | 2 +- ...6fb10-0261-46e8-9932-a0336278cdbe_415.json | 2 +- ...d24c340-b778-44bd-ab69-2f739bd70ce1_3.json | 2 +- ...6a419-9b3f-4f57-8ff8-ac4cd2d5f530_208.json | 4 +- ...6a5af-e34b-4bb0-8931-57d0a043f2ef_215.json | 6 +- ...d82e3d6-1346-4afd-8f22-38388bbf34cb_9.json | 2 +- ...9602e-9db0-48e3-9391-ae3bf241acd8_419.json | 2 +- ...ebdc1-dc97-43c6-a538-f26a20c0a911_416.json | 2 +- ...1bafa-9f01-4f43-a872-605b678968b0_221.json | 2 +- ...df1a39b-1ca5-4e2a-9739-17fc4d026029_7.json | 2 +- ...df7b922-909c-440c-8df0-0efe72aa7bea_1.json | 2 +- ...8b55a-f67d-4804-92b5-617b0fe5a5b5_208.json | 2 +- ...8cdb8-e6cb-46bb-a7cc-16d17547323f_102.json | 2 +- ...e4a32e5-32aa-47e6-80da-ced6d234387d_6.json | 4 +- ...4d965-6cb0-466d-b74f-8d2c76f47f05_318.json | 12 +- ...e73954b-a0a4-4f05-b67b-294c500dac77_4.json | 2 +- ...ebabc1e-1145-4e39-b04b-34d621ee1e2c_1.json | 2 +- ...f2b8cf5-3364-4396-b551-42aae9b6d37e_3.json | 8 +- ...f307a5a-d503-44a4-8158-db196d99c9df_2.json | 2 +- ...49724-c577-4fd6-8f9b-d1b8ec519ec0_211.json | 2 +- ...f6995ec-32a9-4b2d-9340-f8e61acf3f4e_6.json | 4 +- ...92c41-2225-4763-b4ce-6f71e5bda5e6_322.json | 10 +- ...ffbaf47-9391-4e09-a83c-1f27d7474826_4.json | 2 +- ...0088204-675b-4175-bf07-1665da2d4810_1.json | 2 +- ...f33e7-b57d-4023-9952-2db91b1767c4_116.json | 6 +- ...08ba1ed-a0a3-4fe0-9c02-e643b9a25a03_2.json | 2 +- ...0f3ed-0b37-44bf-adee-e8cb7de92767_104.json | 2 +- ...159cf-73e9-40d1-a9ed-077e3158a855_317.json | 10 +- ...7cbb4-7d56-41b4-b999-bdf8c25648a0_319.json | 12 +- ...121f0a8-4875-11f0-bb2b-f661ea17fbcd_4.json | 2 +- ...2bac54-ab2a-4159-933f-d7bcefa7b61d_10.json | 2 +- ...197478e-39f0-4347-a22f-ba654718b148_6.json | 2 +- ...19a2399-f8e2-4b10-80d8-a561ce9d24d1_5.json | 2 +- ...1b37c0b-4f8b-4cfb-9a1d-639bf8c028b7_1.json | 2 +- ...1e5e410-3e34-412e-9b1f-dd500b3b55cd_8.json | 2 +- ...1ee711a-a3ba-4d73-b5ab-84cab5b37fb3_2.json | 2 +- ...1f310cb-5921-4d37-bbdf-cfdab7a6df9c_2.json | 8 +- ...a85c6-d2ad-4cc4-bf7b-54787473669a_111.json | 2 +- ...26331be-affe-46b2-bf4e-203d0e2d364c_1.json | 8 +- ...03b82-f92c-4489-a4a7-62aa29a62542_104.json | 6 +- ...f183a-e5b1-451b-8534-ba62bca0b404_318.json | 10 +- ...32f0c27-8edb-4bcf-975e-01696c961e08_1.json | 2 +- ...1bbe2-6db4-4941-80a5-8270db72eb61_322.json | 12 +- ...ea3bf-9a11-463e-bd46-f648f2a0f4b1_114.json | 4 +- ...51433-782f-4e22-bbea-c816af2d41c6_107.json | 6 +- ...3b6222f-537e-4b84-956a-3ebae2dcf811_1.json | 2 +- ...3f2b43-02a1-4219-8ce9-10929a32a618_11.json | 2 +- ...1fac0-43e8-49e2-85ea-3a58fe120b4f_113.json | 2 +- ...4695889-0410-4e7b-a4aa-59be525a11a6_1.json | 2 +- ...488f026-7907-4f56-ad51-742feb3db01c_8.json | 2 +- ...e1c13-4aca-4d1f-a7b1-a9161c0ad86f_413.json | 2 +- ...cc73f-7a16-4def-89ce-9fc7127d7820_105.json | 2 +- ...f3a06-1e0a-48ec-b96a-faf2309fae46_207.json | 4 +- ...73fa0-9d43-465e-b8bf-50230da6718b_208.json | 6 +- ...4e5f6a7-8b9c-0d1e-2f3a-4b5c6d7e8f9a_2.json | 2 +- ...4e8f0a1-2b3c-4d5e-a6f7-8b9c0d1e2f3a_1.json | 2 +- ...f2f53-c802-4d2e-9fb9-9ecc08356c3f_112.json | 8 +- ...54b649d-46d0-4b4c-a9a7-1bc9fc458d3c_3.json | 2 +- ...55abdfb-5384-402b-add4-6c401501b0c3_8.json | 4 +- ...3aaba-2e72-462b-8658-3e5ea22db3a6_316.json | 10 +- ...591d7af-399b-4888-b705-ae612690c48d_3.json | 2 +- ...86bf5-cf0c-4c06-b688-53fdc072fdfd_415.json | 2 +- ...cbcf8-1bc1-4cff-85ba-e7b21c5beedc_212.json | 4 +- ...6241c90-99f2-44db-b50f-299b6ebd7ee9_8.json | 2 +- ...4f0ae-3dd1-4856-9aad-ccfe4d4bfa17_215.json | 2 +- ...b64a8-a7c9-43e5-aee3-15a725a794e7_110.json | 2 +- ...6702168-2be6-4d7d-a549-9bff67733df3_1.json | 2 +- ...e95ad-1c82-4074-a12a-125fe10ac8ba_118.json | 6 +- ...eb1b5-5f1c-4b6d-9e63-5b6b145cd4aa_213.json | 2 +- ...69d05f8-d48a-4dcb-b226-fb2efbedd6ba_1.json | 2 +- ...6e1b3f0-8a2c-4e7d-b5f9-1c0e3a6d8b2f_4.json | 12 +- ...3a5af-d5b0-43bd-8ddb-7a5d500b7da5_217.json | 6 +- ...70c966f-c5ef-4228-9548-346593cd422d_1.json | 2 +- ...7182e12-df8f-4ecf-b8f8-7cc0adcec425_1.json | 2 +- ...e33fc-6e91-42ff-ac8b-e573268c5a87_319.json | 12 +- ...3ff2a-203e-4a46-a3e3-40512cfe8fbb_213.json | 2 +- ...d6506-427a-4790-b170-0c2a6ddac799_109.json | 8 +- ...991f2-b989-419d-b797-ac1e54ec2d61_211.json | 2 +- ...b02ef-fc95-4001-9297-01cb7412232f_216.json | 4 +- ...788313c-9e0b-4c5a-8c4b-c3f05a47d5a8_7.json | 2 +- ...c4b2a-6134-4edd-86e6-564a92a933f9_110.json | 2 +- ...7b57cbd-de03-4c3b-8278-daa1ee4a6772_2.json | 2 +- ...5c059-c19a-4a96-8ae3-41496ef3bcf9_208.json | 6 +- ...62693-aab9-4f66-a21a-3d79ecdd603d_110.json | 120 --------- ...62693-aab9-4f66-a21a-3d79ecdd603d_113.json | 10 +- ...84a11c0-eb12-4e7d-8a0a-718e38351e29_4.json | 4 +- ...ab1ec1-feeb-48b9-89e7-c12e189448aa_12.json | 89 ------- ...ab1ec1-feeb-48b9-89e7-c12e189448aa_15.json | 2 +- ...8b2f85a-cf1c-40fc-acf0-bb5d588a8ea6_3.json | 8 +- ...8f2a1b3-c4e5-6789-abcd-ef0123456789_2.json | 2 +- ...8f4e3b0-8a1b-11ef-9b4a-f661ea17fbce_2.json | 2 +- ...c1cca-93ed-43c1-bbb6-c0dd3eff2958_216.json | 2 +- ...e61db-82d6-4095-99aa-714988118064_209.json | 12 +- ...994a184-ab93-4cff-8fb6-31a4b4dd18b1_1.json | 2 +- ...a037b-c8e2-47a5-97b9-170d076827c4_319.json | 12 +- ...9af2479-ad13-4471-a312-f586517f1243_6.json | 12 +- ...9bfa475-270d-4b07-93cb-b1f49abe13da_3.json | 2 +- ...9faf1ba-a216-4c29-b8e0-a05a9d14b027_4.json | 2 +- ...fc3d6-9de9-4b29-9395-5757d0695ecf_209.json | 10 +- ...a0d4bae-33ee-11f0-a59f-f661ea17fbcd_2.json | 2 +- ...a0ebebe-5ad3-4277-95e7-889f5a69b959_2.json | 4 +- ...a4f56b8-9bc5-4003-a46c-d23616fbc691_2.json | 4 +- ...733b1-fe08-487e-b536-0a04c6d8b0cd_217.json | 10 +- ...a7f5803-1cd4-42fd-a890-0173ae80ac69_9.json | 6 +- ...7eee1-129c-4661-a7aa-57d0b9645fad_117.json | 4 +- ...fdf96-e7b1-4f14-b494-27e0d24b11f6_111.json | 4 +- ...acfbecd-7927-46a7-a8ba-feb65a2e990d_3.json | 4 +- ...af2e0e0-0bab-4672-bfa1-62db0ee5ec22_3.json | 2 +- ...a3235-76dc-40e2-9f71-1773b96d24cf_111.json | 2 +- ...b1271cd-f574-4173-b4e5-7369f3c03d44_1.json | 2 +- ...5f5ba-d1ef-4944-b9e8-7e51060c2b42_210.json | 10 +- ...dbad5-08d2-4d25-b9b1-d3a1e4a15efd_217.json | 12 +- ...b97a2aa-3ba5-4fa5-b8b9-bf42284edb5f_3.json | 2 +- ...b7782-0df0-47ff-8337-db0d678bdb66_111.json | 6 +- ...1f382-dc0c-4cc0-a845-069f2a071704_108.json | 6 +- ...1c186-9fe4-4437-a4d0-85ebb32b8204_115.json | 6 +- ...c765fb2-0c99-4e57-8c11-dafdf1992b66_6.json | 4 +- ...c1f74-dac3-48e3-b47f-eb79db358f57_318.json | 12 +- ...28dee-c999-400f-b640-50a081cc0fd1_212.json | 2 +- ...6b4b0-ae70-44eb-bb7a-ce6db502ee78_213.json | 12 +- ...d07f8-bd6e-4bb4-ac5d-cec1927ea88f_102.json | 2 +- ...4b062-b9e3-4a6b-8c0c-6c8ca6dd450e_217.json | 12 +- ...d52d45a-4602-4195-9018-ebe0f219c273_9.json | 2 +- ...83e79-22e8-44d1-9173-d57dba514cac_105.json | 10 +- ...b1f5f-7089-44f5-9fda-de5b11322e77_316.json | 10 +- ...de13d58-bc39-4aa0-87fd-b4bdbf4591da_9.json | 2 +- ...df26e25-3e30-42b2-92db-bde8eb82ad67_5.json | 4 +- ...e0e9ed8-b68f-4249-957a-2c2bbdbd1c1b_1.json | 2 +- ...e67f85e-2d43-11f0-b8c9-f661ea17fbcc_9.json | 2 +- ...bd7e0-49e9-4e92-a64d-53ade2e66af1_319.json | 10 +- ...ff20a-46bc-4a4d-bae5-5cdd14222795_216.json | 8 +- ...09d02-0137-4ccc-8005-c45e617e8d4c_108.json | 2 +- ...eee5856-25ba-438d-ae53-09d66f41b127_4.json | 2 +- ...f0553c8-2296-45ef-b4dc-3b88c4c130a7_2.json | 2 +- ...0fd41e-5590-4965-ad5e-cd079ec22fa9_13.json | 2 +- ...97323-72a8-46a9-a08e-3f5b04a4a97a_309.json | 4 +- ...6fd74-1baa-4479-b42e-48da84642330_107.json | 2 +- ...f62d9-caab-4b88-affa-044f4395a1e0_216.json | 4 +- ...fda76-c92b-4943-bc68-04460a5ea5ba_210.json | 2 +- ...f919b5e-a0f6-4fd8-8598-e3ce79299e3b_9.json | 2 +- ...bd37c-d4c5-46f8-9181-5afdd9172b4c_211.json | 10 +- ...00b8d49-632f-4dc6-94a5-76153a481915_9.json | 2 +- ...00c7862-43f1-48fd-aa30-950db838eded_1.json | 2 +- ...bd3ea-72c6-4181-ac2b-0f83d17ad969_108.json | 2 +- ...2c845-48d0-4f46-8a13-7d0aba05df82_214.json | 4 +- ...81d20-54ac-457f-8733-fe0bc5d44c55_114.json | 6 +- ...ccd49-0380-4b2b-8d71-8000377d6e49_417.json | 2 +- ...0916edd-ea8c-49d2-882e-2cf6af161dd7_1.json | 2 +- ...c3807-e108-483c-bf66-5a4fbe0d7e89_111.json | 6 +- ...36de1-0342-453d-95a9-a068b257b053_109.json | 2 +- ...c0318-99b1-44f2-830c-3a38a43207ca_214.json | 2 +- ...e64ee-130e-4c07-961f-8a339f0b8362_213.json | 4 +- ...b8899-97c1-4851-8993-3a3265353601_107.json | 6 +- ...58f48-ba75-4248-951b-7c885edf18c2_112.json | 6 +- ...aed74-c816-40d3-a810-48d6fbd8b2fd_208.json | 6 +- ...26c0f76-2e80-445b-9e98-ab5532ccc46f_2.json | 2 +- ...f042e-c590-4e82-8e05-41e81bd822ad_322.json | 2 +- ...28b8093-833b-4eda-b877-0873d134cf3c_7.json | 2 +- ...29599ee-d6ad-46a9-9c6a-dc39f361890d_5.json | 4 +- ...67480-3b79-403d-96e3-fdd2992c50ef_214.json | 2 +- ...2dc8f8c-5f16-42fa-b49e-0eb8057f7444_8.json | 2 +- ...0537d-7d8f-4910-a11d-559bcf61295a_215.json | 12 +- ...9fdf5-8076-45ad-9427-41e0e03dc9c2_219.json | 8 +- ...b5b18-e33c-4270-851e-c3d675c9afcd_108.json | 2 +- ...2e6c3-448c-4243-8d9b-d41da70db582_107.json | 6 +- ...43ab9-4245-4715-b344-e11c56b0a47f_319.json | 12 +- ...3a7b1c2-5d9f-4e8a-b6c3-2f1d4e5a6b7c_3.json | 2 +- ...3bd85e9-7aff-46eb-b60e-20dfc9020d98_8.json | 2 +- ...27562-709a-42bd-82f2-3ed926cced19_213.json | 2 +- ...3c7a891-4b2d-4e8c-a1f0-9d8e7c6b5a4d_1.json | 2 +- ...f38fa-d5b8-46cc-87f9-4a7513e4281d_211.json | 4 +- ...904b3-0a8e-4e68-86a8-977a163e21d3_220.json | 4 +- ...3f5a566-df31-40cc-987c-24bc4bb94ba5_1.json | 2 +- ...43b7578-f3cc-4682-a8cf-f9d8a5fb07f1_1.json | 2 +- ...8f3f6-7c4c-45bb-846a-053738b3fe5d_111.json | 4 +- ...236ca-b67a-4b4e-840c-fdc7782bc0c3_415.json | 2 +- ...4c5d6e7-f8a9-4012-b3c4-d5e6f7a80912_1.json | 2 +- ...31051-ee01-4307-a6ee-b21b186958f4_214.json | 4 +- ...eea34-3b62-4c83-b77f-018fbef48c00_106.json | 2 +- ...4d8cd-ed15-4011-84e2-d15147e059f1_219.json | 4 +- ...516bf56-d51b-43e8-91ec-9e276331f433_4.json | 8 +- ...5420ced-bc42-4783-a8df-99320567e090_2.json | 2 +- ...5105c-ba6d-481f-82bb-9b633e7b4827_211.json | 2 +- ...5d219fd-8362-4b67-a0b8-e3dd4331acdd_1.json | 4 +- ...5d69377-f8cf-4e8f-8328-690822cd012a_4.json | 4 +- ...5f6a7b8-c9d0-8e1f-2a3b-4c5d6e7f8a9b_2.json | 110 --------- ...5f6a7b8-c9d0-8e1f-2a3b-4c5d6e7f8a9b_5.json | 4 +- ...5f9a1b2-3c4d-4e6f-a7b8-9c0d1e2f3a4b_1.json | 2 +- ...1a552-7776-44ad-ae0f-8746cc07773c_108.json | 2 +- ...98d38-633d-4b3e-9387-42112cd5ac10_112.json | 2 +- ...3ecff-03dd-48ec-acbd-54a04de10c68_414.json | 2 +- ...8912f-283f-4d0d-8442-e0dcaf49944b_113.json | 2 +- ...75e8d-a966-458e-a183-85cd331af255_110.json | 2 +- ...707a7be-cc52-41ac-8ab3-d34b38c20005_6.json | 2 +- ...25cea-9fe1-42a5-9a05-b0792cf86f5a_212.json | 4 +- ...f87d0-a70e-4f8d-8443-a6407bc34643_313.json | 4 +- ...7357fec-6e9c-41b9-b93d-6e4fc40c7d47_6.json | 2 +- ...74d645b-fec6-431e-bf93-ca64a538e0de_7.json | 2 +- ...7509f8f-e70b-4b67-b864-aaa4254b4484_1.json | 2 +- ...0c72b-bb1f-44f0-9f0d-37d51744ee75_208.json | 8 +- ...7856173-6489-449f-80ec-c1f5fcd7b87c_2.json | 2 +- ...7b2c3d4-5a6b-4e8f-9c0d-1a2b3e4f5a6b_2.json | 2 +- ...b3cfd-aaa3-4d7b-af18-23b89955062c_114.json | 6 +- ...d5982-17c8-4959-874c-633acde7d426_213.json | 2 +- ...7e0588b-2b55-4f88-afd1-cf98e95e0f58_2.json | 2 +- ...7f2c4a1-9b3d-5e8f-c6a0-2d1b4e7f8c3a_4.json | 12 +- ...80ee207-9505-49ab-8ca8-bc57d80e2cab_6.json | 2 +- ...842d39d-ead1-48c6-97f1-6b055476c2f3_1.json | 2 +- ...71d5f-bea1-46c2-9f56-998de2d3ed95_220.json | 10 +- ...da94d-e54b-4fb5-b96c-cecff87e8787_315.json | 10 +- ...882e934-2aaa-11f0-8272-f661ea17fbcc_4.json | 117 --------- ...882e934-2aaa-11f0-8272-f661ea17fbcc_7.json | 2 +- ...d1fe9-b2f4-48d4-bace-a026dc745d4b_115.json | 6 +- ...8b37f18-4804-4819-8602-4aba1169c9f4_6.json | 2 +- ...c9ff14-fd1e-11ee-a0df-f661ea17fbce_10.json | 2 +- ...8e7b6b6-78b0-4015-97fe-c2f28468e0d4_1.json | 2 +- ...8ea6f58-0040-11f0-a243-f661ea17fbcd_7.json | 2 +- ...01ee6-2d00-4d2f-849e-b8b1fb05234c_112.json | 2 +- ...03ce9a-5ce6-4246-bb14-75ed3ec2edf5_13.json | 2 +- ...ee3af-45fc-432e-a850-4a58cf14a457_417.json | 2 +- ...c99b6-c547-4bb6-b244-2f27394bc849_108.json | 4 +- ...262f2-c1e9-4d3f-a907-aeab16712e1a_318.json | 10 +- ...9a3b2c1-d4f5-6789-0abc-def123456789_2.json | 2 +- ...be69b-1deb-4e19-ac4a-5d5ac00f72eb_111.json | 4 +- ...0902b-c515-413b-b80b-a8dcebc81a66_109.json | 4 +- ...9fe3645-f588-43d6-99f5-437b3ef56f25_3.json | 2 +- ...f9c1c-fe36-4d0d-b3fd-9e0bf4853a62_107.json | 2 +- ...9ff26-3902-4c53-bb8e-24b7a5d029dd_211.json | 4 +- ...48a02-bc47-4043-8e94-2885b19b2636_216.json | 2 +- ...77d63-9679-4ce3-be25-3ba8b795e5fa_109.json | 4 +- ...ef8a35-12e0-4ac0-bc14-81c72b6bd27c_10.json | 2 +- ...b3150eb-e9fb-4a64-a0fc-aa66cdd35632_3.json | 2 +- ...4611f-62a8-4036-a5ef-587098be6c43_110.json | 2 +- ...10e70-f9e6-4949-82b9-f1c5bcd37c39_218.json | 2 +- ...b804972-ea34-11ee-a417-f661ea17fbce_5.json | 2 +- ...b8abab8-dea4-4903-a0ad-dfcb09224488_1.json | 2 +- ...b958cb3-dead-42b6-94ff-b9de6721fab2_2.json | 2 +- ...eb8ba-a983-41d9-9c93-a1c05112ca5e_215.json | 8 +- ...200e8-adf0-43f8-a0bb-4ee5b5d852c6_419.json | 10 +- ...bbc1959-3309-4abf-b6cb-2bee3dbc9a7b_1.json | 4 +- ...1adea-ccf2-4943-8b96-7ab11ca173a5_318.json | 12 +- ...bf493d1-20be-41a0-a010-c1b6a6f90e28_1.json | 8 +- ...e1448-7fac-4d59-acea-181bd89b1f7f_320.json | 10 +- ...04672-bed9-43e1-8871-cf591c052550_107.json | 2 +- ...c81962e-4bc8-48e6-bfb0-545fc97d8f6a_3.json | 2 +- ...cc0cd54-608e-11ef-ab6d-f661ea17fbce_9.json | 14 +- ...cd4857b-5bac-455e-a7c9-a88b66e56a9e_4.json | 2 +- ...d2461e1-d6bf-4550-87b9-c008d6ac15f4_1.json | 2 +- ...d3fedc3-dd10-45a5-a485-34a8b48cea46_7.json | 2 +- ...ecd27-e3e6-4fd9-8586-7754803f7fc8_109.json | 2 +- ...499b8-a073-4e35-9733-22ec71f57f3a_319.json | 12 +- ...91186-1c7e-4db8-b53e-bfa33a1a0a8a_414.json | 2 +- ...8ee23-5ea7-4123-ba19-56b41e424ae3_321.json | 12 +- ...fd5ca9-9d6c-44d9-b615-1e56b920219c_10.json | 2 +- ...9a9f7-5a79-4b0a-9815-d36b3cf28d3e_312.json | 2 +- ...300a7-7e31-4a72-a258-250abb8b3aa1_217.json | 12 +- ...e53d67a-5f0c-423c-a53c-8084ae562b5c_4.json | 2 +- ...e7726cc-babc-4885-988c-f915173ac0c0_4.json | 12 +- ...82229-b002-470e-a9e1-00be38b14d32_114.json | 2 +- ...9f8b5-48ec-44b5-b8bd-7b9b7d71853c_103.json | 10 +- ...4a476-07ec-48fc-8f3d-5e1742de76d3_215.json | 8 +- ...00a2e-ecd4-4f72-9d1e-2f779ff3c311_113.json | 4 +- ...f35b103-7fca-4af4-879d-a7e73c918659_1.json | 4 +- ...f395dff-be12-4a6e-8919-d87d627c2174_5.json | 6 +- ...5e82c-d8b4-4895-9824-5f6bc6166804_103.json | 2 +- ...62985-3f13-4262-a686-5f357bbb9bc2_219.json | 8 +- ...cc01c-fc49-4954-a175-98569c646740_108.json | 6 +- ...6953a-4615-4707-a1ca-dc53bf69dcd5_214.json | 6 +- ...93cb4-9b15-43a9-9359-68c23a7f2cf3_113.json | 2 +- ...414a6-f2a4-466d-8eba-10f85e8abf71_415.json | 2 +- ...48bbc-549e-4bcf-8ee0-a7a72586c6a7_115.json | 2 +- ...c081a-2346-4744-a6a4-81514817e888_109.json | 2 +- ...0cc239b-67fa-46fc-89d4-f861753a40f5_8.json | 4 +- ...0dbff4c-1aa7-4458-9ed5-ada472f64970_5.json | 4 +- ...b70e9-71e9-40cd-813f-bf8e8c812cb1_111.json | 2 +- ...fca20-4d6c-43f9-aec1-20b6de3b0aeb_113.json | 158 ------------ ...fca20-4d6c-43f9-aec1-20b6de3b0aeb_116.json | 2 +- ...a474c-3632-427f-bcf5-363c994309ee_106.json | 4 +- ...1a2b3c4-d5e6-4789-a012-3456789abc01_1.json | 2 +- ...1a6d0f4-95b8-11ed-9517-f661ea17fbcc_8.json | 2 +- ...1f3070e-045c-4e03-ae58-d11d43d2ee51_2.json | 2 +- ...2015527-7c46-4bb9-80db-051657ddfb69_9.json | 2 +- ...d1782-e783-4ed0-a0c4-946899a98a7c_102.json | 2 +- ...2108687-553d-45ac-b8f0-d0efeac5d45f_1.json | 2 +- ...3fe39-83a4-46f3-a3b6-707557a102df_107.json | 4 +- ...246e70e-5e20-4006-8460-d72b023d6adf_2.json | 2 +- ...bcae1-8980-4b30-b5dd-f851b055c9e7_114.json | 2 +- ...e2be4-6eca-4349-bdd9-381573730c22_216.json | 4 +- ...2a3b4c5-d6e7-4f89-a012-b3c4d5e6f789_1.json | 2 +- ...2a8c4d1-6b3e-4a9f-8c2d-1e5f7a9b0c4d_1.json | 2 +- ...2c3caa6-ea34-11ee-a417-f661ea17fbce_5.json | 2 +- ...2c43e8c-ccf2-4eab-9e9a-e335da253773_1.json | 2 +- ...2c653b7-7daf-4774-86f2-34cdbd1fc528_5.json | 2 +- ...7b914-eda3-40c2-96ac-d23ef91776ca_316.json | 10 +- ...2e21713-1eac-4908-a782-1b49c7e9d53b_3.json | 2 +- ...46686-6f3c-4724-bd7d-24e31c70f98f_316.json | 8 +- ...e68a4-bd19-11ed-b02f-f661ea17fbcc_113.json | 2 +- ...3403393-1fd9-4686-8f6e-596c58bc00b4_9.json | 6 +- ...75224-b179-4f78-8877-c2bd64c26b88_218.json | 4 +- ...f3054-d40b-49ac-aa9b-a786c74c58b8_107.json | 96 -------- ...818c85-2207-4b51-8a28-d70fb156ee87_10.json | 2 +- ...8633f4-3b31-4c80-b13d-e77c70ce8254_11.json | 2 +- ...391d3fd-219b-42a3-9ba9-2f66eb0155aa_6.json | 2 +- ...3ac6734-7e52-4a0d-90b7-6847bf4308f2_6.json | 10 +- ...401a0e3-5eeb-4591-969a-f435488e7d12_9.json | 12 +- ...fa4b6-524c-4e87-8d9e-a32599e4fb7c_314.json | 10 +- ...48ecc44-7d02-437d-9562-b838d2c41987_9.json | 2 +- ...4c678-3c33-43aa-b169-bb3d5198c41d_219.json | 4 +- ...4b857b3-faef-430d-b420-90be48647f00_6.json | 8 +- ...4c2515a-18bb-47ce-a768-1dc4e7b0fe6c_7.json | 2 +- ...4d1c0ac-aedb-4063-9fa6-cc651eb5e6ee_7.json | 2 +- ...4dc90eb-e77e-4f0e-b18b-eb50da9e827e_1.json | 2 +- ...30ca17-153b-4a7a-8cd3-98dd4b4ddf73_12.json | 2 +- ...541ca3a-5752-11f0-b44b-f661ea17fbcd_3.json | 4 +- ...5ff26-3c94-4fd0-bd33-3c7f95a3a0fc_317.json | 8 +- ...0bf0a-2d23-43bb-b8e1-17548bb947ec_214.json | 8 +- ...61570-e39a-4b8a-9259-abd39f84cb97_111.json | 4 +- ...596175f-b8fd-43ac-b9e9-ea2a96bb55d8_2.json | 2 +- ...668de-caa0-4b84-94c1-3a1549e1e798_111.json | 6 +- ...005d3-4e17-48b0-9cd7-444d48857f97_112.json | 6 +- ...9d36d-7c30-4cdb-a856-9f653c13d4e0_211.json | 4 +- ...fb4598-4f10-11ed-bdc3-0242ac120002_12.json | 2 +- ...638a66d-3bbf-46b1-a52c-ef6f39fb6caf_7.json | 2 +- ...c8e3c-d396-404f-b2ea-0379d3942d73_317.json | 12 +- ...6652fb5-cd8e-499c-8311-2ce2bb6cac62_9.json | 2 +- ...66a6869-d4c7-4d20-ab13-beefd03b63b4_2.json | 2 +- ...5872f-6d85-40a3-b502-c0d2ef101e92_316.json | 12 +- ...3dcdf-a018-4801-b066-193d4ae6c8e5_111.json | 2 +- ...6a0b2c3-4d5e-4f7a-8b9c-0d1e2f3a4b5c_1.json | 2 +- ...07a70-9ad0-11ef-954f-f661ea17fbcd_109.json | 2 +- ...d8c743-0916-4483-8333-3c6f107e0caa_12.json | 2 +- ...6fee40d-8a5e-4cc8-9f73-8688419c6d68_1.json | 2 +- ...701be14-0a36-4e9a-a851-b3e20ae55f09_4.json | 4 +- ...754e348-f36f-4510-8087-d7f29874cc12_2.json | 2 +- ...75f65cf-ed04-48df-a7ff-b02a8bfe636e_7.json | 4 +- ...6ffaf-9568-4909-b734-75d19b35cbf4_110.json | 2 +- ...2ec8a-e182-483c-91d2-72058f76a44c_214.json | 2 +- ...69104-e8f9-4931-94a2-68fc04eadec3_106.json | 2 +- ...7a131f8-44b7-4957-99a4-e6c54d93d816_1.json | 4 +- ...7a1c536-9ac0-11ef-9911-f661ea17fbcd_6.json | 2 +- ...4dc5a-a58d-491d-9f14-9b66507121c0_318.json | 8 +- ...7c64a1b-9d00-4b92-9042-d3bb4196899a_3.json | 2 +- ...7c70f2e-4616-439c-85ac-5b98415042fe_8.json | 2 +- ...7d588ba-e4b0-442e-879d-7ec39fbd69c5_2.json | 2 +- ...80ea920-f6f5-4c8a-9761-84ac97ec0cb2_5.json | 2 +- ...ee52c-297e-46d9-9205-07e66931df26_316.json | 8 +- ...ce03f-d8a8-4c83-acdc-5c8cd0592be7_110.json | 2 +- ...6cd31c-5c7e-4481-99d7-6875a3e31309_10.json | 6 +- ...4315d-5188-4b4a-8521-d1c73093a7e4_317.json | 10 +- ...87e6122-ea34-11ee-a417-f661ea17fbce_5.json | 2 +- ...22053-a5d2-46db-8c96-d460b12c36ac_111.json | 4 +- ...8a31c62-0d4e-4b9a-b7e1-6c2a9d4e8f10_3.json | 2 +- ...9075d-afc7-42d7-b399-600b94352fd9_107.json | 4 +- ...92171ed-a4d3-4baa-98f9-4df1652cb11b_3.json | 14 +- ...e898e-94f1-4545-8923-03e4b2866211_208.json | 2 +- ...90f47-6bd5-4a49-bd49-a2f886476fb9_208.json | 4 +- ...5972d3-c23b-463b-89a8-796b3f369b49_13.json | 2 +- ...960e8a4-31c1-4a6e-b172-8f5c8e5c8c2a_2.json | 2 +- ...504ac-1053-498f-aeaa-c6d01e76b379_210.json | 8 +- ...753455-8d55-4ad8-b70a-e07b6f18deea_10.json | 2 +- ...90abf-bd0c-45f9-8b5f-d0b74015e029_119.json | 4 +- ...4964f-6fce-4d75-8e79-e16ccc412588_413.json | 2 +- ...abcddc-a05d-4345-a81d-000b79aa5525_12.json | 2 +- ...1341d-6662-426b-9d0c-6d81e33c8a9d_320.json | 12 +- ...210b61-b627-4e5e-86f4-17e8270656ab_11.json | 2 +- ...3a59dc-33c3-43bf-80a9-e8437a922c7f_13.json | 2 +- ...88440-04cc-41d7-9279-539387bf2a17_321.json | 10 +- ...a830742-fd41-4b12-a287-2c57bdf079ef_1.json | 2 +- ...52c69-2646-4e79-89c0-fd7653461010_113.json | 8 +- ...1d790-9f74-4e76-97dd-b4b0f7bf6435_111.json | 2 +- ...2b8d3-71ee-4af1-bacd-215d23f17efa_212.json | 4 +- ...afac5-bbd6-49b0-b4f8-44e5381e1587_209.json | 2 +- ...b16f9ef-cb03-4234-adc2-44641f3b71ee_5.json | 2 +- ...b3ca230-af4e-11f0-900d-f661ea17fbcc_1.json | 2 +- ...b542346-1624-4cf2-bcc7-c68abaab261b_2.json | 8 +- ...d91d0-3b94-4f91-bf20-b6fbc4b2480a_104.json | 6 +- ...b8790fc-d485-45e2-8d6e-2fb813f4af95_2.json | 2 +- ...b935960-d132-4bb5-853d-62f86cccc250_1.json | 2 +- ...bad57ec-4442-48db-a34f-5ee907b44a22_4.json | 12 +- ...10f1e-77cb-42f9-994e-5da17fc3fc15_104.json | 4 +- ...44836-0d69-4004-a0b4-03c20370c435_212.json | 2 +- ...c5105ce-2584-48b6-a0cf-9ace7eeffd3c_6.json | 2 +- ...c552f49-8f1c-409b-90f8-6f5b9869b6c4_3.json | 2 +- ...c0fa4-8f03-4b3e-8336-c5feab0be022_315.json | 8 +- ...09baa-fb34-4c46-9691-be276ef4234c_208.json | 2 +- ...cd16fe8-eb29-42b3-8aee-6c9ad777a2f6_4.json | 12 +- ...cd2e4be-6ec4-482f-9222-6245367cd738_4.json | 2 +- ...cf733d5-7801-4eb0-92ac-8ffacf3658f2_8.json | 2 +- ...d00769d-b18d-450a-a844-7a9f9c71995e_2.json | 2 +- ...1b949-81be-46d5-bcf8-284395d5f56d_209.json | 2 +- ...d332492-0bc6-11ef-b5be-f661ea17fbcc_9.json | 2 +- ...a992d-6130-4802-9ff8-829b89ae801f_319.json | 12 +- ...0c98a-c410-42dc-a2e3-761c71848acf_318.json | 12 +- ...a6052-58fa-4397-93c3-4795249ccfa2_428.json | 10 +- ...d9484f2-1c56-44ae-8b28-dc1354e3a0e8_4.json | 2 +- ...d9d2933-f0f9-4aac-810c-a31f6a4a7890_1.json | 2 +- ...a1d332-5e08-4f27-8a9b-8c802e3292a6_18.json | 2 +- ...ff193-48a3-484d-8d35-90bb3d323a56_113.json | 2 +- ...de4efad-9cd0-4fa4-84c8-0e3b6fc957b4_1.json | 2 +- ...5d5bc-01fa-494a-95ff-535c29cc4c96_112.json | 2 +- ...94edd-487f-4a90-b285-3ee54f2af2d3_320.json | 10 +- ...d6507-b543-4bbc-849f-dc0da6db29f6_105.json | 2 +- ...afdc51-c575-4ed2-89dd-8e20badc2d6c_11.json | 2 +- ...eba48f6-40ca-4d04-b41f-5dfa327de865_2.json | 12 +- ...ec7ccb7-6ed9-4f98-93ab-d6b366b063a0_5.json | 2 +- ...ed87c-5e95-4339-aef1-47fd79bcfbe3_313.json | 8 +- ...ef62ecf-0260-4b71-848b-a8624b304828_6.json | 2 +- ...13cb4-274d-434a-96bb-fe15ddd3ae92_108.json | 4 +- ...d807d-869b-4a0d-a493-52bc46d2f1b1_109.json | 6 +- ...10d4d8-fea7-422d-afb1-e5a2702369a9_19.json | 2 +- ...f18d24b-2ba6-4691-a17f-75c4380d0965_4.json | 12 +- ...f320c56-f8fa-11ee-8c44-f661ea17fbce_8.json | 2 +- ...4599cb-409f-4910-a239-52e4e6f532ff_19.json | 4 +- ...f46eb26-0684-4da3-9dd6-21032c9878e1_3.json | 12 +- ...dd44a-0ac6-44c4-8609-3f81bc820f02_213.json | 2 +- ...cf8b9-b76c-4cc1-ac1b-4935164d1029_206.json | 8 +- ...b571e-61d6-4f6c-9561-eb4cca3bafe1_109.json | 2 +- ...bc8b9-f03b-4283-be58-ee0a16f5a11b_112.json | 2 +- ...fa676dc-09b0-11f0-94ba-b66272739ecb_3.json | 2 +- ...fd8b5e9-aa63-42b3-aead-6fdb170da9a3_3.json | 2 +- .../security_detection_engine/manifest.yml | 4 +- 1926 files changed, 3845 insertions(+), 7598 deletions(-) delete mode 100644 packages/security_detection_engine/kibana/security_rule/00546494-5bb0-49d6-9220-5f3b4c12f26a_5.json delete mode 100644 packages/security_detection_engine/kibana/security_rule/2339f03c-f53f-40fa-834b-40c5983fc41f_215.json delete mode 100644 packages/security_detection_engine/kibana/security_rule/26b01043-4f04-4d2f-882a-5a1d2e95751b_10.json delete mode 100644 packages/security_detection_engine/kibana/security_rule/35df0dd8-092d-4a83-88c1-5151a804f31b_320.json delete mode 100644 packages/security_detection_engine/kibana/security_rule/3a59fc81-99d3-47ea-8cd6-d48d561fca20_314.json delete mode 100644 packages/security_detection_engine/kibana/security_rule/41824afb-d68c-4d0e-bfee-474dac1fa56e_105.json delete mode 100644 packages/security_detection_engine/kibana/security_rule/52376a86-ee86-4967-97ae-1a05f55816f0_118.json delete mode 100644 packages/security_detection_engine/kibana/security_rule/590fc62d-7386-4c75-92b0-af4517018da1_3.json delete mode 100644 packages/security_detection_engine/kibana/security_rule/5bdad1d5-5001-4a13-ae99-fa8619500f1a_5.json delete mode 100644 packages/security_detection_engine/kibana/security_rule/6e1a2cc4-d260-11ed-8829-f661ea17fbcc_115.json delete mode 100644 packages/security_detection_engine/kibana/security_rule/78de1aeb-5225-4067-b8cc-f4a1de8a8546_313.json delete mode 100644 packages/security_detection_engine/kibana/security_rule/7f7a0ee1-7b6f-466a-85b4-110fb105f5e2_1.json delete mode 100644 packages/security_detection_engine/kibana/security_rule/8a7933b4-9d0a-4c1c-bda5-e39fb045ff1d_11.json delete mode 100644 packages/security_detection_engine/kibana/security_rule/8c1bdde8-4204-45c0-9e0c-c85ca3902488_109.json delete mode 100644 packages/security_detection_engine/kibana/security_rule/976b2391-413f-4a94-acb4-7911f3803346_11.json delete mode 100644 packages/security_detection_engine/kibana/security_rule/a7e7bfa3-088e-4f13-b29e-3986e0e756b8_315.json delete mode 100644 packages/security_detection_engine/kibana/security_rule/a8b08d2d-6dfe-453f-87d1-11d5fc3ec746_1.json delete mode 100644 packages/security_detection_engine/kibana/security_rule/a9cb3641-ff4b-4cdc-a063-b4b8d02a67c7_109.json delete mode 100644 packages/security_detection_engine/kibana/security_rule/b946c2f7-df06-4c00-a5aa-1f6fbc7bb72c_4.json delete mode 100644 packages/security_detection_engine/kibana/security_rule/c0136397-f82a-45e5-9b9f-a3651d77e21a_5.json delete mode 100644 packages/security_detection_engine/kibana/security_rule/c3f8a1d2-4b5e-4c6f-9a8b-1e2d3f4a5b6c_1.json delete mode 100644 packages/security_detection_engine/kibana/security_rule/c6b40f4c-c6a9-434e-adb8-989b0d06d005_3.json delete mode 100644 packages/security_detection_engine/kibana/security_rule/d7e62693-aab9-4f66-a21a-3d79ecdd603d_110.json delete mode 100644 packages/security_detection_engine/kibana/security_rule/d8ab1ec1-feeb-48b9-89e7-c12e189448aa_12.json delete mode 100644 packages/security_detection_engine/kibana/security_rule/e5f6a7b8-c9d0-8e1f-2a3b-4c5d6e7f8a9b_2.json delete mode 100644 packages/security_detection_engine/kibana/security_rule/e882e934-2aaa-11f0-8272-f661ea17fbcc_4.json delete mode 100644 packages/security_detection_engine/kibana/security_rule/f16fca20-4d6c-43f9-aec1-20b6de3b0aeb_113.json delete mode 100644 packages/security_detection_engine/kibana/security_rule/f37f3054-d40b-49ac-aa9b-a786c74c58b8_107.json diff --git a/packages/security_detection_engine/changelog.yml b/packages/security_detection_engine/changelog.yml index 1b9e92b9f9d..b403d6b40e9 100644 --- a/packages/security_detection_engine/changelog.yml +++ b/packages/security_detection_engine/changelog.yml @@ -1,5 +1,10 @@ # newer versions go on top # NOTE: please use pre-release versions (e.g. -beta.0) until a package is ready for production +- version: 9.5.1-beta.1 + changes: + - description: Release security rules update + type: enhancement + link: https://github.com/elastic/integrations/pulls/0000 - version: 9.4.7 changes: - description: Release security rules update diff --git a/packages/security_detection_engine/kibana/security_rule/000047bb-b27a-47ec-8b62-ef1a5d2c9e19_416.json b/packages/security_detection_engine/kibana/security_rule/000047bb-b27a-47ec-8b62-ef1a5d2c9e19_416.json index b60dff87a95..106b2d41eaa 100644 --- a/packages/security_detection_engine/kibana/security_rule/000047bb-b27a-47ec-8b62-ef1a5d2c9e19_416.json +++ b/packages/security_detection_engine/kibana/security_rule/000047bb-b27a-47ec-8b62-ef1a5d2c9e19_416.json @@ -27,7 +27,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/00140285-b827-4aee-aa09-8113f58a08f3_321.json b/packages/security_detection_engine/kibana/security_rule/00140285-b827-4aee-aa09-8113f58a08f3_321.json index 8d649d44ba0..4c48563f9ae 100644 --- a/packages/security_detection_engine/kibana/security_rule/00140285-b827-4aee-aa09-8113f58a08f3_321.json +++ b/packages/security_detection_engine/kibana/security_rule/00140285-b827-4aee-aa09-8113f58a08f3_321.json @@ -46,23 +46,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0022d47d-39c7-4f69-a232-4fe9dc7a3acd_422.json b/packages/security_detection_engine/kibana/security_rule/0022d47d-39c7-4f69-a232-4fe9dc7a3acd_422.json index 26d3083721a..6dc764692bc 100644 --- a/packages/security_detection_engine/kibana/security_rule/0022d47d-39c7-4f69-a232-4fe9dc7a3acd_422.json +++ b/packages/security_detection_engine/kibana/security_rule/0022d47d-39c7-4f69-a232-4fe9dc7a3acd_422.json @@ -24,27 +24,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0030f681-0142-4231-b728-49bb9fc12066_1.json b/packages/security_detection_engine/kibana/security_rule/0030f681-0142-4231-b728-49bb9fc12066_1.json index b664eb3b12e..beb47406cbe 100644 --- a/packages/security_detection_engine/kibana/security_rule/0030f681-0142-4231-b728-49bb9fc12066_1.json +++ b/packages/security_detection_engine/kibana/security_rule/0030f681-0142-4231-b728-49bb9fc12066_1.json @@ -23,7 +23,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0049cf71-fe13-4d79-b767-f7519921ffb5_7.json b/packages/security_detection_engine/kibana/security_rule/0049cf71-fe13-4d79-b767-f7519921ffb5_7.json index 1243077e007..3713c1cc977 100644 --- a/packages/security_detection_engine/kibana/security_rule/0049cf71-fe13-4d79-b767-f7519921ffb5_7.json +++ b/packages/security_detection_engine/kibana/security_rule/0049cf71-fe13-4d79-b767-f7519921ffb5_7.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/00546494-5bb0-49d6-9220-5f3b4c12f26a_5.json b/packages/security_detection_engine/kibana/security_rule/00546494-5bb0-49d6-9220-5f3b4c12f26a_5.json deleted file mode 100644 index c808256a62f..00000000000 --- a/packages/security_detection_engine/kibana/security_rule/00546494-5bb0-49d6-9220-5f3b4c12f26a_5.json +++ /dev/null @@ -1,160 +0,0 @@ -{ - "attributes": { - "author": [ - "Elastic" - ], - "description": "This rule identifies unusual destination port network activity originating from a web server process. The rule is designed to detect potential web shell activity or unauthorized communication from a web server process to external systems.", - "from": "now-9m", - "index": [ - "logs-endpoint.events.network*" - ], - "language": "eql", - "license": "Elastic License v2", - "name": "Uncommon Destination Port Connection by Web Server", - "note": " ## Triage and analysis\n\n> **Disclaimer**:\n> This investigation guide was created using generative AI technology and has been reviewed to improve its accuracy and relevance. While every effort has been made to ensure its quality, we recommend validating the content and adapting it to suit your specific environment and operational needs.\n\n### Investigating Uncommon Destination Port Connection by Web Server\n\nWeb servers, crucial for hosting applications, typically communicate over standard ports like 80 and 443. Adversaries may exploit web server processes to establish unauthorized connections to unusual ports, potentially indicating web shell activity or data exfiltration. This detection rule identifies such anomalies by monitoring egress connections from web server processes to non-standard ports, excluding common local IP ranges, thus highlighting potential threats.\n\n### Possible investigation steps\n\n- Review the process name and user associated with the alert to determine if the connection attempt was made by a legitimate web server process or user, as specified in the query fields (e.g., process.name or user.name).\n- Examine the destination IP address to assess whether it is known or suspicious, and check if it falls outside the excluded local IP ranges.\n- Investigate the destination port to understand why the connection was attempted on a non-standard port, and determine if this port is associated with any known services or threats.\n- Check historical logs for any previous connection attempts from the same process or user to the same or similar destination IPs and ports to identify patterns or repeated behavior.\n- Analyze any related network traffic or logs to identify additional context or anomalies that may indicate unauthorized activity or data exfiltration.\n- Correlate the alert with other security events or alerts to determine if it is part of a larger attack pattern or campaign.\n\n### False positive analysis\n\n- Routine administrative tasks or maintenance scripts may trigger alerts if they involve web server processes connecting to non-standard ports. To manage this, identify and document these tasks, then create exceptions for the specific processes and ports involved.\n- Internal monitoring or management tools that use non-standard ports for legitimate purposes can cause false positives. Review the tools in use and exclude their known IP addresses and ports from the rule.\n- Development or testing environments often use non-standard ports for web server processes. Ensure these environments are well-documented and consider excluding their IP ranges or specific ports from the rule.\n- Load balancers or reverse proxies might redirect traffic to non-standard ports as part of their normal operation. Verify the configuration of these devices and exclude their IP addresses and ports if necessary.\n- Custom applications running on web servers may require communication over non-standard ports. Work with application owners to understand these requirements and adjust the rule to exclude these specific cases.\n\n### Response and remediation\n\n- Immediately isolate the affected web server from the network to prevent further unauthorized access or data exfiltration.\n- Conduct a thorough review of the web server's logs and processes to identify any unauthorized changes or suspicious activities, focusing on the processes and user accounts mentioned in the detection rule.\n- Terminate any suspicious processes identified during the investigation that are not part of the standard operation of the web server.\n- Change passwords and review permissions for the user accounts associated with the web server processes to ensure they have not been compromised.\n- Restore the web server from a known good backup if any unauthorized changes or malware are detected, ensuring that the backup is free from compromise.\n- Implement network segmentation to limit the web server's access to critical systems and data, reducing the potential impact of future incidents.\n- Escalate the incident to the security operations team for further analysis and to determine if additional systems may be affected, ensuring comprehensive threat containment and remediation.\n", - "query": "network where host.os.type == \"linux\" and event.type == \"start\" and event.action == \"connection_attempted\" and (\n process.name like (\n \"apache\", \"nginx\", \"apache2\", \"httpd\", \"lighttpd\", \"caddy\", \"mongrel_rails\", \"gunicorn\",\n \"uwsgi\", \"openresty\", \"cherokee\", \"h2o\", \"resin\", \"puma\", \"unicorn\", \"traefik\", \"tornado\", \"hypercorn\",\n \"daphne\", \"twistd\", \"yaws\", \"webfsd\", \"httpd.worker\", \"flask\", \"rails\", \"mongrel\", \"php-fpm*\", \"php-cgi\",\n \"php-fcgi\", \"php-cgi.cagefs\", \"catalina.sh\", \"hiawatha\", \"lswsctrl\"\n ) or\n user.name in (\"apache\", \"www-data\", \"httpd\", \"nginx\", \"lighttpd\", \"tomcat\", \"tomcat8\", \"tomcat9\") or\n user.id in (\"33\", \"498\", \"48\") or\n (process.name == \"java\" and process.working_directory like \"/u0?/*\")\n) and\nnetwork.direction == \"egress\" and destination.ip != null and\nnot destination.port in (80, 443, 8080, 8443, 8000, 8888, 3128, 3306, 5432, 8220, 8082) and\nnot cidrmatch(destination.ip, \"127.0.0.0/8\", \"::1\",\"FE80::/10\", \"FF00::/8\", \"10.0.0.0/8\", \"169.254.0.0/16\", \"172.16.0.0/12\", \"192.0.0.0/24\", \"192.0.0.0/29\", \"192.0.0.8/32\", \"192.0.0.9/32\",\n\"192.0.0.10/32\", \"192.0.0.170/32\", \"192.0.0.171/32\", \"192.0.2.0/24\", \"192.31.196.0/24\", \"192.52.193.0/24\", \"192.168.0.0/16\", \"192.88.99.0/24\",\n\"224.0.0.0/4\", \"100.64.0.0/10\", \"192.175.48.0/24\",\"198.18.0.0/15\", \"198.51.100.0/24\", \"203.0.113.0/24\", \"224.0.0.0/4\", \"240.0.0.0/4\")\n", - "related_integrations": [ - { - "package": "endpoint", - "version": "^9.0.0" - } - ], - "required_fields": [ - { - "ecs": true, - "name": "destination.ip", - "type": "ip" - }, - { - "ecs": true, - "name": "destination.port", - "type": "long" - }, - { - "ecs": true, - "name": "event.action", - "type": "keyword" - }, - { - "ecs": true, - "name": "event.type", - "type": "keyword" - }, - { - "ecs": true, - "name": "host.os.type", - "type": "keyword" - }, - { - "ecs": true, - "name": "network.direction", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.name", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.working_directory", - "type": "keyword" - }, - { - "ecs": true, - "name": "user.id", - "type": "keyword" - }, - { - "ecs": true, - "name": "user.name", - "type": "keyword" - } - ], - "risk_score": 21, - "rule_id": "00546494-5bb0-49d6-9220-5f3b4c12f26a", - "setup": "## Setup\n\nThis rule requires data coming in from Elastic Defend.\n\n### Elastic Defend Integration Setup\nElastic Defend is integrated into the Elastic Agent using Fleet. Upon configuration, the integration allows the Elastic Agent to monitor events on your host and send data to the Elastic Security app.\n\n#### Prerequisite Requirements:\n- Fleet is required for Elastic Defend.\n- To configure Fleet Server refer to the [documentation](https://www.elastic.co/guide/en/fleet/current/fleet-server.html).\n\n#### The following steps should be executed in order to add the Elastic Defend integration on a Linux System:\n- Go to the Kibana home page and click \"Add integrations\".\n- In the query bar, search for \"Elastic Defend\" and select the integration to see more details about it.\n- Click \"Add Elastic Defend\".\n- Configure the integration name and optionally add a description.\n- Select the type of environment you want to protect, either \"Traditional Endpoints\" or \"Cloud Workloads\".\n- Select a configuration preset. Each preset comes with different default settings for Elastic Agent, you can further customize these later by configuring the Elastic Defend integration policy. [Helper guide](https://www.elastic.co/guide/en/security/current/configure-endpoint-integration-policy.html).\n- We suggest selecting \"Complete EDR (Endpoint Detection and Response)\" as a configuration setting, that provides \"All events; all preventions\"\n- Enter a name for the agent policy in \"New agent policy name\". If other agent policies already exist, you can click the \"Existing hosts\" tab and select an existing policy instead.\nFor more details on Elastic Agent configuration settings, refer to the [helper guide](https://www.elastic.co/guide/en/fleet/8.10/agent-policy.html).\n- Click \"Save and Continue\".\n- To complete the integration, select \"Add Elastic Agent to your hosts\" and continue to the next section to install the Elastic Agent on your hosts.\nFor more details on Elastic Defend refer to the [helper guide](https://www.elastic.co/guide/en/security/current/install-endpoint.html).\n", - "severity": "low", - "tags": [ - "Domain: Endpoint", - "OS: Linux", - "Use Case: Threat Detection", - "Tactic: Persistence", - "Tactic: Execution", - "Tactic: Command and Control", - "Data Source: Elastic Defend", - "Resources: Investigation Guide" - ], - "threat": [ - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0003", - "name": "Persistence", - "reference": "https://attack.mitre.org/tactics/TA0003/" - }, - "technique": [ - { - "id": "T1505", - "name": "Server Software Component", - "reference": "https://attack.mitre.org/techniques/T1505/", - "subtechnique": [ - { - "id": "T1505.003", - "name": "Web Shell", - "reference": "https://attack.mitre.org/techniques/T1505/003/" - } - ] - } - ] - }, - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0002", - "name": "Execution", - "reference": "https://attack.mitre.org/tactics/TA0002/" - }, - "technique": [ - { - "id": "T1059", - "name": "Command and Scripting Interpreter", - "reference": "https://attack.mitre.org/techniques/T1059/", - "subtechnique": [ - { - "id": "T1059.004", - "name": "Unix Shell", - "reference": "https://attack.mitre.org/techniques/T1059/004/" - } - ] - } - ] - }, - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0011", - "name": "Command and Control", - "reference": "https://attack.mitre.org/tactics/TA0011/" - }, - "technique": [ - { - "id": "T1071", - "name": "Application Layer Protocol", - "reference": "https://attack.mitre.org/techniques/T1071/" - }, - { - "id": "T1571", - "name": "Non-Standard Port", - "reference": "https://attack.mitre.org/techniques/T1571/" - } - ] - } - ], - "timestamp_override": "event.ingested", - "type": "eql", - "version": 5 - }, - "id": "00546494-5bb0-49d6-9220-5f3b4c12f26a_5", - "type": "security-rule" -} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/00678712-b2df-11ed-afe9-f661ea17fbcc_9.json b/packages/security_detection_engine/kibana/security_rule/00678712-b2df-11ed-afe9-f661ea17fbcc_9.json index 7ead639f52b..6be5170912a 100644 --- a/packages/security_detection_engine/kibana/security_rule/00678712-b2df-11ed-afe9-f661ea17fbcc_9.json +++ b/packages/security_detection_engine/kibana/security_rule/00678712-b2df-11ed-afe9-f661ea17fbcc_9.json @@ -38,7 +38,7 @@ "related_integrations": [ { "package": "google_workspace", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/012bfca7-45cb-4507-a3ba-3777167f8b81_1.json b/packages/security_detection_engine/kibana/security_rule/012bfca7-45cb-4507-a3ba-3777167f8b81_1.json index 130a7cac029..b92931341ca 100644 --- a/packages/security_detection_engine/kibana/security_rule/012bfca7-45cb-4507-a3ba-3777167f8b81_1.json +++ b/packages/security_detection_engine/kibana/security_rule/012bfca7-45cb-4507-a3ba-3777167f8b81_1.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "google_workspace", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0136b315-b566-482f-866c-1d8e2477ba16_213.json b/packages/security_detection_engine/kibana/security_rule/0136b315-b566-482f-866c-1d8e2477ba16_213.json index 61d4ec600a5..03c2f69544b 100644 --- a/packages/security_detection_engine/kibana/security_rule/0136b315-b566-482f-866c-1d8e2477ba16_213.json +++ b/packages/security_detection_engine/kibana/security_rule/0136b315-b566-482f-866c-1d8e2477ba16_213.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0171f283-ade7-4f87-9521-ac346c68cc9b_15.json b/packages/security_detection_engine/kibana/security_rule/0171f283-ade7-4f87-9521-ac346c68cc9b_15.json index d3d186b9d73..92080f8f5d4 100644 --- a/packages/security_detection_engine/kibana/security_rule/0171f283-ade7-4f87-9521-ac346c68cc9b_15.json +++ b/packages/security_detection_engine/kibana/security_rule/0171f283-ade7-4f87-9521-ac346c68cc9b_15.json @@ -14,11 +14,11 @@ "related_integrations": [ { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" }, { "package": "panw", - "version": "^5.2.0" + "version": ">=5.2.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/017de1e4-ea35-11ee-a417-f661ea17fbce_5.json b/packages/security_detection_engine/kibana/security_rule/017de1e4-ea35-11ee-a417-f661ea17fbce_5.json index f99e15df017..c305f958c39 100644 --- a/packages/security_detection_engine/kibana/security_rule/017de1e4-ea35-11ee-a417-f661ea17fbce_5.json +++ b/packages/security_detection_engine/kibana/security_rule/017de1e4-ea35-11ee-a417-f661ea17fbce_5.json @@ -31,7 +31,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/01c1e353-9d86-4344-abdf-523ab80c6f08_1.json b/packages/security_detection_engine/kibana/security_rule/01c1e353-9d86-4344-abdf-523ab80c6f08_1.json index 27f5403052a..e3defd6a01c 100644 --- a/packages/security_detection_engine/kibana/security_rule/01c1e353-9d86-4344-abdf-523ab80c6f08_1.json +++ b/packages/security_detection_engine/kibana/security_rule/01c1e353-9d86-4344-abdf-523ab80c6f08_1.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/01c49712-25bc-49d2-a27d-d7ce52f5dc49_208.json b/packages/security_detection_engine/kibana/security_rule/01c49712-25bc-49d2-a27d-d7ce52f5dc49_208.json index 37a66a88cf1..2f26a4c63b3 100644 --- a/packages/security_detection_engine/kibana/security_rule/01c49712-25bc-49d2-a27d-d7ce52f5dc49_208.json +++ b/packages/security_detection_engine/kibana/security_rule/01c49712-25bc-49d2-a27d-d7ce52f5dc49_208.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "github", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/01e244f0-fef9-4102-903f-9788052b2c91_1.json b/packages/security_detection_engine/kibana/security_rule/01e244f0-fef9-4102-903f-9788052b2c91_1.json index 959f9264590..0351cc79ff5 100644 --- a/packages/security_detection_engine/kibana/security_rule/01e244f0-fef9-4102-903f-9788052b2c91_1.json +++ b/packages/security_detection_engine/kibana/security_rule/01e244f0-fef9-4102-903f-9788052b2c91_1.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/02137bc2-5cc2-4f7f-a8e4-c52dc239aa69_1.json b/packages/security_detection_engine/kibana/security_rule/02137bc2-5cc2-4f7f-a8e4-c52dc239aa69_1.json index 9211b9401b1..87e18e23bca 100644 --- a/packages/security_detection_engine/kibana/security_rule/02137bc2-5cc2-4f7f-a8e4-c52dc239aa69_1.json +++ b/packages/security_detection_engine/kibana/security_rule/02137bc2-5cc2-4f7f-a8e4-c52dc239aa69_1.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/02275e05-57a1-46ab-a443-7fb444da6b28_4.json b/packages/security_detection_engine/kibana/security_rule/02275e05-57a1-46ab-a443-7fb444da6b28_4.json index e8d76aa8f98..ff10dff49eb 100644 --- a/packages/security_detection_engine/kibana/security_rule/02275e05-57a1-46ab-a443-7fb444da6b28_4.json +++ b/packages/security_detection_engine/kibana/security_rule/02275e05-57a1-46ab-a443-7fb444da6b28_4.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" }, { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/022c37cd-5a4f-422b-8227-b136b7a23180_3.json b/packages/security_detection_engine/kibana/security_rule/022c37cd-5a4f-422b-8227-b136b7a23180_3.json index eb65f5b7ede..ce775a1e073 100644 --- a/packages/security_detection_engine/kibana/security_rule/022c37cd-5a4f-422b-8227-b136b7a23180_3.json +++ b/packages/security_detection_engine/kibana/security_rule/022c37cd-5a4f-422b-8227-b136b7a23180_3.json @@ -46,7 +46,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/027ff9ea-85e7-42e3-99d2-bbb7069e02eb_211.json b/packages/security_detection_engine/kibana/security_rule/027ff9ea-85e7-42e3-99d2-bbb7069e02eb_211.json index 3bdb97deacc..a721182245f 100644 --- a/packages/security_detection_engine/kibana/security_rule/027ff9ea-85e7-42e3-99d2-bbb7069e02eb_211.json +++ b/packages/security_detection_engine/kibana/security_rule/027ff9ea-85e7-42e3-99d2-bbb7069e02eb_211.json @@ -31,15 +31,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0294f105-d7af-4a02-ae90-35f56763ffa2_208.json b/packages/security_detection_engine/kibana/security_rule/0294f105-d7af-4a02-ae90-35f56763ffa2_208.json index 271edf0cf96..48178bf26b5 100644 --- a/packages/security_detection_engine/kibana/security_rule/0294f105-d7af-4a02-ae90-35f56763ffa2_208.json +++ b/packages/security_detection_engine/kibana/security_rule/0294f105-d7af-4a02-ae90-35f56763ffa2_208.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "github", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/02a23ee7-c8f8-4701-b99d-e9038ce313cb_12.json b/packages/security_detection_engine/kibana/security_rule/02a23ee7-c8f8-4701-b99d-e9038ce313cb_12.json index 609f9c8b114..355212a293f 100644 --- a/packages/security_detection_engine/kibana/security_rule/02a23ee7-c8f8-4701-b99d-e9038ce313cb_12.json +++ b/packages/security_detection_engine/kibana/security_rule/02a23ee7-c8f8-4701-b99d-e9038ce313cb_12.json @@ -39,7 +39,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/02a4576a-7480-4284-9327-548a806b5e48_312.json b/packages/security_detection_engine/kibana/security_rule/02a4576a-7480-4284-9327-548a806b5e48_312.json index eef011a940c..3f62e4d95b3 100644 --- a/packages/security_detection_engine/kibana/security_rule/02a4576a-7480-4284-9327-548a806b5e48_312.json +++ b/packages/security_detection_engine/kibana/security_rule/02a4576a-7480-4284-9327-548a806b5e48_312.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/02b4420d-eda2-4529-9e46-4a60eccb7e2d_105.json b/packages/security_detection_engine/kibana/security_rule/02b4420d-eda2-4529-9e46-4a60eccb7e2d_105.json index e06fd7ff1b5..a7c37730fe2 100644 --- a/packages/security_detection_engine/kibana/security_rule/02b4420d-eda2-4529-9e46-4a60eccb7e2d_105.json +++ b/packages/security_detection_engine/kibana/security_rule/02b4420d-eda2-4529-9e46-4a60eccb7e2d_105.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "pad", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/02bab13d-fb14-4d7c-b6fe-4a28874d37c5_8.json b/packages/security_detection_engine/kibana/security_rule/02bab13d-fb14-4d7c-b6fe-4a28874d37c5_8.json index 471bcadc08d..c79bcc33006 100644 --- a/packages/security_detection_engine/kibana/security_rule/02bab13d-fb14-4d7c-b6fe-4a28874d37c5_8.json +++ b/packages/security_detection_engine/kibana/security_rule/02bab13d-fb14-4d7c-b6fe-4a28874d37c5_8.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/02ea4563-ec10-4974-b7de-12e65aa4f9b3_112.json b/packages/security_detection_engine/kibana/security_rule/02ea4563-ec10-4974-b7de-12e65aa4f9b3_112.json index d82a9169567..34e66d9de6a 100644 --- a/packages/security_detection_engine/kibana/security_rule/02ea4563-ec10-4974-b7de-12e65aa4f9b3_112.json +++ b/packages/security_detection_engine/kibana/security_rule/02ea4563-ec10-4974-b7de-12e65aa4f9b3_112.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/03024bd9-d23f-4ec1-8674-3cf1a21e130b_213.json b/packages/security_detection_engine/kibana/security_rule/03024bd9-d23f-4ec1-8674-3cf1a21e130b_213.json index cb9aa00b244..d39af86a0af 100644 --- a/packages/security_detection_engine/kibana/security_rule/03024bd9-d23f-4ec1-8674-3cf1a21e130b_213.json +++ b/packages/security_detection_engine/kibana/security_rule/03024bd9-d23f-4ec1-8674-3cf1a21e130b_213.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/03245b25-3849-4052-ab48-72de65a82c35_3.json b/packages/security_detection_engine/kibana/security_rule/03245b25-3849-4052-ab48-72de65a82c35_3.json index 4acdbd5de3e..dff737cfcd1 100644 --- a/packages/security_detection_engine/kibana/security_rule/03245b25-3849-4052-ab48-72de65a82c35_3.json +++ b/packages/security_detection_engine/kibana/security_rule/03245b25-3849-4052-ab48-72de65a82c35_3.json @@ -28,7 +28,7 @@ "related_integrations": [ { "package": "github", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/035889c4-2686-4583-a7df-67f89c292f2c_218.json b/packages/security_detection_engine/kibana/security_rule/035889c4-2686-4583-a7df-67f89c292f2c_218.json index cdc1602f583..8c44da8fdcb 100644 --- a/packages/security_detection_engine/kibana/security_rule/035889c4-2686-4583-a7df-67f89c292f2c_218.json +++ b/packages/security_detection_engine/kibana/security_rule/035889c4-2686-4583-a7df-67f89c292f2c_218.json @@ -24,15 +24,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/035a6f21-4092-471d-9cda-9e379f459b1e_7.json b/packages/security_detection_engine/kibana/security_rule/035a6f21-4092-471d-9cda-9e379f459b1e_7.json index e1ee9750f5f..86a7e653909 100644 --- a/packages/security_detection_engine/kibana/security_rule/035a6f21-4092-471d-9cda-9e379f459b1e_7.json +++ b/packages/security_detection_engine/kibana/security_rule/035a6f21-4092-471d-9cda-9e379f459b1e_7.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0369e8a6-0fa7-4e7a-961a-53180a4c966e_108.json b/packages/security_detection_engine/kibana/security_rule/0369e8a6-0fa7-4e7a-961a-53180a4c966e_108.json index 0ebeca94913..0ace642a066 100644 --- a/packages/security_detection_engine/kibana/security_rule/0369e8a6-0fa7-4e7a-961a-53180a4c966e_108.json +++ b/packages/security_detection_engine/kibana/security_rule/0369e8a6-0fa7-4e7a-961a-53180a4c966e_108.json @@ -24,19 +24,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0398c0a2-1237-478e-84c4-84510f1925e6_1.json b/packages/security_detection_engine/kibana/security_rule/0398c0a2-1237-478e-84c4-84510f1925e6_1.json index ed184967006..c480e57547d 100644 --- a/packages/security_detection_engine/kibana/security_rule/0398c0a2-1237-478e-84c4-84510f1925e6_1.json +++ b/packages/security_detection_engine/kibana/security_rule/0398c0a2-1237-478e-84c4-84510f1925e6_1.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/03b150d9-9280-4eb8-9906-38cfb6184666_2.json b/packages/security_detection_engine/kibana/security_rule/03b150d9-9280-4eb8-9906-38cfb6184666_2.json index a00cc928dd0..86377cb2089 100644 --- a/packages/security_detection_engine/kibana/security_rule/03b150d9-9280-4eb8-9906-38cfb6184666_2.json +++ b/packages/security_detection_engine/kibana/security_rule/03b150d9-9280-4eb8-9906-38cfb6184666_2.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/03c23d45-d3cb-4ad4-ab5d-b361ffe8724a_8.json b/packages/security_detection_engine/kibana/security_rule/03c23d45-d3cb-4ad4-ab5d-b361ffe8724a_8.json index c9c6b0f9f33..e2b01f21da9 100644 --- a/packages/security_detection_engine/kibana/security_rule/03c23d45-d3cb-4ad4-ab5d-b361ffe8724a_8.json +++ b/packages/security_detection_engine/kibana/security_rule/03c23d45-d3cb-4ad4-ab5d-b361ffe8724a_8.json @@ -21,19 +21,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/03d856c2-7f74-4540-a530-e20af5e39789_3.json b/packages/security_detection_engine/kibana/security_rule/03d856c2-7f74-4540-a530-e20af5e39789_3.json index 1f5c5cc1159..e06987bd029 100644 --- a/packages/security_detection_engine/kibana/security_rule/03d856c2-7f74-4540-a530-e20af5e39789_3.json +++ b/packages/security_detection_engine/kibana/security_rule/03d856c2-7f74-4540-a530-e20af5e39789_3.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0415258b-a7b2-48a6-891a-3367cd9d4d31_8.json b/packages/security_detection_engine/kibana/security_rule/0415258b-a7b2-48a6-891a-3367cd9d4d31_8.json index 5b8315e82da..b728bcb490e 100644 --- a/packages/security_detection_engine/kibana/security_rule/0415258b-a7b2-48a6-891a-3367cd9d4d31_8.json +++ b/packages/security_detection_engine/kibana/security_rule/0415258b-a7b2-48a6-891a-3367cd9d4d31_8.json @@ -47,7 +47,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0415f22a-2336-45fa-ba07-618a5942e22c_115.json b/packages/security_detection_engine/kibana/security_rule/0415f22a-2336-45fa-ba07-618a5942e22c_115.json index 6a9df4472e4..3eeee05cccc 100644 --- a/packages/security_detection_engine/kibana/security_rule/0415f22a-2336-45fa-ba07-618a5942e22c_115.json +++ b/packages/security_detection_engine/kibana/security_rule/0415f22a-2336-45fa-ba07-618a5942e22c_115.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0428c618-27f5-4d94-99e6-b254585aba69_104.json b/packages/security_detection_engine/kibana/security_rule/0428c618-27f5-4d94-99e6-b254585aba69_104.json index 20f15b85fea..66231a284d3 100644 --- a/packages/security_detection_engine/kibana/security_rule/0428c618-27f5-4d94-99e6-b254585aba69_104.json +++ b/packages/security_detection_engine/kibana/security_rule/0428c618-27f5-4d94-99e6-b254585aba69_104.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "github", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "risk_score": 47, diff --git a/packages/security_detection_engine/kibana/security_rule/042b35f3-afa6-4441-92b2-ef41976b48a3_1.json b/packages/security_detection_engine/kibana/security_rule/042b35f3-afa6-4441-92b2-ef41976b48a3_1.json index 9de7aa4f6c3..9218d3c956c 100644 --- a/packages/security_detection_engine/kibana/security_rule/042b35f3-afa6-4441-92b2-ef41976b48a3_1.json +++ b/packages/security_detection_engine/kibana/security_rule/042b35f3-afa6-4441-92b2-ef41976b48a3_1.json @@ -43,7 +43,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/043d80a3-c49e-43ef-9c72-1088f0c7b278_207.json b/packages/security_detection_engine/kibana/security_rule/043d80a3-c49e-43ef-9c72-1088f0c7b278_207.json index 7fc65cd5efa..a6c7b683e86 100644 --- a/packages/security_detection_engine/kibana/security_rule/043d80a3-c49e-43ef-9c72-1088f0c7b278_207.json +++ b/packages/security_detection_engine/kibana/security_rule/043d80a3-c49e-43ef-9c72-1088f0c7b278_207.json @@ -44,19 +44,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0471a12b-c740-4a72-91f0-12bf95014d3c_1.json b/packages/security_detection_engine/kibana/security_rule/0471a12b-c740-4a72-91f0-12bf95014d3c_1.json index 56111bc9a7f..78ad8f91838 100644 --- a/packages/security_detection_engine/kibana/security_rule/0471a12b-c740-4a72-91f0-12bf95014d3c_1.json +++ b/packages/security_detection_engine/kibana/security_rule/0471a12b-c740-4a72-91f0-12bf95014d3c_1.json @@ -32,7 +32,7 @@ "related_integrations": [ { "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/04c5a96f-19c5-44fd-9571-a0b033f9086f_108.json b/packages/security_detection_engine/kibana/security_rule/04c5a96f-19c5-44fd-9571-a0b033f9086f_108.json index 577a461b8b7..de33c8273ac 100644 --- a/packages/security_detection_engine/kibana/security_rule/04c5a96f-19c5-44fd-9571-a0b033f9086f_108.json +++ b/packages/security_detection_engine/kibana/security_rule/04c5a96f-19c5-44fd-9571-a0b033f9086f_108.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/04e65517-16e9-4fc4-b7f1-94dc21ecea0d_6.json b/packages/security_detection_engine/kibana/security_rule/04e65517-16e9-4fc4-b7f1-94dc21ecea0d_6.json index 07db7eba35c..99387dd517b 100644 --- a/packages/security_detection_engine/kibana/security_rule/04e65517-16e9-4fc4-b7f1-94dc21ecea0d_6.json +++ b/packages/security_detection_engine/kibana/security_rule/04e65517-16e9-4fc4-b7f1-94dc21ecea0d_6.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "jamf_protect", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/053a0387-f3b5-4ba5-8245-8002cca2bd08_219.json b/packages/security_detection_engine/kibana/security_rule/053a0387-f3b5-4ba5-8245-8002cca2bd08_219.json index c4746149d0e..ae07841b6b9 100644 --- a/packages/security_detection_engine/kibana/security_rule/053a0387-f3b5-4ba5-8245-8002cca2bd08_219.json +++ b/packages/security_detection_engine/kibana/security_rule/053a0387-f3b5-4ba5-8245-8002cca2bd08_219.json @@ -47,19 +47,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/054853f3-2ce0-41f3-a6eb-4a4867f39cdc_2.json b/packages/security_detection_engine/kibana/security_rule/054853f3-2ce0-41f3-a6eb-4a4867f39cdc_2.json index 4bd378825ce..d768834fb4e 100644 --- a/packages/security_detection_engine/kibana/security_rule/054853f3-2ce0-41f3-a6eb-4a4867f39cdc_2.json +++ b/packages/security_detection_engine/kibana/security_rule/054853f3-2ce0-41f3-a6eb-4a4867f39cdc_2.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/054db96b-fd34-43b3-9af2-587b3bd33964_13.json b/packages/security_detection_engine/kibana/security_rule/054db96b-fd34-43b3-9af2-587b3bd33964_13.json index 497c39f9d2d..e6284d72c8e 100644 --- a/packages/security_detection_engine/kibana/security_rule/054db96b-fd34-43b3-9af2-587b3bd33964_13.json +++ b/packages/security_detection_engine/kibana/security_rule/054db96b-fd34-43b3-9af2-587b3bd33964_13.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0564fb9d-90b9-4234-a411-82a546dc1343_220.json b/packages/security_detection_engine/kibana/security_rule/0564fb9d-90b9-4234-a411-82a546dc1343_220.json index 86775b57943..450397dc1b0 100644 --- a/packages/security_detection_engine/kibana/security_rule/0564fb9d-90b9-4234-a411-82a546dc1343_220.json +++ b/packages/security_detection_engine/kibana/security_rule/0564fb9d-90b9-4234-a411-82a546dc1343_220.json @@ -27,27 +27,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/05a50000-9886-4695-ad33-3f990dc142e2_2.json b/packages/security_detection_engine/kibana/security_rule/05a50000-9886-4695-ad33-3f990dc142e2_2.json index 09b649c2581..a6a7a34b36a 100644 --- a/packages/security_detection_engine/kibana/security_rule/05a50000-9886-4695-ad33-3f990dc142e2_2.json +++ b/packages/security_detection_engine/kibana/security_rule/05a50000-9886-4695-ad33-3f990dc142e2_2.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/05b358de-aa6d-4f6c-89e6-78f74018b43b_314.json b/packages/security_detection_engine/kibana/security_rule/05b358de-aa6d-4f6c-89e6-78f74018b43b_314.json index 73a792e7f76..737b2c70e53 100644 --- a/packages/security_detection_engine/kibana/security_rule/05b358de-aa6d-4f6c-89e6-78f74018b43b_314.json +++ b/packages/security_detection_engine/kibana/security_rule/05b358de-aa6d-4f6c-89e6-78f74018b43b_314.json @@ -43,19 +43,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/05cad2fb-200c-407f-b472-02ea8c9e5e4a_10.json b/packages/security_detection_engine/kibana/security_rule/05cad2fb-200c-407f-b472-02ea8c9e5e4a_10.json index ddf689d2ecb..41d9de9a4fc 100644 --- a/packages/security_detection_engine/kibana/security_rule/05cad2fb-200c-407f-b472-02ea8c9e5e4a_10.json +++ b/packages/security_detection_engine/kibana/security_rule/05cad2fb-200c-407f-b472-02ea8c9e5e4a_10.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/05e5a668-7b51-4a67-93ab-e9af405c9ef3_114.json b/packages/security_detection_engine/kibana/security_rule/05e5a668-7b51-4a67-93ab-e9af405c9ef3_114.json index 200683f6496..f8ab70d6609 100644 --- a/packages/security_detection_engine/kibana/security_rule/05e5a668-7b51-4a67-93ab-e9af405c9ef3_114.json +++ b/packages/security_detection_engine/kibana/security_rule/05e5a668-7b51-4a67-93ab-e9af405c9ef3_114.json @@ -21,19 +21,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/05f2b649-dc03-4e9a-8c4e-6762469e8249_4.json b/packages/security_detection_engine/kibana/security_rule/05f2b649-dc03-4e9a-8c4e-6762469e8249_4.json index 44e6d179bad..fbfa7fdf321 100644 --- a/packages/security_detection_engine/kibana/security_rule/05f2b649-dc03-4e9a-8c4e-6762469e8249_4.json +++ b/packages/security_detection_engine/kibana/security_rule/05f2b649-dc03-4e9a-8c4e-6762469e8249_4.json @@ -13,7 +13,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0635c542-1b96-4335-9b47-126582d2c19a_217.json b/packages/security_detection_engine/kibana/security_rule/0635c542-1b96-4335-9b47-126582d2c19a_217.json index 69732a47ef7..42d92031f35 100644 --- a/packages/security_detection_engine/kibana/security_rule/0635c542-1b96-4335-9b47-126582d2c19a_217.json +++ b/packages/security_detection_engine/kibana/security_rule/0635c542-1b96-4335-9b47-126582d2c19a_217.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/064a2e08-25da-11f0-b1f1-f661ea17fbcd_5.json b/packages/security_detection_engine/kibana/security_rule/064a2e08-25da-11f0-b1f1-f661ea17fbcd_5.json index 305e74e96e0..3502254c53c 100644 --- a/packages/security_detection_engine/kibana/security_rule/064a2e08-25da-11f0-b1f1-f661ea17fbcd_5.json +++ b/packages/security_detection_engine/kibana/security_rule/064a2e08-25da-11f0-b1f1-f661ea17fbcd_5.json @@ -46,7 +46,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/06568a02-af29-4f20-929c-f3af281e41aa_114.json b/packages/security_detection_engine/kibana/security_rule/06568a02-af29-4f20-929c-f3af281e41aa_114.json index af0b6b6b478..19810d558db 100644 --- a/packages/security_detection_engine/kibana/security_rule/06568a02-af29-4f20-929c-f3af281e41aa_114.json +++ b/packages/security_detection_engine/kibana/security_rule/06568a02-af29-4f20-929c-f3af281e41aa_114.json @@ -20,15 +20,15 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0678bc9c-b71a-433b-87e6-2f664b6b3131_109.json b/packages/security_detection_engine/kibana/security_rule/0678bc9c-b71a-433b-87e6-2f664b6b3131_109.json index 41f5c4235e0..a91dd4f6b7d 100644 --- a/packages/security_detection_engine/kibana/security_rule/0678bc9c-b71a-433b-87e6-2f664b6b3131_109.json +++ b/packages/security_detection_engine/kibana/security_rule/0678bc9c-b71a-433b-87e6-2f664b6b3131_109.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "lmd", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/06a7a03c-c735-47a6-a313-51c354aef6c3_215.json b/packages/security_detection_engine/kibana/security_rule/06a7a03c-c735-47a6-a313-51c354aef6c3_215.json index 68a7217c9cd..72a53351871 100644 --- a/packages/security_detection_engine/kibana/security_rule/06a7a03c-c735-47a6-a313-51c354aef6c3_215.json +++ b/packages/security_detection_engine/kibana/security_rule/06a7a03c-c735-47a6-a313-51c354aef6c3_215.json @@ -31,27 +31,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/06d555e4-c8ce-4d90-90e1-ec7f66df5a6a_107.json b/packages/security_detection_engine/kibana/security_rule/06d555e4-c8ce-4d90-90e1-ec7f66df5a6a_107.json index b032fda4f4b..c2d617b91bb 100644 --- a/packages/security_detection_engine/kibana/security_rule/06d555e4-c8ce-4d90-90e1-ec7f66df5a6a_107.json +++ b/packages/security_detection_engine/kibana/security_rule/06d555e4-c8ce-4d90-90e1-ec7f66df5a6a_107.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/06dceabf-adca-48af-ac79-ffdf4c3b1e9a_220.json b/packages/security_detection_engine/kibana/security_rule/06dceabf-adca-48af-ac79-ffdf4c3b1e9a_220.json index c47e2dc509b..0bc517ea0c8 100644 --- a/packages/security_detection_engine/kibana/security_rule/06dceabf-adca-48af-ac79-ffdf4c3b1e9a_220.json +++ b/packages/security_detection_engine/kibana/security_rule/06dceabf-adca-48af-ac79-ffdf4c3b1e9a_220.json @@ -23,23 +23,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/06f3a26c-ea35-11ee-a417-f661ea17fbce_4.json b/packages/security_detection_engine/kibana/security_rule/06f3a26c-ea35-11ee-a417-f661ea17fbce_4.json index 91e1fdd86ae..e9115d40aa1 100644 --- a/packages/security_detection_engine/kibana/security_rule/06f3a26c-ea35-11ee-a417-f661ea17fbce_4.json +++ b/packages/security_detection_engine/kibana/security_rule/06f3a26c-ea35-11ee-a417-f661ea17fbce_4.json @@ -31,7 +31,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/074464f9-f30d-4029-8c03-0ed237fffec7_318.json b/packages/security_detection_engine/kibana/security_rule/074464f9-f30d-4029-8c03-0ed237fffec7_318.json index 9cb34f1076c..535fd2ab298 100644 --- a/packages/security_detection_engine/kibana/security_rule/074464f9-f30d-4029-8c03-0ed237fffec7_318.json +++ b/packages/security_detection_engine/kibana/security_rule/074464f9-f30d-4029-8c03-0ed237fffec7_318.json @@ -24,27 +24,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/07639887-da3a-4fbf-9532-8ce748ff8c50_210.json b/packages/security_detection_engine/kibana/security_rule/07639887-da3a-4fbf-9532-8ce748ff8c50_210.json index 428a04cc5ba..ffed865cce3 100644 --- a/packages/security_detection_engine/kibana/security_rule/07639887-da3a-4fbf-9532-8ce748ff8c50_210.json +++ b/packages/security_detection_engine/kibana/security_rule/07639887-da3a-4fbf-9532-8ce748ff8c50_210.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "github", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0787daa6-f8c5-453b-a4ec-048037f6c1cd_9.json b/packages/security_detection_engine/kibana/security_rule/0787daa6-f8c5-453b-a4ec-048037f6c1cd_9.json index aac7966c993..abb34e3d793 100644 --- a/packages/security_detection_engine/kibana/security_rule/0787daa6-f8c5-453b-a4ec-048037f6c1cd_9.json +++ b/packages/security_detection_engine/kibana/security_rule/0787daa6-f8c5-453b-a4ec-048037f6c1cd_9.json @@ -18,7 +18,7 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/07b1ef73-1fde-4a49-a34a-5dd40011b076_321.json b/packages/security_detection_engine/kibana/security_rule/07b1ef73-1fde-4a49-a34a-5dd40011b076_321.json index d47f0532444..fffab15c6b9 100644 --- a/packages/security_detection_engine/kibana/security_rule/07b1ef73-1fde-4a49-a34a-5dd40011b076_321.json +++ b/packages/security_detection_engine/kibana/security_rule/07b1ef73-1fde-4a49-a34a-5dd40011b076_321.json @@ -27,23 +27,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/07b5f85a-240f-11ed-b3d9-f661ea17fbce_112.json b/packages/security_detection_engine/kibana/security_rule/07b5f85a-240f-11ed-b3d9-f661ea17fbce_112.json index b91c400e928..69306f81ae4 100644 --- a/packages/security_detection_engine/kibana/security_rule/07b5f85a-240f-11ed-b3d9-f661ea17fbce_112.json +++ b/packages/security_detection_engine/kibana/security_rule/07b5f85a-240f-11ed-b3d9-f661ea17fbce_112.json @@ -42,7 +42,7 @@ "related_integrations": [ { "package": "google_workspace", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/07cd35a6-c267-4394-a782-6a9428aea9d3_1.json b/packages/security_detection_engine/kibana/security_rule/07cd35a6-c267-4394-a782-6a9428aea9d3_1.json index 1bb939fd752..e580c3f98fb 100644 --- a/packages/security_detection_engine/kibana/security_rule/07cd35a6-c267-4394-a782-6a9428aea9d3_1.json +++ b/packages/security_detection_engine/kibana/security_rule/07cd35a6-c267-4394-a782-6a9428aea9d3_1.json @@ -49,7 +49,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/080bc66a-5d56-4d1f-8071-817671716db9_113.json b/packages/security_detection_engine/kibana/security_rule/080bc66a-5d56-4d1f-8071-817671716db9_113.json index 177c0562b12..d9c2c62048b 100644 --- a/packages/security_detection_engine/kibana/security_rule/080bc66a-5d56-4d1f-8071-817671716db9_113.json +++ b/packages/security_detection_engine/kibana/security_rule/080bc66a-5d56-4d1f-8071-817671716db9_113.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/082e3f8c-6f80-485c-91eb-5b112cb79b28_112.json b/packages/security_detection_engine/kibana/security_rule/082e3f8c-6f80-485c-91eb-5b112cb79b28_112.json index 7fac88a5842..284ed269812 100644 --- a/packages/security_detection_engine/kibana/security_rule/082e3f8c-6f80-485c-91eb-5b112cb79b28_112.json +++ b/packages/security_detection_engine/kibana/security_rule/082e3f8c-6f80-485c-91eb-5b112cb79b28_112.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/083383af-b9a4-42b7-a463-29c40efe7797_11.json b/packages/security_detection_engine/kibana/security_rule/083383af-b9a4-42b7-a463-29c40efe7797_11.json index 8a6f1a47bb4..bc7a2fd1158 100644 --- a/packages/security_detection_engine/kibana/security_rule/083383af-b9a4-42b7-a463-29c40efe7797_11.json +++ b/packages/security_detection_engine/kibana/security_rule/083383af-b9a4-42b7-a463-29c40efe7797_11.json @@ -32,7 +32,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/083fa162-e790-4d85-9aeb-4fea04188adb_111.json b/packages/security_detection_engine/kibana/security_rule/083fa162-e790-4d85-9aeb-4fea04188adb_111.json index 57f230532a7..0c3b7eccfac 100644 --- a/packages/security_detection_engine/kibana/security_rule/083fa162-e790-4d85-9aeb-4fea04188adb_111.json +++ b/packages/security_detection_engine/kibana/security_rule/083fa162-e790-4d85-9aeb-4fea04188adb_111.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0859355c-0f08-4b43-8ff5-7d2a4789fc08_214.json b/packages/security_detection_engine/kibana/security_rule/0859355c-0f08-4b43-8ff5-7d2a4789fc08_214.json index 046eb114ff3..919c000eb9f 100644 --- a/packages/security_detection_engine/kibana/security_rule/0859355c-0f08-4b43-8ff5-7d2a4789fc08_214.json +++ b/packages/security_detection_engine/kibana/security_rule/0859355c-0f08-4b43-8ff5-7d2a4789fc08_214.json @@ -29,19 +29,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0871a5d8-6b5f-4a12-a568-fd7bc05bd8db_4.json b/packages/security_detection_engine/kibana/security_rule/0871a5d8-6b5f-4a12-a568-fd7bc05bd8db_4.json index 4e35f4a38de..b6975210f15 100644 --- a/packages/security_detection_engine/kibana/security_rule/0871a5d8-6b5f-4a12-a568-fd7bc05bd8db_4.json +++ b/packages/security_detection_engine/kibana/security_rule/0871a5d8-6b5f-4a12-a568-fd7bc05bd8db_4.json @@ -22,15 +22,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/089db1af-740d-4d84-9a5b-babd6de143b0_8.json b/packages/security_detection_engine/kibana/security_rule/089db1af-740d-4d84-9a5b-babd6de143b0_8.json index 79106070aee..c6e1cfce88d 100644 --- a/packages/security_detection_engine/kibana/security_rule/089db1af-740d-4d84-9a5b-babd6de143b0_8.json +++ b/packages/security_detection_engine/kibana/security_rule/089db1af-740d-4d84-9a5b-babd6de143b0_8.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/08be5599-3719-4bbd-8cbc-7e9cff556881_104.json b/packages/security_detection_engine/kibana/security_rule/08be5599-3719-4bbd-8cbc-7e9cff556881_104.json index 5db81569f65..877fc0828ce 100644 --- a/packages/security_detection_engine/kibana/security_rule/08be5599-3719-4bbd-8cbc-7e9cff556881_104.json +++ b/packages/security_detection_engine/kibana/security_rule/08be5599-3719-4bbd-8cbc-7e9cff556881_104.json @@ -18,15 +18,15 @@ "related_integrations": [ { "package": "pad", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/09073bf4-a8ea-4bce-9fd5-2bb56b4d31f4_2.json b/packages/security_detection_engine/kibana/security_rule/09073bf4-a8ea-4bce-9fd5-2bb56b4d31f4_2.json index 8e184a1de4e..d765c2ffa4e 100644 --- a/packages/security_detection_engine/kibana/security_rule/09073bf4-a8ea-4bce-9fd5-2bb56b4d31f4_2.json +++ b/packages/security_detection_engine/kibana/security_rule/09073bf4-a8ea-4bce-9fd5-2bb56b4d31f4_2.json @@ -21,19 +21,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/092b068f-84ac-485d-8a55-7dd9e006715f_113.json b/packages/security_detection_engine/kibana/security_rule/092b068f-84ac-485d-8a55-7dd9e006715f_113.json index 0c8feaa4ede..68f6807e8dc 100644 --- a/packages/security_detection_engine/kibana/security_rule/092b068f-84ac-485d-8a55-7dd9e006715f_113.json +++ b/packages/security_detection_engine/kibana/security_rule/092b068f-84ac-485d-8a55-7dd9e006715f_113.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/095b6a58-8f88-4b59-827c-ab584ad4e759_206.json b/packages/security_detection_engine/kibana/security_rule/095b6a58-8f88-4b59-827c-ab584ad4e759_206.json index d2cb2033281..25adbbf01bf 100644 --- a/packages/security_detection_engine/kibana/security_rule/095b6a58-8f88-4b59-827c-ab584ad4e759_206.json +++ b/packages/security_detection_engine/kibana/security_rule/095b6a58-8f88-4b59-827c-ab584ad4e759_206.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "github", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/097ef0b8-fb21-4e45-ad89-d81666349c6a_104.json b/packages/security_detection_engine/kibana/security_rule/097ef0b8-fb21-4e45-ad89-d81666349c6a_104.json index d378ebc13c8..3494b7823f3 100644 --- a/packages/security_detection_engine/kibana/security_rule/097ef0b8-fb21-4e45-ad89-d81666349c6a_104.json +++ b/packages/security_detection_engine/kibana/security_rule/097ef0b8-fb21-4e45-ad89-d81666349c6a_104.json @@ -18,15 +18,15 @@ "related_integrations": [ { "package": "pad", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/098bd5cc-fd55-438f-b354-7d6cd9856a08_4.json b/packages/security_detection_engine/kibana/security_rule/098bd5cc-fd55-438f-b354-7d6cd9856a08_4.json index dd4d6dc2aa4..0dfc8bf20db 100644 --- a/packages/security_detection_engine/kibana/security_rule/098bd5cc-fd55-438f-b354-7d6cd9856a08_4.json +++ b/packages/security_detection_engine/kibana/security_rule/098bd5cc-fd55-438f-b354-7d6cd9856a08_4.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "github", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "risk_score": 47, diff --git a/packages/security_detection_engine/kibana/security_rule/09bc6c90-7501-494d-b015-5d988dc3f233_11.json b/packages/security_detection_engine/kibana/security_rule/09bc6c90-7501-494d-b015-5d988dc3f233_11.json index 2601a60a66c..c2845e18dcd 100644 --- a/packages/security_detection_engine/kibana/security_rule/09bc6c90-7501-494d-b015-5d988dc3f233_11.json +++ b/packages/security_detection_engine/kibana/security_rule/09bc6c90-7501-494d-b015-5d988dc3f233_11.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/09d028a5-dcde-409f-8ae0-557cef1b7082_108.json b/packages/security_detection_engine/kibana/security_rule/09d028a5-dcde-409f-8ae0-557cef1b7082_108.json index fe5aa36122a..7ed37dadb65 100644 --- a/packages/security_detection_engine/kibana/security_rule/09d028a5-dcde-409f-8ae0-557cef1b7082_108.json +++ b/packages/security_detection_engine/kibana/security_rule/09d028a5-dcde-409f-8ae0-557cef1b7082_108.json @@ -24,7 +24,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0ab319ef-92b8-4c7f-989b-5de93c852e93_9.json b/packages/security_detection_engine/kibana/security_rule/0ab319ef-92b8-4c7f-989b-5de93c852e93_9.json index 6f65e789321..5e6074c3717 100644 --- a/packages/security_detection_engine/kibana/security_rule/0ab319ef-92b8-4c7f-989b-5de93c852e93_9.json +++ b/packages/security_detection_engine/kibana/security_rule/0ab319ef-92b8-4c7f-989b-5de93c852e93_9.json @@ -21,15 +21,15 @@ "related_integrations": [ { "package": "beaconing", - "version": "^1.3.0" + "version": ">=1.3.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0abf0c5b-62dd-48d2-ac4e-6b43fe3a6e83_213.json b/packages/security_detection_engine/kibana/security_rule/0abf0c5b-62dd-48d2-ac4e-6b43fe3a6e83_213.json index 253cf1eb2b7..5728403ce73 100644 --- a/packages/security_detection_engine/kibana/security_rule/0abf0c5b-62dd-48d2-ac4e-6b43fe3a6e83_213.json +++ b/packages/security_detection_engine/kibana/security_rule/0abf0c5b-62dd-48d2-ac4e-6b43fe3a6e83_213.json @@ -64,7 +64,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0b15bcad-aff1-4250-a5be-5d1b7eb56d07_10.json b/packages/security_detection_engine/kibana/security_rule/0b15bcad-aff1-4250-a5be-5d1b7eb56d07_10.json index 4e6a49437e3..1e98c7ae812 100644 --- a/packages/security_detection_engine/kibana/security_rule/0b15bcad-aff1-4250-a5be-5d1b7eb56d07_10.json +++ b/packages/security_detection_engine/kibana/security_rule/0b15bcad-aff1-4250-a5be-5d1b7eb56d07_10.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0b29cab4-dbbd-4a3f-9e8e-1287c7c11ae5_312.json b/packages/security_detection_engine/kibana/security_rule/0b29cab4-dbbd-4a3f-9e8e-1287c7c11ae5_312.json index 7024ef4f106..2f6c7ca09b9 100644 --- a/packages/security_detection_engine/kibana/security_rule/0b29cab4-dbbd-4a3f-9e8e-1287c7c11ae5_312.json +++ b/packages/security_detection_engine/kibana/security_rule/0b29cab4-dbbd-4a3f-9e8e-1287c7c11ae5_312.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/0b2f3da5-b5ec-47d1-908b-6ebb74814289_221.json b/packages/security_detection_engine/kibana/security_rule/0b2f3da5-b5ec-47d1-908b-6ebb74814289_221.json index cfc4dc570a0..e812a8f3f6b 100644 --- a/packages/security_detection_engine/kibana/security_rule/0b2f3da5-b5ec-47d1-908b-6ebb74814289_221.json +++ b/packages/security_detection_engine/kibana/security_rule/0b2f3da5-b5ec-47d1-908b-6ebb74814289_221.json @@ -26,11 +26,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0b76ad27-c3f3-4769-9e7e-3237137fdf06_6.json b/packages/security_detection_engine/kibana/security_rule/0b76ad27-c3f3-4769-9e7e-3237137fdf06_6.json index a274d7b88bf..6cd95832878 100644 --- a/packages/security_detection_engine/kibana/security_rule/0b76ad27-c3f3-4769-9e7e-3237137fdf06_6.json +++ b/packages/security_detection_engine/kibana/security_rule/0b76ad27-c3f3-4769-9e7e-3237137fdf06_6.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0b79f5c0-2c31-4fea-86cd-e62644278205_7.json b/packages/security_detection_engine/kibana/security_rule/0b79f5c0-2c31-4fea-86cd-e62644278205_7.json index e154a1ecb5e..54abcaf146f 100644 --- a/packages/security_detection_engine/kibana/security_rule/0b79f5c0-2c31-4fea-86cd-e62644278205_7.json +++ b/packages/security_detection_engine/kibana/security_rule/0b79f5c0-2c31-4fea-86cd-e62644278205_7.json @@ -41,7 +41,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0b803267-74c5-444d-ae29-32b5db2d562a_113.json b/packages/security_detection_engine/kibana/security_rule/0b803267-74c5-444d-ae29-32b5db2d562a_113.json index 3c93868c279..da774fccd4f 100644 --- a/packages/security_detection_engine/kibana/security_rule/0b803267-74c5-444d-ae29-32b5db2d562a_113.json +++ b/packages/security_detection_engine/kibana/security_rule/0b803267-74c5-444d-ae29-32b5db2d562a_113.json @@ -21,15 +21,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0b96dfd8-5b8c-4485-9a1c-69ff7839786a_112.json b/packages/security_detection_engine/kibana/security_rule/0b96dfd8-5b8c-4485-9a1c-69ff7839786a_112.json index 5aadff417b9..1731d5e1854 100644 --- a/packages/security_detection_engine/kibana/security_rule/0b96dfd8-5b8c-4485-9a1c-69ff7839786a_112.json +++ b/packages/security_detection_engine/kibana/security_rule/0b96dfd8-5b8c-4485-9a1c-69ff7839786a_112.json @@ -27,27 +27,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0bca7e73-e1b5-4fb2-801b-9b5f5be20dfe_7.json b/packages/security_detection_engine/kibana/security_rule/0bca7e73-e1b5-4fb2-801b-9b5f5be20dfe_7.json index 2a9315e7e04..9b567499bc7 100644 --- a/packages/security_detection_engine/kibana/security_rule/0bca7e73-e1b5-4fb2-801b-9b5f5be20dfe_7.json +++ b/packages/security_detection_engine/kibana/security_rule/0bca7e73-e1b5-4fb2-801b-9b5f5be20dfe_7.json @@ -14,19 +14,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "fortinet_fortigate", - "version": "^1.31.0" + "version": ">=1.31.0" }, { "package": "panw", - "version": "^5.2.0" + "version": ">=5.2.0" }, { "package": "suricata", - "version": "^2.24.0" + "version": ">=2.24.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0c04d82f-6def-4659-aa62-ed6355a51f39_1.json b/packages/security_detection_engine/kibana/security_rule/0c04d82f-6def-4659-aa62-ed6355a51f39_1.json index 8cd087b143f..5847789a74f 100644 --- a/packages/security_detection_engine/kibana/security_rule/0c04d82f-6def-4659-aa62-ed6355a51f39_1.json +++ b/packages/security_detection_engine/kibana/security_rule/0c04d82f-6def-4659-aa62-ed6355a51f39_1.json @@ -22,7 +22,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0c093569-dff9-42b6-87b1-0242d9f7d9b4_5.json b/packages/security_detection_engine/kibana/security_rule/0c093569-dff9-42b6-87b1-0242d9f7d9b4_5.json index 535cb2208c9..5522dda9dee 100644 --- a/packages/security_detection_engine/kibana/security_rule/0c093569-dff9-42b6-87b1-0242d9f7d9b4_5.json +++ b/packages/security_detection_engine/kibana/security_rule/0c093569-dff9-42b6-87b1-0242d9f7d9b4_5.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0c1e8fda-4f09-451e-bc77-a192b6cbfc32_107.json b/packages/security_detection_engine/kibana/security_rule/0c1e8fda-4f09-451e-bc77-a192b6cbfc32_107.json index f30e0156140..3f9a1ac6b98 100644 --- a/packages/security_detection_engine/kibana/security_rule/0c1e8fda-4f09-451e-bc77-a192b6cbfc32_107.json +++ b/packages/security_detection_engine/kibana/security_rule/0c1e8fda-4f09-451e-bc77-a192b6cbfc32_107.json @@ -19,15 +19,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0c3c80de-08c2-11f0-bd11-f661ea17fbcc_8.json b/packages/security_detection_engine/kibana/security_rule/0c3c80de-08c2-11f0-bd11-f661ea17fbcc_8.json index 6aa16217b21..6566af90a8c 100644 --- a/packages/security_detection_engine/kibana/security_rule/0c3c80de-08c2-11f0-bd11-f661ea17fbcc_8.json +++ b/packages/security_detection_engine/kibana/security_rule/0c3c80de-08c2-11f0-bd11-f661ea17fbcc_8.json @@ -42,7 +42,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0c74cd7e-ea35-11ee-a417-f661ea17fbce_5.json b/packages/security_detection_engine/kibana/security_rule/0c74cd7e-ea35-11ee-a417-f661ea17fbce_5.json index 96d123c978c..f859aad4fe4 100644 --- a/packages/security_detection_engine/kibana/security_rule/0c74cd7e-ea35-11ee-a417-f661ea17fbce_5.json +++ b/packages/security_detection_engine/kibana/security_rule/0c74cd7e-ea35-11ee-a417-f661ea17fbce_5.json @@ -31,7 +31,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0c7ca5c2-728d-4ad9-b1c5-bbba83ecb1f4_316.json b/packages/security_detection_engine/kibana/security_rule/0c7ca5c2-728d-4ad9-b1c5-bbba83ecb1f4_316.json index e4ae4c239e3..ffd0584dd87 100644 --- a/packages/security_detection_engine/kibana/security_rule/0c7ca5c2-728d-4ad9-b1c5-bbba83ecb1f4_316.json +++ b/packages/security_detection_engine/kibana/security_rule/0c7ca5c2-728d-4ad9-b1c5-bbba83ecb1f4_316.json @@ -24,27 +24,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0cbbb5e0-f93a-47fe-ab72-8213366c38f1_104.json b/packages/security_detection_engine/kibana/security_rule/0cbbb5e0-f93a-47fe-ab72-8213366c38f1_104.json index 9de4db9c766..3e84cb9218f 100644 --- a/packages/security_detection_engine/kibana/security_rule/0cbbb5e0-f93a-47fe-ab72-8213366c38f1_104.json +++ b/packages/security_detection_engine/kibana/security_rule/0cbbb5e0-f93a-47fe-ab72-8213366c38f1_104.json @@ -18,15 +18,15 @@ "related_integrations": [ { "package": "pad", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sysmon_linux", - "version": "^1.8.0" + "version": ">=1.8.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/0cd2f3e6-41da-40e6-b28b-466f688f00a6_8.json b/packages/security_detection_engine/kibana/security_rule/0cd2f3e6-41da-40e6-b28b-466f688f00a6_8.json index cd1e62894d9..8e968543bea 100644 --- a/packages/security_detection_engine/kibana/security_rule/0cd2f3e6-41da-40e6-b28b-466f688f00a6_8.json +++ b/packages/security_detection_engine/kibana/security_rule/0cd2f3e6-41da-40e6-b28b-466f688f00a6_8.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "aws_bedrock", - "version": "^1.1.0" + "version": ">=1.1.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0ce6487d-8069-4888-9ddd-61b52490cebc_214.json b/packages/security_detection_engine/kibana/security_rule/0ce6487d-8069-4888-9ddd-61b52490cebc_214.json index ab0edf4ea07..96aa0d01ad0 100644 --- a/packages/security_detection_engine/kibana/security_rule/0ce6487d-8069-4888-9ddd-61b52490cebc_214.json +++ b/packages/security_detection_engine/kibana/security_rule/0ce6487d-8069-4888-9ddd-61b52490cebc_214.json @@ -39,7 +39,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0d3d2254-2b4a-11f0-a019-f661ea17fbcc_11.json b/packages/security_detection_engine/kibana/security_rule/0d3d2254-2b4a-11f0-a019-f661ea17fbcc_11.json index 5b54c886284..d36dd4fec0e 100644 --- a/packages/security_detection_engine/kibana/security_rule/0d3d2254-2b4a-11f0-a019-f661ea17fbcc_11.json +++ b/packages/security_detection_engine/kibana/security_rule/0d3d2254-2b4a-11f0-a019-f661ea17fbcc_11.json @@ -24,11 +24,11 @@ { "integration": "graphactivitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" }, { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "risk_score": 47, diff --git a/packages/security_detection_engine/kibana/security_rule/0d69150b-96f8-467c-a86d-a67a3378ce77_213.json b/packages/security_detection_engine/kibana/security_rule/0d69150b-96f8-467c-a86d-a67a3378ce77_213.json index eca7425f009..1455b5fb6bc 100644 --- a/packages/security_detection_engine/kibana/security_rule/0d69150b-96f8-467c-a86d-a67a3378ce77_213.json +++ b/packages/security_detection_engine/kibana/security_rule/0d69150b-96f8-467c-a86d-a67a3378ce77_213.json @@ -27,19 +27,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0d8ad79f-9025-45d8-80c1-4f0cd3c5e8e5_115.json b/packages/security_detection_engine/kibana/security_rule/0d8ad79f-9025-45d8-80c1-4f0cd3c5e8e5_115.json index a04a1600b0b..14e10885b25 100644 --- a/packages/security_detection_engine/kibana/security_rule/0d8ad79f-9025-45d8-80c1-4f0cd3c5e8e5_115.json +++ b/packages/security_detection_engine/kibana/security_rule/0d8ad79f-9025-45d8-80c1-4f0cd3c5e8e5_115.json @@ -27,7 +27,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0d92d30a-5f3e-4b71-bc3d-4a0c4914b7e0_208.json b/packages/security_detection_engine/kibana/security_rule/0d92d30a-5f3e-4b71-bc3d-4a0c4914b7e0_208.json index 0cb87421be2..32b2ca5c34c 100644 --- a/packages/security_detection_engine/kibana/security_rule/0d92d30a-5f3e-4b71-bc3d-4a0c4914b7e0_208.json +++ b/packages/security_detection_engine/kibana/security_rule/0d92d30a-5f3e-4b71-bc3d-4a0c4914b7e0_208.json @@ -46,7 +46,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "risk_score": 47, diff --git a/packages/security_detection_engine/kibana/security_rule/0dd84246-a723-49ba-9f4e-a1e1dfa15990_1.json b/packages/security_detection_engine/kibana/security_rule/0dd84246-a723-49ba-9f4e-a1e1dfa15990_1.json index 32a0beb563c..bec74cb5789 100644 --- a/packages/security_detection_engine/kibana/security_rule/0dd84246-a723-49ba-9f4e-a1e1dfa15990_1.json +++ b/packages/security_detection_engine/kibana/security_rule/0dd84246-a723-49ba-9f4e-a1e1dfa15990_1.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0e1af929-42ed-4262-a846-55a7c54e7c84_5.json b/packages/security_detection_engine/kibana/security_rule/0e1af929-42ed-4262-a846-55a7c54e7c84_5.json index e1c1b44f896..fead71a2dbc 100644 --- a/packages/security_detection_engine/kibana/security_rule/0e1af929-42ed-4262-a846-55a7c54e7c84_5.json +++ b/packages/security_detection_engine/kibana/security_rule/0e1af929-42ed-4262-a846-55a7c54e7c84_5.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "aws_bedrock", - "version": "^1.1.0" + "version": ">=1.1.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0e42f920-047d-4568-b961-2a50db6c4713_3.json b/packages/security_detection_engine/kibana/security_rule/0e42f920-047d-4568-b961-2a50db6c4713_3.json index 4be3ff98b35..cab6b6eb2e4 100644 --- a/packages/security_detection_engine/kibana/security_rule/0e42f920-047d-4568-b961-2a50db6c4713_3.json +++ b/packages/security_detection_engine/kibana/security_rule/0e42f920-047d-4568-b961-2a50db6c4713_3.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0e4367a0-a483-439d-ad2e-d90500b925fd_208.json b/packages/security_detection_engine/kibana/security_rule/0e4367a0-a483-439d-ad2e-d90500b925fd_208.json index e738c28da2d..f37d10d97ec 100644 --- a/packages/security_detection_engine/kibana/security_rule/0e4367a0-a483-439d-ad2e-d90500b925fd_208.json +++ b/packages/security_detection_engine/kibana/security_rule/0e4367a0-a483-439d-ad2e-d90500b925fd_208.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "github", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0e52157a-8e96-4a95-a6e3-5faae5081a74_213.json b/packages/security_detection_engine/kibana/security_rule/0e52157a-8e96-4a95-a6e3-5faae5081a74_213.json index 89c220ef61d..479dba78e59 100644 --- a/packages/security_detection_engine/kibana/security_rule/0e52157a-8e96-4a95-a6e3-5faae5081a74_213.json +++ b/packages/security_detection_engine/kibana/security_rule/0e52157a-8e96-4a95-a6e3-5faae5081a74_213.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0e524fa6-eed3-11ef-82b4-f661ea17fbce_9.json b/packages/security_detection_engine/kibana/security_rule/0e524fa6-eed3-11ef-82b4-f661ea17fbce_9.json index bb6eb97d536..fd30cb460df 100644 --- a/packages/security_detection_engine/kibana/security_rule/0e524fa6-eed3-11ef-82b4-f661ea17fbce_9.json +++ b/packages/security_detection_engine/kibana/security_rule/0e524fa6-eed3-11ef-82b4-f661ea17fbce_9.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0e5acaae-6a64-4bbc-adb8-27649c03f7e1_109.json b/packages/security_detection_engine/kibana/security_rule/0e5acaae-6a64-4bbc-adb8-27649c03f7e1_109.json index f17980a9bb3..3a9f78b4d3d 100644 --- a/packages/security_detection_engine/kibana/security_rule/0e5acaae-6a64-4bbc-adb8-27649c03f7e1_109.json +++ b/packages/security_detection_engine/kibana/security_rule/0e5acaae-6a64-4bbc-adb8-27649c03f7e1_109.json @@ -24,7 +24,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0e79980b-4250-4a50-a509-69294c14e84b_216.json b/packages/security_detection_engine/kibana/security_rule/0e79980b-4250-4a50-a509-69294c14e84b_216.json index 10329384555..22cb4a6eabc 100644 --- a/packages/security_detection_engine/kibana/security_rule/0e79980b-4250-4a50-a509-69294c14e84b_216.json +++ b/packages/security_detection_engine/kibana/security_rule/0e79980b-4250-4a50-a509-69294c14e84b_216.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0ef5d3eb-67ef-43ab-93b7-305cfa5a21f6_107.json b/packages/security_detection_engine/kibana/security_rule/0ef5d3eb-67ef-43ab-93b7-305cfa5a21f6_107.json index 351cbae8150..f24cc547066 100644 --- a/packages/security_detection_engine/kibana/security_rule/0ef5d3eb-67ef-43ab-93b7-305cfa5a21f6_107.json +++ b/packages/security_detection_engine/kibana/security_rule/0ef5d3eb-67ef-43ab-93b7-305cfa5a21f6_107.json @@ -17,11 +17,11 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0f189343-dac7-4c1b-aca7-be8baa6bd02b_1.json b/packages/security_detection_engine/kibana/security_rule/0f189343-dac7-4c1b-aca7-be8baa6bd02b_1.json index 60680e9465a..d4f2776c31d 100644 --- a/packages/security_detection_engine/kibana/security_rule/0f189343-dac7-4c1b-aca7-be8baa6bd02b_1.json +++ b/packages/security_detection_engine/kibana/security_rule/0f189343-dac7-4c1b-aca7-be8baa6bd02b_1.json @@ -40,7 +40,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0f4d35e4-925e-4959-ab24-911be207ee6f_120.json b/packages/security_detection_engine/kibana/security_rule/0f4d35e4-925e-4959-ab24-911be207ee6f_120.json index fb26351fccc..0893e484dee 100644 --- a/packages/security_detection_engine/kibana/security_rule/0f4d35e4-925e-4959-ab24-911be207ee6f_120.json +++ b/packages/security_detection_engine/kibana/security_rule/0f4d35e4-925e-4959-ab24-911be207ee6f_120.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0f54e947-9ab3-4dff-9e8d-fb42493eaa2f_107.json b/packages/security_detection_engine/kibana/security_rule/0f54e947-9ab3-4dff-9e8d-fb42493eaa2f_107.json index 6f00c03ea1a..81c05da48df 100644 --- a/packages/security_detection_engine/kibana/security_rule/0f54e947-9ab3-4dff-9e8d-fb42493eaa2f_107.json +++ b/packages/security_detection_engine/kibana/security_rule/0f54e947-9ab3-4dff-9e8d-fb42493eaa2f_107.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0f56369f-eb3d-459c-a00b-87c2bf7bdfc5_109.json b/packages/security_detection_engine/kibana/security_rule/0f56369f-eb3d-459c-a00b-87c2bf7bdfc5_109.json index fde29d044a5..e5b505ff95a 100644 --- a/packages/security_detection_engine/kibana/security_rule/0f56369f-eb3d-459c-a00b-87c2bf7bdfc5_109.json +++ b/packages/security_detection_engine/kibana/security_rule/0f56369f-eb3d-459c-a00b-87c2bf7bdfc5_109.json @@ -22,15 +22,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0f5941c6-3db9-4d2f-91df-06c7c292ba45_1.json b/packages/security_detection_engine/kibana/security_rule/0f5941c6-3db9-4d2f-91df-06c7c292ba45_1.json index ee898a417f2..aecda44b4ee 100644 --- a/packages/security_detection_engine/kibana/security_rule/0f5941c6-3db9-4d2f-91df-06c7c292ba45_1.json +++ b/packages/security_detection_engine/kibana/security_rule/0f5941c6-3db9-4d2f-91df-06c7c292ba45_1.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0f5d410c-a594-4cdb-8b48-f36a61838d67_1.json b/packages/security_detection_engine/kibana/security_rule/0f5d410c-a594-4cdb-8b48-f36a61838d67_1.json index ea96f41890f..0863667e70e 100644 --- a/packages/security_detection_engine/kibana/security_rule/0f5d410c-a594-4cdb-8b48-f36a61838d67_1.json +++ b/packages/security_detection_engine/kibana/security_rule/0f5d410c-a594-4cdb-8b48-f36a61838d67_1.json @@ -42,7 +42,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0f615fe4-eaa2-11ee-ae33-f661ea17fbce_5.json b/packages/security_detection_engine/kibana/security_rule/0f615fe4-eaa2-11ee-ae33-f661ea17fbce_5.json index a5ff253d202..17ecdd897eb 100644 --- a/packages/security_detection_engine/kibana/security_rule/0f615fe4-eaa2-11ee-ae33-f661ea17fbce_5.json +++ b/packages/security_detection_engine/kibana/security_rule/0f615fe4-eaa2-11ee-ae33-f661ea17fbce_5.json @@ -31,7 +31,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0f93cb9a-1931-48c2-8cd0-f173fd3e5283_314.json b/packages/security_detection_engine/kibana/security_rule/0f93cb9a-1931-48c2-8cd0-f173fd3e5283_314.json index 7f3313cb35e..62b2094a286 100644 --- a/packages/security_detection_engine/kibana/security_rule/0f93cb9a-1931-48c2-8cd0-f173fd3e5283_314.json +++ b/packages/security_detection_engine/kibana/security_rule/0f93cb9a-1931-48c2-8cd0-f173fd3e5283_314.json @@ -33,7 +33,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0fb25791-d8d4-42ab-8fc7-4954642de85f_3.json b/packages/security_detection_engine/kibana/security_rule/0fb25791-d8d4-42ab-8fc7-4954642de85f_3.json index 0516faad17e..7289d6a218a 100644 --- a/packages/security_detection_engine/kibana/security_rule/0fb25791-d8d4-42ab-8fc7-4954642de85f_3.json +++ b/packages/security_detection_engine/kibana/security_rule/0fb25791-d8d4-42ab-8fc7-4954642de85f_3.json @@ -15,7 +15,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0fb83aa0-3d17-41e9-b09c-56397bf7a7d9_2.json b/packages/security_detection_engine/kibana/security_rule/0fb83aa0-3d17-41e9-b09c-56397bf7a7d9_2.json index 3af1539a776..0318f362ca7 100644 --- a/packages/security_detection_engine/kibana/security_rule/0fb83aa0-3d17-41e9-b09c-56397bf7a7d9_2.json +++ b/packages/security_detection_engine/kibana/security_rule/0fb83aa0-3d17-41e9-b09c-56397bf7a7d9_2.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0fe2290a-2664-4c9c-8263-b88904f12f0d_103.json b/packages/security_detection_engine/kibana/security_rule/0fe2290a-2664-4c9c-8263-b88904f12f0d_103.json index 05fb9a95def..464cf913050 100644 --- a/packages/security_detection_engine/kibana/security_rule/0fe2290a-2664-4c9c-8263-b88904f12f0d_103.json +++ b/packages/security_detection_engine/kibana/security_rule/0fe2290a-2664-4c9c-8263-b88904f12f0d_103.json @@ -17,11 +17,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0ff84c42-873d-41a2-a4ed-08d74d352d01_110.json b/packages/security_detection_engine/kibana/security_rule/0ff84c42-873d-41a2-a4ed-08d74d352d01_110.json index 4dcc88196d9..1923cc4eaf9 100644 --- a/packages/security_detection_engine/kibana/security_rule/0ff84c42-873d-41a2-a4ed-08d74d352d01_110.json +++ b/packages/security_detection_engine/kibana/security_rule/0ff84c42-873d-41a2-a4ed-08d74d352d01_110.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/0ffc3d78-44ce-4a55-b2be-98219e0eed05_1.json b/packages/security_detection_engine/kibana/security_rule/0ffc3d78-44ce-4a55-b2be-98219e0eed05_1.json index bd8bbd7587d..a9d4d697014 100644 --- a/packages/security_detection_engine/kibana/security_rule/0ffc3d78-44ce-4a55-b2be-98219e0eed05_1.json +++ b/packages/security_detection_engine/kibana/security_rule/0ffc3d78-44ce-4a55-b2be-98219e0eed05_1.json @@ -28,23 +28,23 @@ "related_integrations": [ { "package": "corelight", - "version": "^1.0.0" + "version": ">=1.0.0" }, { "package": "panw", - "version": "^5.2.0" + "version": ">=5.2.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" }, { "package": "pfsense", - "version": "^1.22.0" + "version": ">=1.22.0" }, { "package": "zeek", - "version": "^5.0.0" + "version": ">=5.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1004ad5b-6900-4d28-ab5b-472f02e1fdfb_3.json b/packages/security_detection_engine/kibana/security_rule/1004ad5b-6900-4d28-ab5b-472f02e1fdfb_3.json index f801d347aa1..d7c7c1995a7 100644 --- a/packages/security_detection_engine/kibana/security_rule/1004ad5b-6900-4d28-ab5b-472f02e1fdfb_3.json +++ b/packages/security_detection_engine/kibana/security_rule/1004ad5b-6900-4d28-ab5b-472f02e1fdfb_3.json @@ -47,7 +47,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/10445cf0-0748-11ef-ba75-f661ea17fbcc_5.json b/packages/security_detection_engine/kibana/security_rule/10445cf0-0748-11ef-ba75-f661ea17fbcc_5.json index 5c7499d343e..3b62f03ef11 100644 --- a/packages/security_detection_engine/kibana/security_rule/10445cf0-0748-11ef-ba75-f661ea17fbcc_5.json +++ b/packages/security_detection_engine/kibana/security_rule/10445cf0-0748-11ef-ba75-f661ea17fbcc_5.json @@ -19,7 +19,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/10a500bb-a28f-418e-ba29-ca4c8d1a9f2f_211.json b/packages/security_detection_engine/kibana/security_rule/10a500bb-a28f-418e-ba29-ca4c8d1a9f2f_211.json index f145fc8fabe..5ac517bc526 100644 --- a/packages/security_detection_engine/kibana/security_rule/10a500bb-a28f-418e-ba29-ca4c8d1a9f2f_211.json +++ b/packages/security_detection_engine/kibana/security_rule/10a500bb-a28f-418e-ba29-ca4c8d1a9f2f_211.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/10b63b69-9f08-4767-b318-12208f97ad41_1.json b/packages/security_detection_engine/kibana/security_rule/10b63b69-9f08-4767-b318-12208f97ad41_1.json index 497c4603c22..574ebb5e689 100644 --- a/packages/security_detection_engine/kibana/security_rule/10b63b69-9f08-4767-b318-12208f97ad41_1.json +++ b/packages/security_detection_engine/kibana/security_rule/10b63b69-9f08-4767-b318-12208f97ad41_1.json @@ -50,7 +50,7 @@ "related_integrations": [ { "package": "entityanalytics_entra_id", - "version": "^1.6.0" + "version": ">=1.6.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/10f3d520-ea35-11ee-a417-f661ea17fbce_5.json b/packages/security_detection_engine/kibana/security_rule/10f3d520-ea35-11ee-a417-f661ea17fbce_5.json index b9fbc3bee9d..416f77b3a36 100644 --- a/packages/security_detection_engine/kibana/security_rule/10f3d520-ea35-11ee-a417-f661ea17fbce_5.json +++ b/packages/security_detection_engine/kibana/security_rule/10f3d520-ea35-11ee-a417-f661ea17fbce_5.json @@ -31,7 +31,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/11013227-0301-4a8c-b150-4db924484475_112.json b/packages/security_detection_engine/kibana/security_rule/11013227-0301-4a8c-b150-4db924484475_112.json index a0651194289..9336fcafd47 100644 --- a/packages/security_detection_engine/kibana/security_rule/11013227-0301-4a8c-b150-4db924484475_112.json +++ b/packages/security_detection_engine/kibana/security_rule/11013227-0301-4a8c-b150-4db924484475_112.json @@ -24,19 +24,19 @@ "related_integrations": [ { "package": "panw", - "version": "^5.2.0" + "version": ">=5.2.0" }, { "package": "corelight", - "version": "^1.0.0" + "version": ">=1.0.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" }, { "package": "zeek", - "version": "^5.0.0" + "version": ">=5.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1160dcdb-0a0a-4a79-91d8-9b84616edebd_219.json b/packages/security_detection_engine/kibana/security_rule/1160dcdb-0a0a-4a79-91d8-9b84616edebd_219.json index b9e362e2f7f..63e09b5eaa6 100644 --- a/packages/security_detection_engine/kibana/security_rule/1160dcdb-0a0a-4a79-91d8-9b84616edebd_219.json +++ b/packages/security_detection_engine/kibana/security_rule/1160dcdb-0a0a-4a79-91d8-9b84616edebd_219.json @@ -22,23 +22,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1178ae09-5aff-460a-9f2f-455cd0ac4d8e_318.json b/packages/security_detection_engine/kibana/security_rule/1178ae09-5aff-460a-9f2f-455cd0ac4d8e_318.json index f0c9ac7f116..b89448a74fc 100644 --- a/packages/security_detection_engine/kibana/security_rule/1178ae09-5aff-460a-9f2f-455cd0ac4d8e_318.json +++ b/packages/security_detection_engine/kibana/security_rule/1178ae09-5aff-460a-9f2f-455cd0ac4d8e_318.json @@ -24,19 +24,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/11dd9713-0ec6-4110-9707-32daae1ee68c_119.json b/packages/security_detection_engine/kibana/security_rule/11dd9713-0ec6-4110-9707-32daae1ee68c_119.json index 46557505de8..7b6c7fa1615 100644 --- a/packages/security_detection_engine/kibana/security_rule/11dd9713-0ec6-4110-9707-32daae1ee68c_119.json +++ b/packages/security_detection_engine/kibana/security_rule/11dd9713-0ec6-4110-9707-32daae1ee68c_119.json @@ -42,7 +42,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/11ea6bec-ebde-4d71-a8e9-784948f8e3e9_217.json b/packages/security_detection_engine/kibana/security_rule/11ea6bec-ebde-4d71-a8e9-784948f8e3e9_217.json index 9b9f567d160..c3612b1ab57 100644 --- a/packages/security_detection_engine/kibana/security_rule/11ea6bec-ebde-4d71-a8e9-784948f8e3e9_217.json +++ b/packages/security_detection_engine/kibana/security_rule/11ea6bec-ebde-4d71-a8e9-784948f8e3e9_217.json @@ -23,11 +23,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/12051077-0124-4394-9522-8f4f4db1d674_213.json b/packages/security_detection_engine/kibana/security_rule/12051077-0124-4394-9522-8f4f4db1d674_213.json index 5b3bad83148..6824e7627f1 100644 --- a/packages/security_detection_engine/kibana/security_rule/12051077-0124-4394-9522-8f4f4db1d674_213.json +++ b/packages/security_detection_engine/kibana/security_rule/12051077-0124-4394-9522-8f4f4db1d674_213.json @@ -43,7 +43,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1224da6c-0326-4b4f-8454-68cdc5ae542b_211.json b/packages/security_detection_engine/kibana/security_rule/1224da6c-0326-4b4f-8454-68cdc5ae542b_211.json index 9e959e5fef2..66ef79b514a 100644 --- a/packages/security_detection_engine/kibana/security_rule/1224da6c-0326-4b4f-8454-68cdc5ae542b_211.json +++ b/packages/security_detection_engine/kibana/security_rule/1224da6c-0326-4b4f-8454-68cdc5ae542b_211.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "problemchild", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/1251b98a-ff45-11ee-89a1-f661ea17fbce_4.json b/packages/security_detection_engine/kibana/security_rule/1251b98a-ff45-11ee-89a1-f661ea17fbce_4.json index 6236baf15a7..e3b4f250e7c 100644 --- a/packages/security_detection_engine/kibana/security_rule/1251b98a-ff45-11ee-89a1-f661ea17fbce_4.json +++ b/packages/security_detection_engine/kibana/security_rule/1251b98a-ff45-11ee-89a1-f661ea17fbce_4.json @@ -27,7 +27,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/128468bf-cab1-4637-99ea-fdf3780a4609_212.json b/packages/security_detection_engine/kibana/security_rule/128468bf-cab1-4637-99ea-fdf3780a4609_212.json index bdbbc6bbbd8..8122839c86a 100644 --- a/packages/security_detection_engine/kibana/security_rule/128468bf-cab1-4637-99ea-fdf3780a4609_212.json +++ b/packages/security_detection_engine/kibana/security_rule/128468bf-cab1-4637-99ea-fdf3780a4609_212.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/12a2f15d-597e-4334-88ff-38a02cb1330b_211.json b/packages/security_detection_engine/kibana/security_rule/12a2f15d-597e-4334-88ff-38a02cb1330b_211.json index dc2b19f7a15..00118d03750 100644 --- a/packages/security_detection_engine/kibana/security_rule/12a2f15d-597e-4334-88ff-38a02cb1330b_211.json +++ b/packages/security_detection_engine/kibana/security_rule/12a2f15d-597e-4334-88ff-38a02cb1330b_211.json @@ -27,7 +27,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/12cbf709-69e8-4055-94f9-24314385c27e_210.json b/packages/security_detection_engine/kibana/security_rule/12cbf709-69e8-4055-94f9-24314385c27e_210.json index 96d79246a74..41b765d57bd 100644 --- a/packages/security_detection_engine/kibana/security_rule/12cbf709-69e8-4055-94f9-24314385c27e_210.json +++ b/packages/security_detection_engine/kibana/security_rule/12cbf709-69e8-4055-94f9-24314385c27e_210.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/12de29d4-bbb0-4eef-b687-857e8a163870_211.json b/packages/security_detection_engine/kibana/security_rule/12de29d4-bbb0-4eef-b687-857e8a163870_211.json index 19a470b7853..403e1b4d486 100644 --- a/packages/security_detection_engine/kibana/security_rule/12de29d4-bbb0-4eef-b687-857e8a163870_211.json +++ b/packages/security_detection_engine/kibana/security_rule/12de29d4-bbb0-4eef-b687-857e8a163870_211.json @@ -22,27 +22,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/12f07955-1674-44f7-86b5-c35da0a6f41a_322.json b/packages/security_detection_engine/kibana/security_rule/12f07955-1674-44f7-86b5-c35da0a6f41a_322.json index 97212e5a059..0b446b036cc 100644 --- a/packages/security_detection_engine/kibana/security_rule/12f07955-1674-44f7-86b5-c35da0a6f41a_322.json +++ b/packages/security_detection_engine/kibana/security_rule/12f07955-1674-44f7-86b5-c35da0a6f41a_322.json @@ -47,27 +47,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1327384f-00f3-44d5-9a8c-2373ba071e92_416.json b/packages/security_detection_engine/kibana/security_rule/1327384f-00f3-44d5-9a8c-2373ba071e92_416.json index 344e38ec9dc..ae089080f36 100644 --- a/packages/security_detection_engine/kibana/security_rule/1327384f-00f3-44d5-9a8c-2373ba071e92_416.json +++ b/packages/security_detection_engine/kibana/security_rule/1327384f-00f3-44d5-9a8c-2373ba071e92_416.json @@ -24,19 +24,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/135abb91-dcf4-48aa-b81a-5ad036b67c68_108.json b/packages/security_detection_engine/kibana/security_rule/135abb91-dcf4-48aa-b81a-5ad036b67c68_108.json index d61471be917..49b0ee7bdde 100644 --- a/packages/security_detection_engine/kibana/security_rule/135abb91-dcf4-48aa-b81a-5ad036b67c68_108.json +++ b/packages/security_detection_engine/kibana/security_rule/135abb91-dcf4-48aa-b81a-5ad036b67c68_108.json @@ -23,15 +23,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/138520d2-11ff-4288-a80e-a45b36dca4b1_104.json b/packages/security_detection_engine/kibana/security_rule/138520d2-11ff-4288-a80e-a45b36dca4b1_104.json index 6f691754b06..5fd56c1802b 100644 --- a/packages/security_detection_engine/kibana/security_rule/138520d2-11ff-4288-a80e-a45b36dca4b1_104.json +++ b/packages/security_detection_engine/kibana/security_rule/138520d2-11ff-4288-a80e-a45b36dca4b1_104.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "pad", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/138c5dd5-838b-446e-b1ac-c995c7f8108a_207.json b/packages/security_detection_engine/kibana/security_rule/138c5dd5-838b-446e-b1ac-c995c7f8108a_207.json index e9865f3f967..2283f44e1db 100644 --- a/packages/security_detection_engine/kibana/security_rule/138c5dd5-838b-446e-b1ac-c995c7f8108a_207.json +++ b/packages/security_detection_engine/kibana/security_rule/138c5dd5-838b-446e-b1ac-c995c7f8108a_207.json @@ -20,15 +20,15 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/1397e1b9-0c90-4d24-8d7b-80598eb9bc9a_215.json b/packages/security_detection_engine/kibana/security_rule/1397e1b9-0c90-4d24-8d7b-80598eb9bc9a_215.json index 16590fce4f6..ee28de67834 100644 --- a/packages/security_detection_engine/kibana/security_rule/1397e1b9-0c90-4d24-8d7b-80598eb9bc9a_215.json +++ b/packages/security_detection_engine/kibana/security_rule/1397e1b9-0c90-4d24-8d7b-80598eb9bc9a_215.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/13e908b9-7bf0-4235-abc9-b5deb500d0ad_13.json b/packages/security_detection_engine/kibana/security_rule/13e908b9-7bf0-4235-abc9-b5deb500d0ad_13.json index 3889ab7c1ad..63a27bcc5bb 100644 --- a/packages/security_detection_engine/kibana/security_rule/13e908b9-7bf0-4235-abc9-b5deb500d0ad_13.json +++ b/packages/security_detection_engine/kibana/security_rule/13e908b9-7bf0-4235-abc9-b5deb500d0ad_13.json @@ -21,11 +21,11 @@ "related_integrations": [ { "package": "problemchild", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/141e9b3a-ff37-4756-989d-05d7cbf35b0e_109.json b/packages/security_detection_engine/kibana/security_rule/141e9b3a-ff37-4756-989d-05d7cbf35b0e_109.json index 890a13ec83a..93ba66dbc5a 100644 --- a/packages/security_detection_engine/kibana/security_rule/141e9b3a-ff37-4756-989d-05d7cbf35b0e_109.json +++ b/packages/security_detection_engine/kibana/security_rule/141e9b3a-ff37-4756-989d-05d7cbf35b0e_109.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/143cb236-0956-4f42-a706-814bcaa0cf5a_112.json b/packages/security_detection_engine/kibana/security_rule/143cb236-0956-4f42-a706-814bcaa0cf5a_112.json index 016001ba32f..bdb1096ddbb 100644 --- a/packages/security_detection_engine/kibana/security_rule/143cb236-0956-4f42-a706-814bcaa0cf5a_112.json +++ b/packages/security_detection_engine/kibana/security_rule/143cb236-0956-4f42-a706-814bcaa0cf5a_112.json @@ -23,23 +23,23 @@ "related_integrations": [ { "package": "panw", - "version": "^5.2.0" + "version": ">=5.2.0" }, { "package": "pfsense", - "version": "^1.22.0" + "version": ">=1.22.0" }, { "package": "corelight", - "version": "^1.0.0" + "version": ">=1.0.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" }, { "package": "zeek", - "version": "^5.0.0" + "version": ">=5.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/14dab405-5dd9-450c-8106-72951af2391f_109.json b/packages/security_detection_engine/kibana/security_rule/14dab405-5dd9-450c-8106-72951af2391f_109.json index fdf832327ac..e2a88397c3b 100644 --- a/packages/security_detection_engine/kibana/security_rule/14dab405-5dd9-450c-8106-72951af2391f_109.json +++ b/packages/security_detection_engine/kibana/security_rule/14dab405-5dd9-450c-8106-72951af2391f_109.json @@ -24,23 +24,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/14de811c-d60f-11ec-9fd7-f661ea17fbce_211.json b/packages/security_detection_engine/kibana/security_rule/14de811c-d60f-11ec-9fd7-f661ea17fbce_211.json index c85e6a2e224..be126ed9385 100644 --- a/packages/security_detection_engine/kibana/security_rule/14de811c-d60f-11ec-9fd7-f661ea17fbce_211.json +++ b/packages/security_detection_engine/kibana/security_rule/14de811c-d60f-11ec-9fd7-f661ea17fbce_211.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/14ed1aa9-ebfd-4cf9-a463-0ac59ec55204_317.json b/packages/security_detection_engine/kibana/security_rule/14ed1aa9-ebfd-4cf9-a463-0ac59ec55204_317.json index 597690d051d..544c5bf77c2 100644 --- a/packages/security_detection_engine/kibana/security_rule/14ed1aa9-ebfd-4cf9-a463-0ac59ec55204_317.json +++ b/packages/security_detection_engine/kibana/security_rule/14ed1aa9-ebfd-4cf9-a463-0ac59ec55204_317.json @@ -25,23 +25,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/14fa0285-fe78-4843-ac8e-f4b481f49da9_8.json b/packages/security_detection_engine/kibana/security_rule/14fa0285-fe78-4843-ac8e-f4b481f49da9_8.json index 1065fe5ad2c..e698684801c 100644 --- a/packages/security_detection_engine/kibana/security_rule/14fa0285-fe78-4843-ac8e-f4b481f49da9_8.json +++ b/packages/security_detection_engine/kibana/security_rule/14fa0285-fe78-4843-ac8e-f4b481f49da9_8.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1502a836-84b2-11ef-b026-f661ea17fbcc_209.json b/packages/security_detection_engine/kibana/security_rule/1502a836-84b2-11ef-b026-f661ea17fbcc_209.json index 878b6b95782..2aa2412a240 100644 --- a/packages/security_detection_engine/kibana/security_rule/1502a836-84b2-11ef-b026-f661ea17fbcc_209.json +++ b/packages/security_detection_engine/kibana/security_rule/1502a836-84b2-11ef-b026-f661ea17fbcc_209.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/151d8f72-0747-11ef-a0c2-f661ea17fbcc_8.json b/packages/security_detection_engine/kibana/security_rule/151d8f72-0747-11ef-a0c2-f661ea17fbcc_8.json index ac747b2ab07..ba40b3ef785 100644 --- a/packages/security_detection_engine/kibana/security_rule/151d8f72-0747-11ef-a0c2-f661ea17fbcc_8.json +++ b/packages/security_detection_engine/kibana/security_rule/151d8f72-0747-11ef-a0c2-f661ea17fbcc_8.json @@ -44,7 +44,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1542fa53-955e-4330-8e4d-b2d812adeb5f_7.json b/packages/security_detection_engine/kibana/security_rule/1542fa53-955e-4330-8e4d-b2d812adeb5f_7.json index 6c25fa81275..b6eb37f9a5a 100644 --- a/packages/security_detection_engine/kibana/security_rule/1542fa53-955e-4330-8e4d-b2d812adeb5f_7.json +++ b/packages/security_detection_engine/kibana/security_rule/1542fa53-955e-4330-8e4d-b2d812adeb5f_7.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/15606250-449d-46a8-aaff-4043e42aefb9_1.json b/packages/security_detection_engine/kibana/security_rule/15606250-449d-46a8-aaff-4043e42aefb9_1.json index 3830e505624..896d5002f3d 100644 --- a/packages/security_detection_engine/kibana/security_rule/15606250-449d-46a8-aaff-4043e42aefb9_1.json +++ b/packages/security_detection_engine/kibana/security_rule/15606250-449d-46a8-aaff-4043e42aefb9_1.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/156f8c1d-bc54-46c0-a870-04e6a75526a1_1.json b/packages/security_detection_engine/kibana/security_rule/156f8c1d-bc54-46c0-a870-04e6a75526a1_1.json index 19f4bf5cbc5..323910b6994 100644 --- a/packages/security_detection_engine/kibana/security_rule/156f8c1d-bc54-46c0-a870-04e6a75526a1_1.json +++ b/packages/security_detection_engine/kibana/security_rule/156f8c1d-bc54-46c0-a870-04e6a75526a1_1.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/15a8ba77-1c13-4274-88fe-6bd14133861e_216.json b/packages/security_detection_engine/kibana/security_rule/15a8ba77-1c13-4274-88fe-6bd14133861e_216.json index ed7c6892302..f6e4c0aaf30 100644 --- a/packages/security_detection_engine/kibana/security_rule/15a8ba77-1c13-4274-88fe-6bd14133861e_216.json +++ b/packages/security_detection_engine/kibana/security_rule/15a8ba77-1c13-4274-88fe-6bd14133861e_216.json @@ -24,11 +24,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/15c0b7a7-9c34-4869-b25b-fa6518414899_320.json b/packages/security_detection_engine/kibana/security_rule/15c0b7a7-9c34-4869-b25b-fa6518414899_320.json index 4c9d6bfa587..b353a45328a 100644 --- a/packages/security_detection_engine/kibana/security_rule/15c0b7a7-9c34-4869-b25b-fa6518414899_320.json +++ b/packages/security_detection_engine/kibana/security_rule/15c0b7a7-9c34-4869-b25b-fa6518414899_320.json @@ -27,27 +27,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/15dacaa0-5b90-466b-acab-63435a59701a_113.json b/packages/security_detection_engine/kibana/security_rule/15dacaa0-5b90-466b-acab-63435a59701a_113.json index d404b8079c4..6054ee6a77c 100644 --- a/packages/security_detection_engine/kibana/security_rule/15dacaa0-5b90-466b-acab-63435a59701a_113.json +++ b/packages/security_detection_engine/kibana/security_rule/15dacaa0-5b90-466b-acab-63435a59701a_113.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1600f9e2-5be6-4742-8593-1ba50cd94069_106.json b/packages/security_detection_engine/kibana/security_rule/1600f9e2-5be6-4742-8593-1ba50cd94069_106.json index 64c08e34f26..ec1652d7fc6 100644 --- a/packages/security_detection_engine/kibana/security_rule/1600f9e2-5be6-4742-8593-1ba50cd94069_106.json +++ b/packages/security_detection_engine/kibana/security_rule/1600f9e2-5be6-4742-8593-1ba50cd94069_106.json @@ -25,23 +25,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/160896de-b66f-42cb-8fef-20f53a9006ea_104.json b/packages/security_detection_engine/kibana/security_rule/160896de-b66f-42cb-8fef-20f53a9006ea_104.json index 8bb58691a4b..a739458edd8 100644 --- a/packages/security_detection_engine/kibana/security_rule/160896de-b66f-42cb-8fef-20f53a9006ea_104.json +++ b/packages/security_detection_engine/kibana/security_rule/160896de-b66f-42cb-8fef-20f53a9006ea_104.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1615230f-beb7-48d8-9b3f-6d10674703bf_2.json b/packages/security_detection_engine/kibana/security_rule/1615230f-beb7-48d8-9b3f-6d10674703bf_2.json index ee8a8833f4e..b855fdf0abe 100644 --- a/packages/security_detection_engine/kibana/security_rule/1615230f-beb7-48d8-9b3f-6d10674703bf_2.json +++ b/packages/security_detection_engine/kibana/security_rule/1615230f-beb7-48d8-9b3f-6d10674703bf_2.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/16280f1e-57e6-4242-aa21-bb4d16f13b2f_108.json b/packages/security_detection_engine/kibana/security_rule/16280f1e-57e6-4242-aa21-bb4d16f13b2f_108.json index 2e90f1c3498..08a1de5cba2 100644 --- a/packages/security_detection_engine/kibana/security_rule/16280f1e-57e6-4242-aa21-bb4d16f13b2f_108.json +++ b/packages/security_detection_engine/kibana/security_rule/16280f1e-57e6-4242-aa21-bb4d16f13b2f_108.json @@ -24,7 +24,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/163a8f2f-c8a0-4b7e-9c4a-1184310eb7f3_3.json b/packages/security_detection_engine/kibana/security_rule/163a8f2f-c8a0-4b7e-9c4a-1184310eb7f3_3.json index 9307039e4fa..01a46d45de5 100644 --- a/packages/security_detection_engine/kibana/security_rule/163a8f2f-c8a0-4b7e-9c4a-1184310eb7f3_3.json +++ b/packages/security_detection_engine/kibana/security_rule/163a8f2f-c8a0-4b7e-9c4a-1184310eb7f3_3.json @@ -25,19 +25,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/166727ab-6768-4e26-b80c-948b228ffc06_111.json b/packages/security_detection_engine/kibana/security_rule/166727ab-6768-4e26-b80c-948b228ffc06_111.json index 84802f4f6c8..21de1024cd5 100644 --- a/packages/security_detection_engine/kibana/security_rule/166727ab-6768-4e26-b80c-948b228ffc06_111.json +++ b/packages/security_detection_engine/kibana/security_rule/166727ab-6768-4e26-b80c-948b228ffc06_111.json @@ -31,7 +31,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/16708afb-4904-4d3c-af78-63640a075cb0_1.json b/packages/security_detection_engine/kibana/security_rule/16708afb-4904-4d3c-af78-63640a075cb0_1.json index d956e153455..585f0005f38 100644 --- a/packages/security_detection_engine/kibana/security_rule/16708afb-4904-4d3c-af78-63640a075cb0_1.json +++ b/packages/security_detection_engine/kibana/security_rule/16708afb-4904-4d3c-af78-63640a075cb0_1.json @@ -20,7 +20,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/168b5538-4d54-4269-b4f5-786fa49dd850_1.json b/packages/security_detection_engine/kibana/security_rule/168b5538-4d54-4269-b4f5-786fa49dd850_1.json index 8be04997ea3..96eabbe32ee 100644 --- a/packages/security_detection_engine/kibana/security_rule/168b5538-4d54-4269-b4f5-786fa49dd850_1.json +++ b/packages/security_detection_engine/kibana/security_rule/168b5538-4d54-4269-b4f5-786fa49dd850_1.json @@ -46,7 +46,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/16904215-2c95-4ac8-bf5c-12354e047192_112.json b/packages/security_detection_engine/kibana/security_rule/16904215-2c95-4ac8-bf5c-12354e047192_112.json index 0c81a736128..f70510f0809 100644 --- a/packages/security_detection_engine/kibana/security_rule/16904215-2c95-4ac8-bf5c-12354e047192_112.json +++ b/packages/security_detection_engine/kibana/security_rule/16904215-2c95-4ac8-bf5c-12354e047192_112.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/169f3a93-efc7-4df2-94d6-0d9438c310d1_212.json b/packages/security_detection_engine/kibana/security_rule/169f3a93-efc7-4df2-94d6-0d9438c310d1_212.json index 80fe3445172..3358d14145f 100644 --- a/packages/security_detection_engine/kibana/security_rule/169f3a93-efc7-4df2-94d6-0d9438c310d1_212.json +++ b/packages/security_detection_engine/kibana/security_rule/169f3a93-efc7-4df2-94d6-0d9438c310d1_212.json @@ -42,7 +42,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/16a52c14-7883-47af-8745-9357803f0d4c_120.json b/packages/security_detection_engine/kibana/security_rule/16a52c14-7883-47af-8745-9357803f0d4c_120.json index b896664d168..0e5e636041c 100644 --- a/packages/security_detection_engine/kibana/security_rule/16a52c14-7883-47af-8745-9357803f0d4c_120.json +++ b/packages/security_detection_engine/kibana/security_rule/16a52c14-7883-47af-8745-9357803f0d4c_120.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/16acac42-b2f9-4802-9290-d6c30914db6e_8.json b/packages/security_detection_engine/kibana/security_rule/16acac42-b2f9-4802-9290-d6c30914db6e_8.json index 3a200ab2a2a..533ded3d9a6 100644 --- a/packages/security_detection_engine/kibana/security_rule/16acac42-b2f9-4802-9290-d6c30914db6e_8.json +++ b/packages/security_detection_engine/kibana/security_rule/16acac42-b2f9-4802-9290-d6c30914db6e_8.json @@ -41,7 +41,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/16fac1a1-21ee-4ca6-b720-458e3855d046_216.json b/packages/security_detection_engine/kibana/security_rule/16fac1a1-21ee-4ca6-b720-458e3855d046_216.json index 609c0df0d92..e2bdeb9dabf 100644 --- a/packages/security_detection_engine/kibana/security_rule/16fac1a1-21ee-4ca6-b720-458e3855d046_216.json +++ b/packages/security_detection_engine/kibana/security_rule/16fac1a1-21ee-4ca6-b720-458e3855d046_216.json @@ -25,11 +25,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1719ee47-89b8-4407-9d55-6dff2629dd4c_7.json b/packages/security_detection_engine/kibana/security_rule/1719ee47-89b8-4407-9d55-6dff2629dd4c_7.json index 6f668236e2a..ff3acf5df23 100644 --- a/packages/security_detection_engine/kibana/security_rule/1719ee47-89b8-4407-9d55-6dff2629dd4c_7.json +++ b/packages/security_detection_engine/kibana/security_rule/1719ee47-89b8-4407-9d55-6dff2629dd4c_7.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/17261da3-a6d0-463c-aac8-ea1718afcd20_7.json b/packages/security_detection_engine/kibana/security_rule/17261da3-a6d0-463c-aac8-ea1718afcd20_7.json index 1925149a79f..801dba03ee0 100644 --- a/packages/security_detection_engine/kibana/security_rule/17261da3-a6d0-463c-aac8-ea1718afcd20_7.json +++ b/packages/security_detection_engine/kibana/security_rule/17261da3-a6d0-463c-aac8-ea1718afcd20_7.json @@ -31,7 +31,7 @@ "related_integrations": [ { "package": "aws_bedrock", - "version": "^1.1.0" + "version": ">=1.1.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1781d055-5c66-4adf-9c59-fc0fa58336a5_310.json b/packages/security_detection_engine/kibana/security_rule/1781d055-5c66-4adf-9c59-fc0fa58336a5_310.json index 9e62175ad6e..da25dc7764b 100644 --- a/packages/security_detection_engine/kibana/security_rule/1781d055-5c66-4adf-9c59-fc0fa58336a5_310.json +++ b/packages/security_detection_engine/kibana/security_rule/1781d055-5c66-4adf-9c59-fc0fa58336a5_310.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/1781d055-5c66-4adf-9c71-fc0fa58338c7_310.json b/packages/security_detection_engine/kibana/security_rule/1781d055-5c66-4adf-9c71-fc0fa58338c7_310.json index 8a1dc803cb7..2eb43542978 100644 --- a/packages/security_detection_engine/kibana/security_rule/1781d055-5c66-4adf-9c71-fc0fa58338c7_310.json +++ b/packages/security_detection_engine/kibana/security_rule/1781d055-5c66-4adf-9c71-fc0fa58338c7_310.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/1781d055-5c66-4adf-9d60-fc0fa58337b6_311.json b/packages/security_detection_engine/kibana/security_rule/1781d055-5c66-4adf-9d60-fc0fa58337b6_311.json index 3d1fe1b6ee0..b648bfad147 100644 --- a/packages/security_detection_engine/kibana/security_rule/1781d055-5c66-4adf-9d60-fc0fa58337b6_311.json +++ b/packages/security_detection_engine/kibana/security_rule/1781d055-5c66-4adf-9d60-fc0fa58337b6_311.json @@ -23,11 +23,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/1781d055-5c66-4adf-9d82-fc0fa58449c8_310.json b/packages/security_detection_engine/kibana/security_rule/1781d055-5c66-4adf-9d82-fc0fa58449c8_310.json index 0de658b7b63..da741e2ffa5 100644 --- a/packages/security_detection_engine/kibana/security_rule/1781d055-5c66-4adf-9d82-fc0fa58449c8_310.json +++ b/packages/security_detection_engine/kibana/security_rule/1781d055-5c66-4adf-9d82-fc0fa58449c8_310.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/1781d055-5c66-4adf-9e93-fc0fa69550c9_310.json b/packages/security_detection_engine/kibana/security_rule/1781d055-5c66-4adf-9e93-fc0fa69550c9_310.json index b2f49d89de7..13d318ac4f7 100644 --- a/packages/security_detection_engine/kibana/security_rule/1781d055-5c66-4adf-9e93-fc0fa69550c9_310.json +++ b/packages/security_detection_engine/kibana/security_rule/1781d055-5c66-4adf-9e93-fc0fa69550c9_310.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/178770e0-5c20-4246-b430-e216a2888b23_105.json b/packages/security_detection_engine/kibana/security_rule/178770e0-5c20-4246-b430-e216a2888b23_105.json index 7736cd62b3a..8b80e7629a4 100644 --- a/packages/security_detection_engine/kibana/security_rule/178770e0-5c20-4246-b430-e216a2888b23_105.json +++ b/packages/security_detection_engine/kibana/security_rule/178770e0-5c20-4246-b430-e216a2888b23_105.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "pad", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/17b0a495-4d9f-414c-8ad0-92f018b8e001_20.json b/packages/security_detection_engine/kibana/security_rule/17b0a495-4d9f-414c-8ad0-92f018b8e001_20.json index de98287cf7c..e0ab33340e9 100644 --- a/packages/security_detection_engine/kibana/security_rule/17b0a495-4d9f-414c-8ad0-92f018b8e001_20.json +++ b/packages/security_detection_engine/kibana/security_rule/17b0a495-4d9f-414c-8ad0-92f018b8e001_20.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/17b3fcd1-90fb-4f5d-858c-dc1d998fa368_6.json b/packages/security_detection_engine/kibana/security_rule/17b3fcd1-90fb-4f5d-858c-dc1d998fa368_6.json index 5443095195a..beb40ff1bb3 100644 --- a/packages/security_detection_engine/kibana/security_rule/17b3fcd1-90fb-4f5d-858c-dc1d998fa368_6.json +++ b/packages/security_detection_engine/kibana/security_rule/17b3fcd1-90fb-4f5d-858c-dc1d998fa368_6.json @@ -21,19 +21,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/17c7f6a5-5bc9-4e1f-92bf-13632d24384d_218.json b/packages/security_detection_engine/kibana/security_rule/17c7f6a5-5bc9-4e1f-92bf-13632d24384d_218.json index 7e033f0f08e..986d7793a68 100644 --- a/packages/security_detection_engine/kibana/security_rule/17c7f6a5-5bc9-4e1f-92bf-13632d24384d_218.json +++ b/packages/security_detection_engine/kibana/security_rule/17c7f6a5-5bc9-4e1f-92bf-13632d24384d_218.json @@ -21,19 +21,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/17e68559-b274-4948-ad0b-f8415bb31126_209.json b/packages/security_detection_engine/kibana/security_rule/17e68559-b274-4948-ad0b-f8415bb31126_209.json index 01fae01f185..61ca239abb7 100644 --- a/packages/security_detection_engine/kibana/security_rule/17e68559-b274-4948-ad0b-f8415bb31126_209.json +++ b/packages/security_detection_engine/kibana/security_rule/17e68559-b274-4948-ad0b-f8415bb31126_209.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/181f6b23-3799-445e-9589-0018328a9e46_210.json b/packages/security_detection_engine/kibana/security_rule/181f6b23-3799-445e-9589-0018328a9e46_210.json index 72963a50a3f..f7f277cab65 100644 --- a/packages/security_detection_engine/kibana/security_rule/181f6b23-3799-445e-9589-0018328a9e46_210.json +++ b/packages/security_detection_engine/kibana/security_rule/181f6b23-3799-445e-9589-0018328a9e46_210.json @@ -43,27 +43,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/183f3cd2-4cc6-44c0-917c-c5d29ecdcf74_7.json b/packages/security_detection_engine/kibana/security_rule/183f3cd2-4cc6-44c0-917c-c5d29ecdcf74_7.json index b51cda1485b..41281f97ce0 100644 --- a/packages/security_detection_engine/kibana/security_rule/183f3cd2-4cc6-44c0-917c-c5d29ecdcf74_7.json +++ b/packages/security_detection_engine/kibana/security_rule/183f3cd2-4cc6-44c0-917c-c5d29ecdcf74_7.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/184dfe52-2999-42d9-b9d1-d1ca54495a61_109.json b/packages/security_detection_engine/kibana/security_rule/184dfe52-2999-42d9-b9d1-d1ca54495a61_109.json index 64663f881e6..6e7e3a3d37d 100644 --- a/packages/security_detection_engine/kibana/security_rule/184dfe52-2999-42d9-b9d1-d1ca54495a61_109.json +++ b/packages/security_detection_engine/kibana/security_rule/184dfe52-2999-42d9-b9d1-d1ca54495a61_109.json @@ -23,7 +23,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/185c782e-f86a-11ee-9d9f-f661ea17fbce_8.json b/packages/security_detection_engine/kibana/security_rule/185c782e-f86a-11ee-9d9f-f661ea17fbce_8.json index 4e33620ed02..9fedbf279e3 100644 --- a/packages/security_detection_engine/kibana/security_rule/185c782e-f86a-11ee-9d9f-f661ea17fbce_8.json +++ b/packages/security_detection_engine/kibana/security_rule/185c782e-f86a-11ee-9d9f-f661ea17fbce_8.json @@ -26,7 +26,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/18a5dd9a-e3fa-4996-99b1-ae533b8f27fc_109.json b/packages/security_detection_engine/kibana/security_rule/18a5dd9a-e3fa-4996-99b1-ae533b8f27fc_109.json index cd9a5aebd4d..be38c6468e7 100644 --- a/packages/security_detection_engine/kibana/security_rule/18a5dd9a-e3fa-4996-99b1-ae533b8f27fc_109.json +++ b/packages/security_detection_engine/kibana/security_rule/18a5dd9a-e3fa-4996-99b1-ae533b8f27fc_109.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "lmd", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/192657ba-ab0e-4901-89a2-911d611eee98_12.json b/packages/security_detection_engine/kibana/security_rule/192657ba-ab0e-4901-89a2-911d611eee98_12.json index edd1b1dc247..70e69269b3b 100644 --- a/packages/security_detection_engine/kibana/security_rule/192657ba-ab0e-4901-89a2-911d611eee98_12.json +++ b/packages/security_detection_engine/kibana/security_rule/192657ba-ab0e-4901-89a2-911d611eee98_12.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "fim", - "version": "^1.16.0" + "version": ">=1.16.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/193549e8-bb9e-466a-a7f9-7e783f5cb5a6_10.json b/packages/security_detection_engine/kibana/security_rule/193549e8-bb9e-466a-a7f9-7e783f5cb5a6_10.json index 19434ecc878..bf0623e7343 100644 --- a/packages/security_detection_engine/kibana/security_rule/193549e8-bb9e-466a-a7f9-7e783f5cb5a6_10.json +++ b/packages/security_detection_engine/kibana/security_rule/193549e8-bb9e-466a-a7f9-7e783f5cb5a6_10.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1955e925-6679-4535-9c1b-28ebf369f35f_2.json b/packages/security_detection_engine/kibana/security_rule/1955e925-6679-4535-9c1b-28ebf369f35f_2.json index 62302ab222e..78b0415281d 100644 --- a/packages/security_detection_engine/kibana/security_rule/1955e925-6679-4535-9c1b-28ebf369f35f_2.json +++ b/packages/security_detection_engine/kibana/security_rule/1955e925-6679-4535-9c1b-28ebf369f35f_2.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1965eab8-d17f-4b21-8c48-ad5ff133695d_6.json b/packages/security_detection_engine/kibana/security_rule/1965eab8-d17f-4b21-8c48-ad5ff133695d_6.json index da9790bff90..277522e08ed 100644 --- a/packages/security_detection_engine/kibana/security_rule/1965eab8-d17f-4b21-8c48-ad5ff133695d_6.json +++ b/packages/security_detection_engine/kibana/security_rule/1965eab8-d17f-4b21-8c48-ad5ff133695d_6.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/19de8096-e2b0-4bd8-80c9-34a820813fff_212.json b/packages/security_detection_engine/kibana/security_rule/19de8096-e2b0-4bd8-80c9-34a820813fff_212.json index acd07ac9f10..7e91926e5df 100644 --- a/packages/security_detection_engine/kibana/security_rule/19de8096-e2b0-4bd8-80c9-34a820813fff_212.json +++ b/packages/security_detection_engine/kibana/security_rule/19de8096-e2b0-4bd8-80c9-34a820813fff_212.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/19e9daf3-f5c5-4bc2-a9af-6b1e97098f03_109.json b/packages/security_detection_engine/kibana/security_rule/19e9daf3-f5c5-4bc2-a9af-6b1e97098f03_109.json index 48d282fa660..8b5ece7d58f 100644 --- a/packages/security_detection_engine/kibana/security_rule/19e9daf3-f5c5-4bc2-a9af-6b1e97098f03_109.json +++ b/packages/security_detection_engine/kibana/security_rule/19e9daf3-f5c5-4bc2-a9af-6b1e97098f03_109.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "lmd", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/19f3674c-f4a1-43bb-a89c-e4c6212275e0_4.json b/packages/security_detection_engine/kibana/security_rule/19f3674c-f4a1-43bb-a89c-e4c6212275e0_4.json index edb3f2ca10d..65aa8b983a5 100644 --- a/packages/security_detection_engine/kibana/security_rule/19f3674c-f4a1-43bb-a89c-e4c6212275e0_4.json +++ b/packages/security_detection_engine/kibana/security_rule/19f3674c-f4a1-43bb-a89c-e4c6212275e0_4.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "github", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "risk_score": 47, diff --git a/packages/security_detection_engine/kibana/security_rule/1a1046f4-9257-11f0-9a42-f661ea17fbce_3.json b/packages/security_detection_engine/kibana/security_rule/1a1046f4-9257-11f0-9a42-f661ea17fbce_3.json index 09e961ec8cf..3f80ac8368c 100644 --- a/packages/security_detection_engine/kibana/security_rule/1a1046f4-9257-11f0-9a42-f661ea17fbce_3.json +++ b/packages/security_detection_engine/kibana/security_rule/1a1046f4-9257-11f0-9a42-f661ea17fbce_3.json @@ -23,7 +23,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1a289854-5b78-49fe-9440-8a8096b1ab50_105.json b/packages/security_detection_engine/kibana/security_rule/1a289854-5b78-49fe-9440-8a8096b1ab50_105.json index 70aaa8b7518..3462d8a678f 100644 --- a/packages/security_detection_engine/kibana/security_rule/1a289854-5b78-49fe-9440-8a8096b1ab50_105.json +++ b/packages/security_detection_engine/kibana/security_rule/1a289854-5b78-49fe-9440-8a8096b1ab50_105.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1a36cace-11a7-43a8-9a10-b497c5a02cd3_109.json b/packages/security_detection_engine/kibana/security_rule/1a36cace-11a7-43a8-9a10-b497c5a02cd3_109.json index 48bef2a50a3..436cf3e712d 100644 --- a/packages/security_detection_engine/kibana/security_rule/1a36cace-11a7-43a8-9a10-b497c5a02cd3_109.json +++ b/packages/security_detection_engine/kibana/security_rule/1a36cace-11a7-43a8-9a10-b497c5a02cd3_109.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1a3f2a4c-12d0-4b88-961a-2711ee295637_5.json b/packages/security_detection_engine/kibana/security_rule/1a3f2a4c-12d0-4b88-961a-2711ee295637_5.json index 072f934d7f8..b8385c7f032 100644 --- a/packages/security_detection_engine/kibana/security_rule/1a3f2a4c-12d0-4b88-961a-2711ee295637_5.json +++ b/packages/security_detection_engine/kibana/security_rule/1a3f2a4c-12d0-4b88-961a-2711ee295637_5.json @@ -40,19 +40,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1a6075b0-7479-450e-8fe7-b8b8438ac570_320.json b/packages/security_detection_engine/kibana/security_rule/1a6075b0-7479-450e-8fe7-b8b8438ac570_320.json index 19dadec9517..e289de03cc6 100644 --- a/packages/security_detection_engine/kibana/security_rule/1a6075b0-7479-450e-8fe7-b8b8438ac570_320.json +++ b/packages/security_detection_engine/kibana/security_rule/1a6075b0-7479-450e-8fe7-b8b8438ac570_320.json @@ -28,27 +28,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1aa8fa52-44a7-4dae-b058-f3333b91c8d7_215.json b/packages/security_detection_engine/kibana/security_rule/1aa8fa52-44a7-4dae-b058-f3333b91c8d7_215.json index 5a4366d9b89..23698091754 100644 --- a/packages/security_detection_engine/kibana/security_rule/1aa8fa52-44a7-4dae-b058-f3333b91c8d7_215.json +++ b/packages/security_detection_engine/kibana/security_rule/1aa8fa52-44a7-4dae-b058-f3333b91c8d7_215.json @@ -41,7 +41,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1aa9181a-492b-4c01-8b16-fa0735786b2b_317.json b/packages/security_detection_engine/kibana/security_rule/1aa9181a-492b-4c01-8b16-fa0735786b2b_317.json index f8bfd16cea3..6edb47f93d8 100644 --- a/packages/security_detection_engine/kibana/security_rule/1aa9181a-492b-4c01-8b16-fa0735786b2b_317.json +++ b/packages/security_detection_engine/kibana/security_rule/1aa9181a-492b-4c01-8b16-fa0735786b2b_317.json @@ -24,27 +24,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1ac027c2-8c60-4715-af73-927b9c219e20_4.json b/packages/security_detection_engine/kibana/security_rule/1ac027c2-8c60-4715-af73-927b9c219e20_4.json index 65d77f0530a..cb5fe40eead 100644 --- a/packages/security_detection_engine/kibana/security_rule/1ac027c2-8c60-4715-af73-927b9c219e20_4.json +++ b/packages/security_detection_engine/kibana/security_rule/1ac027c2-8c60-4715-af73-927b9c219e20_4.json @@ -44,19 +44,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1aefed68-eecd-47cc-9044-4a394b60061d_2.json b/packages/security_detection_engine/kibana/security_rule/1aefed68-eecd-47cc-9044-4a394b60061d_2.json index eaba55d58a9..5846ca94593 100644 --- a/packages/security_detection_engine/kibana/security_rule/1aefed68-eecd-47cc-9044-4a394b60061d_2.json +++ b/packages/security_detection_engine/kibana/security_rule/1aefed68-eecd-47cc-9044-4a394b60061d_2.json @@ -25,19 +25,19 @@ "related_integrations": [ { "package": "cisco_ftd", - "version": "^3.8.0" + "version": ">=3.8.0" }, { "package": "fortinet_fortigate", - "version": "^1.31.0" + "version": ">=1.31.0" }, { "package": "panw", - "version": "^5.2.0" + "version": ">=5.2.0" }, { "package": "suricata", - "version": "^2.24.0" + "version": ">=2.24.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1b0b4818-5655-409b-9c73-341cac4bb73f_7.json b/packages/security_detection_engine/kibana/security_rule/1b0b4818-5655-409b-9c73-341cac4bb73f_7.json index 1b9f8208976..62911f7634e 100644 --- a/packages/security_detection_engine/kibana/security_rule/1b0b4818-5655-409b-9c73-341cac4bb73f_7.json +++ b/packages/security_detection_engine/kibana/security_rule/1b0b4818-5655-409b-9c73-341cac4bb73f_7.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1b1b4236-175f-4863-89f7-7f0d2da0f0e8_1.json b/packages/security_detection_engine/kibana/security_rule/1b1b4236-175f-4863-89f7-7f0d2da0f0e8_1.json index ce432df34c8..b77e4252677 100644 --- a/packages/security_detection_engine/kibana/security_rule/1b1b4236-175f-4863-89f7-7f0d2da0f0e8_1.json +++ b/packages/security_detection_engine/kibana/security_rule/1b1b4236-175f-4863-89f7-7f0d2da0f0e8_1.json @@ -35,11 +35,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1b21abcc-4d9f-4b08-a7f5-316f5f94b973_212.json b/packages/security_detection_engine/kibana/security_rule/1b21abcc-4d9f-4b08-a7f5-316f5f94b973_212.json index 1f36732d0e2..1f94b7bf357 100644 --- a/packages/security_detection_engine/kibana/security_rule/1b21abcc-4d9f-4b08-a7f5-316f5f94b973_212.json +++ b/packages/security_detection_engine/kibana/security_rule/1b21abcc-4d9f-4b08-a7f5-316f5f94b973_212.json @@ -24,11 +24,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1b5e9d4a-7c2f-4e8b-a3d6-0f9c8e2b1a4d_4.json b/packages/security_detection_engine/kibana/security_rule/1b5e9d4a-7c2f-4e8b-a3d6-0f9c8e2b1a4d_4.json index 761368ac1b9..bf3becb0bb3 100644 --- a/packages/security_detection_engine/kibana/security_rule/1b5e9d4a-7c2f-4e8b-a3d6-0f9c8e2b1a4d_4.json +++ b/packages/security_detection_engine/kibana/security_rule/1b5e9d4a-7c2f-4e8b-a3d6-0f9c8e2b1a4d_4.json @@ -26,27 +26,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1b65429e-bd92-44c0-aff8-e8065869d860_2.json b/packages/security_detection_engine/kibana/security_rule/1b65429e-bd92-44c0-aff8-e8065869d860_2.json index 5fd67a99381..8114600ae06 100644 --- a/packages/security_detection_engine/kibana/security_rule/1b65429e-bd92-44c0-aff8-e8065869d860_2.json +++ b/packages/security_detection_engine/kibana/security_rule/1b65429e-bd92-44c0-aff8-e8065869d860_2.json @@ -26,19 +26,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1c27fa22-7727-4dd3-81c0-de6da5555feb_16.json b/packages/security_detection_engine/kibana/security_rule/1c27fa22-7727-4dd3-81c0-de6da5555feb_16.json index 418c90993b6..e18d2baf9c1 100644 --- a/packages/security_detection_engine/kibana/security_rule/1c27fa22-7727-4dd3-81c0-de6da5555feb_16.json +++ b/packages/security_detection_engine/kibana/security_rule/1c27fa22-7727-4dd3-81c0-de6da5555feb_16.json @@ -18,7 +18,7 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1c28becc-ec0b-4e6d-81a5-899d00348089_1.json b/packages/security_detection_engine/kibana/security_rule/1c28becc-ec0b-4e6d-81a5-899d00348089_1.json index 9f6be965c09..62545638720 100644 --- a/packages/security_detection_engine/kibana/security_rule/1c28becc-ec0b-4e6d-81a5-899d00348089_1.json +++ b/packages/security_detection_engine/kibana/security_rule/1c28becc-ec0b-4e6d-81a5-899d00348089_1.json @@ -27,7 +27,7 @@ { "integration": "auditd", "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1c3d9346-4591-4894-935c-dad2824850f2_1.json b/packages/security_detection_engine/kibana/security_rule/1c3d9346-4591-4894-935c-dad2824850f2_1.json index d7d300332d9..491ab5ce649 100644 --- a/packages/security_detection_engine/kibana/security_rule/1c3d9346-4591-4894-935c-dad2824850f2_1.json +++ b/packages/security_detection_engine/kibana/security_rule/1c3d9346-4591-4894-935c-dad2824850f2_1.json @@ -35,7 +35,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1c5a04ae-d034-41bf-b0d8-96439b5cc774_4.json b/packages/security_detection_engine/kibana/security_rule/1c5a04ae-d034-41bf-b0d8-96439b5cc774_4.json index 02d10409046..41ff1c8420b 100644 --- a/packages/security_detection_engine/kibana/security_rule/1c5a04ae-d034-41bf-b0d8-96439b5cc774_4.json +++ b/packages/security_detection_engine/kibana/security_rule/1c5a04ae-d034-41bf-b0d8-96439b5cc774_4.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1c6a8c7a-5cb6-4a82-ba27-d5a5b8a40a38_220.json b/packages/security_detection_engine/kibana/security_rule/1c6a8c7a-5cb6-4a82-ba27-d5a5b8a40a38_220.json index ed1cbab8f94..540fc184927 100644 --- a/packages/security_detection_engine/kibana/security_rule/1c6a8c7a-5cb6-4a82-ba27-d5a5b8a40a38_220.json +++ b/packages/security_detection_engine/kibana/security_rule/1c6a8c7a-5cb6-4a82-ba27-d5a5b8a40a38_220.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1c966416-60c1-436b-bfd0-e002fddbfd89_109.json b/packages/security_detection_engine/kibana/security_rule/1c966416-60c1-436b-bfd0-e002fddbfd89_109.json index c3ce2079af3..2be403d5d87 100644 --- a/packages/security_detection_engine/kibana/security_rule/1c966416-60c1-436b-bfd0-e002fddbfd89_109.json +++ b/packages/security_detection_engine/kibana/security_rule/1c966416-60c1-436b-bfd0-e002fddbfd89_109.json @@ -22,7 +22,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1ca62f14-4787-4913-b7af-df11745a49da_209.json b/packages/security_detection_engine/kibana/security_rule/1ca62f14-4787-4913-b7af-df11745a49da_209.json index 84df8e65c6d..9dc92ef0766 100644 --- a/packages/security_detection_engine/kibana/security_rule/1ca62f14-4787-4913-b7af-df11745a49da_209.json +++ b/packages/security_detection_engine/kibana/security_rule/1ca62f14-4787-4913-b7af-df11745a49da_209.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "github", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1cd01db9-be24-4bef-8e7c-e923f0ff78ab_214.json b/packages/security_detection_engine/kibana/security_rule/1cd01db9-be24-4bef-8e7c-e923f0ff78ab_214.json index aa410466562..e1ac8c04c33 100644 --- a/packages/security_detection_engine/kibana/security_rule/1cd01db9-be24-4bef-8e7c-e923f0ff78ab_214.json +++ b/packages/security_detection_engine/kibana/security_rule/1cd01db9-be24-4bef-8e7c-e923f0ff78ab_214.json @@ -23,15 +23,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1ceb05c4-7d25-11ee-9562-f661ea17fbcd_213.json b/packages/security_detection_engine/kibana/security_rule/1ceb05c4-7d25-11ee-9562-f661ea17fbcd_213.json index a1ce932eee3..9d633228f9e 100644 --- a/packages/security_detection_engine/kibana/security_rule/1ceb05c4-7d25-11ee-9562-f661ea17fbcd_213.json +++ b/packages/security_detection_engine/kibana/security_rule/1ceb05c4-7d25-11ee-9562-f661ea17fbcd_213.json @@ -28,7 +28,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1cfb39e1-4b6c-4dc7-85fe-733e4a1a33ca_3.json b/packages/security_detection_engine/kibana/security_rule/1cfb39e1-4b6c-4dc7-85fe-733e4a1a33ca_3.json index 7852dd76f8e..5f8417e5ae1 100644 --- a/packages/security_detection_engine/kibana/security_rule/1cfb39e1-4b6c-4dc7-85fe-733e4a1a33ca_3.json +++ b/packages/security_detection_engine/kibana/security_rule/1cfb39e1-4b6c-4dc7-85fe-733e4a1a33ca_3.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1d0027d4-6717-4a37-bad8-531d8e9fe53f_5.json b/packages/security_detection_engine/kibana/security_rule/1d0027d4-6717-4a37-bad8-531d8e9fe53f_5.json index b823452f024..0a2408c72ab 100644 --- a/packages/security_detection_engine/kibana/security_rule/1d0027d4-6717-4a37-bad8-531d8e9fe53f_5.json +++ b/packages/security_detection_engine/kibana/security_rule/1d0027d4-6717-4a37-bad8-531d8e9fe53f_5.json @@ -21,19 +21,19 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1d276579-3380-4095-ad38-e596a01bc64f_216.json b/packages/security_detection_engine/kibana/security_rule/1d276579-3380-4095-ad38-e596a01bc64f_216.json index ee63513fcde..5742edcd8bb 100644 --- a/packages/security_detection_engine/kibana/security_rule/1d276579-3380-4095-ad38-e596a01bc64f_216.json +++ b/packages/security_detection_engine/kibana/security_rule/1d276579-3380-4095-ad38-e596a01bc64f_216.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1d306bf0-7bcf-4acd-83fd-042f5711acc9_3.json b/packages/security_detection_engine/kibana/security_rule/1d306bf0-7bcf-4acd-83fd-042f5711acc9_3.json index cdd93806b4a..978c5889516 100644 --- a/packages/security_detection_engine/kibana/security_rule/1d306bf0-7bcf-4acd-83fd-042f5711acc9_3.json +++ b/packages/security_detection_engine/kibana/security_rule/1d306bf0-7bcf-4acd-83fd-042f5711acc9_3.json @@ -17,11 +17,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1d485649-c486-4f1d-a99c-8d64795795ad_3.json b/packages/security_detection_engine/kibana/security_rule/1d485649-c486-4f1d-a99c-8d64795795ad_3.json index 11c205e1c89..c97d7377a9f 100644 --- a/packages/security_detection_engine/kibana/security_rule/1d485649-c486-4f1d-a99c-8d64795795ad_3.json +++ b/packages/security_detection_engine/kibana/security_rule/1d485649-c486-4f1d-a99c-8d64795795ad_3.json @@ -25,19 +25,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1d4ca9c0-ff1e-11ee-91cc-f661ea17fbce_9.json b/packages/security_detection_engine/kibana/security_rule/1d4ca9c0-ff1e-11ee-91cc-f661ea17fbce_9.json index 66c62a50a73..1733db75ad4 100644 --- a/packages/security_detection_engine/kibana/security_rule/1d4ca9c0-ff1e-11ee-91cc-f661ea17fbce_9.json +++ b/packages/security_detection_engine/kibana/security_rule/1d4ca9c0-ff1e-11ee-91cc-f661ea17fbce_9.json @@ -44,7 +44,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1d72d014-e2ab-4707-b056-9b96abe7b511_110.json b/packages/security_detection_engine/kibana/security_rule/1d72d014-e2ab-4707-b056-9b96abe7b511_110.json index 3d8ab031e43..5c1848f80d6 100644 --- a/packages/security_detection_engine/kibana/security_rule/1d72d014-e2ab-4707-b056-9b96abe7b511_110.json +++ b/packages/security_detection_engine/kibana/security_rule/1d72d014-e2ab-4707-b056-9b96abe7b511_110.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1d9aeb0b-9549-46f6-a32d-05e2a001b7fd_114.json b/packages/security_detection_engine/kibana/security_rule/1d9aeb0b-9549-46f6-a32d-05e2a001b7fd_114.json index 0a9f41b01ec..75b74dca537 100644 --- a/packages/security_detection_engine/kibana/security_rule/1d9aeb0b-9549-46f6-a32d-05e2a001b7fd_114.json +++ b/packages/security_detection_engine/kibana/security_rule/1d9aeb0b-9549-46f6-a32d-05e2a001b7fd_114.json @@ -39,7 +39,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1dc56174-5d02-4ca4-af92-e391f096fb21_2.json b/packages/security_detection_engine/kibana/security_rule/1dc56174-5d02-4ca4-af92-e391f096fb21_2.json index 55bcb7e8b52..33754e7e93f 100644 --- a/packages/security_detection_engine/kibana/security_rule/1dc56174-5d02-4ca4-af92-e391f096fb21_2.json +++ b/packages/security_detection_engine/kibana/security_rule/1dc56174-5d02-4ca4-af92-e391f096fb21_2.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1dcc51f6-ba26-49e7-9ef4-2655abb2361e_318.json b/packages/security_detection_engine/kibana/security_rule/1dcc51f6-ba26-49e7-9ef4-2655abb2361e_318.json index 43366968622..8b08e3214b2 100644 --- a/packages/security_detection_engine/kibana/security_rule/1dcc51f6-ba26-49e7-9ef4-2655abb2361e_318.json +++ b/packages/security_detection_engine/kibana/security_rule/1dcc51f6-ba26-49e7-9ef4-2655abb2361e_318.json @@ -24,27 +24,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1dee0500-4aeb-44ca-b24b-4a285d7b6ba1_12.json b/packages/security_detection_engine/kibana/security_rule/1dee0500-4aeb-44ca-b24b-4a285d7b6ba1_12.json index e58c771c9d1..65c548ba855 100644 --- a/packages/security_detection_engine/kibana/security_rule/1dee0500-4aeb-44ca-b24b-4a285d7b6ba1_12.json +++ b/packages/security_detection_engine/kibana/security_rule/1dee0500-4aeb-44ca-b24b-4a285d7b6ba1_12.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1df1152b-610a-4f48-9d7a-504f6ee5d9da_109.json b/packages/security_detection_engine/kibana/security_rule/1df1152b-610a-4f48-9d7a-504f6ee5d9da_109.json index 8174c99b6d0..6b6c4ad65ec 100644 --- a/packages/security_detection_engine/kibana/security_rule/1df1152b-610a-4f48-9d7a-504f6ee5d9da_109.json +++ b/packages/security_detection_engine/kibana/security_rule/1df1152b-610a-4f48-9d7a-504f6ee5d9da_109.json @@ -21,19 +21,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1e0a3f7c-21e7-4bb1-98c7-2036612fb1be_215.json b/packages/security_detection_engine/kibana/security_rule/1e0a3f7c-21e7-4bb1-98c7-2036612fb1be_215.json index e109f2cf09e..1e9c904e918 100644 --- a/packages/security_detection_engine/kibana/security_rule/1e0a3f7c-21e7-4bb1-98c7-2036612fb1be_215.json +++ b/packages/security_detection_engine/kibana/security_rule/1e0a3f7c-21e7-4bb1-98c7-2036612fb1be_215.json @@ -137,7 +137,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1e0b832e-957e-43ae-b319-db82d228c908_107.json b/packages/security_detection_engine/kibana/security_rule/1e0b832e-957e-43ae-b319-db82d228c908_107.json index 14f70215a18..7d481a467d7 100644 --- a/packages/security_detection_engine/kibana/security_rule/1e0b832e-957e-43ae-b319-db82d228c908_107.json +++ b/packages/security_detection_engine/kibana/security_rule/1e0b832e-957e-43ae-b319-db82d228c908_107.json @@ -24,7 +24,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1e1b2e7e-b8f5-45e5-addc-66cc1224ffbc_109.json b/packages/security_detection_engine/kibana/security_rule/1e1b2e7e-b8f5-45e5-addc-66cc1224ffbc_109.json index c0e8c1bf357..1058e360f92 100644 --- a/packages/security_detection_engine/kibana/security_rule/1e1b2e7e-b8f5-45e5-addc-66cc1224ffbc_109.json +++ b/packages/security_detection_engine/kibana/security_rule/1e1b2e7e-b8f5-45e5-addc-66cc1224ffbc_109.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1e6363a6-3af5-41d4-b7ea-d475389c0ceb_109.json b/packages/security_detection_engine/kibana/security_rule/1e6363a6-3af5-41d4-b7ea-d475389c0ceb_109.json index 5794be6867d..670f0a08aa0 100644 --- a/packages/security_detection_engine/kibana/security_rule/1e6363a6-3af5-41d4-b7ea-d475389c0ceb_109.json +++ b/packages/security_detection_engine/kibana/security_rule/1e6363a6-3af5-41d4-b7ea-d475389c0ceb_109.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1e9b271c-8caa-4e20-aed8-e91e34de9283_208.json b/packages/security_detection_engine/kibana/security_rule/1e9b271c-8caa-4e20-aed8-e91e34de9283_208.json index 42d068ba494..6bbd265f2d6 100644 --- a/packages/security_detection_engine/kibana/security_rule/1e9b271c-8caa-4e20-aed8-e91e34de9283_208.json +++ b/packages/security_detection_engine/kibana/security_rule/1e9b271c-8caa-4e20-aed8-e91e34de9283_208.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "github", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1e9fc667-9ff1-4b33-9f40-fefca8537eb0_207.json b/packages/security_detection_engine/kibana/security_rule/1e9fc667-9ff1-4b33-9f40-fefca8537eb0_207.json index 03ceef9b80f..04009aaae87 100644 --- a/packages/security_detection_engine/kibana/security_rule/1e9fc667-9ff1-4b33-9f40-fefca8537eb0_207.json +++ b/packages/security_detection_engine/kibana/security_rule/1e9fc667-9ff1-4b33-9f40-fefca8537eb0_207.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/1eb74889-18c5-4f78-8010-d8aceb7a9ef4_101.json b/packages/security_detection_engine/kibana/security_rule/1eb74889-18c5-4f78-8010-d8aceb7a9ef4_101.json index aabc4a7f8ee..e792f018213 100644 --- a/packages/security_detection_engine/kibana/security_rule/1eb74889-18c5-4f78-8010-d8aceb7a9ef4_101.json +++ b/packages/security_detection_engine/kibana/security_rule/1eb74889-18c5-4f78-8010-d8aceb7a9ef4_101.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/1f0a69c0-3392-4adf-b7d5-6012fd292da8_118.json b/packages/security_detection_engine/kibana/security_rule/1f0a69c0-3392-4adf-b7d5-6012fd292da8_118.json index 6e56ef78c56..c7bda4d7ba7 100644 --- a/packages/security_detection_engine/kibana/security_rule/1f0a69c0-3392-4adf-b7d5-6012fd292da8_118.json +++ b/packages/security_detection_engine/kibana/security_rule/1f0a69c0-3392-4adf-b7d5-6012fd292da8_118.json @@ -39,7 +39,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1f45720e-5ea8-11ef-90d2-f661ea17fbce_7.json b/packages/security_detection_engine/kibana/security_rule/1f45720e-5ea8-11ef-90d2-f661ea17fbce_7.json index 74b5999f72d..44e8ece06a1 100644 --- a/packages/security_detection_engine/kibana/security_rule/1f45720e-5ea8-11ef-90d2-f661ea17fbce_7.json +++ b/packages/security_detection_engine/kibana/security_rule/1f45720e-5ea8-11ef-90d2-f661ea17fbce_7.json @@ -38,7 +38,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1f460f12-a3cf-4105-9ebb-f788cc63f365_108.json b/packages/security_detection_engine/kibana/security_rule/1f460f12-a3cf-4105-9ebb-f788cc63f365_108.json index d287e5ab5bb..a8769e70abe 100644 --- a/packages/security_detection_engine/kibana/security_rule/1f460f12-a3cf-4105-9ebb-f788cc63f365_108.json +++ b/packages/security_detection_engine/kibana/security_rule/1f460f12-a3cf-4105-9ebb-f788cc63f365_108.json @@ -21,15 +21,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1f489c86-d9c4-40de-9316-931721ca9b45_1.json b/packages/security_detection_engine/kibana/security_rule/1f489c86-d9c4-40de-9316-931721ca9b45_1.json index b3995e7c1c9..239e57168c4 100644 --- a/packages/security_detection_engine/kibana/security_rule/1f489c86-d9c4-40de-9316-931721ca9b45_1.json +++ b/packages/security_detection_engine/kibana/security_rule/1f489c86-d9c4-40de-9316-931721ca9b45_1.json @@ -45,7 +45,7 @@ "related_integrations": [ { "package": "google_workspace", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1f56f548-94ec-4678-b1ed-b1a14cca4e3a_2.json b/packages/security_detection_engine/kibana/security_rule/1f56f548-94ec-4678-b1ed-b1a14cca4e3a_2.json index 1453635c8d4..830d04bcec7 100644 --- a/packages/security_detection_engine/kibana/security_rule/1f56f548-94ec-4678-b1ed-b1a14cca4e3a_2.json +++ b/packages/security_detection_engine/kibana/security_rule/1f56f548-94ec-4678-b1ed-b1a14cca4e3a_2.json @@ -26,11 +26,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1fa350e0-0aa2-4055-bf8f-ab8b59233e59_12.json b/packages/security_detection_engine/kibana/security_rule/1fa350e0-0aa2-4055-bf8f-ab8b59233e59_12.json index 31de16c5d34..d5591c14b34 100644 --- a/packages/security_detection_engine/kibana/security_rule/1fa350e0-0aa2-4055-bf8f-ab8b59233e59_12.json +++ b/packages/security_detection_engine/kibana/security_rule/1fa350e0-0aa2-4055-bf8f-ab8b59233e59_12.json @@ -14,7 +14,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/1faec04b-d902-4f89-8aff-92cd9043c16f_207.json b/packages/security_detection_engine/kibana/security_rule/1faec04b-d902-4f89-8aff-92cd9043c16f_207.json index 968251ab35d..8dcfed04bb2 100644 --- a/packages/security_detection_engine/kibana/security_rule/1faec04b-d902-4f89-8aff-92cd9043c16f_207.json +++ b/packages/security_detection_engine/kibana/security_rule/1faec04b-d902-4f89-8aff-92cd9043c16f_207.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/1fe3b299-fbb5-4657-a937-1d746f2c711a_220.json b/packages/security_detection_engine/kibana/security_rule/1fe3b299-fbb5-4657-a937-1d746f2c711a_220.json index 8a7b1413b44..8c5de475c96 100644 --- a/packages/security_detection_engine/kibana/security_rule/1fe3b299-fbb5-4657-a937-1d746f2c711a_220.json +++ b/packages/security_detection_engine/kibana/security_rule/1fe3b299-fbb5-4657-a937-1d746f2c711a_220.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/201200f1-a99b-43fb-88ed-f65a45c4972c_319.json b/packages/security_detection_engine/kibana/security_rule/201200f1-a99b-43fb-88ed-f65a45c4972c_319.json index 3dbc60ea097..aa8927b2b9a 100644 --- a/packages/security_detection_engine/kibana/security_rule/201200f1-a99b-43fb-88ed-f65a45c4972c_319.json +++ b/packages/security_detection_engine/kibana/security_rule/201200f1-a99b-43fb-88ed-f65a45c4972c_319.json @@ -24,27 +24,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2014ebd8-b847-4cc0-a827-d0d61ec88680_1.json b/packages/security_detection_engine/kibana/security_rule/2014ebd8-b847-4cc0-a827-d0d61ec88680_1.json index 17129ab39a1..c319322bb91 100644 --- a/packages/security_detection_engine/kibana/security_rule/2014ebd8-b847-4cc0-a827-d0d61ec88680_1.json +++ b/packages/security_detection_engine/kibana/security_rule/2014ebd8-b847-4cc0-a827-d0d61ec88680_1.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/202829f6-0271-4e88-b882-11a655c590d4_109.json b/packages/security_detection_engine/kibana/security_rule/202829f6-0271-4e88-b882-11a655c590d4_109.json index 0cc43c58b85..eba941503e8 100644 --- a/packages/security_detection_engine/kibana/security_rule/202829f6-0271-4e88-b882-11a655c590d4_109.json +++ b/packages/security_detection_engine/kibana/security_rule/202829f6-0271-4e88-b882-11a655c590d4_109.json @@ -22,15 +22,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/203ab79b-239b-4aa5-8e54-fc50623ee8e4_317.json b/packages/security_detection_engine/kibana/security_rule/203ab79b-239b-4aa5-8e54-fc50623ee8e4_317.json index 1145edc75a1..ed7159fdb3e 100644 --- a/packages/security_detection_engine/kibana/security_rule/203ab79b-239b-4aa5-8e54-fc50623ee8e4_317.json +++ b/packages/security_detection_engine/kibana/security_rule/203ab79b-239b-4aa5-8e54-fc50623ee8e4_317.json @@ -28,19 +28,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2045567e-b0af-444a-8c0b-0b6e2dae9e13_212.json b/packages/security_detection_engine/kibana/security_rule/2045567e-b0af-444a-8c0b-0b6e2dae9e13_212.json index 71dc0c394cb..785afe108ef 100644 --- a/packages/security_detection_engine/kibana/security_rule/2045567e-b0af-444a-8c0b-0b6e2dae9e13_212.json +++ b/packages/security_detection_engine/kibana/security_rule/2045567e-b0af-444a-8c0b-0b6e2dae9e13_212.json @@ -42,7 +42,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/20457e4f-d1de-4b92-ae69-142e27a4342a_215.json b/packages/security_detection_engine/kibana/security_rule/20457e4f-d1de-4b92-ae69-142e27a4342a_215.json index 62e4cf56050..1f9a5838a0a 100644 --- a/packages/security_detection_engine/kibana/security_rule/20457e4f-d1de-4b92-ae69-142e27a4342a_215.json +++ b/packages/security_detection_engine/kibana/security_rule/20457e4f-d1de-4b92-ae69-142e27a4342a_215.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/205b52c4-9c28-4af4-8979-935f3278d61a_209.json b/packages/security_detection_engine/kibana/security_rule/205b52c4-9c28-4af4-8979-935f3278d61a_209.json index a5e1b6658ff..09d9dc7d9b9 100644 --- a/packages/security_detection_engine/kibana/security_rule/205b52c4-9c28-4af4-8979-935f3278d61a_209.json +++ b/packages/security_detection_engine/kibana/security_rule/205b52c4-9c28-4af4-8979-935f3278d61a_209.json @@ -24,23 +24,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/208dbe77-01ed-4954-8d44-1e5751cb20de_218.json b/packages/security_detection_engine/kibana/security_rule/208dbe77-01ed-4954-8d44-1e5751cb20de_218.json index f218c462cc7..9f2abe089b0 100644 --- a/packages/security_detection_engine/kibana/security_rule/208dbe77-01ed-4954-8d44-1e5751cb20de_218.json +++ b/packages/security_detection_engine/kibana/security_rule/208dbe77-01ed-4954-8d44-1e5751cb20de_218.json @@ -72,11 +72,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/210d4430-b371-470e-b879-80b7182aa75e_11.json b/packages/security_detection_engine/kibana/security_rule/210d4430-b371-470e-b879-80b7182aa75e_11.json index 77bc30e3de3..d68df2885bd 100644 --- a/packages/security_detection_engine/kibana/security_rule/210d4430-b371-470e-b879-80b7182aa75e_11.json +++ b/packages/security_detection_engine/kibana/security_rule/210d4430-b371-470e-b879-80b7182aa75e_11.json @@ -20,19 +20,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2112ecce-cd34-11ef-873f-f661ea17fbcd_6.json b/packages/security_detection_engine/kibana/security_rule/2112ecce-cd34-11ef-873f-f661ea17fbcd_6.json index b6b2c982411..099ddfec0fe 100644 --- a/packages/security_detection_engine/kibana/security_rule/2112ecce-cd34-11ef-873f-f661ea17fbcd_6.json +++ b/packages/security_detection_engine/kibana/security_rule/2112ecce-cd34-11ef-873f-f661ea17fbcd_6.json @@ -52,7 +52,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2138bb70-5a5e-42fd-be5e-b38edf6a6777_9.json b/packages/security_detection_engine/kibana/security_rule/2138bb70-5a5e-42fd-be5e-b38edf6a6777_9.json index d4ff8f45c14..0afc75a5098 100644 --- a/packages/security_detection_engine/kibana/security_rule/2138bb70-5a5e-42fd-be5e-b38edf6a6777_9.json +++ b/packages/security_detection_engine/kibana/security_rule/2138bb70-5a5e-42fd-be5e-b38edf6a6777_9.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/214d4e03-90b0-4813-9ab6-672b47158590_3.json b/packages/security_detection_engine/kibana/security_rule/214d4e03-90b0-4813-9ab6-672b47158590_3.json index ba4af55b332..a64ede7c1bf 100644 --- a/packages/security_detection_engine/kibana/security_rule/214d4e03-90b0-4813-9ab6-672b47158590_3.json +++ b/packages/security_detection_engine/kibana/security_rule/214d4e03-90b0-4813-9ab6-672b47158590_3.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "github", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/21bafdf0-cf17-11ed-bd57-f661ea17fbcc_12.json b/packages/security_detection_engine/kibana/security_rule/21bafdf0-cf17-11ed-bd57-f661ea17fbcc_12.json index b547af2773d..369ad4fb6c7 100644 --- a/packages/security_detection_engine/kibana/security_rule/21bafdf0-cf17-11ed-bd57-f661ea17fbcc_12.json +++ b/packages/security_detection_engine/kibana/security_rule/21bafdf0-cf17-11ed-bd57-f661ea17fbcc_12.json @@ -43,7 +43,7 @@ "related_integrations": [ { "package": "google_workspace", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/21c3536f-b674-43db-9bfc-dcf4cf9dcc37_2.json b/packages/security_detection_engine/kibana/security_rule/21c3536f-b674-43db-9bfc-dcf4cf9dcc37_2.json index 9c5f70a2b5f..8b3ade7c352 100644 --- a/packages/security_detection_engine/kibana/security_rule/21c3536f-b674-43db-9bfc-dcf4cf9dcc37_2.json +++ b/packages/security_detection_engine/kibana/security_rule/21c3536f-b674-43db-9bfc-dcf4cf9dcc37_2.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "github", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/220be143-5c67-4fdb-b6ce-dd6826d024fd_113.json b/packages/security_detection_engine/kibana/security_rule/220be143-5c67-4fdb-b6ce-dd6826d024fd_113.json index e0e8d4102e3..030db639601 100644 --- a/packages/security_detection_engine/kibana/security_rule/220be143-5c67-4fdb-b6ce-dd6826d024fd_113.json +++ b/packages/security_detection_engine/kibana/security_rule/220be143-5c67-4fdb-b6ce-dd6826d024fd_113.json @@ -25,15 +25,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/220d92c6-479d-4a49-9cc0-3a29756dad0c_2.json b/packages/security_detection_engine/kibana/security_rule/220d92c6-479d-4a49-9cc0-3a29756dad0c_2.json index 8c4787e957c..a190f399f0a 100644 --- a/packages/security_detection_engine/kibana/security_rule/220d92c6-479d-4a49-9cc0-3a29756dad0c_2.json +++ b/packages/security_detection_engine/kibana/security_rule/220d92c6-479d-4a49-9cc0-3a29756dad0c_2.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2215b8bd-1759-4ffa-8ab8-55c8e6b32e7f_210.json b/packages/security_detection_engine/kibana/security_rule/2215b8bd-1759-4ffa-8ab8-55c8e6b32e7f_210.json index 91821ff0466..761c0967d50 100644 --- a/packages/security_detection_engine/kibana/security_rule/2215b8bd-1759-4ffa-8ab8-55c8e6b32e7f_210.json +++ b/packages/security_detection_engine/kibana/security_rule/2215b8bd-1759-4ffa-8ab8-55c8e6b32e7f_210.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/22599847-5d13-48cb-8872-5796fee8692b_112.json b/packages/security_detection_engine/kibana/security_rule/22599847-5d13-48cb-8872-5796fee8692b_112.json index bdd9e9c3532..214fcd866e2 100644 --- a/packages/security_detection_engine/kibana/security_rule/22599847-5d13-48cb-8872-5796fee8692b_112.json +++ b/packages/security_detection_engine/kibana/security_rule/22599847-5d13-48cb-8872-5796fee8692b_112.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/227cf26a-88d1-4bcb-bf4c-925e5875abcf_3.json b/packages/security_detection_engine/kibana/security_rule/227cf26a-88d1-4bcb-bf4c-925e5875abcf_3.json index f177cbce385..47910ae605f 100644 --- a/packages/security_detection_engine/kibana/security_rule/227cf26a-88d1-4bcb-bf4c-925e5875abcf_3.json +++ b/packages/security_detection_engine/kibana/security_rule/227cf26a-88d1-4bcb-bf4c-925e5875abcf_3.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/227dc608-e558-43d9-b521-150772250bae_214.json b/packages/security_detection_engine/kibana/security_rule/227dc608-e558-43d9-b521-150772250bae_214.json index ea0b6a5d53d..2c28cd105e0 100644 --- a/packages/security_detection_engine/kibana/security_rule/227dc608-e558-43d9-b521-150772250bae_214.json +++ b/packages/security_detection_engine/kibana/security_rule/227dc608-e558-43d9-b521-150772250bae_214.json @@ -47,7 +47,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2302fb59-5201-46ec-b433-6044adb37b0b_1.json b/packages/security_detection_engine/kibana/security_rule/2302fb59-5201-46ec-b433-6044adb37b0b_1.json index 95a1ee83fe7..74aea64a134 100644 --- a/packages/security_detection_engine/kibana/security_rule/2302fb59-5201-46ec-b433-6044adb37b0b_1.json +++ b/packages/security_detection_engine/kibana/security_rule/2302fb59-5201-46ec-b433-6044adb37b0b_1.json @@ -22,7 +22,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2326d1b2-9acf-4dee-bd21-867ea7378b4d_109.json b/packages/security_detection_engine/kibana/security_rule/2326d1b2-9acf-4dee-bd21-867ea7378b4d_109.json index 19161f778ea..2a1486d9b30 100644 --- a/packages/security_detection_engine/kibana/security_rule/2326d1b2-9acf-4dee-bd21-867ea7378b4d_109.json +++ b/packages/security_detection_engine/kibana/security_rule/2326d1b2-9acf-4dee-bd21-867ea7378b4d_109.json @@ -23,7 +23,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2339f03c-f53f-40fa-834b-40c5983fc41f_215.json b/packages/security_detection_engine/kibana/security_rule/2339f03c-f53f-40fa-834b-40c5983fc41f_215.json deleted file mode 100644 index ae98ce2f50d..00000000000 --- a/packages/security_detection_engine/kibana/security_rule/2339f03c-f53f-40fa-834b-40c5983fc41f_215.json +++ /dev/null @@ -1,136 +0,0 @@ -{ - "attributes": { - "author": [ - "Elastic" - ], - "description": "Detects the use of the insmod binary to load a Linux kernel object file. Threat actors can use this binary, given they have root privileges, to load a rootkit on a system providing them with complete control and the ability to hide from security products. Manually loading a kernel module in this manner should not be at all common and can indicate suspcious or malicious behavior.", - "from": "now-9m", - "index": [ - "auditbeat-*", - "endgame-*", - "logs-auditd_manager.auditd-*", - "logs-endpoint.events.process*", - "logs-sentinel_one_cloud_funnel.*", - "logs-crowdstrike.fdr*" - ], - "language": "eql", - "license": "Elastic License v2", - "name": "Kernel Module Load via insmod", - "note": "## Triage and analysis\n\n### Investigating Kernel module load via insmod\n\nThe insmod binary is a Linux utility that allows users with root privileges to load kernel modules, which are object files that extend the functionality of the kernel. \n\nThreat actors can abuse this utility to load rootkits, granting them full control over the system and the ability to evade security products.\n\nThe detection rule 'Kernel module load via insmod' is designed to identify instances where the insmod binary is used to load a kernel object file (with a .ko extension) on a Linux system. This activity is uncommon and may indicate suspicious or malicious behavior.\n\n> **Note**:\n> This investigation guide uses the [Osquery Markdown Plugin](https://www.elastic.co/guide/en/security/current/invest-guide-run-osquery.html) introduced in Elastic Stack version 8.5.0. Older Elastic Stack versions will display unrendered Markdown in this guide.\n> This investigation guide uses [placeholder fields](https://www.elastic.co/guide/en/security/current/osquery-placeholder-fields.html) to dynamically pass alert data into Osquery queries. Placeholder fields were introduced in Elastic Stack version 8.7.0. If you're using Elastic Stack version 8.6.0 or earlier, you'll need to manually adjust this investigation guide's queries to ensure they properly run.\n\n### Possible investigation steps\n\n- Investigate the kernel object file that was loaded via insmod.\n - !{osquery{\"label\":\"Osquery - Retrieve Running Processes by User\",\"query\":\"SELECT pid, username, name FROM processes p JOIN users u ON u.uid = p.uid ORDER BY username\"}}\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence and whether they are located in expected locations.\n - !{osquery{\"label\":\"Osquery - Retrieve Listening Ports\",\"query\":\"SELECT pid, address, port, socket, protocol, path FROM listening_ports\"}}\n- Investigate the kernel ring buffer for any warnings or messages, such as tainted or out-of-tree kernel module loads through `dmesg`.\n- Investigate syslog for any unusual segfaults or other messages. Rootkits may be installed on targets with different architecture as expected, and could potentially cause segmentation faults. \n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Validate the activity is not related to planned patches, updates, network administrator activity, or legitimate software installations.\n- Investigate whether the altered scripts call other malicious scripts elsewhere on the file system. \n - If scripts or executables were dropped, retrieve the files and determine if they are malicious:\n - Use a private sandboxed malware analysis system to perform analysis.\n - Observe and collect information about the following activities:\n - Attempts to contact external domains and addresses.\n - Check if the domain is newly registered or unexpected.\n - Check the reputation of the domain or IP address.\n - File access, modification, and creation activities.\n- Investigate abnormal behaviors by the subject process/user such as network connections, file modifications, and any other spawned child processes.\n - Investigate listening ports and open sockets to look for potential command and control traffic or data exfiltration.\n - !{osquery{\"label\":\"Osquery - Retrieve Open Sockets\",\"query\":\"SELECT pid, family, remote_address, remote_port, socket, state FROM process_open_sockets\"}}\n - !{osquery{\"label\":\"Osquery - Retrieve Information for a Specific User\",\"query\":\"SELECT * FROM users WHERE username = {{user.name}}\"}}\n - Identify the user account that performed the action, analyze it, and check whether it should perform this kind of action.\n - !{osquery{\"label\":\"Osquery - Investigate the Account Authentication Status\",\"query\":\"SELECT * FROM logged_in_users WHERE user = {{user.name}}\"}}\n- Investigate whether the user is currently logged in and active.\n - $osquery_6\n\n### False positive analysis\n\n- If this activity is related to new benign software installation activity, consider adding exceptions \u2014 preferably with a combination of user and command line conditions.\n- If this activity is related to a system administrator who uses cron jobs for administrative purposes, consider adding exceptions for this specific administrator user account. \n- Try to understand the context of the execution by thinking about the user, machine, or business purpose. A small number of endpoints, such as servers with unique software, might appear unusual but satisfy a specific business need.\n\n### Related Rules\n\n- Kernel Driver Load - 3e12a439-d002-4944-bc42-171c0dcb9b96\n- Tainted Out-Of-Tree Kernel Module Load - 51a09737-80f7-4551-a3be-dac8ef5d181a\n- Tainted Kernel Module Load - 05cad2fb-200c-407f-b472-02ea8c9e5e4a\n- Attempt to Clear Kernel Ring Buffer - 2724808c-ba5d-48b2-86d2-0002103df753\n- Enumeration of Kernel Modules via Proc - 80084fa9-8677-4453-8680-b891d3c0c778\n- Suspicious Modprobe File Event - 40ddbcc8-6561-44d9-afc8-eefdbfe0cccd\n- Kernel Module Removal - cd66a5af-e34b-4bb0-8931-57d0a043f2ef\n- Enumeration of Kernel Modules - 2d8043ed-5bda-4caf-801c-c1feb7410504\n\n### Response and Remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further post-compromise behavior.\n- If the triage identified malware, search the environment for additional compromised hosts.\n - Implement temporary network rules, procedures, and segmentation to contain the malware.\n - Stop suspicious processes.\n - Immediately block the identified indicators of compromise (IoCs).\n - Inspect the affected systems for additional malware backdoors like reverse shells, reverse proxies, or droppers that attackers could use to reinfect the system.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Leverage the incident response data and logging to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n", - "query": "process where host.os.type == \"linux\" and event.type == \"start\" and\nevent.action in (\"exec\", \"exec_event\", \"start\", \"ProcessRollup2\", \"executed\", \"process_started\") and\nprocess.name == \"insmod\" and process.args : \"*.ko\" and\nnot (\n ?process.parent.executable like (\"/opt/ds_agent/*\", \"/opt/TrendMicro/vls_agent/*\", \"/opt/intel/oneapi/*\") or\n ?process.working_directory in (\"/opt/vinchin/agent\", \"/var/opt/ds_agent/am\", \"/opt/ds_agent\", \"/var/opt/TrendMicro/vls_agent/am\") or\n ?process.parent.executable in (\n \"/usr/lib/uptrack/ksplice-apply\", \"/opt/commvault/commvault/Base/linux_drv\", \"/opt/cisco/amp/bin/cisco-amp-helper\",\n \"/usr/bin/kcarectl\", \"/usr/share/ksplice/ksplice-apply\", \"/opt/commvault/Base/linux_drv\", \"/usr/sbin/veeamsnap-loader\",\n \"/bin/falcoctl\"\n ) or\n (?process.parent.name like (\"python*\", \"platform-python*\") and ?process.parent.args in (\"--smart-update\", \"--auto-update\"))\n)\n", - "references": [ - "https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/" - ], - "related_integrations": [ - { - "package": "endpoint", - "version": "^9.0.0" - }, - { - "package": "auditd_manager", - "version": "^1.18.0" - }, - { - "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" - }, - { - "package": "crowdstrike", - "version": "^3.0.0" - } - ], - "required_fields": [ - { - "ecs": true, - "name": "event.action", - "type": "keyword" - }, - { - "ecs": true, - "name": "event.type", - "type": "keyword" - }, - { - "ecs": true, - "name": "host.os.type", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.args", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.name", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.parent.args", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.parent.executable", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.parent.name", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.working_directory", - "type": "keyword" - } - ], - "risk_score": 47, - "rule_id": "2339f03c-f53f-40fa-834b-40c5983fc41f", - "setup": "## Setup\n\nThis rule requires data coming in from Elastic Defend.\n\n### Elastic Defend Integration Setup\nElastic Defend is integrated into the Elastic Agent using Fleet. Upon configuration, the integration allows the Elastic Agent to monitor events on your host and send data to the Elastic Security app.\n\n#### Prerequisite Requirements:\n- Fleet is required for Elastic Defend.\n- To configure Fleet Server refer to the [documentation](https://www.elastic.co/guide/en/fleet/current/fleet-server.html).\n\n#### The following steps should be executed in order to add the Elastic Defend integration on a Linux System:\n- Go to the Kibana home page and click \"Add integrations\".\n- In the query bar, search for \"Elastic Defend\" and select the integration to see more details about it.\n- Click \"Add Elastic Defend\".\n- Configure the integration name and optionally add a description.\n- Select the type of environment you want to protect, either \"Traditional Endpoints\" or \"Cloud Workloads\".\n- Select a configuration preset. Each preset comes with different default settings for Elastic Agent, you can further customize these later by configuring the Elastic Defend integration policy. [Helper guide](https://www.elastic.co/guide/en/security/current/configure-endpoint-integration-policy.html).\n- We suggest selecting \"Complete EDR (Endpoint Detection and Response)\" as a configuration setting, that provides \"All events; all preventions\"\n- Enter a name for the agent policy in \"New agent policy name\". If other agent policies already exist, you can click the \"Existing hosts\" tab and select an existing policy instead.\nFor more details on Elastic Agent configuration settings, refer to the [helper guide](https://www.elastic.co/guide/en/fleet/8.10/agent-policy.html).\n- Click \"Save and Continue\".\n- To complete the integration, select \"Add Elastic Agent to your hosts\" and continue to the next section to install the Elastic Agent on your hosts.\nFor more details on Elastic Defend refer to the [helper guide](https://www.elastic.co/guide/en/security/current/install-endpoint.html).\n", - "severity": "medium", - "tags": [ - "Domain: Endpoint", - "OS: Linux", - "Use Case: Threat Detection", - "Tactic: Persistence", - "Threat: Rootkit", - "Data Source: Elastic Endgame", - "Data Source: Elastic Defend", - "Data Source: Auditd Manager", - "Data Source: SentinelOne", - "Data Source: Crowdstrike", - "Resources: Investigation Guide" - ], - "threat": [ - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0003", - "name": "Persistence", - "reference": "https://attack.mitre.org/tactics/TA0003/" - }, - "technique": [ - { - "id": "T1547", - "name": "Boot or Logon Autostart Execution", - "reference": "https://attack.mitre.org/techniques/T1547/", - "subtechnique": [ - { - "id": "T1547.006", - "name": "Kernel Modules and Extensions", - "reference": "https://attack.mitre.org/techniques/T1547/006/" - } - ] - } - ] - } - ], - "timestamp_override": "event.ingested", - "type": "eql", - "version": 215 - }, - "id": "2339f03c-f53f-40fa-834b-40c5983fc41f_215", - "type": "security-rule" -} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/2339f03c-f53f-40fa-834b-40c5983fc41f_317.json b/packages/security_detection_engine/kibana/security_rule/2339f03c-f53f-40fa-834b-40c5983fc41f_317.json index c821cd32822..fecad2986b3 100644 --- a/packages/security_detection_engine/kibana/security_rule/2339f03c-f53f-40fa-834b-40c5983fc41f_317.json +++ b/packages/security_detection_engine/kibana/security_rule/2339f03c-f53f-40fa-834b-40c5983fc41f_317.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2388c687-cb2c-4b7b-be8f-6864a2385048_104.json b/packages/security_detection_engine/kibana/security_rule/2388c687-cb2c-4b7b-be8f-6864a2385048_104.json index 559a6a0a822..14e97bc3d24 100644 --- a/packages/security_detection_engine/kibana/security_rule/2388c687-cb2c-4b7b-be8f-6864a2385048_104.json +++ b/packages/security_detection_engine/kibana/security_rule/2388c687-cb2c-4b7b-be8f-6864a2385048_104.json @@ -23,19 +23,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/23bcd283-2bc0-4db2-81d4-273fc051e5c0_8.json b/packages/security_detection_engine/kibana/security_rule/23bcd283-2bc0-4db2-81d4-273fc051e5c0_8.json index 2794db71769..5a35683aef6 100644 --- a/packages/security_detection_engine/kibana/security_rule/23bcd283-2bc0-4db2-81d4-273fc051e5c0_8.json +++ b/packages/security_detection_engine/kibana/security_rule/23bcd283-2bc0-4db2-81d4-273fc051e5c0_8.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/23c53c4c-aa8b-4b07-85c0-fe46a9c8acaf_2.json b/packages/security_detection_engine/kibana/security_rule/23c53c4c-aa8b-4b07-85c0-fe46a9c8acaf_2.json index 41a30d58fe7..233755eee69 100644 --- a/packages/security_detection_engine/kibana/security_rule/23c53c4c-aa8b-4b07-85c0-fe46a9c8acaf_2.json +++ b/packages/security_detection_engine/kibana/security_rule/23c53c4c-aa8b-4b07-85c0-fe46a9c8acaf_2.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/23cd4ba2-344e-41bf-bcda-655bea43fdbc_4.json b/packages/security_detection_engine/kibana/security_rule/23cd4ba2-344e-41bf-bcda-655bea43fdbc_4.json index 5cdc022fcf7..a4630b57358 100644 --- a/packages/security_detection_engine/kibana/security_rule/23cd4ba2-344e-41bf-bcda-655bea43fdbc_4.json +++ b/packages/security_detection_engine/kibana/security_rule/23cd4ba2-344e-41bf-bcda-655bea43fdbc_4.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/23e5407a-b696-4433-9297-087645f2726c_2.json b/packages/security_detection_engine/kibana/security_rule/23e5407a-b696-4433-9297-087645f2726c_2.json index a8becb12fff..484a9d9301d 100644 --- a/packages/security_detection_engine/kibana/security_rule/23e5407a-b696-4433-9297-087645f2726c_2.json +++ b/packages/security_detection_engine/kibana/security_rule/23e5407a-b696-4433-9297-087645f2726c_2.json @@ -43,11 +43,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/23f18264-2d6d-11ef-9413-f661ea17fbce_212.json b/packages/security_detection_engine/kibana/security_rule/23f18264-2d6d-11ef-9413-f661ea17fbce_212.json index 1ea0aadb44e..026c13bfeb3 100644 --- a/packages/security_detection_engine/kibana/security_rule/23f18264-2d6d-11ef-9413-f661ea17fbce_212.json +++ b/packages/security_detection_engine/kibana/security_rule/23f18264-2d6d-11ef-9413-f661ea17fbce_212.json @@ -28,7 +28,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/24401eca-ad0b-4ff9-9431-487a8e183af9_211.json b/packages/security_detection_engine/kibana/security_rule/24401eca-ad0b-4ff9-9431-487a8e183af9_211.json index cadada71e10..d5a51ac9e39 100644 --- a/packages/security_detection_engine/kibana/security_rule/24401eca-ad0b-4ff9-9431-487a8e183af9_211.json +++ b/packages/security_detection_engine/kibana/security_rule/24401eca-ad0b-4ff9-9431-487a8e183af9_211.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "github", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/25224a80-5a4a-4b8a-991e-6ab390465c4f_315.json b/packages/security_detection_engine/kibana/security_rule/25224a80-5a4a-4b8a-991e-6ab390465c4f_315.json index 030c374bd02..46882005afb 100644 --- a/packages/security_detection_engine/kibana/security_rule/25224a80-5a4a-4b8a-991e-6ab390465c4f_315.json +++ b/packages/security_detection_engine/kibana/security_rule/25224a80-5a4a-4b8a-991e-6ab390465c4f_315.json @@ -43,19 +43,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/25368123-b7b8-4344-9fd4-df28051b4c6e_3.json b/packages/security_detection_engine/kibana/security_rule/25368123-b7b8-4344-9fd4-df28051b4c6e_3.json index 03a706ae361..7c721fc4f0b 100644 --- a/packages/security_detection_engine/kibana/security_rule/25368123-b7b8-4344-9fd4-df28051b4c6e_3.json +++ b/packages/security_detection_engine/kibana/security_rule/25368123-b7b8-4344-9fd4-df28051b4c6e_3.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2553a9af-52a4-4a05-bb03-85b2a479a0a0_110.json b/packages/security_detection_engine/kibana/security_rule/2553a9af-52a4-4a05-bb03-85b2a479a0a0_110.json index edf123d7fbe..1b16bfac524 100644 --- a/packages/security_detection_engine/kibana/security_rule/2553a9af-52a4-4a05-bb03-85b2a479a0a0_110.json +++ b/packages/security_detection_engine/kibana/security_rule/2553a9af-52a4-4a05-bb03-85b2a479a0a0_110.json @@ -39,7 +39,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2572f7e0-7647-4c68-a42b-d3b1973deaae_3.json b/packages/security_detection_engine/kibana/security_rule/2572f7e0-7647-4c68-a42b-d3b1973deaae_3.json index 1df74db50ac..0a1dc0f64e5 100644 --- a/packages/security_detection_engine/kibana/security_rule/2572f7e0-7647-4c68-a42b-d3b1973deaae_3.json +++ b/packages/security_detection_engine/kibana/security_rule/2572f7e0-7647-4c68-a42b-d3b1973deaae_3.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/259be2d8-3b1a-4c2c-a0eb-0c8e77f35e39_110.json b/packages/security_detection_engine/kibana/security_rule/259be2d8-3b1a-4c2c-a0eb-0c8e77f35e39_110.json index db071c83ecc..6af50cfd354 100644 --- a/packages/security_detection_engine/kibana/security_rule/259be2d8-3b1a-4c2c-a0eb-0c8e77f35e39_110.json +++ b/packages/security_detection_engine/kibana/security_rule/259be2d8-3b1a-4c2c-a0eb-0c8e77f35e39_110.json @@ -19,15 +19,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/25d917c4-aa3c-4111-974c-286c0312ff95_10.json b/packages/security_detection_engine/kibana/security_rule/25d917c4-aa3c-4111-974c-286c0312ff95_10.json index 78384a7f0e7..e32b69cbb4c 100644 --- a/packages/security_detection_engine/kibana/security_rule/25d917c4-aa3c-4111-974c-286c0312ff95_10.json +++ b/packages/security_detection_engine/kibana/security_rule/25d917c4-aa3c-4111-974c-286c0312ff95_10.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/25e7fee6-fc25-11ee-ba0f-f661ea17fbce_7.json b/packages/security_detection_engine/kibana/security_rule/25e7fee6-fc25-11ee-ba0f-f661ea17fbce_7.json index eb0cb639a6c..fad57bfcc49 100644 --- a/packages/security_detection_engine/kibana/security_rule/25e7fee6-fc25-11ee-ba0f-f661ea17fbce_7.json +++ b/packages/security_detection_engine/kibana/security_rule/25e7fee6-fc25-11ee-ba0f-f661ea17fbce_7.json @@ -43,7 +43,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/260486ee-7d98-11ee-9599-f661ea17fbcd_211.json b/packages/security_detection_engine/kibana/security_rule/260486ee-7d98-11ee-9599-f661ea17fbcd_211.json index a0e1736ee1c..d678058defc 100644 --- a/packages/security_detection_engine/kibana/security_rule/260486ee-7d98-11ee-9599-f661ea17fbcd_211.json +++ b/packages/security_detection_engine/kibana/security_rule/260486ee-7d98-11ee-9599-f661ea17fbcd_211.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2605aa59-29ac-4662-afad-8d86257c7c91_11.json b/packages/security_detection_engine/kibana/security_rule/2605aa59-29ac-4662-afad-8d86257c7c91_11.json index f8a87a4650a..8047a8f1969 100644 --- a/packages/security_detection_engine/kibana/security_rule/2605aa59-29ac-4662-afad-8d86257c7c91_11.json +++ b/packages/security_detection_engine/kibana/security_rule/2605aa59-29ac-4662-afad-8d86257c7c91_11.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/263481c8-1e9b-492e-912d-d1760707f810_110.json b/packages/security_detection_engine/kibana/security_rule/263481c8-1e9b-492e-912d-d1760707f810_110.json index d79fd03c6be..43ef9bf9c7e 100644 --- a/packages/security_detection_engine/kibana/security_rule/263481c8-1e9b-492e-912d-d1760707f810_110.json +++ b/packages/security_detection_engine/kibana/security_rule/263481c8-1e9b-492e-912d-d1760707f810_110.json @@ -23,11 +23,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2636aa6c-88b5-4337-9c31-8d0192a8ef45_108.json b/packages/security_detection_engine/kibana/security_rule/2636aa6c-88b5-4337-9c31-8d0192a8ef45_108.json index eacdf7b284d..66e23d372a2 100644 --- a/packages/security_detection_engine/kibana/security_rule/2636aa6c-88b5-4337-9c31-8d0192a8ef45_108.json +++ b/packages/security_detection_engine/kibana/security_rule/2636aa6c-88b5-4337-9c31-8d0192a8ef45_108.json @@ -24,7 +24,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/264c641e-c202-11ef-993e-f661ea17fbce_8.json b/packages/security_detection_engine/kibana/security_rule/264c641e-c202-11ef-993e-f661ea17fbce_8.json index ece8eacc2c9..9de434953b8 100644 --- a/packages/security_detection_engine/kibana/security_rule/264c641e-c202-11ef-993e-f661ea17fbce_8.json +++ b/packages/security_detection_engine/kibana/security_rule/264c641e-c202-11ef-993e-f661ea17fbce_8.json @@ -44,7 +44,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/265db8f5-fc73-4d0d-b434-6483b56372e2_319.json b/packages/security_detection_engine/kibana/security_rule/265db8f5-fc73-4d0d-b434-6483b56372e2_319.json index 600bbdd9869..4e7b78cb986 100644 --- a/packages/security_detection_engine/kibana/security_rule/265db8f5-fc73-4d0d-b434-6483b56372e2_319.json +++ b/packages/security_detection_engine/kibana/security_rule/265db8f5-fc73-4d0d-b434-6483b56372e2_319.json @@ -45,23 +45,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/266bbea8-fcf9-4b0e-ba7b-fc00f6b1dc73_5.json b/packages/security_detection_engine/kibana/security_rule/266bbea8-fcf9-4b0e-ba7b-fc00f6b1dc73_5.json index db596e59483..87da6843b5b 100644 --- a/packages/security_detection_engine/kibana/security_rule/266bbea8-fcf9-4b0e-ba7b-fc00f6b1dc73_5.json +++ b/packages/security_detection_engine/kibana/security_rule/266bbea8-fcf9-4b0e-ba7b-fc00f6b1dc73_5.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "aws_bedrock", - "version": "^1.1.0" + "version": ">=1.1.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/267dace3-a4de-4c94-a7b5-dd6c0f5482e5_6.json b/packages/security_detection_engine/kibana/security_rule/267dace3-a4de-4c94-a7b5-dd6c0f5482e5_6.json index 578a917897f..264070972a9 100644 --- a/packages/security_detection_engine/kibana/security_rule/267dace3-a4de-4c94-a7b5-dd6c0f5482e5_6.json +++ b/packages/security_detection_engine/kibana/security_rule/267dace3-a4de-4c94-a7b5-dd6c0f5482e5_6.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/26a726d7-126e-4267-b43d-e9a70bfdee1e_106.json b/packages/security_detection_engine/kibana/security_rule/26a726d7-126e-4267-b43d-e9a70bfdee1e_106.json index d9ee85afc3d..4830a2652e1 100644 --- a/packages/security_detection_engine/kibana/security_rule/26a726d7-126e-4267-b43d-e9a70bfdee1e_106.json +++ b/packages/security_detection_engine/kibana/security_rule/26a726d7-126e-4267-b43d-e9a70bfdee1e_106.json @@ -21,11 +21,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/26a989d2-010e-4dae-b46b-689d03cc22b3_2.json b/packages/security_detection_engine/kibana/security_rule/26a989d2-010e-4dae-b46b-689d03cc22b3_2.json index 1656e2a3151..ecbf7769c31 100644 --- a/packages/security_detection_engine/kibana/security_rule/26a989d2-010e-4dae-b46b-689d03cc22b3_2.json +++ b/packages/security_detection_engine/kibana/security_rule/26a989d2-010e-4dae-b46b-689d03cc22b3_2.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/26b01043-4f04-4d2f-882a-5a1d2e95751b_10.json b/packages/security_detection_engine/kibana/security_rule/26b01043-4f04-4d2f-882a-5a1d2e95751b_10.json deleted file mode 100644 index 8b28c2a02ef..00000000000 --- a/packages/security_detection_engine/kibana/security_rule/26b01043-4f04-4d2f-882a-5a1d2e95751b_10.json +++ /dev/null @@ -1,121 +0,0 @@ -{ - "attributes": { - "author": [ - "Elastic" - ], - "description": "Identifies parent process spoofing used to create an elevated child process. Adversaries may spoof the parent process identifier (PPID) of a new process to evade process-monitoring defenses or to elevate privileges.", - "from": "now-9m", - "index": [ - "logs-endpoint.events.process-*" - ], - "language": "eql", - "license": "Elastic License v2", - "name": "Privileges Elevation via Parent Process PID Spoofing", - "note": "## Triage and analysis\n\n> **Disclaimer**:\n> This investigation guide was created using generative AI technology and has been reviewed to improve its accuracy and relevance. While every effort has been made to ensure its quality, we recommend validating the content and adapting it to suit your specific environment and operational needs.\n\n### Investigating Privileges Elevation via Parent Process PID Spoofing\n\nParent Process ID (PPID) spoofing is a technique where adversaries manipulate the PPID of a process to disguise its origin, often to bypass security measures or gain elevated privileges. This is particularly concerning in Windows environments where processes can inherit permissions from their parent. The detection rule identifies suspicious process creation patterns, such as unexpected PPID values and elevated user IDs, while filtering out known legitimate processes and trusted signatures, to flag potential privilege escalation attempts.\n\n### Possible investigation steps\n\n- Review the process creation event details, focusing on the process.parent.Ext.real.pid and user.id fields to confirm if the PPID spoofing led to privilege escalation to SYSTEM.\n- Examine the process.executable and process.parent.executable paths to determine if the process is known or expected in the environment, and check against the list of excluded legitimate processes.\n- Investigate the process.code_signature fields to verify if the process is signed by a trusted entity and if the signature is valid, especially if the process is not excluded by the rule.\n- Check the historical activity of the involved user.id and process.parent.executable to identify any unusual patterns or recent changes in behavior.\n- Correlate the alert with other security events or logs to identify any related suspicious activities or potential lateral movement attempts within the network.\n\n### False positive analysis\n\n- Processes related to Windows Error Reporting such as WerFault.exe and Wermgr.exe can trigger false positives. These are legitimate system processes and can be excluded by verifying their signatures and paths.\n- Logon utilities like Utilman.exe spawning processes such as osk.exe, Narrator.exe, or Magnify.exe may appear suspicious but are often legitimate. Exclude these by confirming their usage context and ensuring they are executed by trusted users.\n- Third-party software like TeamViewer, Cisco WebEx, and Dell Inc. may cause false positives due to their legitimate use of process creation. Verify the code signature and trust status to exclude these processes.\n- Windows Update processes involving MpSigStub.exe and wuauclt.exe can be mistakenly flagged. Confirm these are part of regular update activities and exclude them based on their known paths and parent processes.\n- Remote support and management tools such as LogMeIn, GoToAssist, and Chrome Remote Desktop may be flagged. Ensure these are installed and used by authorized personnel and exclude them by their executable paths.\n- Netwrix Corporation's processes like adcrcpy.exe may be flagged if they are part of legitimate auditing activities. Verify the code signature and exclude these processes if they are part of authorized Netwrix Auditor operations.\n\n### Response and remediation\n\n- Isolate the affected system from the network to prevent further unauthorized access or lateral movement by the adversary.\n- Terminate any suspicious processes identified by the alert, especially those with spoofed PPIDs or elevated privileges, to stop potential malicious activities.\n- Review and revoke any unauthorized user accounts or privileges that may have been created or escalated during the incident.\n- Conduct a thorough forensic analysis of the affected system to identify any additional indicators of compromise or persistence mechanisms.\n- Restore the system from a known good backup if necessary, ensuring that all malicious artifacts are removed and system integrity is maintained.\n- Implement additional monitoring and logging on the affected system and network to detect any recurrence of similar activities.\n- Escalate the incident to the security operations center (SOC) or incident response team for further investigation and to determine if broader organizational impacts exist.", - "query": "/* This rule is compatible with Elastic Endpoint only */\n\nprocess where host.os.type == \"windows\" and event.action == \"start\" and\n\n /* process creation via seclogon */\n process.parent.Ext.real.pid > 0 and\n\n /* PrivEsc to SYSTEM */\n user.id : \"S-1-5-18\" and\n\n /* Common FPs - evasion via hollowing is possible, should be covered by code injection */\n not process.executable : (\"?:\\\\Windows\\\\System32\\\\WerFault.exe\",\n \"?:\\\\Windows\\\\SysWOW64\\\\WerFault.exe\",\n \"?:\\\\Windows\\\\System32\\\\WerFaultSecure.exe\",\n \"?:\\\\Windows\\\\SysWOW64\\\\WerFaultSecure.exe\",\n \"?:\\\\Windows\\\\System32\\\\Wermgr.exe\",\n \"?:\\\\Windows\\\\SysWOW64\\\\Wermgr.exe\",\n \"?:\\\\Windows\\\\SoftwareDistribution\\\\Download\\\\Install\\\\securityhealthsetup.exe\") and\n /* Logon Utilities */\n not (process.parent.executable : \"?:\\\\Windows\\\\System32\\\\Utilman.exe\" and\n process.executable : (\"?:\\\\Windows\\\\System32\\\\osk.exe\",\n \"?:\\\\Windows\\\\System32\\\\Narrator.exe\",\n \"?:\\\\Windows\\\\System32\\\\Magnify.exe\")) and\n\n not process.parent.executable : \"?:\\\\Windows\\\\System32\\\\AtBroker.exe\" and\n\n not (process.code_signature.subject_name in\n (\"philandro Software GmbH\", \"Freedom Scientific Inc.\", \"TeamViewer Germany GmbH\", \"Projector.is, Inc.\",\n \"TeamViewer GmbH\", \"Cisco WebEx LLC\", \"Dell Inc\") and process.code_signature.trusted == true) and\n\n /* AM_Delta_Patch Windows Update */\n not (process.executable : (\"?:\\\\Windows\\\\System32\\\\MpSigStub.exe\", \"?:\\\\Windows\\\\SysWOW64\\\\MpSigStub.exe\") and\n process.parent.executable : (\"?:\\\\Windows\\\\System32\\\\wuauclt.exe\",\n \"?:\\\\Windows\\\\SysWOW64\\\\wuauclt.exe\",\n \"?:\\\\Windows\\\\UUS\\\\Packages\\\\Preview\\\\*\\\\wuaucltcore.exe\",\n \"?:\\\\Windows\\\\UUS\\\\amd64\\\\wuauclt.exe\",\n \"?:\\\\Windows\\\\UUS\\\\amd64\\\\wuaucltcore.exe\",\n \"?:\\\\ProgramData\\\\Microsoft\\\\Windows\\\\UUS\\\\*\\\\wuaucltcore.exe\")) and\n not (process.executable : (\"?:\\\\Windows\\\\System32\\\\MpSigStub.exe\", \"?:\\\\Windows\\\\SysWOW64\\\\MpSigStub.exe\") and process.parent.executable == null) and\n\n /* Other third party SW */\n not process.parent.executable :\n (\"?:\\\\Program Files (x86)\\\\HEAT Software\\\\HEAT Remote\\\\HEATRemoteServer.exe\",\n \"?:\\\\Program Files (x86)\\\\VisualCron\\\\VisualCronService.exe\",\n \"?:\\\\Program Files\\\\BinaryDefense\\\\Vision\\\\Agent\\\\bds-vision-agent-app.exe\",\n \"?:\\\\Program Files\\\\Tablet\\\\Wacom\\\\WacomHost.exe\",\n \"?:\\\\Program Files (x86)\\\\LogMeIn\\\\x64\\\\LogMeIn.exe\",\n \"?:\\\\Program Files (x86)\\\\EMC Captiva\\\\Captiva Cloud Runtime\\\\Emc.Captiva.WebCaptureRunner.exe\",\n \"?:\\\\Program Files\\\\Freedom Scientific\\\\*.exe\",\n \"?:\\\\Program Files (x86)\\\\Google\\\\Chrome Remote Desktop\\\\*\\\\remoting_host.exe\",\n \"?:\\\\Program Files (x86)\\\\GoToAssist Remote Support Customer\\\\*\\\\g2ax_comm_customer.exe\") and\n not (\n process.code_signature.trusted == true and process.code_signature.subject_name == \"Netwrix Corporation\" and\n process.name : \"adcrcpy.exe\" and process.parent.executable : (\n \"?:\\\\Program Files (x86)\\\\Netwrix Auditor\\\\Active Directory Auditing\\\\Netwrix.ADA.EventCollector.exe\",\n \"?:\\\\Program Files (x86)\\\\Netwrix Auditor\\\\Active Directory Auditing\\\\Netwrix.ADA.Analyzer.exe\",\n \"?:\\\\Netwrix Auditor\\\\Active Directory Auditing\\\\Netwrix.ADA.EventCollector.exe\"\n )\n )\n", - "references": [ - "https://gist.github.com/xpn/a057a26ec81e736518ee50848b9c2cd6", - "https://blog.didierstevens.com/2017/03/20/", - "https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-updateprocthreadattribute", - "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.002/T1134.002.md" - ], - "related_integrations": [ - { - "package": "endpoint", - "version": "^9.0.0" - } - ], - "required_fields": [ - { - "ecs": true, - "name": "event.action", - "type": "keyword" - }, - { - "ecs": true, - "name": "host.os.type", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.code_signature.subject_name", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.code_signature.trusted", - "type": "boolean" - }, - { - "ecs": true, - "name": "process.executable", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.name", - "type": "keyword" - }, - { - "ecs": false, - "name": "process.parent.Ext.real.pid", - "type": "unknown" - }, - { - "ecs": true, - "name": "process.parent.executable", - "type": "keyword" - }, - { - "ecs": true, - "name": "user.id", - "type": "keyword" - } - ], - "risk_score": 73, - "rule_id": "26b01043-4f04-4d2f-882a-5a1d2e95751b", - "severity": "high", - "tags": [ - "Domain: Endpoint", - "OS: Windows", - "Use Case: Threat Detection", - "Tactic: Privilege Escalation", - "Data Source: Elastic Defend", - "Resources: Investigation Guide" - ], - "threat": [ - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0004", - "name": "Privilege Escalation", - "reference": "https://attack.mitre.org/tactics/TA0004/" - }, - "technique": [ - { - "id": "T1134", - "name": "Access Token Manipulation", - "reference": "https://attack.mitre.org/techniques/T1134/", - "subtechnique": [ - { - "id": "T1134.002", - "name": "Create Process with Token", - "reference": "https://attack.mitre.org/techniques/T1134/002/" - }, - { - "id": "T1134.004", - "name": "Parent PID Spoofing", - "reference": "https://attack.mitre.org/techniques/T1134/004/" - } - ] - } - ] - } - ], - "timestamp_override": "event.ingested", - "type": "eql", - "version": 10 - }, - "id": "26b01043-4f04-4d2f-882a-5a1d2e95751b_10", - "type": "security-rule" -} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/26b01043-4f04-4d2f-882a-5a1d2e95751b_13.json b/packages/security_detection_engine/kibana/security_rule/26b01043-4f04-4d2f-882a-5a1d2e95751b_13.json index 51e08185635..56bf8db0067 100644 --- a/packages/security_detection_engine/kibana/security_rule/26b01043-4f04-4d2f-882a-5a1d2e95751b_13.json +++ b/packages/security_detection_engine/kibana/security_rule/26b01043-4f04-4d2f-882a-5a1d2e95751b_13.json @@ -41,7 +41,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/26edba02-6979-4bce-920a-70b080a7be81_110.json b/packages/security_detection_engine/kibana/security_rule/26edba02-6979-4bce-920a-70b080a7be81_110.json index 0f9ba02dd9e..54bfd37c17e 100644 --- a/packages/security_detection_engine/kibana/security_rule/26edba02-6979-4bce-920a-70b080a7be81_110.json +++ b/packages/security_detection_engine/kibana/security_rule/26edba02-6979-4bce-920a-70b080a7be81_110.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/26f68dba-ce29-497b-8e13-b4fde1db5a2d_418.json b/packages/security_detection_engine/kibana/security_rule/26f68dba-ce29-497b-8e13-b4fde1db5a2d_418.json index 11a91b7e268..564f73c3f73 100644 --- a/packages/security_detection_engine/kibana/security_rule/26f68dba-ce29-497b-8e13-b4fde1db5a2d_418.json +++ b/packages/security_detection_engine/kibana/security_rule/26f68dba-ce29-497b-8e13-b4fde1db5a2d_418.json @@ -26,7 +26,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "risk_score": 47, diff --git a/packages/security_detection_engine/kibana/security_rule/27071ea3-e806-4697-8abc-e22c92aa4293_213.json b/packages/security_detection_engine/kibana/security_rule/27071ea3-e806-4697-8abc-e22c92aa4293_213.json index dcf16377ed8..f72346afaf2 100644 --- a/packages/security_detection_engine/kibana/security_rule/27071ea3-e806-4697-8abc-e22c92aa4293_213.json +++ b/packages/security_detection_engine/kibana/security_rule/27071ea3-e806-4697-8abc-e22c92aa4293_213.json @@ -91,7 +91,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2724808c-ba5d-48b2-86d2-0002103df753_111.json b/packages/security_detection_engine/kibana/security_rule/2724808c-ba5d-48b2-86d2-0002103df753_111.json index 6ec1ec505d3..e2ff7e142ac 100644 --- a/packages/security_detection_engine/kibana/security_rule/2724808c-ba5d-48b2-86d2-0002103df753_111.json +++ b/packages/security_detection_engine/kibana/security_rule/2724808c-ba5d-48b2-86d2-0002103df753_111.json @@ -21,19 +21,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/272a6484-2663-46db-a532-ef734bf9a796_213.json b/packages/security_detection_engine/kibana/security_rule/272a6484-2663-46db-a532-ef734bf9a796_213.json index 987484795d3..77d39f77a0f 100644 --- a/packages/security_detection_engine/kibana/security_rule/272a6484-2663-46db-a532-ef734bf9a796_213.json +++ b/packages/security_detection_engine/kibana/security_rule/272a6484-2663-46db-a532-ef734bf9a796_213.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/27569131-560e-441e-b556-0b9180af3332_104.json b/packages/security_detection_engine/kibana/security_rule/27569131-560e-441e-b556-0b9180af3332_104.json index 43ed2acf277..5ff8fcc672d 100644 --- a/packages/security_detection_engine/kibana/security_rule/27569131-560e-441e-b556-0b9180af3332_104.json +++ b/packages/security_detection_engine/kibana/security_rule/27569131-560e-441e-b556-0b9180af3332_104.json @@ -18,15 +18,15 @@ "related_integrations": [ { "package": "pad", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/275b972d-2fed-44fc-9214-08603b3318e3_1.json b/packages/security_detection_engine/kibana/security_rule/275b972d-2fed-44fc-9214-08603b3318e3_1.json index 5faf72e426b..700abf707b7 100644 --- a/packages/security_detection_engine/kibana/security_rule/275b972d-2fed-44fc-9214-08603b3318e3_1.json +++ b/packages/security_detection_engine/kibana/security_rule/275b972d-2fed-44fc-9214-08603b3318e3_1.json @@ -37,7 +37,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2772264c-6fb9-4d9d-9014-b416eed21254_215.json b/packages/security_detection_engine/kibana/security_rule/2772264c-6fb9-4d9d-9014-b416eed21254_215.json index a3d70658110..006e3c5556b 100644 --- a/packages/security_detection_engine/kibana/security_rule/2772264c-6fb9-4d9d-9014-b416eed21254_215.json +++ b/packages/security_detection_engine/kibana/security_rule/2772264c-6fb9-4d9d-9014-b416eed21254_215.json @@ -26,15 +26,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2783d84f-5091-4d7d-9319-9fceda8fa71b_109.json b/packages/security_detection_engine/kibana/security_rule/2783d84f-5091-4d7d-9319-9fceda8fa71b_109.json index b00e98d0165..aabb3a8f9d1 100644 --- a/packages/security_detection_engine/kibana/security_rule/2783d84f-5091-4d7d-9319-9fceda8fa71b_109.json +++ b/packages/security_detection_engine/kibana/security_rule/2783d84f-5091-4d7d-9319-9fceda8fa71b_109.json @@ -24,7 +24,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/279e272a-91d9-4780-878c-bfcac76e6e31_3.json b/packages/security_detection_engine/kibana/security_rule/279e272a-91d9-4780-878c-bfcac76e6e31_3.json index e99d5fe67d0..51bb7335b46 100644 --- a/packages/security_detection_engine/kibana/security_rule/279e272a-91d9-4780-878c-bfcac76e6e31_3.json +++ b/packages/security_detection_engine/kibana/security_rule/279e272a-91d9-4780-878c-bfcac76e6e31_3.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/27f7c15a-91f8-4c3d-8b9e-1f99cc030a51_214.json b/packages/security_detection_engine/kibana/security_rule/27f7c15a-91f8-4c3d-8b9e-1f99cc030a51_214.json index d90a61a2f3b..6f9443cd207 100644 --- a/packages/security_detection_engine/kibana/security_rule/27f7c15a-91f8-4c3d-8b9e-1f99cc030a51_214.json +++ b/packages/security_detection_engine/kibana/security_rule/27f7c15a-91f8-4c3d-8b9e-1f99cc030a51_214.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2820c9c2-bcd7-4d6e-9eba-faf3891ba450_222.json b/packages/security_detection_engine/kibana/security_rule/2820c9c2-bcd7-4d6e-9eba-faf3891ba450_222.json index 3b02aa34679..98f05e026a0 100644 --- a/packages/security_detection_engine/kibana/security_rule/2820c9c2-bcd7-4d6e-9eba-faf3891ba450_222.json +++ b/packages/security_detection_engine/kibana/security_rule/2820c9c2-bcd7-4d6e-9eba-faf3891ba450_222.json @@ -27,11 +27,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/283683eb-f2ce-40a5-be16-fa931cb5f504_3.json b/packages/security_detection_engine/kibana/security_rule/283683eb-f2ce-40a5-be16-fa931cb5f504_3.json index 9bc8e438e62..356683ad27c 100644 --- a/packages/security_detection_engine/kibana/security_rule/283683eb-f2ce-40a5-be16-fa931cb5f504_3.json +++ b/packages/security_detection_engine/kibana/security_rule/283683eb-f2ce-40a5-be16-fa931cb5f504_3.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "panw", - "version": "^5.2.0" + "version": ">=5.2.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/283f6c2a-9811-4239-9a40-52b066c67f99_1.json b/packages/security_detection_engine/kibana/security_rule/283f6c2a-9811-4239-9a40-52b066c67f99_1.json index f286806b308..6e05d59cc7b 100644 --- a/packages/security_detection_engine/kibana/security_rule/283f6c2a-9811-4239-9a40-52b066c67f99_1.json +++ b/packages/security_detection_engine/kibana/security_rule/283f6c2a-9811-4239-9a40-52b066c67f99_1.json @@ -41,7 +41,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2856446a-34e6-435b-9fb5-f8f040bfa7ed_216.json b/packages/security_detection_engine/kibana/security_rule/2856446a-34e6-435b-9fb5-f8f040bfa7ed_216.json index 35055c7e860..af87b691c9c 100644 --- a/packages/security_detection_engine/kibana/security_rule/2856446a-34e6-435b-9fb5-f8f040bfa7ed_216.json +++ b/packages/security_detection_engine/kibana/security_rule/2856446a-34e6-435b-9fb5-f8f040bfa7ed_216.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/288a198e-9b9b-11ef-a0a8-f661ea17fbcd_9.json b/packages/security_detection_engine/kibana/security_rule/288a198e-9b9b-11ef-a0a8-f661ea17fbcd_9.json index 25f93f8f580..96cc9446597 100644 --- a/packages/security_detection_engine/kibana/security_rule/288a198e-9b9b-11ef-a0a8-f661ea17fbcd_9.json +++ b/packages/security_detection_engine/kibana/security_rule/288a198e-9b9b-11ef-a0a8-f661ea17fbcd_9.json @@ -50,7 +50,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/28bc620d-b2f7-4132-b372-f77953881d05_7.json b/packages/security_detection_engine/kibana/security_rule/28bc620d-b2f7-4132-b372-f77953881d05_7.json index 173ae8554d1..f6c4ee4a071 100644 --- a/packages/security_detection_engine/kibana/security_rule/28bc620d-b2f7-4132-b372-f77953881d05_7.json +++ b/packages/security_detection_engine/kibana/security_rule/28bc620d-b2f7-4132-b372-f77953881d05_7.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/28d39238-0c01-420a-b77a-24e5a7378663_111.json b/packages/security_detection_engine/kibana/security_rule/28d39238-0c01-420a-b77a-24e5a7378663_111.json index 18ff98bebb4..32ab4490b19 100644 --- a/packages/security_detection_engine/kibana/security_rule/28d39238-0c01-420a-b77a-24e5a7378663_111.json +++ b/packages/security_detection_engine/kibana/security_rule/28d39238-0c01-420a-b77a-24e5a7378663_111.json @@ -19,15 +19,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/28eb3afe-131d-48b0-a8fc-9784f3d54f3c_112.json b/packages/security_detection_engine/kibana/security_rule/28eb3afe-131d-48b0-a8fc-9784f3d54f3c_112.json index a9480053f7e..c5f8aea48e9 100644 --- a/packages/security_detection_engine/kibana/security_rule/28eb3afe-131d-48b0-a8fc-9784f3d54f3c_112.json +++ b/packages/security_detection_engine/kibana/security_rule/28eb3afe-131d-48b0-a8fc-9784f3d54f3c_112.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/28f6f34b-8e16-487a-b5fd-9d22eb903db8_11.json b/packages/security_detection_engine/kibana/security_rule/28f6f34b-8e16-487a-b5fd-9d22eb903db8_11.json index 0febf266b11..baa49fe96c4 100644 --- a/packages/security_detection_engine/kibana/security_rule/28f6f34b-8e16-487a-b5fd-9d22eb903db8_11.json +++ b/packages/security_detection_engine/kibana/security_rule/28f6f34b-8e16-487a-b5fd-9d22eb903db8_11.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/29052c19-ff3e-42fd-8363-7be14d7c5469_214.json b/packages/security_detection_engine/kibana/security_rule/29052c19-ff3e-42fd-8363-7be14d7c5469_214.json index c09d8eac258..52d58f31d9a 100644 --- a/packages/security_detection_engine/kibana/security_rule/29052c19-ff3e-42fd-8363-7be14d7c5469_214.json +++ b/packages/security_detection_engine/kibana/security_rule/29052c19-ff3e-42fd-8363-7be14d7c5469_214.json @@ -41,7 +41,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/290aca65-e94d-403b-ba0f-62f320e63f51_323.json b/packages/security_detection_engine/kibana/security_rule/290aca65-e94d-403b-ba0f-62f320e63f51_323.json index 9ae19a9dc2b..956204dfb66 100644 --- a/packages/security_detection_engine/kibana/security_rule/290aca65-e94d-403b-ba0f-62f320e63f51_323.json +++ b/packages/security_detection_engine/kibana/security_rule/290aca65-e94d-403b-ba0f-62f320e63f51_323.json @@ -46,27 +46,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2917d495-59bd-4250-b395-c29409b76086_424.json b/packages/security_detection_engine/kibana/security_rule/2917d495-59bd-4250-b395-c29409b76086_424.json index 911822d50fb..1e3933bd255 100644 --- a/packages/security_detection_engine/kibana/security_rule/2917d495-59bd-4250-b395-c29409b76086_424.json +++ b/packages/security_detection_engine/kibana/security_rule/2917d495-59bd-4250-b395-c29409b76086_424.json @@ -83,27 +83,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/291a0de9-937a-4189-94c0-3e847c8b13e4_421.json b/packages/security_detection_engine/kibana/security_rule/291a0de9-937a-4189-94c0-3e847c8b13e4_421.json index 22cf2682402..5f3a05a8d8f 100644 --- a/packages/security_detection_engine/kibana/security_rule/291a0de9-937a-4189-94c0-3e847c8b13e4_421.json +++ b/packages/security_detection_engine/kibana/security_rule/291a0de9-937a-4189-94c0-3e847c8b13e4_421.json @@ -50,11 +50,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/29b53942-7cd4-11ee-b70e-f661ea17fbcd_210.json b/packages/security_detection_engine/kibana/security_rule/29b53942-7cd4-11ee-b70e-f661ea17fbcd_210.json index 1c9227bd45a..7d1d6944b3e 100644 --- a/packages/security_detection_engine/kibana/security_rule/29b53942-7cd4-11ee-b70e-f661ea17fbcd_210.json +++ b/packages/security_detection_engine/kibana/security_rule/29b53942-7cd4-11ee-b70e-f661ea17fbcd_210.json @@ -26,7 +26,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/29e57265-d358-420a-b1cd-845e8a1fd70d_1.json b/packages/security_detection_engine/kibana/security_rule/29e57265-d358-420a-b1cd-845e8a1fd70d_1.json index 32693cb6b1f..0bd9203f8e0 100644 --- a/packages/security_detection_engine/kibana/security_rule/29e57265-d358-420a-b1cd-845e8a1fd70d_1.json +++ b/packages/security_detection_engine/kibana/security_rule/29e57265-d358-420a-b1cd-845e8a1fd70d_1.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/29f0cf93-d17c-4b12-b4f3-a433800539fa_109.json b/packages/security_detection_engine/kibana/security_rule/29f0cf93-d17c-4b12-b4f3-a433800539fa_109.json index f23e188794e..788732cc01d 100644 --- a/packages/security_detection_engine/kibana/security_rule/29f0cf93-d17c-4b12-b4f3-a433800539fa_109.json +++ b/packages/security_detection_engine/kibana/security_rule/29f0cf93-d17c-4b12-b4f3-a433800539fa_109.json @@ -22,15 +22,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2a3f38a8-204e-11f0-9c1f-f661ea17fbcd_8.json b/packages/security_detection_engine/kibana/security_rule/2a3f38a8-204e-11f0-9c1f-f661ea17fbcd_8.json index 0eb72767e8e..100e887a33c 100644 --- a/packages/security_detection_engine/kibana/security_rule/2a3f38a8-204e-11f0-9c1f-f661ea17fbcd_8.json +++ b/packages/security_detection_engine/kibana/security_rule/2a3f38a8-204e-11f0-9c1f-f661ea17fbcd_8.json @@ -31,7 +31,7 @@ { "integration": "graphactivitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2a692072-d78d-42f3-a48a-775677d79c4e_13.json b/packages/security_detection_engine/kibana/security_rule/2a692072-d78d-42f3-a48a-775677d79c4e_13.json index 1ed9f2280fd..901d6e08852 100644 --- a/packages/security_detection_engine/kibana/security_rule/2a692072-d78d-42f3-a48a-775677d79c4e_13.json +++ b/packages/security_detection_engine/kibana/security_rule/2a692072-d78d-42f3-a48a-775677d79c4e_13.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2a7823db-0bc2-48f6-aa2f-e6aef233c6dc_1.json b/packages/security_detection_engine/kibana/security_rule/2a7823db-0bc2-48f6-aa2f-e6aef233c6dc_1.json index 2dea852e23c..8c1d063c8b1 100644 --- a/packages/security_detection_engine/kibana/security_rule/2a7823db-0bc2-48f6-aa2f-e6aef233c6dc_1.json +++ b/packages/security_detection_engine/kibana/security_rule/2a7823db-0bc2-48f6-aa2f-e6aef233c6dc_1.json @@ -30,28 +30,28 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "integration": "application_gateway", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" }, { "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" }, { "package": "suricata", - "version": "^2.24.0" + "version": ">=2.24.0" }, { "package": "zeek", - "version": "^5.0.0" + "version": ">=5.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2abda169-416b-4bb3-9a6b-f8d239fd78ba_210.json b/packages/security_detection_engine/kibana/security_rule/2abda169-416b-4bb3-9a6b-f8d239fd78ba_210.json index 84063bf7f2d..545fadbda48 100644 --- a/packages/security_detection_engine/kibana/security_rule/2abda169-416b-4bb3-9a6b-f8d239fd78ba_210.json +++ b/packages/security_detection_engine/kibana/security_rule/2abda169-416b-4bb3-9a6b-f8d239fd78ba_210.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2b662e21-dc6e-461e-b5cf-a6eb9b235ec4_113.json b/packages/security_detection_engine/kibana/security_rule/2b662e21-dc6e-461e-b5cf-a6eb9b235ec4_113.json index 3cb39a6df83..fab087ba5bc 100644 --- a/packages/security_detection_engine/kibana/security_rule/2b662e21-dc6e-461e-b5cf-a6eb9b235ec4_113.json +++ b/packages/security_detection_engine/kibana/security_rule/2b662e21-dc6e-461e-b5cf-a6eb9b235ec4_113.json @@ -24,19 +24,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2b9a3b7a-0891-4a89-abbe-dca753c403cd_1.json b/packages/security_detection_engine/kibana/security_rule/2b9a3b7a-0891-4a89-abbe-dca753c403cd_1.json index eda4a5f58c9..5b28ed3ec4d 100644 --- a/packages/security_detection_engine/kibana/security_rule/2b9a3b7a-0891-4a89-abbe-dca753c403cd_1.json +++ b/packages/security_detection_engine/kibana/security_rule/2b9a3b7a-0891-4a89-abbe-dca753c403cd_1.json @@ -20,15 +20,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2bca4fcd-5228-4472-9071-148903a31057_104.json b/packages/security_detection_engine/kibana/security_rule/2bca4fcd-5228-4472-9071-148903a31057_104.json index 24157f64706..8b99938eec4 100644 --- a/packages/security_detection_engine/kibana/security_rule/2bca4fcd-5228-4472-9071-148903a31057_104.json +++ b/packages/security_detection_engine/kibana/security_rule/2bca4fcd-5228-4472-9071-148903a31057_104.json @@ -18,15 +18,15 @@ "related_integrations": [ { "package": "pad", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/2bf78aa2-9c56-48de-b139-f169bf99cf86_421.json b/packages/security_detection_engine/kibana/security_rule/2bf78aa2-9c56-48de-b139-f169bf99cf86_421.json index 24130a468cf..95f828e06ca 100644 --- a/packages/security_detection_engine/kibana/security_rule/2bf78aa2-9c56-48de-b139-f169bf99cf86_421.json +++ b/packages/security_detection_engine/kibana/security_rule/2bf78aa2-9c56-48de-b139-f169bf99cf86_421.json @@ -25,23 +25,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2c17e5d7-08b9-43b2-b58a-0270d65ac85b_319.json b/packages/security_detection_engine/kibana/security_rule/2c17e5d7-08b9-43b2-b58a-0270d65ac85b_319.json index 06f4a6ddc2d..e774c98af68 100644 --- a/packages/security_detection_engine/kibana/security_rule/2c17e5d7-08b9-43b2-b58a-0270d65ac85b_319.json +++ b/packages/security_detection_engine/kibana/security_rule/2c17e5d7-08b9-43b2-b58a-0270d65ac85b_319.json @@ -30,27 +30,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2c3c29a4-f170-42f8-a3d8-2ceebc18eb6a_218.json b/packages/security_detection_engine/kibana/security_rule/2c3c29a4-f170-42f8-a3d8-2ceebc18eb6a_218.json index e476dc119d2..b3a6d8b96ee 100644 --- a/packages/security_detection_engine/kibana/security_rule/2c3c29a4-f170-42f8-a3d8-2ceebc18eb6a_218.json +++ b/packages/security_detection_engine/kibana/security_rule/2c3c29a4-f170-42f8-a3d8-2ceebc18eb6a_218.json @@ -45,23 +45,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2c40dfe2-c13e-48a8-8eff-fb9bfb2a7854_3.json b/packages/security_detection_engine/kibana/security_rule/2c40dfe2-c13e-48a8-8eff-fb9bfb2a7854_3.json index bd539cda0d7..6faf35f0501 100644 --- a/packages/security_detection_engine/kibana/security_rule/2c40dfe2-c13e-48a8-8eff-fb9bfb2a7854_3.json +++ b/packages/security_detection_engine/kibana/security_rule/2c40dfe2-c13e-48a8-8eff-fb9bfb2a7854_3.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "fortinet_fortigate", - "version": "^1.31.0" + "version": ">=1.31.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2c6a6acf-0dcb-404d-89fb-6b0327294cfa_209.json b/packages/security_detection_engine/kibana/security_rule/2c6a6acf-0dcb-404d-89fb-6b0327294cfa_209.json index 764acbbf6db..4c9773c19cd 100644 --- a/packages/security_detection_engine/kibana/security_rule/2c6a6acf-0dcb-404d-89fb-6b0327294cfa_209.json +++ b/packages/security_detection_engine/kibana/security_rule/2c6a6acf-0dcb-404d-89fb-6b0327294cfa_209.json @@ -45,27 +45,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2c74e26b-dfe3-4644-b62b-d0482f124210_4.json b/packages/security_detection_engine/kibana/security_rule/2c74e26b-dfe3-4644-b62b-d0482f124210_4.json index 510f2d81964..50f18302741 100644 --- a/packages/security_detection_engine/kibana/security_rule/2c74e26b-dfe3-4644-b62b-d0482f124210_4.json +++ b/packages/security_detection_engine/kibana/security_rule/2c74e26b-dfe3-4644-b62b-d0482f124210_4.json @@ -44,11 +44,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2d05fefd-40ba-43ae-af0c-3c25e86b54f1_2.json b/packages/security_detection_engine/kibana/security_rule/2d05fefd-40ba-43ae-af0c-3c25e86b54f1_2.json index 6b1b2bf1e7e..c32bf7b5fc7 100644 --- a/packages/security_detection_engine/kibana/security_rule/2d05fefd-40ba-43ae-af0c-3c25e86b54f1_2.json +++ b/packages/security_detection_engine/kibana/security_rule/2d05fefd-40ba-43ae-af0c-3c25e86b54f1_2.json @@ -26,19 +26,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2d3c27d5-d133-4152-8102-8d051619ec4a_3.json b/packages/security_detection_engine/kibana/security_rule/2d3c27d5-d133-4152-8102-8d051619ec4a_3.json index 388f5ebd9c3..cd1d4d39250 100644 --- a/packages/security_detection_engine/kibana/security_rule/2d3c27d5-d133-4152-8102-8d051619ec4a_3.json +++ b/packages/security_detection_engine/kibana/security_rule/2d3c27d5-d133-4152-8102-8d051619ec4a_3.json @@ -26,7 +26,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "risk_score": 47, diff --git a/packages/security_detection_engine/kibana/security_rule/2d58f67c-156e-480a-a6eb-a698fd8197ff_3.json b/packages/security_detection_engine/kibana/security_rule/2d58f67c-156e-480a-a6eb-a698fd8197ff_3.json index 3dc1b1d87a4..afbeeefe8e3 100644 --- a/packages/security_detection_engine/kibana/security_rule/2d58f67c-156e-480a-a6eb-a698fd8197ff_3.json +++ b/packages/security_detection_engine/kibana/security_rule/2d58f67c-156e-480a-a6eb-a698fd8197ff_3.json @@ -46,11 +46,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2d62889e-e758-4c5e-b57e-c735914ee32a_211.json b/packages/security_detection_engine/kibana/security_rule/2d62889e-e758-4c5e-b57e-c735914ee32a_211.json index 8f8b0837dd7..d08125d9096 100644 --- a/packages/security_detection_engine/kibana/security_rule/2d62889e-e758-4c5e-b57e-c735914ee32a_211.json +++ b/packages/security_detection_engine/kibana/security_rule/2d62889e-e758-4c5e-b57e-c735914ee32a_211.json @@ -42,23 +42,23 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2d6f5332-42ea-11f0-b09a-f661ea17fbcd_306.json b/packages/security_detection_engine/kibana/security_rule/2d6f5332-42ea-11f0-b09a-f661ea17fbcd_306.json index 40691331ab3..9e5e37b4161 100644 --- a/packages/security_detection_engine/kibana/security_rule/2d6f5332-42ea-11f0-b09a-f661ea17fbcd_306.json +++ b/packages/security_detection_engine/kibana/security_rule/2d6f5332-42ea-11f0-b09a-f661ea17fbcd_306.json @@ -31,7 +31,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2d7822a5-418c-4cde-a96e-e337d77b67e7_1.json b/packages/security_detection_engine/kibana/security_rule/2d7822a5-418c-4cde-a96e-e337d77b67e7_1.json index 32b4d825ab2..042c6f0ad63 100644 --- a/packages/security_detection_engine/kibana/security_rule/2d7822a5-418c-4cde-a96e-e337d77b67e7_1.json +++ b/packages/security_detection_engine/kibana/security_rule/2d7822a5-418c-4cde-a96e-e337d77b67e7_1.json @@ -42,7 +42,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2d8043ed-5bda-4caf-801c-c1feb7410504_215.json b/packages/security_detection_engine/kibana/security_rule/2d8043ed-5bda-4caf-801c-c1feb7410504_215.json index 2becf9c9ef4..fffd34bb3c4 100644 --- a/packages/security_detection_engine/kibana/security_rule/2d8043ed-5bda-4caf-801c-c1feb7410504_215.json +++ b/packages/security_detection_engine/kibana/security_rule/2d8043ed-5bda-4caf-801c-c1feb7410504_215.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2dd0d4fd-0cc9-4d18-8b46-1a507e28bbc0_3.json b/packages/security_detection_engine/kibana/security_rule/2dd0d4fd-0cc9-4d18-8b46-1a507e28bbc0_3.json index 3b342fd32de..36829f0cb01 100644 --- a/packages/security_detection_engine/kibana/security_rule/2dd0d4fd-0cc9-4d18-8b46-1a507e28bbc0_3.json +++ b/packages/security_detection_engine/kibana/security_rule/2dd0d4fd-0cc9-4d18-8b46-1a507e28bbc0_3.json @@ -15,7 +15,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2dd480be-1263-4d9c-8672-172928f6789a_316.json b/packages/security_detection_engine/kibana/security_rule/2dd480be-1263-4d9c-8672-172928f6789a_316.json index 97dfa7247eb..1443a668a11 100644 --- a/packages/security_detection_engine/kibana/security_rule/2dd480be-1263-4d9c-8672-172928f6789a_316.json +++ b/packages/security_detection_engine/kibana/security_rule/2dd480be-1263-4d9c-8672-172928f6789a_316.json @@ -40,7 +40,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2ddc468e-b39b-4f5b-9825-f3dcb0e998ea_109.json b/packages/security_detection_engine/kibana/security_rule/2ddc468e-b39b-4f5b-9825-f3dcb0e998ea_109.json index 15480e99313..4ced84ce578 100644 --- a/packages/security_detection_engine/kibana/security_rule/2ddc468e-b39b-4f5b-9825-f3dcb0e998ea_109.json +++ b/packages/security_detection_engine/kibana/security_rule/2ddc468e-b39b-4f5b-9825-f3dcb0e998ea_109.json @@ -24,19 +24,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2de10e77-c144-4e69-afb7-344e7127abd0_215.json b/packages/security_detection_engine/kibana/security_rule/2de10e77-c144-4e69-afb7-344e7127abd0_215.json index c3fae413870..1bff2fcdcc4 100644 --- a/packages/security_detection_engine/kibana/security_rule/2de10e77-c144-4e69-afb7-344e7127abd0_215.json +++ b/packages/security_detection_engine/kibana/security_rule/2de10e77-c144-4e69-afb7-344e7127abd0_215.json @@ -30,7 +30,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2de87d72-ee0c-43e2-b975-5f0b029ac600_217.json b/packages/security_detection_engine/kibana/security_rule/2de87d72-ee0c-43e2-b975-5f0b029ac600_217.json index 50437d64571..c78d4b696ff 100644 --- a/packages/security_detection_engine/kibana/security_rule/2de87d72-ee0c-43e2-b975-5f0b029ac600_217.json +++ b/packages/security_detection_engine/kibana/security_rule/2de87d72-ee0c-43e2-b975-5f0b029ac600_217.json @@ -47,27 +47,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2e0051cb-51f8-492f-9d90-174e16b5e96b_8.json b/packages/security_detection_engine/kibana/security_rule/2e0051cb-51f8-492f-9d90-174e16b5e96b_8.json index da8a3e684b6..4d8f246766b 100644 --- a/packages/security_detection_engine/kibana/security_rule/2e0051cb-51f8-492f-9d90-174e16b5e96b_8.json +++ b/packages/security_detection_engine/kibana/security_rule/2e0051cb-51f8-492f-9d90-174e16b5e96b_8.json @@ -27,27 +27,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2e08f34c-691c-497e-87de-5d794a1b2a53_102.json b/packages/security_detection_engine/kibana/security_rule/2e08f34c-691c-497e-87de-5d794a1b2a53_102.json index 418bbf28cf6..0d503e30ae8 100644 --- a/packages/security_detection_engine/kibana/security_rule/2e08f34c-691c-497e-87de-5d794a1b2a53_102.json +++ b/packages/security_detection_engine/kibana/security_rule/2e08f34c-691c-497e-87de-5d794a1b2a53_102.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/2e1e835d-01e5-48ca-b9fc-7a61f7f11902_219.json b/packages/security_detection_engine/kibana/security_rule/2e1e835d-01e5-48ca-b9fc-7a61f7f11902_219.json index 4dcfb0c2f1e..cf43c2e3361 100644 --- a/packages/security_detection_engine/kibana/security_rule/2e1e835d-01e5-48ca-b9fc-7a61f7f11902_219.json +++ b/packages/security_detection_engine/kibana/security_rule/2e1e835d-01e5-48ca-b9fc-7a61f7f11902_219.json @@ -40,19 +40,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2e29e96a-b67c-455a-afe4-de6183431d0d_219.json b/packages/security_detection_engine/kibana/security_rule/2e29e96a-b67c-455a-afe4-de6183431d0d_219.json index 137631e87fc..f0721442090 100644 --- a/packages/security_detection_engine/kibana/security_rule/2e29e96a-b67c-455a-afe4-de6183431d0d_219.json +++ b/packages/security_detection_engine/kibana/security_rule/2e29e96a-b67c-455a-afe4-de6183431d0d_219.json @@ -60,7 +60,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2e311539-cd88-4a85-a301-04f38795007c_109.json b/packages/security_detection_engine/kibana/security_rule/2e311539-cd88-4a85-a301-04f38795007c_109.json index cf889171d8e..08565178084 100644 --- a/packages/security_detection_engine/kibana/security_rule/2e311539-cd88-4a85-a301-04f38795007c_109.json +++ b/packages/security_detection_engine/kibana/security_rule/2e311539-cd88-4a85-a301-04f38795007c_109.json @@ -21,15 +21,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2e56e1bc-867a-11ee-b13e-f661ea17fbcd_311.json b/packages/security_detection_engine/kibana/security_rule/2e56e1bc-867a-11ee-b13e-f661ea17fbcd_311.json index 01816684486..0ae6edfe46e 100644 --- a/packages/security_detection_engine/kibana/security_rule/2e56e1bc-867a-11ee-b13e-f661ea17fbcd_311.json +++ b/packages/security_detection_engine/kibana/security_rule/2e56e1bc-867a-11ee-b13e-f661ea17fbcd_311.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2e99477f-6099-48a9-ae0e-68801d97079c_1.json b/packages/security_detection_engine/kibana/security_rule/2e99477f-6099-48a9-ae0e-68801d97079c_1.json index dc4bc454348..8bd05107f7b 100644 --- a/packages/security_detection_engine/kibana/security_rule/2e99477f-6099-48a9-ae0e-68801d97079c_1.json +++ b/packages/security_detection_engine/kibana/security_rule/2e99477f-6099-48a9-ae0e-68801d97079c_1.json @@ -43,7 +43,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2edc8076-291e-41e9-81e4-e3fcbc97ae5e_317.json b/packages/security_detection_engine/kibana/security_rule/2edc8076-291e-41e9-81e4-e3fcbc97ae5e_317.json index 40daeb0c0f2..10f7ee50263 100644 --- a/packages/security_detection_engine/kibana/security_rule/2edc8076-291e-41e9-81e4-e3fcbc97ae5e_317.json +++ b/packages/security_detection_engine/kibana/security_rule/2edc8076-291e-41e9-81e4-e3fcbc97ae5e_317.json @@ -45,23 +45,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2f0ee9fe-4529-4b9e-9f78-6c81ef33c6ba_1.json b/packages/security_detection_engine/kibana/security_rule/2f0ee9fe-4529-4b9e-9f78-6c81ef33c6ba_1.json index e5ef3f8b046..29416677de3 100644 --- a/packages/security_detection_engine/kibana/security_rule/2f0ee9fe-4529-4b9e-9f78-6c81ef33c6ba_1.json +++ b/packages/security_detection_engine/kibana/security_rule/2f0ee9fe-4529-4b9e-9f78-6c81ef33c6ba_1.json @@ -53,7 +53,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2f2f4939-0b34-40c2-a0a3-844eb7889f43_217.json b/packages/security_detection_engine/kibana/security_rule/2f2f4939-0b34-40c2-a0a3-844eb7889f43_217.json index 63930b83277..d5039f3d17a 100644 --- a/packages/security_detection_engine/kibana/security_rule/2f2f4939-0b34-40c2-a0a3-844eb7889f43_217.json +++ b/packages/security_detection_engine/kibana/security_rule/2f2f4939-0b34-40c2-a0a3-844eb7889f43_217.json @@ -39,7 +39,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2f8a1226-5720-437d-9c20-e0029deb6194_217.json b/packages/security_detection_engine/kibana/security_rule/2f8a1226-5720-437d-9c20-e0029deb6194_217.json index 5dd94972a1e..d669fc7902c 100644 --- a/packages/security_detection_engine/kibana/security_rule/2f8a1226-5720-437d-9c20-e0029deb6194_217.json +++ b/packages/security_detection_engine/kibana/security_rule/2f8a1226-5720-437d-9c20-e0029deb6194_217.json @@ -23,15 +23,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2f95540c-923e-4f57-9dae-de30169c68b9_8.json b/packages/security_detection_engine/kibana/security_rule/2f95540c-923e-4f57-9dae-de30169c68b9_8.json index 9298d77137a..456f8984bbd 100644 --- a/packages/security_detection_engine/kibana/security_rule/2f95540c-923e-4f57-9dae-de30169c68b9_8.json +++ b/packages/security_detection_engine/kibana/security_rule/2f95540c-923e-4f57-9dae-de30169c68b9_8.json @@ -24,19 +24,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2fba96c0-ade5-4bce-b92f-a5df2509da3f_113.json b/packages/security_detection_engine/kibana/security_rule/2fba96c0-ade5-4bce-b92f-a5df2509da3f_113.json index 2c646b9b0a6..f53aebae2b2 100644 --- a/packages/security_detection_engine/kibana/security_rule/2fba96c0-ade5-4bce-b92f-a5df2509da3f_113.json +++ b/packages/security_detection_engine/kibana/security_rule/2fba96c0-ade5-4bce-b92f-a5df2509da3f_113.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/2ffa1f1e-b6db-47fa-994b-1512743847eb_219.json b/packages/security_detection_engine/kibana/security_rule/2ffa1f1e-b6db-47fa-994b-1512743847eb_219.json index dc41f4e8b11..12d9271e31b 100644 --- a/packages/security_detection_engine/kibana/security_rule/2ffa1f1e-b6db-47fa-994b-1512743847eb_219.json +++ b/packages/security_detection_engine/kibana/security_rule/2ffa1f1e-b6db-47fa-994b-1512743847eb_219.json @@ -23,15 +23,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/30090d40-cdfd-4750-a281-0125fdf22045_1.json b/packages/security_detection_engine/kibana/security_rule/30090d40-cdfd-4750-a281-0125fdf22045_1.json index cafa11fc17a..73782da411f 100644 --- a/packages/security_detection_engine/kibana/security_rule/30090d40-cdfd-4750-a281-0125fdf22045_1.json +++ b/packages/security_detection_engine/kibana/security_rule/30090d40-cdfd-4750-a281-0125fdf22045_1.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/30562697-9859-4ae0-a8c5-dab45d664170_109.json b/packages/security_detection_engine/kibana/security_rule/30562697-9859-4ae0-a8c5-dab45d664170_109.json index ae2e40f45c7..bdbe0d2b058 100644 --- a/packages/security_detection_engine/kibana/security_rule/30562697-9859-4ae0-a8c5-dab45d664170_109.json +++ b/packages/security_detection_engine/kibana/security_rule/30562697-9859-4ae0-a8c5-dab45d664170_109.json @@ -24,7 +24,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/30b5bb96-c7db-492c-80e9-1eab00db580b_8.json b/packages/security_detection_engine/kibana/security_rule/30b5bb96-c7db-492c-80e9-1eab00db580b_8.json index 3e75655b14b..de209c215ab 100644 --- a/packages/security_detection_engine/kibana/security_rule/30b5bb96-c7db-492c-80e9-1eab00db580b_8.json +++ b/packages/security_detection_engine/kibana/security_rule/30b5bb96-c7db-492c-80e9-1eab00db580b_8.json @@ -47,7 +47,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/30bfddd7-2954-4c9d-bbc6-19a99ca47e23_112.json b/packages/security_detection_engine/kibana/security_rule/30bfddd7-2954-4c9d-bbc6-19a99ca47e23_112.json index 7a029f752ea..58ee514845a 100644 --- a/packages/security_detection_engine/kibana/security_rule/30bfddd7-2954-4c9d-bbc6-19a99ca47e23_112.json +++ b/packages/security_detection_engine/kibana/security_rule/30bfddd7-2954-4c9d-bbc6-19a99ca47e23_112.json @@ -24,19 +24,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/30d94e59-e5c7-4828-bc4f-f5809ad1ffe1_4.json b/packages/security_detection_engine/kibana/security_rule/30d94e59-e5c7-4828-bc4f-f5809ad1ffe1_4.json index 98360a97470..0715c0afc9b 100644 --- a/packages/security_detection_engine/kibana/security_rule/30d94e59-e5c7-4828-bc4f-f5809ad1ffe1_4.json +++ b/packages/security_detection_engine/kibana/security_rule/30d94e59-e5c7-4828-bc4f-f5809ad1ffe1_4.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/30f9d940-7d55-4fff-a8b9-4715d20eb204_4.json b/packages/security_detection_engine/kibana/security_rule/30f9d940-7d55-4fff-a8b9-4715d20eb204_4.json index 1be09af1980..dbc68fa69be 100644 --- a/packages/security_detection_engine/kibana/security_rule/30f9d940-7d55-4fff-a8b9-4715d20eb204_4.json +++ b/packages/security_detection_engine/kibana/security_rule/30f9d940-7d55-4fff-a8b9-4715d20eb204_4.json @@ -27,27 +27,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/30fbf4db-c502-4e68-a239-2e99af0f70da_9.json b/packages/security_detection_engine/kibana/security_rule/30fbf4db-c502-4e68-a239-2e99af0f70da_9.json index b32a234a2fb..3fec8a78ec1 100644 --- a/packages/security_detection_engine/kibana/security_rule/30fbf4db-c502-4e68-a239-2e99af0f70da_9.json +++ b/packages/security_detection_engine/kibana/security_rule/30fbf4db-c502-4e68-a239-2e99af0f70da_9.json @@ -46,7 +46,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/314557e1-a642-4dbc-af43-321bc04b6618_2.json b/packages/security_detection_engine/kibana/security_rule/314557e1-a642-4dbc-af43-321bc04b6618_2.json index da0aba55421..1b188048276 100644 --- a/packages/security_detection_engine/kibana/security_rule/314557e1-a642-4dbc-af43-321bc04b6618_2.json +++ b/packages/security_detection_engine/kibana/security_rule/314557e1-a642-4dbc-af43-321bc04b6618_2.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/31b4c719-f2b4-41f6-a9bd-fce93c2eaf62_323.json b/packages/security_detection_engine/kibana/security_rule/31b4c719-f2b4-41f6-a9bd-fce93c2eaf62_323.json index 314762f1bb9..141e240900b 100644 --- a/packages/security_detection_engine/kibana/security_rule/31b4c719-f2b4-41f6-a9bd-fce93c2eaf62_323.json +++ b/packages/security_detection_engine/kibana/security_rule/31b4c719-f2b4-41f6-a9bd-fce93c2eaf62_323.json @@ -43,27 +43,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3202e172-01b1-4738-a932-d024c514ba72_109.json b/packages/security_detection_engine/kibana/security_rule/3202e172-01b1-4738-a932-d024c514ba72_109.json index e1e5b643aa6..b081b717344 100644 --- a/packages/security_detection_engine/kibana/security_rule/3202e172-01b1-4738-a932-d024c514ba72_109.json +++ b/packages/security_detection_engine/kibana/security_rule/3202e172-01b1-4738-a932-d024c514ba72_109.json @@ -23,7 +23,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/32144184-7bfa-4541-9c3f-b65f16d24df9_4.json b/packages/security_detection_engine/kibana/security_rule/32144184-7bfa-4541-9c3f-b65f16d24df9_4.json index ab48b128663..86a917fd6cb 100644 --- a/packages/security_detection_engine/kibana/security_rule/32144184-7bfa-4541-9c3f-b65f16d24df9_4.json +++ b/packages/security_detection_engine/kibana/security_rule/32144184-7bfa-4541-9c3f-b65f16d24df9_4.json @@ -27,23 +27,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3216949c-9300-4c53-b57a-221e364c6457_5.json b/packages/security_detection_engine/kibana/security_rule/3216949c-9300-4c53-b57a-221e364c6457_5.json index de4cfbda2ea..1b75e5e0915 100644 --- a/packages/security_detection_engine/kibana/security_rule/3216949c-9300-4c53-b57a-221e364c6457_5.json +++ b/packages/security_detection_engine/kibana/security_rule/3216949c-9300-4c53-b57a-221e364c6457_5.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "aws_bedrock", - "version": "^1.1.0" + "version": ">=1.1.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/32300431-c2d5-432d-8ec8-0e03f9924756_9.json b/packages/security_detection_engine/kibana/security_rule/32300431-c2d5-432d-8ec8-0e03f9924756_9.json index ab6c47d0c84..cc21f8e5482 100644 --- a/packages/security_detection_engine/kibana/security_rule/32300431-c2d5-432d-8ec8-0e03f9924756_9.json +++ b/packages/security_detection_engine/kibana/security_rule/32300431-c2d5-432d-8ec8-0e03f9924756_9.json @@ -23,11 +23,11 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/323cb487-279d-4218-bcbd-a568efe930c6_109.json b/packages/security_detection_engine/kibana/security_rule/323cb487-279d-4218-bcbd-a568efe930c6_109.json index d1904dc46fc..3b1e27902e2 100644 --- a/packages/security_detection_engine/kibana/security_rule/323cb487-279d-4218-bcbd-a568efe930c6_109.json +++ b/packages/security_detection_engine/kibana/security_rule/323cb487-279d-4218-bcbd-a568efe930c6_109.json @@ -24,7 +24,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3278313c-d6cd-4d49-aa24-644e1da6623c_105.json b/packages/security_detection_engine/kibana/security_rule/3278313c-d6cd-4d49-aa24-644e1da6623c_105.json index c5909eb2264..92267526ae2 100644 --- a/packages/security_detection_engine/kibana/security_rule/3278313c-d6cd-4d49-aa24-644e1da6623c_105.json +++ b/packages/security_detection_engine/kibana/security_rule/3278313c-d6cd-4d49-aa24-644e1da6623c_105.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "pad", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/32923416-763a-4531-bb35-f33b9232ecdb_111.json b/packages/security_detection_engine/kibana/security_rule/32923416-763a-4531-bb35-f33b9232ecdb_111.json index 6034ee4481e..3c98af17b99 100644 --- a/packages/security_detection_engine/kibana/security_rule/32923416-763a-4531-bb35-f33b9232ecdb_111.json +++ b/packages/security_detection_engine/kibana/security_rule/32923416-763a-4531-bb35-f33b9232ecdb_111.json @@ -23,23 +23,23 @@ "related_integrations": [ { "package": "panw", - "version": "^5.2.0" + "version": ">=5.2.0" }, { "package": "pfsense", - "version": "^1.22.0" + "version": ">=1.22.0" }, { "package": "corelight", - "version": "^1.0.0" + "version": ">=1.0.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" }, { "package": "zeek", - "version": "^5.0.0" + "version": ">=5.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/32c5cf9c-2ef8-4e87-819e-5ccb7cd18b14_321.json b/packages/security_detection_engine/kibana/security_rule/32c5cf9c-2ef8-4e87-819e-5ccb7cd18b14_321.json index 7b5345f750a..20f3726d747 100644 --- a/packages/security_detection_engine/kibana/security_rule/32c5cf9c-2ef8-4e87-819e-5ccb7cd18b14_321.json +++ b/packages/security_detection_engine/kibana/security_rule/32c5cf9c-2ef8-4e87-819e-5ccb7cd18b14_321.json @@ -24,27 +24,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/32d3ad0e-6add-11ef-8c7b-f661ea17fbcc_11.json b/packages/security_detection_engine/kibana/security_rule/32d3ad0e-6add-11ef-8c7b-f661ea17fbcc_11.json index 855234b9419..cd698d0c222 100644 --- a/packages/security_detection_engine/kibana/security_rule/32d3ad0e-6add-11ef-8c7b-f661ea17fbcc_11.json +++ b/packages/security_detection_engine/kibana/security_rule/32d3ad0e-6add-11ef-8c7b-f661ea17fbcc_11.json @@ -42,7 +42,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/32f4675e-6c49-4ace-80f9-97c9259dca2e_422.json b/packages/security_detection_engine/kibana/security_rule/32f4675e-6c49-4ace-80f9-97c9259dca2e_422.json index 6229356198d..cf1693fc991 100644 --- a/packages/security_detection_engine/kibana/security_rule/32f4675e-6c49-4ace-80f9-97c9259dca2e_422.json +++ b/packages/security_detection_engine/kibana/security_rule/32f4675e-6c49-4ace-80f9-97c9259dca2e_422.json @@ -24,27 +24,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/32f95776-6498-4f3c-a90c-d4f6083e3901_104.json b/packages/security_detection_engine/kibana/security_rule/32f95776-6498-4f3c-a90c-d4f6083e3901_104.json index 67e5fb9cfff..02999e1398d 100644 --- a/packages/security_detection_engine/kibana/security_rule/32f95776-6498-4f3c-a90c-d4f6083e3901_104.json +++ b/packages/security_detection_engine/kibana/security_rule/32f95776-6498-4f3c-a90c-d4f6083e3901_104.json @@ -33,15 +33,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3302835b-0049-4004-a325-660b1fba1f67_107.json b/packages/security_detection_engine/kibana/security_rule/3302835b-0049-4004-a325-660b1fba1f67_107.json index b6e1cd0bed1..0a28e181ec5 100644 --- a/packages/security_detection_engine/kibana/security_rule/3302835b-0049-4004-a325-660b1fba1f67_107.json +++ b/packages/security_detection_engine/kibana/security_rule/3302835b-0049-4004-a325-660b1fba1f67_107.json @@ -19,15 +19,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/333de828-8190-4cf5-8d7c-7575846f6fe0_215.json b/packages/security_detection_engine/kibana/security_rule/333de828-8190-4cf5-8d7c-7575846f6fe0_215.json index 35ea77cee20..ef86a2b65b6 100644 --- a/packages/security_detection_engine/kibana/security_rule/333de828-8190-4cf5-8d7c-7575846f6fe0_215.json +++ b/packages/security_detection_engine/kibana/security_rule/333de828-8190-4cf5-8d7c-7575846f6fe0_215.json @@ -41,7 +41,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/33a6752b-da5e-45f8-b13a-5f094c09522f_113.json b/packages/security_detection_engine/kibana/security_rule/33a6752b-da5e-45f8-b13a-5f094c09522f_113.json index 845f0c8732e..93940e71185 100644 --- a/packages/security_detection_engine/kibana/security_rule/33a6752b-da5e-45f8-b13a-5f094c09522f_113.json +++ b/packages/security_detection_engine/kibana/security_rule/33a6752b-da5e-45f8-b13a-5f094c09522f_113.json @@ -24,19 +24,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/33c27b4e-8ec6-406f-b8e5-345dc024aa97_3.json b/packages/security_detection_engine/kibana/security_rule/33c27b4e-8ec6-406f-b8e5-345dc024aa97_3.json index 700cd3104e9..a43122886b2 100644 --- a/packages/security_detection_engine/kibana/security_rule/33c27b4e-8ec6-406f-b8e5-345dc024aa97_3.json +++ b/packages/security_detection_engine/kibana/security_rule/33c27b4e-8ec6-406f-b8e5-345dc024aa97_3.json @@ -15,7 +15,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/33f306e8-417c-411b-965c-c2812d6d3f4d_116.json b/packages/security_detection_engine/kibana/security_rule/33f306e8-417c-411b-965c-c2812d6d3f4d_116.json index 6491f1fb528..261611de5a3 100644 --- a/packages/security_detection_engine/kibana/security_rule/33f306e8-417c-411b-965c-c2812d6d3f4d_116.json +++ b/packages/security_detection_engine/kibana/security_rule/33f306e8-417c-411b-965c-c2812d6d3f4d_116.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/33ff31e9-3872-4944-8394-81dae76c12d9_1.json b/packages/security_detection_engine/kibana/security_rule/33ff31e9-3872-4944-8394-81dae76c12d9_1.json index 7684248e81f..210fc8e14eb 100644 --- a/packages/security_detection_engine/kibana/security_rule/33ff31e9-3872-4944-8394-81dae76c12d9_1.json +++ b/packages/security_detection_engine/kibana/security_rule/33ff31e9-3872-4944-8394-81dae76c12d9_1.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/341c6e18-9ef1-437e-bf18-b513f3ae2130_3.json b/packages/security_detection_engine/kibana/security_rule/341c6e18-9ef1-437e-bf18-b513f3ae2130_3.json index 768f9a3a4fb..38d38013814 100644 --- a/packages/security_detection_engine/kibana/security_rule/341c6e18-9ef1-437e-bf18-b513f3ae2130_3.json +++ b/packages/security_detection_engine/kibana/security_rule/341c6e18-9ef1-437e-bf18-b513f3ae2130_3.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/342f834b-21a6-41bf-878c-87d116eba3ee_104.json b/packages/security_detection_engine/kibana/security_rule/342f834b-21a6-41bf-878c-87d116eba3ee_104.json index 98379c03384..04e81fa7444 100644 --- a/packages/security_detection_engine/kibana/security_rule/342f834b-21a6-41bf-878c-87d116eba3ee_104.json +++ b/packages/security_detection_engine/kibana/security_rule/342f834b-21a6-41bf-878c-87d116eba3ee_104.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/345889c4-23a8-4bc0-b7ca-756bd17ce83b_207.json b/packages/security_detection_engine/kibana/security_rule/345889c4-23a8-4bc0-b7ca-756bd17ce83b_207.json index a1fb75c7444..182501f6f5f 100644 --- a/packages/security_detection_engine/kibana/security_rule/345889c4-23a8-4bc0-b7ca-756bd17ce83b_207.json +++ b/packages/security_detection_engine/kibana/security_rule/345889c4-23a8-4bc0-b7ca-756bd17ce83b_207.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "github", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/349276c0-5fcf-11ef-b1a9-f661ea17fbce_7.json b/packages/security_detection_engine/kibana/security_rule/349276c0-5fcf-11ef-b1a9-f661ea17fbce_7.json index 7bc3c714b94..33daa15731d 100644 --- a/packages/security_detection_engine/kibana/security_rule/349276c0-5fcf-11ef-b1a9-f661ea17fbce_7.json +++ b/packages/security_detection_engine/kibana/security_rule/349276c0-5fcf-11ef-b1a9-f661ea17fbce_7.json @@ -28,19 +28,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/34fde489-94b0-4500-a76f-b8a157cf9269_115.json b/packages/security_detection_engine/kibana/security_rule/34fde489-94b0-4500-a76f-b8a157cf9269_115.json index 7e850120725..cb199a96dee 100644 --- a/packages/security_detection_engine/kibana/security_rule/34fde489-94b0-4500-a76f-b8a157cf9269_115.json +++ b/packages/security_detection_engine/kibana/security_rule/34fde489-94b0-4500-a76f-b8a157cf9269_115.json @@ -27,27 +27,27 @@ "related_integrations": [ { "package": "fortinet_fortigate", - "version": "^1.31.0" + "version": ">=1.31.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" }, { "package": "panw", - "version": "^5.2.0" + "version": ">=5.2.0" }, { "package": "pfsense", - "version": "^1.22.0" + "version": ">=1.22.0" }, { "package": "sonicwall_firewall", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "suricata", - "version": "^2.24.0" + "version": ">=2.24.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/35330ba2-c859-4c98-8b7f-c19159ea0e58_111.json b/packages/security_detection_engine/kibana/security_rule/35330ba2-c859-4c98-8b7f-c19159ea0e58_111.json index e18c514efc6..85a79b60b9f 100644 --- a/packages/security_detection_engine/kibana/security_rule/35330ba2-c859-4c98-8b7f-c19159ea0e58_111.json +++ b/packages/security_detection_engine/kibana/security_rule/35330ba2-c859-4c98-8b7f-c19159ea0e58_111.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3535c8bb-3bd5-40f4-ae32-b7cd589d5372_419.json b/packages/security_detection_engine/kibana/security_rule/3535c8bb-3bd5-40f4-ae32-b7cd589d5372_419.json index 2b732134547..b64476edca2 100644 --- a/packages/security_detection_engine/kibana/security_rule/3535c8bb-3bd5-40f4-ae32-b7cd589d5372_419.json +++ b/packages/security_detection_engine/kibana/security_rule/3535c8bb-3bd5-40f4-ae32-b7cd589d5372_419.json @@ -25,23 +25,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/35a3b253-eea8-46f0-abd3-68bdd47e6e3d_108.json b/packages/security_detection_engine/kibana/security_rule/35a3b253-eea8-46f0-abd3-68bdd47e6e3d_108.json index f60040a6b9f..2c0ce0fb552 100644 --- a/packages/security_detection_engine/kibana/security_rule/35a3b253-eea8-46f0-abd3-68bdd47e6e3d_108.json +++ b/packages/security_detection_engine/kibana/security_rule/35a3b253-eea8-46f0-abd3-68bdd47e6e3d_108.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "ded", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/35ab3cfa-6c67-11ef-ab4d-f661ea17fbcc_111.json b/packages/security_detection_engine/kibana/security_rule/35ab3cfa-6c67-11ef-ab4d-f661ea17fbcc_111.json index 3dd5568d42d..e16f07b1832 100644 --- a/packages/security_detection_engine/kibana/security_rule/35ab3cfa-6c67-11ef-ab4d-f661ea17fbcc_111.json +++ b/packages/security_detection_engine/kibana/security_rule/35ab3cfa-6c67-11ef-ab4d-f661ea17fbcc_111.json @@ -26,7 +26,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "risk_score": 47, diff --git a/packages/security_detection_engine/kibana/security_rule/35c029c3-090e-4a25-b613-0b8099970fc1_3.json b/packages/security_detection_engine/kibana/security_rule/35c029c3-090e-4a25-b613-0b8099970fc1_3.json index a6bdf506a41..7e06ca0f1df 100644 --- a/packages/security_detection_engine/kibana/security_rule/35c029c3-090e-4a25-b613-0b8099970fc1_3.json +++ b/packages/security_detection_engine/kibana/security_rule/35c029c3-090e-4a25-b613-0b8099970fc1_3.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/35df0dd8-092d-4a83-88c1-5151a804f31b_320.json b/packages/security_detection_engine/kibana/security_rule/35df0dd8-092d-4a83-88c1-5151a804f31b_320.json deleted file mode 100644 index ed7774aec41..00000000000 --- a/packages/security_detection_engine/kibana/security_rule/35df0dd8-092d-4a83-88c1-5151a804f31b_320.json +++ /dev/null @@ -1,158 +0,0 @@ -{ - "attributes": { - "author": [ - "Elastic" - ], - "description": "Identifies Windows programs run from unexpected parent processes. This could indicate masquerading or other strange activity on a system.", - "from": "now-9m", - "index": [ - "endgame-*", - "logs-crowdstrike.fdr*", - "logs-endpoint.events.process-*", - "logs-m365_defender.event-*", - "logs-sentinel_one_cloud_funnel.*", - "logs-system.security*", - "logs-windows.forwarded*", - "logs-windows.sysmon_operational-*", - "winlogbeat-*" - ], - "language": "eql", - "license": "Elastic License v2", - "name": "Unusual Parent-Child Relationship", - "note": "## Triage and analysis\n\n### Investigating Unusual Parent-Child Relationship\n\nWindows internal/system processes have some characteristics that can be used to spot suspicious activities. One of these characteristics is parent-child relationships. These relationships can be used to baseline the typical behavior of the system and then alert on occurrences that don't comply with the baseline.\n\nThis rule uses this information to spot suspicious parent and child processes.\n\n> **Note**:\n> This investigation guide uses the [Osquery Markdown Plugin](https://www.elastic.co/guide/en/security/current/invest-guide-run-osquery.html) introduced in Elastic Stack version 8.5.0. Older Elastic Stack versions will display unrendered Markdown in this guide.\n\n#### Possible investigation steps\n\n- Investigate the process execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Investigate any abnormal behavior by the subject process such as network connections, registry or file modifications, and any spawned child processes.\n- Examine the host for derived artifacts that indicate suspicious activities:\n - Analyze the process executable using a private sandboxed analysis system.\n - Observe and collect information about the following activities in both the sandbox and the alert subject host:\n - Attempts to contact external domains and addresses.\n - Use the Elastic Defend network events to determine domains and addresses contacted by the subject process by filtering by the process' `process.entity_id`.\n - Examine the DNS cache for suspicious or anomalous entries.\n - !{osquery{\"label\":\"Osquery - Retrieve DNS Cache\",\"query\":\"SELECT * FROM dns_cache\"}}\n - Use the Elastic Defend registry events to examine registry keys accessed, modified, or created by the related processes in the process tree.\n - Examine the host services for suspicious or anomalous entries.\n - !{osquery{\"label\":\"Osquery - Retrieve All Services\",\"query\":\"SELECT description, display_name, name, path, pid, service_type, start_type, status, user_account FROM services\"}}\n - !{osquery{\"label\":\"Osquery - Retrieve Services Running on User Accounts\",\"query\":\"SELECT description, display_name, name, path, pid, service_type, start_type, status, user_account FROM services WHERE\\nNOT (user_account LIKE '%LocalSystem' OR user_account LIKE '%LocalService' OR user_account LIKE '%NetworkService' OR\\nuser_account == null)\\n\"}}\n - !{osquery{\"label\":\"Osquery - Retrieve Service Unsigned Executables with Virustotal Link\",\"query\":\"SELECT concat('https://www.virustotal.com/gui/file/', sha1) AS VtLink, name, description, start_type, status, pid,\\nservices.path FROM services JOIN authenticode ON services.path = authenticode.path OR services.module_path =\\nauthenticode.path JOIN hash ON services.path = hash.path WHERE authenticode.result != 'trusted'\\n\"}}\n - Retrieve the files' SHA-256 hash values using the PowerShell `Get-FileHash` cmdlet and search for the existence and reputation of the hashes in resources like VirusTotal, Hybrid-Analysis, CISCO Talos, Any.run, etc.\n- Investigate potentially compromised accounts. Analysts can do this by searching for login events (for example, 4624) to the target host after the registry modification.\n\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further post-compromise behavior.\n- If the triage identified malware, search the environment for additional compromised hosts.\n - Implement temporary network rules, procedures, and segmentation to contain the malware.\n - Stop suspicious processes.\n - Immediately block the identified indicators of compromise (IoCs).\n - Inspect the affected systems for additional malware backdoors like reverse shells, reverse proxies, or droppers that attackers could use to reinfect the system.\n- Remove and block malicious artifacts identified during triage.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n", - "query": "process where host.os.type == \"windows\" and event.type == \"start\" and\nprocess.parent.name != null and\n (\n /* suspicious parent processes */\n (process.name:\"autochk.exe\" and not process.parent.name:\"smss.exe\") or\n (process.name:(\"fontdrvhost.exe\", \"dwm.exe\") and not process.parent.name:(\"wininit.exe\", \"winlogon.exe\", \"dwm.exe\")) or\n (process.name:(\"consent.exe\", \"RuntimeBroker.exe\", \"TiWorker.exe\") and not process.parent.name:(\"svchost.exe\", \"Workplace Container Helper.exe\")) or\n (process.name:\"SearchIndexer.exe\" and not process.parent.name:\"services.exe\") or\n (process.name:\"SearchProtocolHost.exe\" and not process.parent.name:(\"SearchIndexer.exe\", \"dllhost.exe\")) or\n (process.name:\"dllhost.exe\" and not process.parent.name:(\"services.exe\", \"svchost.exe\")) or\n (process.name:\"smss.exe\" and not process.parent.name:(\"System\", \"smss.exe\")) or\n (process.name:\"csrss.exe\" and not process.parent.name:(\"smss.exe\", \"svchost.exe\")) or\n (process.name:\"wininit.exe\" and not process.parent.name:\"smss.exe\") or\n (process.name:\"winlogon.exe\" and not process.parent.name:\"smss.exe\") or\n (process.name:(\"lsass.exe\", \"LsaIso.exe\") and not process.parent.name:\"wininit.exe\") or\n (process.name:\"LogonUI.exe\" and not process.parent.name:(\"wininit.exe\", \"winlogon.exe\")) or\n (process.name:\"services.exe\" and not process.parent.name:\"wininit.exe\") or\n (process.name:\"svchost.exe\" and not process.parent.name:(\"MsMpEng.exe\", \"services.exe\", \"svchost.exe\")) or\n (process.name:\"spoolsv.exe\" and not process.parent.name:(\"services.exe\", \"Workplace Starter.exe\")) or\n (process.name:\"taskhost.exe\" and not process.parent.name:(\"services.exe\", \"svchost.exe\", \"ngentask.exe\")) or\n (process.name:\"taskhostw.exe\" and not process.parent.name:(\"services.exe\", \"svchost.exe\")) or\n (process.name:\"userinit.exe\" and not process.parent.name:(\"dwm.exe\", \"winlogon.exe\", \"KUsrInit.exe\")) or\n (process.name:(\"wmiprvse.exe\", \"wsmprovhost.exe\", \"winrshost.exe\") and not process.parent.name:\"svchost.exe\") or\n /* suspicious child processes */\n (process.parent.name:(\"SearchProtocolHost.exe\", \"taskhost.exe\", \"csrss.exe\") and not process.name:(\"werfault.exe\", \"wermgr.exe\", \"WerFaultSecure.exe\", \"conhost.exe\", \"ngentask.exe\")) or\n (process.parent.name:\"autochk.exe\" and not process.name:(\"chkdsk.exe\", \"doskey.exe\", \"WerFault.exe\")) or\n (process.parent.name:\"smss.exe\" and not process.name:(\"autochk.exe\", \"smss.exe\", \"csrss.exe\", \"wininit.exe\", \"winlogon.exe\", \"setupcl.exe\", \"WerFault.exe\", \"wpbbin.exe\", \"PvsVmBoot.exe\", \"SophosNA.exe\", \"omnissa-ic-nga.exe\", \"icarus_rvrt.exe\", \"poqexec.exe\")) or\n (process.parent.name:\"wermgr.exe\" and not process.name:(\"WerFaultSecure.exe\", \"wermgr.exe\", \"WerFault.exe\")) or\n (process.parent.name:\"conhost.exe\" and not process.name:(\"mscorsvw.exe\", \"wermgr.exe\", \"WerFault.exe\", \"WerFaultSecure.exe\"))\n )\n", - "references": [ - "https://github.com/sbousseaden/Slides/blob/master/Hunting%20MindMaps/PNG/Windows%20Processes%20TH.map.png", - "https://www.andreafortuna.org/2017/06/15/standard-windows-processes-a-brief-reference/", - "https://www.elastic.co/security-labs/elastic-security-labs-steps-through-the-r77-rootkit" - ], - "related_integrations": [ - { - "package": "endpoint", - "version": "^9.0.0" - }, - { - "package": "windows", - "version": "^3.0.0" - }, - { - "package": "system", - "version": "^2.0.0" - }, - { - "package": "m365_defender", - "version": "^5.0.0" - }, - { - "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" - }, - { - "package": "crowdstrike", - "version": "^3.0.0" - } - ], - "required_fields": [ - { - "ecs": true, - "name": "event.type", - "type": "keyword" - }, - { - "ecs": true, - "name": "host.os.type", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.name", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.parent.name", - "type": "keyword" - } - ], - "risk_score": 47, - "rule_id": "35df0dd8-092d-4a83-88c1-5151a804f31b", - "severity": "medium", - "tags": [ - "Domain: Endpoint", - "OS: Windows", - "Use Case: Threat Detection", - "Tactic: Privilege Escalation", - "Resources: Investigation Guide", - "Data Source: Elastic Endgame", - "Data Source: Elastic Defend", - "Data Source: Windows Security Event Logs", - "Data Source: Microsoft Defender for Endpoint", - "Data Source: Sysmon", - "Data Source: SentinelOne", - "Data Source: Crowdstrike" - ], - "threat": [ - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0004", - "name": "Privilege Escalation", - "reference": "https://attack.mitre.org/tactics/TA0004/" - }, - "technique": [ - { - "id": "T1055", - "name": "Process Injection", - "reference": "https://attack.mitre.org/techniques/T1055/", - "subtechnique": [ - { - "id": "T1055.012", - "name": "Process Hollowing", - "reference": "https://attack.mitre.org/techniques/T1055/012/" - } - ] - } - ] - }, - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0005", - "name": "Defense Evasion", - "reference": "https://attack.mitre.org/tactics/TA0005/" - }, - "technique": [ - { - "id": "T1036", - "name": "Masquerading", - "reference": "https://attack.mitre.org/techniques/T1036/", - "subtechnique": [ - { - "id": "T1036.009", - "name": "Break Process Trees", - "reference": "https://attack.mitre.org/techniques/T1036/009/" - } - ] - }, - { - "id": "T1134", - "name": "Access Token Manipulation", - "reference": "https://attack.mitre.org/techniques/T1134/", - "subtechnique": [ - { - "id": "T1134.004", - "name": "Parent PID Spoofing", - "reference": "https://attack.mitre.org/techniques/T1134/004/" - } - ] - } - ] - } - ], - "timestamp_override": "event.ingested", - "type": "eql", - "version": 320 - }, - "id": "35df0dd8-092d-4a83-88c1-5151a804f31b_320", - "type": "security-rule" -} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/35df0dd8-092d-4a83-88c1-5151a804f31b_323.json b/packages/security_detection_engine/kibana/security_rule/35df0dd8-092d-4a83-88c1-5151a804f31b_323.json index f265ea07606..c6f963301c9 100644 --- a/packages/security_detection_engine/kibana/security_rule/35df0dd8-092d-4a83-88c1-5151a804f31b_323.json +++ b/packages/security_detection_engine/kibana/security_rule/35df0dd8-092d-4a83-88c1-5151a804f31b_323.json @@ -29,27 +29,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/35f86980-1fb1-4dff-b311-3be941549c8d_109.json b/packages/security_detection_engine/kibana/security_rule/35f86980-1fb1-4dff-b311-3be941549c8d_109.json index deb30ef9c47..e62bcf9b729 100644 --- a/packages/security_detection_engine/kibana/security_rule/35f86980-1fb1-4dff-b311-3be941549c8d_109.json +++ b/packages/security_detection_engine/kibana/security_rule/35f86980-1fb1-4dff-b311-3be941549c8d_109.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/36188365-f88f-4f70-8c1d-0b9554186b9c_9.json b/packages/security_detection_engine/kibana/security_rule/36188365-f88f-4f70-8c1d-0b9554186b9c_9.json index 0f4109358e9..23bc4fe30cb 100644 --- a/packages/security_detection_engine/kibana/security_rule/36188365-f88f-4f70-8c1d-0b9554186b9c_9.json +++ b/packages/security_detection_engine/kibana/security_rule/36188365-f88f-4f70-8c1d-0b9554186b9c_9.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "risk_score": 73, diff --git a/packages/security_detection_engine/kibana/security_rule/36755b43-a1f9-4f2c-9b61-6b240dd0e164_1.json b/packages/security_detection_engine/kibana/security_rule/36755b43-a1f9-4f2c-9b61-6b240dd0e164_1.json index 287c2f7d9f7..fd6469a7526 100644 --- a/packages/security_detection_engine/kibana/security_rule/36755b43-a1f9-4f2c-9b61-6b240dd0e164_1.json +++ b/packages/security_detection_engine/kibana/security_rule/36755b43-a1f9-4f2c-9b61-6b240dd0e164_1.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3688577a-d196-11ec-90b0-f661ea17fbce_115.json b/packages/security_detection_engine/kibana/security_rule/3688577a-d196-11ec-90b0-f661ea17fbce_115.json index b788b980a09..0e5a742ccdc 100644 --- a/packages/security_detection_engine/kibana/security_rule/3688577a-d196-11ec-90b0-f661ea17fbce_115.json +++ b/packages/security_detection_engine/kibana/security_rule/3688577a-d196-11ec-90b0-f661ea17fbce_115.json @@ -29,15 +29,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/36a8e048-d888-4f61-a8b9-0f9e2e40f317_315.json b/packages/security_detection_engine/kibana/security_rule/36a8e048-d888-4f61-a8b9-0f9e2e40f317_315.json index 838c98db9c0..b5e83ecc98b 100644 --- a/packages/security_detection_engine/kibana/security_rule/36a8e048-d888-4f61-a8b9-0f9e2e40f317_315.json +++ b/packages/security_detection_engine/kibana/security_rule/36a8e048-d888-4f61-a8b9-0f9e2e40f317_315.json @@ -41,23 +41,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/36c48a0c-c63a-4cbc-aee1-8cac87db31a9_109.json b/packages/security_detection_engine/kibana/security_rule/36c48a0c-c63a-4cbc-aee1-8cac87db31a9_109.json index 2a1a70ee8f4..81832902abc 100644 --- a/packages/security_detection_engine/kibana/security_rule/36c48a0c-c63a-4cbc-aee1-8cac87db31a9_109.json +++ b/packages/security_detection_engine/kibana/security_rule/36c48a0c-c63a-4cbc-aee1-8cac87db31a9_109.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "lmd", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/37148ae6-c6ec-4fe4-88b1-02f40aed93a9_3.json b/packages/security_detection_engine/kibana/security_rule/37148ae6-c6ec-4fe4-88b1-02f40aed93a9_3.json index 5082493ac7f..d00474a7d2d 100644 --- a/packages/security_detection_engine/kibana/security_rule/37148ae6-c6ec-4fe4-88b1-02f40aed93a9_3.json +++ b/packages/security_detection_engine/kibana/security_rule/37148ae6-c6ec-4fe4-88b1-02f40aed93a9_3.json @@ -46,27 +46,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3728c08d-9b70-456b-b6b8-007c7d246128_110.json b/packages/security_detection_engine/kibana/security_rule/3728c08d-9b70-456b-b6b8-007c7d246128_110.json index a4b2ec1ea90..37f251f5266 100644 --- a/packages/security_detection_engine/kibana/security_rule/3728c08d-9b70-456b-b6b8-007c7d246128_110.json +++ b/packages/security_detection_engine/kibana/security_rule/3728c08d-9b70-456b-b6b8-007c7d246128_110.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/375132c6-25d5-11f0-8745-f661ea17fbcd_9.json b/packages/security_detection_engine/kibana/security_rule/375132c6-25d5-11f0-8745-f661ea17fbcd_9.json index 1ac93fb30a4..b8289582075 100644 --- a/packages/security_detection_engine/kibana/security_rule/375132c6-25d5-11f0-8745-f661ea17fbcd_9.json +++ b/packages/security_detection_engine/kibana/security_rule/375132c6-25d5-11f0-8745-f661ea17fbcd_9.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "risk_score": 73, diff --git a/packages/security_detection_engine/kibana/security_rule/37994bca-0611-4500-ab67-5588afe73b77_111.json b/packages/security_detection_engine/kibana/security_rule/37994bca-0611-4500-ab67-5588afe73b77_111.json index 3a7cba7e264..b06f38c0039 100644 --- a/packages/security_detection_engine/kibana/security_rule/37994bca-0611-4500-ab67-5588afe73b77_111.json +++ b/packages/security_detection_engine/kibana/security_rule/37994bca-0611-4500-ab67-5588afe73b77_111.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/37b211e8-4e2f-440f-86d8-06cc8f158cfa_216.json b/packages/security_detection_engine/kibana/security_rule/37b211e8-4e2f-440f-86d8-06cc8f158cfa_216.json index 4f60669b1b5..f535ea32173 100644 --- a/packages/security_detection_engine/kibana/security_rule/37b211e8-4e2f-440f-86d8-06cc8f158cfa_216.json +++ b/packages/security_detection_engine/kibana/security_rule/37b211e8-4e2f-440f-86d8-06cc8f158cfa_216.json @@ -47,7 +47,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/37cb6756-8892-4af3-a6bd-ddc56db0069d_7.json b/packages/security_detection_engine/kibana/security_rule/37cb6756-8892-4af3-a6bd-ddc56db0069d_7.json index 2eb4e7095e5..0fcfbff0fb4 100644 --- a/packages/security_detection_engine/kibana/security_rule/37cb6756-8892-4af3-a6bd-ddc56db0069d_7.json +++ b/packages/security_detection_engine/kibana/security_rule/37cb6756-8892-4af3-a6bd-ddc56db0069d_7.json @@ -44,23 +44,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/37cca4d4-92ab-4a33-a4f8-44a7a380ccda_104.json b/packages/security_detection_engine/kibana/security_rule/37cca4d4-92ab-4a33-a4f8-44a7a380ccda_104.json index 670a864a71c..fb5457f7608 100644 --- a/packages/security_detection_engine/kibana/security_rule/37cca4d4-92ab-4a33-a4f8-44a7a380ccda_104.json +++ b/packages/security_detection_engine/kibana/security_rule/37cca4d4-92ab-4a33-a4f8-44a7a380ccda_104.json @@ -18,15 +18,15 @@ "related_integrations": [ { "package": "pad", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/37f638ea-909d-4f94-9248-edd21e4a9906_212.json b/packages/security_detection_engine/kibana/security_rule/37f638ea-909d-4f94-9248-edd21e4a9906_212.json index a7f90f7bc67..e1909beadd4 100644 --- a/packages/security_detection_engine/kibana/security_rule/37f638ea-909d-4f94-9248-edd21e4a9906_212.json +++ b/packages/security_detection_engine/kibana/security_rule/37f638ea-909d-4f94-9248-edd21e4a9906_212.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3805c3dc-f82c-4f8d-891e-63c24d3102b0_415.json b/packages/security_detection_engine/kibana/security_rule/3805c3dc-f82c-4f8d-891e-63c24d3102b0_415.json index 497c3f6771a..adc21c949ef 100644 --- a/packages/security_detection_engine/kibana/security_rule/3805c3dc-f82c-4f8d-891e-63c24d3102b0_415.json +++ b/packages/security_detection_engine/kibana/security_rule/3805c3dc-f82c-4f8d-891e-63c24d3102b0_415.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3838e0e3-1850-4850-a411-2e8c5ba40ba8_219.json b/packages/security_detection_engine/kibana/security_rule/3838e0e3-1850-4850-a411-2e8c5ba40ba8_219.json index 2328f072399..0465f7225a4 100644 --- a/packages/security_detection_engine/kibana/security_rule/3838e0e3-1850-4850-a411-2e8c5ba40ba8_219.json +++ b/packages/security_detection_engine/kibana/security_rule/3838e0e3-1850-4850-a411-2e8c5ba40ba8_219.json @@ -24,11 +24,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/38948d29-3d5d-42e3-8aec-be832aaaf8eb_215.json b/packages/security_detection_engine/kibana/security_rule/38948d29-3d5d-42e3-8aec-be832aaaf8eb_215.json index 710b4eeb514..ff3a4721744 100644 --- a/packages/security_detection_engine/kibana/security_rule/38948d29-3d5d-42e3-8aec-be832aaaf8eb_215.json +++ b/packages/security_detection_engine/kibana/security_rule/38948d29-3d5d-42e3-8aec-be832aaaf8eb_215.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3896d4c0-6ad1-11ef-8c7b-f661ea17fbcc_10.json b/packages/security_detection_engine/kibana/security_rule/3896d4c0-6ad1-11ef-8c7b-f661ea17fbcc_10.json index e9af8413fcd..b393fcd40e4 100644 --- a/packages/security_detection_engine/kibana/security_rule/3896d4c0-6ad1-11ef-8c7b-f661ea17fbcc_10.json +++ b/packages/security_detection_engine/kibana/security_rule/3896d4c0-6ad1-11ef-8c7b-f661ea17fbcc_10.json @@ -34,7 +34,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/38e5acdd-5f20-4d99-8fe4-f0a1a592077f_109.json b/packages/security_detection_engine/kibana/security_rule/38e5acdd-5f20-4d99-8fe4-f0a1a592077f_109.json index c9c1061603b..1928168b61a 100644 --- a/packages/security_detection_engine/kibana/security_rule/38e5acdd-5f20-4d99-8fe4-f0a1a592077f_109.json +++ b/packages/security_detection_engine/kibana/security_rule/38e5acdd-5f20-4d99-8fe4-f0a1a592077f_109.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/38f384e0-aef8-11ed-9a38-f661ea17fbcc_8.json b/packages/security_detection_engine/kibana/security_rule/38f384e0-aef8-11ed-9a38-f661ea17fbcc_8.json index 7196837ada0..6749745fc1b 100644 --- a/packages/security_detection_engine/kibana/security_rule/38f384e0-aef8-11ed-9a38-f661ea17fbcc_8.json +++ b/packages/security_detection_engine/kibana/security_rule/38f384e0-aef8-11ed-9a38-f661ea17fbcc_8.json @@ -39,7 +39,7 @@ "related_integrations": [ { "package": "google_workspace", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/39029450-8e2d-4034-81b0-15af8e4e3a4e_1.json b/packages/security_detection_engine/kibana/security_rule/39029450-8e2d-4034-81b0-15af8e4e3a4e_1.json index 4ac765d4a7b..d74facc21a7 100644 --- a/packages/security_detection_engine/kibana/security_rule/39029450-8e2d-4034-81b0-15af8e4e3a4e_1.json +++ b/packages/security_detection_engine/kibana/security_rule/39029450-8e2d-4034-81b0-15af8e4e3a4e_1.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/39144f38-5284-4f8e-a2ae-e3fd628d90b0_213.json b/packages/security_detection_engine/kibana/security_rule/39144f38-5284-4f8e-a2ae-e3fd628d90b0_213.json index 6bc517dcb74..b81b3115aa0 100644 --- a/packages/security_detection_engine/kibana/security_rule/39144f38-5284-4f8e-a2ae-e3fd628d90b0_213.json +++ b/packages/security_detection_engine/kibana/security_rule/39144f38-5284-4f8e-a2ae-e3fd628d90b0_213.json @@ -45,7 +45,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/39157d52-4035-44a8-9d1a-6f8c5f580a07_7.json b/packages/security_detection_engine/kibana/security_rule/39157d52-4035-44a8-9d1a-6f8c5f580a07_7.json index 44e2048b1cf..137a3f4a29b 100644 --- a/packages/security_detection_engine/kibana/security_rule/39157d52-4035-44a8-9d1a-6f8c5f580a07_7.json +++ b/packages/security_detection_engine/kibana/security_rule/39157d52-4035-44a8-9d1a-6f8c5f580a07_7.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/393ef120-63d1-11ef-8e38-f661ea17fbce_8.json b/packages/security_detection_engine/kibana/security_rule/393ef120-63d1-11ef-8e38-f661ea17fbce_8.json index e1d0ef68b2f..ad4a76e8dce 100644 --- a/packages/security_detection_engine/kibana/security_rule/393ef120-63d1-11ef-8e38-f661ea17fbce_8.json +++ b/packages/security_detection_engine/kibana/security_rule/393ef120-63d1-11ef-8e38-f661ea17fbce_8.json @@ -38,7 +38,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/397945f3-d39a-4e6f-8bcb-9656c2031438_314.json b/packages/security_detection_engine/kibana/security_rule/397945f3-d39a-4e6f-8bcb-9656c2031438_314.json index 053af65b901..7539256846e 100644 --- a/packages/security_detection_engine/kibana/security_rule/397945f3-d39a-4e6f-8bcb-9656c2031438_314.json +++ b/packages/security_detection_engine/kibana/security_rule/397945f3-d39a-4e6f-8bcb-9656c2031438_314.json @@ -29,23 +29,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/39ab0f66-efa0-4649-9c9c-8c64682f5fdd_1.json b/packages/security_detection_engine/kibana/security_rule/39ab0f66-efa0-4649-9c9c-8c64682f5fdd_1.json index 98afa849951..c44cbbcd8d0 100644 --- a/packages/security_detection_engine/kibana/security_rule/39ab0f66-efa0-4649-9c9c-8c64682f5fdd_1.json +++ b/packages/security_detection_engine/kibana/security_rule/39ab0f66-efa0-4649-9c9c-8c64682f5fdd_1.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/39c06367-b700-4380-848a-cab06e7afede_8.json b/packages/security_detection_engine/kibana/security_rule/39c06367-b700-4380-848a-cab06e7afede_8.json index d916667e904..b4492dae650 100644 --- a/packages/security_detection_engine/kibana/security_rule/39c06367-b700-4380-848a-cab06e7afede_8.json +++ b/packages/security_detection_engine/kibana/security_rule/39c06367-b700-4380-848a-cab06e7afede_8.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3a01e5c6-ce01-46d7-ac9f-52dc349695fb_3.json b/packages/security_detection_engine/kibana/security_rule/3a01e5c6-ce01-46d7-ac9f-52dc349695fb_3.json index ecd8b807dcf..57214d1ed5c 100644 --- a/packages/security_detection_engine/kibana/security_rule/3a01e5c6-ce01-46d7-ac9f-52dc349695fb_3.json +++ b/packages/security_detection_engine/kibana/security_rule/3a01e5c6-ce01-46d7-ac9f-52dc349695fb_3.json @@ -14,7 +14,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3a59fc81-99d3-47ea-8cd6-d48d561fca20_314.json b/packages/security_detection_engine/kibana/security_rule/3a59fc81-99d3-47ea-8cd6-d48d561fca20_314.json deleted file mode 100644 index b2b2b5c4894..00000000000 --- a/packages/security_detection_engine/kibana/security_rule/3a59fc81-99d3-47ea-8cd6-d48d561fca20_314.json +++ /dev/null @@ -1,125 +0,0 @@ -{ - "attributes": { - "author": [ - "Elastic" - ], - "description": "This rule identifies a large number (15) of nslookup.exe executions with an explicit query type from the same host. This may indicate command and control activity utilizing the DNS protocol.", - "from": "now-9m", - "index": [ - "endgame-*", - "logs-endpoint.events.process-*", - "logs-m365_defender.event-*", - "logs-sentinel_one_cloud_funnel.*", - "logs-system.security*", - "logs-windows.forwarded*", - "logs-windows.sysmon_operational-*", - "winlogbeat-*" - ], - "language": "eql", - "license": "Elastic License v2", - "name": "Potential DNS Tunneling via NsLookup", - "note": "## Triage and analysis\n\n### Investigating Potential DNS Tunneling via NsLookup\n\nAttackers can abuse existing network rules that allow DNS communication with external resources to use the protocol as their command and control and/or exfiltration channel.\n\nDNS queries can be used to infiltrate data such as commands to be run, malicious files, etc., and also for exfiltration, since queries can be used to send data to the attacker-controlled DNS server. This process is commonly known as DNS tunneling.\n\nMore information on how tunneling works and how it can be abused can be found on [Palo Alto Unit42 Research](https://unit42.paloaltonetworks.com/dns-tunneling-how-dns-can-be-abused-by-malicious-actors).\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Inspect the DNS query and identify the information sent.\n- Extract this communication's indicators of compromise (IoCs) and use traffic logs to search for other potentially compromised hosts.\n\n### False positive analysis\n\n- This mechanism can be used legitimately. If the parent process is trusted and the data sent is not sensitive nor command and control related, this alert can be closed.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further post-compromise behavior.\n- Immediately block the identified indicators of compromise (IoCs).\n- Implement any temporary network rules, procedures, and segmentation required to contain the attack.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Update firewall rules to be more restrictive.\n- Reimage the host operating system or restore the compromised files to clean versions.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n", - "query": "sequence by host.id with maxspan=5m\n[process where host.os.type == \"windows\" and event.type == \"start\" and\n process.name : \"nslookup.exe\" and process.args:(\"-querytype=*\", \"-qt=*\", \"-q=*\", \"-type=*\")] with runs = 10\n", - "references": [ - "https://unit42.paloaltonetworks.com/dns-tunneling-in-the-wild-overview-of-oilrigs-dns-tunneling/" - ], - "related_integrations": [ - { - "package": "endpoint", - "version": "^9.0.0" - }, - { - "package": "windows", - "version": "^3.0.0" - }, - { - "package": "system", - "version": "^2.0.0" - }, - { - "package": "m365_defender", - "version": "^5.0.0" - }, - { - "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" - } - ], - "required_fields": [ - { - "ecs": true, - "name": "event.type", - "type": "keyword" - }, - { - "ecs": true, - "name": "host.id", - "type": "keyword" - }, - { - "ecs": true, - "name": "host.os.type", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.args", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.name", - "type": "keyword" - } - ], - "risk_score": 47, - "rule_id": "3a59fc81-99d3-47ea-8cd6-d48d561fca20", - "severity": "medium", - "tags": [ - "Domain: Endpoint", - "OS: Windows", - "Use Case: Threat Detection", - "Tactic: Command and Control", - "Resources: Investigation Guide", - "Data Source: Elastic Endgame", - "Data Source: Elastic Defend", - "Data Source: Windows Security Event Logs", - "Data Source: Microsoft Defender for Endpoint", - "Data Source: SentinelOne", - "Data Source: Sysmon" - ], - "threat": [ - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0011", - "name": "Command and Control", - "reference": "https://attack.mitre.org/tactics/TA0011/" - }, - "technique": [ - { - "id": "T1071", - "name": "Application Layer Protocol", - "reference": "https://attack.mitre.org/techniques/T1071/", - "subtechnique": [ - { - "id": "T1071.004", - "name": "DNS", - "reference": "https://attack.mitre.org/techniques/T1071/004/" - } - ] - }, - { - "id": "T1572", - "name": "Protocol Tunneling", - "reference": "https://attack.mitre.org/techniques/T1572/" - } - ] - } - ], - "type": "eql", - "version": 314 - }, - "id": "3a59fc81-99d3-47ea-8cd6-d48d561fca20_314", - "type": "security-rule" -} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/3a59fc81-99d3-47ea-8cd6-d48d561fca20_317.json b/packages/security_detection_engine/kibana/security_rule/3a59fc81-99d3-47ea-8cd6-d48d561fca20_317.json index bbc61b732ea..4b35c6a0444 100644 --- a/packages/security_detection_engine/kibana/security_rule/3a59fc81-99d3-47ea-8cd6-d48d561fca20_317.json +++ b/packages/security_detection_engine/kibana/security_rule/3a59fc81-99d3-47ea-8cd6-d48d561fca20_317.json @@ -27,27 +27,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3a6001a0-0939-4bbe-86f4-47d8faeb7b97_15.json b/packages/security_detection_engine/kibana/security_rule/3a6001a0-0939-4bbe-86f4-47d8faeb7b97_15.json index 9b690f73279..2b45bdfbbf9 100644 --- a/packages/security_detection_engine/kibana/security_rule/3a6001a0-0939-4bbe-86f4-47d8faeb7b97_15.json +++ b/packages/security_detection_engine/kibana/security_rule/3a6001a0-0939-4bbe-86f4-47d8faeb7b97_15.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3a657da0-1df2-11ef-a327-f661ea17fbcc_107.json b/packages/security_detection_engine/kibana/security_rule/3a657da0-1df2-11ef-a327-f661ea17fbcc_107.json index 459aa79c495..f312f97f476 100644 --- a/packages/security_detection_engine/kibana/security_rule/3a657da0-1df2-11ef-a327-f661ea17fbcc_107.json +++ b/packages/security_detection_engine/kibana/security_rule/3a657da0-1df2-11ef-a327-f661ea17fbcc_107.json @@ -45,7 +45,7 @@ "related_integrations": [ { "package": "ti_rapid7_threat_command", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3aaf37f3-05a1-40a5-bb6e-e380c4f92c52_7.json b/packages/security_detection_engine/kibana/security_rule/3aaf37f3-05a1-40a5-bb6e-e380c4f92c52_7.json index dc3b53fbfa2..b98c87b15f8 100644 --- a/packages/security_detection_engine/kibana/security_rule/3aaf37f3-05a1-40a5-bb6e-e380c4f92c52_7.json +++ b/packages/security_detection_engine/kibana/security_rule/3aaf37f3-05a1-40a5-bb6e-e380c4f92c52_7.json @@ -45,23 +45,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3ad362a9-40cb-4536-8f8b-6a8b5cc24d3c_1.json b/packages/security_detection_engine/kibana/security_rule/3ad362a9-40cb-4536-8f8b-6a8b5cc24d3c_1.json index 1b86b4a8c0f..d2452c1d23f 100644 --- a/packages/security_detection_engine/kibana/security_rule/3ad362a9-40cb-4536-8f8b-6a8b5cc24d3c_1.json +++ b/packages/security_detection_engine/kibana/security_rule/3ad362a9-40cb-4536-8f8b-6a8b5cc24d3c_1.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3ad49c61-7adc-42c1-b788-732eda2f5abf_112.json b/packages/security_detection_engine/kibana/security_rule/3ad49c61-7adc-42c1-b788-732eda2f5abf_112.json index dc64c9fa830..58529b16245 100644 --- a/packages/security_detection_engine/kibana/security_rule/3ad49c61-7adc-42c1-b788-732eda2f5abf_112.json +++ b/packages/security_detection_engine/kibana/security_rule/3ad49c61-7adc-42c1-b788-732eda2f5abf_112.json @@ -27,15 +27,15 @@ "related_integrations": [ { "package": "panw", - "version": "^5.2.0" + "version": ">=5.2.0" }, { "package": "pfsense", - "version": "^1.22.0" + "version": ">=1.22.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3ad77ed4-4dcf-4c51-8bfc-e3f7ce316b2f_110.json b/packages/security_detection_engine/kibana/security_rule/3ad77ed4-4dcf-4c51-8bfc-e3f7ce316b2f_110.json index 75eae39fcf4..10afb8af1e7 100644 --- a/packages/security_detection_engine/kibana/security_rule/3ad77ed4-4dcf-4c51-8bfc-e3f7ce316b2f_110.json +++ b/packages/security_detection_engine/kibana/security_rule/3ad77ed4-4dcf-4c51-8bfc-e3f7ce316b2f_110.json @@ -24,7 +24,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3aec394d-ed2a-4f3e-8ed3-4a2adea39f05_1.json b/packages/security_detection_engine/kibana/security_rule/3aec394d-ed2a-4f3e-8ed3-4a2adea39f05_1.json index 8bd3849adb4..e86451992a3 100644 --- a/packages/security_detection_engine/kibana/security_rule/3aec394d-ed2a-4f3e-8ed3-4a2adea39f05_1.json +++ b/packages/security_detection_engine/kibana/security_rule/3aec394d-ed2a-4f3e-8ed3-4a2adea39f05_1.json @@ -38,7 +38,7 @@ { "integration": "aadgraphactivitylogs", "package": "azure", - "version": "^1.37.0" + "version": ">=1.37.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3af4cb9b-973f-4c54-be2b-7623c0e21b2b_207.json b/packages/security_detection_engine/kibana/security_rule/3af4cb9b-973f-4c54-be2b-7623c0e21b2b_207.json index 608025a1cb7..3e0433785de 100644 --- a/packages/security_detection_engine/kibana/security_rule/3af4cb9b-973f-4c54-be2b-7623c0e21b2b_207.json +++ b/packages/security_detection_engine/kibana/security_rule/3af4cb9b-973f-4c54-be2b-7623c0e21b2b_207.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "github", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3aff6ab1-18bd-427e-9d4c-c5732110c261_6.json b/packages/security_detection_engine/kibana/security_rule/3aff6ab1-18bd-427e-9d4c-c5732110c261_6.json index 99c8a856f02..b6b5cd25b40 100644 --- a/packages/security_detection_engine/kibana/security_rule/3aff6ab1-18bd-427e-9d4c-c5732110c261_6.json +++ b/packages/security_detection_engine/kibana/security_rule/3aff6ab1-18bd-427e-9d4c-c5732110c261_6.json @@ -17,11 +17,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3b47900d-e793-49e8-968f-c90dc3526aa1_418.json b/packages/security_detection_engine/kibana/security_rule/3b47900d-e793-49e8-968f-c90dc3526aa1_418.json index 56ef92c621b..ff0d98a8111 100644 --- a/packages/security_detection_engine/kibana/security_rule/3b47900d-e793-49e8-968f-c90dc3526aa1_418.json +++ b/packages/security_detection_engine/kibana/security_rule/3b47900d-e793-49e8-968f-c90dc3526aa1_418.json @@ -21,19 +21,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3bc6deaa-fbd4-433a-ae21-3e892f95624f_321.json b/packages/security_detection_engine/kibana/security_rule/3bc6deaa-fbd4-433a-ae21-3e892f95624f_321.json index fa5b9b2bf4f..1dc6bd5390e 100644 --- a/packages/security_detection_engine/kibana/security_rule/3bc6deaa-fbd4-433a-ae21-3e892f95624f_321.json +++ b/packages/security_detection_engine/kibana/security_rule/3bc6deaa-fbd4-433a-ae21-3e892f95624f_321.json @@ -51,27 +51,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3c216ace-2633-4911-9aac-b61d4dc320e8_6.json b/packages/security_detection_engine/kibana/security_rule/3c216ace-2633-4911-9aac-b61d4dc320e8_6.json index 8c11278d968..7ae7650c9d8 100644 --- a/packages/security_detection_engine/kibana/security_rule/3c216ace-2633-4911-9aac-b61d4dc320e8_6.json +++ b/packages/security_detection_engine/kibana/security_rule/3c216ace-2633-4911-9aac-b61d4dc320e8_6.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3c3f65b8-e8b4-11ef-9511-f661ea17fbce_6.json b/packages/security_detection_engine/kibana/security_rule/3c3f65b8-e8b4-11ef-9511-f661ea17fbce_6.json index ffa6ab31fea..3f8af812f68 100644 --- a/packages/security_detection_engine/kibana/security_rule/3c3f65b8-e8b4-11ef-9511-f661ea17fbce_6.json +++ b/packages/security_detection_engine/kibana/security_rule/3c3f65b8-e8b4-11ef-9511-f661ea17fbce_6.json @@ -48,7 +48,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3c59d2e1-8ca1-4f13-b2ac-f4bb99ff69d7_2.json b/packages/security_detection_engine/kibana/security_rule/3c59d2e1-8ca1-4f13-b2ac-f4bb99ff69d7_2.json index 83729b3fda3..8a65e9fafdd 100644 --- a/packages/security_detection_engine/kibana/security_rule/3c59d2e1-8ca1-4f13-b2ac-f4bb99ff69d7_2.json +++ b/packages/security_detection_engine/kibana/security_rule/3c59d2e1-8ca1-4f13-b2ac-f4bb99ff69d7_2.json @@ -45,7 +45,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3c6685eb-9eaa-43a4-be1b-a7f9f1f5e63d_104.json b/packages/security_detection_engine/kibana/security_rule/3c6685eb-9eaa-43a4-be1b-a7f9f1f5e63d_104.json index d2208b4add2..365defe085f 100644 --- a/packages/security_detection_engine/kibana/security_rule/3c6685eb-9eaa-43a4-be1b-a7f9f1f5e63d_104.json +++ b/packages/security_detection_engine/kibana/security_rule/3c6685eb-9eaa-43a4-be1b-a7f9f1f5e63d_104.json @@ -21,19 +21,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3c7e32e6-6104-46d9-a06e-da0f8b5795a0_209.json b/packages/security_detection_engine/kibana/security_rule/3c7e32e6-6104-46d9-a06e-da0f8b5795a0_209.json index 5e42ffe9ed4..d03a4ab0fa4 100644 --- a/packages/security_detection_engine/kibana/security_rule/3c7e32e6-6104-46d9-a06e-da0f8b5795a0_209.json +++ b/packages/security_detection_engine/kibana/security_rule/3c7e32e6-6104-46d9-a06e-da0f8b5795a0_209.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/3c82bf84-5941-495b-ac41-0302f28e1a90_3.json b/packages/security_detection_engine/kibana/security_rule/3c82bf84-5941-495b-ac41-0302f28e1a90_3.json index 4544b9b9a6f..954e9db5690 100644 --- a/packages/security_detection_engine/kibana/security_rule/3c82bf84-5941-495b-ac41-0302f28e1a90_3.json +++ b/packages/security_detection_engine/kibana/security_rule/3c82bf84-5941-495b-ac41-0302f28e1a90_3.json @@ -18,7 +18,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3c9f7901-01d8-465d-8dc0-5d46671035fa_7.json b/packages/security_detection_engine/kibana/security_rule/3c9f7901-01d8-465d-8dc0-5d46671035fa_7.json index 66c2201096e..7ee9086a7de 100644 --- a/packages/security_detection_engine/kibana/security_rule/3c9f7901-01d8-465d-8dc0-5d46671035fa_7.json +++ b/packages/security_detection_engine/kibana/security_rule/3c9f7901-01d8-465d-8dc0-5d46671035fa_7.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3ca81a95-d5af-4b77-b0ad-b02bc746f640_107.json b/packages/security_detection_engine/kibana/security_rule/3ca81a95-d5af-4b77-b0ad-b02bc746f640_107.json index f3886041cfa..c969a03947c 100644 --- a/packages/security_detection_engine/kibana/security_rule/3ca81a95-d5af-4b77-b0ad-b02bc746f640_107.json +++ b/packages/security_detection_engine/kibana/security_rule/3ca81a95-d5af-4b77-b0ad-b02bc746f640_107.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3d00feab-e203-4acc-a463-c3e15b7e9a73_211.json b/packages/security_detection_engine/kibana/security_rule/3d00feab-e203-4acc-a463-c3e15b7e9a73_211.json index 38557f21932..bc23f69b69b 100644 --- a/packages/security_detection_engine/kibana/security_rule/3d00feab-e203-4acc-a463-c3e15b7e9a73_211.json +++ b/packages/security_detection_engine/kibana/security_rule/3d00feab-e203-4acc-a463-c3e15b7e9a73_211.json @@ -46,27 +46,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3d086f43-5382-493d-a018-bce165c88f9f_1.json b/packages/security_detection_engine/kibana/security_rule/3d086f43-5382-493d-a018-bce165c88f9f_1.json index 78bdbc2ad15..4c7b7957df0 100644 --- a/packages/security_detection_engine/kibana/security_rule/3d086f43-5382-493d-a018-bce165c88f9f_1.json +++ b/packages/security_detection_engine/kibana/security_rule/3d086f43-5382-493d-a018-bce165c88f9f_1.json @@ -43,7 +43,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3d2e8c90-5be7-4a57-9de4-58be75af933f_1.json b/packages/security_detection_engine/kibana/security_rule/3d2e8c90-5be7-4a57-9de4-58be75af933f_1.json index 11f467bec1e..ee9ed81f309 100644 --- a/packages/security_detection_engine/kibana/security_rule/3d2e8c90-5be7-4a57-9de4-58be75af933f_1.json +++ b/packages/security_detection_engine/kibana/security_rule/3d2e8c90-5be7-4a57-9de4-58be75af933f_1.json @@ -41,7 +41,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3d3aa8f9-12af-441f-9344-9f31053e316d_211.json b/packages/security_detection_engine/kibana/security_rule/3d3aa8f9-12af-441f-9344-9f31053e316d_211.json index 4a57b5b5206..8671ca2f4ef 100644 --- a/packages/security_detection_engine/kibana/security_rule/3d3aa8f9-12af-441f-9344-9f31053e316d_211.json +++ b/packages/security_detection_engine/kibana/security_rule/3d3aa8f9-12af-441f-9344-9f31053e316d_211.json @@ -70,7 +70,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3db029b3-fbb7-4697-ad07-33cbfd5bd080_6.json b/packages/security_detection_engine/kibana/security_rule/3db029b3-fbb7-4697-ad07-33cbfd5bd080_6.json index e403b854fcc..89ee9a55fe6 100644 --- a/packages/security_detection_engine/kibana/security_rule/3db029b3-fbb7-4697-ad07-33cbfd5bd080_6.json +++ b/packages/security_detection_engine/kibana/security_rule/3db029b3-fbb7-4697-ad07-33cbfd5bd080_6.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3df49ff6-985d-11ef-88a1-f661ea17fbcd_10.json b/packages/security_detection_engine/kibana/security_rule/3df49ff6-985d-11ef-88a1-f661ea17fbcd_10.json index c53c942164b..336b902fb8d 100644 --- a/packages/security_detection_engine/kibana/security_rule/3df49ff6-985d-11ef-88a1-f661ea17fbcd_10.json +++ b/packages/security_detection_engine/kibana/security_rule/3df49ff6-985d-11ef-88a1-f661ea17fbcd_10.json @@ -49,7 +49,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3e002465-876f-4f04-b016-84ef48ce7e5d_215.json b/packages/security_detection_engine/kibana/security_rule/3e002465-876f-4f04-b016-84ef48ce7e5d_215.json index 855628d6513..91d2ffa5c06 100644 --- a/packages/security_detection_engine/kibana/security_rule/3e002465-876f-4f04-b016-84ef48ce7e5d_215.json +++ b/packages/security_detection_engine/kibana/security_rule/3e002465-876f-4f04-b016-84ef48ce7e5d_215.json @@ -42,7 +42,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3e0561b5-3fac-4461-84cc-19163b9aaa61_109.json b/packages/security_detection_engine/kibana/security_rule/3e0561b5-3fac-4461-84cc-19163b9aaa61_109.json index 2dc7479528c..5d8472c44ba 100644 --- a/packages/security_detection_engine/kibana/security_rule/3e0561b5-3fac-4461-84cc-19163b9aaa61_109.json +++ b/packages/security_detection_engine/kibana/security_rule/3e0561b5-3fac-4461-84cc-19163b9aaa61_109.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "lmd", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/3e0eeb75-16e8-4f2f-9826-62461ca128b7_213.json b/packages/security_detection_engine/kibana/security_rule/3e0eeb75-16e8-4f2f-9826-62461ca128b7_213.json index b06770b885d..d26350440fa 100644 --- a/packages/security_detection_engine/kibana/security_rule/3e0eeb75-16e8-4f2f-9826-62461ca128b7_213.json +++ b/packages/security_detection_engine/kibana/security_rule/3e0eeb75-16e8-4f2f-9826-62461ca128b7_213.json @@ -26,19 +26,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3e12a439-d002-4944-bc42-171c0dcb9b96_8.json b/packages/security_detection_engine/kibana/security_rule/3e12a439-d002-4944-bc42-171c0dcb9b96_8.json index 7f5a0573f77..fffa8dcefb1 100644 --- a/packages/security_detection_engine/kibana/security_rule/3e12a439-d002-4944-bc42-171c0dcb9b96_8.json +++ b/packages/security_detection_engine/kibana/security_rule/3e12a439-d002-4944-bc42-171c0dcb9b96_8.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3e3d15c6-1509-479a-b125-21718372157e_113.json b/packages/security_detection_engine/kibana/security_rule/3e3d15c6-1509-479a-b125-21718372157e_113.json index fe0d345754b..a6532187167 100644 --- a/packages/security_detection_engine/kibana/security_rule/3e3d15c6-1509-479a-b125-21718372157e_113.json +++ b/packages/security_detection_engine/kibana/security_rule/3e3d15c6-1509-479a-b125-21718372157e_113.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3e441bdb-596c-44fd-8628-2cfdf4516ada_8.json b/packages/security_detection_engine/kibana/security_rule/3e441bdb-596c-44fd-8628-2cfdf4516ada_8.json index f72c24ec7aa..8c4ab8689b0 100644 --- a/packages/security_detection_engine/kibana/security_rule/3e441bdb-596c-44fd-8628-2cfdf4516ada_8.json +++ b/packages/security_detection_engine/kibana/security_rule/3e441bdb-596c-44fd-8628-2cfdf4516ada_8.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3e528511-7316-4a6e-83da-61b5f1c07fd4_7.json b/packages/security_detection_engine/kibana/security_rule/3e528511-7316-4a6e-83da-61b5f1c07fd4_7.json index ec33ed21ec9..8e055670d9d 100644 --- a/packages/security_detection_engine/kibana/security_rule/3e528511-7316-4a6e-83da-61b5f1c07fd4_7.json +++ b/packages/security_detection_engine/kibana/security_rule/3e528511-7316-4a6e-83da-61b5f1c07fd4_7.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3ecbdc9e-e4f2-43fa-8cca-63802125e582_319.json b/packages/security_detection_engine/kibana/security_rule/3ecbdc9e-e4f2-43fa-8cca-63802125e582_319.json index 0e69b64a826..18780943b13 100644 --- a/packages/security_detection_engine/kibana/security_rule/3ecbdc9e-e4f2-43fa-8cca-63802125e582_319.json +++ b/packages/security_detection_engine/kibana/security_rule/3ecbdc9e-e4f2-43fa-8cca-63802125e582_319.json @@ -48,27 +48,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3ed032b2-45d8-4406-bc79-7ad1eabb2c72_312.json b/packages/security_detection_engine/kibana/security_rule/3ed032b2-45d8-4406-bc79-7ad1eabb2c72_312.json index ec63175dca2..e82bf60e5fb 100644 --- a/packages/security_detection_engine/kibana/security_rule/3ed032b2-45d8-4406-bc79-7ad1eabb2c72_312.json +++ b/packages/security_detection_engine/kibana/security_rule/3ed032b2-45d8-4406-bc79-7ad1eabb2c72_312.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3ee526ce-1f26-45dd-9358-c23100d1121f_2.json b/packages/security_detection_engine/kibana/security_rule/3ee526ce-1f26-45dd-9358-c23100d1121f_2.json index 309fa33d985..36d8571cdc3 100644 --- a/packages/security_detection_engine/kibana/security_rule/3ee526ce-1f26-45dd-9358-c23100d1121f_2.json +++ b/packages/security_detection_engine/kibana/security_rule/3ee526ce-1f26-45dd-9358-c23100d1121f_2.json @@ -23,11 +23,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3f0e5410-a4bf-4e8c-bcfc-79d67a285c54_106.json b/packages/security_detection_engine/kibana/security_rule/3f0e5410-a4bf-4e8c-bcfc-79d67a285c54_106.json index 2d79ea0174e..1e918aea258 100644 --- a/packages/security_detection_engine/kibana/security_rule/3f0e5410-a4bf-4e8c-bcfc-79d67a285c54_106.json +++ b/packages/security_detection_engine/kibana/security_rule/3f0e5410-a4bf-4e8c-bcfc-79d67a285c54_106.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "cyberarkpas", - "version": "^2.27.0" + "version": ">=2.27.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3f12325a-4cc6-410b-8d4c-9fbbeb744cfd_12.json b/packages/security_detection_engine/kibana/security_rule/3f12325a-4cc6-410b-8d4c-9fbbeb744cfd_12.json index 64389b446e9..7d1dbfb7e74 100644 --- a/packages/security_detection_engine/kibana/security_rule/3f12325a-4cc6-410b-8d4c-9fbbeb744cfd_12.json +++ b/packages/security_detection_engine/kibana/security_rule/3f12325a-4cc6-410b-8d4c-9fbbeb744cfd_12.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3f3f9fe2-d095-11ec-95dc-f661ea17fbce_116.json b/packages/security_detection_engine/kibana/security_rule/3f3f9fe2-d095-11ec-95dc-f661ea17fbce_116.json index f1d918e7e00..6cbc8e12b03 100644 --- a/packages/security_detection_engine/kibana/security_rule/3f3f9fe2-d095-11ec-95dc-f661ea17fbce_116.json +++ b/packages/security_detection_engine/kibana/security_rule/3f3f9fe2-d095-11ec-95dc-f661ea17fbce_116.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3f4c2b18-9d2e-4b7a-a3c1-8e6d9f2b5c7e_4.json b/packages/security_detection_engine/kibana/security_rule/3f4c2b18-9d2e-4b7a-a3c1-8e6d9f2b5c7e_4.json index c47cb655a31..b4dee55801b 100644 --- a/packages/security_detection_engine/kibana/security_rule/3f4c2b18-9d2e-4b7a-a3c1-8e6d9f2b5c7e_4.json +++ b/packages/security_detection_engine/kibana/security_rule/3f4c2b18-9d2e-4b7a-a3c1-8e6d9f2b5c7e_4.json @@ -27,27 +27,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3f4d7734-2151-4481-b394-09d7c6c91f75_7.json b/packages/security_detection_engine/kibana/security_rule/3f4d7734-2151-4481-b394-09d7c6c91f75_7.json index 9bdb7183838..106eae43eea 100644 --- a/packages/security_detection_engine/kibana/security_rule/3f4d7734-2151-4481-b394-09d7c6c91f75_7.json +++ b/packages/security_detection_engine/kibana/security_rule/3f4d7734-2151-4481-b394-09d7c6c91f75_7.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3f4e2dba-828a-452a-af35-fe29c5e78969_109.json b/packages/security_detection_engine/kibana/security_rule/3f4e2dba-828a-452a-af35-fe29c5e78969_109.json index efffa1b1e53..4e58220bcfe 100644 --- a/packages/security_detection_engine/kibana/security_rule/3f4e2dba-828a-452a-af35-fe29c5e78969_109.json +++ b/packages/security_detection_engine/kibana/security_rule/3f4e2dba-828a-452a-af35-fe29c5e78969_109.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "lmd", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/3f7bd5ac-9711-44b4-82c1-fa246d829f15_7.json b/packages/security_detection_engine/kibana/security_rule/3f7bd5ac-9711-44b4-82c1-fa246d829f15_7.json index 309ca5f61be..5cc4feed793 100644 --- a/packages/security_detection_engine/kibana/security_rule/3f7bd5ac-9711-44b4-82c1-fa246d829f15_7.json +++ b/packages/security_detection_engine/kibana/security_rule/3f7bd5ac-9711-44b4-82c1-fa246d829f15_7.json @@ -27,27 +27,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/3fac01b2-b811-11ef-b25b-f661ea17fbce_9.json b/packages/security_detection_engine/kibana/security_rule/3fac01b2-b811-11ef-b25b-f661ea17fbce_9.json index 3e5d77401da..e32f182650c 100644 --- a/packages/security_detection_engine/kibana/security_rule/3fac01b2-b811-11ef-b25b-f661ea17fbce_9.json +++ b/packages/security_detection_engine/kibana/security_rule/3fac01b2-b811-11ef-b25b-f661ea17fbce_9.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "risk_score": 47, diff --git a/packages/security_detection_engine/kibana/security_rule/3fe4e20c-a600-4a86-9d98-3ecb1ef23550_108.json b/packages/security_detection_engine/kibana/security_rule/3fe4e20c-a600-4a86-9d98-3ecb1ef23550_108.json index 4fd274c6b29..54fe7eff79b 100644 --- a/packages/security_detection_engine/kibana/security_rule/3fe4e20c-a600-4a86-9d98-3ecb1ef23550_108.json +++ b/packages/security_detection_engine/kibana/security_rule/3fe4e20c-a600-4a86-9d98-3ecb1ef23550_108.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/40155ee4-1e6a-4e4d-a63b-e8ba16980cfb_211.json b/packages/security_detection_engine/kibana/security_rule/40155ee4-1e6a-4e4d-a63b-e8ba16980cfb_211.json index 2bc5574734f..e8c1ed4bf97 100644 --- a/packages/security_detection_engine/kibana/security_rule/40155ee4-1e6a-4e4d-a63b-e8ba16980cfb_211.json +++ b/packages/security_detection_engine/kibana/security_rule/40155ee4-1e6a-4e4d-a63b-e8ba16980cfb_211.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "problemchild", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/4021e78d-5293-48d3-adee-a70fa4c18fab_5.json b/packages/security_detection_engine/kibana/security_rule/4021e78d-5293-48d3-adee-a70fa4c18fab_5.json index 4ef4a588462..fe21a96d5d7 100644 --- a/packages/security_detection_engine/kibana/security_rule/4021e78d-5293-48d3-adee-a70fa4c18fab_5.json +++ b/packages/security_detection_engine/kibana/security_rule/4021e78d-5293-48d3-adee-a70fa4c18fab_5.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "azure_openai", - "version": "^1.5.0" + "version": ">=1.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4027f24e-b02f-4605-872f-7bafd8fe1b33_1.json b/packages/security_detection_engine/kibana/security_rule/4027f24e-b02f-4605-872f-7bafd8fe1b33_1.json index 95e57ab8e21..312a6831e3b 100644 --- a/packages/security_detection_engine/kibana/security_rule/4027f24e-b02f-4605-872f-7bafd8fe1b33_1.json +++ b/packages/security_detection_engine/kibana/security_rule/4027f24e-b02f-4605-872f-7bafd8fe1b33_1.json @@ -36,7 +36,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4030c951-448a-4017-a2da-ed60f6d14f4f_206.json b/packages/security_detection_engine/kibana/security_rule/4030c951-448a-4017-a2da-ed60f6d14f4f_206.json index e2ad4eada99..76966a92f1b 100644 --- a/packages/security_detection_engine/kibana/security_rule/4030c951-448a-4017-a2da-ed60f6d14f4f_206.json +++ b/packages/security_detection_engine/kibana/security_rule/4030c951-448a-4017-a2da-ed60f6d14f4f_206.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "github", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/403ef0d3-8259-40c9-a5b6-d48354712e49_318.json b/packages/security_detection_engine/kibana/security_rule/403ef0d3-8259-40c9-a5b6-d48354712e49_318.json index 08653de9c37..ed331b07318 100644 --- a/packages/security_detection_engine/kibana/security_rule/403ef0d3-8259-40c9-a5b6-d48354712e49_318.json +++ b/packages/security_detection_engine/kibana/security_rule/403ef0d3-8259-40c9-a5b6-d48354712e49_318.json @@ -21,19 +21,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/40c34c8a-b0bc-43bc-83aa-d2b76bf129e1_4.json b/packages/security_detection_engine/kibana/security_rule/40c34c8a-b0bc-43bc-83aa-d2b76bf129e1_4.json index 2f3d298da40..a2006aae6ac 100644 --- a/packages/security_detection_engine/kibana/security_rule/40c34c8a-b0bc-43bc-83aa-d2b76bf129e1_4.json +++ b/packages/security_detection_engine/kibana/security_rule/40c34c8a-b0bc-43bc-83aa-d2b76bf129e1_4.json @@ -29,7 +29,7 @@ "related_integrations": [ { "package": "github", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/40ddbcc8-6561-44d9-afc8-eefdbfe0cccd_112.json b/packages/security_detection_engine/kibana/security_rule/40ddbcc8-6561-44d9-afc8-eefdbfe0cccd_112.json index 5ce0051fcab..9e8627ba0f6 100644 --- a/packages/security_detection_engine/kibana/security_rule/40ddbcc8-6561-44d9-afc8-eefdbfe0cccd_112.json +++ b/packages/security_detection_engine/kibana/security_rule/40ddbcc8-6561-44d9-afc8-eefdbfe0cccd_112.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/40e60816-5122-11f0-9caa-f661ea17fbcd_5.json b/packages/security_detection_engine/kibana/security_rule/40e60816-5122-11f0-9caa-f661ea17fbcd_5.json index 75b11ba5044..12be22e3bb9 100644 --- a/packages/security_detection_engine/kibana/security_rule/40e60816-5122-11f0-9caa-f661ea17fbcd_5.json +++ b/packages/security_detection_engine/kibana/security_rule/40e60816-5122-11f0-9caa-f661ea17fbcd_5.json @@ -38,7 +38,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/40fe11c2-376e-11f0-9a82-f661ea17fbcd_5.json b/packages/security_detection_engine/kibana/security_rule/40fe11c2-376e-11f0-9a82-f661ea17fbcd_5.json index 76905797fdc..03aad96ff7e 100644 --- a/packages/security_detection_engine/kibana/security_rule/40fe11c2-376e-11f0-9a82-f661ea17fbcd_5.json +++ b/packages/security_detection_engine/kibana/security_rule/40fe11c2-376e-11f0-9a82-f661ea17fbcd_5.json @@ -29,7 +29,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/41284ba3-ed1a-4598-bfba-a97f75d9aba2_109.json b/packages/security_detection_engine/kibana/security_rule/41284ba3-ed1a-4598-bfba-a97f75d9aba2_109.json index 14112755365..bf47f79cd9c 100644 --- a/packages/security_detection_engine/kibana/security_rule/41284ba3-ed1a-4598-bfba-a97f75d9aba2_109.json +++ b/packages/security_detection_engine/kibana/security_rule/41284ba3-ed1a-4598-bfba-a97f75d9aba2_109.json @@ -19,15 +19,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/41554afd-d839-4cc2-b185-170ac01cbefc_3.json b/packages/security_detection_engine/kibana/security_rule/41554afd-d839-4cc2-b185-170ac01cbefc_3.json index 1a8b4602a31..c466923e88a 100644 --- a/packages/security_detection_engine/kibana/security_rule/41554afd-d839-4cc2-b185-170ac01cbefc_3.json +++ b/packages/security_detection_engine/kibana/security_rule/41554afd-d839-4cc2-b185-170ac01cbefc_3.json @@ -42,7 +42,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/416697ae-e468-4093-a93d-59661fa619ec_319.json b/packages/security_detection_engine/kibana/security_rule/416697ae-e468-4093-a93d-59661fa619ec_319.json index 5757eaf18d6..a1f2c8a281b 100644 --- a/packages/security_detection_engine/kibana/security_rule/416697ae-e468-4093-a93d-59661fa619ec_319.json +++ b/packages/security_detection_engine/kibana/security_rule/416697ae-e468-4093-a93d-59661fa619ec_319.json @@ -46,27 +46,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/41761cd3-380f-4d4d-89f3-46d6853ee35d_207.json b/packages/security_detection_engine/kibana/security_rule/41761cd3-380f-4d4d-89f3-46d6853ee35d_207.json index 871931f6c54..3779b5efaf4 100644 --- a/packages/security_detection_engine/kibana/security_rule/41761cd3-380f-4d4d-89f3-46d6853ee35d_207.json +++ b/packages/security_detection_engine/kibana/security_rule/41761cd3-380f-4d4d-89f3-46d6853ee35d_207.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "github", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/41824afb-d68c-4d0e-bfee-474dac1fa56e_105.json b/packages/security_detection_engine/kibana/security_rule/41824afb-d68c-4d0e-bfee-474dac1fa56e_105.json deleted file mode 100644 index 7856deeb246..00000000000 --- a/packages/security_detection_engine/kibana/security_rule/41824afb-d68c-4d0e-bfee-474dac1fa56e_105.json +++ /dev/null @@ -1,90 +0,0 @@ -{ - "attributes": { - "author": [ - "Elastic" - ], - "description": "Identifies the execution of and EggShell Backdoor. EggShell is a known post exploitation tool for macOS and Linux.", - "from": "now-9m", - "index": [ - "auditbeat-*", - "logs-endpoint.events.*" - ], - "language": "kuery", - "license": "Elastic License v2", - "name": "EggShell Backdoor Execution", - "note": "## Triage and analysis\n\n> **Disclaimer**:\n> This investigation guide was created using generative AI technology and has been reviewed to improve its accuracy and relevance. While every effort has been made to ensure its quality, we recommend validating the content and adapting it to suit your specific environment and operational needs.\n\n### Investigating EggShell Backdoor Execution\n\nEggShell is a post-exploitation tool used on macOS and Linux systems, allowing adversaries to execute commands and scripts remotely. It leverages command and scripting interpreters to gain control over compromised systems. Attackers exploit this by executing malicious payloads, maintaining persistence, and exfiltrating data. The detection rule identifies suspicious process activities, specifically targeting the execution patterns and arguments associated with EggShell, to alert analysts of potential backdoor usage.\n\n### Possible investigation steps\n\n- Review the alert details to confirm the presence of the process name 'espl' and check if the process arguments start with 'eyJkZWJ1ZyI6', which indicates potential EggShell activity.\n- Investigate the parent process of 'espl' to understand how it was initiated and identify any associated suspicious activities or processes.\n- Examine the user account under which the 'espl' process was executed to determine if it aligns with expected behavior or if it indicates a compromised account.\n- Check for any network connections or data exfiltration attempts associated with the 'espl' process to assess if data has been sent to an external source.\n- Review system logs and other security alerts around the time of the 'espl' process execution to identify any correlated events or anomalies.\n- Assess the persistence mechanisms on the affected system to determine if the EggShell backdoor has established any means to survive reboots or user logouts.\n\n### False positive analysis\n\n- Legitimate administrative scripts or tools that use similar command patterns to EggShell may trigger false positives. Review the process arguments and context to determine if the activity is expected and authorized.\n- Development or testing environments where EggShell or similar tools are used for legitimate purposes can cause alerts. Implement exceptions for these environments by excluding specific user accounts or process paths.\n- Automated scripts or monitoring tools that mimic EggShell's execution patterns might be flagged. Identify these scripts and create exceptions based on their unique identifiers or execution context.\n- Regularly update the detection rule to refine the criteria based on observed false positives, ensuring that legitimate activities are not continuously flagged.\n\n### Response and remediation\n\n- Immediately isolate the affected system from the network to prevent further command execution and data exfiltration.\n- Terminate any suspicious processes associated with the EggShell backdoor, specifically those matching the process name 'espl' and arguments starting with 'eyJkZWJ1ZyI6'.\n- Conduct a thorough examination of the system to identify any additional malicious payloads or persistence mechanisms that may have been deployed by the attacker.\n- Remove any unauthorized user accounts or access credentials that may have been created or compromised during the exploitation.\n- Restore the system from a known good backup to ensure all traces of the backdoor and any associated malware are eradicated.\n- Update and patch all software and systems to close any vulnerabilities that may have been exploited by the attacker.\n- Enhance monitoring and detection capabilities to identify similar threats in the future, focusing on command and scripting interpreter activities as outlined in MITRE ATT&CK technique T1059.", - "query": "event.category:process and event.type:(process_started or start) and process.name:espl and process.args:eyJkZWJ1ZyI6*\n", - "references": [ - "https://github.com/neoneggplant/EggShell" - ], - "related_integrations": [ - { - "package": "endpoint", - "version": "^9.0.0" - } - ], - "required_fields": [ - { - "ecs": true, - "name": "event.category", - "type": "keyword" - }, - { - "ecs": true, - "name": "event.type", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.args", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.name", - "type": "keyword" - } - ], - "risk_score": 73, - "rule_id": "41824afb-d68c-4d0e-bfee-474dac1fa56e", - "severity": "high", - "tags": [ - "Domain: Endpoint", - "OS: Linux", - "OS: macOS", - "Use Case: Threat Detection", - "Tactic: Execution", - "Data Source: Elastic Defend", - "Resources: Investigation Guide" - ], - "threat": [ - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0002", - "name": "Execution", - "reference": "https://attack.mitre.org/tactics/TA0002/" - }, - "technique": [ - { - "id": "T1059", - "name": "Command and Scripting Interpreter", - "reference": "https://attack.mitre.org/techniques/T1059/", - "subtechnique": [ - { - "id": "T1059.006", - "name": "Python", - "reference": "https://attack.mitre.org/techniques/T1059/006/" - } - ] - } - ] - } - ], - "timestamp_override": "event.ingested", - "type": "query", - "version": 105 - }, - "id": "41824afb-d68c-4d0e-bfee-474dac1fa56e_105", - "type": "security-rule" -} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/4182e486-fc61-11ee-a05d-f661ea17fbce_10.json b/packages/security_detection_engine/kibana/security_rule/4182e486-fc61-11ee-a05d-f661ea17fbce_10.json index e94c72e4d02..cf5abd9fd76 100644 --- a/packages/security_detection_engine/kibana/security_rule/4182e486-fc61-11ee-a05d-f661ea17fbce_10.json +++ b/packages/security_detection_engine/kibana/security_rule/4182e486-fc61-11ee-a05d-f661ea17fbce_10.json @@ -45,7 +45,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/41b638a1-8ab6-4f8e-86d9-466317ef2db5_111.json b/packages/security_detection_engine/kibana/security_rule/41b638a1-8ab6-4f8e-86d9-466317ef2db5_111.json index f532bf443c1..968dac56faa 100644 --- a/packages/security_detection_engine/kibana/security_rule/41b638a1-8ab6-4f8e-86d9-466317ef2db5_111.json +++ b/packages/security_detection_engine/kibana/security_rule/41b638a1-8ab6-4f8e-86d9-466317ef2db5_111.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/41f7da9e-4e9f-4a81-9b58-40d725d83bc0_103.json b/packages/security_detection_engine/kibana/security_rule/41f7da9e-4e9f-4a81-9b58-40d725d83bc0_103.json index 9bb191e4613..589fc24ddb9 100644 --- a/packages/security_detection_engine/kibana/security_rule/41f7da9e-4e9f-4a81-9b58-40d725d83bc0_103.json +++ b/packages/security_detection_engine/kibana/security_rule/41f7da9e-4e9f-4a81-9b58-40d725d83bc0_103.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/420e5bb4-93bf-40a3-8f4a-4cc1af90eca1_104.json b/packages/security_detection_engine/kibana/security_rule/420e5bb4-93bf-40a3-8f4a-4cc1af90eca1_104.json index e5477e1527e..14760cc3764 100644 --- a/packages/security_detection_engine/kibana/security_rule/420e5bb4-93bf-40a3-8f4a-4cc1af90eca1_104.json +++ b/packages/security_detection_engine/kibana/security_rule/420e5bb4-93bf-40a3-8f4a-4cc1af90eca1_104.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/428e9109-dc13-4ae9-84cb-100464d4c6fa_7.json b/packages/security_detection_engine/kibana/security_rule/428e9109-dc13-4ae9-84cb-100464d4c6fa_7.json index 4dce9a97989..d1d82808e29 100644 --- a/packages/security_detection_engine/kibana/security_rule/428e9109-dc13-4ae9-84cb-100464d4c6fa_7.json +++ b/packages/security_detection_engine/kibana/security_rule/428e9109-dc13-4ae9-84cb-100464d4c6fa_7.json @@ -26,7 +26,7 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/42b5e06d-b297-4286-a004-ae0da92c5b81_1.json b/packages/security_detection_engine/kibana/security_rule/42b5e06d-b297-4286-a004-ae0da92c5b81_1.json index e90a74c56cd..99d7d662e2f 100644 --- a/packages/security_detection_engine/kibana/security_rule/42b5e06d-b297-4286-a004-ae0da92c5b81_1.json +++ b/packages/security_detection_engine/kibana/security_rule/42b5e06d-b297-4286-a004-ae0da92c5b81_1.json @@ -44,7 +44,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/42bf698b-4738-445b-8231-c834ddefd8a0_418.json b/packages/security_detection_engine/kibana/security_rule/42bf698b-4738-445b-8231-c834ddefd8a0_418.json index 37b392a1b3d..84ea9074c86 100644 --- a/packages/security_detection_engine/kibana/security_rule/42bf698b-4738-445b-8231-c834ddefd8a0_418.json +++ b/packages/security_detection_engine/kibana/security_rule/42bf698b-4738-445b-8231-c834ddefd8a0_418.json @@ -27,7 +27,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/42c97e6e-60c3-11f0-832a-f661ea17fbcd_4.json b/packages/security_detection_engine/kibana/security_rule/42c97e6e-60c3-11f0-832a-f661ea17fbcd_4.json index b8093a83669..29dfd9e60b7 100644 --- a/packages/security_detection_engine/kibana/security_rule/42c97e6e-60c3-11f0-832a-f661ea17fbcd_4.json +++ b/packages/security_detection_engine/kibana/security_rule/42c97e6e-60c3-11f0-832a-f661ea17fbcd_4.json @@ -25,7 +25,7 @@ { "integration": "graphactivitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/42de0740-8ed8-4b8b-995c-635b56a8bbf4_2.json b/packages/security_detection_engine/kibana/security_rule/42de0740-8ed8-4b8b-995c-635b56a8bbf4_2.json index 22b61e219b6..bd16cfcc94d 100644 --- a/packages/security_detection_engine/kibana/security_rule/42de0740-8ed8-4b8b-995c-635b56a8bbf4_2.json +++ b/packages/security_detection_engine/kibana/security_rule/42de0740-8ed8-4b8b-995c-635b56a8bbf4_2.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/42eeee3d-947f-46d3-a14d-7036b962c266_116.json b/packages/security_detection_engine/kibana/security_rule/42eeee3d-947f-46d3-a14d-7036b962c266_116.json index a8ebd0935a7..87894575c3b 100644 --- a/packages/security_detection_engine/kibana/security_rule/42eeee3d-947f-46d3-a14d-7036b962c266_116.json +++ b/packages/security_detection_engine/kibana/security_rule/42eeee3d-947f-46d3-a14d-7036b962c266_116.json @@ -21,11 +21,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4330272b-9724-4bc6-a3ca-f1532b81e5c2_207.json b/packages/security_detection_engine/kibana/security_rule/4330272b-9724-4bc6-a3ca-f1532b81e5c2_207.json index f762d07031f..494ce0561ef 100644 --- a/packages/security_detection_engine/kibana/security_rule/4330272b-9724-4bc6-a3ca-f1532b81e5c2_207.json +++ b/packages/security_detection_engine/kibana/security_rule/4330272b-9724-4bc6-a3ca-f1532b81e5c2_207.json @@ -20,15 +20,15 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/43d6ec12-2b1c-47b5-8f35-e9de65551d3b_115.json b/packages/security_detection_engine/kibana/security_rule/43d6ec12-2b1c-47b5-8f35-e9de65551d3b_115.json index 8bfffa1efda..456c9d70733 100644 --- a/packages/security_detection_engine/kibana/security_rule/43d6ec12-2b1c-47b5-8f35-e9de65551d3b_115.json +++ b/packages/security_detection_engine/kibana/security_rule/43d6ec12-2b1c-47b5-8f35-e9de65551d3b_115.json @@ -24,19 +24,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/440e2db4-bc7f-4c96-a068-65b78da59bde_316.json b/packages/security_detection_engine/kibana/security_rule/440e2db4-bc7f-4c96-a068-65b78da59bde_316.json index 1aedfc95827..ac73a0005d8 100644 --- a/packages/security_detection_engine/kibana/security_rule/440e2db4-bc7f-4c96-a068-65b78da59bde_316.json +++ b/packages/security_detection_engine/kibana/security_rule/440e2db4-bc7f-4c96-a068-65b78da59bde_316.json @@ -25,19 +25,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/444c8fad-874f-4f59-b0ea-cf26cea478bd_2.json b/packages/security_detection_engine/kibana/security_rule/444c8fad-874f-4f59-b0ea-cf26cea478bd_2.json index 3ac3e6d0ace..8c7f6868e85 100644 --- a/packages/security_detection_engine/kibana/security_rule/444c8fad-874f-4f59-b0ea-cf26cea478bd_2.json +++ b/packages/security_detection_engine/kibana/security_rule/444c8fad-874f-4f59-b0ea-cf26cea478bd_2.json @@ -45,7 +45,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/445a342e-03fb-42d0-8656-0367eb2dead5_310.json b/packages/security_detection_engine/kibana/security_rule/445a342e-03fb-42d0-8656-0367eb2dead5_310.json index c685f5617cd..4ffb2723cb5 100644 --- a/packages/security_detection_engine/kibana/security_rule/445a342e-03fb-42d0-8656-0367eb2dead5_310.json +++ b/packages/security_detection_engine/kibana/security_rule/445a342e-03fb-42d0-8656-0367eb2dead5_310.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/4494c14f-5ff8-4ed2-8e99-bf816a1642fc_7.json b/packages/security_detection_engine/kibana/security_rule/4494c14f-5ff8-4ed2-8e99-bf816a1642fc_7.json index e75e2a8628d..03a24f8800b 100644 --- a/packages/security_detection_engine/kibana/security_rule/4494c14f-5ff8-4ed2-8e99-bf816a1642fc_7.json +++ b/packages/security_detection_engine/kibana/security_rule/4494c14f-5ff8-4ed2-8e99-bf816a1642fc_7.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/44a2de72-fe41-4558-b7ec-3e42de5f0432_1.json b/packages/security_detection_engine/kibana/security_rule/44a2de72-fe41-4558-b7ec-3e42de5f0432_1.json index 6ed7e0d31f7..6f17b75ccd1 100644 --- a/packages/security_detection_engine/kibana/security_rule/44a2de72-fe41-4558-b7ec-3e42de5f0432_1.json +++ b/packages/security_detection_engine/kibana/security_rule/44a2de72-fe41-4558-b7ec-3e42de5f0432_1.json @@ -15,7 +15,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/44b8d933-8fed-485d-a0af-bd97d0093439_1.json b/packages/security_detection_engine/kibana/security_rule/44b8d933-8fed-485d-a0af-bd97d0093439_1.json index 4dd3915e66a..9c25e2a8930 100644 --- a/packages/security_detection_engine/kibana/security_rule/44b8d933-8fed-485d-a0af-bd97d0093439_1.json +++ b/packages/security_detection_engine/kibana/security_rule/44b8d933-8fed-485d-a0af-bd97d0093439_1.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "risk_score": 73, diff --git a/packages/security_detection_engine/kibana/security_rule/44cb1d8a-1922-4fc0-a00f-36c1caf57393_2.json b/packages/security_detection_engine/kibana/security_rule/44cb1d8a-1922-4fc0-a00f-36c1caf57393_2.json index 8a2c04d9f68..2123e9f2d56 100644 --- a/packages/security_detection_engine/kibana/security_rule/44cb1d8a-1922-4fc0-a00f-36c1caf57393_2.json +++ b/packages/security_detection_engine/kibana/security_rule/44cb1d8a-1922-4fc0-a00f-36c1caf57393_2.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/44fc462c-1159-4fa8-b1b7-9b6296ab4f96_116.json b/packages/security_detection_engine/kibana/security_rule/44fc462c-1159-4fa8-b1b7-9b6296ab4f96_116.json index 38c7a177f35..d85d142475a 100644 --- a/packages/security_detection_engine/kibana/security_rule/44fc462c-1159-4fa8-b1b7-9b6296ab4f96_116.json +++ b/packages/security_detection_engine/kibana/security_rule/44fc462c-1159-4fa8-b1b7-9b6296ab4f96_116.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/453183fa-f903-11ee-8e88-f661ea17fbce_8.json b/packages/security_detection_engine/kibana/security_rule/453183fa-f903-11ee-8e88-f661ea17fbce_8.json index 2a0764a7174..9453b4bb380 100644 --- a/packages/security_detection_engine/kibana/security_rule/453183fa-f903-11ee-8e88-f661ea17fbce_8.json +++ b/packages/security_detection_engine/kibana/security_rule/453183fa-f903-11ee-8e88-f661ea17fbce_8.json @@ -41,7 +41,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4577d441-0c05-4bfb-9068-39a0cb855269_1.json b/packages/security_detection_engine/kibana/security_rule/4577d441-0c05-4bfb-9068-39a0cb855269_1.json index bff80d5bc5e..3d54d4766e9 100644 --- a/packages/security_detection_engine/kibana/security_rule/4577d441-0c05-4bfb-9068-39a0cb855269_1.json +++ b/packages/security_detection_engine/kibana/security_rule/4577d441-0c05-4bfb-9068-39a0cb855269_1.json @@ -23,11 +23,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/4577ef08-61d1-4458-909f-25a4b10c87fe_8.json b/packages/security_detection_engine/kibana/security_rule/4577ef08-61d1-4458-909f-25a4b10c87fe_8.json index f70d4f68e3c..0d370b7bed3 100644 --- a/packages/security_detection_engine/kibana/security_rule/4577ef08-61d1-4458-909f-25a4b10c87fe_8.json +++ b/packages/security_detection_engine/kibana/security_rule/4577ef08-61d1-4458-909f-25a4b10c87fe_8.json @@ -44,7 +44,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/45ac4800-840f-414c-b221-53dd36a5aaf7_216.json b/packages/security_detection_engine/kibana/security_rule/45ac4800-840f-414c-b221-53dd36a5aaf7_216.json index 22241b8400a..0d74fc7900f 100644 --- a/packages/security_detection_engine/kibana/security_rule/45ac4800-840f-414c-b221-53dd36a5aaf7_216.json +++ b/packages/security_detection_engine/kibana/security_rule/45ac4800-840f-414c-b221-53dd36a5aaf7_216.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/45d099b4-a12e-4913-951c-0129f73efb41_5.json b/packages/security_detection_engine/kibana/security_rule/45d099b4-a12e-4913-951c-0129f73efb41_5.json index 199387e403c..c9d53f7533a 100644 --- a/packages/security_detection_engine/kibana/security_rule/45d099b4-a12e-4913-951c-0129f73efb41_5.json +++ b/packages/security_detection_engine/kibana/security_rule/45d099b4-a12e-4913-951c-0129f73efb41_5.json @@ -14,23 +14,23 @@ "related_integrations": [ { "package": "nginx", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "apache", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "apache_tomcat", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "iis", - "version": "^1.21.0" + "version": ">=1.21.0" }, { "package": "traefik", - "version": "^2.5.0" + "version": ">=2.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/45d273fb-1dca-457d-9855-bcb302180c21_220.json b/packages/security_detection_engine/kibana/security_rule/45d273fb-1dca-457d-9855-bcb302180c21_220.json index fc8ecaebeef..6c7ba3e95cb 100644 --- a/packages/security_detection_engine/kibana/security_rule/45d273fb-1dca-457d-9855-bcb302180c21_220.json +++ b/packages/security_detection_engine/kibana/security_rule/45d273fb-1dca-457d-9855-bcb302180c21_220.json @@ -25,19 +25,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4630d948-40d4-4cef-ac69-4002e29bc3db_321.json b/packages/security_detection_engine/kibana/security_rule/4630d948-40d4-4cef-ac69-4002e29bc3db_321.json index a2a08ea998c..9d81a1d1610 100644 --- a/packages/security_detection_engine/kibana/security_rule/4630d948-40d4-4cef-ac69-4002e29bc3db_321.json +++ b/packages/security_detection_engine/kibana/security_rule/4630d948-40d4-4cef-ac69-4002e29bc3db_321.json @@ -24,27 +24,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4682fd2c-cfae-47ed-a543-9bed37657aa6_318.json b/packages/security_detection_engine/kibana/security_rule/4682fd2c-cfae-47ed-a543-9bed37657aa6_318.json index eec659c829d..836e83391ea 100644 --- a/packages/security_detection_engine/kibana/security_rule/4682fd2c-cfae-47ed-a543-9bed37657aa6_318.json +++ b/packages/security_detection_engine/kibana/security_rule/4682fd2c-cfae-47ed-a543-9bed37657aa6_318.json @@ -48,27 +48,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/46b01bb5-cff2-4a00-9f87-c041d9eab554_4.json b/packages/security_detection_engine/kibana/security_rule/46b01bb5-cff2-4a00-9f87-c041d9eab554_4.json index 20199f24c18..e859364ada9 100644 --- a/packages/security_detection_engine/kibana/security_rule/46b01bb5-cff2-4a00-9f87-c041d9eab554_4.json +++ b/packages/security_detection_engine/kibana/security_rule/46b01bb5-cff2-4a00-9f87-c041d9eab554_4.json @@ -45,23 +45,23 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/46f804f5-b289-43d6-a881-9387cf594f75_208.json b/packages/security_detection_engine/kibana/security_rule/46f804f5-b289-43d6-a881-9387cf594f75_208.json index 2bccb8356e7..47c802e930a 100644 --- a/packages/security_detection_engine/kibana/security_rule/46f804f5-b289-43d6-a881-9387cf594f75_208.json +++ b/packages/security_detection_engine/kibana/security_rule/46f804f5-b289-43d6-a881-9387cf594f75_208.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/472b4944-d810-43cf-83dc-7d080ae1b8dd_6.json b/packages/security_detection_engine/kibana/security_rule/472b4944-d810-43cf-83dc-7d080ae1b8dd_6.json index 1eb84934d4c..a7c8582f618 100644 --- a/packages/security_detection_engine/kibana/security_rule/472b4944-d810-43cf-83dc-7d080ae1b8dd_6.json +++ b/packages/security_detection_engine/kibana/security_rule/472b4944-d810-43cf-83dc-7d080ae1b8dd_6.json @@ -20,21 +20,21 @@ "related_integrations": [ { "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" }, { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" }, { "integration": "platformlogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" }, { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/47403d72-3ee2-4752-a676-19dc8ff2b9d6_3.json b/packages/security_detection_engine/kibana/security_rule/47403d72-3ee2-4752-a676-19dc8ff2b9d6_3.json index d63ba31cc8e..887f1d5ae5f 100644 --- a/packages/security_detection_engine/kibana/security_rule/47403d72-3ee2-4752-a676-19dc8ff2b9d6_3.json +++ b/packages/security_detection_engine/kibana/security_rule/47403d72-3ee2-4752-a676-19dc8ff2b9d6_3.json @@ -48,7 +48,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/474fd20e-14cc-49c5-8160-d9ab4ba16c8b_119.json b/packages/security_detection_engine/kibana/security_rule/474fd20e-14cc-49c5-8160-d9ab4ba16c8b_119.json index 22f12e55824..7b9417ca9ad 100644 --- a/packages/security_detection_engine/kibana/security_rule/474fd20e-14cc-49c5-8160-d9ab4ba16c8b_119.json +++ b/packages/security_detection_engine/kibana/security_rule/474fd20e-14cc-49c5-8160-d9ab4ba16c8b_119.json @@ -24,11 +24,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/47595dea-452b-4d37-b82d-6dd691325139_4.json b/packages/security_detection_engine/kibana/security_rule/47595dea-452b-4d37-b82d-6dd691325139_4.json index 37fda427ee1..f51a5017b36 100644 --- a/packages/security_detection_engine/kibana/security_rule/47595dea-452b-4d37-b82d-6dd691325139_4.json +++ b/packages/security_detection_engine/kibana/security_rule/47595dea-452b-4d37-b82d-6dd691325139_4.json @@ -33,31 +33,31 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/475b42f0-61fb-4ef0-8a85-597458bfb0a1_105.json b/packages/security_detection_engine/kibana/security_rule/475b42f0-61fb-4ef0-8a85-597458bfb0a1_105.json index be976cebfdb..4fa9efcb516 100644 --- a/packages/security_detection_engine/kibana/security_rule/475b42f0-61fb-4ef0-8a85-597458bfb0a1_105.json +++ b/packages/security_detection_engine/kibana/security_rule/475b42f0-61fb-4ef0-8a85-597458bfb0a1_105.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/476267ff-e44f-476e-99c1-04c78cb3769d_107.json b/packages/security_detection_engine/kibana/security_rule/476267ff-e44f-476e-99c1-04c78cb3769d_107.json index 3415d583184..4aeffb93b6c 100644 --- a/packages/security_detection_engine/kibana/security_rule/476267ff-e44f-476e-99c1-04c78cb3769d_107.json +++ b/packages/security_detection_engine/kibana/security_rule/476267ff-e44f-476e-99c1-04c78cb3769d_107.json @@ -25,15 +25,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/47661529-15ed-4848-93da-9fbded7a3a0e_2.json b/packages/security_detection_engine/kibana/security_rule/47661529-15ed-4848-93da-9fbded7a3a0e_2.json index ffeefeecaf7..50d2462bcbc 100644 --- a/packages/security_detection_engine/kibana/security_rule/47661529-15ed-4848-93da-9fbded7a3a0e_2.json +++ b/packages/security_detection_engine/kibana/security_rule/47661529-15ed-4848-93da-9fbded7a3a0e_2.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/47e22836-4a16-4b35-beee-98f6c4ee9bf2_218.json b/packages/security_detection_engine/kibana/security_rule/47e22836-4a16-4b35-beee-98f6c4ee9bf2_218.json index 426144a867c..55fb37aa45a 100644 --- a/packages/security_detection_engine/kibana/security_rule/47e22836-4a16-4b35-beee-98f6c4ee9bf2_218.json +++ b/packages/security_detection_engine/kibana/security_rule/47e22836-4a16-4b35-beee-98f6c4ee9bf2_218.json @@ -23,11 +23,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/47e46d85-3963-44a0-b856-bccff48f8676_2.json b/packages/security_detection_engine/kibana/security_rule/47e46d85-3963-44a0-b856-bccff48f8676_2.json index 88fe12931cb..f3a77a6b9ec 100644 --- a/packages/security_detection_engine/kibana/security_rule/47e46d85-3963-44a0-b856-bccff48f8676_2.json +++ b/packages/security_detection_engine/kibana/security_rule/47e46d85-3963-44a0-b856-bccff48f8676_2.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/47f76567-d58a-4fed-b32b-21f571e28910_113.json b/packages/security_detection_engine/kibana/security_rule/47f76567-d58a-4fed-b32b-21f571e28910_113.json index ade847e79ca..ad3f48f7a00 100644 --- a/packages/security_detection_engine/kibana/security_rule/47f76567-d58a-4fed-b32b-21f571e28910_113.json +++ b/packages/security_detection_engine/kibana/security_rule/47f76567-d58a-4fed-b32b-21f571e28910_113.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/47fdd8e9-2f53-4648-afbf-0c6dd52f3ce5_2.json b/packages/security_detection_engine/kibana/security_rule/47fdd8e9-2f53-4648-afbf-0c6dd52f3ce5_2.json index 1e13e2243f6..b646a75908b 100644 --- a/packages/security_detection_engine/kibana/security_rule/47fdd8e9-2f53-4648-afbf-0c6dd52f3ce5_2.json +++ b/packages/security_detection_engine/kibana/security_rule/47fdd8e9-2f53-4648-afbf-0c6dd52f3ce5_2.json @@ -22,15 +22,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/483832a8-ffdd-4e11-8e96-e0224f7bda9b_2.json b/packages/security_detection_engine/kibana/security_rule/483832a8-ffdd-4e11-8e96-e0224f7bda9b_2.json index 7a2dba65754..386e922d721 100644 --- a/packages/security_detection_engine/kibana/security_rule/483832a8-ffdd-4e11-8e96-e0224f7bda9b_2.json +++ b/packages/security_detection_engine/kibana/security_rule/483832a8-ffdd-4e11-8e96-e0224f7bda9b_2.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/483c4daf-b0c6-49e0-adf3-0bfa93231d6b_318.json b/packages/security_detection_engine/kibana/security_rule/483c4daf-b0c6-49e0-adf3-0bfa93231d6b_318.json index 8035eea0eae..97b92f83773 100644 --- a/packages/security_detection_engine/kibana/security_rule/483c4daf-b0c6-49e0-adf3-0bfa93231d6b_318.json +++ b/packages/security_detection_engine/kibana/security_rule/483c4daf-b0c6-49e0-adf3-0bfa93231d6b_318.json @@ -32,27 +32,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4872671a-c8d2-4847-9891-d3ce08b9e4c9_1.json b/packages/security_detection_engine/kibana/security_rule/4872671a-c8d2-4847-9891-d3ce08b9e4c9_1.json index 536a9405979..cf401304fa4 100644 --- a/packages/security_detection_engine/kibana/security_rule/4872671a-c8d2-4847-9891-d3ce08b9e4c9_1.json +++ b/packages/security_detection_engine/kibana/security_rule/4872671a-c8d2-4847-9891-d3ce08b9e4c9_1.json @@ -28,23 +28,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/48819484-9826-4083-9eba-1da74cd0eaf2_113.json b/packages/security_detection_engine/kibana/security_rule/48819484-9826-4083-9eba-1da74cd0eaf2_113.json index 50b02f2c2ee..1f83858067e 100644 --- a/packages/security_detection_engine/kibana/security_rule/48819484-9826-4083-9eba-1da74cd0eaf2_113.json +++ b/packages/security_detection_engine/kibana/security_rule/48819484-9826-4083-9eba-1da74cd0eaf2_113.json @@ -31,7 +31,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4886ce11-fca5-433f-bbb9-e33e410ef9ae_1.json b/packages/security_detection_engine/kibana/security_rule/4886ce11-fca5-433f-bbb9-e33e410ef9ae_1.json index a9ec0e2f579..2f393cfaeb8 100644 --- a/packages/security_detection_engine/kibana/security_rule/4886ce11-fca5-433f-bbb9-e33e410ef9ae_1.json +++ b/packages/security_detection_engine/kibana/security_rule/4886ce11-fca5-433f-bbb9-e33e410ef9ae_1.json @@ -23,7 +23,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/48b3d2e3-f4e8-41e6-95e6-9b2091228db3_15.json b/packages/security_detection_engine/kibana/security_rule/48b3d2e3-f4e8-41e6-95e6-9b2091228db3_15.json index 90a107f6bb5..91ff3d914af 100644 --- a/packages/security_detection_engine/kibana/security_rule/48b3d2e3-f4e8-41e6-95e6-9b2091228db3_15.json +++ b/packages/security_detection_engine/kibana/security_rule/48b3d2e3-f4e8-41e6-95e6-9b2091228db3_15.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/48b6edfc-079d-4907-b43c-baffa243270d_119.json b/packages/security_detection_engine/kibana/security_rule/48b6edfc-079d-4907-b43c-baffa243270d_119.json index a48f26dfb1a..e35d4d513e3 100644 --- a/packages/security_detection_engine/kibana/security_rule/48b6edfc-079d-4907-b43c-baffa243270d_119.json +++ b/packages/security_detection_engine/kibana/security_rule/48b6edfc-079d-4907-b43c-baffa243270d_119.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/48d7f54d-c29e-4430-93a9-9db6b5892270_111.json b/packages/security_detection_engine/kibana/security_rule/48d7f54d-c29e-4430-93a9-9db6b5892270_111.json index 3c8364a0676..75fb95dee49 100644 --- a/packages/security_detection_engine/kibana/security_rule/48d7f54d-c29e-4430-93a9-9db6b5892270_111.json +++ b/packages/security_detection_engine/kibana/security_rule/48d7f54d-c29e-4430-93a9-9db6b5892270_111.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/48e60a73-08e8-42aa-8f51-4ed92c64dbea_4.json b/packages/security_detection_engine/kibana/security_rule/48e60a73-08e8-42aa-8f51-4ed92c64dbea_4.json index f5154fe786d..c87e13f3d6c 100644 --- a/packages/security_detection_engine/kibana/security_rule/48e60a73-08e8-42aa-8f51-4ed92c64dbea_4.json +++ b/packages/security_detection_engine/kibana/security_rule/48e60a73-08e8-42aa-8f51-4ed92c64dbea_4.json @@ -46,27 +46,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/48ec9452-e1fd-4513-a376-10a1a26d2c83_110.json b/packages/security_detection_engine/kibana/security_rule/48ec9452-e1fd-4513-a376-10a1a26d2c83_110.json index 05c34319a54..ba3bdca5bc4 100644 --- a/packages/security_detection_engine/kibana/security_rule/48ec9452-e1fd-4513-a376-10a1a26d2c83_110.json +++ b/packages/security_detection_engine/kibana/security_rule/48ec9452-e1fd-4513-a376-10a1a26d2c83_110.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/48f657ee-de4f-477c-aa99-ed88ee7af97a_8.json b/packages/security_detection_engine/kibana/security_rule/48f657ee-de4f-477c-aa99-ed88ee7af97a_8.json index 420955edcaf..fad6f298339 100644 --- a/packages/security_detection_engine/kibana/security_rule/48f657ee-de4f-477c-aa99-ed88ee7af97a_8.json +++ b/packages/security_detection_engine/kibana/security_rule/48f657ee-de4f-477c-aa99-ed88ee7af97a_8.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/49002bbe-7aea-4146-91eb-b2b683bf5ed5_1.json b/packages/security_detection_engine/kibana/security_rule/49002bbe-7aea-4146-91eb-b2b683bf5ed5_1.json index bdb126f554c..c7b0f05df5f 100644 --- a/packages/security_detection_engine/kibana/security_rule/49002bbe-7aea-4146-91eb-b2b683bf5ed5_1.json +++ b/packages/security_detection_engine/kibana/security_rule/49002bbe-7aea-4146-91eb-b2b683bf5ed5_1.json @@ -31,7 +31,7 @@ "related_integrations": [ { "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/491651da-125b-11f1-af7d-f661ea17fbce_4.json b/packages/security_detection_engine/kibana/security_rule/491651da-125b-11f1-af7d-f661ea17fbce_4.json index d14d41d15fa..5bb2ea30825 100644 --- a/packages/security_detection_engine/kibana/security_rule/491651da-125b-11f1-af7d-f661ea17fbce_4.json +++ b/packages/security_detection_engine/kibana/security_rule/491651da-125b-11f1-af7d-f661ea17fbce_4.json @@ -46,7 +46,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/493834ca-f861-414c-8602-150d5505b777_107.json b/packages/security_detection_engine/kibana/security_rule/493834ca-f861-414c-8602-150d5505b777_107.json index dcadb343594..7305093c838 100644 --- a/packages/security_detection_engine/kibana/security_rule/493834ca-f861-414c-8602-150d5505b777_107.json +++ b/packages/security_detection_engine/kibana/security_rule/493834ca-f861-414c-8602-150d5505b777_107.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/494ebba4-ecb7-4be4-8c6f-654c686549ad_114.json b/packages/security_detection_engine/kibana/security_rule/494ebba4-ecb7-4be4-8c6f-654c686549ad_114.json index 8ffa6564005..59b97ba69e0 100644 --- a/packages/security_detection_engine/kibana/security_rule/494ebba4-ecb7-4be4-8c6f-654c686549ad_114.json +++ b/packages/security_detection_engine/kibana/security_rule/494ebba4-ecb7-4be4-8c6f-654c686549ad_114.json @@ -24,19 +24,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/495e5f2e-2480-11ed-bea8-f661ea17fbce_112.json b/packages/security_detection_engine/kibana/security_rule/495e5f2e-2480-11ed-bea8-f661ea17fbce_112.json index 8da28cf47a2..dc9cde0fff8 100644 --- a/packages/security_detection_engine/kibana/security_rule/495e5f2e-2480-11ed-bea8-f661ea17fbce_112.json +++ b/packages/security_detection_engine/kibana/security_rule/495e5f2e-2480-11ed-bea8-f661ea17fbce_112.json @@ -38,7 +38,7 @@ "related_integrations": [ { "package": "google_workspace", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/497a7091-0ebd-44d7-88c4-367ab4d4d852_4.json b/packages/security_detection_engine/kibana/security_rule/497a7091-0ebd-44d7-88c4-367ab4d4d852_4.json index c6cc079614a..0308a182f43 100644 --- a/packages/security_detection_engine/kibana/security_rule/497a7091-0ebd-44d7-88c4-367ab4d4d852_4.json +++ b/packages/security_detection_engine/kibana/security_rule/497a7091-0ebd-44d7-88c4-367ab4d4d852_4.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4982ac3e-d0ee-4818-b95d-d9522d689259_111.json b/packages/security_detection_engine/kibana/security_rule/4982ac3e-d0ee-4818-b95d-d9522d689259_111.json index e83b8f22ea4..0e28978126f 100644 --- a/packages/security_detection_engine/kibana/security_rule/4982ac3e-d0ee-4818-b95d-d9522d689259_111.json +++ b/packages/security_detection_engine/kibana/security_rule/4982ac3e-d0ee-4818-b95d-d9522d689259_111.json @@ -19,15 +19,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/498e4094-60e7-11f0-8847-f661ea17fbcd_209.json b/packages/security_detection_engine/kibana/security_rule/498e4094-60e7-11f0-8847-f661ea17fbcd_209.json index b6a1a62ae52..2ce1efaa38a 100644 --- a/packages/security_detection_engine/kibana/security_rule/498e4094-60e7-11f0-8847-f661ea17fbcd_209.json +++ b/packages/security_detection_engine/kibana/security_rule/498e4094-60e7-11f0-8847-f661ea17fbcd_209.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4a99ac6f-9a54-4ba5-a64f-6eb65695841b_111.json b/packages/security_detection_engine/kibana/security_rule/4a99ac6f-9a54-4ba5-a64f-6eb65695841b_111.json index 0a835e09788..fdfd6554530 100644 --- a/packages/security_detection_engine/kibana/security_rule/4a99ac6f-9a54-4ba5-a64f-6eb65695841b_111.json +++ b/packages/security_detection_engine/kibana/security_rule/4a99ac6f-9a54-4ba5-a64f-6eb65695841b_111.json @@ -24,19 +24,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4ae94fc1-f08f-419f-b692-053d28219380_6.json b/packages/security_detection_engine/kibana/security_rule/4ae94fc1-f08f-419f-b692-053d28219380_6.json index 0d60af291ed..7ff269670a9 100644 --- a/packages/security_detection_engine/kibana/security_rule/4ae94fc1-f08f-419f-b692-053d28219380_6.json +++ b/packages/security_detection_engine/kibana/security_rule/4ae94fc1-f08f-419f-b692-053d28219380_6.json @@ -23,15 +23,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4b11dbab-ce37-49c4-bdf1-cdf64b405d96_1.json b/packages/security_detection_engine/kibana/security_rule/4b11dbab-ce37-49c4-bdf1-cdf64b405d96_1.json index 4508043512e..6e182e73e7f 100644 --- a/packages/security_detection_engine/kibana/security_rule/4b11dbab-ce37-49c4-bdf1-cdf64b405d96_1.json +++ b/packages/security_detection_engine/kibana/security_rule/4b11dbab-ce37-49c4-bdf1-cdf64b405d96_1.json @@ -25,11 +25,11 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" }, { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4b1ee53e-3fdc-11f0-8c24-f661ea17fbcd_4.json b/packages/security_detection_engine/kibana/security_rule/4b1ee53e-3fdc-11f0-8c24-f661ea17fbcd_4.json index ad50c1f7636..0a31a5c6014 100644 --- a/packages/security_detection_engine/kibana/security_rule/4b1ee53e-3fdc-11f0-8c24-f661ea17fbcd_4.json +++ b/packages/security_detection_engine/kibana/security_rule/4b1ee53e-3fdc-11f0-8c24-f661ea17fbcd_4.json @@ -43,7 +43,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4b438734-3793-4fda-bd42-ceeada0be8f9_317.json b/packages/security_detection_engine/kibana/security_rule/4b438734-3793-4fda-bd42-ceeada0be8f9_317.json index a86b3dc7ccf..33d25164c4f 100644 --- a/packages/security_detection_engine/kibana/security_rule/4b438734-3793-4fda-bd42-ceeada0be8f9_317.json +++ b/packages/security_detection_engine/kibana/security_rule/4b438734-3793-4fda-bd42-ceeada0be8f9_317.json @@ -24,27 +24,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4b4e9c99-27ea-4621-95c8-82341bc6e512_106.json b/packages/security_detection_engine/kibana/security_rule/4b4e9c99-27ea-4621-95c8-82341bc6e512_106.json index 386b857b011..32f0cd31dc4 100644 --- a/packages/security_detection_engine/kibana/security_rule/4b4e9c99-27ea-4621-95c8-82341bc6e512_106.json +++ b/packages/security_detection_engine/kibana/security_rule/4b4e9c99-27ea-4621-95c8-82341bc6e512_106.json @@ -18,7 +18,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4b74d3b0-416e-4099-b432-677e1cd098cc_5.json b/packages/security_detection_engine/kibana/security_rule/4b74d3b0-416e-4099-b432-677e1cd098cc_5.json index bfec2cc5327..40685d83000 100644 --- a/packages/security_detection_engine/kibana/security_rule/4b74d3b0-416e-4099-b432-677e1cd098cc_5.json +++ b/packages/security_detection_engine/kibana/security_rule/4b74d3b0-416e-4099-b432-677e1cd098cc_5.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4b77d382-b78e-4aae-85a0-8841b80e4fc4_6.json b/packages/security_detection_engine/kibana/security_rule/4b77d382-b78e-4aae-85a0-8841b80e4fc4_6.json index 4b56b1fac39..0d6715fde07 100644 --- a/packages/security_detection_engine/kibana/security_rule/4b77d382-b78e-4aae-85a0-8841b80e4fc4_6.json +++ b/packages/security_detection_engine/kibana/security_rule/4b77d382-b78e-4aae-85a0-8841b80e4fc4_6.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4b868f1f-15ff-4ba3-8c11-d5a7a6356d37_110.json b/packages/security_detection_engine/kibana/security_rule/4b868f1f-15ff-4ba3-8c11-d5a7a6356d37_110.json index ef1ca9b9cff..b05a653d6ac 100644 --- a/packages/security_detection_engine/kibana/security_rule/4b868f1f-15ff-4ba3-8c11-d5a7a6356d37_110.json +++ b/packages/security_detection_engine/kibana/security_rule/4b868f1f-15ff-4ba3-8c11-d5a7a6356d37_110.json @@ -24,19 +24,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4b95ecea-7225-4690-9938-2a2c0bad9c99_108.json b/packages/security_detection_engine/kibana/security_rule/4b95ecea-7225-4690-9938-2a2c0bad9c99_108.json index a4f9fde698a..b41ef817e07 100644 --- a/packages/security_detection_engine/kibana/security_rule/4b95ecea-7225-4690-9938-2a2c0bad9c99_108.json +++ b/packages/security_detection_engine/kibana/security_rule/4b95ecea-7225-4690-9938-2a2c0bad9c99_108.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "ded", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/4bae6c34-57be-403a-a556-e48f9ecef0b7_2.json b/packages/security_detection_engine/kibana/security_rule/4bae6c34-57be-403a-a556-e48f9ecef0b7_2.json index f81c5e503d0..f41c3f68858 100644 --- a/packages/security_detection_engine/kibana/security_rule/4bae6c34-57be-403a-a556-e48f9ecef0b7_2.json +++ b/packages/security_detection_engine/kibana/security_rule/4bae6c34-57be-403a-a556-e48f9ecef0b7_2.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4bd1c1af-79d4-4d37-9efa-6e0240640242_316.json b/packages/security_detection_engine/kibana/security_rule/4bd1c1af-79d4-4d37-9efa-6e0240640242_316.json index 75dcc7f1110..f4a76935b46 100644 --- a/packages/security_detection_engine/kibana/security_rule/4bd1c1af-79d4-4d37-9efa-6e0240640242_316.json +++ b/packages/security_detection_engine/kibana/security_rule/4bd1c1af-79d4-4d37-9efa-6e0240640242_316.json @@ -22,23 +22,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4bd306f9-ee89-4083-91af-e61ed5c42b9a_3.json b/packages/security_detection_engine/kibana/security_rule/4bd306f9-ee89-4083-91af-e61ed5c42b9a_3.json index 55ba43e1ab1..26a0c162e6a 100644 --- a/packages/security_detection_engine/kibana/security_rule/4bd306f9-ee89-4083-91af-e61ed5c42b9a_3.json +++ b/packages/security_detection_engine/kibana/security_rule/4bd306f9-ee89-4083-91af-e61ed5c42b9a_3.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" }, { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4c3c6c47-e38f-4944-be27-5c80be973bd7_7.json b/packages/security_detection_engine/kibana/security_rule/4c3c6c47-e38f-4944-be27-5c80be973bd7_7.json index 268fd574286..f4316193f30 100644 --- a/packages/security_detection_engine/kibana/security_rule/4c3c6c47-e38f-4944-be27-5c80be973bd7_7.json +++ b/packages/security_detection_engine/kibana/security_rule/4c3c6c47-e38f-4944-be27-5c80be973bd7_7.json @@ -24,11 +24,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4c59cff1-b78a-41b8-a9f1-4231984d1fb6_116.json b/packages/security_detection_engine/kibana/security_rule/4c59cff1-b78a-41b8-a9f1-4231984d1fb6_116.json index 97c89c139d9..9676857ebec 100644 --- a/packages/security_detection_engine/kibana/security_rule/4c59cff1-b78a-41b8-a9f1-4231984d1fb6_116.json +++ b/packages/security_detection_engine/kibana/security_rule/4c59cff1-b78a-41b8-a9f1-4231984d1fb6_116.json @@ -41,7 +41,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4c5a4e8b-3f2d-4a6e-9b5c-7d8f9e0a1b2c_2.json b/packages/security_detection_engine/kibana/security_rule/4c5a4e8b-3f2d-4a6e-9b5c-7d8f9e0a1b2c_2.json index 278e8ed5694..018143aa34a 100644 --- a/packages/security_detection_engine/kibana/security_rule/4c5a4e8b-3f2d-4a6e-9b5c-7d8f9e0a1b2c_2.json +++ b/packages/security_detection_engine/kibana/security_rule/4c5a4e8b-3f2d-4a6e-9b5c-7d8f9e0a1b2c_2.json @@ -28,7 +28,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4d169db7-0323-4157-9ad3-ea5ece9019c9_5.json b/packages/security_detection_engine/kibana/security_rule/4d169db7-0323-4157-9ad3-ea5ece9019c9_5.json index b8a66303519..f9248dbcd54 100644 --- a/packages/security_detection_engine/kibana/security_rule/4d169db7-0323-4157-9ad3-ea5ece9019c9_5.json +++ b/packages/security_detection_engine/kibana/security_rule/4d169db7-0323-4157-9ad3-ea5ece9019c9_5.json @@ -24,23 +24,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4d4c35f4-414e-4d0c-bb7e-6db7c80a6957_113.json b/packages/security_detection_engine/kibana/security_rule/4d4c35f4-414e-4d0c-bb7e-6db7c80a6957_113.json index f63755d4fa6..f13738a442f 100644 --- a/packages/security_detection_engine/kibana/security_rule/4d4c35f4-414e-4d0c-bb7e-6db7c80a6957_113.json +++ b/packages/security_detection_engine/kibana/security_rule/4d4c35f4-414e-4d0c-bb7e-6db7c80a6957_113.json @@ -26,19 +26,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4d4cda2b-9aad-4702-a0a2-75952bd6a77c_4.json b/packages/security_detection_engine/kibana/security_rule/4d4cda2b-9aad-4702-a0a2-75952bd6a77c_4.json index 76f54047e35..e685d81dbcb 100644 --- a/packages/security_detection_engine/kibana/security_rule/4d4cda2b-9aad-4702-a0a2-75952bd6a77c_4.json +++ b/packages/security_detection_engine/kibana/security_rule/4d4cda2b-9aad-4702-a0a2-75952bd6a77c_4.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4d50a94f-2844-43fa-8395-6afbd5e1c5ef_214.json b/packages/security_detection_engine/kibana/security_rule/4d50a94f-2844-43fa-8395-6afbd5e1c5ef_214.json index 7898ee9eb5b..927dad622b6 100644 --- a/packages/security_detection_engine/kibana/security_rule/4d50a94f-2844-43fa-8395-6afbd5e1c5ef_214.json +++ b/packages/security_detection_engine/kibana/security_rule/4d50a94f-2844-43fa-8395-6afbd5e1c5ef_214.json @@ -29,7 +29,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4da13d6e-904f-4636-81d8-6ab14b4e6ae9_111.json b/packages/security_detection_engine/kibana/security_rule/4da13d6e-904f-4636-81d8-6ab14b4e6ae9_111.json index 6af89c4d2e9..3632cbb96aa 100644 --- a/packages/security_detection_engine/kibana/security_rule/4da13d6e-904f-4636-81d8-6ab14b4e6ae9_111.json +++ b/packages/security_detection_engine/kibana/security_rule/4da13d6e-904f-4636-81d8-6ab14b4e6ae9_111.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4ddac6c1-e4be-4e2b-95b5-0654cb8d423c_1.json b/packages/security_detection_engine/kibana/security_rule/4ddac6c1-e4be-4e2b-95b5-0654cb8d423c_1.json index c86e1acbaba..9056fdeb3da 100644 --- a/packages/security_detection_engine/kibana/security_rule/4ddac6c1-e4be-4e2b-95b5-0654cb8d423c_1.json +++ b/packages/security_detection_engine/kibana/security_rule/4ddac6c1-e4be-4e2b-95b5-0654cb8d423c_1.json @@ -44,7 +44,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4de76544-f0e5-486a-8f84-eae0b6063cdc_320.json b/packages/security_detection_engine/kibana/security_rule/4de76544-f0e5-486a-8f84-eae0b6063cdc_320.json index 65f6172bd46..7cb7c9e64c3 100644 --- a/packages/security_detection_engine/kibana/security_rule/4de76544-f0e5-486a-8f84-eae0b6063cdc_320.json +++ b/packages/security_detection_engine/kibana/security_rule/4de76544-f0e5-486a-8f84-eae0b6063cdc_320.json @@ -30,27 +30,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4df2e3ae-3553-4194-b22e-3e5a6f71466e_1.json b/packages/security_detection_engine/kibana/security_rule/4df2e3ae-3553-4194-b22e-3e5a6f71466e_1.json index f5be1263b94..3cdd4b5ad72 100644 --- a/packages/security_detection_engine/kibana/security_rule/4df2e3ae-3553-4194-b22e-3e5a6f71466e_1.json +++ b/packages/security_detection_engine/kibana/security_rule/4df2e3ae-3553-4194-b22e-3e5a6f71466e_1.json @@ -28,7 +28,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4df91789-7859-4bc4-9c5a-6b56bfa81a8b_1.json b/packages/security_detection_engine/kibana/security_rule/4df91789-7859-4bc4-9c5a-6b56bfa81a8b_1.json index 2f79c5f9d01..f7ccee053b9 100644 --- a/packages/security_detection_engine/kibana/security_rule/4df91789-7859-4bc4-9c5a-6b56bfa81a8b_1.json +++ b/packages/security_detection_engine/kibana/security_rule/4df91789-7859-4bc4-9c5a-6b56bfa81a8b_1.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4e2dcdf4-f012-4b67-980b-1551b7149305_1.json b/packages/security_detection_engine/kibana/security_rule/4e2dcdf4-f012-4b67-980b-1551b7149305_1.json index f8c15fb274e..5798ba89b6e 100644 --- a/packages/security_detection_engine/kibana/security_rule/4e2dcdf4-f012-4b67-980b-1551b7149305_1.json +++ b/packages/security_detection_engine/kibana/security_rule/4e2dcdf4-f012-4b67-980b-1551b7149305_1.json @@ -41,7 +41,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4e85dc8a-3e41-40d8-bc28-91af7ac6cf60_117.json b/packages/security_detection_engine/kibana/security_rule/4e85dc8a-3e41-40d8-bc28-91af7ac6cf60_117.json index 5aeac0f12a7..1c2ce9a6957 100644 --- a/packages/security_detection_engine/kibana/security_rule/4e85dc8a-3e41-40d8-bc28-91af7ac6cf60_117.json +++ b/packages/security_detection_engine/kibana/security_rule/4e85dc8a-3e41-40d8-bc28-91af7ac6cf60_117.json @@ -21,11 +21,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4ec47004-b34a-42e6-8003-376a123ea447_115.json b/packages/security_detection_engine/kibana/security_rule/4ec47004-b34a-42e6-8003-376a123ea447_115.json index fe5ce75784d..476d8eaf1a9 100644 --- a/packages/security_detection_engine/kibana/security_rule/4ec47004-b34a-42e6-8003-376a123ea447_115.json +++ b/packages/security_detection_engine/kibana/security_rule/4ec47004-b34a-42e6-8003-376a123ea447_115.json @@ -21,11 +21,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4ed493fc-d637-4a36-80ff-ac84937e5461_319.json b/packages/security_detection_engine/kibana/security_rule/4ed493fc-d637-4a36-80ff-ac84937e5461_319.json index b2223fb9be8..47675cc9227 100644 --- a/packages/security_detection_engine/kibana/security_rule/4ed493fc-d637-4a36-80ff-ac84937e5461_319.json +++ b/packages/security_detection_engine/kibana/security_rule/4ed493fc-d637-4a36-80ff-ac84937e5461_319.json @@ -32,27 +32,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4ed678a9-3a4f-41fb-9fea-f85a6e0a0dff_214.json b/packages/security_detection_engine/kibana/security_rule/4ed678a9-3a4f-41fb-9fea-f85a6e0a0dff_214.json index 7994ac69dc3..3dd31fa298e 100644 --- a/packages/security_detection_engine/kibana/security_rule/4ed678a9-3a4f-41fb-9fea-f85a6e0a0dff_214.json +++ b/packages/security_detection_engine/kibana/security_rule/4ed678a9-3a4f-41fb-9fea-f85a6e0a0dff_214.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4edd3e1a-3aa0-499b-8147-4d2ea43b1613_415.json b/packages/security_detection_engine/kibana/security_rule/4edd3e1a-3aa0-499b-8147-4d2ea43b1613_415.json index ef2952dbcae..5ab7adce3f7 100644 --- a/packages/security_detection_engine/kibana/security_rule/4edd3e1a-3aa0-499b-8147-4d2ea43b1613_415.json +++ b/packages/security_detection_engine/kibana/security_rule/4edd3e1a-3aa0-499b-8147-4d2ea43b1613_415.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4f2654e4-125b-11f1-af7d-f661ea17fbce_2.json b/packages/security_detection_engine/kibana/security_rule/4f2654e4-125b-11f1-af7d-f661ea17fbce_2.json index 10ce225c809..9a24dc0bdbc 100644 --- a/packages/security_detection_engine/kibana/security_rule/4f2654e4-125b-11f1-af7d-f661ea17fbce_2.json +++ b/packages/security_detection_engine/kibana/security_rule/4f2654e4-125b-11f1-af7d-f661ea17fbce_2.json @@ -26,7 +26,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4f725dc5-ae44-46c1-9ac5-99f6f7a70d8a_7.json b/packages/security_detection_engine/kibana/security_rule/4f725dc5-ae44-46c1-9ac5-99f6f7a70d8a_7.json index c1c264da9d2..2260b00669c 100644 --- a/packages/security_detection_engine/kibana/security_rule/4f725dc5-ae44-46c1-9ac5-99f6f7a70d8a_7.json +++ b/packages/security_detection_engine/kibana/security_rule/4f725dc5-ae44-46c1-9ac5-99f6f7a70d8a_7.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4f855297-c8e0-4097-9d97-d653f7e471c4_9.json b/packages/security_detection_engine/kibana/security_rule/4f855297-c8e0-4097-9d97-d653f7e471c4_9.json index 90e9c61a10d..fba6f6264e1 100644 --- a/packages/security_detection_engine/kibana/security_rule/4f855297-c8e0-4097-9d97-d653f7e471c4_9.json +++ b/packages/security_detection_engine/kibana/security_rule/4f855297-c8e0-4097-9d97-d653f7e471c4_9.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "aws_bedrock", - "version": "^1.1.0" + "version": ">=1.1.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4f95e0f8-18b7-459a-b8b5-b2f5c94bf6eb_1.json b/packages/security_detection_engine/kibana/security_rule/4f95e0f8-18b7-459a-b8b5-b2f5c94bf6eb_1.json index c00718f861b..a28b8bc114f 100644 --- a/packages/security_detection_engine/kibana/security_rule/4f95e0f8-18b7-459a-b8b5-b2f5c94bf6eb_1.json +++ b/packages/security_detection_engine/kibana/security_rule/4f95e0f8-18b7-459a-b8b5-b2f5c94bf6eb_1.json @@ -42,7 +42,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/4fe9d835-40e1-452d-8230-17c147cafad8_320.json b/packages/security_detection_engine/kibana/security_rule/4fe9d835-40e1-452d-8230-17c147cafad8_320.json index f7ed70c6c33..60a4a9b6850 100644 --- a/packages/security_detection_engine/kibana/security_rule/4fe9d835-40e1-452d-8230-17c147cafad8_320.json +++ b/packages/security_detection_engine/kibana/security_rule/4fe9d835-40e1-452d-8230-17c147cafad8_320.json @@ -46,27 +46,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/50742e15-c5ef-49c8-9a2d-31221d45af58_3.json b/packages/security_detection_engine/kibana/security_rule/50742e15-c5ef-49c8-9a2d-31221d45af58_3.json index 3f75bcb60d0..1b85590eb52 100644 --- a/packages/security_detection_engine/kibana/security_rule/50742e15-c5ef-49c8-9a2d-31221d45af58_3.json +++ b/packages/security_detection_engine/kibana/security_rule/50742e15-c5ef-49c8-9a2d-31221d45af58_3.json @@ -27,7 +27,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "risk_score": 73, diff --git a/packages/security_detection_engine/kibana/security_rule/50887ba8-7ff7-11ee-a038-f661ea17fbcd_212.json b/packages/security_detection_engine/kibana/security_rule/50887ba8-7ff7-11ee-a038-f661ea17fbcd_212.json index 3709d2b84b2..0c7f7f5d7da 100644 --- a/packages/security_detection_engine/kibana/security_rule/50887ba8-7ff7-11ee-a038-f661ea17fbcd_212.json +++ b/packages/security_detection_engine/kibana/security_rule/50887ba8-7ff7-11ee-a038-f661ea17fbcd_212.json @@ -29,7 +29,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/50a2bdea-9876-11ef-89db-f661ea17fbcd_6.json b/packages/security_detection_engine/kibana/security_rule/50a2bdea-9876-11ef-89db-f661ea17fbcd_6.json index 4755e84f46a..62f70bf8382 100644 --- a/packages/security_detection_engine/kibana/security_rule/50a2bdea-9876-11ef-89db-f661ea17fbcd_6.json +++ b/packages/security_detection_engine/kibana/security_rule/50a2bdea-9876-11ef-89db-f661ea17fbcd_6.json @@ -47,7 +47,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/50eba7ec-d3f0-474c-a7f4-0906b68e350f_1.json b/packages/security_detection_engine/kibana/security_rule/50eba7ec-d3f0-474c-a7f4-0906b68e350f_1.json index 0d450a9a3ae..61d64e6771b 100644 --- a/packages/security_detection_engine/kibana/security_rule/50eba7ec-d3f0-474c-a7f4-0906b68e350f_1.json +++ b/packages/security_detection_engine/kibana/security_rule/50eba7ec-d3f0-474c-a7f4-0906b68e350f_1.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/51176ed2-2d90-49f2-9f3d-17196428b169_112.json b/packages/security_detection_engine/kibana/security_rule/51176ed2-2d90-49f2-9f3d-17196428b169_112.json index 8e3c426adb3..b61a55d15f7 100644 --- a/packages/security_detection_engine/kibana/security_rule/51176ed2-2d90-49f2-9f3d-17196428b169_112.json +++ b/packages/security_detection_engine/kibana/security_rule/51176ed2-2d90-49f2-9f3d-17196428b169_112.json @@ -20,15 +20,15 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5124e65f-df97-4471-8dcb-8e3953b3ea97_108.json b/packages/security_detection_engine/kibana/security_rule/5124e65f-df97-4471-8dcb-8e3953b3ea97_108.json index 5d0df0c983f..901683d26dc 100644 --- a/packages/security_detection_engine/kibana/security_rule/5124e65f-df97-4471-8dcb-8e3953b3ea97_108.json +++ b/packages/security_detection_engine/kibana/security_rule/5124e65f-df97-4471-8dcb-8e3953b3ea97_108.json @@ -20,15 +20,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5134be90-42c1-4ac7-859c-4d82caaddbec_1.json b/packages/security_detection_engine/kibana/security_rule/5134be90-42c1-4ac7-859c-4d82caaddbec_1.json index d229611b94a..322f3fd5cd0 100644 --- a/packages/security_detection_engine/kibana/security_rule/5134be90-42c1-4ac7-859c-4d82caaddbec_1.json +++ b/packages/security_detection_engine/kibana/security_rule/5134be90-42c1-4ac7-859c-4d82caaddbec_1.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/513f0ffd-b317-4b9c-9494-92ce861f22c7_418.json b/packages/security_detection_engine/kibana/security_rule/513f0ffd-b317-4b9c-9494-92ce861f22c7_418.json index 8c3de32873d..fdf8d3397a4 100644 --- a/packages/security_detection_engine/kibana/security_rule/513f0ffd-b317-4b9c-9494-92ce861f22c7_418.json +++ b/packages/security_detection_engine/kibana/security_rule/513f0ffd-b317-4b9c-9494-92ce861f22c7_418.json @@ -22,23 +22,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/514121ce-c7b6-474a-8237-68ff71672379_213.json b/packages/security_detection_engine/kibana/security_rule/514121ce-c7b6-474a-8237-68ff71672379_213.json index 0344ade3c3a..822c436f8af 100644 --- a/packages/security_detection_engine/kibana/security_rule/514121ce-c7b6-474a-8237-68ff71672379_213.json +++ b/packages/security_detection_engine/kibana/security_rule/514121ce-c7b6-474a-8237-68ff71672379_213.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/51859fa0-d86b-4214-bf48-ebb30ed91305_109.json b/packages/security_detection_engine/kibana/security_rule/51859fa0-d86b-4214-bf48-ebb30ed91305_109.json index a67d404c3a3..bb489895855 100644 --- a/packages/security_detection_engine/kibana/security_rule/51859fa0-d86b-4214-bf48-ebb30ed91305_109.json +++ b/packages/security_detection_engine/kibana/security_rule/51859fa0-d86b-4214-bf48-ebb30ed91305_109.json @@ -23,7 +23,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5188c68e-d3de-4e96-994d-9e242269446f_209.json b/packages/security_detection_engine/kibana/security_rule/5188c68e-d3de-4e96-994d-9e242269446f_209.json index 9fdf84f1e89..ad703fe8e9a 100644 --- a/packages/security_detection_engine/kibana/security_rule/5188c68e-d3de-4e96-994d-9e242269446f_209.json +++ b/packages/security_detection_engine/kibana/security_rule/5188c68e-d3de-4e96-994d-9e242269446f_209.json @@ -28,23 +28,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/51a09737-80f7-4551-a3be-dac8ef5d181a_8.json b/packages/security_detection_engine/kibana/security_rule/51a09737-80f7-4551-a3be-dac8ef5d181a_8.json index a203a52077c..050abf17990 100644 --- a/packages/security_detection_engine/kibana/security_rule/51a09737-80f7-4551-a3be-dac8ef5d181a_8.json +++ b/packages/security_detection_engine/kibana/security_rule/51a09737-80f7-4551-a3be-dac8ef5d181a_8.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/51ce96fb-9e52-4dad-b0ba-99b54440fc9a_213.json b/packages/security_detection_engine/kibana/security_rule/51ce96fb-9e52-4dad-b0ba-99b54440fc9a_213.json index 92f23fa36cb..d6555f0aa05 100644 --- a/packages/security_detection_engine/kibana/security_rule/51ce96fb-9e52-4dad-b0ba-99b54440fc9a_213.json +++ b/packages/security_detection_engine/kibana/security_rule/51ce96fb-9e52-4dad-b0ba-99b54440fc9a_213.json @@ -30,11 +30,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5202697c-313b-4bf0-9029-73fe78cd4b6d_1.json b/packages/security_detection_engine/kibana/security_rule/5202697c-313b-4bf0-9029-73fe78cd4b6d_1.json index 2dc47882b9f..28bccfa7d5a 100644 --- a/packages/security_detection_engine/kibana/security_rule/5202697c-313b-4bf0-9029-73fe78cd4b6d_1.json +++ b/packages/security_detection_engine/kibana/security_rule/5202697c-313b-4bf0-9029-73fe78cd4b6d_1.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/523116c0-d89d-4d7c-82c2-39e6845a78ef_212.json b/packages/security_detection_engine/kibana/security_rule/523116c0-d89d-4d7c-82c2-39e6845a78ef_212.json index 4ce963da8a7..8f92bb4eba1 100644 --- a/packages/security_detection_engine/kibana/security_rule/523116c0-d89d-4d7c-82c2-39e6845a78ef_212.json +++ b/packages/security_detection_engine/kibana/security_rule/523116c0-d89d-4d7c-82c2-39e6845a78ef_212.json @@ -40,7 +40,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/52376a86-ee86-4967-97ae-1a05f55816f0_118.json b/packages/security_detection_engine/kibana/security_rule/52376a86-ee86-4967-97ae-1a05f55816f0_118.json deleted file mode 100644 index 5bdd654e479..00000000000 --- a/packages/security_detection_engine/kibana/security_rule/52376a86-ee86-4967-97ae-1a05f55816f0_118.json +++ /dev/null @@ -1,145 +0,0 @@ -{ - "attributes": { - "author": [ - "Elastic" - ], - "description": "Identifies the abuse of a Linux binary to break out of a restricted shell or environment by spawning an interactive system shell. The activity of spawning a shell from a binary is not common behavior for a user or system administrator, and may indicate an attempt to evade detection, increase capabilities or enhance the stability of an adversary.", - "from": "now-9m", - "index": [ - "logs-endpoint.events.process*" - ], - "language": "eql", - "license": "Elastic License v2", - "name": "Linux Restricted Shell Breakout via Linux Binary(s)", - "note": "## Triage and analysis\n\n### Investigating Linux Restricted Shell Breakout via Linux Binary(s)\nDetection alerts from this rule indicate that a Linux utility has been abused to breakout of restricted shells or\nenvironments by spawning an interactive system shell.\nHere are some possible avenues of investigation:\n- Examine the entry point to the host and user in action via the Analyse View.\n - Identify the session entry leader and session user\n- Examine the contents of session leading to the abuse via the Session View.\n - Examine the command execution pattern in the session, which may lead to suspricous activities\n- Examine the execution of commands in the spawned shell.\n - Identify imment threat to the system from the executed commands\n - Take necessary incident response actions to contain any malicious behviour caused via this execution.\n\n### Related rules\n\n- A malicious spawned shell can execute any of the possible MITTRE ATT&CK vectors mainly to impair defences.\n- Hence its adviced to enable defence evasion and privilige escalation rules accordingly in your environment\n\n### Response and remediation\n\nInitiate the incident response process based on the outcome of the triage.\n\n- If the triage releaved suspicious netwrok activity from the malicious spawned shell,\n - Isolate the involved host to prevent further post-compromise behavior.\n- If the triage identified malware execution via the maliciously spawned shell,\n - Search the environment for additional compromised hosts.\n - Implement temporary network rules, procedures, and segmentation to contain the malware.\n - Stop suspicious processes.\n - Immediately block the identified indicators of compromise (IoCs).\n - Inspect the affected systems for additional malware backdoors like reverse shells, reverse proxies, or droppers that attackers could use to reinfect the system.\n- If the triage revelaed defence evasion for imparing defenses\n - Isolate the involved host to prevent further post-compromise behavior.\n - Identified the disabled security guard components on the host and take necessary steps in renebaling the same.\n - If any tools have been disbaled / uninstalled or config tampered work towards reenabling the same.\n- If the triage revelaed addition of persistence mechanism exploit like auto start scripts\n - Isolate further login to the systems that can initae auto start scripts.\n - Identify the auto start scripts and disable and remove the same from the systems\n- If the triage revealed data crawling or data export via remote copy\n - Investigate credential exposure on systems compromised / used / decoded by the attacker during the data crawling\n - Intiate compromised credential deactivation and credential rotation process for all exposed crednetials.\n - Investiagte if any IPR data was accessed during the data crawling and take appropriate actions.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n", - "query": "process where host.os.type == \"linux\" and event.type == \"start\" and process.executable != null and\n(\n /* launching shell from capsh */\n (process.name == \"capsh\" and process.args == \"--\" and not process.parent.executable == \"/usr/bin/log4j-cve-2021-44228-hotpatch\") or\n\n /* launching shells from unusual parents or parent+arg combos */\n (process.name in (\"bash\", \"dash\", \"ash\", \"sh\", \"tcsh\", \"csh\", \"zsh\", \"ksh\", \"fish\") and (\n (process.parent.name : \"*awk\" and process.parent.args : \"BEGIN {system(*)}\") or\n (process.parent.name == \"git\" and process.parent.args : (\"!*sh\", \"exec *sh\") and not process.name == \"ssh\" ) or\n (process.parent.name : (\"byebug\", \"ftp\", \"strace\", \"zip\", \"tar\") and\n (\n process.parent.args : \"BEGIN {system(*)}\" or\n (\n (process.parent.args : \"exec=*sh\" or (process.parent.args : \"-I\" and process.parent.args : \"*sh\")) or\n (process.args : \"exec=*sh\" or (process.args : \"-I\" and process.args : \"*sh\"))\n )\n )\n ) or\n\n /* shells specified in parent args */\n /* nice rule is broken in 8.2 */\n (process.parent.args : \"*sh\" and\n (\n (process.parent.name == \"nice\") or\n (process.parent.name == \"cpulimit\" and process.parent.args == \"-f\") or\n (process.parent.name == \"find\" and process.parent.args == \".\" and process.parent.args == \"-exec\" and\n process.parent.args == \";\" and process.parent.args : \"/bin/*sh\") or\n (process.parent.name == \"flock\" and process.parent.args == \"-u\" and process.parent.args == \"/\")\n )\n )\n )) or\n\n /* shells specified in args */\n (process.args : \"*sh\" and (\n (process.parent.name == \"crash\" and process.parent.args == \"-h\") or\n (process.name == \"sensible-pager\" and process.parent.name in (\"apt\", \"apt-get\") and process.parent.args == \"changelog\")\n /* scope to include more sensible-pager invoked shells with different parent process to reduce noise and remove false positives */\n\n )) or\n (process.name == \"busybox\" and event.action == \"exec\" and process.args_count == 2 and process.args : \"*sh\" and not\n process.executable : \"/var/lib/docker/overlay2/*/merged/bin/busybox\" and not (process.parent.args == \"init\" and\n process.parent.args == \"runc\") and not process.parent.args in (\"ls-remote\", \"push\", \"fetch\") and not process.parent.name == \"mkinitramfs\" and\n not process.parent.executable == \"/bin/busybox\") or\n (process.name == \"env\" and process.args_count == 2 and process.args : \"*sh\") or\n (process.parent.name in (\"vi\", \"vim\") and process.parent.args == \"-c\" and process.parent.args : \":!*sh\") or\n (process.parent.name in (\"c89\", \"c99\", \"gcc\") and process.parent.args : \"*sh,-s\" and process.parent.args == \"-wrapper\") or\n (process.parent.name == \"expect\" and process.parent.args == \"-c\" and process.parent.args : \"spawn *sh;interact\") or\n (process.parent.name == \"mysql\" and process.parent.args == \"-e\" and process.parent.args : \"\\\\!*sh\") or\n (process.parent.name == \"ssh\" and process.parent.args == \"-o\" and process.parent.args : \"ProxyCommand=;*sh 0<&2 1>&2\")\n)\n", - "references": [ - "https://gtfobins.github.io/gtfobins/apt/", - "https://gtfobins.github.io/gtfobins/apt-get/", - "https://gtfobins.github.io/gtfobins/nawk/", - "https://gtfobins.github.io/gtfobins/mawk/", - "https://gtfobins.github.io/gtfobins/awk/", - "https://gtfobins.github.io/gtfobins/gawk/", - "https://gtfobins.github.io/gtfobins/busybox/", - "https://gtfobins.github.io/gtfobins/c89/", - "https://gtfobins.github.io/gtfobins/c99/", - "https://gtfobins.github.io/gtfobins/cpulimit/", - "https://gtfobins.github.io/gtfobins/crash/", - "https://gtfobins.github.io/gtfobins/env/", - "https://gtfobins.github.io/gtfobins/expect/", - "https://gtfobins.github.io/gtfobins/find/", - "https://gtfobins.github.io/gtfobins/flock/", - "https://gtfobins.github.io/gtfobins/gcc/", - "https://gtfobins.github.io/gtfobins/mysql/", - "https://gtfobins.github.io/gtfobins/nice/", - "https://gtfobins.github.io/gtfobins/ssh/", - "https://gtfobins.github.io/gtfobins/vi/", - "https://gtfobins.github.io/gtfobins/vim/", - "https://gtfobins.github.io/gtfobins/capsh/", - "https://gtfobins.github.io/gtfobins/byebug/", - "https://gtfobins.github.io/gtfobins/git/", - "https://gtfobins.github.io/gtfobins/ftp/", - "https://www.elastic.co/security-labs/sequel-on-persistence-mechanisms" - ], - "related_integrations": [ - { - "package": "endpoint", - "version": "^9.0.0" - } - ], - "required_fields": [ - { - "ecs": true, - "name": "event.action", - "type": "keyword" - }, - { - "ecs": true, - "name": "event.type", - "type": "keyword" - }, - { - "ecs": true, - "name": "host.os.type", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.args", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.args_count", - "type": "long" - }, - { - "ecs": true, - "name": "process.executable", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.name", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.parent.args", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.parent.executable", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.parent.name", - "type": "keyword" - } - ], - "risk_score": 47, - "rule_id": "52376a86-ee86-4967-97ae-1a05f55816f0", - "setup": "## Setup\n\nThis rule requires data coming in from Elastic Defend.\n\n### Elastic Defend Integration Setup\nElastic Defend is integrated into the Elastic Agent using Fleet. Upon configuration, the integration allows the Elastic Agent to monitor events on your host and send data to the Elastic Security app.\n\n#### Prerequisite Requirements:\n- Fleet is required for Elastic Defend.\n- To configure Fleet Server refer to the [documentation](https://www.elastic.co/guide/en/fleet/current/fleet-server.html).\n\n#### The following steps should be executed in order to add the Elastic Defend integration on a Linux System:\n- Go to the Kibana home page and click \"Add integrations\".\n- In the query bar, search for \"Elastic Defend\" and select the integration to see more details about it.\n- Click \"Add Elastic Defend\".\n- Configure the integration name and optionally add a description.\n- Select the type of environment you want to protect, either \"Traditional Endpoints\" or \"Cloud Workloads\".\n- Select a configuration preset. Each preset comes with different default settings for Elastic Agent, you can further customize these later by configuring the Elastic Defend integration policy. [Helper guide](https://www.elastic.co/guide/en/security/current/configure-endpoint-integration-policy.html).\n- We suggest selecting \"Complete EDR (Endpoint Detection and Response)\" as a configuration setting, that provides \"All events; all preventions\"\n- Enter a name for the agent policy in \"New agent policy name\". If other agent policies already exist, you can click the \"Existing hosts\" tab and select an existing policy instead.\nFor more details on Elastic Agent configuration settings, refer to the [helper guide](https://www.elastic.co/guide/en/fleet/8.10/agent-policy.html).\n- Click \"Save and Continue\".\n- To complete the integration, select \"Add Elastic Agent to your hosts\" and continue to the next section to install the Elastic Agent on your hosts.\nFor more details on Elastic Defend refer to the [helper guide](https://www.elastic.co/guide/en/security/current/install-endpoint.html).\n\nSession View uses process data collected by the Elastic Defend integration, but this data is not always collected by default. Session View is available on enterprise subscription for versions 8.3 and above.\n#### To confirm that Session View data is enabled:\n- Go to \u201cManage \u2192 Policies\u201d, and edit one or more of your Elastic Defend integration policies.\n- Select the\u201d Policy settings\u201d tab, then scroll down to the \u201cLinux event collection\u201d section near the bottom.\n- Check the box for \u201cProcess events\u201d, and turn on the \u201cInclude session data\u201d toggle.\n- If you want to include file and network alerts in Session View, check the boxes for \u201cNetwork and File events\u201d.\n- If you want to enable terminal output capture, turn on the \u201cCapture terminal output\u201d toggle.\nFor more information about the additional fields collected when this setting is enabled and the usage of Session View for Analysis refer to the [helper guide](https://www.elastic.co/guide/en/security/current/session-view.html).\n", - "severity": "medium", - "tags": [ - "Domain: Endpoint", - "OS: Linux", - "Use Case: Threat Detection", - "Tactic: Execution", - "Data Source: Elastic Endgame", - "Data Source: Elastic Defend", - "Resources: Investigation Guide" - ], - "threat": [ - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0002", - "name": "Execution", - "reference": "https://attack.mitre.org/tactics/TA0002/" - }, - "technique": [ - { - "id": "T1059", - "name": "Command and Scripting Interpreter", - "reference": "https://attack.mitre.org/techniques/T1059/", - "subtechnique": [ - { - "id": "T1059.004", - "name": "Unix Shell", - "reference": "https://attack.mitre.org/techniques/T1059/004/" - } - ] - } - ] - } - ], - "timestamp_override": "event.ingested", - "type": "eql", - "version": 118 - }, - "id": "52376a86-ee86-4967-97ae-1a05f55816f0_118", - "type": "security-rule" -} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/527d23e6-8b67-4a8e-a6bd-5169b90ab2a8_4.json b/packages/security_detection_engine/kibana/security_rule/527d23e6-8b67-4a8e-a6bd-5169b90ab2a8_4.json index 2dd286c2e34..2819527538f 100644 --- a/packages/security_detection_engine/kibana/security_rule/527d23e6-8b67-4a8e-a6bd-5169b90ab2a8_4.json +++ b/packages/security_detection_engine/kibana/security_rule/527d23e6-8b67-4a8e-a6bd-5169b90ab2a8_4.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5297b7f1-bccd-4611-93fa-ea342a01ff84_4.json b/packages/security_detection_engine/kibana/security_rule/5297b7f1-bccd-4611-93fa-ea342a01ff84_4.json index 2046ca26453..c16c8bb021d 100644 --- a/packages/security_detection_engine/kibana/security_rule/5297b7f1-bccd-4611-93fa-ea342a01ff84_4.json +++ b/packages/security_detection_engine/kibana/security_rule/5297b7f1-bccd-4611-93fa-ea342a01ff84_4.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/52aaab7b-b51c-441a-89ce-4387b3aea886_214.json b/packages/security_detection_engine/kibana/security_rule/52aaab7b-b51c-441a-89ce-4387b3aea886_214.json index 805a68e30ea..2984f54a624 100644 --- a/packages/security_detection_engine/kibana/security_rule/52aaab7b-b51c-441a-89ce-4387b3aea886_214.json +++ b/packages/security_detection_engine/kibana/security_rule/52aaab7b-b51c-441a-89ce-4387b3aea886_214.json @@ -24,15 +24,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/52afbdc5-db15-485e-bc24-f5707f820c4b_208.json b/packages/security_detection_engine/kibana/security_rule/52afbdc5-db15-485e-bc24-f5707f820c4b_208.json index 42eefac4885..bc94e18954e 100644 --- a/packages/security_detection_engine/kibana/security_rule/52afbdc5-db15-485e-bc24-f5707f820c4b_208.json +++ b/packages/security_detection_engine/kibana/security_rule/52afbdc5-db15-485e-bc24-f5707f820c4b_208.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/530178da-92ea-43ce-94c2-8877a826783d_112.json b/packages/security_detection_engine/kibana/security_rule/530178da-92ea-43ce-94c2-8877a826783d_112.json index cbf743fcd99..8f247581bfe 100644 --- a/packages/security_detection_engine/kibana/security_rule/530178da-92ea-43ce-94c2-8877a826783d_112.json +++ b/packages/security_detection_engine/kibana/security_rule/530178da-92ea-43ce-94c2-8877a826783d_112.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5301ac83-7a43-4c92-95e7-c372afea807d_1.json b/packages/security_detection_engine/kibana/security_rule/5301ac83-7a43-4c92-95e7-c372afea807d_1.json index b1c227f6a60..6ae77f8c020 100644 --- a/packages/security_detection_engine/kibana/security_rule/5301ac83-7a43-4c92-95e7-c372afea807d_1.json +++ b/packages/security_detection_engine/kibana/security_rule/5301ac83-7a43-4c92-95e7-c372afea807d_1.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/53617418-17b4-4e9c-8a2c-8deb8086ca4b_15.json b/packages/security_detection_engine/kibana/security_rule/53617418-17b4-4e9c-8a2c-8deb8086ca4b_15.json index c64d2fe512b..7e919a22e00 100644 --- a/packages/security_detection_engine/kibana/security_rule/53617418-17b4-4e9c-8a2c-8deb8086ca4b_15.json +++ b/packages/security_detection_engine/kibana/security_rule/53617418-17b4-4e9c-8a2c-8deb8086ca4b_15.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/536997f7-ae73-447d-a12d-bff1e8f5f0a0_212.json b/packages/security_detection_engine/kibana/security_rule/536997f7-ae73-447d-a12d-bff1e8f5f0a0_212.json index a2ea1efb10d..ad710213512 100644 --- a/packages/security_detection_engine/kibana/security_rule/536997f7-ae73-447d-a12d-bff1e8f5f0a0_212.json +++ b/packages/security_detection_engine/kibana/security_rule/536997f7-ae73-447d-a12d-bff1e8f5f0a0_212.json @@ -42,7 +42,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5370d4cd-2bb3-4d71-abf5-1e1d0ff5a2de_109.json b/packages/security_detection_engine/kibana/security_rule/5370d4cd-2bb3-4d71-abf5-1e1d0ff5a2de_109.json index ef0280506d7..93bab100c1e 100644 --- a/packages/security_detection_engine/kibana/security_rule/5370d4cd-2bb3-4d71-abf5-1e1d0ff5a2de_109.json +++ b/packages/security_detection_engine/kibana/security_rule/5370d4cd-2bb3-4d71-abf5-1e1d0ff5a2de_109.json @@ -42,7 +42,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5378a829-30c2-435a-a0f2-e3d794bd6f80_101.json b/packages/security_detection_engine/kibana/security_rule/5378a829-30c2-435a-a0f2-e3d794bd6f80_101.json index 95139d8b423..48787d910cc 100644 --- a/packages/security_detection_engine/kibana/security_rule/5378a829-30c2-435a-a0f2-e3d794bd6f80_101.json +++ b/packages/security_detection_engine/kibana/security_rule/5378a829-30c2-435a-a0f2-e3d794bd6f80_101.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/5397080f-34e5-449b-8e9c-4c8083d7ccc6_10.json b/packages/security_detection_engine/kibana/security_rule/5397080f-34e5-449b-8e9c-4c8083d7ccc6_10.json index 2c3880711c9..1a85e68bae8 100644 --- a/packages/security_detection_engine/kibana/security_rule/5397080f-34e5-449b-8e9c-4c8083d7ccc6_10.json +++ b/packages/security_detection_engine/kibana/security_rule/5397080f-34e5-449b-8e9c-4c8083d7ccc6_10.json @@ -21,15 +21,15 @@ "related_integrations": [ { "package": "beaconing", - "version": "^1.3.0" + "version": ">=1.3.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/53a26770-9cbd-40c5-8b57-61d01a325e14_319.json b/packages/security_detection_engine/kibana/security_rule/53a26770-9cbd-40c5-8b57-61d01a325e14_319.json index bc6d2dd38dc..11184766f9e 100644 --- a/packages/security_detection_engine/kibana/security_rule/53a26770-9cbd-40c5-8b57-61d01a325e14_319.json +++ b/packages/security_detection_engine/kibana/security_rule/53a26770-9cbd-40c5-8b57-61d01a325e14_319.json @@ -24,27 +24,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/53bb8f53-3550-4805-b6bd-728ded8d5564_1.json b/packages/security_detection_engine/kibana/security_rule/53bb8f53-3550-4805-b6bd-728ded8d5564_1.json index 972ef4b7245..e0949e81b5b 100644 --- a/packages/security_detection_engine/kibana/security_rule/53bb8f53-3550-4805-b6bd-728ded8d5564_1.json +++ b/packages/security_detection_engine/kibana/security_rule/53bb8f53-3550-4805-b6bd-728ded8d5564_1.json @@ -43,7 +43,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/53dedd83-1be7-430f-8026-363256395c8b_110.json b/packages/security_detection_engine/kibana/security_rule/53dedd83-1be7-430f-8026-363256395c8b_110.json index 5baa459d58b..522b1735180 100644 --- a/packages/security_detection_engine/kibana/security_rule/53dedd83-1be7-430f-8026-363256395c8b_110.json +++ b/packages/security_detection_engine/kibana/security_rule/53dedd83-1be7-430f-8026-363256395c8b_110.json @@ -21,15 +21,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/53ef31ea-1f8a-493b-9614-df23d8277232_7.json b/packages/security_detection_engine/kibana/security_rule/53ef31ea-1f8a-493b-9614-df23d8277232_7.json index 81c7057dc4f..92a182b62ee 100644 --- a/packages/security_detection_engine/kibana/security_rule/53ef31ea-1f8a-493b-9614-df23d8277232_7.json +++ b/packages/security_detection_engine/kibana/security_rule/53ef31ea-1f8a-493b-9614-df23d8277232_7.json @@ -27,11 +27,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/54214c47-be7c-4f6b-8ef2-78832f9f8f42_2.json b/packages/security_detection_engine/kibana/security_rule/54214c47-be7c-4f6b-8ef2-78832f9f8f42_2.json index 89db993746d..84e3acb9b8a 100644 --- a/packages/security_detection_engine/kibana/security_rule/54214c47-be7c-4f6b-8ef2-78832f9f8f42_2.json +++ b/packages/security_detection_engine/kibana/security_rule/54214c47-be7c-4f6b-8ef2-78832f9f8f42_2.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/54902e45-3467-49a4-8abc-529f2c8cfb80_217.json b/packages/security_detection_engine/kibana/security_rule/54902e45-3467-49a4-8abc-529f2c8cfb80_217.json index 24f6c0afe70..5e1579052b3 100644 --- a/packages/security_detection_engine/kibana/security_rule/54902e45-3467-49a4-8abc-529f2c8cfb80_217.json +++ b/packages/security_detection_engine/kibana/security_rule/54902e45-3467-49a4-8abc-529f2c8cfb80_217.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/54a81f68-5f2a-421e-8eed-f888278bb712_215.json b/packages/security_detection_engine/kibana/security_rule/54a81f68-5f2a-421e-8eed-f888278bb712_215.json index c0081cced45..792650b9f2a 100644 --- a/packages/security_detection_engine/kibana/security_rule/54a81f68-5f2a-421e-8eed-f888278bb712_215.json +++ b/packages/security_detection_engine/kibana/security_rule/54a81f68-5f2a-421e-8eed-f888278bb712_215.json @@ -44,7 +44,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/54c3d186-0461-4dc3-9b33-2dc5c7473936_219.json b/packages/security_detection_engine/kibana/security_rule/54c3d186-0461-4dc3-9b33-2dc5c7473936_219.json index 007968d18d4..98d58c36583 100644 --- a/packages/security_detection_engine/kibana/security_rule/54c3d186-0461-4dc3-9b33-2dc5c7473936_219.json +++ b/packages/security_detection_engine/kibana/security_rule/54c3d186-0461-4dc3-9b33-2dc5c7473936_219.json @@ -27,15 +27,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/55260656-76d6-427b-bd02-7acdde131b64_1.json b/packages/security_detection_engine/kibana/security_rule/55260656-76d6-427b-bd02-7acdde131b64_1.json index d32909c1d7e..9fbdb86e6fd 100644 --- a/packages/security_detection_engine/kibana/security_rule/55260656-76d6-427b-bd02-7acdde131b64_1.json +++ b/packages/security_detection_engine/kibana/security_rule/55260656-76d6-427b-bd02-7acdde131b64_1.json @@ -29,7 +29,7 @@ "related_integrations": [ { "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/55a372b9-f5b6-4069-a089-8637c00609a2_4.json b/packages/security_detection_engine/kibana/security_rule/55a372b9-f5b6-4069-a089-8637c00609a2_4.json index 52439de0dc0..dc2f2e59c68 100644 --- a/packages/security_detection_engine/kibana/security_rule/55a372b9-f5b6-4069-a089-8637c00609a2_4.json +++ b/packages/security_detection_engine/kibana/security_rule/55a372b9-f5b6-4069-a089-8637c00609a2_4.json @@ -18,7 +18,7 @@ "related_integrations": [ { "package": "fortinet_fortigate", - "version": "^1.31.0" + "version": ">=1.31.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/55be0398-e72d-4c02-a916-b11d62af0e29_1.json b/packages/security_detection_engine/kibana/security_rule/55be0398-e72d-4c02-a916-b11d62af0e29_1.json index f100437f69a..0177738621d 100644 --- a/packages/security_detection_engine/kibana/security_rule/55be0398-e72d-4c02-a916-b11d62af0e29_1.json +++ b/packages/security_detection_engine/kibana/security_rule/55be0398-e72d-4c02-a916-b11d62af0e29_1.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/55c2bf58-2a39-4c58-a384-c8b1978153c2_218.json b/packages/security_detection_engine/kibana/security_rule/55c2bf58-2a39-4c58-a384-c8b1978153c2_218.json index 798aa323b4d..a9a3782aa81 100644 --- a/packages/security_detection_engine/kibana/security_rule/55c2bf58-2a39-4c58-a384-c8b1978153c2_218.json +++ b/packages/security_detection_engine/kibana/security_rule/55c2bf58-2a39-4c58-a384-c8b1978153c2_218.json @@ -43,11 +43,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/55d551c6-333b-4665-ab7e-5d14a59715ce_214.json b/packages/security_detection_engine/kibana/security_rule/55d551c6-333b-4665-ab7e-5d14a59715ce_214.json index e521d1e5a44..dfab988e2d4 100644 --- a/packages/security_detection_engine/kibana/security_rule/55d551c6-333b-4665-ab7e-5d14a59715ce_214.json +++ b/packages/security_detection_engine/kibana/security_rule/55d551c6-333b-4665-ab7e-5d14a59715ce_214.json @@ -23,15 +23,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/55f07d1b-25bc-4a0f-aa0c-05323c1319d0_4.json b/packages/security_detection_engine/kibana/security_rule/55f07d1b-25bc-4a0f-aa0c-05323c1319d0_4.json index 1b34929962b..b3d5b788084 100644 --- a/packages/security_detection_engine/kibana/security_rule/55f07d1b-25bc-4a0f-aa0c-05323c1319d0_4.json +++ b/packages/security_detection_engine/kibana/security_rule/55f07d1b-25bc-4a0f-aa0c-05323c1319d0_4.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/55f711c1-6b4d-4787-930d-c9317a885adf_4.json b/packages/security_detection_engine/kibana/security_rule/55f711c1-6b4d-4787-930d-c9317a885adf_4.json index 0056d29bbe3..8796c2949d3 100644 --- a/packages/security_detection_engine/kibana/security_rule/55f711c1-6b4d-4787-930d-c9317a885adf_4.json +++ b/packages/security_detection_engine/kibana/security_rule/55f711c1-6b4d-4787-930d-c9317a885adf_4.json @@ -47,27 +47,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/56004189-4e69-4a39-b4a9-195329d226e9_210.json b/packages/security_detection_engine/kibana/security_rule/56004189-4e69-4a39-b4a9-195329d226e9_210.json index f58d3050f71..7c0e1655a30 100644 --- a/packages/security_detection_engine/kibana/security_rule/56004189-4e69-4a39-b4a9-195329d226e9_210.json +++ b/packages/security_detection_engine/kibana/security_rule/56004189-4e69-4a39-b4a9-195329d226e9_210.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "problemchild", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/5610b192-7f18-11ee-825b-f661ea17fbcd_210.json b/packages/security_detection_engine/kibana/security_rule/5610b192-7f18-11ee-825b-f661ea17fbcd_210.json index 8cf7b413312..4c9d3f41dd0 100644 --- a/packages/security_detection_engine/kibana/security_rule/5610b192-7f18-11ee-825b-f661ea17fbcd_210.json +++ b/packages/security_detection_engine/kibana/security_rule/5610b192-7f18-11ee-825b-f661ea17fbcd_210.json @@ -31,11 +31,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5619545b-9738-408c-bdb5-a2807e19133e_1.json b/packages/security_detection_engine/kibana/security_rule/5619545b-9738-408c-bdb5-a2807e19133e_1.json index dfd1d93b9b9..cf5ab9a20b2 100644 --- a/packages/security_detection_engine/kibana/security_rule/5619545b-9738-408c-bdb5-a2807e19133e_1.json +++ b/packages/security_detection_engine/kibana/security_rule/5619545b-9738-408c-bdb5-a2807e19133e_1.json @@ -43,7 +43,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/56312ef5-656c-4bf7-ad9a-affed052b102_1.json b/packages/security_detection_engine/kibana/security_rule/56312ef5-656c-4bf7-ad9a-affed052b102_1.json index b244d0a247c..099dd8dbfd4 100644 --- a/packages/security_detection_engine/kibana/security_rule/56312ef5-656c-4bf7-ad9a-affed052b102_1.json +++ b/packages/security_detection_engine/kibana/security_rule/56312ef5-656c-4bf7-ad9a-affed052b102_1.json @@ -42,7 +42,7 @@ "related_integrations": [ { "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/56557cde-d923-4b88-adee-c61b3f3b5dc3_212.json b/packages/security_detection_engine/kibana/security_rule/56557cde-d923-4b88-adee-c61b3f3b5dc3_212.json index 568dc2d3174..6c08ee683f0 100644 --- a/packages/security_detection_engine/kibana/security_rule/56557cde-d923-4b88-adee-c61b3f3b5dc3_212.json +++ b/packages/security_detection_engine/kibana/security_rule/56557cde-d923-4b88-adee-c61b3f3b5dc3_212.json @@ -17,11 +17,11 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/565c2b44-7a21-4818-955f-8d4737967d2e_211.json b/packages/security_detection_engine/kibana/security_rule/565c2b44-7a21-4818-955f-8d4737967d2e_211.json index f6e70213892..c972f23446e 100644 --- a/packages/security_detection_engine/kibana/security_rule/565c2b44-7a21-4818-955f-8d4737967d2e_211.json +++ b/packages/security_detection_engine/kibana/security_rule/565c2b44-7a21-4818-955f-8d4737967d2e_211.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/565d6ca5-75ba-4c82-9b13-add25353471c_112.json b/packages/security_detection_engine/kibana/security_rule/565d6ca5-75ba-4c82-9b13-add25353471c_112.json index e29e625a37c..edf82c680fd 100644 --- a/packages/security_detection_engine/kibana/security_rule/565d6ca5-75ba-4c82-9b13-add25353471c_112.json +++ b/packages/security_detection_engine/kibana/security_rule/565d6ca5-75ba-4c82-9b13-add25353471c_112.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5663b693-0dea-4f2e-8275-f1ae5ff2de8e_109.json b/packages/security_detection_engine/kibana/security_rule/5663b693-0dea-4f2e-8275-f1ae5ff2de8e_109.json index d664934f22a..b4585de9a87 100644 --- a/packages/security_detection_engine/kibana/security_rule/5663b693-0dea-4f2e-8275-f1ae5ff2de8e_109.json +++ b/packages/security_detection_engine/kibana/security_rule/5663b693-0dea-4f2e-8275-f1ae5ff2de8e_109.json @@ -24,7 +24,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/56d9cf6c-46ea-4019-9c7f-b1fdb855fee3_4.json b/packages/security_detection_engine/kibana/security_rule/56d9cf6c-46ea-4019-9c7f-b1fdb855fee3_4.json index 1b4fafbe263..fcdda8738f0 100644 --- a/packages/security_detection_engine/kibana/security_rule/56d9cf6c-46ea-4019-9c7f-b1fdb855fee3_4.json +++ b/packages/security_detection_engine/kibana/security_rule/56d9cf6c-46ea-4019-9c7f-b1fdb855fee3_4.json @@ -25,23 +25,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/56f2e9b5-4803-4e44-a0a4-a52dc79d57fe_318.json b/packages/security_detection_engine/kibana/security_rule/56f2e9b5-4803-4e44-a0a4-a52dc79d57fe_318.json index 96d522795df..89dc6123bb5 100644 --- a/packages/security_detection_engine/kibana/security_rule/56f2e9b5-4803-4e44-a0a4-a52dc79d57fe_318.json +++ b/packages/security_detection_engine/kibana/security_rule/56f2e9b5-4803-4e44-a0a4-a52dc79d57fe_318.json @@ -58,7 +58,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/56fa718c-a0de-4492-97ff-bbc444b015b8_1.json b/packages/security_detection_engine/kibana/security_rule/56fa718c-a0de-4492-97ff-bbc444b015b8_1.json index f892de476ec..dbea2793557 100644 --- a/packages/security_detection_engine/kibana/security_rule/56fa718c-a0de-4492-97ff-bbc444b015b8_1.json +++ b/packages/security_detection_engine/kibana/security_rule/56fa718c-a0de-4492-97ff-bbc444b015b8_1.json @@ -24,7 +24,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/56fdfcf1-ca7c-4fd9-951d-e215ee26e404_109.json b/packages/security_detection_engine/kibana/security_rule/56fdfcf1-ca7c-4fd9-951d-e215ee26e404_109.json index 76aa1ad1c19..9d8ef18290f 100644 --- a/packages/security_detection_engine/kibana/security_rule/56fdfcf1-ca7c-4fd9-951d-e215ee26e404_109.json +++ b/packages/security_detection_engine/kibana/security_rule/56fdfcf1-ca7c-4fd9-951d-e215ee26e404_109.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5700cb81-df44-46aa-a5d7-337798f53eb8_112.json b/packages/security_detection_engine/kibana/security_rule/5700cb81-df44-46aa-a5d7-337798f53eb8_112.json index 303ff25ea06..7938ce0cc3f 100644 --- a/packages/security_detection_engine/kibana/security_rule/5700cb81-df44-46aa-a5d7-337798f53eb8_112.json +++ b/packages/security_detection_engine/kibana/security_rule/5700cb81-df44-46aa-a5d7-337798f53eb8_112.json @@ -27,15 +27,15 @@ "related_integrations": [ { "package": "panw", - "version": "^5.2.0" + "version": ">=5.2.0" }, { "package": "pfsense", - "version": "^1.22.0" + "version": ">=1.22.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5749282b-7524-4c9d-af9a-e2b3e814e5d4_4.json b/packages/security_detection_engine/kibana/security_rule/5749282b-7524-4c9d-af9a-e2b3e814e5d4_4.json index 4a20f0d6cf5..2156865c050 100644 --- a/packages/security_detection_engine/kibana/security_rule/5749282b-7524-4c9d-af9a-e2b3e814e5d4_4.json +++ b/packages/security_detection_engine/kibana/security_rule/5749282b-7524-4c9d-af9a-e2b3e814e5d4_4.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/577ec21e-56fe-4065-91d8-45eb8224fe77_214.json b/packages/security_detection_engine/kibana/security_rule/577ec21e-56fe-4065-91d8-45eb8224fe77_214.json index c4c57aa624d..bcf71dbf775 100644 --- a/packages/security_detection_engine/kibana/security_rule/577ec21e-56fe-4065-91d8-45eb8224fe77_214.json +++ b/packages/security_detection_engine/kibana/security_rule/577ec21e-56fe-4065-91d8-45eb8224fe77_214.json @@ -44,7 +44,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/57bccf1d-daf5-4e1a-9049-ff79b5254704_109.json b/packages/security_detection_engine/kibana/security_rule/57bccf1d-daf5-4e1a-9049-ff79b5254704_109.json index 7ee29b4db55..747a1770d5d 100644 --- a/packages/security_detection_engine/kibana/security_rule/57bccf1d-daf5-4e1a-9049-ff79b5254704_109.json +++ b/packages/security_detection_engine/kibana/security_rule/57bccf1d-daf5-4e1a-9049-ff79b5254704_109.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/57bfa0a9-37c0-44d6-b724-54bf16787492_211.json b/packages/security_detection_engine/kibana/security_rule/57bfa0a9-37c0-44d6-b724-54bf16787492_211.json index bbcbb332fe2..6f7771148f3 100644 --- a/packages/security_detection_engine/kibana/security_rule/57bfa0a9-37c0-44d6-b724-54bf16787492_211.json +++ b/packages/security_detection_engine/kibana/security_rule/57bfa0a9-37c0-44d6-b724-54bf16787492_211.json @@ -27,23 +27,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/57e118c1-19eb-4c20-93a6-8a6c30a5b48b_3.json b/packages/security_detection_engine/kibana/security_rule/57e118c1-19eb-4c20-93a6-8a6c30a5b48b_3.json index 41eb2af7651..b7a904aa7c0 100644 --- a/packages/security_detection_engine/kibana/security_rule/57e118c1-19eb-4c20-93a6-8a6c30a5b48b_3.json +++ b/packages/security_detection_engine/kibana/security_rule/57e118c1-19eb-4c20-93a6-8a6c30a5b48b_3.json @@ -33,31 +33,31 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/581add16-df76-42bb-af8e-c979bfb39a59_320.json b/packages/security_detection_engine/kibana/security_rule/581add16-df76-42bb-af8e-c979bfb39a59_320.json index 0cd4b8c7a19..fe4942923d6 100644 --- a/packages/security_detection_engine/kibana/security_rule/581add16-df76-42bb-af8e-c979bfb39a59_320.json +++ b/packages/security_detection_engine/kibana/security_rule/581add16-df76-42bb-af8e-c979bfb39a59_320.json @@ -24,27 +24,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5841b80f-a1f8-4c00-a966-d2cc4a7a82e4_4.json b/packages/security_detection_engine/kibana/security_rule/5841b80f-a1f8-4c00-a966-d2cc4a7a82e4_4.json index 3fd796f9d68..cfa8e9f6eea 100644 --- a/packages/security_detection_engine/kibana/security_rule/5841b80f-a1f8-4c00-a966-d2cc4a7a82e4_4.json +++ b/packages/security_detection_engine/kibana/security_rule/5841b80f-a1f8-4c00-a966-d2cc4a7a82e4_4.json @@ -57,7 +57,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5889760c-9858-4b4b-879c-e299df493295_3.json b/packages/security_detection_engine/kibana/security_rule/5889760c-9858-4b4b-879c-e299df493295_3.json index 21ce7eab99e..78713f6344b 100644 --- a/packages/security_detection_engine/kibana/security_rule/5889760c-9858-4b4b-879c-e299df493295_3.json +++ b/packages/security_detection_engine/kibana/security_rule/5889760c-9858-4b4b-879c-e299df493295_3.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/58aa72ca-d968-4f34-b9f7-bea51d75eb50_317.json b/packages/security_detection_engine/kibana/security_rule/58aa72ca-d968-4f34-b9f7-bea51d75eb50_317.json index 7d56333c315..5c9aaf730bb 100644 --- a/packages/security_detection_engine/kibana/security_rule/58aa72ca-d968-4f34-b9f7-bea51d75eb50_317.json +++ b/packages/security_detection_engine/kibana/security_rule/58aa72ca-d968-4f34-b9f7-bea51d75eb50_317.json @@ -22,23 +22,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/58bc134c-e8d2-4291-a552-b4b3e537c60b_113.json b/packages/security_detection_engine/kibana/security_rule/58bc134c-e8d2-4291-a552-b4b3e537c60b_113.json index 378a15dc5d3..92aa07abb8d 100644 --- a/packages/security_detection_engine/kibana/security_rule/58bc134c-e8d2-4291-a552-b4b3e537c60b_113.json +++ b/packages/security_detection_engine/kibana/security_rule/58bc134c-e8d2-4291-a552-b4b3e537c60b_113.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/58c6d58b-a0d3-412d-b3b8-0981a9400607_116.json b/packages/security_detection_engine/kibana/security_rule/58c6d58b-a0d3-412d-b3b8-0981a9400607_116.json index c555bae830e..fbd0c084329 100644 --- a/packages/security_detection_engine/kibana/security_rule/58c6d58b-a0d3-412d-b3b8-0981a9400607_116.json +++ b/packages/security_detection_engine/kibana/security_rule/58c6d58b-a0d3-412d-b3b8-0981a9400607_116.json @@ -38,7 +38,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/590fc62d-7386-4c75-92b0-af4517018da1_3.json b/packages/security_detection_engine/kibana/security_rule/590fc62d-7386-4c75-92b0-af4517018da1_3.json deleted file mode 100644 index b9899404274..00000000000 --- a/packages/security_detection_engine/kibana/security_rule/590fc62d-7386-4c75-92b0-af4517018da1_3.json +++ /dev/null @@ -1,111 +0,0 @@ -{ - "attributes": { - "author": [ - "Elastic" - ], - "description": "Detects unusual modification of GenAI tool configuration files. Adversaries may inject malicious MCP server configurations to hijack AI agents for persistence, C2, or data exfiltration. Attack vectors include malware or scripts directly poisoning config files, supply chain attacks via compromised dependencies, and prompt injection attacks that abuse the GenAI tool itself to modify its own configuration. Unauthorized MCP servers added to these configs execute arbitrary commands when the AI tool is next invoked.", - "from": "now-9m", - "history_window_start": "now-7d", - "index": [ - "logs-endpoint.events.file*" - ], - "language": "kuery", - "license": "Elastic License v2", - "name": "Unusual Process Modifying GenAI Configuration File", - "new_terms_fields": [ - "process.executable" - ], - "note": "## Triage and analysis\n\n### Investigating Unusual Process Modifying GenAI Configuration File\n\nConfiguration files for GenAI tools like Cursor, Claude, Copilot, and Ollama control which MCP servers, plugins, and extensions are loaded. Attackers target these files to inject malicious MCP servers that execute arbitrary commands, exfiltrate data, or establish persistence. Threats include external processes (malware, compromised scripts, supply chain attacks) directly modifying configs, as well as prompt injection attacks that abuse the AI tool's own file access capabilities.\n\n### Possible investigation steps\n\n- Identify the process that modified the configuration file and determine if it's expected (GenAI tool, installer, user action) or suspicious (unknown script, malware).\n- If the modifying process is NOT a GenAI tool, investigate its origin, parent process tree, and whether it was downloaded or executed from a suspicious location.\n- If a GenAI tool made the modification, check recent user prompts or agent activity that may have triggered the config change via prompt injection.\n- Review the contents of the modified configuration file for suspicious MCP server URLs, unauthorized plugins, or unusual agent permissions.\n- Examine the process command line and parent process tree to identify how the modifying process was invoked.\n- Check for other file modifications by the same process around the same time, particularly to other GenAI configs or startup scripts.\n- Investigate whether the GenAI tool subsequently connected to unknown domains or spawned unusual child processes after the config change.\n\n### False positive analysis\n\n- Novel but legitimate configuration changes will trigger this rule when the process hasn't been seen modifying these files within the configured history window. Review the modified file content to determine legitimacy.\n- GenAI tool updates may modify config files in new ways; correlate with recent software updates.\n- IDE extensions integrating with GenAI tools may modify configs as part of initial setup.\n- Developer tools (git, go, npm) checking out or downloading projects containing `.gemini/` or `.claude/` directories may trigger alerts. These are project-level configs, not user configs - verify by checking if the path is within a project directory.\n\n### Response and remediation\n\n- Review the modified configuration file and revert any unauthorized changes to MCP servers, plugins, or agent settings.\n- If malicious MCP servers were added, block the associated domains at the network level.\n- Review and rotate any API keys or credentials that may have been exposed through the compromised GenAI configuration.\n", - "query": "event.category : \"file\" and event.action : (\"modification\" or \"overwrite\") and\nfile.path : (\n */.cursor/mcp.json or */.cursor/settings.json or */AppData/Roaming/Cursor/*mcp* or\n */.claude/* or */claude_desktop_config.json or */AppData/Roaming/Claude/* or\n */.config/github-copilot/* or */AppData/Local/GitHub?Copilot/* or\n */.ollama/config* or */AppData/Local/Ollama/* or\n */.codex/* or */AppData/Roaming/Codex/* or\n */.gemini/* or */AppData/Roaming/gemini-cli/* or\n */.grok/* or */AppData/Roaming/Grok/* or\n */.windsurf/* or */AppData/Roaming/Windsurf/* or\n */.vscode/extensions/*mcp* or\n */.openclaw/* or */AppData/Roaming/OpenClaw/* or\n */.moltbot/* or */AppData/Roaming/Moltbot/* or\n */.config/openclaw/*\n) and not (\n file.extension : (lck or lock) or\n (\n file.path : */.config/github-copilot/* and \n file.name : (apps.json or versions.json or copilot*nitrite.db)\n \n )\n)\n", - "references": [ - "https://modelcontextprotocol.io/", - "https://www.cybereason.com/blog/security-research/weaponized-ai-how-cybercriminals-exploit-mcp-for-account-takeover", - "https://glama.ai/blog/2025-11-11-the-lethal-trifecta-securing-model-context-protocol-against-data-flow-attacks", - "https://www.elastic.co/security-labs/elastic-advances-llm-security" - ], - "related_integrations": [ - { - "package": "endpoint", - "version": "^9.0.0" - } - ], - "required_fields": [ - { - "ecs": true, - "name": "event.action", - "type": "keyword" - }, - { - "ecs": true, - "name": "event.category", - "type": "keyword" - }, - { - "ecs": true, - "name": "file.extension", - "type": "keyword" - }, - { - "ecs": true, - "name": "file.name", - "type": "keyword" - }, - { - "ecs": true, - "name": "file.path", - "type": "keyword" - } - ], - "risk_score": 47, - "rule_id": "590fc62d-7386-4c75-92b0-af4517018da1", - "severity": "medium", - "tags": [ - "Domain: Endpoint", - "OS: macOS", - "OS: Windows", - "Use Case: Threat Detection", - "Tactic: Defense Evasion", - "Tactic: Persistence", - "Data Source: Elastic Defend", - "Resources: Investigation Guide", - "Domain: LLM" - ], - "threat": [ - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0005", - "name": "Defense Evasion", - "reference": "https://attack.mitre.org/tactics/TA0005/" - }, - "technique": [ - { - "id": "T1556", - "name": "Modify Authentication Process", - "reference": "https://attack.mitre.org/techniques/T1556/" - } - ] - }, - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0003", - "name": "Persistence", - "reference": "https://attack.mitre.org/tactics/TA0003/" - }, - "technique": [ - { - "id": "T1554", - "name": "Compromise Host Software Binary", - "reference": "https://attack.mitre.org/techniques/T1554/" - } - ] - } - ], - "timestamp_override": "event.ingested", - "type": "new_terms", - "version": 3 - }, - "id": "590fc62d-7386-4c75-92b0-af4517018da1_3", - "type": "security-rule" -} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/590fc62d-7386-4c75-92b0-af4517018da1_7.json b/packages/security_detection_engine/kibana/security_rule/590fc62d-7386-4c75-92b0-af4517018da1_7.json index a137e205306..f6d5d9b7cc9 100644 --- a/packages/security_detection_engine/kibana/security_rule/590fc62d-7386-4c75-92b0-af4517018da1_7.json +++ b/packages/security_detection_engine/kibana/security_rule/590fc62d-7386-4c75-92b0-af4517018da1_7.json @@ -26,7 +26,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5919988c-29e1-4908-83aa-1f087a838f63_7.json b/packages/security_detection_engine/kibana/security_rule/5919988c-29e1-4908-83aa-1f087a838f63_7.json index b376a764cb2..7355d918ae9 100644 --- a/packages/security_detection_engine/kibana/security_rule/5919988c-29e1-4908-83aa-1f087a838f63_7.json +++ b/packages/security_detection_engine/kibana/security_rule/5919988c-29e1-4908-83aa-1f087a838f63_7.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5930658c-2107-4afc-91af-e0e55b7f7184_213.json b/packages/security_detection_engine/kibana/security_rule/5930658c-2107-4afc-91af-e0e55b7f7184_213.json index 73c3a85010b..6f4ceebc37b 100644 --- a/packages/security_detection_engine/kibana/security_rule/5930658c-2107-4afc-91af-e0e55b7f7184_213.json +++ b/packages/security_detection_engine/kibana/security_rule/5930658c-2107-4afc-91af-e0e55b7f7184_213.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/594e0cbf-86cc-45aa-9ff7-ff27db27d3ed_214.json b/packages/security_detection_engine/kibana/security_rule/594e0cbf-86cc-45aa-9ff7-ff27db27d3ed_214.json index 8b8b45e68bd..9eff1c2cf69 100644 --- a/packages/security_detection_engine/kibana/security_rule/594e0cbf-86cc-45aa-9ff7-ff27db27d3ed_214.json +++ b/packages/security_detection_engine/kibana/security_rule/594e0cbf-86cc-45aa-9ff7-ff27db27d3ed_214.json @@ -42,7 +42,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/59756272-1998-4b8c-be14-e287035c4d10_208.json b/packages/security_detection_engine/kibana/security_rule/59756272-1998-4b8c-be14-e287035c4d10_208.json index 34788c353de..7002a858aa0 100644 --- a/packages/security_detection_engine/kibana/security_rule/59756272-1998-4b8c-be14-e287035c4d10_208.json +++ b/packages/security_detection_engine/kibana/security_rule/59756272-1998-4b8c-be14-e287035c4d10_208.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/59bf26c2-bcbe-11ef-a215-f661ea17fbce_9.json b/packages/security_detection_engine/kibana/security_rule/59bf26c2-bcbe-11ef-a215-f661ea17fbce_9.json index 2050facbbbd..932d69eefe5 100644 --- a/packages/security_detection_engine/kibana/security_rule/59bf26c2-bcbe-11ef-a215-f661ea17fbce_9.json +++ b/packages/security_detection_engine/kibana/security_rule/59bf26c2-bcbe-11ef-a215-f661ea17fbce_9.json @@ -42,7 +42,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5a138e2e-aec3-4240-9843-56825d0bc569_108.json b/packages/security_detection_engine/kibana/security_rule/5a138e2e-aec3-4240-9843-56825d0bc569_108.json index 855d73c4004..4aefd76b9f5 100644 --- a/packages/security_detection_engine/kibana/security_rule/5a138e2e-aec3-4240-9843-56825d0bc569_108.json +++ b/packages/security_detection_engine/kibana/security_rule/5a138e2e-aec3-4240-9843-56825d0bc569_108.json @@ -19,15 +19,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5a14d01d-7ac8-4545-914c-b687c2cf66b3_314.json b/packages/security_detection_engine/kibana/security_rule/5a14d01d-7ac8-4545-914c-b687c2cf66b3_314.json index fe318fba353..ff155319f02 100644 --- a/packages/security_detection_engine/kibana/security_rule/5a14d01d-7ac8-4545-914c-b687c2cf66b3_314.json +++ b/packages/security_detection_engine/kibana/security_rule/5a14d01d-7ac8-4545-914c-b687c2cf66b3_314.json @@ -25,19 +25,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5a3d5447-31c9-409a-aed1-72f9921594fd_14.json b/packages/security_detection_engine/kibana/security_rule/5a3d5447-31c9-409a-aed1-72f9921594fd_14.json index 0e6792e96fc..fab097eb14f 100644 --- a/packages/security_detection_engine/kibana/security_rule/5a3d5447-31c9-409a-aed1-72f9921594fd_14.json +++ b/packages/security_detection_engine/kibana/security_rule/5a3d5447-31c9-409a-aed1-72f9921594fd_14.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5a876e0d-d39a-49b9-8ad8-19c9b622203b_4.json b/packages/security_detection_engine/kibana/security_rule/5a876e0d-d39a-49b9-8ad8-19c9b622203b_4.json index 5204c3d05ce..55351a523cf 100644 --- a/packages/security_detection_engine/kibana/security_rule/5a876e0d-d39a-49b9-8ad8-19c9b622203b_4.json +++ b/packages/security_detection_engine/kibana/security_rule/5a876e0d-d39a-49b9-8ad8-19c9b622203b_4.json @@ -13,31 +13,31 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5ab49127-b1b3-46e6-8a38-9e8512a2a363_6.json b/packages/security_detection_engine/kibana/security_rule/5ab49127-b1b3-46e6-8a38-9e8512a2a363_6.json index bf1c3e01642..f7623979dfe 100644 --- a/packages/security_detection_engine/kibana/security_rule/5ab49127-b1b3-46e6-8a38-9e8512a2a363_6.json +++ b/packages/security_detection_engine/kibana/security_rule/5ab49127-b1b3-46e6-8a38-9e8512a2a363_6.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5ae02ebc-a5de-4eac-afe6-c88de696477d_108.json b/packages/security_detection_engine/kibana/security_rule/5ae02ebc-a5de-4eac-afe6-c88de696477d_108.json index 3341f08f6ff..d4a3669f26f 100644 --- a/packages/security_detection_engine/kibana/security_rule/5ae02ebc-a5de-4eac-afe6-c88de696477d_108.json +++ b/packages/security_detection_engine/kibana/security_rule/5ae02ebc-a5de-4eac-afe6-c88de696477d_108.json @@ -21,15 +21,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5ae4e6f8-d1bf-40fa-96ba-e29645e1e4dc_112.json b/packages/security_detection_engine/kibana/security_rule/5ae4e6f8-d1bf-40fa-96ba-e29645e1e4dc_112.json index 2486056f984..671bc00a09c 100644 --- a/packages/security_detection_engine/kibana/security_rule/5ae4e6f8-d1bf-40fa-96ba-e29645e1e4dc_112.json +++ b/packages/security_detection_engine/kibana/security_rule/5ae4e6f8-d1bf-40fa-96ba-e29645e1e4dc_112.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5aee924b-6ceb-4633-980e-1bde8cdb40c5_314.json b/packages/security_detection_engine/kibana/security_rule/5aee924b-6ceb-4633-980e-1bde8cdb40c5_314.json index 5cf380ee91a..c316cdc6ddf 100644 --- a/packages/security_detection_engine/kibana/security_rule/5aee924b-6ceb-4633-980e-1bde8cdb40c5_314.json +++ b/packages/security_detection_engine/kibana/security_rule/5aee924b-6ceb-4633-980e-1bde8cdb40c5_314.json @@ -22,23 +22,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5b03c9fb-9945-4d2f-9568-fd690fee3fba_114.json b/packages/security_detection_engine/kibana/security_rule/5b03c9fb-9945-4d2f-9568-fd690fee3fba_114.json index 946e63190c2..f86d422ebf3 100644 --- a/packages/security_detection_engine/kibana/security_rule/5b03c9fb-9945-4d2f-9568-fd690fee3fba_114.json +++ b/packages/security_detection_engine/kibana/security_rule/5b03c9fb-9945-4d2f-9568-fd690fee3fba_114.json @@ -24,19 +24,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5b06a27f-ad72-4499-91db-0c69667bffa5_11.json b/packages/security_detection_engine/kibana/security_rule/5b06a27f-ad72-4499-91db-0c69667bffa5_11.json index 65ad8b49641..e3a7c4b5c2e 100644 --- a/packages/security_detection_engine/kibana/security_rule/5b06a27f-ad72-4499-91db-0c69667bffa5_11.json +++ b/packages/security_detection_engine/kibana/security_rule/5b06a27f-ad72-4499-91db-0c69667bffa5_11.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5b18eef4-842c-4b47-970f-f08d24004bde_112.json b/packages/security_detection_engine/kibana/security_rule/5b18eef4-842c-4b47-970f-f08d24004bde_112.json index 2c5acbe2efc..01ff20df82f 100644 --- a/packages/security_detection_engine/kibana/security_rule/5b18eef4-842c-4b47-970f-f08d24004bde_112.json +++ b/packages/security_detection_engine/kibana/security_rule/5b18eef4-842c-4b47-970f-f08d24004bde_112.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5b8d7b94-23c6-4e3f-baed-3a4d0da4f19d_5.json b/packages/security_detection_engine/kibana/security_rule/5b8d7b94-23c6-4e3f-baed-3a4d0da4f19d_5.json index 93b63756f51..6124d3bca04 100644 --- a/packages/security_detection_engine/kibana/security_rule/5b8d7b94-23c6-4e3f-baed-3a4d0da4f19d_5.json +++ b/packages/security_detection_engine/kibana/security_rule/5b8d7b94-23c6-4e3f-baed-3a4d0da4f19d_5.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5b9eb30f-87d6-45f4-9289-2bf2024f0376_9.json b/packages/security_detection_engine/kibana/security_rule/5b9eb30f-87d6-45f4-9289-2bf2024f0376_9.json index 9c7362935aa..5e7ec525a87 100644 --- a/packages/security_detection_engine/kibana/security_rule/5b9eb30f-87d6-45f4-9289-2bf2024f0376_9.json +++ b/packages/security_detection_engine/kibana/security_rule/5b9eb30f-87d6-45f4-9289-2bf2024f0376_9.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5bb4a95d-5a08-48eb-80db-4c3a63ec78a8_323.json b/packages/security_detection_engine/kibana/security_rule/5bb4a95d-5a08-48eb-80db-4c3a63ec78a8_323.json index eb6a14029c6..045fb7d739d 100644 --- a/packages/security_detection_engine/kibana/security_rule/5bb4a95d-5a08-48eb-80db-4c3a63ec78a8_323.json +++ b/packages/security_detection_engine/kibana/security_rule/5bb4a95d-5a08-48eb-80db-4c3a63ec78a8_323.json @@ -123,19 +123,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5bda8597-69a6-4b9e-87a2-69a7c963ea83_5.json b/packages/security_detection_engine/kibana/security_rule/5bda8597-69a6-4b9e-87a2-69a7c963ea83_5.json index 66363acc358..e986409479b 100644 --- a/packages/security_detection_engine/kibana/security_rule/5bda8597-69a6-4b9e-87a2-69a7c963ea83_5.json +++ b/packages/security_detection_engine/kibana/security_rule/5bda8597-69a6-4b9e-87a2-69a7c963ea83_5.json @@ -17,11 +17,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5bdad1d5-5001-4a13-ae99-fa8619500f1a_5.json b/packages/security_detection_engine/kibana/security_rule/5bdad1d5-5001-4a13-ae99-fa8619500f1a_5.json deleted file mode 100644 index 56e7ad1aca3..00000000000 --- a/packages/security_detection_engine/kibana/security_rule/5bdad1d5-5001-4a13-ae99-fa8619500f1a_5.json +++ /dev/null @@ -1,160 +0,0 @@ -{ - "attributes": { - "author": [ - "Elastic" - ], - "description": "This rule detects when a base64 decoded payload is piped to an interpreter on Linux systems. Adversaries may use base64 encoding to obfuscate data and pipe it to an interpreter to execute malicious code. This technique may be used to evade detection by host- or network-based security controls.", - "from": "now-9m", - "index": [ - "logs-endpoint.events.process*", - "logs-crowdstrike.fdr*" - ], - "language": "eql", - "license": "Elastic License v2", - "name": "Base64 Decoded Payload Piped to Interpreter", - "note": " ## Triage and analysis\n\n> **Disclaimer**:\n> This investigation guide was created using generative AI technology and has been reviewed to improve its accuracy and relevance. While every effort has been made to ensure its quality, we recommend validating the content and adapting it to suit your specific environment and operational needs.\n\n### Investigating Base64 Decoded Payload Piped to Interpreter\n\nBase64 encoding is a method to encode binary data into ASCII text, often used for data obfuscation. Adversaries exploit this by encoding malicious payloads and decoding them on a target system, piping the output to interpreters like bash or python for execution. The detection rule identifies such activities by monitoring for processes that decode Base64 and subsequently execute scripts, indicating potential malicious behavior.\n\n### Possible investigation steps\n\n- Review the process command line arguments to identify the specific Base64 decoding activity, focusing on the presence of flags like `-d` or `-a` in conjunction with tools such as `base64`, `openssl`, or scripting languages like `python`, `perl`, or `ruby`.\n- Examine the parent process entity ID and command line to understand the context in which the Base64 decoding was initiated, identifying any potentially suspicious parent processes.\n- Investigate the subsequent interpreter process that was executed, such as `bash`, `python`, or `ruby`, to determine the nature of the script or command being run, looking for any signs of malicious activity.\n- Check the timing and sequence of the processes involved to confirm if the Base64 decoding and interpreter execution occurred within the specified maxspan of 3 seconds, indicating a likely automated or scripted action.\n- Analyze the host ID and any associated user accounts to determine if the activity aligns with expected behavior for that system or user, or if it suggests unauthorized access or compromise.\n- Correlate the alert with other security events or logs from the same host or user to identify any additional indicators of compromise or related suspicious activities.\n\n### False positive analysis\n\n- Legitimate administrative scripts may use Base64 encoding to handle data securely. Review the context of the script execution and consider excluding specific scripts or directories from monitoring if they are verified as safe.\n- Automated backup or data transfer processes might use Base64 encoding for data integrity. Identify these processes and create exceptions for known, trusted applications or scripts.\n- Development environments often use Base64 encoding for testing purposes. If a development tool or script is frequently triggering alerts, consider excluding the specific development environment or user accounts from this rule.\n- Security tools or monitoring solutions may use Base64 encoding as part of their normal operations. Verify the source of the alert and exclude known security tools from triggering this rule.\n- System updates or package installations might involve Base64 operations. Monitor the timing and context of these alerts and exclude specific update processes if they are consistently identified as false positives.\n\n### Response and remediation\n\n- Isolate the affected system from the network to prevent further execution of potentially malicious code and lateral movement.\n- Terminate any suspicious processes identified by the detection rule, particularly those involving base64 decoding and piping to interpreters.\n- Conduct a forensic analysis of the affected system to identify any additional indicators of compromise, such as unauthorized file modifications or network connections.\n- Restore the system from a known good backup if malicious activity is confirmed and the integrity of the system is compromised.\n- Update and patch all software and systems to mitigate vulnerabilities that could be exploited by similar techniques.\n- Implement enhanced monitoring and logging for base64 decoding activities and interpreter executions to detect similar threats in the future.\n- Escalate the incident to the security operations center (SOC) or incident response team for further investigation and to determine if broader organizational impacts exist.\n", - "query": "sequence by host.id, process.parent.entity_id with maxspan=3s\n [process where host.os.type == \"linux\" and event.type == \"start\" and event.action in (\"exec\", \"ProcessRollup2\") and (\n (process.name in (\"base64\", \"base64plain\", \"base64url\", \"base64mime\", \"base64pem\", \"base32\", \"base16\") and process.command_line like~ \"*-*d*\") or\n (process.name == \"openssl\" and process.args == \"enc\" and process.args in (\"-d\", \"-base64\", \"-a\")) or\n (process.name like \"python*\" and\n (process.args == \"base64\" and process.args in (\"-d\", \"-u\", \"-t\")) or\n (process.args == \"-c\" and process.args like \"*base64*\" and process.command_line like~ \"*b64decode*\")\n ) or\n (process.name like \"perl*\" and process.command_line like~ \"*decode_base64*\") or\n (process.name like \"ruby*\" and process.args == \"-e\" and process.command_line like~ \"*Base64.decode64*\")\n )]\n [process where host.os.type == \"linux\" and event.type == \"start\" and event.action in (\"exec\", \"ProcessRollup2\") and process.name like~ (\n \"bash\", \"dash\", \"sh\", \"tcsh\", \"csh\", \"zsh\", \"ksh\", \"fish\", \"python*\", \"perl*\", \"ruby*\", \"lua*\", \"php*\"\n ) and\n not (\n ?process.parent.command_line in (\"bash ./run_tests.sh unit-integration\", \"/bin/sh /var/lib/dpkg/info/nmap-common.postinst configure\") or\n process.command_line == \"/usr/bin/perl /usr/bin/shasum -a 256\" or\n ?process.working_directory like (\n \"/usr/local/zeek\", \"/opt/zeek\", \"/var/lib/docker/overlay2/*/opt/zeek\", \"/usr/local/zeek_old_install\",\n \"/var/lib/docker/overlay2/*/usr/local/zeek\", \"/proc/self/fd/*/usr/local/zeek\"\n ) or\n (?process.parent.name == \"zsh\" and ?process.parent.command_line like \"*extendedglob*\") or\n (process.name like \"python*\" and ?process.parent.name == \"python*\")\n )]\n", - "related_integrations": [ - { - "package": "endpoint", - "version": "^9.0.0" - }, - { - "package": "crowdstrike", - "version": "^3.0.0" - } - ], - "required_fields": [ - { - "ecs": true, - "name": "event.action", - "type": "keyword" - }, - { - "ecs": true, - "name": "event.type", - "type": "keyword" - }, - { - "ecs": true, - "name": "host.id", - "type": "keyword" - }, - { - "ecs": true, - "name": "host.os.type", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.args", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.command_line", - "type": "wildcard" - }, - { - "ecs": true, - "name": "process.name", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.parent.command_line", - "type": "wildcard" - }, - { - "ecs": true, - "name": "process.parent.entity_id", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.parent.name", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.working_directory", - "type": "keyword" - } - ], - "risk_score": 73, - "rule_id": "5bdad1d5-5001-4a13-ae99-fa8619500f1a", - "setup": "## Setup\n\nThis rule requires data coming in from Elastic Defend.\n\n### Elastic Defend Integration Setup\nElastic Defend is integrated into the Elastic Agent using Fleet. Upon configuration, the integration allows the Elastic Agent to monitor events on your host and send data to the Elastic Security app.\n\n#### Prerequisite Requirements:\n- Fleet is required for Elastic Defend.\n- To configure Fleet Server refer to the [documentation](https://www.elastic.co/guide/en/fleet/current/fleet-server.html).\n\n#### The following steps should be executed in order to add the Elastic Defend integration on a Linux System:\n- Go to the Kibana home page and click \"Add integrations\".\n- In the query bar, search for \"Elastic Defend\" and select the integration to see more details about it.\n- Click \"Add Elastic Defend\".\n- Configure the integration name and optionally add a description.\n- Select the type of environment you want to protect, either \"Traditional Endpoints\" or \"Cloud Workloads\".\n- Select a configuration preset. Each preset comes with different default settings for Elastic Agent, you can further customize these later by configuring the Elastic Defend integration policy. [Helper guide](https://www.elastic.co/guide/en/security/current/configure-endpoint-integration-policy.html).\n- We suggest selecting \"Complete EDR (Endpoint Detection and Response)\" as a configuration setting, that provides \"All events; all preventions\"\n- Enter a name for the agent policy in \"New agent policy name\". If other agent policies already exist, you can click the \"Existing hosts\" tab and select an existing policy instead.\nFor more details on Elastic Agent configuration settings, refer to the [helper guide](https://www.elastic.co/guide/en/fleet/8.10/agent-policy.html).\n- Click \"Save and Continue\".\n- To complete the integration, select \"Add Elastic Agent to your hosts\" and continue to the next section to install the Elastic Agent on your hosts.\nFor more details on Elastic Defend refer to the [helper guide](https://www.elastic.co/guide/en/security/current/install-endpoint.html).\n", - "severity": "high", - "tags": [ - "Domain: Endpoint", - "OS: Linux", - "Use Case: Threat Detection", - "Tactic: Defense Evasion", - "Tactic: Execution", - "Data Source: Elastic Defend", - "Resources: Investigation Guide", - "Data Source: Crowdstrike" - ], - "threat": [ - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0005", - "name": "Defense Evasion", - "reference": "https://attack.mitre.org/tactics/TA0005/" - }, - "technique": [ - { - "id": "T1027", - "name": "Obfuscated Files or Information", - "reference": "https://attack.mitre.org/techniques/T1027/" - }, - { - "id": "T1140", - "name": "Deobfuscate/Decode Files or Information", - "reference": "https://attack.mitre.org/techniques/T1140/" - } - ] - }, - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0002", - "name": "Execution", - "reference": "https://attack.mitre.org/tactics/TA0002/" - }, - "technique": [ - { - "id": "T1059", - "name": "Command and Scripting Interpreter", - "reference": "https://attack.mitre.org/techniques/T1059/", - "subtechnique": [ - { - "id": "T1059.004", - "name": "Unix Shell", - "reference": "https://attack.mitre.org/techniques/T1059/004/" - } - ] - }, - { - "id": "T1204", - "name": "User Execution", - "reference": "https://attack.mitre.org/techniques/T1204/", - "subtechnique": [ - { - "id": "T1204.002", - "name": "Malicious File", - "reference": "https://attack.mitre.org/techniques/T1204/002/" - } - ] - } - ] - } - ], - "timestamp_override": "event.ingested", - "type": "eql", - "version": 5 - }, - "id": "5bdad1d5-5001-4a13-ae99-fa8619500f1a_5", - "type": "security-rule" -} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/5bdad1d5-5001-4a13-ae99-fa8619500f1a_8.json b/packages/security_detection_engine/kibana/security_rule/5bdad1d5-5001-4a13-ae99-fa8619500f1a_8.json index a4a8140e21d..2c69bc21f96 100644 --- a/packages/security_detection_engine/kibana/security_rule/5bdad1d5-5001-4a13-ae99-fa8619500f1a_8.json +++ b/packages/security_detection_engine/kibana/security_rule/5bdad1d5-5001-4a13-ae99-fa8619500f1a_8.json @@ -17,11 +17,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5beaebc1-cc13-4bfc-9949-776f9e0dc318_212.json b/packages/security_detection_engine/kibana/security_rule/5beaebc1-cc13-4bfc-9949-776f9e0dc318_212.json index 051ad937ab1..86892a9ce39 100644 --- a/packages/security_detection_engine/kibana/security_rule/5beaebc1-cc13-4bfc-9949-776f9e0dc318_212.json +++ b/packages/security_detection_engine/kibana/security_rule/5beaebc1-cc13-4bfc-9949-776f9e0dc318_212.json @@ -41,7 +41,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5c351f54-4187-4ad8-abc8-29b0cfbef8b1_9.json b/packages/security_detection_engine/kibana/security_rule/5c351f54-4187-4ad8-abc8-29b0cfbef8b1_9.json index 75856e95e4d..8ed3cd955b5 100644 --- a/packages/security_detection_engine/kibana/security_rule/5c351f54-4187-4ad8-abc8-29b0cfbef8b1_9.json +++ b/packages/security_detection_engine/kibana/security_rule/5c351f54-4187-4ad8-abc8-29b0cfbef8b1_9.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5c495612-9992-49a7-afe3-0f647671fb60_5.json b/packages/security_detection_engine/kibana/security_rule/5c495612-9992-49a7-afe3-0f647671fb60_5.json index 3d548342e5e..10bb1cdb8c3 100644 --- a/packages/security_detection_engine/kibana/security_rule/5c495612-9992-49a7-afe3-0f647671fb60_5.json +++ b/packages/security_detection_engine/kibana/security_rule/5c495612-9992-49a7-afe3-0f647671fb60_5.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5c602cba-ae00-4488-845d-24de2b6d8055_108.json b/packages/security_detection_engine/kibana/security_rule/5c602cba-ae00-4488-845d-24de2b6d8055_108.json index 7e6aac6802b..8d9e7ae0b47 100644 --- a/packages/security_detection_engine/kibana/security_rule/5c602cba-ae00-4488-845d-24de2b6d8055_108.json +++ b/packages/security_detection_engine/kibana/security_rule/5c602cba-ae00-4488-845d-24de2b6d8055_108.json @@ -40,7 +40,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5c6f4c58-b381-452a-8976-f1b1c6aa0def_119.json b/packages/security_detection_engine/kibana/security_rule/5c6f4c58-b381-452a-8976-f1b1c6aa0def_119.json index 7c02b7ea178..64fa9442ffd 100644 --- a/packages/security_detection_engine/kibana/security_rule/5c6f4c58-b381-452a-8976-f1b1c6aa0def_119.json +++ b/packages/security_detection_engine/kibana/security_rule/5c6f4c58-b381-452a-8976-f1b1c6aa0def_119.json @@ -46,11 +46,11 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5c81fc9d-1eae-437f-ba07-268472967013_4.json b/packages/security_detection_engine/kibana/security_rule/5c81fc9d-1eae-437f-ba07-268472967013_4.json index 95461615b50..e99ec656cff 100644 --- a/packages/security_detection_engine/kibana/security_rule/5c81fc9d-1eae-437f-ba07-268472967013_4.json +++ b/packages/security_detection_engine/kibana/security_rule/5c81fc9d-1eae-437f-ba07-268472967013_4.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5c832156-5785-4c9c-a2e7-0d80d2ba3daa_106.json b/packages/security_detection_engine/kibana/security_rule/5c832156-5785-4c9c-a2e7-0d80d2ba3daa_106.json index 8722649ebdb..a9bc9ec8718 100644 --- a/packages/security_detection_engine/kibana/security_rule/5c832156-5785-4c9c-a2e7-0d80d2ba3daa_106.json +++ b/packages/security_detection_engine/kibana/security_rule/5c832156-5785-4c9c-a2e7-0d80d2ba3daa_106.json @@ -27,11 +27,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5c895b4f-9133-4e68-9e23-59902175355c_12.json b/packages/security_detection_engine/kibana/security_rule/5c895b4f-9133-4e68-9e23-59902175355c_12.json index 9b13129924c..0b796a43a72 100644 --- a/packages/security_detection_engine/kibana/security_rule/5c895b4f-9133-4e68-9e23-59902175355c_12.json +++ b/packages/security_detection_engine/kibana/security_rule/5c895b4f-9133-4e68-9e23-59902175355c_12.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5c983105-4681-46c3-9890-0c66d05e776b_207.json b/packages/security_detection_engine/kibana/security_rule/5c983105-4681-46c3-9890-0c66d05e776b_207.json index dd866fbec58..c8037d0990c 100644 --- a/packages/security_detection_engine/kibana/security_rule/5c983105-4681-46c3-9890-0c66d05e776b_207.json +++ b/packages/security_detection_engine/kibana/security_rule/5c983105-4681-46c3-9890-0c66d05e776b_207.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/5c9ec990-37fa-4d5c-abfc-8d432f3dedd0_112.json b/packages/security_detection_engine/kibana/security_rule/5c9ec990-37fa-4d5c-abfc-8d432f3dedd0_112.json index d6a903b5d2a..80023b01ded 100644 --- a/packages/security_detection_engine/kibana/security_rule/5c9ec990-37fa-4d5c-abfc-8d432f3dedd0_112.json +++ b/packages/security_detection_engine/kibana/security_rule/5c9ec990-37fa-4d5c-abfc-8d432f3dedd0_112.json @@ -22,15 +22,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5cd55388-a19c-47c7-8ec4-f41656c2fded_215.json b/packages/security_detection_engine/kibana/security_rule/5cd55388-a19c-47c7-8ec4-f41656c2fded_215.json index de7a9e78909..910863f4aa8 100644 --- a/packages/security_detection_engine/kibana/security_rule/5cd55388-a19c-47c7-8ec4-f41656c2fded_215.json +++ b/packages/security_detection_engine/kibana/security_rule/5cd55388-a19c-47c7-8ec4-f41656c2fded_215.json @@ -26,11 +26,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5cd8e1f7-0050-4afc-b2df-904e40b2f5ae_217.json b/packages/security_detection_engine/kibana/security_rule/5cd8e1f7-0050-4afc-b2df-904e40b2f5ae_217.json index a0e7c81864f..a1ac00df06b 100644 --- a/packages/security_detection_engine/kibana/security_rule/5cd8e1f7-0050-4afc-b2df-904e40b2f5ae_217.json +++ b/packages/security_detection_engine/kibana/security_rule/5cd8e1f7-0050-4afc-b2df-904e40b2f5ae_217.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5cf6397e-eb91-4f31-8951-9f0eaa755a31_215.json b/packages/security_detection_engine/kibana/security_rule/5cf6397e-eb91-4f31-8951-9f0eaa755a31_215.json index 98b17123b99..280b48a6900 100644 --- a/packages/security_detection_engine/kibana/security_rule/5cf6397e-eb91-4f31-8951-9f0eaa755a31_215.json +++ b/packages/security_detection_engine/kibana/security_rule/5cf6397e-eb91-4f31-8951-9f0eaa755a31_215.json @@ -26,23 +26,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5d0265bf-dea9-41a9-92ad-48a8dcd05080_112.json b/packages/security_detection_engine/kibana/security_rule/5d0265bf-dea9-41a9-92ad-48a8dcd05080_112.json index 787a37ff82f..2f2450f2c84 100644 --- a/packages/security_detection_engine/kibana/security_rule/5d0265bf-dea9-41a9-92ad-48a8dcd05080_112.json +++ b/packages/security_detection_engine/kibana/security_rule/5d0265bf-dea9-41a9-92ad-48a8dcd05080_112.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5d1c962d-5d2a-48d4-bdcf-e980e3914947_3.json b/packages/security_detection_engine/kibana/security_rule/5d1c962d-5d2a-48d4-bdcf-e980e3914947_3.json index 32400ec993f..a59c825c6f5 100644 --- a/packages/security_detection_engine/kibana/security_rule/5d1c962d-5d2a-48d4-bdcf-e980e3914947_3.json +++ b/packages/security_detection_engine/kibana/security_rule/5d1c962d-5d2a-48d4-bdcf-e980e3914947_3.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" }, { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5d1d6907-0747-4d5d-9b24-e4a18853dc0a_216.json b/packages/security_detection_engine/kibana/security_rule/5d1d6907-0747-4d5d-9b24-e4a18853dc0a_216.json index 3e6c67fbbbc..56f8b11a773 100644 --- a/packages/security_detection_engine/kibana/security_rule/5d1d6907-0747-4d5d-9b24-e4a18853dc0a_216.json +++ b/packages/security_detection_engine/kibana/security_rule/5d1d6907-0747-4d5d-9b24-e4a18853dc0a_216.json @@ -23,11 +23,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5d676480-9655-4507-adc6-4eec311efff8_108.json b/packages/security_detection_engine/kibana/security_rule/5d676480-9655-4507-adc6-4eec311efff8_108.json index d3833871b49..42abb7e462e 100644 --- a/packages/security_detection_engine/kibana/security_rule/5d676480-9655-4507-adc6-4eec311efff8_108.json +++ b/packages/security_detection_engine/kibana/security_rule/5d676480-9655-4507-adc6-4eec311efff8_108.json @@ -23,11 +23,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5d9f8cfc-0d03-443e-a167-2b0597ce0965_112.json b/packages/security_detection_engine/kibana/security_rule/5d9f8cfc-0d03-443e-a167-2b0597ce0965_112.json index 54a5167b052..85fb578d16e 100644 --- a/packages/security_detection_engine/kibana/security_rule/5d9f8cfc-0d03-443e-a167-2b0597ce0965_112.json +++ b/packages/security_detection_engine/kibana/security_rule/5d9f8cfc-0d03-443e-a167-2b0597ce0965_112.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5dc3519c-1f56-42fc-9a70-7e6b705c2781_1.json b/packages/security_detection_engine/kibana/security_rule/5dc3519c-1f56-42fc-9a70-7e6b705c2781_1.json index 458994f01ba..a7cee96c502 100644 --- a/packages/security_detection_engine/kibana/security_rule/5dc3519c-1f56-42fc-9a70-7e6b705c2781_1.json +++ b/packages/security_detection_engine/kibana/security_rule/5dc3519c-1f56-42fc-9a70-7e6b705c2781_1.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5e161522-2545-11ed-ac47-f661ea17fbce_112.json b/packages/security_detection_engine/kibana/security_rule/5e161522-2545-11ed-ac47-f661ea17fbce_112.json index 6b454df21fa..c0dc20c94fc 100644 --- a/packages/security_detection_engine/kibana/security_rule/5e161522-2545-11ed-ac47-f661ea17fbce_112.json +++ b/packages/security_detection_engine/kibana/security_rule/5e161522-2545-11ed-ac47-f661ea17fbce_112.json @@ -46,7 +46,7 @@ "related_integrations": [ { "package": "google_workspace", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5e23495f-09e2-4484-8235-bdb150d698c9_4.json b/packages/security_detection_engine/kibana/security_rule/5e23495f-09e2-4484-8235-bdb150d698c9_4.json index ada54803c63..5d2fa79d99c 100644 --- a/packages/security_detection_engine/kibana/security_rule/5e23495f-09e2-4484-8235-bdb150d698c9_4.json +++ b/packages/security_detection_engine/kibana/security_rule/5e23495f-09e2-4484-8235-bdb150d698c9_4.json @@ -44,19 +44,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5e4023e7-6357-4061-ae1c-9df33e78c674_108.json b/packages/security_detection_engine/kibana/security_rule/5e4023e7-6357-4061-ae1c-9df33e78c674_108.json index c555414ca32..5a359578f18 100644 --- a/packages/security_detection_engine/kibana/security_rule/5e4023e7-6357-4061-ae1c-9df33e78c674_108.json +++ b/packages/security_detection_engine/kibana/security_rule/5e4023e7-6357-4061-ae1c-9df33e78c674_108.json @@ -19,15 +19,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5e552599-ddec-4e14-bad1-28aa42404388_214.json b/packages/security_detection_engine/kibana/security_rule/5e552599-ddec-4e14-bad1-28aa42404388_214.json index bb8b0b0d2f3..50d4923b04e 100644 --- a/packages/security_detection_engine/kibana/security_rule/5e552599-ddec-4e14-bad1-28aa42404388_214.json +++ b/packages/security_detection_engine/kibana/security_rule/5e552599-ddec-4e14-bad1-28aa42404388_214.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5eac16ab-6d4f-427b-9715-f33e1b745fc7_104.json b/packages/security_detection_engine/kibana/security_rule/5eac16ab-6d4f-427b-9715-f33e1b745fc7_104.json index 3ce56925d05..5536f85a5cc 100644 --- a/packages/security_detection_engine/kibana/security_rule/5eac16ab-6d4f-427b-9715-f33e1b745fc7_104.json +++ b/packages/security_detection_engine/kibana/security_rule/5eac16ab-6d4f-427b-9715-f33e1b745fc7_104.json @@ -18,15 +18,15 @@ "related_integrations": [ { "package": "pad", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sysmon_linux", - "version": "^1.8.0" + "version": ">=1.8.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/5f0234fd-7f21-42af-8391-511d5fd11d5c_9.json b/packages/security_detection_engine/kibana/security_rule/5f0234fd-7f21-42af-8391-511d5fd11d5c_9.json index 1ae0a96053f..33c608915bf 100644 --- a/packages/security_detection_engine/kibana/security_rule/5f0234fd-7f21-42af-8391-511d5fd11d5c_9.json +++ b/packages/security_detection_engine/kibana/security_rule/5f0234fd-7f21-42af-8391-511d5fd11d5c_9.json @@ -32,7 +32,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5f0fff18-f340-444b-9a98-c49ade766ff4_2.json b/packages/security_detection_engine/kibana/security_rule/5f0fff18-f340-444b-9a98-c49ade766ff4_2.json index ec0a93f8ac6..33071091e04 100644 --- a/packages/security_detection_engine/kibana/security_rule/5f0fff18-f340-444b-9a98-c49ade766ff4_2.json +++ b/packages/security_detection_engine/kibana/security_rule/5f0fff18-f340-444b-9a98-c49ade766ff4_2.json @@ -25,11 +25,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5f2f463e-6997-478c-8405-fb41cc283281_209.json b/packages/security_detection_engine/kibana/security_rule/5f2f463e-6997-478c-8405-fb41cc283281_209.json index 6345b368a3f..83e71b880a6 100644 --- a/packages/security_detection_engine/kibana/security_rule/5f2f463e-6997-478c-8405-fb41cc283281_209.json +++ b/packages/security_detection_engine/kibana/security_rule/5f2f463e-6997-478c-8405-fb41cc283281_209.json @@ -47,27 +47,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5f3ab3ce-7b41-4168-a06a-68d2af8ebc88_5.json b/packages/security_detection_engine/kibana/security_rule/5f3ab3ce-7b41-4168-a06a-68d2af8ebc88_5.json index a166b50681e..bbbd2a3ac26 100644 --- a/packages/security_detection_engine/kibana/security_rule/5f3ab3ce-7b41-4168-a06a-68d2af8ebc88_5.json +++ b/packages/security_detection_engine/kibana/security_rule/5f3ab3ce-7b41-4168-a06a-68d2af8ebc88_5.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/5f73aef2-7abc-4fd9-ac0d-ab8ec3e13891_3.json b/packages/security_detection_engine/kibana/security_rule/5f73aef2-7abc-4fd9-ac0d-ab8ec3e13891_3.json index 74308dc9079..1f246328591 100644 --- a/packages/security_detection_engine/kibana/security_rule/5f73aef2-7abc-4fd9-ac0d-ab8ec3e13891_3.json +++ b/packages/security_detection_engine/kibana/security_rule/5f73aef2-7abc-4fd9-ac0d-ab8ec3e13891_3.json @@ -45,27 +45,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/60884af6-f553-4a6c-af13-300047455491_109.json b/packages/security_detection_engine/kibana/security_rule/60884af6-f553-4a6c-af13-300047455491_109.json index a8d2d090eba..3faa8834db7 100644 --- a/packages/security_detection_engine/kibana/security_rule/60884af6-f553-4a6c-af13-300047455491_109.json +++ b/packages/security_detection_engine/kibana/security_rule/60884af6-f553-4a6c-af13-300047455491_109.json @@ -35,7 +35,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/60b6b72f-0fbc-47e7-9895-9ba7627a8b50_110.json b/packages/security_detection_engine/kibana/security_rule/60b6b72f-0fbc-47e7-9895-9ba7627a8b50_110.json index 28968eaaeda..ae81ee8efa4 100644 --- a/packages/security_detection_engine/kibana/security_rule/60b6b72f-0fbc-47e7-9895-9ba7627a8b50_110.json +++ b/packages/security_detection_engine/kibana/security_rule/60b6b72f-0fbc-47e7-9895-9ba7627a8b50_110.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/60c814fc-7d06-11f0-b326-f661ea17fbcd_4.json b/packages/security_detection_engine/kibana/security_rule/60c814fc-7d06-11f0-b326-f661ea17fbcd_4.json index 734c5592144..a790a28c0a6 100644 --- a/packages/security_detection_engine/kibana/security_rule/60c814fc-7d06-11f0-b326-f661ea17fbcd_4.json +++ b/packages/security_detection_engine/kibana/security_rule/60c814fc-7d06-11f0-b326-f661ea17fbcd_4.json @@ -26,7 +26,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/60da1bd7-c0b9-4ba2-b487-50a672274c04_2.json b/packages/security_detection_engine/kibana/security_rule/60da1bd7-c0b9-4ba2-b487-50a672274c04_2.json index dd0222d6cd3..35098b23426 100644 --- a/packages/security_detection_engine/kibana/security_rule/60da1bd7-c0b9-4ba2-b487-50a672274c04_2.json +++ b/packages/security_detection_engine/kibana/security_rule/60da1bd7-c0b9-4ba2-b487-50a672274c04_2.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/60f3adec-1df9-4104-9c75-b97d9f078b25_214.json b/packages/security_detection_engine/kibana/security_rule/60f3adec-1df9-4104-9c75-b97d9f078b25_214.json index 4f107781f78..14c6599fc4f 100644 --- a/packages/security_detection_engine/kibana/security_rule/60f3adec-1df9-4104-9c75-b97d9f078b25_214.json +++ b/packages/security_detection_engine/kibana/security_rule/60f3adec-1df9-4104-9c75-b97d9f078b25_214.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/610949a1-312f-4e04-bb55-3a79b8c95267_213.json b/packages/security_detection_engine/kibana/security_rule/610949a1-312f-4e04-bb55-3a79b8c95267_213.json index eb51aaa20f6..52bbc118abe 100644 --- a/packages/security_detection_engine/kibana/security_rule/610949a1-312f-4e04-bb55-3a79b8c95267_213.json +++ b/packages/security_detection_engine/kibana/security_rule/610949a1-312f-4e04-bb55-3a79b8c95267_213.json @@ -20,15 +20,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/61336fe6-c043-4743-ab6e-41292f439603_207.json b/packages/security_detection_engine/kibana/security_rule/61336fe6-c043-4743-ab6e-41292f439603_207.json index d7c4817f0c8..57284d076c6 100644 --- a/packages/security_detection_engine/kibana/security_rule/61336fe6-c043-4743-ab6e-41292f439603_207.json +++ b/packages/security_detection_engine/kibana/security_rule/61336fe6-c043-4743-ab6e-41292f439603_207.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "github", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6148b9f5-5b12-4704-9ef7-f4b4c5dd9bb5_2.json b/packages/security_detection_engine/kibana/security_rule/6148b9f5-5b12-4704-9ef7-f4b4c5dd9bb5_2.json index 51f03551498..9b815e391a9 100644 --- a/packages/security_detection_engine/kibana/security_rule/6148b9f5-5b12-4704-9ef7-f4b4c5dd9bb5_2.json +++ b/packages/security_detection_engine/kibana/security_rule/6148b9f5-5b12-4704-9ef7-f4b4c5dd9bb5_2.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/616b8d00-05f8-11f1-8f33-f661ea17fbce_3.json b/packages/security_detection_engine/kibana/security_rule/616b8d00-05f8-11f1-8f33-f661ea17fbce_3.json index 7cb9e61990f..7d238738b2b 100644 --- a/packages/security_detection_engine/kibana/security_rule/616b8d00-05f8-11f1-8f33-f661ea17fbce_3.json +++ b/packages/security_detection_engine/kibana/security_rule/616b8d00-05f8-11f1-8f33-f661ea17fbce_3.json @@ -48,7 +48,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/61766ef9-48a5-4247-ad74-3349de7eb2ad_109.json b/packages/security_detection_engine/kibana/security_rule/61766ef9-48a5-4247-ad74-3349de7eb2ad_109.json index 8fd55455685..218b7dc512e 100644 --- a/packages/security_detection_engine/kibana/security_rule/61766ef9-48a5-4247-ad74-3349de7eb2ad_109.json +++ b/packages/security_detection_engine/kibana/security_rule/61766ef9-48a5-4247-ad74-3349de7eb2ad_109.json @@ -40,11 +40,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/618a219d-a363-4ab1-ba30-870d7c22facd_4.json b/packages/security_detection_engine/kibana/security_rule/618a219d-a363-4ab1-ba30-870d7c22facd_4.json index ce20a522f67..d2193346241 100644 --- a/packages/security_detection_engine/kibana/security_rule/618a219d-a363-4ab1-ba30-870d7c22facd_4.json +++ b/packages/security_detection_engine/kibana/security_rule/618a219d-a363-4ab1-ba30-870d7c22facd_4.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "fortinet_fortigate", - "version": "^1.31.0" + "version": ">=1.31.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/618bb351-00f0-467b-8956-8cace8b81f07_3.json b/packages/security_detection_engine/kibana/security_rule/618bb351-00f0-467b-8956-8cace8b81f07_3.json index 17785bd9552..4f9b79bcca6 100644 --- a/packages/security_detection_engine/kibana/security_rule/618bb351-00f0-467b-8956-8cace8b81f07_3.json +++ b/packages/security_detection_engine/kibana/security_rule/618bb351-00f0-467b-8956-8cace8b81f07_3.json @@ -44,7 +44,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/61ac3638-40a3-44b2-855a-985636ca985e_320.json b/packages/security_detection_engine/kibana/security_rule/61ac3638-40a3-44b2-855a-985636ca985e_320.json index 50803699183..06cbae5bb0b 100644 --- a/packages/security_detection_engine/kibana/security_rule/61ac3638-40a3-44b2-855a-985636ca985e_320.json +++ b/packages/security_detection_engine/kibana/security_rule/61ac3638-40a3-44b2-855a-985636ca985e_320.json @@ -58,7 +58,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/61d29caf-6c15-4d1e-9ccb-7ad12ccc0bc7_219.json b/packages/security_detection_engine/kibana/security_rule/61d29caf-6c15-4d1e-9ccb-7ad12ccc0bc7_219.json index c3f5a5c5259..8bea2e1b09c 100644 --- a/packages/security_detection_engine/kibana/security_rule/61d29caf-6c15-4d1e-9ccb-7ad12ccc0bc7_219.json +++ b/packages/security_detection_engine/kibana/security_rule/61d29caf-6c15-4d1e-9ccb-7ad12ccc0bc7_219.json @@ -40,11 +40,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/621e92b6-7e54-11ee-bdc0-f661ea17fbcd_211.json b/packages/security_detection_engine/kibana/security_rule/621e92b6-7e54-11ee-bdc0-f661ea17fbcd_211.json index 9364952bdb4..65fea87791d 100644 --- a/packages/security_detection_engine/kibana/security_rule/621e92b6-7e54-11ee-bdc0-f661ea17fbcd_211.json +++ b/packages/security_detection_engine/kibana/security_rule/621e92b6-7e54-11ee-bdc0-f661ea17fbcd_211.json @@ -29,7 +29,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/622ecb68-fa81-4601-90b5-f8cd661e4520_212.json b/packages/security_detection_engine/kibana/security_rule/622ecb68-fa81-4601-90b5-f8cd661e4520_212.json index 226585c7110..c0848899114 100644 --- a/packages/security_detection_engine/kibana/security_rule/622ecb68-fa81-4601-90b5-f8cd661e4520_212.json +++ b/packages/security_detection_engine/kibana/security_rule/622ecb68-fa81-4601-90b5-f8cd661e4520_212.json @@ -29,11 +29,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/627374ab-7080-4e4d-8316-bef1122444af_107.json b/packages/security_detection_engine/kibana/security_rule/627374ab-7080-4e4d-8316-bef1122444af_107.json index 313a552ce05..02e115ebb09 100644 --- a/packages/security_detection_engine/kibana/security_rule/627374ab-7080-4e4d-8316-bef1122444af_107.json +++ b/packages/security_detection_engine/kibana/security_rule/627374ab-7080-4e4d-8316-bef1122444af_107.json @@ -21,19 +21,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/62a70f6f-3c37-43df-a556-f64fa475fba2_217.json b/packages/security_detection_engine/kibana/security_rule/62a70f6f-3c37-43df-a556-f64fa475fba2_217.json index a1b559dac1f..db02cce19c9 100644 --- a/packages/security_detection_engine/kibana/security_rule/62a70f6f-3c37-43df-a556-f64fa475fba2_217.json +++ b/packages/security_detection_engine/kibana/security_rule/62a70f6f-3c37-43df-a556-f64fa475fba2_217.json @@ -25,11 +25,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/62ba8542-1246-4647-9b84-98aa1bc0760a_2.json b/packages/security_detection_engine/kibana/security_rule/62ba8542-1246-4647-9b84-98aa1bc0760a_2.json index ce5dff175ed..f6098de0a27 100644 --- a/packages/security_detection_engine/kibana/security_rule/62ba8542-1246-4647-9b84-98aa1bc0760a_2.json +++ b/packages/security_detection_engine/kibana/security_rule/62ba8542-1246-4647-9b84-98aa1bc0760a_2.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/63153282-12da-415f-bad8-c60c9b36cbe3_5.json b/packages/security_detection_engine/kibana/security_rule/63153282-12da-415f-bad8-c60c9b36cbe3_5.json index 56f72083dc2..36db8414ece 100644 --- a/packages/security_detection_engine/kibana/security_rule/63153282-12da-415f-bad8-c60c9b36cbe3_5.json +++ b/packages/security_detection_engine/kibana/security_rule/63153282-12da-415f-bad8-c60c9b36cbe3_5.json @@ -23,15 +23,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/632906c6-ba8f-44c0-8386-ec0bbc8518bf_4.json b/packages/security_detection_engine/kibana/security_rule/632906c6-ba8f-44c0-8386-ec0bbc8518bf_4.json index 947d57d7e8e..0af3b3cd211 100644 --- a/packages/security_detection_engine/kibana/security_rule/632906c6-ba8f-44c0-8386-ec0bbc8518bf_4.json +++ b/packages/security_detection_engine/kibana/security_rule/632906c6-ba8f-44c0-8386-ec0bbc8518bf_4.json @@ -47,7 +47,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/63431796-f813-43af-820b-492ee2efec8e_9.json b/packages/security_detection_engine/kibana/security_rule/63431796-f813-43af-820b-492ee2efec8e_9.json index b2841c852e7..bc6e5913a27 100644 --- a/packages/security_detection_engine/kibana/security_rule/63431796-f813-43af-820b-492ee2efec8e_9.json +++ b/packages/security_detection_engine/kibana/security_rule/63431796-f813-43af-820b-492ee2efec8e_9.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/63c05204-339a-11ed-a261-0242ac120002_12.json b/packages/security_detection_engine/kibana/security_rule/63c05204-339a-11ed-a261-0242ac120002_12.json index cd63620c1d6..eb4baedb0e9 100644 --- a/packages/security_detection_engine/kibana/security_rule/63c05204-339a-11ed-a261-0242ac120002_12.json +++ b/packages/security_detection_engine/kibana/security_rule/63c05204-339a-11ed-a261-0242ac120002_12.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/63c056a0-339a-11ed-a261-0242ac120002_12.json b/packages/security_detection_engine/kibana/security_rule/63c056a0-339a-11ed-a261-0242ac120002_12.json index f0d3a0c8e7c..554f2b53d74 100644 --- a/packages/security_detection_engine/kibana/security_rule/63c056a0-339a-11ed-a261-0242ac120002_12.json +++ b/packages/security_detection_engine/kibana/security_rule/63c056a0-339a-11ed-a261-0242ac120002_12.json @@ -26,7 +26,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/63c057cc-339a-11ed-a261-0242ac120002_13.json b/packages/security_detection_engine/kibana/security_rule/63c057cc-339a-11ed-a261-0242ac120002_13.json index 0b7a2506c8d..32d4b6badc3 100644 --- a/packages/security_detection_engine/kibana/security_rule/63c057cc-339a-11ed-a261-0242ac120002_13.json +++ b/packages/security_detection_engine/kibana/security_rule/63c057cc-339a-11ed-a261-0242ac120002_13.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/63e381a6-0ffe-4afb-9a26-72a59ad16d7b_7.json b/packages/security_detection_engine/kibana/security_rule/63e381a6-0ffe-4afb-9a26-72a59ad16d7b_7.json index bfb70a71ceb..8e8355105bc 100644 --- a/packages/security_detection_engine/kibana/security_rule/63e381a6-0ffe-4afb-9a26-72a59ad16d7b_7.json +++ b/packages/security_detection_engine/kibana/security_rule/63e381a6-0ffe-4afb-9a26-72a59ad16d7b_7.json @@ -38,7 +38,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/63e65ec3-43b1-45b0-8f2d-45b34291dc44_213.json b/packages/security_detection_engine/kibana/security_rule/63e65ec3-43b1-45b0-8f2d-45b34291dc44_213.json index 2fab2851a0f..ddbace1b8df 100644 --- a/packages/security_detection_engine/kibana/security_rule/63e65ec3-43b1-45b0-8f2d-45b34291dc44_213.json +++ b/packages/security_detection_engine/kibana/security_rule/63e65ec3-43b1-45b0-8f2d-45b34291dc44_213.json @@ -23,15 +23,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/640f0535-f784-4010-b999-39db99d2daeb_2.json b/packages/security_detection_engine/kibana/security_rule/640f0535-f784-4010-b999-39db99d2daeb_2.json index 70b7719b7aa..601ab133ca8 100644 --- a/packages/security_detection_engine/kibana/security_rule/640f0535-f784-4010-b999-39db99d2daeb_2.json +++ b/packages/security_detection_engine/kibana/security_rule/640f0535-f784-4010-b999-39db99d2daeb_2.json @@ -25,19 +25,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/640f79d1-571d-4f96-a9af-1194fc8cf763_9.json b/packages/security_detection_engine/kibana/security_rule/640f79d1-571d-4f96-a9af-1194fc8cf763_9.json index eed42988290..6ae0102a01f 100644 --- a/packages/security_detection_engine/kibana/security_rule/640f79d1-571d-4f96-a9af-1194fc8cf763_9.json +++ b/packages/security_detection_engine/kibana/security_rule/640f79d1-571d-4f96-a9af-1194fc8cf763_9.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/642ce354-4252-4d43-80c9-6603f16571c1_4.json b/packages/security_detection_engine/kibana/security_rule/642ce354-4252-4d43-80c9-6603f16571c1_4.json index 26c310e6758..eabd309fe65 100644 --- a/packages/security_detection_engine/kibana/security_rule/642ce354-4252-4d43-80c9-6603f16571c1_4.json +++ b/packages/security_detection_engine/kibana/security_rule/642ce354-4252-4d43-80c9-6603f16571c1_4.json @@ -44,19 +44,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/647ae821-a80d-4f07-bb12-d40dd433f6b4_1.json b/packages/security_detection_engine/kibana/security_rule/647ae821-a80d-4f07-bb12-d40dd433f6b4_1.json index 97201b9e846..bd3b5314ccc 100644 --- a/packages/security_detection_engine/kibana/security_rule/647ae821-a80d-4f07-bb12-d40dd433f6b4_1.json +++ b/packages/security_detection_engine/kibana/security_rule/647ae821-a80d-4f07-bb12-d40dd433f6b4_1.json @@ -23,7 +23,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/647fc812-7996-4795-8869-9c4ea595fe88_207.json b/packages/security_detection_engine/kibana/security_rule/647fc812-7996-4795-8869-9c4ea595fe88_207.json index 6f5ac308428..9f6c2c3fd08 100644 --- a/packages/security_detection_engine/kibana/security_rule/647fc812-7996-4795-8869-9c4ea595fe88_207.json +++ b/packages/security_detection_engine/kibana/security_rule/647fc812-7996-4795-8869-9c4ea595fe88_207.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/6482255d-f468-45ea-a5b3-d3a7de1331ae_112.json b/packages/security_detection_engine/kibana/security_rule/6482255d-f468-45ea-a5b3-d3a7de1331ae_112.json index 8b6b6ae1c0b..ba21509a578 100644 --- a/packages/security_detection_engine/kibana/security_rule/6482255d-f468-45ea-a5b3-d3a7de1331ae_112.json +++ b/packages/security_detection_engine/kibana/security_rule/6482255d-f468-45ea-a5b3-d3a7de1331ae_112.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/64cfca9e-0f6f-4048-8251-9ec56a055e9e_12.json b/packages/security_detection_engine/kibana/security_rule/64cfca9e-0f6f-4048-8251-9ec56a055e9e_12.json index 84ea67b5f4b..b8fa3e1c139 100644 --- a/packages/security_detection_engine/kibana/security_rule/64cfca9e-0f6f-4048-8251-9ec56a055e9e_12.json +++ b/packages/security_detection_engine/kibana/security_rule/64cfca9e-0f6f-4048-8251-9ec56a055e9e_12.json @@ -18,7 +18,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/64f17c52-6c6e-479e-ba72-236f3df18f3d_12.json b/packages/security_detection_engine/kibana/security_rule/64f17c52-6c6e-479e-ba72-236f3df18f3d_12.json index 001bf9355db..fb8727c8cc2 100644 --- a/packages/security_detection_engine/kibana/security_rule/64f17c52-6c6e-479e-ba72-236f3df18f3d_12.json +++ b/packages/security_detection_engine/kibana/security_rule/64f17c52-6c6e-479e-ba72-236f3df18f3d_12.json @@ -32,7 +32,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6505e02e-28dd-41cd-b18f-64e649caa4e2_4.json b/packages/security_detection_engine/kibana/security_rule/6505e02e-28dd-41cd-b18f-64e649caa4e2_4.json index ef96f398a0c..01265a0851c 100644 --- a/packages/security_detection_engine/kibana/security_rule/6505e02e-28dd-41cd-b18f-64e649caa4e2_4.json +++ b/packages/security_detection_engine/kibana/security_rule/6505e02e-28dd-41cd-b18f-64e649caa4e2_4.json @@ -21,19 +21,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/65432f4a-e716-4cc1-ab11-931c4966da2d_206.json b/packages/security_detection_engine/kibana/security_rule/65432f4a-e716-4cc1-ab11-931c4966da2d_206.json index 6e4853c0681..58302919a3d 100644 --- a/packages/security_detection_engine/kibana/security_rule/65432f4a-e716-4cc1-ab11-931c4966da2d_206.json +++ b/packages/security_detection_engine/kibana/security_rule/65432f4a-e716-4cc1-ab11-931c4966da2d_206.json @@ -19,15 +19,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/65613f5e-0d48-4b55-ad61-2fb9567cb1ad_5.json b/packages/security_detection_engine/kibana/security_rule/65613f5e-0d48-4b55-ad61-2fb9567cb1ad_5.json index ea8af00bf2f..80b7a65a719 100644 --- a/packages/security_detection_engine/kibana/security_rule/65613f5e-0d48-4b55-ad61-2fb9567cb1ad_5.json +++ b/packages/security_detection_engine/kibana/security_rule/65613f5e-0d48-4b55-ad61-2fb9567cb1ad_5.json @@ -23,11 +23,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/656739a8-2786-402b-8ee1-22e0762b63ba_4.json b/packages/security_detection_engine/kibana/security_rule/656739a8-2786-402b-8ee1-22e0762b63ba_4.json index 853b450429e..22a54e1aa1f 100644 --- a/packages/security_detection_engine/kibana/security_rule/656739a8-2786-402b-8ee1-22e0762b63ba_4.json +++ b/packages/security_detection_engine/kibana/security_rule/656739a8-2786-402b-8ee1-22e0762b63ba_4.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/65f28c4d-cfc8-4847-9cca-f2fb1e319151_5.json b/packages/security_detection_engine/kibana/security_rule/65f28c4d-cfc8-4847-9cca-f2fb1e319151_5.json index df916c57724..e8ee1738bb8 100644 --- a/packages/security_detection_engine/kibana/security_rule/65f28c4d-cfc8-4847-9cca-f2fb1e319151_5.json +++ b/packages/security_detection_engine/kibana/security_rule/65f28c4d-cfc8-4847-9cca-f2fb1e319151_5.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/65f9bccd-510b-40df-8263-334f03174fed_209.json b/packages/security_detection_engine/kibana/security_rule/65f9bccd-510b-40df-8263-334f03174fed_209.json index 7398d36f882..2e42afd1241 100644 --- a/packages/security_detection_engine/kibana/security_rule/65f9bccd-510b-40df-8263-334f03174fed_209.json +++ b/packages/security_detection_engine/kibana/security_rule/65f9bccd-510b-40df-8263-334f03174fed_209.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/661545b4-1a90-4f45-85ce-2ebd7c6a15d0_112.json b/packages/security_detection_engine/kibana/security_rule/661545b4-1a90-4f45-85ce-2ebd7c6a15d0_112.json index 22a22856772..2a4bed1694e 100644 --- a/packages/security_detection_engine/kibana/security_rule/661545b4-1a90-4f45-85ce-2ebd7c6a15d0_112.json +++ b/packages/security_detection_engine/kibana/security_rule/661545b4-1a90-4f45-85ce-2ebd7c6a15d0_112.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/66229f32-c460-410d-bc37-4b32322cd4bb_3.json b/packages/security_detection_engine/kibana/security_rule/66229f32-c460-410d-bc37-4b32322cd4bb_3.json index a64ef17e9db..aa079478776 100644 --- a/packages/security_detection_engine/kibana/security_rule/66229f32-c460-410d-bc37-4b32322cd4bb_3.json +++ b/packages/security_detection_engine/kibana/security_rule/66229f32-c460-410d-bc37-4b32322cd4bb_3.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6631a759-4559-4c33-a392-13f146c8bcc4_4.json b/packages/security_detection_engine/kibana/security_rule/6631a759-4559-4c33-a392-13f146c8bcc4_4.json index ddbd02711b6..87e08cf6868 100644 --- a/packages/security_detection_engine/kibana/security_rule/6631a759-4559-4c33-a392-13f146c8bcc4_4.json +++ b/packages/security_detection_engine/kibana/security_rule/6631a759-4559-4c33-a392-13f146c8bcc4_4.json @@ -14,19 +14,19 @@ "related_integrations": [ { "package": "nginx", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "apache", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "apache_tomcat", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "iis", - "version": "^1.21.0" + "version": ">=1.21.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6641a5af-fb7e-487a-adc4-9e6503365318_12.json b/packages/security_detection_engine/kibana/security_rule/6641a5af-fb7e-487a-adc4-9e6503365318_12.json index 9100ce04842..6839cbfeb12 100644 --- a/packages/security_detection_engine/kibana/security_rule/6641a5af-fb7e-487a-adc4-9e6503365318_12.json +++ b/packages/security_detection_engine/kibana/security_rule/6641a5af-fb7e-487a-adc4-9e6503365318_12.json @@ -21,11 +21,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6649e656-6f85-11ef-8876-f661ea17fbcc_210.json b/packages/security_detection_engine/kibana/security_rule/6649e656-6f85-11ef-8876-f661ea17fbcc_210.json index 01ed70908a8..02017ec376c 100644 --- a/packages/security_detection_engine/kibana/security_rule/6649e656-6f85-11ef-8876-f661ea17fbcc_210.json +++ b/packages/security_detection_engine/kibana/security_rule/6649e656-6f85-11ef-8876-f661ea17fbcc_210.json @@ -27,7 +27,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/665e7a4f-c58e-4fc6-bc83-87a7572670ac_211.json b/packages/security_detection_engine/kibana/security_rule/665e7a4f-c58e-4fc6-bc83-87a7572670ac_211.json index 5f3f09b2e1f..7e66aa466b2 100644 --- a/packages/security_detection_engine/kibana/security_rule/665e7a4f-c58e-4fc6-bc83-87a7572670ac_211.json +++ b/packages/security_detection_engine/kibana/security_rule/665e7a4f-c58e-4fc6-bc83-87a7572670ac_211.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/66883649-f908-4a5b-a1e0-54090a1d3a32_131.json b/packages/security_detection_engine/kibana/security_rule/66883649-f908-4a5b-a1e0-54090a1d3a32_131.json index 3c0e0d54ab4..25b7e31b3a2 100644 --- a/packages/security_detection_engine/kibana/security_rule/66883649-f908-4a5b-a1e0-54090a1d3a32_131.json +++ b/packages/security_detection_engine/kibana/security_rule/66883649-f908-4a5b-a1e0-54090a1d3a32_131.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/66c058f3-99f4-4d18-952b-43348f2577a0_108.json b/packages/security_detection_engine/kibana/security_rule/66c058f3-99f4-4d18-952b-43348f2577a0_108.json index afac2b8d4f1..703e3a2bfe2 100644 --- a/packages/security_detection_engine/kibana/security_rule/66c058f3-99f4-4d18-952b-43348f2577a0_108.json +++ b/packages/security_detection_engine/kibana/security_rule/66c058f3-99f4-4d18-952b-43348f2577a0_108.json @@ -25,19 +25,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/66da12b1-ac83-40eb-814c-07ed1d82b7b9_213.json b/packages/security_detection_engine/kibana/security_rule/66da12b1-ac83-40eb-814c-07ed1d82b7b9_213.json index d1daabcf88f..15de3dca9c7 100644 --- a/packages/security_detection_engine/kibana/security_rule/66da12b1-ac83-40eb-814c-07ed1d82b7b9_213.json +++ b/packages/security_detection_engine/kibana/security_rule/66da12b1-ac83-40eb-814c-07ed1d82b7b9_213.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/670b3b5a-35e5-42db-bd36-6c5b9b4b7313_120.json b/packages/security_detection_engine/kibana/security_rule/670b3b5a-35e5-42db-bd36-6c5b9b4b7313_120.json index 8d2b04e4c66..973116c224e 100644 --- a/packages/security_detection_engine/kibana/security_rule/670b3b5a-35e5-42db-bd36-6c5b9b4b7313_120.json +++ b/packages/security_detection_engine/kibana/security_rule/670b3b5a-35e5-42db-bd36-6c5b9b4b7313_120.json @@ -23,11 +23,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6731fbf2-8f28-49ed-9ab9-9a918ceb5a45_415.json b/packages/security_detection_engine/kibana/security_rule/6731fbf2-8f28-49ed-9ab9-9a918ceb5a45_415.json index 27dcc1ac81c..c92be143825 100644 --- a/packages/security_detection_engine/kibana/security_rule/6731fbf2-8f28-49ed-9ab9-9a918ceb5a45_415.json +++ b/packages/security_detection_engine/kibana/security_rule/6731fbf2-8f28-49ed-9ab9-9a918ceb5a45_415.json @@ -26,7 +26,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/675239ea-c1bc-4467-a6d3-b9e2cc7f676d_213.json b/packages/security_detection_engine/kibana/security_rule/675239ea-c1bc-4467-a6d3-b9e2cc7f676d_213.json index dff385aea5e..30e5843e564 100644 --- a/packages/security_detection_engine/kibana/security_rule/675239ea-c1bc-4467-a6d3-b9e2cc7f676d_213.json +++ b/packages/security_detection_engine/kibana/security_rule/675239ea-c1bc-4467-a6d3-b9e2cc7f676d_213.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6756ee27-9152-479b-9b73-54b5bbda301c_9.json b/packages/security_detection_engine/kibana/security_rule/6756ee27-9152-479b-9b73-54b5bbda301c_9.json index 8573504b6f4..a18484981fe 100644 --- a/packages/security_detection_engine/kibana/security_rule/6756ee27-9152-479b-9b73-54b5bbda301c_9.json +++ b/packages/security_detection_engine/kibana/security_rule/6756ee27-9152-479b-9b73-54b5bbda301c_9.json @@ -17,23 +17,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/676cff2b-450b-4cf1-8ed2-c0c58a4a2dd7_414.json b/packages/security_detection_engine/kibana/security_rule/676cff2b-450b-4cf1-8ed2-c0c58a4a2dd7_414.json index 1de6c4807c7..f462a06db4d 100644 --- a/packages/security_detection_engine/kibana/security_rule/676cff2b-450b-4cf1-8ed2-c0c58a4a2dd7_414.json +++ b/packages/security_detection_engine/kibana/security_rule/676cff2b-450b-4cf1-8ed2-c0c58a4a2dd7_414.json @@ -26,7 +26,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/67f8443a-4ff3-4a70-916d-3cfa3ae9f02b_118.json b/packages/security_detection_engine/kibana/security_rule/67f8443a-4ff3-4a70-916d-3cfa3ae9f02b_118.json index 539f8d41067..f6f989dd624 100644 --- a/packages/security_detection_engine/kibana/security_rule/67f8443a-4ff3-4a70-916d-3cfa3ae9f02b_118.json +++ b/packages/security_detection_engine/kibana/security_rule/67f8443a-4ff3-4a70-916d-3cfa3ae9f02b_118.json @@ -20,15 +20,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6839c821-011d-43bd-bd5b-acff00257226_315.json b/packages/security_detection_engine/kibana/security_rule/6839c821-011d-43bd-bd5b-acff00257226_315.json index 7efbad131cf..95e6fcddcd6 100644 --- a/packages/security_detection_engine/kibana/security_rule/6839c821-011d-43bd-bd5b-acff00257226_315.json +++ b/packages/security_detection_engine/kibana/security_rule/6839c821-011d-43bd-bd5b-acff00257226_315.json @@ -25,23 +25,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/684554fc-0777-47ce-8c9b-3d01f198d7f8_214.json b/packages/security_detection_engine/kibana/security_rule/684554fc-0777-47ce-8c9b-3d01f198d7f8_214.json index cab287dfaa5..698d655f124 100644 --- a/packages/security_detection_engine/kibana/security_rule/684554fc-0777-47ce-8c9b-3d01f198d7f8_214.json +++ b/packages/security_detection_engine/kibana/security_rule/684554fc-0777-47ce-8c9b-3d01f198d7f8_214.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6885d2ae-e008-4762-b98a-e8e1cd3a81e9_413.json b/packages/security_detection_engine/kibana/security_rule/6885d2ae-e008-4762-b98a-e8e1cd3a81e9_413.json index 8b08583f12e..33002d886ac 100644 --- a/packages/security_detection_engine/kibana/security_rule/6885d2ae-e008-4762-b98a-e8e1cd3a81e9_413.json +++ b/packages/security_detection_engine/kibana/security_rule/6885d2ae-e008-4762-b98a-e8e1cd3a81e9_413.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/68921d85-d0dc-48b3-865f-43291ca2c4f2_318.json b/packages/security_detection_engine/kibana/security_rule/68921d85-d0dc-48b3-865f-43291ca2c4f2_318.json index f710efca831..6825463306b 100644 --- a/packages/security_detection_engine/kibana/security_rule/68921d85-d0dc-48b3-865f-43291ca2c4f2_318.json +++ b/packages/security_detection_engine/kibana/security_rule/68921d85-d0dc-48b3-865f-43291ca2c4f2_318.json @@ -46,27 +46,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/68994a6c-c7ba-4e82-b476-26a26877adf6_212.json b/packages/security_detection_engine/kibana/security_rule/68994a6c-c7ba-4e82-b476-26a26877adf6_212.json index 7afa9fce3ab..861d0246ec2 100644 --- a/packages/security_detection_engine/kibana/security_rule/68994a6c-c7ba-4e82-b476-26a26877adf6_212.json +++ b/packages/security_detection_engine/kibana/security_rule/68994a6c-c7ba-4e82-b476-26a26877adf6_212.json @@ -37,7 +37,7 @@ "related_integrations": [ { "package": "google_workspace", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/689b9d57-e4d5-4357-ad17-9c334609d79a_212.json b/packages/security_detection_engine/kibana/security_rule/689b9d57-e4d5-4357-ad17-9c334609d79a_212.json index 0842056a970..771658df9db 100644 --- a/packages/security_detection_engine/kibana/security_rule/689b9d57-e4d5-4357-ad17-9c334609d79a_212.json +++ b/packages/security_detection_engine/kibana/security_rule/689b9d57-e4d5-4357-ad17-9c334609d79a_212.json @@ -23,11 +23,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/68a7a5a5-a2fc-4a76-ba9f-26849de881b4_215.json b/packages/security_detection_engine/kibana/security_rule/68a7a5a5-a2fc-4a76-ba9f-26849de881b4_215.json index f0f216f3609..27ce9f66bd3 100644 --- a/packages/security_detection_engine/kibana/security_rule/68a7a5a5-a2fc-4a76-ba9f-26849de881b4_215.json +++ b/packages/security_detection_engine/kibana/security_rule/68a7a5a5-a2fc-4a76-ba9f-26849de881b4_215.json @@ -41,7 +41,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/68ad737b-f90a-4fe5-bda6-a68fa460044e_110.json b/packages/security_detection_engine/kibana/security_rule/68ad737b-f90a-4fe5-bda6-a68fa460044e_110.json index f35f661f152..6b4daa3a39d 100644 --- a/packages/security_detection_engine/kibana/security_rule/68ad737b-f90a-4fe5-bda6-a68fa460044e_110.json +++ b/packages/security_detection_engine/kibana/security_rule/68ad737b-f90a-4fe5-bda6-a68fa460044e_110.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/68c5c9d1-38e5-48bb-b1b2-8b5951d39738_3.json b/packages/security_detection_engine/kibana/security_rule/68c5c9d1-38e5-48bb-b1b2-8b5951d39738_3.json index 2e8f1f3ef9b..b407d90be22 100644 --- a/packages/security_detection_engine/kibana/security_rule/68c5c9d1-38e5-48bb-b1b2-8b5951d39738_3.json +++ b/packages/security_detection_engine/kibana/security_rule/68c5c9d1-38e5-48bb-b1b2-8b5951d39738_3.json @@ -22,7 +22,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/68d56fdc-7ffa-4419-8e95-81641bd6f845_215.json b/packages/security_detection_engine/kibana/security_rule/68d56fdc-7ffa-4419-8e95-81641bd6f845_215.json index 2deecf95e4c..0d82302141a 100644 --- a/packages/security_detection_engine/kibana/security_rule/68d56fdc-7ffa-4419-8e95-81641bd6f845_215.json +++ b/packages/security_detection_engine/kibana/security_rule/68d56fdc-7ffa-4419-8e95-81641bd6f845_215.json @@ -42,15 +42,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/68e90a9b-0eab-425e-be3b-902b0cd1fe9c_3.json b/packages/security_detection_engine/kibana/security_rule/68e90a9b-0eab-425e-be3b-902b0cd1fe9c_3.json index 44ab7700bf2..5ef5e95da85 100644 --- a/packages/security_detection_engine/kibana/security_rule/68e90a9b-0eab-425e-be3b-902b0cd1fe9c_3.json +++ b/packages/security_detection_engine/kibana/security_rule/68e90a9b-0eab-425e-be3b-902b0cd1fe9c_3.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6926b708-7964-425f-bed8-6e006379df08_3.json b/packages/security_detection_engine/kibana/security_rule/6926b708-7964-425f-bed8-6e006379df08_3.json index 0112e7fa7d7..38db2b787b3 100644 --- a/packages/security_detection_engine/kibana/security_rule/6926b708-7964-425f-bed8-6e006379df08_3.json +++ b/packages/security_detection_engine/kibana/security_rule/6926b708-7964-425f-bed8-6e006379df08_3.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "fortinet_fortigate", - "version": "^1.31.0" + "version": ">=1.31.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6951f15e-533c-4a60-8014-a3c3ab851a1b_113.json b/packages/security_detection_engine/kibana/security_rule/6951f15e-533c-4a60-8014-a3c3ab851a1b_113.json index 83583887021..b7b5727b3b7 100644 --- a/packages/security_detection_engine/kibana/security_rule/6951f15e-533c-4a60-8014-a3c3ab851a1b_113.json +++ b/packages/security_detection_engine/kibana/security_rule/6951f15e-533c-4a60-8014-a3c3ab851a1b_113.json @@ -44,7 +44,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/696015ef-718e-40ff-ac4a-cc2ba88dbeeb_13.json b/packages/security_detection_engine/kibana/security_rule/696015ef-718e-40ff-ac4a-cc2ba88dbeeb_13.json index 237c282877f..c0a705d8d4b 100644 --- a/packages/security_detection_engine/kibana/security_rule/696015ef-718e-40ff-ac4a-cc2ba88dbeeb_13.json +++ b/packages/security_detection_engine/kibana/security_rule/696015ef-718e-40ff-ac4a-cc2ba88dbeeb_13.json @@ -41,7 +41,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/699fdfb9-8430-4dcb-b5a9-da67dae64808_1.json b/packages/security_detection_engine/kibana/security_rule/699fdfb9-8430-4dcb-b5a9-da67dae64808_1.json index 3155aefea17..c4f0e7ba200 100644 --- a/packages/security_detection_engine/kibana/security_rule/699fdfb9-8430-4dcb-b5a9-da67dae64808_1.json +++ b/packages/security_detection_engine/kibana/security_rule/699fdfb9-8430-4dcb-b5a9-da67dae64808_1.json @@ -42,7 +42,7 @@ "related_integrations": [ { "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/69c116bb-d86f-48b0-857d-3648511a6cac_8.json b/packages/security_detection_engine/kibana/security_rule/69c116bb-d86f-48b0-857d-3648511a6cac_8.json index aa238d789a6..26398e39a31 100644 --- a/packages/security_detection_engine/kibana/security_rule/69c116bb-d86f-48b0-857d-3648511a6cac_8.json +++ b/packages/security_detection_engine/kibana/security_rule/69c116bb-d86f-48b0-857d-3648511a6cac_8.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/69c251fb-a5d6-4035-b5ec-40438bd829ff_316.json b/packages/security_detection_engine/kibana/security_rule/69c251fb-a5d6-4035-b5ec-40438bd829ff_316.json index 8e5547dcd69..e35c190d74c 100644 --- a/packages/security_detection_engine/kibana/security_rule/69c251fb-a5d6-4035-b5ec-40438bd829ff_316.json +++ b/packages/security_detection_engine/kibana/security_rule/69c251fb-a5d6-4035-b5ec-40438bd829ff_316.json @@ -24,27 +24,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/69c420e8-6c9e-4d28-86c0-8a2be2d1e78c_213.json b/packages/security_detection_engine/kibana/security_rule/69c420e8-6c9e-4d28-86c0-8a2be2d1e78c_213.json index ba9053d1c9e..77b0036039a 100644 --- a/packages/security_detection_engine/kibana/security_rule/69c420e8-6c9e-4d28-86c0-8a2be2d1e78c_213.json +++ b/packages/security_detection_engine/kibana/security_rule/69c420e8-6c9e-4d28-86c0-8a2be2d1e78c_213.json @@ -35,7 +35,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6a058ed6-4e9f-49f3-8f8e-f32165ae7ebf_106.json b/packages/security_detection_engine/kibana/security_rule/6a058ed6-4e9f-49f3-8f8e-f32165ae7ebf_106.json index 23056f5eb76..8fcef6a05b1 100644 --- a/packages/security_detection_engine/kibana/security_rule/6a058ed6-4e9f-49f3-8f8e-f32165ae7ebf_106.json +++ b/packages/security_detection_engine/kibana/security_rule/6a058ed6-4e9f-49f3-8f8e-f32165ae7ebf_106.json @@ -19,15 +19,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6a309864-fc3f-11ee-b8cc-f661ea17fbce_7.json b/packages/security_detection_engine/kibana/security_rule/6a309864-fc3f-11ee-b8cc-f661ea17fbce_7.json index ff73de63c4f..53f082483b7 100644 --- a/packages/security_detection_engine/kibana/security_rule/6a309864-fc3f-11ee-b8cc-f661ea17fbce_7.json +++ b/packages/security_detection_engine/kibana/security_rule/6a309864-fc3f-11ee-b8cc-f661ea17fbce_7.json @@ -27,7 +27,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6a8ab9cc-4023-4d17-b5df-1a3e16882ce7_315.json b/packages/security_detection_engine/kibana/security_rule/6a8ab9cc-4023-4d17-b5df-1a3e16882ce7_315.json index 0307f0a4241..16e638a7b7c 100644 --- a/packages/security_detection_engine/kibana/security_rule/6a8ab9cc-4023-4d17-b5df-1a3e16882ce7_315.json +++ b/packages/security_detection_engine/kibana/security_rule/6a8ab9cc-4023-4d17-b5df-1a3e16882ce7_315.json @@ -24,19 +24,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6aa52f86-18f1-4a5a-a0ac-e2b5db8af589_1.json b/packages/security_detection_engine/kibana/security_rule/6aa52f86-18f1-4a5a-a0ac-e2b5db8af589_1.json index 5a6f6314ea9..19f9864204f 100644 --- a/packages/security_detection_engine/kibana/security_rule/6aa52f86-18f1-4a5a-a0ac-e2b5db8af589_1.json +++ b/packages/security_detection_engine/kibana/security_rule/6aa52f86-18f1-4a5a-a0ac-e2b5db8af589_1.json @@ -26,11 +26,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6aace640-e631-4870-ba8e-5fdda09325db_423.json b/packages/security_detection_engine/kibana/security_rule/6aace640-e631-4870-ba8e-5fdda09325db_423.json index 13df548cef7..7c7b89295ab 100644 --- a/packages/security_detection_engine/kibana/security_rule/6aace640-e631-4870-ba8e-5fdda09325db_423.json +++ b/packages/security_detection_engine/kibana/security_rule/6aace640-e631-4870-ba8e-5fdda09325db_423.json @@ -32,27 +32,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6ace94ba-f02c-4d55-9f53-87d99b6f9af4_113.json b/packages/security_detection_engine/kibana/security_rule/6ace94ba-f02c-4d55-9f53-87d99b6f9af4_113.json index b9f325795ee..0476ae8132c 100644 --- a/packages/security_detection_engine/kibana/security_rule/6ace94ba-f02c-4d55-9f53-87d99b6f9af4_113.json +++ b/packages/security_detection_engine/kibana/security_rule/6ace94ba-f02c-4d55-9f53-87d99b6f9af4_113.json @@ -24,19 +24,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6b341d03-1d63-41ac-841a-2009c86959ca_12.json b/packages/security_detection_engine/kibana/security_rule/6b341d03-1d63-41ac-841a-2009c86959ca_12.json index 8ba331bf472..154b52adeda 100644 --- a/packages/security_detection_engine/kibana/security_rule/6b341d03-1d63-41ac-841a-2009c86959ca_12.json +++ b/packages/security_detection_engine/kibana/security_rule/6b341d03-1d63-41ac-841a-2009c86959ca_12.json @@ -14,7 +14,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6b82a0ce-10ac-4cb7-8a66-0ba4d24540cf_2.json b/packages/security_detection_engine/kibana/security_rule/6b82a0ce-10ac-4cb7-8a66-0ba4d24540cf_2.json index 94881bec71c..4131d39101a 100644 --- a/packages/security_detection_engine/kibana/security_rule/6b82a0ce-10ac-4cb7-8a66-0ba4d24540cf_2.json +++ b/packages/security_detection_engine/kibana/security_rule/6b82a0ce-10ac-4cb7-8a66-0ba4d24540cf_2.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6b84d470-9036-4cc0-a27c-6d90bbfe81ab_215.json b/packages/security_detection_engine/kibana/security_rule/6b84d470-9036-4cc0-a27c-6d90bbfe81ab_215.json index aad4dcea5c1..e8137e17f36 100644 --- a/packages/security_detection_engine/kibana/security_rule/6b84d470-9036-4cc0-a27c-6d90bbfe81ab_215.json +++ b/packages/security_detection_engine/kibana/security_rule/6b84d470-9036-4cc0-a27c-6d90bbfe81ab_215.json @@ -29,15 +29,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6bed021a-0afb-461c-acbe-ffdb9574d3f3_215.json b/packages/security_detection_engine/kibana/security_rule/6bed021a-0afb-461c-acbe-ffdb9574d3f3_215.json index 04a442399b8..9ad78d1e453 100644 --- a/packages/security_detection_engine/kibana/security_rule/6bed021a-0afb-461c-acbe-ffdb9574d3f3_215.json +++ b/packages/security_detection_engine/kibana/security_rule/6bed021a-0afb-461c-acbe-ffdb9574d3f3_215.json @@ -44,11 +44,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6c6bb7ea-0636-44ca-b541-201478ef6b50_105.json b/packages/security_detection_engine/kibana/security_rule/6c6bb7ea-0636-44ca-b541-201478ef6b50_105.json index 1ede2e1f6f3..aa3fad89941 100644 --- a/packages/security_detection_engine/kibana/security_rule/6c6bb7ea-0636-44ca-b541-201478ef6b50_105.json +++ b/packages/security_detection_engine/kibana/security_rule/6c6bb7ea-0636-44ca-b541-201478ef6b50_105.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6cd1779c-560f-4b68-a8f1-11009b27fe63_314.json b/packages/security_detection_engine/kibana/security_rule/6cd1779c-560f-4b68-a8f1-11009b27fe63_314.json index 9507ccff4c4..84b23c84464 100644 --- a/packages/security_detection_engine/kibana/security_rule/6cd1779c-560f-4b68-a8f1-11009b27fe63_314.json +++ b/packages/security_detection_engine/kibana/security_rule/6cd1779c-560f-4b68-a8f1-11009b27fe63_314.json @@ -30,19 +30,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6cea88e4-6ce2-4238-9981-a54c140d6336_207.json b/packages/security_detection_engine/kibana/security_rule/6cea88e4-6ce2-4238-9981-a54c140d6336_207.json index 29b42234bf5..02584a4f1dd 100644 --- a/packages/security_detection_engine/kibana/security_rule/6cea88e4-6ce2-4238-9981-a54c140d6336_207.json +++ b/packages/security_detection_engine/kibana/security_rule/6cea88e4-6ce2-4238-9981-a54c140d6336_207.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "github", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6cf17149-a8e3-44ec-9ec9-fdc8535547a1_5.json b/packages/security_detection_engine/kibana/security_rule/6cf17149-a8e3-44ec-9ec9-fdc8535547a1_5.json index f90b45aa7cf..33a41c945b2 100644 --- a/packages/security_detection_engine/kibana/security_rule/6cf17149-a8e3-44ec-9ec9-fdc8535547a1_5.json +++ b/packages/security_detection_engine/kibana/security_rule/6cf17149-a8e3-44ec-9ec9-fdc8535547a1_5.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6d448b96-c922-4adb-b51c-b767f1ea5b76_316.json b/packages/security_detection_engine/kibana/security_rule/6d448b96-c922-4adb-b51c-b767f1ea5b76_316.json index 473fad33d18..868187a5a8a 100644 --- a/packages/security_detection_engine/kibana/security_rule/6d448b96-c922-4adb-b51c-b767f1ea5b76_316.json +++ b/packages/security_detection_engine/kibana/security_rule/6d448b96-c922-4adb-b51c-b767f1ea5b76_316.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/6d8685a1-94fa-4ef7-83de-59302e7c4ca8_9.json b/packages/security_detection_engine/kibana/security_rule/6d8685a1-94fa-4ef7-83de-59302e7c4ca8_9.json index d63913ebd01..f0b3202c3f4 100644 --- a/packages/security_detection_engine/kibana/security_rule/6d8685a1-94fa-4ef7-83de-59302e7c4ca8_9.json +++ b/packages/security_detection_engine/kibana/security_rule/6d8685a1-94fa-4ef7-83de-59302e7c4ca8_9.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6da6f80f-fe41-4814-8010-453e6164bd40_2.json b/packages/security_detection_engine/kibana/security_rule/6da6f80f-fe41-4814-8010-453e6164bd40_2.json index ebeddef5f34..c4ec7b65fd4 100644 --- a/packages/security_detection_engine/kibana/security_rule/6da6f80f-fe41-4814-8010-453e6164bd40_2.json +++ b/packages/security_detection_engine/kibana/security_rule/6da6f80f-fe41-4814-8010-453e6164bd40_2.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6ddb6c33-00ce-4acd-832a-24b251512023_12.json b/packages/security_detection_engine/kibana/security_rule/6ddb6c33-00ce-4acd-832a-24b251512023_12.json index 441781ef887..85dad7dc306 100644 --- a/packages/security_detection_engine/kibana/security_rule/6ddb6c33-00ce-4acd-832a-24b251512023_12.json +++ b/packages/security_detection_engine/kibana/security_rule/6ddb6c33-00ce-4acd-832a-24b251512023_12.json @@ -32,7 +32,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6ded0996-7d4b-40f2-bf4a-6913e7591795_106.json b/packages/security_detection_engine/kibana/security_rule/6ded0996-7d4b-40f2-bf4a-6913e7591795_106.json index 4a5377b1900..f5e78e73d3f 100644 --- a/packages/security_detection_engine/kibana/security_rule/6ded0996-7d4b-40f2-bf4a-6913e7591795_106.json +++ b/packages/security_detection_engine/kibana/security_rule/6ded0996-7d4b-40f2-bf4a-6913e7591795_106.json @@ -21,11 +21,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6e1a2cc4-d260-11ed-8829-f661ea17fbcc_115.json b/packages/security_detection_engine/kibana/security_rule/6e1a2cc4-d260-11ed-8829-f661ea17fbcc_115.json deleted file mode 100644 index 5b6b7f719ab..00000000000 --- a/packages/security_detection_engine/kibana/security_rule/6e1a2cc4-d260-11ed-8829-f661ea17fbcc_115.json +++ /dev/null @@ -1,138 +0,0 @@ -{ - "attributes": { - "author": [ - "Elastic" - ], - "description": "Adversaries may install legitimate remote monitoring and management (RMM) tools or remote access software on compromised endpoints for command-and-control (C2), persistence, and execution of native commands. This rule detects when a process is started whose name or code signature (or whose parent's name or code signature) resembles commonly abused RMM/remote access tools, including first-time-seen child processes of such tools. New Terms type: host has not seen this process (or child-of-RMM pattern) before within the configured history window.", - "from": "now-9m", - "history_window_start": "now-7d", - "index": [ - "logs-endpoint.events.process-*", - "endgame-*", - "winlogbeat-*", - "logs-windows.forwarded*", - "logs-windows.sysmon_operational-*", - "logs-system.security*" - ], - "language": "kuery", - "license": "Elastic License v2", - "name": "First Time Seen Remote Monitoring and Management Tool", - "new_terms_fields": [ - "host.id" - ], - "note": "## Triage and analysis\n\n### Investigating First Time Seen Remote Monitoring and Management Tool\n\nRemote monitoring and management (RMM) and remote access software are commonly used by IT departments to provide support and manage endpoints. Attackers adopt the same tools to connect into interactive sessions, maintain access as a persistence mechanism, and drop malicious software.\n\nThis rule detects when an RMM or remote access process is seen on a host for the first time within the new_terms history window (see rule.new_terms), enabling analysts to investigate and enforce the correct usage of such tools.\n\n#### Possible investigation steps\n\n- Investigate the process execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Check if the execution of the RMM or remote access tool is approved by the organization's IT department.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Contact the account owner and confirm whether they are aware of this activity.\n - If the tool is not approved for use in the organization, the employee could have been tricked into installing it and providing access to a malicious third party. Investigate whether this third party could be attempting to scam the end-user or gain access to the environment through social engineering.\n- Investigate any abnormal behavior by the subject process, such as network connections, registry or file modifications, and any spawned child processes.\n\n### False positive analysis\n\n- If an authorized support person or administrator used the tool to conduct legitimate support or remote access, consider reinforcing that only tooling approved by the IT policy should be used. The analyst can dismiss the alert if no other suspicious behavior is observed involving the host or users.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further post-compromise behavior.\n- Run a full scan using the antimalware tool in place. This scan can reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- If an unauthorized third party did the access via social engineering, consider improvements to the security awareness program.\n- Enforce that only tooling approved by the IT policy should be used for remote access purposes and only by authorized staff.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n", - "query": "host.os.type: \"windows\" and\n\n event.category: \"process\" and event.type: \"start\" and\n\n (\n process.code_signature.subject_name : (\n \"Action1 Corporation\" or\n \"AeroAdmin LLC\" or\n \"Ammyy LLC\" or\n \"Atera Networks Ltd\" or\n \"AWERAY PTE. LTD.\" or\n \"BeamYourScreen GmbH\" or\n \"Bomgar Corporation\" or\n \"DUC FABULOUS CO.,LTD\" or\n \"DOMOTZ INC.\" or\n \"DWSNET O\u00dc\" or\n \"FleetDeck Inc\" or\n \"GlavSoft LLC\" or\n \"GlavSoft LLC.\" or\n \"Hefei Pingbo Network Technology Co. Ltd\" or\n \"IDrive, Inc.\" or\n \"IMPERO SOLUTIONS LIMITED\" or\n \"Instant Housecall\" or\n \"ISL Online Ltd.\" or\n \"LogMeIn, Inc.\" or\n \"Monitoring Client\" or\n \"MMSOFT Design Ltd.\" or\n \"Nanosystems S.r.l.\" or\n \"NetSupport Ltd\" or\n \"NetSupport Ltd.\" or\n \"NETSUPPORT LTD.\" or\n \"NinjaRMM, LLC\" or\n \"Parallels International GmbH\" or\n \"philandro Software GmbH\" or\n \"Pro Softnet Corporation\" or\n \"RealVNC\" or\n \"RealVNC Limited\" or\n \"BreakingSecurity.net\" or\n \"Remote Utilities LLC\" or\n \"Rocket Software, Inc.\" or\n \"SAFIB\" or\n \"Servably, Inc.\" or\n \"ShowMyPC INC\" or\n \"Splashtop Inc.\" or\n \"Superops Inc.\" or\n \"TeamViewer\" or\n \"TeamViewer GmbH\" or\n \"TeamViewer Germany GmbH\" or\n \"Techinline Limited\" or\n \"uvnc bvba\" or\n \"Yakhnovets Denis Aleksandrovich IP\" or\n \"Zhou Huabing\" or\n \"ZOHO Corporation Private Limited\" or\n \"Connectwise, LLC\" or \n\t\t\t\"ScreenConnect Client\"\n ) or\n\n process.name.caseless : (\n AA_v*.exe or\n \"AeroAdmin.exe\" or\n \"AnyDesk.exe\" or\n \"apc_Admin.exe\" or\n \"apc_host.exe\" or\n \"AteraAgent.exe\" or\n aweray_remote*.exe or\n \"AweSun.exe\" or\n \"AgentMon.exe\" or\n \"B4-Service.exe\" or\n \"BASupSrvc.exe\" or\n \"bomgar-scc.exe\" or\n \"domotzagent.exe\" or\n \"domotz-windows-x64-10.exe\" or\n \"dwagsvc.exe\" or\n \"DWRCC.exe\" or\n \"ImperoClientSVC.exe\" or\n \"ImperoServerSVC.exe\" or\n \"ISLLight.exe\" or\n \"ISLLightClient.exe\" or\n fleetdeck_commander*.exe or\n \"getscreen.exe\" or\n \"g2aservice.exe\" or\n \"GoToAssistService.exe\" or\n \"gotohttp.exe\" or\n \"jumpcloud-agent.exe\" or\n \"level.exe\" or\n \"LvAgent.exe\" or\n \"LMIIgnition.exe\" or\n \"LogMeIn.exe\" or\n \"ManageEngine_Remote_Access_Plus.exe\" or\n \"MeshAgent.exe\" or\n \"Mikogo-Service.exe\" or\n \"NinjaRMMAgent.exe\" or\n \"NinjaRMMAgenPatcher.exe\" or\n \"ninjarmm-cli.exe\" or\n \"parsec.exe\" or\n \"PService.exe\" or\n \"quickassist.exe\" or\n \"r_server.exe\" or\n \"radmin.exe\" or\n \"radmin3.exe\" or\n \"RCClient.exe\" or\n \"RCService.exe\" or\n \"RemoteDesktopManager.exe\" or\n \"RemotePC.exe\" or\n \"RemotePCDesktop.exe\" or\n \"RemotePCService.exe\" or\n \"rfusclient.exe\" or\n \"ROMServer.exe\" or\n \"ROMViewer.exe\" or\n \"RPCSuite.exe\" or\n \"rserver3.exe\" or\n \"rustdesk.exe\" or\n \"rutserv.exe\" or\n \"rutview.exe\" or\n \"saazapsc.exe\" or\n ScreenConnect*.exe or\n \"session_win.exe\" or\n \"Remote Support.exe\" or\n \"smpcview.exe\" or\n \"spclink.exe\" or\n \"Splashtop-streamer.exe\" or\n \"Syncro.Overmind.Service.exe\" or\n \"SyncroLive.Agent.Runner.exe\" or\n \"SRService.exe\" or\n \"strwinclt.exe\" or\n \"Supremo.exe\" or\n \"SupremoService.exe\" or\n \"tacticalrmm.exe\" or\n \"tailscale.exe\" or\n \"tailscaled.exe\" or\n \"teamviewer.exe\" or\n \"ToDesk_Service.exe\" or\n \"twingate.exe\" or\n \"TiClientCore.exe\" or\n \"TSClient.exe\" or\n \"tvn.exe\" or\n \"tvnserver.exe\" or\n \"tvnviewer.exe\" or\n UltraVNC*.exe or\n UltraViewer*.exe or\n \"vncserver.exe\" or\n \"vncviewer.exe\" or\n \"winvnc.exe\" or\n \"winwvc.exe\" or\n \"Zaservice.exe\" or\n \"ZohoURS.exe\" or\n \"Velociraptor.exe\" or\n \"ToolsIQ.exe\" or\n \"CagService.exe\" or \n\t\t\t\"ScreenConnect.ClientService.exe\" or \n\t\t\t\"TiAgent.exe\" or \n\t\t\t\"GoToResolveProcessChecker.exe\" or \n\t\t\t\"GoToResolveUnattended.exe\"\n ) or\n process.name : (\n AA_v*.exe or\n \"AeroAdmin.exe\" or\n \"AnyDesk.exe\" or\n \"apc_Admin.exe\" or\n \"apc_host.exe\" or\n \"AteraAgent.exe\" or\n aweray_remote*.exe or\n \"AweSun.exe\" or\n \"AgentMon.exe\" or\n \"B4-Service.exe\" or\n \"BASupSrvc.exe\" or\n \"bomgar-scc.exe\" or\n \"CagService.exe\" or\n \"domotzagent.exe\" or\n \"domotz-windows-x64-10.exe\" or\n \"dwagsvc.exe\" or\n \"DWRCC.exe\" or\n \"ImperoClientSVC.exe\" or\n \"ImperoServerSVC.exe\" or\n \"ISLLight.exe\" or\n \"ISLLightClient.exe\" or\n fleetdeck_commander*.exe or\n \"getscreen.exe\" or\n \"g2aservice.exe\" or\n \"GoToAssistService.exe\" or\n \"gotohttp.exe\" or\n \"jumpcloud-agent.exe\" or\n \"level.exe\" or\n \"LvAgent.exe\" or\n \"LMIIgnition.exe\" or\n \"LogMeIn.exe\" or\n \"ManageEngine_Remote_Access_Plus.exe\" or\n \"MeshAgent.exe\" or\n \"meshagent.exe\" or\n \"Mikogo-Service.exe\" or\n \"NinjaRMMAgent.exe\" or\n \"NinjaRMMAgenPatcher.exe\" or\n \"ninjarmm-cli.exe\" or\n \"parsec.exe\" or\n \"PService.exe\" or\n \"quickassist.exe\" or\n \"r_server.exe\" or\n \"radmin.exe\" or\n \"radmin3.exe\" or\n \"RCClient.exe\" or\n \"RCService.exe\" or\n \"RemoteDesktopManager.exe\" or\n \"RemotePC.exe\" or\n \"RemotePCDesktop.exe\" or\n \"RemotePCService.exe\" or\n \"rfusclient.exe\" or\n \"ROMServer.exe\" or\n \"ROMViewer.exe\" or\n \"RPCSuite.exe\" or\n \"rserver3.exe\" or\n \"rustdesk.exe\" or\n \"rutserv.exe\" or\n \"rutview.exe\" or\n \"saazapsc.exe\" or\n ScreenConnect*.exe or\n \"session_win.exe\" or\n \"Remote Support.exe\" or\n \"smpcview.exe\" or\n \"spclink.exe\" or\n \"Splashtop-streamer.exe\" or\n \"Syncro.Overmind.Service.exe\" or\n \"SyncroLive.Agent.Runner.exe\" or\n \"SRService.exe\" or\n \"strwinclt.exe\" or\n \"Supremo.exe\" or\n \"SupremoService.exe\" or\n \"tacticalrmm.exe\" or\n \"tailscale.exe\" or\n \"tailscaled.exe\" or\n \"teamviewer.exe\" or\n \"TiClientCore.exe\" or\n \"ToDesk_Service.exe\" or\n \"twingate.exe\" or\n \"TSClient.exe\" or\n \"tvn.exe\" or\n \"tvnserver.exe\" or\n \"tvnviewer.exe\" or\n UltraVNC*.exe or\n UltraViewer*.exe or\n \"vncserver.exe\" or\n \"vncviewer.exe\" or\n \"winvnc.exe\" or\n \"winwvc.exe\" or\n \"Zaservice.exe\" or\n \"ZohoURS.exe\" or\n \"Velociraptor.exe\" or\n \"ToolsIQ.exe\" or \n\t\t\t\"ScreenConnect.ClientService.exe\" or \n\t\t\t\"TiAgent.exe\" or \n\t\t\t\"GoToResolveProcessChecker.exe\" or \n\t\t\t\"GoToResolveUnattended.exe\"\n ) or\n process.parent.code_signature.subject_name : (\n \"Action1 Corporation\" or\n \"AeroAdmin LLC\" or\n \"Ammyy LLC\" or\n \"Atera Networks Ltd\" or\n \"AWERAY PTE. LTD.\" or\n \"BeamYourScreen GmbH\" or\n \"Bomgar Corporation\" or\n \"DUC FABULOUS CO.,LTD\" or\n \"DOMOTZ INC.\" or\n \"DWSNET O\u00dc\" or\n \"FleetDeck Inc\" or\n \"GlavSoft LLC\" or\n \"GlavSoft LLC.\" or\n \"Hefei Pingbo Network Technology Co. Ltd\" or\n \"IDrive, Inc.\" or\n \"IMPERO SOLUTIONS LIMITED\" or\n \"Instant Housecall\" or\n \"ISL Online Ltd.\" or\n \"LogMeIn, Inc.\" or\n \"Monitoring Client\" or\n \"MMSOFT Design Ltd.\" or\n \"Nanosystems S.r.l.\" or\n \"NetSupport Ltd\" or\n \"NetSupport Ltd.\" or\n \"NETSUPPORT LTD.\" or\n \"NinjaRMM, LLC\" or\n \"Parallels International GmbH\" or\n \"philandro Software GmbH\" or\n \"Pro Softnet Corporation\" or\n \"RealVNC\" or\n \"RealVNC Limited\" or\n \"BreakingSecurity.net\" or\n \"Remote Utilities LLC\" or\n \"Rocket Software, Inc.\" or\n \"SAFIB\" or\n \"Servably, Inc.\" or\n \"ShowMyPC INC\" or\n \"Splashtop Inc.\" or\n \"Superops Inc.\" or\n \"TeamViewer\" or\n \"TeamViewer GmbH\" or\n \"TeamViewer Germany GmbH\" or\n \"Techinline Limited\" or\n \"uvnc bvba\" or\n \"Yakhnovets Denis Aleksandrovich IP\" or\n \"Zhou Huabing\" or\n \"ZOHO Corporation Private Limited\" or\n \"Connectwise, LLC\" or \n\t\t\t\"ScreenConnect Client\"\n ) or\n process.parent.name: (\n AA_v*.exe or\n \"AeroAdmin.exe\" or\n \"AnyDesk.exe\" or\n \"apc_Admin.exe\" or\n \"apc_host.exe\" or\n \"AteraAgent.exe\" or\n aweray_remote*.exe or\n \"AweSun.exe\" or\n \"AgentMon.exe\" or\n \"B4-Service.exe\" or\n \"BASupSrvc.exe\" or\n \"bomgar-scc.exe\" or\n \"domotzagent.exe\" or\n \"domotz-windows-x64-10.exe\" or\n \"dwagsvc.exe\" or\n \"DWRCC.exe\" or\n \"ImperoClientSVC.exe\" or\n \"ImperoServerSVC.exe\" or\n \"ISLLight.exe\" or\n \"ISLLightClient.exe\" or\n fleetdeck_commander*.exe or\n \"getscreen.exe\" or\n \"g2aservice.exe\" or\n \"GoToAssistService.exe\" or\n \"gotohttp.exe\" or\n \"jumpcloud-agent.exe\" or\n \"level.exe\" or\n \"LvAgent.exe\" or\n \"LMIIgnition.exe\" or\n \"LogMeIn.exe\" or\n \"ManageEngine_Remote_Access_Plus.exe\" or\n \"MeshAgent.exe\" or\n \"Mikogo-Service.exe\" or\n \"NinjaRMMAgent.exe\" or\n \"NinjaRMMAgenPatcher.exe\" or\n \"ninjarmm-cli.exe\" or\n \"parsec.exe\" or\n \"PService.exe\" or\n \"quickassist.exe\" or\n \"r_server.exe\" or\n \"radmin.exe\" or\n \"radmin3.exe\" or\n \"RCClient.exe\" or\n \"RCService.exe\" or\n \"RemoteDesktopManager.exe\" or\n \"RemotePC.exe\" or\n \"RemotePCDesktop.exe\" or\n \"RemotePCService.exe\" or\n \"rfusclient.exe\" or\n \"ROMServer.exe\" or\n \"ROMViewer.exe\" or\n \"RPCSuite.exe\" or\n \"rserver3.exe\" or\n \"rustdesk.exe\" or\n \"rutserv.exe\" or\n \"rutview.exe\" or\n \"saazapsc.exe\" or\n ScreenConnect*.exe or\n \"session_win.exe\" or\n \"Remote Support.exe\" or\n \"smpcview.exe\" or\n \"spclink.exe\" or\n \"Splashtop-streamer.exe\" or\n \"Syncro.Overmind.Service.exe\" or\n \"SyncroLive.Agent.Runner.exe\" or\n \"SRService.exe\" or\n \"strwinclt.exe\" or\n \"Supremo.exe\" or\n \"SupremoService.exe\" or\n \"tacticalrmm.exe\" or\n \"tailscale.exe\" or\n \"tailscaled.exe\" or\n \"teamviewer.exe\" or\n \"ToDesk_Service.exe\" or\n \"twingate.exe\" or\n \"TiClientCore.exe\" or\n \"TSClient.exe\" or\n \"tvn.exe\" or\n \"tvnserver.exe\" or\n \"tvnviewer.exe\" or\n UltraVNC*.exe or\n UltraViewer*.exe or\n \"vncserver.exe\" or\n \"vncviewer.exe\" or\n \"winvnc.exe\" or\n \"winwvc.exe\" or\n \"Zaservice.exe\" or\n \"ZohoURS.exe\" or\n \"Velociraptor.exe\" or\n \"ToolsIQ.exe\" or\n \"CagService.exe\" or \n\t\t\t\"TiAgent.exe\" or \n\t\t\t\"GoToResolveProcessChecker.exe\" or \n\t\t\t\"GoToResolveUnattended.exe\"\n )\n ) and\n not (process.pe.original_file_name : (\"G2M.exe\" or \"Updater.exe\" or \"powershell.exe\") and process.code_signature.subject_name : \"LogMeIn, Inc.\")\n", - "references": [ - "https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/", - "https://attack.mitre.org/techniques/T1219/002/", - "https://github.com/redcanaryco/surveyor/blob/master/definitions/remote-admin.json", - "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-025a", - "https://www.cisa.gov/sites/default/files/2025-06/aa25-163a-ransomware-simplehelp-rmm-compromise.pdf" - ], - "related_integrations": [ - { - "package": "endpoint", - "version": "^9.0.0" - }, - { - "package": "windows", - "version": "^3.0.0" - }, - { - "package": "system", - "version": "^2.0.0" - } - ], - "required_fields": [ - { - "ecs": true, - "name": "event.category", - "type": "keyword" - }, - { - "ecs": true, - "name": "event.type", - "type": "keyword" - }, - { - "ecs": true, - "name": "host.os.type", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.code_signature.subject_name", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.name", - "type": "keyword" - }, - { - "ecs": false, - "name": "process.name.caseless", - "type": "unknown" - }, - { - "ecs": true, - "name": "process.parent.code_signature.subject_name", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.parent.name", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.pe.original_file_name", - "type": "keyword" - } - ], - "risk_score": 47, - "rule_id": "6e1a2cc4-d260-11ed-8829-f661ea17fbcc", - "setup": "## Setup\n\n- **New terms window**: The rule uses `new_terms_fields: host.id` with a 7-day history window. The first time a matching RMM/remote access process is seen on a host within that window will trigger the alert.\n- **Velociraptor**: If your organization deploys Velociraptor for DFIR or hunting, consider adding a rule exception by host group or excluding `process.name: \"Velociraptor.exe\"` where appropriate.\n- **Elastic Defend**: For best coverage ensure process events with `process.code_signature` and `process.name` are ingested from Windows endpoints (e.g. logs-endpoint.events.process-*).\n- **Parent matching**: The rule also matches when the started process's parent has an RMM/remote access name or code signer, so first-time child processes (e.g. scripts or binaries spawned by TeamViewer, ScreenConnect, AteraAgent, MeshAgent) are detected. Complement with DNS-based detection (e.g. Sigma rule for remote access software domains from non-browser processes) for full coverage.\n", - "severity": "medium", - "tags": [ - "Domain: Endpoint", - "OS: Windows", - "Use Case: Threat Detection", - "Tactic: Command and Control", - "Resources: Investigation Guide", - "Data Source: Elastic Defend", - "Data Source: Elastic Endgame", - "Data Source: Windows Security Event Logs", - "Data Source: Sysmon" - ], - "threat": [ - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0011", - "name": "Command and Control", - "reference": "https://attack.mitre.org/tactics/TA0011/" - }, - "technique": [ - { - "id": "T1219", - "name": "Remote Access Tools", - "reference": "https://attack.mitre.org/techniques/T1219/", - "subtechnique": [ - { - "id": "T1219.002", - "name": "Remote Desktop Software", - "reference": "https://attack.mitre.org/techniques/T1219/002/" - } - ] - } - ] - } - ], - "timestamp_override": "event.ingested", - "type": "new_terms", - "version": 115 - }, - "id": "6e1a2cc4-d260-11ed-8829-f661ea17fbcc_115", - "type": "security-rule" -} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/6e1a2cc4-d260-11ed-8829-f661ea17fbcc_118.json b/packages/security_detection_engine/kibana/security_rule/6e1a2cc4-d260-11ed-8829-f661ea17fbcc_118.json index 7f6f008b79f..ef6bc6b4d82 100644 --- a/packages/security_detection_engine/kibana/security_rule/6e1a2cc4-d260-11ed-8829-f661ea17fbcc_118.json +++ b/packages/security_detection_engine/kibana/security_rule/6e1a2cc4-d260-11ed-8829-f661ea17fbcc_118.json @@ -52,15 +52,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6e2355cc-c60a-4d92-a80c-e54a45ad2400_6.json b/packages/security_detection_engine/kibana/security_rule/6e2355cc-c60a-4d92-a80c-e54a45ad2400_6.json index ef03c0dc156..7d4a6280052 100644 --- a/packages/security_detection_engine/kibana/security_rule/6e2355cc-c60a-4d92-a80c-e54a45ad2400_6.json +++ b/packages/security_detection_engine/kibana/security_rule/6e2355cc-c60a-4d92-a80c-e54a45ad2400_6.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6e40d56f-5c0e-4ac6-aece-bee96645b172_311.json b/packages/security_detection_engine/kibana/security_rule/6e40d56f-5c0e-4ac6-aece-bee96645b172_311.json index 6c10752f566..0cff0520d42 100644 --- a/packages/security_detection_engine/kibana/security_rule/6e40d56f-5c0e-4ac6-aece-bee96645b172_311.json +++ b/packages/security_detection_engine/kibana/security_rule/6e40d56f-5c0e-4ac6-aece-bee96645b172_311.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/6e4f6446-67ca-11f0-a148-f661ea17fbcd_1.json b/packages/security_detection_engine/kibana/security_rule/6e4f6446-67ca-11f0-a148-f661ea17fbcd_1.json index 46bc156f9f3..d844b72326f 100644 --- a/packages/security_detection_engine/kibana/security_rule/6e4f6446-67ca-11f0-a148-f661ea17fbcd_1.json +++ b/packages/security_detection_engine/kibana/security_rule/6e4f6446-67ca-11f0-a148-f661ea17fbcd_1.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6e5189c4-d3a5-4114-8cb3-bd3a65713f19_2.json b/packages/security_detection_engine/kibana/security_rule/6e5189c4-d3a5-4114-8cb3-bd3a65713f19_2.json index 08658475e43..eae2fde31ed 100644 --- a/packages/security_detection_engine/kibana/security_rule/6e5189c4-d3a5-4114-8cb3-bd3a65713f19_2.json +++ b/packages/security_detection_engine/kibana/security_rule/6e5189c4-d3a5-4114-8cb3-bd3a65713f19_2.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6e6376c1-a71e-4789-a795-198b05664064_1.json b/packages/security_detection_engine/kibana/security_rule/6e6376c1-a71e-4789-a795-198b05664064_1.json index 14457b6f5d2..0dd7e7ddf07 100644 --- a/packages/security_detection_engine/kibana/security_rule/6e6376c1-a71e-4789-a795-198b05664064_1.json +++ b/packages/security_detection_engine/kibana/security_rule/6e6376c1-a71e-4789-a795-198b05664064_1.json @@ -40,7 +40,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6e9130a5-9be6-48e5-943a-9628bfc74b18_216.json b/packages/security_detection_engine/kibana/security_rule/6e9130a5-9be6-48e5-943a-9628bfc74b18_216.json index bf2615cc568..3125e555db0 100644 --- a/packages/security_detection_engine/kibana/security_rule/6e9130a5-9be6-48e5-943a-9628bfc74b18_216.json +++ b/packages/security_detection_engine/kibana/security_rule/6e9130a5-9be6-48e5-943a-9628bfc74b18_216.json @@ -40,11 +40,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6e9b351e-a531-4bdc-b73e-7034d6eed7ff_213.json b/packages/security_detection_engine/kibana/security_rule/6e9b351e-a531-4bdc-b73e-7034d6eed7ff_213.json index 3c24e5a0912..fd046c8cef7 100644 --- a/packages/security_detection_engine/kibana/security_rule/6e9b351e-a531-4bdc-b73e-7034d6eed7ff_213.json +++ b/packages/security_detection_engine/kibana/security_rule/6e9b351e-a531-4bdc-b73e-7034d6eed7ff_213.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6ea41894-66c3-4df7-ad6b-2c5074eb3df8_215.json b/packages/security_detection_engine/kibana/security_rule/6ea41894-66c3-4df7-ad6b-2c5074eb3df8_215.json index 256d6da976e..fb74adc2455 100644 --- a/packages/security_detection_engine/kibana/security_rule/6ea41894-66c3-4df7-ad6b-2c5074eb3df8_215.json +++ b/packages/security_detection_engine/kibana/security_rule/6ea41894-66c3-4df7-ad6b-2c5074eb3df8_215.json @@ -28,11 +28,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6ea55c81-e2ba-42f2-a134-bccf857ba922_217.json b/packages/security_detection_engine/kibana/security_rule/6ea55c81-e2ba-42f2-a134-bccf857ba922_217.json index f968db2a914..a3545dbe7d1 100644 --- a/packages/security_detection_engine/kibana/security_rule/6ea55c81-e2ba-42f2-a134-bccf857ba922_217.json +++ b/packages/security_detection_engine/kibana/security_rule/6ea55c81-e2ba-42f2-a134-bccf857ba922_217.json @@ -21,15 +21,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6eb862bb-013d-4d4f-a14b-341433ca1a1f_4.json b/packages/security_detection_engine/kibana/security_rule/6eb862bb-013d-4d4f-a14b-341433ca1a1f_4.json index 67f694edb9f..77b14fecd44 100644 --- a/packages/security_detection_engine/kibana/security_rule/6eb862bb-013d-4d4f-a14b-341433ca1a1f_4.json +++ b/packages/security_detection_engine/kibana/security_rule/6eb862bb-013d-4d4f-a14b-341433ca1a1f_4.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6ee947e9-de7e-4281-a55d-09289bdf947e_115.json b/packages/security_detection_engine/kibana/security_rule/6ee947e9-de7e-4281-a55d-09289bdf947e_115.json index fa803a17a9c..e3948f93e29 100644 --- a/packages/security_detection_engine/kibana/security_rule/6ee947e9-de7e-4281-a55d-09289bdf947e_115.json +++ b/packages/security_detection_engine/kibana/security_rule/6ee947e9-de7e-4281-a55d-09289bdf947e_115.json @@ -25,19 +25,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6f024bde-7085-489b-8250-5957efdf1caf_108.json b/packages/security_detection_engine/kibana/security_rule/6f024bde-7085-489b-8250-5957efdf1caf_108.json index 6417557080e..c54182b4ebd 100644 --- a/packages/security_detection_engine/kibana/security_rule/6f024bde-7085-489b-8250-5957efdf1caf_108.json +++ b/packages/security_detection_engine/kibana/security_rule/6f024bde-7085-489b-8250-5957efdf1caf_108.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6f1bb4b2-7dc8-11ee-92b2-f661ea17fbcd_212.json b/packages/security_detection_engine/kibana/security_rule/6f1bb4b2-7dc8-11ee-92b2-f661ea17fbcd_212.json index faba4630c2f..66c3bb5a182 100644 --- a/packages/security_detection_engine/kibana/security_rule/6f1bb4b2-7dc8-11ee-92b2-f661ea17fbcd_212.json +++ b/packages/security_detection_engine/kibana/security_rule/6f1bb4b2-7dc8-11ee-92b2-f661ea17fbcd_212.json @@ -31,7 +31,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6f435062-b7fc-4af9-acea-5b1ead65c5a5_211.json b/packages/security_detection_engine/kibana/security_rule/6f435062-b7fc-4af9-acea-5b1ead65c5a5_211.json index 91bc57b175c..93d9b91b421 100644 --- a/packages/security_detection_engine/kibana/security_rule/6f435062-b7fc-4af9-acea-5b1ead65c5a5_211.json +++ b/packages/security_detection_engine/kibana/security_rule/6f435062-b7fc-4af9-acea-5b1ead65c5a5_211.json @@ -48,7 +48,7 @@ "related_integrations": [ { "package": "google_workspace", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6fa0f15b-1926-419b-8de2-fce1429797ba_3.json b/packages/security_detection_engine/kibana/security_rule/6fa0f15b-1926-419b-8de2-fce1429797ba_3.json index 92fc3bbbb19..25360befae4 100644 --- a/packages/security_detection_engine/kibana/security_rule/6fa0f15b-1926-419b-8de2-fce1429797ba_3.json +++ b/packages/security_detection_engine/kibana/security_rule/6fa0f15b-1926-419b-8de2-fce1429797ba_3.json @@ -41,11 +41,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6fa3abe3-9cd8-41de-951b-51ed8f710523_5.json b/packages/security_detection_engine/kibana/security_rule/6fa3abe3-9cd8-41de-951b-51ed8f710523_5.json index 7dfb9c70561..5b3b656e36d 100644 --- a/packages/security_detection_engine/kibana/security_rule/6fa3abe3-9cd8-41de-951b-51ed8f710523_5.json +++ b/packages/security_detection_engine/kibana/security_rule/6fa3abe3-9cd8-41de-951b-51ed8f710523_5.json @@ -14,23 +14,23 @@ "related_integrations": [ { "package": "nginx", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "apache", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "apache_tomcat", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "iis", - "version": "^1.21.0" + "version": ">=1.21.0" }, { "package": "traefik", - "version": "^2.5.0" + "version": ">=2.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/6fb2280a-d91a-4e64-a97e-1332284d9391_104.json b/packages/security_detection_engine/kibana/security_rule/6fb2280a-d91a-4e64-a97e-1332284d9391_104.json index e4ef841719b..eed5dd9ac0f 100644 --- a/packages/security_detection_engine/kibana/security_rule/6fb2280a-d91a-4e64-a97e-1332284d9391_104.json +++ b/packages/security_detection_engine/kibana/security_rule/6fb2280a-d91a-4e64-a97e-1332284d9391_104.json @@ -18,15 +18,15 @@ "related_integrations": [ { "package": "pad", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/6fcb4fe4-ac74-449d-855b-2bbd5c51c476_3.json b/packages/security_detection_engine/kibana/security_rule/6fcb4fe4-ac74-449d-855b-2bbd5c51c476_3.json index 10b3faeab53..136af18b934 100644 --- a/packages/security_detection_engine/kibana/security_rule/6fcb4fe4-ac74-449d-855b-2bbd5c51c476_3.json +++ b/packages/security_detection_engine/kibana/security_rule/6fcb4fe4-ac74-449d-855b-2bbd5c51c476_3.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "wiz", - "version": "^4.0.0" + "version": ">=4.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/70089609-c41a-438e-b132-5b3b43c5fc07_4.json b/packages/security_detection_engine/kibana/security_rule/70089609-c41a-438e-b132-5b3b43c5fc07_4.json index 12587b2ab6a..050259eb4a5 100644 --- a/packages/security_detection_engine/kibana/security_rule/70089609-c41a-438e-b132-5b3b43c5fc07_4.json +++ b/packages/security_detection_engine/kibana/security_rule/70089609-c41a-438e-b132-5b3b43c5fc07_4.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7020ff25-76d7-4a7d-b95b-266cf27d70e8_3.json b/packages/security_detection_engine/kibana/security_rule/7020ff25-76d7-4a7d-b95b-266cf27d70e8_3.json index bbb3bb6d545..850216f81e8 100644 --- a/packages/security_detection_engine/kibana/security_rule/7020ff25-76d7-4a7d-b95b-266cf27d70e8_3.json +++ b/packages/security_detection_engine/kibana/security_rule/7020ff25-76d7-4a7d-b95b-266cf27d70e8_3.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7024e2a0-315d-4334-bb1a-441c593e16ab_216.json b/packages/security_detection_engine/kibana/security_rule/7024e2a0-315d-4334-bb1a-441c593e16ab_216.json index 8d07b9cffbe..e27f55aa15b 100644 --- a/packages/security_detection_engine/kibana/security_rule/7024e2a0-315d-4334-bb1a-441c593e16ab_216.json +++ b/packages/security_detection_engine/kibana/security_rule/7024e2a0-315d-4334-bb1a-441c593e16ab_216.json @@ -41,7 +41,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7024e2a0-315d-4334-bb1a-552d604f27bc_214.json b/packages/security_detection_engine/kibana/security_rule/7024e2a0-315d-4334-bb1a-552d604f27bc_214.json index a645bfac6ed..6539e4a7ff4 100644 --- a/packages/security_detection_engine/kibana/security_rule/7024e2a0-315d-4334-bb1a-552d604f27bc_214.json +++ b/packages/security_detection_engine/kibana/security_rule/7024e2a0-315d-4334-bb1a-552d604f27bc_214.json @@ -42,7 +42,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/70558fd5-6448-4c65-804a-8567ce02c3a2_1.json b/packages/security_detection_engine/kibana/security_rule/70558fd5-6448-4c65-804a-8567ce02c3a2_1.json index 15dc3cc8347..e5de58b75f6 100644 --- a/packages/security_detection_engine/kibana/security_rule/70558fd5-6448-4c65-804a-8567ce02c3a2_1.json +++ b/packages/security_detection_engine/kibana/security_rule/70558fd5-6448-4c65-804a-8567ce02c3a2_1.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "google_secops", - "version": "^1.0.0" + "version": ">=1.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/708c9d92-22a3-4fe0-b6b9-1f861c55502d_105.json b/packages/security_detection_engine/kibana/security_rule/708c9d92-22a3-4fe0-b6b9-1f861c55502d_105.json index 927dcf7bdc9..50c6e8c7a84 100644 --- a/packages/security_detection_engine/kibana/security_rule/708c9d92-22a3-4fe0-b6b9-1f861c55502d_105.json +++ b/packages/security_detection_engine/kibana/security_rule/708c9d92-22a3-4fe0-b6b9-1f861c55502d_105.json @@ -24,11 +24,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/70d12c9c-0dbd-4a1a-bc44-1467502c9cf6_114.json b/packages/security_detection_engine/kibana/security_rule/70d12c9c-0dbd-4a1a-bc44-1467502c9cf6_114.json index 5feb5bae009..12b837ecbda 100644 --- a/packages/security_detection_engine/kibana/security_rule/70d12c9c-0dbd-4a1a-bc44-1467502c9cf6_114.json +++ b/packages/security_detection_engine/kibana/security_rule/70d12c9c-0dbd-4a1a-bc44-1467502c9cf6_114.json @@ -40,7 +40,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/70fa1af4-27fd-4f26-bd03-50b6af6b9e24_111.json b/packages/security_detection_engine/kibana/security_rule/70fa1af4-27fd-4f26-bd03-50b6af6b9e24_111.json index c423dc00931..9bc876e5dc8 100644 --- a/packages/security_detection_engine/kibana/security_rule/70fa1af4-27fd-4f26-bd03-50b6af6b9e24_111.json +++ b/packages/security_detection_engine/kibana/security_rule/70fa1af4-27fd-4f26-bd03-50b6af6b9e24_111.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/713e0f5f-caf7-4dc2-88a7-3561f61f262a_7.json b/packages/security_detection_engine/kibana/security_rule/713e0f5f-caf7-4dc2-88a7-3561f61f262a_7.json index 052473865ed..68dc6957fec 100644 --- a/packages/security_detection_engine/kibana/security_rule/713e0f5f-caf7-4dc2-88a7-3561f61f262a_7.json +++ b/packages/security_detection_engine/kibana/security_rule/713e0f5f-caf7-4dc2-88a7-3561f61f262a_7.json @@ -43,7 +43,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7164081a-3930-11ed-a261-0242ac120002_12.json b/packages/security_detection_engine/kibana/security_rule/7164081a-3930-11ed-a261-0242ac120002_12.json index 96b7e8b2f73..30cb4fb5097 100644 --- a/packages/security_detection_engine/kibana/security_rule/7164081a-3930-11ed-a261-0242ac120002_12.json +++ b/packages/security_detection_engine/kibana/security_rule/7164081a-3930-11ed-a261-0242ac120002_12.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/717f82c2-7741-4f9b-85b8-d06aeb853f4f_215.json b/packages/security_detection_engine/kibana/security_rule/717f82c2-7741-4f9b-85b8-d06aeb853f4f_215.json index 82ab2375aa2..8b87af88141 100644 --- a/packages/security_detection_engine/kibana/security_rule/717f82c2-7741-4f9b-85b8-d06aeb853f4f_215.json +++ b/packages/security_detection_engine/kibana/security_rule/717f82c2-7741-4f9b-85b8-d06aeb853f4f_215.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/71bccb61-e19b-452f-b104-79a60e546a95_324.json b/packages/security_detection_engine/kibana/security_rule/71bccb61-e19b-452f-b104-79a60e546a95_324.json index 96a2a1f6976..80f7f1f1504 100644 --- a/packages/security_detection_engine/kibana/security_rule/71bccb61-e19b-452f-b104-79a60e546a95_324.json +++ b/packages/security_detection_engine/kibana/security_rule/71bccb61-e19b-452f-b104-79a60e546a95_324.json @@ -40,19 +40,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/71c5cb27-eca5-4151-bb47-64bc3f883270_214.json b/packages/security_detection_engine/kibana/security_rule/71c5cb27-eca5-4151-bb47-64bc3f883270_214.json index 37f84149185..2f4a8893ba0 100644 --- a/packages/security_detection_engine/kibana/security_rule/71c5cb27-eca5-4151-bb47-64bc3f883270_214.json +++ b/packages/security_detection_engine/kibana/security_rule/71c5cb27-eca5-4151-bb47-64bc3f883270_214.json @@ -23,11 +23,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/71d6a53d-abbd-40df-afee-c21fff6aafb0_8.json b/packages/security_detection_engine/kibana/security_rule/71d6a53d-abbd-40df-afee-c21fff6aafb0_8.json index ae5b8abb383..d3b566d0f27 100644 --- a/packages/security_detection_engine/kibana/security_rule/71d6a53d-abbd-40df-afee-c21fff6aafb0_8.json +++ b/packages/security_detection_engine/kibana/security_rule/71d6a53d-abbd-40df-afee-c21fff6aafb0_8.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/71de53ea-ff3b-11ee-b572-f661ea17fbce_9.json b/packages/security_detection_engine/kibana/security_rule/71de53ea-ff3b-11ee-b572-f661ea17fbce_9.json index ce45353674c..47090402db9 100644 --- a/packages/security_detection_engine/kibana/security_rule/71de53ea-ff3b-11ee-b572-f661ea17fbce_9.json +++ b/packages/security_detection_engine/kibana/security_rule/71de53ea-ff3b-11ee-b572-f661ea17fbce_9.json @@ -44,7 +44,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/720fc1aa-e195-4a1d-81d8-04edfe5313ed_2.json b/packages/security_detection_engine/kibana/security_rule/720fc1aa-e195-4a1d-81d8-04edfe5313ed_2.json index efe497bc131..b475329d46b 100644 --- a/packages/security_detection_engine/kibana/security_rule/720fc1aa-e195-4a1d-81d8-04edfe5313ed_2.json +++ b/packages/security_detection_engine/kibana/security_rule/720fc1aa-e195-4a1d-81d8-04edfe5313ed_2.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "elastic_security", - "version": "^0.1.0" + "version": ">=0.1.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/721999d0-7ab2-44bf-b328-6e63367b9b29_215.json b/packages/security_detection_engine/kibana/security_rule/721999d0-7ab2-44bf-b328-6e63367b9b29_215.json index 40609e0d96c..cb03b09659d 100644 --- a/packages/security_detection_engine/kibana/security_rule/721999d0-7ab2-44bf-b328-6e63367b9b29_215.json +++ b/packages/security_detection_engine/kibana/security_rule/721999d0-7ab2-44bf-b328-6e63367b9b29_215.json @@ -26,7 +26,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/725a048a-88c5-4fc7-8677-a44fc0031822_7.json b/packages/security_detection_engine/kibana/security_rule/725a048a-88c5-4fc7-8677-a44fc0031822_7.json index f0d31bd4542..3d7fbc04362 100644 --- a/packages/security_detection_engine/kibana/security_rule/725a048a-88c5-4fc7-8677-a44fc0031822_7.json +++ b/packages/security_detection_engine/kibana/security_rule/725a048a-88c5-4fc7-8677-a44fc0031822_7.json @@ -31,7 +31,7 @@ "related_integrations": [ { "package": "aws_bedrock", - "version": "^1.1.0" + "version": ">=1.1.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7290be75-2e10-49ec-b387-d4ed55b920ff_4.json b/packages/security_detection_engine/kibana/security_rule/7290be75-2e10-49ec-b387-d4ed55b920ff_4.json index 9b15535068e..4d69317b8dc 100644 --- a/packages/security_detection_engine/kibana/security_rule/7290be75-2e10-49ec-b387-d4ed55b920ff_4.json +++ b/packages/security_detection_engine/kibana/security_rule/7290be75-2e10-49ec-b387-d4ed55b920ff_4.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/729aa18d-06a6-41c7-b175-b65b739b1181_415.json b/packages/security_detection_engine/kibana/security_rule/729aa18d-06a6-41c7-b175-b65b739b1181_415.json index a02913d07da..ea9a4ba230a 100644 --- a/packages/security_detection_engine/kibana/security_rule/729aa18d-06a6-41c7-b175-b65b739b1181_415.json +++ b/packages/security_detection_engine/kibana/security_rule/729aa18d-06a6-41c7-b175-b65b739b1181_415.json @@ -27,7 +27,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/72c91fc0-4ac0-11f0-811f-f661ea17fbcd_3.json b/packages/security_detection_engine/kibana/security_rule/72c91fc0-4ac0-11f0-811f-f661ea17fbcd_3.json index e0e4b849e3a..e1def5b90c8 100644 --- a/packages/security_detection_engine/kibana/security_rule/72c91fc0-4ac0-11f0-811f-f661ea17fbcd_3.json +++ b/packages/security_detection_engine/kibana/security_rule/72c91fc0-4ac0-11f0-811f-f661ea17fbcd_3.json @@ -42,7 +42,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/730ed57d-ae0f-444f-af50-78708b57edd5_210.json b/packages/security_detection_engine/kibana/security_rule/730ed57d-ae0f-444f-af50-78708b57edd5_210.json index bfdcff4eb97..aa1a883df08 100644 --- a/packages/security_detection_engine/kibana/security_rule/730ed57d-ae0f-444f-af50-78708b57edd5_210.json +++ b/packages/security_detection_engine/kibana/security_rule/730ed57d-ae0f-444f-af50-78708b57edd5_210.json @@ -29,23 +29,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7318affb-bfe8-4d50-a425-f617833be160_7.json b/packages/security_detection_engine/kibana/security_rule/7318affb-bfe8-4d50-a425-f617833be160_7.json index b0284db26ad..66d7c0cac4a 100644 --- a/packages/security_detection_engine/kibana/security_rule/7318affb-bfe8-4d50-a425-f617833be160_7.json +++ b/packages/security_detection_engine/kibana/security_rule/7318affb-bfe8-4d50-a425-f617833be160_7.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/73344d2d-9cfb-4daf-b3c5-1d40a8182b86_3.json b/packages/security_detection_engine/kibana/security_rule/73344d2d-9cfb-4daf-b3c5-1d40a8182b86_3.json index 0a266dcc9c1..79cf2264dfa 100644 --- a/packages/security_detection_engine/kibana/security_rule/73344d2d-9cfb-4daf-b3c5-1d40a8182b86_3.json +++ b/packages/security_detection_engine/kibana/security_rule/73344d2d-9cfb-4daf-b3c5-1d40a8182b86_3.json @@ -50,7 +50,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/734239fe-eda8-48c0-bca8-9e3dafd81a88_7.json b/packages/security_detection_engine/kibana/security_rule/734239fe-eda8-48c0-bca8-9e3dafd81a88_7.json index 6e69ed890ae..6d03ea569be 100644 --- a/packages/security_detection_engine/kibana/security_rule/734239fe-eda8-48c0-bca8-9e3dafd81a88_7.json +++ b/packages/security_detection_engine/kibana/security_rule/734239fe-eda8-48c0-bca8-9e3dafd81a88_7.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/737626a2-4dca-4195-8ecd-68ef96fd1bad_2.json b/packages/security_detection_engine/kibana/security_rule/737626a2-4dca-4195-8ecd-68ef96fd1bad_2.json index a779f813c1c..52bb2663f2b 100644 --- a/packages/security_detection_engine/kibana/security_rule/737626a2-4dca-4195-8ecd-68ef96fd1bad_2.json +++ b/packages/security_detection_engine/kibana/security_rule/737626a2-4dca-4195-8ecd-68ef96fd1bad_2.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/737b5532-cf2e-4d40-9209-d7aec9dd25d5_3.json b/packages/security_detection_engine/kibana/security_rule/737b5532-cf2e-4d40-9209-d7aec9dd25d5_3.json index 8f3655f3d9e..082b88a3132 100644 --- a/packages/security_detection_engine/kibana/security_rule/737b5532-cf2e-4d40-9209-d7aec9dd25d5_3.json +++ b/packages/security_detection_engine/kibana/security_rule/737b5532-cf2e-4d40-9209-d7aec9dd25d5_3.json @@ -53,7 +53,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/73dd1f2c-3c24-4e13-a64b-dfd510e9fd98_1.json b/packages/security_detection_engine/kibana/security_rule/73dd1f2c-3c24-4e13-a64b-dfd510e9fd98_1.json index 3d50e381852..24876bac3e3 100644 --- a/packages/security_detection_engine/kibana/security_rule/73dd1f2c-3c24-4e13-a64b-dfd510e9fd98_1.json +++ b/packages/security_detection_engine/kibana/security_rule/73dd1f2c-3c24-4e13-a64b-dfd510e9fd98_1.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7405ddf1-6c8e-41ce-818f-48bea6bcaed8_218.json b/packages/security_detection_engine/kibana/security_rule/7405ddf1-6c8e-41ce-818f-48bea6bcaed8_218.json index 5652a6bd32e..0e2d2a250ac 100644 --- a/packages/security_detection_engine/kibana/security_rule/7405ddf1-6c8e-41ce-818f-48bea6bcaed8_218.json +++ b/packages/security_detection_engine/kibana/security_rule/7405ddf1-6c8e-41ce-818f-48bea6bcaed8_218.json @@ -42,15 +42,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/74147312-ba03-4bea-91d1-040d54c1e8c3_1.json b/packages/security_detection_engine/kibana/security_rule/74147312-ba03-4bea-91d1-040d54c1e8c3_1.json index 6af5c684d54..669b31c7484 100644 --- a/packages/security_detection_engine/kibana/security_rule/74147312-ba03-4bea-91d1-040d54c1e8c3_1.json +++ b/packages/security_detection_engine/kibana/security_rule/74147312-ba03-4bea-91d1-040d54c1e8c3_1.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "microsoft_sentinel", - "version": "^1.0.0" + "version": ">=1.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7453e19e-3dbf-4e4e-9ae0-33d6c6ed15e1_211.json b/packages/security_detection_engine/kibana/security_rule/7453e19e-3dbf-4e4e-9ae0-33d6c6ed15e1_211.json index d90bcd7d300..330a1ca6ba1 100644 --- a/packages/security_detection_engine/kibana/security_rule/7453e19e-3dbf-4e4e-9ae0-33d6c6ed15e1_211.json +++ b/packages/security_detection_engine/kibana/security_rule/7453e19e-3dbf-4e4e-9ae0-33d6c6ed15e1_211.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/745b0119-0560-43ba-860a-7235dd8cee8d_207.json b/packages/security_detection_engine/kibana/security_rule/745b0119-0560-43ba-860a-7235dd8cee8d_207.json index fd0c61c1d56..68c9b30cb12 100644 --- a/packages/security_detection_engine/kibana/security_rule/745b0119-0560-43ba-860a-7235dd8cee8d_207.json +++ b/packages/security_detection_engine/kibana/security_rule/745b0119-0560-43ba-860a-7235dd8cee8d_207.json @@ -20,15 +20,15 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/746edc4c-c54c-49c6-97a1-651223819448_208.json b/packages/security_detection_engine/kibana/security_rule/746edc4c-c54c-49c6-97a1-651223819448_208.json index ba584713a6b..cc86bcefd79 100644 --- a/packages/security_detection_engine/kibana/security_rule/746edc4c-c54c-49c6-97a1-651223819448_208.json +++ b/packages/security_detection_engine/kibana/security_rule/746edc4c-c54c-49c6-97a1-651223819448_208.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/74d31cb7-4a2c-44fe-9d1d-f375b9f3cb61_1.json b/packages/security_detection_engine/kibana/security_rule/74d31cb7-4a2c-44fe-9d1d-f375b9f3cb61_1.json index 77afce63c37..609c73405c8 100644 --- a/packages/security_detection_engine/kibana/security_rule/74d31cb7-4a2c-44fe-9d1d-f375b9f3cb61_1.json +++ b/packages/security_detection_engine/kibana/security_rule/74d31cb7-4a2c-44fe-9d1d-f375b9f3cb61_1.json @@ -13,7 +13,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/74e5241e-c1a1-4e70-844e-84ee3d73eb7d_103.json b/packages/security_detection_engine/kibana/security_rule/74e5241e-c1a1-4e70-844e-84ee3d73eb7d_103.json index b801cbae297..7ceb7451fb7 100644 --- a/packages/security_detection_engine/kibana/security_rule/74e5241e-c1a1-4e70-844e-84ee3d73eb7d_103.json +++ b/packages/security_detection_engine/kibana/security_rule/74e5241e-c1a1-4e70-844e-84ee3d73eb7d_103.json @@ -22,19 +22,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/74ee9a2d-5ed3-40c8-9e6c-523d2e6a17ef_2.json b/packages/security_detection_engine/kibana/security_rule/74ee9a2d-5ed3-40c8-9e6c-523d2e6a17ef_2.json index de0821e1b07..5120eac64dc 100644 --- a/packages/security_detection_engine/kibana/security_rule/74ee9a2d-5ed3-40c8-9e6c-523d2e6a17ef_2.json +++ b/packages/security_detection_engine/kibana/security_rule/74ee9a2d-5ed3-40c8-9e6c-523d2e6a17ef_2.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/74f45152-9aee-11ef-b0a5-f661ea17fbcd_109.json b/packages/security_detection_engine/kibana/security_rule/74f45152-9aee-11ef-b0a5-f661ea17fbcd_109.json index 3053a78f0ee..f82ccce1b59 100644 --- a/packages/security_detection_engine/kibana/security_rule/74f45152-9aee-11ef-b0a5-f661ea17fbcd_109.json +++ b/packages/security_detection_engine/kibana/security_rule/74f45152-9aee-11ef-b0a5-f661ea17fbcd_109.json @@ -38,7 +38,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/751b0329-7295-4682-b9c7-4473b99add69_105.json b/packages/security_detection_engine/kibana/security_rule/751b0329-7295-4682-b9c7-4473b99add69_105.json index cea6cee5cb9..d656b85df4b 100644 --- a/packages/security_detection_engine/kibana/security_rule/751b0329-7295-4682-b9c7-4473b99add69_105.json +++ b/packages/security_detection_engine/kibana/security_rule/751b0329-7295-4682-b9c7-4473b99add69_105.json @@ -18,15 +18,15 @@ "related_integrations": [ { "package": "pad", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/7592c127-89fb-4209-a8f6-f9944dfd7e02_112.json b/packages/security_detection_engine/kibana/security_rule/7592c127-89fb-4209-a8f6-f9944dfd7e02_112.json index 496d916c1be..fb5cfc55134 100644 --- a/packages/security_detection_engine/kibana/security_rule/7592c127-89fb-4209-a8f6-f9944dfd7e02_112.json +++ b/packages/security_detection_engine/kibana/security_rule/7592c127-89fb-4209-a8f6-f9944dfd7e02_112.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/75c53838-5dcd-11f0-829c-f661ea17fbcd_4.json b/packages/security_detection_engine/kibana/security_rule/75c53838-5dcd-11f0-829c-f661ea17fbcd_4.json index f2ea9ac8d1b..a9280e26c2b 100644 --- a/packages/security_detection_engine/kibana/security_rule/75c53838-5dcd-11f0-829c-f661ea17fbcd_4.json +++ b/packages/security_detection_engine/kibana/security_rule/75c53838-5dcd-11f0-829c-f661ea17fbcd_4.json @@ -31,7 +31,7 @@ { "integration": "platformlogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/75dcb176-a575-4e33-a020-4a52aaa1b593_6.json b/packages/security_detection_engine/kibana/security_rule/75dcb176-a575-4e33-a020-4a52aaa1b593_6.json index 6f95441fa2b..bd2d12dd3c5 100644 --- a/packages/security_detection_engine/kibana/security_rule/75dcb176-a575-4e33-a020-4a52aaa1b593_6.json +++ b/packages/security_detection_engine/kibana/security_rule/75dcb176-a575-4e33-a020-4a52aaa1b593_6.json @@ -18,7 +18,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/75ee75d8-c180-481c-ba88-ee50129a6aef_105.json b/packages/security_detection_engine/kibana/security_rule/75ee75d8-c180-481c-ba88-ee50129a6aef_105.json index 7838787b57e..3a4ebd66184 100644 --- a/packages/security_detection_engine/kibana/security_rule/75ee75d8-c180-481c-ba88-ee50129a6aef_105.json +++ b/packages/security_detection_engine/kibana/security_rule/75ee75d8-c180-481c-ba88-ee50129a6aef_105.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "apm", - "version": "^9.0.0-preview-1738343125" + "version": ">=9.0.0-preview-1738343125" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/75f9b95f-370b-4ff3-a84c-66d9ec0b84eb_1.json b/packages/security_detection_engine/kibana/security_rule/75f9b95f-370b-4ff3-a84c-66d9ec0b84eb_1.json index 1398db8f313..400e751d114 100644 --- a/packages/security_detection_engine/kibana/security_rule/75f9b95f-370b-4ff3-a84c-66d9ec0b84eb_1.json +++ b/packages/security_detection_engine/kibana/security_rule/75f9b95f-370b-4ff3-a84c-66d9ec0b84eb_1.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/76152ca1-71d0-4003-9e37-0983e12832da_108.json b/packages/security_detection_engine/kibana/security_rule/76152ca1-71d0-4003-9e37-0983e12832da_108.json index 17a3b6e9b1c..687228e4b8d 100644 --- a/packages/security_detection_engine/kibana/security_rule/76152ca1-71d0-4003-9e37-0983e12832da_108.json +++ b/packages/security_detection_engine/kibana/security_rule/76152ca1-71d0-4003-9e37-0983e12832da_108.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/764c8437-a581-4537-8060-1fdb0e92c92d_210.json b/packages/security_detection_engine/kibana/security_rule/764c8437-a581-4537-8060-1fdb0e92c92d_210.json index 92bd3f26cb1..2b8cedb5178 100644 --- a/packages/security_detection_engine/kibana/security_rule/764c8437-a581-4537-8060-1fdb0e92c92d_210.json +++ b/packages/security_detection_engine/kibana/security_rule/764c8437-a581-4537-8060-1fdb0e92c92d_210.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/764c9fcd-4c4c-41e6-a0c7-d6c46c2eff66_119.json b/packages/security_detection_engine/kibana/security_rule/764c9fcd-4c4c-41e6-a0c7-d6c46c2eff66_119.json index ee4ed0f970c..c1151f6a3a6 100644 --- a/packages/security_detection_engine/kibana/security_rule/764c9fcd-4c4c-41e6-a0c7-d6c46c2eff66_119.json +++ b/packages/security_detection_engine/kibana/security_rule/764c9fcd-4c4c-41e6-a0c7-d6c46c2eff66_119.json @@ -23,11 +23,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/766d3f91-3f12-448c-b65f-20123e9e9e8c_215.json b/packages/security_detection_engine/kibana/security_rule/766d3f91-3f12-448c-b65f-20123e9e9e8c_215.json index 89b39267d04..b833fffb33a 100644 --- a/packages/security_detection_engine/kibana/security_rule/766d3f91-3f12-448c-b65f-20123e9e9e8c_215.json +++ b/packages/security_detection_engine/kibana/security_rule/766d3f91-3f12-448c-b65f-20123e9e9e8c_215.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/769a2e72-11bd-437b-9503-e51e7790d273_1.json b/packages/security_detection_engine/kibana/security_rule/769a2e72-11bd-437b-9503-e51e7790d273_1.json index 0cf5b35fe09..72f6c9750f5 100644 --- a/packages/security_detection_engine/kibana/security_rule/769a2e72-11bd-437b-9503-e51e7790d273_1.json +++ b/packages/security_detection_engine/kibana/security_rule/769a2e72-11bd-437b-9503-e51e7790d273_1.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/76ddb638-abf7-42d5-be22-4a70b0bf7241_212.json b/packages/security_detection_engine/kibana/security_rule/76ddb638-abf7-42d5-be22-4a70b0bf7241_212.json index 9c5c6850b4e..20b32a38654 100644 --- a/packages/security_detection_engine/kibana/security_rule/76ddb638-abf7-42d5-be22-4a70b0bf7241_212.json +++ b/packages/security_detection_engine/kibana/security_rule/76ddb638-abf7-42d5-be22-4a70b0bf7241_212.json @@ -38,7 +38,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/76de17b9-af25-49a0-9378-02888b6bb3a2_102.json b/packages/security_detection_engine/kibana/security_rule/76de17b9-af25-49a0-9378-02888b6bb3a2_102.json index a13430a430e..b47a502b812 100644 --- a/packages/security_detection_engine/kibana/security_rule/76de17b9-af25-49a0-9378-02888b6bb3a2_102.json +++ b/packages/security_detection_engine/kibana/security_rule/76de17b9-af25-49a0-9378-02888b6bb3a2_102.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/76e4d92b-61c1-4a95-ab61-5fd94179a1ee_15.json b/packages/security_detection_engine/kibana/security_rule/76e4d92b-61c1-4a95-ab61-5fd94179a1ee_15.json index 51aba607e7a..ec5328024bc 100644 --- a/packages/security_detection_engine/kibana/security_rule/76e4d92b-61c1-4a95-ab61-5fd94179a1ee_15.json +++ b/packages/security_detection_engine/kibana/security_rule/76e4d92b-61c1-4a95-ab61-5fd94179a1ee_15.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/76fd43b7-3480-4dd9-8ad7-8bd36bfad92f_421.json b/packages/security_detection_engine/kibana/security_rule/76fd43b7-3480-4dd9-8ad7-8bd36bfad92f_421.json index acf3737cd47..d246504bb48 100644 --- a/packages/security_detection_engine/kibana/security_rule/76fd43b7-3480-4dd9-8ad7-8bd36bfad92f_421.json +++ b/packages/security_detection_engine/kibana/security_rule/76fd43b7-3480-4dd9-8ad7-8bd36bfad92f_421.json @@ -48,27 +48,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/770e0c4d-b998-41e5-a62e-c7901fd7f470_321.json b/packages/security_detection_engine/kibana/security_rule/770e0c4d-b998-41e5-a62e-c7901fd7f470_321.json index 8dea6d1c969..31bb82749cb 100644 --- a/packages/security_detection_engine/kibana/security_rule/770e0c4d-b998-41e5-a62e-c7901fd7f470_321.json +++ b/packages/security_detection_engine/kibana/security_rule/770e0c4d-b998-41e5-a62e-c7901fd7f470_321.json @@ -24,27 +24,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/77122db4-5876-4127-b91b-6c179eb21f88_12.json b/packages/security_detection_engine/kibana/security_rule/77122db4-5876-4127-b91b-6c179eb21f88_12.json index 16ed4767a20..f5ac42bc445 100644 --- a/packages/security_detection_engine/kibana/security_rule/77122db4-5876-4127-b91b-6c179eb21f88_12.json +++ b/packages/security_detection_engine/kibana/security_rule/77122db4-5876-4127-b91b-6c179eb21f88_12.json @@ -14,7 +14,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/774f5e28-7b75-4a58-b94e-41bf060fdd86_109.json b/packages/security_detection_engine/kibana/security_rule/774f5e28-7b75-4a58-b94e-41bf060fdd86_109.json index 3872be51604..df8f14dac52 100644 --- a/packages/security_detection_engine/kibana/security_rule/774f5e28-7b75-4a58-b94e-41bf060fdd86_109.json +++ b/packages/security_detection_engine/kibana/security_rule/774f5e28-7b75-4a58-b94e-41bf060fdd86_109.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7787362c-90ff-4b1a-b313-8808b1020e64_9.json b/packages/security_detection_engine/kibana/security_rule/7787362c-90ff-4b1a-b313-8808b1020e64_9.json index 11c52452a99..60a64080928 100644 --- a/packages/security_detection_engine/kibana/security_rule/7787362c-90ff-4b1a-b313-8808b1020e64_9.json +++ b/packages/security_detection_engine/kibana/security_rule/7787362c-90ff-4b1a-b313-8808b1020e64_9.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7811b5f7-9e07-4999-87aa-a950365cd327_1.json b/packages/security_detection_engine/kibana/security_rule/7811b5f7-9e07-4999-87aa-a950365cd327_1.json index d71f67090e0..e7b8e3d61c2 100644 --- a/packages/security_detection_engine/kibana/security_rule/7811b5f7-9e07-4999-87aa-a950365cd327_1.json +++ b/packages/security_detection_engine/kibana/security_rule/7811b5f7-9e07-4999-87aa-a950365cd327_1.json @@ -45,7 +45,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/781f8746-2180-4691-890c-4c96d11ca91d_15.json b/packages/security_detection_engine/kibana/security_rule/781f8746-2180-4691-890c-4c96d11ca91d_15.json index 891c170cf28..9ae0db364be 100644 --- a/packages/security_detection_engine/kibana/security_rule/781f8746-2180-4691-890c-4c96d11ca91d_15.json +++ b/packages/security_detection_engine/kibana/security_rule/781f8746-2180-4691-890c-4c96d11ca91d_15.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" }, { "package": "panw", - "version": "^5.2.0" + "version": ">=5.2.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/78390eb5-c838-4c1d-8240-69dd7397cfb7_108.json b/packages/security_detection_engine/kibana/security_rule/78390eb5-c838-4c1d-8240-69dd7397cfb7_108.json index 19c6b9faca7..fd8a38c5ec0 100644 --- a/packages/security_detection_engine/kibana/security_rule/78390eb5-c838-4c1d-8240-69dd7397cfb7_108.json +++ b/packages/security_detection_engine/kibana/security_rule/78390eb5-c838-4c1d-8240-69dd7397cfb7_108.json @@ -26,19 +26,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/785a404b-75aa-4ffd-8be5-3334a5a544dd_211.json b/packages/security_detection_engine/kibana/security_rule/785a404b-75aa-4ffd-8be5-3334a5a544dd_211.json index ccde8ea7e05..e7d3f2a9220 100644 --- a/packages/security_detection_engine/kibana/security_rule/785a404b-75aa-4ffd-8be5-3334a5a544dd_211.json +++ b/packages/security_detection_engine/kibana/security_rule/785a404b-75aa-4ffd-8be5-3334a5a544dd_211.json @@ -36,7 +36,7 @@ "related_integrations": [ { "package": "google_workspace", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7882cebf-6cf1-4de3-9662-213aa13e8b80_111.json b/packages/security_detection_engine/kibana/security_rule/7882cebf-6cf1-4de3-9662-213aa13e8b80_111.json index 8c0f42c30c9..3d32d0ba28e 100644 --- a/packages/security_detection_engine/kibana/security_rule/7882cebf-6cf1-4de3-9662-213aa13e8b80_111.json +++ b/packages/security_detection_engine/kibana/security_rule/7882cebf-6cf1-4de3-9662-213aa13e8b80_111.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/78c6559d-47a7-4f30-91fe-7e2e983206c2_3.json b/packages/security_detection_engine/kibana/security_rule/78c6559d-47a7-4f30-91fe-7e2e983206c2_3.json index fd9153d06d1..4b6203926f0 100644 --- a/packages/security_detection_engine/kibana/security_rule/78c6559d-47a7-4f30-91fe-7e2e983206c2_3.json +++ b/packages/security_detection_engine/kibana/security_rule/78c6559d-47a7-4f30-91fe-7e2e983206c2_3.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/78d3d8d9-b476-451d-a9e0-7a5addd70670_212.json b/packages/security_detection_engine/kibana/security_rule/78d3d8d9-b476-451d-a9e0-7a5addd70670_212.json index b3dade9cc23..45614dea55e 100644 --- a/packages/security_detection_engine/kibana/security_rule/78d3d8d9-b476-451d-a9e0-7a5addd70670_212.json +++ b/packages/security_detection_engine/kibana/security_rule/78d3d8d9-b476-451d-a9e0-7a5addd70670_212.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/78de1aeb-5225-4067-b8cc-f4a1de8a8546_313.json b/packages/security_detection_engine/kibana/security_rule/78de1aeb-5225-4067-b8cc-f4a1de8a8546_313.json deleted file mode 100644 index 95bf742ca8a..00000000000 --- a/packages/security_detection_engine/kibana/security_rule/78de1aeb-5225-4067-b8cc-f4a1de8a8546_313.json +++ /dev/null @@ -1,227 +0,0 @@ -{ - "attributes": { - "author": [ - "Elastic" - ], - "description": "Identifies suspicious processes being spawned by the ScreenConnect client processes. This activity may indicate execution abusing unauthorized access to the ScreenConnect remote access software.", - "from": "now-9m", - "index": [ - "endgame-*", - "logs-crowdstrike.fdr*", - "logs-endpoint.events.process-*", - "logs-m365_defender.event-*", - "logs-sentinel_one_cloud_funnel.*", - "logs-system.security*", - "logs-windows.sysmon_operational-*", - "winlogbeat-*" - ], - "language": "eql", - "license": "Elastic License v2", - "name": "Suspicious ScreenConnect Client Child Process", - "note": "## Triage and analysis\n\n> **Disclaimer**:\n> This investigation guide was created using generative AI technology and has been reviewed to improve its accuracy and relevance. While every effort has been made to ensure its quality, we recommend validating the content and adapting it to suit your specific environment and operational needs.\n\n### Investigating Suspicious ScreenConnect Client Child Process\n\nScreenConnect, a remote access tool, facilitates legitimate remote support but can be exploited by adversaries to execute unauthorized commands. Malicious actors may spawn processes like PowerShell or cmd.exe via ScreenConnect to perform harmful activities. The detection rule identifies such suspicious child processes, focusing on unusual arguments and process names, indicating potential abuse of remote access capabilities.\n\n### Possible investigation steps\n\n- Review the parent process name to confirm it is one of the ScreenConnect client processes listed in the query, such as ScreenConnect.ClientService.exe or ScreenConnect.WindowsClient.exe, to verify the source of the suspicious activity.\n- Examine the child process name and arguments, such as powershell.exe with encoded commands or cmd.exe with /c, to identify potentially malicious actions or commands being executed.\n- Check the network activity associated with the suspicious process, especially if the process arguments include network-related terms like *http* or *downloadstring*, to determine if there is any unauthorized data exfiltration or command and control communication.\n- Investigate the user account under which the suspicious process was executed to assess if the account has been compromised or is being misused.\n- Correlate the event with other security alerts or logs from data sources like Elastic Defend or Microsoft Defender for Endpoint to gather additional context and identify any related malicious activities.\n- Review the system's recent activity and changes, such as new scheduled tasks or services created by schtasks.exe or sc.exe, to identify any persistence mechanisms that may have been established by the attacker.\n\n### False positive analysis\n\n- Legitimate IT support activities using ScreenConnect may trigger the rule when executing scripts or commands for maintenance. To manage this, identify and whitelist specific IT support accounts or IP addresses that regularly perform these actions.\n- Automated scripts or scheduled tasks that use ScreenConnect for routine operations might be flagged. Review and document these scripts, then create exceptions for known benign processes and arguments.\n- Software updates or installations initiated through ScreenConnect can appear suspicious. Maintain a list of approved software and update processes, and exclude these from the rule.\n- Internal security tools or monitoring solutions that leverage ScreenConnect for legitimate purposes may be detected. Verify these tools and add them to an exclusion list to prevent false positives.\n- Training sessions or demonstrations using ScreenConnect to showcase command-line tools could be misinterpreted as threats. Ensure these sessions are logged and recognized as non-threatening, and adjust the rule to accommodate these scenarios.\n\n### Response and remediation\n\n- Immediately isolate the affected system from the network to prevent further unauthorized access or lateral movement by the attacker.\n- Terminate any suspicious processes identified in the alert, such as PowerShell, cmd.exe, or other flagged executables, to halt any ongoing malicious activity.\n- Review and revoke any unauthorized user accounts or privileges that may have been created or modified using tools like net.exe or schtasks.exe.\n- Conduct a thorough scan of the affected system using endpoint protection tools to identify and remove any malware or unauthorized software installed by the attacker.\n- Restore the system from a known good backup if any critical system files or configurations have been altered or compromised.\n- Escalate the incident to the security operations center (SOC) or incident response team for further investigation and to determine if additional systems are affected.\n- Implement enhanced monitoring and logging for ScreenConnect and other remote access tools to detect similar activities in the future, ensuring that alerts are promptly reviewed and acted upon.", - "query": "process where host.os.type == \"windows\" and event.type == \"start\" and\n process.parent.name :\n (\"ScreenConnect.ClientService.exe\",\n \"ScreenConnect.WindowsClient.exe\",\n \"ScreenConnect.WindowsBackstageShell.exe\",\n \"ScreenConnect.WindowsFileManager.exe\") and\n (\n (process.name : \"powershell.exe\" and\n process.args : (\"-enc\", \"-ec\", \"-e\", \"*downloadstring*\", \"*Reflection.Assembly*\", \"*http*\")) or\n (process.name : \"cmd.exe\" and process.args : \"/c\") or\n (process.name : \"net.exe\" and process.args : \"/add\") or\n (process.name : \"schtasks.exe\" and process.args : (\"/create\", \"-create\")) or\n (process.name : \"sc.exe\" and process.args : \"create\") or\n (process.name : \"rundll32.exe\" and not process.args : \"url.dll,FileProtocolHandler\") or\n (process.name : \"msiexec.exe\" and process.args : (\"/i\", \"-i\") and\n process.args : (\"/q\", \"/quiet\", \"/qn\", \"-q\", \"-quiet\", \"-qn\", \"-Q+\")) or\n process.name : (\"mshta.exe\", \"certutil.exe\", \"bistadmin.exe\", \"certreq.exe\", \"wscript.exe\", \"cscript.exe\", \"curl.exe\",\n \"ssh.exe\", \"scp.exe\", \"wevtutil.exe\", \"wget.exe\", \"wmic.exe\")\n )\n", - "references": [ - "https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708" - ], - "related_integrations": [ - { - "package": "endpoint", - "version": "^9.0.0" - }, - { - "package": "windows", - "version": "^3.0.0" - }, - { - "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" - }, - { - "package": "m365_defender", - "version": "^5.0.0" - }, - { - "package": "system", - "version": "^2.0.0" - }, - { - "package": "crowdstrike", - "version": "^3.0.0" - } - ], - "required_fields": [ - { - "ecs": true, - "name": "event.type", - "type": "keyword" - }, - { - "ecs": true, - "name": "host.os.type", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.args", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.name", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.parent.name", - "type": "keyword" - } - ], - "risk_score": 47, - "rule_id": "78de1aeb-5225-4067-b8cc-f4a1de8a8546", - "severity": "medium", - "tags": [ - "Domain: Endpoint", - "OS: Windows", - "Use Case: Threat Detection", - "Tactic: Command and Control", - "Resources: Investigation Guide", - "Data Source: Elastic Endgame", - "Data Source: Elastic Defend", - "Data Source: Sysmon", - "Data Source: SentinelOne", - "Data Source: Microsoft Defender for Endpoint", - "Data Source: Windows Security Event Logs", - "Data Source: Crowdstrike" - ], - "threat": [ - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0011", - "name": "Command and Control", - "reference": "https://attack.mitre.org/tactics/TA0011/" - }, - "technique": [ - { - "id": "T1105", - "name": "Ingress Tool Transfer", - "reference": "https://attack.mitre.org/techniques/T1105/" - }, - { - "id": "T1219", - "name": "Remote Access Tools", - "reference": "https://attack.mitre.org/techniques/T1219/" - } - ] - }, - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0005", - "name": "Defense Evasion", - "reference": "https://attack.mitre.org/tactics/TA0005/" - }, - "technique": [ - { - "id": "T1218", - "name": "System Binary Proxy Execution", - "reference": "https://attack.mitre.org/techniques/T1218/", - "subtechnique": [ - { - "id": "T1218.005", - "name": "Mshta", - "reference": "https://attack.mitre.org/techniques/T1218/005/" - }, - { - "id": "T1218.007", - "name": "Msiexec", - "reference": "https://attack.mitre.org/techniques/T1218/007/" - }, - { - "id": "T1218.011", - "name": "Rundll32", - "reference": "https://attack.mitre.org/techniques/T1218/011/" - } - ] - } - ] - }, - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0002", - "name": "Execution", - "reference": "https://attack.mitre.org/tactics/TA0002/" - }, - "technique": [ - { - "id": "T1047", - "name": "Windows Management Instrumentation", - "reference": "https://attack.mitre.org/techniques/T1047/" - }, - { - "id": "T1059", - "name": "Command and Scripting Interpreter", - "reference": "https://attack.mitre.org/techniques/T1059/", - "subtechnique": [ - { - "id": "T1059.001", - "name": "PowerShell", - "reference": "https://attack.mitre.org/techniques/T1059/001/" - }, - { - "id": "T1059.003", - "name": "Windows Command Shell", - "reference": "https://attack.mitre.org/techniques/T1059/003/" - }, - { - "id": "T1059.005", - "name": "Visual Basic", - "reference": "https://attack.mitre.org/techniques/T1059/005/" - } - ] - } - ] - }, - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0003", - "name": "Persistence", - "reference": "https://attack.mitre.org/tactics/TA0003/" - }, - "technique": [ - { - "id": "T1053", - "name": "Scheduled Task/Job", - "reference": "https://attack.mitre.org/techniques/T1053/", - "subtechnique": [ - { - "id": "T1053.005", - "name": "Scheduled Task", - "reference": "https://attack.mitre.org/techniques/T1053/005/" - } - ] - }, - { - "id": "T1543", - "name": "Create or Modify System Process", - "reference": "https://attack.mitre.org/techniques/T1543/", - "subtechnique": [ - { - "id": "T1543.003", - "name": "Windows Service", - "reference": "https://attack.mitre.org/techniques/T1543/003/" - } - ] - } - ] - } - ], - "timestamp_override": "event.ingested", - "type": "eql", - "version": 313 - }, - "id": "78de1aeb-5225-4067-b8cc-f4a1de8a8546_313", - "type": "security-rule" -} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/78de1aeb-5225-4067-b8cc-f4a1de8a8546_316.json b/packages/security_detection_engine/kibana/security_rule/78de1aeb-5225-4067-b8cc-f4a1de8a8546_316.json index ca99a5ff30a..c2d7646c003 100644 --- a/packages/security_detection_engine/kibana/security_rule/78de1aeb-5225-4067-b8cc-f4a1de8a8546_316.json +++ b/packages/security_detection_engine/kibana/security_rule/78de1aeb-5225-4067-b8cc-f4a1de8a8546_316.json @@ -26,27 +26,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/78e9b5d5-7c07-40a7-a591-3dbbf464c386_8.json b/packages/security_detection_engine/kibana/security_rule/78e9b5d5-7c07-40a7-a591-3dbbf464c386_8.json index 5069edc5503..a1b38dc0b75 100644 --- a/packages/security_detection_engine/kibana/security_rule/78e9b5d5-7c07-40a7-a591-3dbbf464c386_8.json +++ b/packages/security_detection_engine/kibana/security_rule/78e9b5d5-7c07-40a7-a591-3dbbf464c386_8.json @@ -29,7 +29,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/78ef0c95-9dc2-40ac-a8da-5deb6293a14e_12.json b/packages/security_detection_engine/kibana/security_rule/78ef0c95-9dc2-40ac-a8da-5deb6293a14e_12.json index f4787d06a7f..ee9c2c840e7 100644 --- a/packages/security_detection_engine/kibana/security_rule/78ef0c95-9dc2-40ac-a8da-5deb6293a14e_12.json +++ b/packages/security_detection_engine/kibana/security_rule/78ef0c95-9dc2-40ac-a8da-5deb6293a14e_12.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/79124edf-30a8-4d48-95c4-11522cad94b1_7.json b/packages/security_detection_engine/kibana/security_rule/79124edf-30a8-4d48-95c4-11522cad94b1_7.json index 1c40f3ac0a2..f66536b4d7f 100644 --- a/packages/security_detection_engine/kibana/security_rule/79124edf-30a8-4d48-95c4-11522cad94b1_7.json +++ b/packages/security_detection_engine/kibana/security_rule/79124edf-30a8-4d48-95c4-11522cad94b1_7.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/792dd7a6-7e00-4a0a-8a9a-a7c24720b5ec_109.json b/packages/security_detection_engine/kibana/security_rule/792dd7a6-7e00-4a0a-8a9a-a7c24720b5ec_109.json index 985de3dcab8..403ff8001b0 100644 --- a/packages/security_detection_engine/kibana/security_rule/792dd7a6-7e00-4a0a-8a9a-a7c24720b5ec_109.json +++ b/packages/security_detection_engine/kibana/security_rule/792dd7a6-7e00-4a0a-8a9a-a7c24720b5ec_109.json @@ -30,7 +30,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/79543b00-28a5-4461-81ac-644c4dc4012f_307.json b/packages/security_detection_engine/kibana/security_rule/79543b00-28a5-4461-81ac-644c4dc4012f_307.json index 0f5a782f164..ad2b7fd8145 100644 --- a/packages/security_detection_engine/kibana/security_rule/79543b00-28a5-4461-81ac-644c4dc4012f_307.json +++ b/packages/security_detection_engine/kibana/security_rule/79543b00-28a5-4461-81ac-644c4dc4012f_307.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7957f3b9-f590-4062-b9f9-003c32bfc7d6_105.json b/packages/security_detection_engine/kibana/security_rule/7957f3b9-f590-4062-b9f9-003c32bfc7d6_105.json index cdfa00819a3..c86f1384321 100644 --- a/packages/security_detection_engine/kibana/security_rule/7957f3b9-f590-4062-b9f9-003c32bfc7d6_105.json +++ b/packages/security_detection_engine/kibana/security_rule/7957f3b9-f590-4062-b9f9-003c32bfc7d6_105.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/79ce2c96-72f7-44f9-88ef-60fa1ac2ce47_9.json b/packages/security_detection_engine/kibana/security_rule/79ce2c96-72f7-44f9-88ef-60fa1ac2ce47_9.json index 0ebe7a8b9c3..24423c22651 100644 --- a/packages/security_detection_engine/kibana/security_rule/79ce2c96-72f7-44f9-88ef-60fa1ac2ce47_9.json +++ b/packages/security_detection_engine/kibana/security_rule/79ce2c96-72f7-44f9-88ef-60fa1ac2ce47_9.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/79e7291f-9e3b-4a4b-9823-800daa89c8f9_5.json b/packages/security_detection_engine/kibana/security_rule/79e7291f-9e3b-4a4b-9823-800daa89c8f9_5.json index ca92406d14c..ceb0fc69657 100644 --- a/packages/security_detection_engine/kibana/security_rule/79e7291f-9e3b-4a4b-9823-800daa89c8f9_5.json +++ b/packages/security_detection_engine/kibana/security_rule/79e7291f-9e3b-4a4b-9823-800daa89c8f9_5.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/79f0a1f7-ed6b-471c-8eb1-23abd6470b1c_217.json b/packages/security_detection_engine/kibana/security_rule/79f0a1f7-ed6b-471c-8eb1-23abd6470b1c_217.json index 6585f807c20..c66b2dee23d 100644 --- a/packages/security_detection_engine/kibana/security_rule/79f0a1f7-ed6b-471c-8eb1-23abd6470b1c_217.json +++ b/packages/security_detection_engine/kibana/security_rule/79f0a1f7-ed6b-471c-8eb1-23abd6470b1c_217.json @@ -27,27 +27,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/79f97b31-480e-4e63-a7f4-ede42bf2c6de_219.json b/packages/security_detection_engine/kibana/security_rule/79f97b31-480e-4e63-a7f4-ede42bf2c6de_219.json index 988546956d5..59dba5695c4 100644 --- a/packages/security_detection_engine/kibana/security_rule/79f97b31-480e-4e63-a7f4-ede42bf2c6de_219.json +++ b/packages/security_detection_engine/kibana/security_rule/79f97b31-480e-4e63-a7f4-ede42bf2c6de_219.json @@ -46,11 +46,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7a5cc9a8-5ea3-11ef-beec-f661ea17fbce_7.json b/packages/security_detection_engine/kibana/security_rule/7a5cc9a8-5ea3-11ef-beec-f661ea17fbce_7.json index 3cf8ae07dc3..ddc7d9b1005 100644 --- a/packages/security_detection_engine/kibana/security_rule/7a5cc9a8-5ea3-11ef-beec-f661ea17fbce_7.json +++ b/packages/security_detection_engine/kibana/security_rule/7a5cc9a8-5ea3-11ef-beec-f661ea17fbce_7.json @@ -44,7 +44,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7ab5b02c-0026-4c71-b523-dd1e97e15477_1.json b/packages/security_detection_engine/kibana/security_rule/7ab5b02c-0026-4c71-b523-dd1e97e15477_1.json index 543547496ba..87a6ec1c31e 100644 --- a/packages/security_detection_engine/kibana/security_rule/7ab5b02c-0026-4c71-b523-dd1e97e15477_1.json +++ b/packages/security_detection_engine/kibana/security_rule/7ab5b02c-0026-4c71-b523-dd1e97e15477_1.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7acb2de3-8465-472a-8d9c-ccd7b73d0ed8_11.json b/packages/security_detection_engine/kibana/security_rule/7acb2de3-8465-472a-8d9c-ccd7b73d0ed8_11.json index 9218a8b8e5f..04886b06c2f 100644 --- a/packages/security_detection_engine/kibana/security_rule/7acb2de3-8465-472a-8d9c-ccd7b73d0ed8_11.json +++ b/packages/security_detection_engine/kibana/security_rule/7acb2de3-8465-472a-8d9c-ccd7b73d0ed8_11.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7afc6cc9-8800-4c7f-be6b-b688d2dea248_11.json b/packages/security_detection_engine/kibana/security_rule/7afc6cc9-8800-4c7f-be6b-b688d2dea248_11.json index f780c19c0f8..b36768c08f7 100644 --- a/packages/security_detection_engine/kibana/security_rule/7afc6cc9-8800-4c7f-be6b-b688d2dea248_11.json +++ b/packages/security_detection_engine/kibana/security_rule/7afc6cc9-8800-4c7f-be6b-b688d2dea248_11.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7b8bfc26-81d2-435e-965c-d722ee397ef1_216.json b/packages/security_detection_engine/kibana/security_rule/7b8bfc26-81d2-435e-965c-d722ee397ef1_216.json index b89657861ae..1dab9b4e384 100644 --- a/packages/security_detection_engine/kibana/security_rule/7b8bfc26-81d2-435e-965c-d722ee397ef1_216.json +++ b/packages/security_detection_engine/kibana/security_rule/7b8bfc26-81d2-435e-965c-d722ee397ef1_216.json @@ -23,11 +23,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7b981906-86b7-4544-8033-c30ec6eb45fc_105.json b/packages/security_detection_engine/kibana/security_rule/7b981906-86b7-4544-8033-c30ec6eb45fc_105.json index f1243155abf..6dbff10cdbc 100644 --- a/packages/security_detection_engine/kibana/security_rule/7b981906-86b7-4544-8033-c30ec6eb45fc_105.json +++ b/packages/security_detection_engine/kibana/security_rule/7b981906-86b7-4544-8033-c30ec6eb45fc_105.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7ba58110-ae13-439b-8192-357b0fcfa9d7_312.json b/packages/security_detection_engine/kibana/security_rule/7ba58110-ae13-439b-8192-357b0fcfa9d7_312.json index b72c6dd35c2..b85c3e12351 100644 --- a/packages/security_detection_engine/kibana/security_rule/7ba58110-ae13-439b-8192-357b0fcfa9d7_312.json +++ b/packages/security_detection_engine/kibana/security_rule/7ba58110-ae13-439b-8192-357b0fcfa9d7_312.json @@ -39,7 +39,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7bcbb3ac-e533-41ad-a612-d6c3bf666aba_111.json b/packages/security_detection_engine/kibana/security_rule/7bcbb3ac-e533-41ad-a612-d6c3bf666aba_111.json index 60f73ee24c5..d832e05d1c4 100644 --- a/packages/security_detection_engine/kibana/security_rule/7bcbb3ac-e533-41ad-a612-d6c3bf666aba_111.json +++ b/packages/security_detection_engine/kibana/security_rule/7bcbb3ac-e533-41ad-a612-d6c3bf666aba_111.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7c2e1297-7664-42bc-af11-6d5d35220b6b_9.json b/packages/security_detection_engine/kibana/security_rule/7c2e1297-7664-42bc-af11-6d5d35220b6b_9.json index ec46f92302a..1ca95e0e55c 100644 --- a/packages/security_detection_engine/kibana/security_rule/7c2e1297-7664-42bc-af11-6d5d35220b6b_9.json +++ b/packages/security_detection_engine/kibana/security_rule/7c2e1297-7664-42bc-af11-6d5d35220b6b_9.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7c7d2a89-b7e9-4e8d-bbf2-5a782fdcc803_1.json b/packages/security_detection_engine/kibana/security_rule/7c7d2a89-b7e9-4e8d-bbf2-5a782fdcc803_1.json index 79e9d97f375..206666ccd1f 100644 --- a/packages/security_detection_engine/kibana/security_rule/7c7d2a89-b7e9-4e8d-bbf2-5a782fdcc803_1.json +++ b/packages/security_detection_engine/kibana/security_rule/7c7d2a89-b7e9-4e8d-bbf2-5a782fdcc803_1.json @@ -23,15 +23,15 @@ "related_integrations": [ { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" }, { "package": "zeek", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "suricata", - "version": "^2.24.0" + "version": ">=2.24.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7caa8e60-2df0-11ed-b814-f661ea17fbce_112.json b/packages/security_detection_engine/kibana/security_rule/7caa8e60-2df0-11ed-b814-f661ea17fbce_112.json index 6c02e8a29f2..bab56ad1e22 100644 --- a/packages/security_detection_engine/kibana/security_rule/7caa8e60-2df0-11ed-b814-f661ea17fbce_112.json +++ b/packages/security_detection_engine/kibana/security_rule/7caa8e60-2df0-11ed-b814-f661ea17fbce_112.json @@ -38,7 +38,7 @@ "related_integrations": [ { "package": "google_workspace", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7ce5e1c7-6a49-45e6-a101-0720d185667f_107.json b/packages/security_detection_engine/kibana/security_rule/7ce5e1c7-6a49-45e6-a101-0720d185667f_107.json index 22b708607ee..192bdef35a9 100644 --- a/packages/security_detection_engine/kibana/security_rule/7ce5e1c7-6a49-45e6-a101-0720d185667f_107.json +++ b/packages/security_detection_engine/kibana/security_rule/7ce5e1c7-6a49-45e6-a101-0720d185667f_107.json @@ -23,15 +23,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7ceb2216-47dd-4e64-9433-cddc99727623_109.json b/packages/security_detection_engine/kibana/security_rule/7ceb2216-47dd-4e64-9433-cddc99727623_109.json index 3704d262c04..a7b2bd79287 100644 --- a/packages/security_detection_engine/kibana/security_rule/7ceb2216-47dd-4e64-9433-cddc99727623_109.json +++ b/packages/security_detection_engine/kibana/security_rule/7ceb2216-47dd-4e64-9433-cddc99727623_109.json @@ -23,7 +23,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7d091a76-0737-11ef-8469-f661ea17fbcc_9.json b/packages/security_detection_engine/kibana/security_rule/7d091a76-0737-11ef-8469-f661ea17fbcc_9.json index b22410c2911..63e3b697850 100644 --- a/packages/security_detection_engine/kibana/security_rule/7d091a76-0737-11ef-8469-f661ea17fbcc_9.json +++ b/packages/security_detection_engine/kibana/security_rule/7d091a76-0737-11ef-8469-f661ea17fbcc_9.json @@ -43,7 +43,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7dc45430-7407-4790-b89e-c857c3f6bf23_4.json b/packages/security_detection_engine/kibana/security_rule/7dc45430-7407-4790-b89e-c857c3f6bf23_4.json index d24b91fd034..6621304c65e 100644 --- a/packages/security_detection_engine/kibana/security_rule/7dc45430-7407-4790-b89e-c857c3f6bf23_4.json +++ b/packages/security_detection_engine/kibana/security_rule/7dc45430-7407-4790-b89e-c857c3f6bf23_4.json @@ -42,19 +42,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7dc921db-4cd3-48ef-88bf-2bfa91f29f5c_2.json b/packages/security_detection_engine/kibana/security_rule/7dc921db-4cd3-48ef-88bf-2bfa91f29f5c_2.json index cf220fa24c8..47a7ab3c755 100644 --- a/packages/security_detection_engine/kibana/security_rule/7dc921db-4cd3-48ef-88bf-2bfa91f29f5c_2.json +++ b/packages/security_detection_engine/kibana/security_rule/7dc921db-4cd3-48ef-88bf-2bfa91f29f5c_2.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7df3cb8b-5c0c-4228-b772-bb6cd619053c_106.json b/packages/security_detection_engine/kibana/security_rule/7df3cb8b-5c0c-4228-b772-bb6cd619053c_106.json index 9fb84cbee73..b93a8b7cf83 100644 --- a/packages/security_detection_engine/kibana/security_rule/7df3cb8b-5c0c-4228-b772-bb6cd619053c_106.json +++ b/packages/security_detection_engine/kibana/security_rule/7df3cb8b-5c0c-4228-b772-bb6cd619053c_106.json @@ -21,11 +21,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7dfaaa17-425c-4fe7-bd36-83705fde7c2b_7.json b/packages/security_detection_engine/kibana/security_rule/7dfaaa17-425c-4fe7-bd36-83705fde7c2b_7.json index 78cf76e83c0..0076abf4cd4 100644 --- a/packages/security_detection_engine/kibana/security_rule/7dfaaa17-425c-4fe7-bd36-83705fde7c2b_7.json +++ b/packages/security_detection_engine/kibana/security_rule/7dfaaa17-425c-4fe7-bd36-83705fde7c2b_7.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7e23dfef-da2c-4d64-b11d-5f285b638853_316.json b/packages/security_detection_engine/kibana/security_rule/7e23dfef-da2c-4d64-b11d-5f285b638853_316.json index 68d99aa1a42..c4733d2a04d 100644 --- a/packages/security_detection_engine/kibana/security_rule/7e23dfef-da2c-4d64-b11d-5f285b638853_316.json +++ b/packages/security_detection_engine/kibana/security_rule/7e23dfef-da2c-4d64-b11d-5f285b638853_316.json @@ -27,27 +27,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7e2abdb3-c7b0-4e11-ba2f-6657602800a1_1.json b/packages/security_detection_engine/kibana/security_rule/7e2abdb3-c7b0-4e11-ba2f-6657602800a1_1.json index 2517715f3fc..e43f8a5d089 100644 --- a/packages/security_detection_engine/kibana/security_rule/7e2abdb3-c7b0-4e11-ba2f-6657602800a1_1.json +++ b/packages/security_detection_engine/kibana/security_rule/7e2abdb3-c7b0-4e11-ba2f-6657602800a1_1.json @@ -30,7 +30,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7e3f9a2b-1c4d-5e6f-8a0b-9c8d7e6f5a4b_2.json b/packages/security_detection_engine/kibana/security_rule/7e3f9a2b-1c4d-5e6f-8a0b-9c8d7e6f5a4b_2.json index 21fce7efbde..f2e72a05c92 100644 --- a/packages/security_detection_engine/kibana/security_rule/7e3f9a2b-1c4d-5e6f-8a0b-9c8d7e6f5a4b_2.json +++ b/packages/security_detection_engine/kibana/security_rule/7e3f9a2b-1c4d-5e6f-8a0b-9c8d7e6f5a4b_2.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7e5c0e5a-95a5-404e-a5b0-278d35dc3325_1.json b/packages/security_detection_engine/kibana/security_rule/7e5c0e5a-95a5-404e-a5b0-278d35dc3325_1.json index a12dd0cd962..b7c2a86d78f 100644 --- a/packages/security_detection_engine/kibana/security_rule/7e5c0e5a-95a5-404e-a5b0-278d35dc3325_1.json +++ b/packages/security_detection_engine/kibana/security_rule/7e5c0e5a-95a5-404e-a5b0-278d35dc3325_1.json @@ -33,7 +33,7 @@ "related_integrations": [ { "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7e763fd1-228a-4d43-be88-3ffc14cd7de1_5.json b/packages/security_detection_engine/kibana/security_rule/7e763fd1-228a-4d43-be88-3ffc14cd7de1_5.json index ae46f941c0a..00d5560e4ae 100644 --- a/packages/security_detection_engine/kibana/security_rule/7e763fd1-228a-4d43-be88-3ffc14cd7de1_5.json +++ b/packages/security_detection_engine/kibana/security_rule/7e763fd1-228a-4d43-be88-3ffc14cd7de1_5.json @@ -22,19 +22,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7eb54028-ca72-4eb7-8185-b6864572347db_4.json b/packages/security_detection_engine/kibana/security_rule/7eb54028-ca72-4eb7-8185-b6864572347db_4.json index 3c2f7d5f777..bc4077ae962 100644 --- a/packages/security_detection_engine/kibana/security_rule/7eb54028-ca72-4eb7-8185-b6864572347db_4.json +++ b/packages/security_detection_engine/kibana/security_rule/7eb54028-ca72-4eb7-8185-b6864572347db_4.json @@ -24,27 +24,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7ed84571-58ac-46da-a0ab-9c213ef2927b_1.json b/packages/security_detection_engine/kibana/security_rule/7ed84571-58ac-46da-a0ab-9c213ef2927b_1.json index 1bf21db4505..928a5b1ff6a 100644 --- a/packages/security_detection_engine/kibana/security_rule/7ed84571-58ac-46da-a0ab-9c213ef2927b_1.json +++ b/packages/security_detection_engine/kibana/security_rule/7ed84571-58ac-46da-a0ab-9c213ef2927b_1.json @@ -17,11 +17,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7efca3ad-a348-43b2-b544-c93a78a0ef92_108.json b/packages/security_detection_engine/kibana/security_rule/7efca3ad-a348-43b2-b544-c93a78a0ef92_108.json index 85de62f87c1..524b85f995d 100644 --- a/packages/security_detection_engine/kibana/security_rule/7efca3ad-a348-43b2-b544-c93a78a0ef92_108.json +++ b/packages/security_detection_engine/kibana/security_rule/7efca3ad-a348-43b2-b544-c93a78a0ef92_108.json @@ -19,15 +19,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7f3521dd-fb80-4548-a7eb-8db37b898dc2_5.json b/packages/security_detection_engine/kibana/security_rule/7f3521dd-fb80-4548-a7eb-8db37b898dc2_5.json index 21dd7da772d..e4c4923862b 100644 --- a/packages/security_detection_engine/kibana/security_rule/7f3521dd-fb80-4548-a7eb-8db37b898dc2_5.json +++ b/packages/security_detection_engine/kibana/security_rule/7f3521dd-fb80-4548-a7eb-8db37b898dc2_5.json @@ -42,19 +42,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7f370d54-c0eb-4270-ac5a-9a6020585dc6_214.json b/packages/security_detection_engine/kibana/security_rule/7f370d54-c0eb-4270-ac5a-9a6020585dc6_214.json index cc3122087c1..439702bb2e7 100644 --- a/packages/security_detection_engine/kibana/security_rule/7f370d54-c0eb-4270-ac5a-9a6020585dc6_214.json +++ b/packages/security_detection_engine/kibana/security_rule/7f370d54-c0eb-4270-ac5a-9a6020585dc6_214.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7f3a9c2e-1d4b-5e6f-8a9b-0c1d2e3f4a5b_1.json b/packages/security_detection_engine/kibana/security_rule/7f3a9c2e-1d4b-5e6f-8a9b-0c1d2e3f4a5b_1.json index cbdbcd8a7f0..3b06576748a 100644 --- a/packages/security_detection_engine/kibana/security_rule/7f3a9c2e-1d4b-5e6f-8a9b-0c1d2e3f4a5b_1.json +++ b/packages/security_detection_engine/kibana/security_rule/7f3a9c2e-1d4b-5e6f-8a9b-0c1d2e3f4a5b_1.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7f3e8b9a-2c4d-5e6f-8a1b-9c2d3e4f5a6b_4.json b/packages/security_detection_engine/kibana/security_rule/7f3e8b9a-2c4d-5e6f-8a1b-9c2d3e4f5a6b_4.json index 53e50c19cef..fa08377c4e6 100644 --- a/packages/security_detection_engine/kibana/security_rule/7f3e8b9a-2c4d-5e6f-8a1b-9c2d3e4f5a6b_4.json +++ b/packages/security_detection_engine/kibana/security_rule/7f3e8b9a-2c4d-5e6f-8a1b-9c2d3e4f5a6b_4.json @@ -25,11 +25,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7f65f984-5642-4291-a0a0-2bbefce4c617_7.json b/packages/security_detection_engine/kibana/security_rule/7f65f984-5642-4291-a0a0-2bbefce4c617_7.json index 8b2e5f3f8b7..e674dec3798 100644 --- a/packages/security_detection_engine/kibana/security_rule/7f65f984-5642-4291-a0a0-2bbefce4c617_7.json +++ b/packages/security_detection_engine/kibana/security_rule/7f65f984-5642-4291-a0a0-2bbefce4c617_7.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7f7a0ee1-7b6f-466a-85b4-110fb105f5e2_1.json b/packages/security_detection_engine/kibana/security_rule/7f7a0ee1-7b6f-466a-85b4-110fb105f5e2_1.json deleted file mode 100644 index b717b23d030..00000000000 --- a/packages/security_detection_engine/kibana/security_rule/7f7a0ee1-7b6f-466a-85b4-110fb105f5e2_1.json +++ /dev/null @@ -1,131 +0,0 @@ -{ - "attributes": { - "author": [ - "Elastic" - ], - "building_block_type": "default", - "description": "This rule detects potential SQL injection attempts in web server requests by identifying common SQL injection patterns in URLs. Such activity may indicate reconnaissance or exploitation attempts by attackers trying to manipulate backend databases or extract sensitive information.", - "from": "now-9m", - "index": [ - "logs-nginx.access-*", - "logs-apache.access-*", - "logs-apache_tomcat.access-*", - "logs-iis.access-*" - ], - "interval": "10m", - "language": "eql", - "license": "Elastic License v2", - "name": "Web Server Potential SQL Injection Request", - "query": "any where url.original like~ (\n \"*%20order%20by%*\", \"*dbms_pipe.receive_message%28chr%*\", \"*waitfor%20delay%20*\", \"*%28select%20*from%20pg_sleep%285*\", \"*%28select%28sleep%285*\", \"*%3bselect%20pg_sleep%285*\",\n \"*select%20concat%28concat*\", \"*xp_cmdshell*\", \"*select*case*when*\", \"*and*extractvalue*select*\", \"*from*information_schema.tables*\", \"*boolean*mode*having*\", \"*extractvalue*concat*\",\n \"*case*when*sleep*\", \"*select*sleep*\", \"*dbms_lock.sleep*\", \"*and*sleep*\", \"*like*sleep*\", \"*csleep*\", \"*pgsleep*\", \"*char*char*char*\", \"*union*select*\", \"*concat*select*\",\n \"*select*else*drop*\", \"*having*like*\", \"*case*else*end*\", \"*if*sleep*\", \"*where*and*select*\", \"*or*1=1*\", \"*\\\"1\\\"=\\\"1\\\"*\", \"*or*'a'='a*\", \"*into*outfile*\", \"*pga_sleep*\",\n \"*into%20outfile*\", \"*into*dumpfile*\", \"*load_file%28*\", \"*load%5ffile%28*\", \"*cast%28*\", \"*convert%28*\", \"*cast%28%*\", \"*convert%28%*\", \"*@@version*\", \"*@@version_comment*\",\n \"*version%28*\", \"*user%28*\", \"*current_user%28*\", \"*database%28*\", \"*schema_name%28*\", \"*information_schema.columns*\", \"*information_schema.columns*\", \"*table_schema*\",\n \"*column_name*\", \"*dbms_pipe*\", \"*dbms_lock%2e*sleep*\", \"*dbms_lock.sleep*\", \"*sp_executesql*\", \"*sp_executesql*\", \"*load%20data*\", \"*information_schema*\", \"*pg_slp*\",\n \"*information_schema.tables*\"\n)\n", - "required_fields": [ - { - "ecs": true, - "name": "url.original", - "type": "wildcard" - } - ], - "risk_score": 21, - "rule_id": "7f7a0ee1-7b6f-466a-85b4-110fb105f5e2", - "severity": "low", - "tags": [ - "Domain: Web", - "Use Case: Threat Detection", - "Tactic: Reconnaissance", - "Tactic: Credential Access", - "Tactic: Persistence", - "Tactic: Execution", - "Tactic: Command and Control", - "Data Source: Nginx", - "Data Source: Apache", - "Data Source: Apache Tomcat", - "Data Source: IIS", - "Rule Type: BBR" - ], - "threat": [ - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0003", - "name": "Persistence", - "reference": "https://attack.mitre.org/tactics/TA0003/" - }, - "technique": [ - { - "id": "T1505", - "name": "Server Software Component", - "reference": "https://attack.mitre.org/techniques/T1505/" - } - ] - }, - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0002", - "name": "Execution", - "reference": "https://attack.mitre.org/tactics/TA0002/" - }, - "technique": [ - { - "id": "T1059", - "name": "Command and Scripting Interpreter", - "reference": "https://attack.mitre.org/techniques/T1059/", - "subtechnique": [ - { - "id": "T1059.004", - "name": "Unix Shell", - "reference": "https://attack.mitre.org/techniques/T1059/004/" - } - ] - } - ] - }, - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0011", - "name": "Command and Control", - "reference": "https://attack.mitre.org/tactics/TA0011/" - }, - "technique": [ - { - "id": "T1071", - "name": "Application Layer Protocol", - "reference": "https://attack.mitre.org/techniques/T1071/" - } - ] - }, - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0043", - "name": "Reconnaissance", - "reference": "https://attack.mitre.org/tactics/TA0043/" - }, - "technique": [ - { - "id": "T1595", - "name": "Active Scanning", - "reference": "https://attack.mitre.org/techniques/T1595/", - "subtechnique": [ - { - "id": "T1595.002", - "name": "Vulnerability Scanning", - "reference": "https://attack.mitre.org/techniques/T1595/002/" - }, - { - "id": "T1595.003", - "name": "Wordlist Scanning", - "reference": "https://attack.mitre.org/techniques/T1595/003/" - } - ] - } - ] - } - ], - "timestamp_override": "event.ingested", - "type": "eql", - "version": 1 - }, - "id": "7f7a0ee1-7b6f-466a-85b4-110fb105f5e2_1", - "type": "security-rule" -} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/7f89afef-9fc5-4e7b-bf16-75ffdf27f8db_105.json b/packages/security_detection_engine/kibana/security_rule/7f89afef-9fc5-4e7b-bf16-75ffdf27f8db_105.json index 1c9fc23b5db..5c9fc724c34 100644 --- a/packages/security_detection_engine/kibana/security_rule/7f89afef-9fc5-4e7b-bf16-75ffdf27f8db_105.json +++ b/packages/security_detection_engine/kibana/security_rule/7f89afef-9fc5-4e7b-bf16-75ffdf27f8db_105.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7fb500fa-8e24-4bd1-9480-2a819352602c_20.json b/packages/security_detection_engine/kibana/security_rule/7fb500fa-8e24-4bd1-9480-2a819352602c_20.json index e5aa89a3deb..c3fc8be061a 100644 --- a/packages/security_detection_engine/kibana/security_rule/7fb500fa-8e24-4bd1-9480-2a819352602c_20.json +++ b/packages/security_detection_engine/kibana/security_rule/7fb500fa-8e24-4bd1-9480-2a819352602c_20.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7fc95782-4bd1-11f0-9838-f661ea17fbcd_4.json b/packages/security_detection_engine/kibana/security_rule/7fc95782-4bd1-11f0-9838-f661ea17fbcd_4.json index f4102937a25..c72dd88147b 100644 --- a/packages/security_detection_engine/kibana/security_rule/7fc95782-4bd1-11f0-9838-f661ea17fbcd_4.json +++ b/packages/security_detection_engine/kibana/security_rule/7fc95782-4bd1-11f0-9838-f661ea17fbcd_4.json @@ -61,7 +61,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/7fda9bb2-fd28-11ee-85f9-f661ea17fbce_12.json b/packages/security_detection_engine/kibana/security_rule/7fda9bb2-fd28-11ee-85f9-f661ea17fbce_12.json index b672bafbb4d..d1c1faadff2 100644 --- a/packages/security_detection_engine/kibana/security_rule/7fda9bb2-fd28-11ee-85f9-f661ea17fbce_12.json +++ b/packages/security_detection_engine/kibana/security_rule/7fda9bb2-fd28-11ee-85f9-f661ea17fbce_12.json @@ -46,7 +46,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/80084fa9-8677-4453-8680-b891d3c0c778_111.json b/packages/security_detection_engine/kibana/security_rule/80084fa9-8677-4453-8680-b891d3c0c778_111.json index ef8bbfe8cc0..d0e2e2564be 100644 --- a/packages/security_detection_engine/kibana/security_rule/80084fa9-8677-4453-8680-b891d3c0c778_111.json +++ b/packages/security_detection_engine/kibana/security_rule/80084fa9-8677-4453-8680-b891d3c0c778_111.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/800e01be-a7a4-46d0-8de9-69f3c9582b44_6.json b/packages/security_detection_engine/kibana/security_rule/800e01be-a7a4-46d0-8de9-69f3c9582b44_6.json index f70f33b2c73..dae479edbc3 100644 --- a/packages/security_detection_engine/kibana/security_rule/800e01be-a7a4-46d0-8de9-69f3c9582b44_6.json +++ b/packages/security_detection_engine/kibana/security_rule/800e01be-a7a4-46d0-8de9-69f3c9582b44_6.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8025db49-c57c-4fc0-bd86-7ccd6d10a35a_110.json b/packages/security_detection_engine/kibana/security_rule/8025db49-c57c-4fc0-bd86-7ccd6d10a35a_110.json index 8abb8f20c99..b3ff15a213c 100644 --- a/packages/security_detection_engine/kibana/security_rule/8025db49-c57c-4fc0-bd86-7ccd6d10a35a_110.json +++ b/packages/security_detection_engine/kibana/security_rule/8025db49-c57c-4fc0-bd86-7ccd6d10a35a_110.json @@ -61,7 +61,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/804a7ac8-fc00-11ee-924b-f661ea17fbce_6.json b/packages/security_detection_engine/kibana/security_rule/804a7ac8-fc00-11ee-924b-f661ea17fbce_6.json index bae3fe4096d..5235465e1e6 100644 --- a/packages/security_detection_engine/kibana/security_rule/804a7ac8-fc00-11ee-924b-f661ea17fbce_6.json +++ b/packages/security_detection_engine/kibana/security_rule/804a7ac8-fc00-11ee-924b-f661ea17fbce_6.json @@ -49,7 +49,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/808291d3-e918-4a3a-86cd-73052a0c9bdc_108.json b/packages/security_detection_engine/kibana/security_rule/808291d3-e918-4a3a-86cd-73052a0c9bdc_108.json index 5f59845cf75..b29e32821cb 100644 --- a/packages/security_detection_engine/kibana/security_rule/808291d3-e918-4a3a-86cd-73052a0c9bdc_108.json +++ b/packages/security_detection_engine/kibana/security_rule/808291d3-e918-4a3a-86cd-73052a0c9bdc_108.json @@ -24,15 +24,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/809b70d3-e2c3-455e-af1b-2626a5a1a276_213.json b/packages/security_detection_engine/kibana/security_rule/809b70d3-e2c3-455e-af1b-2626a5a1a276_213.json index 7d49dc91eb1..58db56eeadc 100644 --- a/packages/security_detection_engine/kibana/security_rule/809b70d3-e2c3-455e-af1b-2626a5a1a276_213.json +++ b/packages/security_detection_engine/kibana/security_rule/809b70d3-e2c3-455e-af1b-2626a5a1a276_213.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/80aa6cca-b343-457b-877e-5877cd71a1f8_1.json b/packages/security_detection_engine/kibana/security_rule/80aa6cca-b343-457b-877e-5877cd71a1f8_1.json index 516e69bb855..e3a0ac9a38d 100644 --- a/packages/security_detection_engine/kibana/security_rule/80aa6cca-b343-457b-877e-5877cd71a1f8_1.json +++ b/packages/security_detection_engine/kibana/security_rule/80aa6cca-b343-457b-877e-5877cd71a1f8_1.json @@ -40,7 +40,7 @@ { "integration": "aadgraphactivitylogs", "package": "azure", - "version": "^1.37.0" + "version": ">=1.37.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/80d7f4ef-c3b6-4466-80f4-805bdd10507d_1.json b/packages/security_detection_engine/kibana/security_rule/80d7f4ef-c3b6-4466-80f4-805bdd10507d_1.json index 81045539db0..851205cbfd2 100644 --- a/packages/security_detection_engine/kibana/security_rule/80d7f4ef-c3b6-4466-80f4-805bdd10507d_1.json +++ b/packages/security_detection_engine/kibana/security_rule/80d7f4ef-c3b6-4466-80f4-805bdd10507d_1.json @@ -27,7 +27,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/81139742-4d3a-49f3-a6dd-e0fb9834f959_1.json b/packages/security_detection_engine/kibana/security_rule/81139742-4d3a-49f3-a6dd-e0fb9834f959_1.json index 397af6b0e4d..cf45ae395ba 100644 --- a/packages/security_detection_engine/kibana/security_rule/81139742-4d3a-49f3-a6dd-e0fb9834f959_1.json +++ b/packages/security_detection_engine/kibana/security_rule/81139742-4d3a-49f3-a6dd-e0fb9834f959_1.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/814d96c7-2068-42aa-ba8e-fe0ddd565e2e_109.json b/packages/security_detection_engine/kibana/security_rule/814d96c7-2068-42aa-ba8e-fe0ddd565e2e_109.json index dc05eb330f8..cbfaa9a2327 100644 --- a/packages/security_detection_engine/kibana/security_rule/814d96c7-2068-42aa-ba8e-fe0ddd565e2e_109.json +++ b/packages/security_detection_engine/kibana/security_rule/814d96c7-2068-42aa-ba8e-fe0ddd565e2e_109.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "lmd", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/8154d01d-04d1-4695-bcbb-95a1bb606355_2.json b/packages/security_detection_engine/kibana/security_rule/8154d01d-04d1-4695-bcbb-95a1bb606355_2.json index adaa47b3302..da3c3378440 100644 --- a/packages/security_detection_engine/kibana/security_rule/8154d01d-04d1-4695-bcbb-95a1bb606355_2.json +++ b/packages/security_detection_engine/kibana/security_rule/8154d01d-04d1-4695-bcbb-95a1bb606355_2.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8167c5ae-3310-439a-8a58-be60f55023d2_5.json b/packages/security_detection_engine/kibana/security_rule/8167c5ae-3310-439a-8a58-be60f55023d2_5.json index 04df765bc17..f2b954c9167 100644 --- a/packages/security_detection_engine/kibana/security_rule/8167c5ae-3310-439a-8a58-be60f55023d2_5.json +++ b/packages/security_detection_engine/kibana/security_rule/8167c5ae-3310-439a-8a58-be60f55023d2_5.json @@ -23,15 +23,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/81892f44-4946-4b27-95d3-1d8929b114a7_102.json b/packages/security_detection_engine/kibana/security_rule/81892f44-4946-4b27-95d3-1d8929b114a7_102.json index 76c17263450..c1a3e9f3f31 100644 --- a/packages/security_detection_engine/kibana/security_rule/81892f44-4946-4b27-95d3-1d8929b114a7_102.json +++ b/packages/security_detection_engine/kibana/security_rule/81892f44-4946-4b27-95d3-1d8929b114a7_102.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/818e23e6-2094-4f0e-8c01-22d30f3506c6_317.json b/packages/security_detection_engine/kibana/security_rule/818e23e6-2094-4f0e-8c01-22d30f3506c6_317.json index dde881d9187..b9cf639dea3 100644 --- a/packages/security_detection_engine/kibana/security_rule/818e23e6-2094-4f0e-8c01-22d30f3506c6_317.json +++ b/packages/security_detection_engine/kibana/security_rule/818e23e6-2094-4f0e-8c01-22d30f3506c6_317.json @@ -40,23 +40,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/81fe9dc6-a2d7-4192-a2d8-eed98afc766a_320.json b/packages/security_detection_engine/kibana/security_rule/81fe9dc6-a2d7-4192-a2d8-eed98afc766a_320.json index e0c24c81ee3..2674b1f9c92 100644 --- a/packages/security_detection_engine/kibana/security_rule/81fe9dc6-a2d7-4192-a2d8-eed98afc766a_320.json +++ b/packages/security_detection_engine/kibana/security_rule/81fe9dc6-a2d7-4192-a2d8-eed98afc766a_320.json @@ -53,7 +53,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/81ff45f8-f8c2-4e28-992e-5a0e8d98e0fe_114.json b/packages/security_detection_engine/kibana/security_rule/81ff45f8-f8c2-4e28-992e-5a0e8d98e0fe_114.json index c429ae189f6..8d7a6b61996 100644 --- a/packages/security_detection_engine/kibana/security_rule/81ff45f8-f8c2-4e28-992e-5a0e8d98e0fe_114.json +++ b/packages/security_detection_engine/kibana/security_rule/81ff45f8-f8c2-4e28-992e-5a0e8d98e0fe_114.json @@ -24,11 +24,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8248323e-f888-4134-a26f-37a6362f7231_2.json b/packages/security_detection_engine/kibana/security_rule/8248323e-f888-4134-a26f-37a6362f7231_2.json index efcb1d62d14..f1865bd56b5 100644 --- a/packages/security_detection_engine/kibana/security_rule/8248323e-f888-4134-a26f-37a6362f7231_2.json +++ b/packages/security_detection_engine/kibana/security_rule/8248323e-f888-4134-a26f-37a6362f7231_2.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/827f8d8f-4117-4ae4-b551-f56d54b9da6b_213.json b/packages/security_detection_engine/kibana/security_rule/827f8d8f-4117-4ae4-b551-f56d54b9da6b_213.json index 6edf0a5e15c..b515a7e2441 100644 --- a/packages/security_detection_engine/kibana/security_rule/827f8d8f-4117-4ae4-b551-f56d54b9da6b_213.json +++ b/packages/security_detection_engine/kibana/security_rule/827f8d8f-4117-4ae4-b551-f56d54b9da6b_213.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8293bf1f-8dd0-434e-b52a-1aa6ec101777_1.json b/packages/security_detection_engine/kibana/security_rule/8293bf1f-8dd0-434e-b52a-1aa6ec101777_1.json index 5f637728c34..014d967e642 100644 --- a/packages/security_detection_engine/kibana/security_rule/8293bf1f-8dd0-434e-b52a-1aa6ec101777_1.json +++ b/packages/security_detection_engine/kibana/security_rule/8293bf1f-8dd0-434e-b52a-1aa6ec101777_1.json @@ -23,15 +23,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/82f842c2-7c36-438c-b562-5afe54ab11f4_7.json b/packages/security_detection_engine/kibana/security_rule/82f842c2-7c36-438c-b562-5afe54ab11f4_7.json index fb1e8a5aef5..4772d56fc15 100644 --- a/packages/security_detection_engine/kibana/security_rule/82f842c2-7c36-438c-b562-5afe54ab11f4_7.json +++ b/packages/security_detection_engine/kibana/security_rule/82f842c2-7c36-438c-b562-5afe54ab11f4_7.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/834ee026-f9f9-4ec7-b5e0-7fbfe84765f4_7.json b/packages/security_detection_engine/kibana/security_rule/834ee026-f9f9-4ec7-b5e0-7fbfe84765f4_7.json index e8cae3d89fe..e0adae3bbf8 100644 --- a/packages/security_detection_engine/kibana/security_rule/834ee026-f9f9-4ec7-b5e0-7fbfe84765f4_7.json +++ b/packages/security_detection_engine/kibana/security_rule/834ee026-f9f9-4ec7-b5e0-7fbfe84765f4_7.json @@ -19,15 +19,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/835c0622-114e-40b5-a346-f843ea5d01f1_14.json b/packages/security_detection_engine/kibana/security_rule/835c0622-114e-40b5-a346-f843ea5d01f1_14.json index 30d7611825b..8c6b47af114 100644 --- a/packages/security_detection_engine/kibana/security_rule/835c0622-114e-40b5-a346-f843ea5d01f1_14.json +++ b/packages/security_detection_engine/kibana/security_rule/835c0622-114e-40b5-a346-f843ea5d01f1_14.json @@ -14,7 +14,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8383a8d0-008b-47a5-94e5-496629dc3590_5.json b/packages/security_detection_engine/kibana/security_rule/8383a8d0-008b-47a5-94e5-496629dc3590_5.json index 5450c396732..54ea0f8330e 100644 --- a/packages/security_detection_engine/kibana/security_rule/8383a8d0-008b-47a5-94e5-496629dc3590_5.json +++ b/packages/security_detection_engine/kibana/security_rule/8383a8d0-008b-47a5-94e5-496629dc3590_5.json @@ -14,23 +14,23 @@ "related_integrations": [ { "package": "nginx", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "apache", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "apache_tomcat", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "iis", - "version": "^1.21.0" + "version": ">=1.21.0" }, { "package": "traefik", - "version": "^2.5.0" + "version": ">=2.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/83a1931d-8136-46fc-b7b9-2db4f639e014_108.json b/packages/security_detection_engine/kibana/security_rule/83a1931d-8136-46fc-b7b9-2db4f639e014_108.json index 2ff3cad13c6..95b743e664a 100644 --- a/packages/security_detection_engine/kibana/security_rule/83a1931d-8136-46fc-b7b9-2db4f639e014_108.json +++ b/packages/security_detection_engine/kibana/security_rule/83a1931d-8136-46fc-b7b9-2db4f639e014_108.json @@ -24,7 +24,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/83bf249e-4348-47ba-9741-1202a09556ad_214.json b/packages/security_detection_engine/kibana/security_rule/83bf249e-4348-47ba-9741-1202a09556ad_214.json index 24fdbf61501..a6e87669045 100644 --- a/packages/security_detection_engine/kibana/security_rule/83bf249e-4348-47ba-9741-1202a09556ad_214.json +++ b/packages/security_detection_engine/kibana/security_rule/83bf249e-4348-47ba-9741-1202a09556ad_214.json @@ -24,27 +24,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/83e9c2b3-24ef-4c1d-a8cd-5ebafb5dfa2f_115.json b/packages/security_detection_engine/kibana/security_rule/83e9c2b3-24ef-4c1d-a8cd-5ebafb5dfa2f_115.json index bcb7e163cff..7a0ddb5fd0f 100644 --- a/packages/security_detection_engine/kibana/security_rule/83e9c2b3-24ef-4c1d-a8cd-5ebafb5dfa2f_115.json +++ b/packages/security_detection_engine/kibana/security_rule/83e9c2b3-24ef-4c1d-a8cd-5ebafb5dfa2f_115.json @@ -21,11 +21,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8446517c-f789-11ee-8ad0-f661ea17fbce_9.json b/packages/security_detection_engine/kibana/security_rule/8446517c-f789-11ee-8ad0-f661ea17fbce_9.json index c0eb89655a5..ab0b8fd051a 100644 --- a/packages/security_detection_engine/kibana/security_rule/8446517c-f789-11ee-8ad0-f661ea17fbce_9.json +++ b/packages/security_detection_engine/kibana/security_rule/8446517c-f789-11ee-8ad0-f661ea17fbce_9.json @@ -44,7 +44,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/846fe13f-6772-4c83-bd39-9d16d4ad1a81_110.json b/packages/security_detection_engine/kibana/security_rule/846fe13f-6772-4c83-bd39-9d16d4ad1a81_110.json index 1d41defae03..dfa837f6a37 100644 --- a/packages/security_detection_engine/kibana/security_rule/846fe13f-6772-4c83-bd39-9d16d4ad1a81_110.json +++ b/packages/security_detection_engine/kibana/security_rule/846fe13f-6772-4c83-bd39-9d16d4ad1a81_110.json @@ -72,7 +72,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/84755a05-78c8-4430-8681-89cd6c857d71_7.json b/packages/security_detection_engine/kibana/security_rule/84755a05-78c8-4430-8681-89cd6c857d71_7.json index a3f561fff45..5b5e03ecebc 100644 --- a/packages/security_detection_engine/kibana/security_rule/84755a05-78c8-4430-8681-89cd6c857d71_7.json +++ b/packages/security_detection_engine/kibana/security_rule/84755a05-78c8-4430-8681-89cd6c857d71_7.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/84d1f8db-207f-45ab-a578-921d91c23eb2_108.json b/packages/security_detection_engine/kibana/security_rule/84d1f8db-207f-45ab-a578-921d91c23eb2_108.json index 8a923913487..404badcb7d2 100644 --- a/packages/security_detection_engine/kibana/security_rule/84d1f8db-207f-45ab-a578-921d91c23eb2_108.json +++ b/packages/security_detection_engine/kibana/security_rule/84d1f8db-207f-45ab-a578-921d91c23eb2_108.json @@ -19,15 +19,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/84da2554-e12a-11ec-b896-f661ea17fbcd_219.json b/packages/security_detection_engine/kibana/security_rule/84da2554-e12a-11ec-b896-f661ea17fbcd_219.json index 3bc619b87a4..c1760fde219 100644 --- a/packages/security_detection_engine/kibana/security_rule/84da2554-e12a-11ec-b896-f661ea17fbcd_219.json +++ b/packages/security_detection_engine/kibana/security_rule/84da2554-e12a-11ec-b896-f661ea17fbcd_219.json @@ -30,23 +30,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/850d901a-2a3c-46c6-8b22-55398a01aad8_114.json b/packages/security_detection_engine/kibana/security_rule/850d901a-2a3c-46c6-8b22-55398a01aad8_114.json index cee9236b0ba..540d4e4ecf7 100644 --- a/packages/security_detection_engine/kibana/security_rule/850d901a-2a3c-46c6-8b22-55398a01aad8_114.json +++ b/packages/security_detection_engine/kibana/security_rule/850d901a-2a3c-46c6-8b22-55398a01aad8_114.json @@ -39,7 +39,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/852c1f19-68e8-43a6-9dce-340771fe1be3_217.json b/packages/security_detection_engine/kibana/security_rule/852c1f19-68e8-43a6-9dce-340771fe1be3_217.json index cb63a41b0f2..95c1433b50a 100644 --- a/packages/security_detection_engine/kibana/security_rule/852c1f19-68e8-43a6-9dce-340771fe1be3_217.json +++ b/packages/security_detection_engine/kibana/security_rule/852c1f19-68e8-43a6-9dce-340771fe1be3_217.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/85d9c573-ad77-461b-8315-9a02a280b20b_1.json b/packages/security_detection_engine/kibana/security_rule/85d9c573-ad77-461b-8315-9a02a280b20b_1.json index 94ffd7c0f8b..b36bb1c4b30 100644 --- a/packages/security_detection_engine/kibana/security_rule/85d9c573-ad77-461b-8315-9a02a280b20b_1.json +++ b/packages/security_detection_engine/kibana/security_rule/85d9c573-ad77-461b-8315-9a02a280b20b_1.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/85e2d45e-a3df-4acf-83d3-21805f564ff4_11.json b/packages/security_detection_engine/kibana/security_rule/85e2d45e-a3df-4acf-83d3-21805f564ff4_11.json index ccad25dc656..0e41d0090f5 100644 --- a/packages/security_detection_engine/kibana/security_rule/85e2d45e-a3df-4acf-83d3-21805f564ff4_11.json +++ b/packages/security_detection_engine/kibana/security_rule/85e2d45e-a3df-4acf-83d3-21805f564ff4_11.json @@ -32,7 +32,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/860f2a03-a1cf-48d6-a674-c6d62ae608a1_12.json b/packages/security_detection_engine/kibana/security_rule/860f2a03-a1cf-48d6-a674-c6d62ae608a1_12.json index 5c98f3fe581..8e96eacbc68 100644 --- a/packages/security_detection_engine/kibana/security_rule/860f2a03-a1cf-48d6-a674-c6d62ae608a1_12.json +++ b/packages/security_detection_engine/kibana/security_rule/860f2a03-a1cf-48d6-a674-c6d62ae608a1_12.json @@ -14,7 +14,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8623535c-1e17-44e1-aa97-7a0699c3037d_212.json b/packages/security_detection_engine/kibana/security_rule/8623535c-1e17-44e1-aa97-7a0699c3037d_212.json index 22f25471cc4..f9d913f95a0 100644 --- a/packages/security_detection_engine/kibana/security_rule/8623535c-1e17-44e1-aa97-7a0699c3037d_212.json +++ b/packages/security_detection_engine/kibana/security_rule/8623535c-1e17-44e1-aa97-7a0699c3037d_212.json @@ -45,7 +45,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/867616ec-41e5-4edc-ada2-ab13ab45de8a_212.json b/packages/security_detection_engine/kibana/security_rule/867616ec-41e5-4edc-ada2-ab13ab45de8a_212.json index a380dacca58..792650ebf94 100644 --- a/packages/security_detection_engine/kibana/security_rule/867616ec-41e5-4edc-ada2-ab13ab45de8a_212.json +++ b/packages/security_detection_engine/kibana/security_rule/867616ec-41e5-4edc-ada2-ab13ab45de8a_212.json @@ -41,7 +41,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/86817045-ea22-4038-9959-c3437bc4c064_1.json b/packages/security_detection_engine/kibana/security_rule/86817045-ea22-4038-9959-c3437bc4c064_1.json index 441a2f1af60..52dfb3a0eb4 100644 --- a/packages/security_detection_engine/kibana/security_rule/86817045-ea22-4038-9959-c3437bc4c064_1.json +++ b/packages/security_detection_engine/kibana/security_rule/86817045-ea22-4038-9959-c3437bc4c064_1.json @@ -44,27 +44,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/86aa8579-1526-4dff-97cd-3635eb0e0545_7.json b/packages/security_detection_engine/kibana/security_rule/86aa8579-1526-4dff-97cd-3635eb0e0545_7.json index 9a6945fe374..b68e28491c5 100644 --- a/packages/security_detection_engine/kibana/security_rule/86aa8579-1526-4dff-97cd-3635eb0e0545_7.json +++ b/packages/security_detection_engine/kibana/security_rule/86aa8579-1526-4dff-97cd-3635eb0e0545_7.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/86b3a245-03de-49a5-ab57-ae44d8f064da_1.json b/packages/security_detection_engine/kibana/security_rule/86b3a245-03de-49a5-ab57-ae44d8f064da_1.json index dea2fcdf60e..8922701d62f 100644 --- a/packages/security_detection_engine/kibana/security_rule/86b3a245-03de-49a5-ab57-ae44d8f064da_1.json +++ b/packages/security_detection_engine/kibana/security_rule/86b3a245-03de-49a5-ab57-ae44d8f064da_1.json @@ -25,11 +25,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/870aecc0-cea4-4110-af3f-e02e9b373655_113.json b/packages/security_detection_engine/kibana/security_rule/870aecc0-cea4-4110-af3f-e02e9b373655_113.json index 09aa1d26639..0d135cea4e8 100644 --- a/packages/security_detection_engine/kibana/security_rule/870aecc0-cea4-4110-af3f-e02e9b373655_113.json +++ b/packages/security_detection_engine/kibana/security_rule/870aecc0-cea4-4110-af3f-e02e9b373655_113.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/871ea072-1b71-4def-b016-6278b505138d_220.json b/packages/security_detection_engine/kibana/security_rule/871ea072-1b71-4def-b016-6278b505138d_220.json index 01b44b21bc0..ce9cae1391b 100644 --- a/packages/security_detection_engine/kibana/security_rule/871ea072-1b71-4def-b016-6278b505138d_220.json +++ b/packages/security_detection_engine/kibana/security_rule/871ea072-1b71-4def-b016-6278b505138d_220.json @@ -22,23 +22,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/873b5452-074e-11ef-852e-f661ea17fbcc_9.json b/packages/security_detection_engine/kibana/security_rule/873b5452-074e-11ef-852e-f661ea17fbcc_9.json index 72f9732ee39..188490913bf 100644 --- a/packages/security_detection_engine/kibana/security_rule/873b5452-074e-11ef-852e-f661ea17fbcc_9.json +++ b/packages/security_detection_engine/kibana/security_rule/873b5452-074e-11ef-852e-f661ea17fbcc_9.json @@ -46,7 +46,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/87594192-4539-4bc4-8543-23bc3d5bd2b4_213.json b/packages/security_detection_engine/kibana/security_rule/87594192-4539-4bc4-8543-23bc3d5bd2b4_213.json index 2aa3d378fab..8b83ae2db6d 100644 --- a/packages/security_detection_engine/kibana/security_rule/87594192-4539-4bc4-8543-23bc3d5bd2b4_213.json +++ b/packages/security_detection_engine/kibana/security_rule/87594192-4539-4bc4-8543-23bc3d5bd2b4_213.json @@ -42,7 +42,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/877cc04a-3320-411d-bbe9-53266fa5e107_103.json b/packages/security_detection_engine/kibana/security_rule/877cc04a-3320-411d-bbe9-53266fa5e107_103.json index 24264424723..820aeb5a2f7 100644 --- a/packages/security_detection_engine/kibana/security_rule/877cc04a-3320-411d-bbe9-53266fa5e107_103.json +++ b/packages/security_detection_engine/kibana/security_rule/877cc04a-3320-411d-bbe9-53266fa5e107_103.json @@ -20,19 +20,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/87f8141e-4275-4d49-9e76-d215b4614a0b_1.json b/packages/security_detection_engine/kibana/security_rule/87f8141e-4275-4d49-9e76-d215b4614a0b_1.json index 2e1ff4e201c..8ae1a95a87c 100644 --- a/packages/security_detection_engine/kibana/security_rule/87f8141e-4275-4d49-9e76-d215b4614a0b_1.json +++ b/packages/security_detection_engine/kibana/security_rule/87f8141e-4275-4d49-9e76-d215b4614a0b_1.json @@ -42,7 +42,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/882a39ad-a404-45e3-b5d4-bc11d2b09818_1.json b/packages/security_detection_engine/kibana/security_rule/882a39ad-a404-45e3-b5d4-bc11d2b09818_1.json index b84a6a1e9f9..c72d4cf0093 100644 --- a/packages/security_detection_engine/kibana/security_rule/882a39ad-a404-45e3-b5d4-bc11d2b09818_1.json +++ b/packages/security_detection_engine/kibana/security_rule/882a39ad-a404-45e3-b5d4-bc11d2b09818_1.json @@ -30,15 +30,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/884e87cc-c67b-4c90-a4ed-e1e24a940c82_10.json b/packages/security_detection_engine/kibana/security_rule/884e87cc-c67b-4c90-a4ed-e1e24a940c82_10.json index c91cb82e673..3810b3bb3c4 100644 --- a/packages/security_detection_engine/kibana/security_rule/884e87cc-c67b-4c90-a4ed-e1e24a940c82_10.json +++ b/packages/security_detection_engine/kibana/security_rule/884e87cc-c67b-4c90-a4ed-e1e24a940c82_10.json @@ -25,15 +25,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/88671231-6626-4e1b-abb7-6e361a171fbb_215.json b/packages/security_detection_engine/kibana/security_rule/88671231-6626-4e1b-abb7-6e361a171fbb_215.json index 9c9bc6b732f..1953acbde89 100644 --- a/packages/security_detection_engine/kibana/security_rule/88671231-6626-4e1b-abb7-6e361a171fbb_215.json +++ b/packages/security_detection_engine/kibana/security_rule/88671231-6626-4e1b-abb7-6e361a171fbb_215.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/88817a33-60d3-411f-ba79-7c905d865b2a_113.json b/packages/security_detection_engine/kibana/security_rule/88817a33-60d3-411f-ba79-7c905d865b2a_113.json index 1f5d4004e1e..01b4900c7ca 100644 --- a/packages/security_detection_engine/kibana/security_rule/88817a33-60d3-411f-ba79-7c905d865b2a_113.json +++ b/packages/security_detection_engine/kibana/security_rule/88817a33-60d3-411f-ba79-7c905d865b2a_113.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/88fdcb8c-60e5-46ee-9206-2663adf1b1ce_112.json b/packages/security_detection_engine/kibana/security_rule/88fdcb8c-60e5-46ee-9206-2663adf1b1ce_112.json index 8801d3fe499..5c22de772d3 100644 --- a/packages/security_detection_engine/kibana/security_rule/88fdcb8c-60e5-46ee-9206-2663adf1b1ce_112.json +++ b/packages/security_detection_engine/kibana/security_rule/88fdcb8c-60e5-46ee-9206-2663adf1b1ce_112.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/891cb88e-441a-4c3e-be2d-120d99fe7b0d_212.json b/packages/security_detection_engine/kibana/security_rule/891cb88e-441a-4c3e-be2d-120d99fe7b0d_212.json index cf25d387101..dd8f063273d 100644 --- a/packages/security_detection_engine/kibana/security_rule/891cb88e-441a-4c3e-be2d-120d99fe7b0d_212.json +++ b/packages/security_detection_engine/kibana/security_rule/891cb88e-441a-4c3e-be2d-120d99fe7b0d_212.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/894326d2-56c0-4342-b553-4abfaf421b5b_108.json b/packages/security_detection_engine/kibana/security_rule/894326d2-56c0-4342-b553-4abfaf421b5b_108.json index bd0ed3d9460..8128a2b7b5f 100644 --- a/packages/security_detection_engine/kibana/security_rule/894326d2-56c0-4342-b553-4abfaf421b5b_108.json +++ b/packages/security_detection_engine/kibana/security_rule/894326d2-56c0-4342-b553-4abfaf421b5b_108.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/894b7cc9-040b-427c-aca5-36b40d3667bf_8.json b/packages/security_detection_engine/kibana/security_rule/894b7cc9-040b-427c-aca5-36b40d3667bf_8.json index 05bcc29ffda..f7df2d85e27 100644 --- a/packages/security_detection_engine/kibana/security_rule/894b7cc9-040b-427c-aca5-36b40d3667bf_8.json +++ b/packages/security_detection_engine/kibana/security_rule/894b7cc9-040b-427c-aca5-36b40d3667bf_8.json @@ -14,7 +14,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/896a0a38-eaa0-42e9-be35-dfcc3e3e90ae_2.json b/packages/security_detection_engine/kibana/security_rule/896a0a38-eaa0-42e9-be35-dfcc3e3e90ae_2.json index dbbe8afb629..22d50966b30 100644 --- a/packages/security_detection_engine/kibana/security_rule/896a0a38-eaa0-42e9-be35-dfcc3e3e90ae_2.json +++ b/packages/security_detection_engine/kibana/security_rule/896a0a38-eaa0-42e9-be35-dfcc3e3e90ae_2.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "fortinet_fortigate", - "version": "^1.31.0" + "version": ">=1.31.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/897dc6b5-b39f-432a-8d75-d3730d50c782_215.json b/packages/security_detection_engine/kibana/security_rule/897dc6b5-b39f-432a-8d75-d3730d50c782_215.json index 86304f20c46..05c423b003a 100644 --- a/packages/security_detection_engine/kibana/security_rule/897dc6b5-b39f-432a-8d75-d3730d50c782_215.json +++ b/packages/security_detection_engine/kibana/security_rule/897dc6b5-b39f-432a-8d75-d3730d50c782_215.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/89f9a4b0-9f8f-4ee0-8823-c4751a6d6696_215.json b/packages/security_detection_engine/kibana/security_rule/89f9a4b0-9f8f-4ee0-8823-c4751a6d6696_215.json index 845e5e2ae8b..ad3b28cbceb 100644 --- a/packages/security_detection_engine/kibana/security_rule/89f9a4b0-9f8f-4ee0-8823-c4751a6d6696_215.json +++ b/packages/security_detection_engine/kibana/security_rule/89f9a4b0-9f8f-4ee0-8823-c4751a6d6696_215.json @@ -36,15 +36,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/89fa6cb7-6b53-4de2-b604-648488841ab8_111.json b/packages/security_detection_engine/kibana/security_rule/89fa6cb7-6b53-4de2-b604-648488841ab8_111.json index deb622eb83a..733f42434a4 100644 --- a/packages/security_detection_engine/kibana/security_rule/89fa6cb7-6b53-4de2-b604-648488841ab8_111.json +++ b/packages/security_detection_engine/kibana/security_rule/89fa6cb7-6b53-4de2-b604-648488841ab8_111.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8a024633-c444-45c0-a4fe-78128d8c1ab6_11.json b/packages/security_detection_engine/kibana/security_rule/8a024633-c444-45c0-a4fe-78128d8c1ab6_11.json index 1e40f4f6b35..615b4178eb5 100644 --- a/packages/security_detection_engine/kibana/security_rule/8a024633-c444-45c0-a4fe-78128d8c1ab6_11.json +++ b/packages/security_detection_engine/kibana/security_rule/8a024633-c444-45c0-a4fe-78128d8c1ab6_11.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8a0fbd26-867f-11ee-947c-f661ea17fbcd_213.json b/packages/security_detection_engine/kibana/security_rule/8a0fbd26-867f-11ee-947c-f661ea17fbcd_213.json index 8a87cccc888..961488ffd7b 100644 --- a/packages/security_detection_engine/kibana/security_rule/8a0fbd26-867f-11ee-947c-f661ea17fbcd_213.json +++ b/packages/security_detection_engine/kibana/security_rule/8a0fbd26-867f-11ee-947c-f661ea17fbcd_213.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8a0fd93a-7df8-410d-8808-4cc5e340f2b9_206.json b/packages/security_detection_engine/kibana/security_rule/8a0fd93a-7df8-410d-8808-4cc5e340f2b9_206.json index eab981d2808..18cb02dee33 100644 --- a/packages/security_detection_engine/kibana/security_rule/8a0fd93a-7df8-410d-8808-4cc5e340f2b9_206.json +++ b/packages/security_detection_engine/kibana/security_rule/8a0fd93a-7df8-410d-8808-4cc5e340f2b9_206.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "github", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8a1b0278-0f9a-487d-96bd-d4833298e87a_110.json b/packages/security_detection_engine/kibana/security_rule/8a1b0278-0f9a-487d-96bd-d4833298e87a_110.json index 98fececdcde..ee3473b1c9e 100644 --- a/packages/security_detection_engine/kibana/security_rule/8a1b0278-0f9a-487d-96bd-d4833298e87a_110.json +++ b/packages/security_detection_engine/kibana/security_rule/8a1b0278-0f9a-487d-96bd-d4833298e87a_110.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8a1d4831-3ce6-4859-9891-28931fa6101d_214.json b/packages/security_detection_engine/kibana/security_rule/8a1d4831-3ce6-4859-9891-28931fa6101d_214.json index 72c5cd3a352..3778b551dc1 100644 --- a/packages/security_detection_engine/kibana/security_rule/8a1d4831-3ce6-4859-9891-28931fa6101d_214.json +++ b/packages/security_detection_engine/kibana/security_rule/8a1d4831-3ce6-4859-9891-28931fa6101d_214.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8a1db198-da6f-4500-b985-7fe2457300af_6.json b/packages/security_detection_engine/kibana/security_rule/8a1db198-da6f-4500-b985-7fe2457300af_6.json index ed4b61098bb..38b21042718 100644 --- a/packages/security_detection_engine/kibana/security_rule/8a1db198-da6f-4500-b985-7fe2457300af_6.json +++ b/packages/security_detection_engine/kibana/security_rule/8a1db198-da6f-4500-b985-7fe2457300af_6.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8a556117-3f05-430e-b2eb-7df0100b4e3b_3.json b/packages/security_detection_engine/kibana/security_rule/8a556117-3f05-430e-b2eb-7df0100b4e3b_3.json index d54e7fd21f7..8a676f0dda7 100644 --- a/packages/security_detection_engine/kibana/security_rule/8a556117-3f05-430e-b2eb-7df0100b4e3b_3.json +++ b/packages/security_detection_engine/kibana/security_rule/8a556117-3f05-430e-b2eb-7df0100b4e3b_3.json @@ -18,7 +18,7 @@ "related_integrations": [ { "package": "fortinet_fortigate", - "version": "^1.31.0" + "version": ">=1.31.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8a5c1e5f-ad63-481e-b53a-ef959230f7f1_415.json b/packages/security_detection_engine/kibana/security_rule/8a5c1e5f-ad63-481e-b53a-ef959230f7f1_415.json index dc38c052dd4..917d5fe2749 100644 --- a/packages/security_detection_engine/kibana/security_rule/8a5c1e5f-ad63-481e-b53a-ef959230f7f1_415.json +++ b/packages/security_detection_engine/kibana/security_rule/8a5c1e5f-ad63-481e-b53a-ef959230f7f1_415.json @@ -27,7 +27,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8a7933b4-9d0a-4c1c-bda5-e39fb045ff1d_11.json b/packages/security_detection_engine/kibana/security_rule/8a7933b4-9d0a-4c1c-bda5-e39fb045ff1d_11.json deleted file mode 100644 index 6b800b51cba..00000000000 --- a/packages/security_detection_engine/kibana/security_rule/8a7933b4-9d0a-4c1c-bda5-e39fb045ff1d_11.json +++ /dev/null @@ -1,173 +0,0 @@ -{ - "attributes": { - "author": [ - "Elastic" - ], - "description": "This rule detects potential command execution from a web server parent process on a Linux host. Adversaries may attempt to execute commands from a web server parent process to blend in with normal web server activity and evade detection. This behavior is commonly observed in web shell attacks where adversaries exploit web server vulnerabilities to execute arbitrary commands on the host. The detection rule identifies unusual command execution from web server parent processes, which may indicate a compromised host or an ongoing attack. ESQL rules have limited fields available in its alert documents. Make sure to review the original documents to aid in the investigation of this alert.", - "from": "now-61m", - "interval": "1h", - "language": "esql", - "license": "Elastic License v2", - "name": "Unusual Command Execution from Web Server Parent", - "note": " ## Triage and analysis\n\n> **Disclaimer**:\n> This investigation guide was created using generative AI technology and has been reviewed to improve its accuracy and relevance. While every effort has been made to ensure its quality, we recommend validating the content and adapting it to suit your specific environment and operational needs.\n\n### Investigating Unusual Command Execution from Web Server Parent\n\nWeb servers, such as Apache or Nginx, are crucial for hosting web applications, often running on Linux systems. Adversaries exploit vulnerabilities in these servers to execute arbitrary commands, typically through web shells, blending malicious activity with legitimate server processes. The detection rule identifies suspicious command executions originating from web server processes, focusing on unusual patterns and contexts, such as unexpected working directories or command structures, to flag potential compromises.\n\n### Possible investigation steps\n\n- Review the process.command_line field to understand the specific command executed and assess its legitimacy or potential malicious intent.\n- Examine the process.working_directory to determine if the command was executed from an unusual or suspicious directory, which could indicate a compromise.\n- Check the process.parent.executable and process.parent.name fields to identify the parent process and verify if it is a known web server or related service that could be exploited.\n- Investigate the user.name and user.id fields to confirm if the command was executed by a legitimate user or service account, or if it was potentially executed by an unauthorized user.\n- Correlate the @timestamp with other logs and events to identify any related activities or anomalies occurring around the same time, which could provide additional context or evidence of an attack.\n- Assess the agent.id to determine if the alert is isolated to a single host or if similar activities are observed across multiple hosts, indicating a broader issue.\n\n### False positive analysis\n\n- Web development or testing environments may frequently execute commands from web server processes. To handle this, exclude specific working directories like /var/www/dev or /var/www/test from the rule.\n- Automated scripts or cron jobs running under web server user accounts can trigger alerts. Identify these scripts and add exceptions for their specific command lines or user IDs.\n- Legitimate administrative tasks performed by web server administrators might appear suspicious. Document these tasks and exclude their associated command lines or parent executables.\n- Continuous integration or deployment processes that involve web server interactions can be mistaken for threats. Exclude known CI/CD tool command lines or working directories from the rule.\n- Monitoring or logging tools that interact with web server processes may generate false positives. Identify these tools and exclude their specific process names or parent executables.\n\n### Response and remediation\n\n- Isolate the affected host immediately to prevent further malicious activity and lateral movement within the network. This can be done by removing the host from the network or applying network segmentation.\n\n- Terminate any suspicious processes identified by the detection rule, especially those originating from web server parent processes executing shell commands. Use process IDs and command lines from the alert to target specific processes.\n\n- Conduct a thorough review of the web server logs and application logs to identify any unauthorized access or modifications. Look for patterns that match the command execution detected and any other anomalies.\n\n- Patch the web server and any associated applications to address known vulnerabilities that may have been exploited. Ensure that all software is up to date with the latest security patches.\n\n- Restore the affected system from a known good backup if any unauthorized changes or persistent threats are detected. Ensure that the backup is free from compromise before restoration.\n\n- Implement additional monitoring and alerting for similar activities, focusing on unusual command executions and web server behavior. Enhance logging and alerting to capture more detailed information about process executions and network connections.\n\n- Escalate the incident to the security operations center (SOC) or incident response team for further investigation and to determine if the attack is part of a larger campaign. Provide them with all relevant data and findings from the initial containment and remediation steps.\n", - "query": "from logs-endpoint.events.process-* metadata _id, _index, _version\n| mv_expand event.action\n| where\n host.os.type == \"linux\" and\n event.type == \"start\" and\n event.action == \"exec\" and (\n (\n process.parent.name in (\n \"apache\", \"nginx\", \"apache2\", \"httpd\", \"lighttpd\", \"caddy\", \"mongrel_rails\", \"gunicorn\",\n \"uwsgi\", \"openresty\", \"cherokee\", \"h2o\", \"resin\", \"puma\", \"unicorn\", \"traefik\", \"tornado\", \"hypercorn\",\n \"daphne\", \"twistd\", \"yaws\", \"webfsd\", \"httpd.worker\", \"flask\", \"rails\", \"mongrel\", \"php-cgi\",\n \"php-fcgi\", \"php-cgi.cagefs\", \"catalina.sh\", \"hiawatha\", \"lswsctrl\"\n ) or\n process.parent.name like \"php-fpm*\" or\n user.name in (\"apache\", \"www-data\", \"httpd\", \"nginx\", \"lighttpd\", \"tomcat\", \"tomcat8\", \"tomcat9\") or\n user.id in (\"33\", \"498\", \"48\") or\n (process.parent.name == \"java\" and process.parent.working_directory like \"/u0?/*\") or\n process.parent.working_directory like \"/var/www/*\"\n )\n ) and\n process.name in (\"bash\", \"dash\", \"sh\", \"tcsh\", \"csh\", \"zsh\", \"ksh\", \"fish\") and\n process.command_line like \"* -c *\" and not (\n process.working_directory like \"/home/*\" or\n process.working_directory == \"/\" or\n process.working_directory like \"/vscode/vscode-server/*\" or\n process.parent.executable like \"/vscode/vscode-server/*\" or\n process.parent.executable == \"/usr/bin/xfce4-terminal\"\n )\n\n| keep\n @timestamp,\n _id,\n _index,\n _version,\n host.os.type,\n event.type,\n event.action,\n process.parent.name,\n user.name,\n user.id,\n process.working_directory,\n process.parent.working_directory,\n process.name,\n process.executable,\n process.command_line,\n process.parent.executable,\n agent.id,\n host.name,\n data_stream.dataset,\n data_stream.namespace\n\n| stats\n Esql.event_count = count(),\n Esql.agent_id_count_distinct = count_distinct(agent.id),\n Esql.host_name_values = values(host.name),\n Esql.agent_id_values = values(agent.id),\n Esql.data_stream_dataset_values = values(data_stream.dataset),\n Esql.data_stream_namespace_values = values(data_stream.namespace)\n\n by process.command_line, process.working_directory, process.parent.executable\n\n| where\n Esql.agent_id_count_distinct == 1 and\n Esql.event_count < 5\n| sort Esql.event_count asc\n\n// Extract unique values to ECS fields for alerts exclusion\n| eval agent.id = mv_min(Esql.agent_id_values),\n host.name = mv_min(Esql.host_name_values)\n\n| keep agent.id, host.name, process.command_line, process.working_directory, process.parent.executable, Esql.*\n", - "related_integrations": [ - { - "package": "endpoint", - "version": "^9.0.0" - } - ], - "required_fields": [ - { - "ecs": false, - "name": "Esql.agent_id_count_distinct", - "type": "long" - }, - { - "ecs": false, - "name": "Esql.agent_id_values", - "type": "keyword" - }, - { - "ecs": false, - "name": "Esql.data_stream_dataset_values", - "type": "keyword" - }, - { - "ecs": false, - "name": "Esql.data_stream_namespace_values", - "type": "keyword" - }, - { - "ecs": false, - "name": "Esql.event_count", - "type": "long" - }, - { - "ecs": false, - "name": "Esql.host_name_values", - "type": "keyword" - }, - { - "ecs": true, - "name": "agent.id", - "type": "keyword" - }, - { - "ecs": true, - "name": "host.name", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.command_line", - "type": "wildcard" - }, - { - "ecs": true, - "name": "process.parent.executable", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.working_directory", - "type": "keyword" - } - ], - "risk_score": 21, - "rule_id": "8a7933b4-9d0a-4c1c-bda5-e39fb045ff1d", - "setup": "## Setup\n\nThis rule requires data coming in from Elastic Defend.\n\n### Elastic Defend Integration Setup\nElastic Defend is integrated into the Elastic Agent using Fleet. Upon configuration, the integration allows the Elastic Agent to monitor events on your host and send data to the Elastic Security app.\n\n#### Prerequisite Requirements:\n- Fleet is required for Elastic Defend.\n- To configure Fleet Server refer to the [documentation](https://www.elastic.co/guide/en/fleet/current/fleet-server.html).\n\n#### The following steps should be executed in order to add the Elastic Defend integration on a Linux System:\n- Go to the Kibana home page and click \"Add integrations\".\n- In the query bar, search for \"Elastic Defend\" and select the integration to see more details about it.\n- Click \"Add Elastic Defend\".\n- Configure the integration name and optionally add a description.\n- Select the type of environment you want to protect, either \"Traditional Endpoints\" or \"Cloud Workloads\".\n- Select a configuration preset. Each preset comes with different default settings for Elastic Agent, you can further customize these later by configuring the Elastic Defend integration policy. [Helper guide](https://www.elastic.co/guide/en/security/current/configure-endpoint-integration-policy.html).\n- We suggest selecting \"Complete EDR (Endpoint Detection and Response)\" as a configuration setting, that provides \"All events; all preventions\"\n- Enter a name for the agent policy in \"New agent policy name\". If other agent policies already exist, you can click the \"Existing hosts\" tab and select an existing policy instead.\nFor more details on Elastic Agent configuration settings, refer to the [helper guide](https://www.elastic.co/guide/en/fleet/8.10/agent-policy.html).\n- Click \"Save and Continue\".\n- To complete the integration, select \"Add Elastic Agent to your hosts\" and continue to the next section to install the Elastic Agent on your hosts.\nFor more details on Elastic Defend refer to the [helper guide](https://www.elastic.co/guide/en/security/current/install-endpoint.html).\n", - "severity": "low", - "tags": [ - "Domain: Endpoint", - "OS: Linux", - "Use Case: Threat Detection", - "Tactic: Persistence", - "Tactic: Execution", - "Tactic: Command and Control", - "Data Source: Elastic Defend", - "Resources: Investigation Guide" - ], - "threat": [ - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0003", - "name": "Persistence", - "reference": "https://attack.mitre.org/tactics/TA0003/" - }, - "technique": [ - { - "id": "T1505", - "name": "Server Software Component", - "reference": "https://attack.mitre.org/techniques/T1505/", - "subtechnique": [ - { - "id": "T1505.003", - "name": "Web Shell", - "reference": "https://attack.mitre.org/techniques/T1505/003/" - } - ] - } - ] - }, - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0002", - "name": "Execution", - "reference": "https://attack.mitre.org/tactics/TA0002/" - }, - "technique": [ - { - "id": "T1059", - "name": "Command and Scripting Interpreter", - "reference": "https://attack.mitre.org/techniques/T1059/", - "subtechnique": [ - { - "id": "T1059.004", - "name": "Unix Shell", - "reference": "https://attack.mitre.org/techniques/T1059/004/" - } - ] - } - ] - }, - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0011", - "name": "Command and Control", - "reference": "https://attack.mitre.org/tactics/TA0011/" - }, - "technique": [ - { - "id": "T1071", - "name": "Application Layer Protocol", - "reference": "https://attack.mitre.org/techniques/T1071/" - } - ] - }, - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0001", - "name": "Initial Access", - "reference": "https://attack.mitre.org/tactics/TA0001/" - }, - "technique": [ - { - "id": "T1190", - "name": "Exploit Public-Facing Application", - "reference": "https://attack.mitre.org/techniques/T1190/" - } - ] - } - ], - "timestamp_override": "event.ingested", - "type": "esql", - "version": 11 - }, - "id": "8a7933b4-9d0a-4c1c-bda5-e39fb045ff1d_11", - "type": "security-rule" -} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/8af5b42f-8d74-48c8-a8d0-6d14b4197288_110.json b/packages/security_detection_engine/kibana/security_rule/8af5b42f-8d74-48c8-a8d0-6d14b4197288_110.json index d719a41a720..0e9ee128cda 100644 --- a/packages/security_detection_engine/kibana/security_rule/8af5b42f-8d74-48c8-a8d0-6d14b4197288_110.json +++ b/packages/security_detection_engine/kibana/security_rule/8af5b42f-8d74-48c8-a8d0-6d14b4197288_110.json @@ -24,19 +24,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8b2b3a62-a598-4293-bc14-3d5fa22bb98f_315.json b/packages/security_detection_engine/kibana/security_rule/8b2b3a62-a598-4293-bc14-3d5fa22bb98f_315.json index 9539447b51a..50b93c267fa 100644 --- a/packages/security_detection_engine/kibana/security_rule/8b2b3a62-a598-4293-bc14-3d5fa22bb98f_315.json +++ b/packages/security_detection_engine/kibana/security_rule/8b2b3a62-a598-4293-bc14-3d5fa22bb98f_315.json @@ -22,23 +22,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8b4d6c3a-2e9f-4b7c-9a5d-6f8e3c1b4d2a_2.json b/packages/security_detection_engine/kibana/security_rule/8b4d6c3a-2e9f-4b7c-9a5d-6f8e3c1b4d2a_2.json index cd61ea6b05e..6d164c03bc3 100644 --- a/packages/security_detection_engine/kibana/security_rule/8b4d6c3a-2e9f-4b7c-9a5d-6f8e3c1b4d2a_2.json +++ b/packages/security_detection_engine/kibana/security_rule/8b4d6c3a-2e9f-4b7c-9a5d-6f8e3c1b4d2a_2.json @@ -26,7 +26,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8b4f0816-6a65-4630-86a6-c21c179c0d09_316.json b/packages/security_detection_engine/kibana/security_rule/8b4f0816-6a65-4630-86a6-c21c179c0d09_316.json index cb294063e13..75021a12ce3 100644 --- a/packages/security_detection_engine/kibana/security_rule/8b4f0816-6a65-4630-86a6-c21c179c0d09_316.json +++ b/packages/security_detection_engine/kibana/security_rule/8b4f0816-6a65-4630-86a6-c21c179c0d09_316.json @@ -27,27 +27,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8b64d36a-1307-4b2e-a77b-a0027e4d27c8_109.json b/packages/security_detection_engine/kibana/security_rule/8b64d36a-1307-4b2e-a77b-a0027e4d27c8_109.json index 6b408d44dc7..1805e0a98e8 100644 --- a/packages/security_detection_engine/kibana/security_rule/8b64d36a-1307-4b2e-a77b-a0027e4d27c8_109.json +++ b/packages/security_detection_engine/kibana/security_rule/8b64d36a-1307-4b2e-a77b-a0027e4d27c8_109.json @@ -24,7 +24,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8bd1c36a-2c4f-4801-a43d-ba696c13ffc2_4.json b/packages/security_detection_engine/kibana/security_rule/8bd1c36a-2c4f-4801-a43d-ba696c13ffc2_4.json index fd91525cd58..a40a81e9352 100644 --- a/packages/security_detection_engine/kibana/security_rule/8bd1c36a-2c4f-4801-a43d-ba696c13ffc2_4.json +++ b/packages/security_detection_engine/kibana/security_rule/8bd1c36a-2c4f-4801-a43d-ba696c13ffc2_4.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "github", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "risk_score": 47, diff --git a/packages/security_detection_engine/kibana/security_rule/8c1bdde8-4204-45c0-9e0c-c85ca3902488_109.json b/packages/security_detection_engine/kibana/security_rule/8c1bdde8-4204-45c0-9e0c-c85ca3902488_109.json deleted file mode 100644 index 7bc66649ffe..00000000000 --- a/packages/security_detection_engine/kibana/security_rule/8c1bdde8-4204-45c0-9e0c-c85ca3902488_109.json +++ /dev/null @@ -1,141 +0,0 @@ -{ - "attributes": { - "author": [ - "Elastic" - ], - "description": "This rule detects network events that may indicate the use of RDP traffic from the Internet. RDP is commonly used by system administrators to remotely control a system for maintenance or to use shared resources. It should almost never be directly exposed to the Internet, as it is frequently targeted and exploited by threat actors as an initial access or backdoor vector.", - "false_positives": [ - "Some network security policies allow RDP directly from the Internet but usage that is unfamiliar to server or network owners can be unexpected and suspicious. RDP services may be exposed directly to the Internet in some networks such as cloud environments. In such cases, only RDP gateways, bastions or jump servers may be expected expose RDP directly to the Internet and can be exempted from this rule. RDP may be required by some work-flows such as remote access and support for specialized software products and servers. Such work-flows are usually known and not unexpected." - ], - "from": "now-9m", - "index": [ - "packetbeat-*", - "auditbeat-*", - "filebeat-*", - "logs-network_traffic.*", - "logs-panw.panos*" - ], - "language": "kuery", - "license": "Elastic License v2", - "name": "RDP (Remote Desktop Protocol) from the Internet", - "note": "## Triage and analysis\n\n> **Disclaimer**:\n> This investigation guide was created using generative AI technology and has been reviewed to improve its accuracy and relevance. While every effort has been made to ensure its quality, we recommend validating the content and adapting it to suit your specific environment and operational needs.\n\n### Investigating RDP (Remote Desktop Protocol) from the Internet\n\nRDP allows administrators to remotely manage systems, but exposing it to the internet poses security risks. Adversaries exploit RDP for unauthorized access, often using it as an entry point for attacks. The detection rule identifies suspicious RDP traffic by monitoring TCP connections on port 3389 from external IPs, flagging potential threats for further investigation.\n\n### Possible investigation steps\n\n- Review the source IP address flagged in the alert to determine if it is known or associated with any previous malicious activity. Check threat intelligence sources for any reported malicious behavior.\n- Analyze the destination IP address to confirm it belongs to your internal network (10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16) and identify the specific system targeted by the RDP connection.\n- Examine network logs for any unusual or unexpected RDP traffic patterns from the source IP, such as repeated connection attempts or connections at odd hours, which may indicate brute force attempts or unauthorized access.\n- Check for any recent changes or updates to firewall rules or security policies that might have inadvertently exposed RDP to the internet.\n- Investigate the user accounts involved in the RDP session to ensure they are legitimate and have not been compromised. Look for any signs of unauthorized access or privilege escalation.\n- Correlate the RDP traffic with other security events or alerts to identify any potential lateral movement or further malicious activity within the network.\n\n### False positive analysis\n\n- Internal testing or maintenance activities may trigger the rule if RDP is temporarily exposed to the internet. To manage this, create exceptions for known internal IP addresses or scheduled maintenance windows.\n- Legitimate third-party vendors or partners accessing systems via RDP for support purposes can be mistaken for threats. Establish a list of trusted external IP addresses and exclude them from the rule.\n- Misconfigured network devices or security tools might inadvertently expose RDP to the internet, leading to false positives. Regularly audit network configurations and update the rule to exclude known benign sources.\n- Cloud-based services or remote work solutions that use RDP over the internet can be flagged. Identify and whitelist these services' IP ranges to prevent unnecessary alerts.\n\n### Response and remediation\n\n- Immediately block the external IP address identified in the alert from accessing the network to prevent further unauthorized RDP connections.\n- Isolate the affected system from the network to contain any potential compromise and prevent lateral movement by the threat actor.\n- Conduct a thorough review of the affected system for signs of compromise, such as unauthorized user accounts, changes in system configurations, or the presence of malware.\n- Reset credentials for any accounts that were accessed or potentially compromised during the incident to prevent unauthorized access.\n- Apply security patches and updates to the affected system and any other systems with RDP enabled to mitigate known vulnerabilities.\n- Implement network segmentation to restrict RDP access to only trusted internal IP addresses and consider using a VPN for secure remote access.\n- Escalate the incident to the security operations center (SOC) or incident response team for further analysis and to determine if additional systems are affected.", - "query": "(data_stream.dataset: network_traffic.flow or (event.category: (network or network_traffic))) and\n network.transport:tcp and (destination.port:3389 or data_stream.dataset:zeek.rdp) and\n not source.ip:(\n 10.0.0.0/8 or\n 127.0.0.0/8 or\n 169.254.0.0/16 or\n 172.16.0.0/12 or\n 192.0.0.0/24 or\n 192.0.0.0/29 or\n 192.0.0.8/32 or\n 192.0.0.9/32 or\n 192.0.0.10/32 or\n 192.0.0.170/32 or\n 192.0.0.171/32 or\n 192.0.2.0/24 or\n 192.31.196.0/24 or\n 192.52.193.0/24 or\n 192.168.0.0/16 or\n 192.88.99.0/24 or\n 224.0.0.0/4 or\n 100.64.0.0/10 or\n 192.175.48.0/24 or\n 198.18.0.0/15 or\n 198.51.100.0/24 or\n 203.0.113.0/24 or\n 240.0.0.0/4 or\n \"::1\" or\n \"FE80::/10\" or\n \"FF00::/8\"\n ) and\n destination.ip:(\n 10.0.0.0/8 or\n 172.16.0.0/12 or\n 192.168.0.0/16\n )\n", - "references": [ - "https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml" - ], - "related_integrations": [ - { - "package": "network_traffic", - "version": "^1.33.0" - }, - { - "package": "panw", - "version": "^5.2.0" - } - ], - "required_fields": [ - { - "ecs": true, - "name": "data_stream.dataset", - "type": "constant_keyword" - }, - { - "ecs": true, - "name": "destination.ip", - "type": "ip" - }, - { - "ecs": true, - "name": "destination.port", - "type": "long" - }, - { - "ecs": true, - "name": "event.category", - "type": "keyword" - }, - { - "ecs": true, - "name": "network.transport", - "type": "keyword" - }, - { - "ecs": true, - "name": "source.ip", - "type": "ip" - } - ], - "risk_score": 47, - "rule_id": "8c1bdde8-4204-45c0-9e0c-c85ca3902488", - "severity": "medium", - "tags": [ - "Tactic: Command and Control", - "Tactic: Lateral Movement", - "Tactic: Initial Access", - "Domain: Endpoint", - "Use Case: Threat Detection", - "Data Source: PAN-OS", - "Resources: Investigation Guide" - ], - "threat": [ - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0011", - "name": "Command and Control", - "reference": "https://attack.mitre.org/tactics/TA0011/" - }, - "technique": [] - }, - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0008", - "name": "Lateral Movement", - "reference": "https://attack.mitre.org/tactics/TA0008/" - }, - "technique": [ - { - "id": "T1021", - "name": "Remote Services", - "reference": "https://attack.mitre.org/techniques/T1021/", - "subtechnique": [ - { - "id": "T1021.001", - "name": "Remote Desktop Protocol", - "reference": "https://attack.mitre.org/techniques/T1021/001/" - } - ] - } - ] - }, - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0001", - "name": "Initial Access", - "reference": "https://attack.mitre.org/tactics/TA0001/" - }, - "technique": [ - { - "id": "T1133", - "name": "External Remote Services", - "reference": "https://attack.mitre.org/techniques/T1133/" - }, - { - "id": "T1190", - "name": "Exploit Public-Facing Application", - "reference": "https://attack.mitre.org/techniques/T1190/" - } - ] - } - ], - "timeline_id": "300afc76-072d-4261-864d-4149714bf3f1", - "timeline_title": "Comprehensive Network Timeline", - "timestamp_override": "event.ingested", - "type": "query", - "version": 109 - }, - "id": "8c1bdde8-4204-45c0-9e0c-c85ca3902488_109", - "type": "security-rule" -} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/8c1bdde8-4204-45c0-9e0c-c85ca3902488_112.json b/packages/security_detection_engine/kibana/security_rule/8c1bdde8-4204-45c0-9e0c-c85ca3902488_112.json index dcfc709b1ea..38ffa53d6ad 100644 --- a/packages/security_detection_engine/kibana/security_rule/8c1bdde8-4204-45c0-9e0c-c85ca3902488_112.json +++ b/packages/security_detection_engine/kibana/security_rule/8c1bdde8-4204-45c0-9e0c-c85ca3902488_112.json @@ -26,23 +26,23 @@ "related_integrations": [ { "package": "pfsense", - "version": "^1.22.0" + "version": ">=1.22.0" }, { "package": "corelight", - "version": "^1.0.0" + "version": ">=1.0.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" }, { "package": "panw", - "version": "^5.2.0" + "version": ">=5.2.0" }, { "package": "zeek", - "version": "^5.0.0" + "version": ">=5.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8c37dc0e-e3ac-4c97-8aa0-cf6a9122de45_320.json b/packages/security_detection_engine/kibana/security_rule/8c37dc0e-e3ac-4c97-8aa0-cf6a9122de45_320.json index d505f37c7fd..245554474d5 100644 --- a/packages/security_detection_engine/kibana/security_rule/8c37dc0e-e3ac-4c97-8aa0-cf6a9122de45_320.json +++ b/packages/security_detection_engine/kibana/security_rule/8c37dc0e-e3ac-4c97-8aa0-cf6a9122de45_320.json @@ -52,27 +52,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8c707e4c-bd20-4ff4-bda5-4dc3b34ce298_3.json b/packages/security_detection_engine/kibana/security_rule/8c707e4c-bd20-4ff4-bda5-4dc3b34ce298_3.json index b902e380b96..f296bbdaa00 100644 --- a/packages/security_detection_engine/kibana/security_rule/8c707e4c-bd20-4ff4-bda5-4dc3b34ce298_3.json +++ b/packages/security_detection_engine/kibana/security_rule/8c707e4c-bd20-4ff4-bda5-4dc3b34ce298_3.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "github", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8c81e506-6e82-4884-9b9a-75d3d252f967_113.json b/packages/security_detection_engine/kibana/security_rule/8c81e506-6e82-4884-9b9a-75d3d252f967_113.json index 579c5815b79..c09d3128d50 100644 --- a/packages/security_detection_engine/kibana/security_rule/8c81e506-6e82-4884-9b9a-75d3d252f967_113.json +++ b/packages/security_detection_engine/kibana/security_rule/8c81e506-6e82-4884-9b9a-75d3d252f967_113.json @@ -31,7 +31,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8c8df61f-ed2a-4832-87b8-ee30812606e0_2.json b/packages/security_detection_engine/kibana/security_rule/8c8df61f-ed2a-4832-87b8-ee30812606e0_2.json index 001938f1f5d..ef3e91f3d0c 100644 --- a/packages/security_detection_engine/kibana/security_rule/8c8df61f-ed2a-4832-87b8-ee30812606e0_2.json +++ b/packages/security_detection_engine/kibana/security_rule/8c8df61f-ed2a-4832-87b8-ee30812606e0_2.json @@ -26,19 +26,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8c9ae3e2-f0b1-4b2c-9eba-bd87c2db914f_104.json b/packages/security_detection_engine/kibana/security_rule/8c9ae3e2-f0b1-4b2c-9eba-bd87c2db914f_104.json index 0c3da4c504a..802eee30ef7 100644 --- a/packages/security_detection_engine/kibana/security_rule/8c9ae3e2-f0b1-4b2c-9eba-bd87c2db914f_104.json +++ b/packages/security_detection_engine/kibana/security_rule/8c9ae3e2-f0b1-4b2c-9eba-bd87c2db914f_104.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "pad", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/8cb84371-d053-4f4f-bce0-c74990e28f28_16.json b/packages/security_detection_engine/kibana/security_rule/8cb84371-d053-4f4f-bce0-c74990e28f28_16.json index 7c823ea6008..4ce9f5e72a5 100644 --- a/packages/security_detection_engine/kibana/security_rule/8cb84371-d053-4f4f-bce0-c74990e28f28_16.json +++ b/packages/security_detection_engine/kibana/security_rule/8cb84371-d053-4f4f-bce0-c74990e28f28_16.json @@ -18,7 +18,7 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8cbc7793-9ce4-4b7d-9c20-a30afbde2a05_1.json b/packages/security_detection_engine/kibana/security_rule/8cbc7793-9ce4-4b7d-9c20-a30afbde2a05_1.json index ef604fac244..931d1efb3e2 100644 --- a/packages/security_detection_engine/kibana/security_rule/8cbc7793-9ce4-4b7d-9c20-a30afbde2a05_1.json +++ b/packages/security_detection_engine/kibana/security_rule/8cbc7793-9ce4-4b7d-9c20-a30afbde2a05_1.json @@ -31,7 +31,7 @@ { "integration": "aadgraphactivitylogs", "package": "azure", - "version": "^1.37.0" + "version": ">=1.37.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8cc72fa3-70ae-4ea1-bee2-8e6aaf3c1fcf_6.json b/packages/security_detection_engine/kibana/security_rule/8cc72fa3-70ae-4ea1-bee2-8e6aaf3c1fcf_6.json index d977ac19bf0..fed0204a5ef 100644 --- a/packages/security_detection_engine/kibana/security_rule/8cc72fa3-70ae-4ea1-bee2-8e6aaf3c1fcf_6.json +++ b/packages/security_detection_engine/kibana/security_rule/8cc72fa3-70ae-4ea1-bee2-8e6aaf3c1fcf_6.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8cd49fbc-a35a-4418-8688-133cc3a1e548_3.json b/packages/security_detection_engine/kibana/security_rule/8cd49fbc-a35a-4418-8688-133cc3a1e548_3.json index 0b38a1ec716..6d182db840c 100644 --- a/packages/security_detection_engine/kibana/security_rule/8cd49fbc-a35a-4418-8688-133cc3a1e548_3.json +++ b/packages/security_detection_engine/kibana/security_rule/8cd49fbc-a35a-4418-8688-133cc3a1e548_3.json @@ -46,27 +46,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8d366588-cbd6-43ba-95b4-0971c3f906e5_6.json b/packages/security_detection_engine/kibana/security_rule/8d366588-cbd6-43ba-95b4-0971c3f906e5_6.json index 41701560b55..2b8119526be 100644 --- a/packages/security_detection_engine/kibana/security_rule/8d366588-cbd6-43ba-95b4-0971c3f906e5_6.json +++ b/packages/security_detection_engine/kibana/security_rule/8d366588-cbd6-43ba-95b4-0971c3f906e5_6.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8d3d0794-c776-476b-8674-ee2e685f6470_105.json b/packages/security_detection_engine/kibana/security_rule/8d3d0794-c776-476b-8674-ee2e685f6470_105.json index 62938997b99..bd80950f9ef 100644 --- a/packages/security_detection_engine/kibana/security_rule/8d3d0794-c776-476b-8674-ee2e685f6470_105.json +++ b/packages/security_detection_engine/kibana/security_rule/8d3d0794-c776-476b-8674-ee2e685f6470_105.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8d696bd0-5756-11f0-8e3b-f661ea17fbcd_4.json b/packages/security_detection_engine/kibana/security_rule/8d696bd0-5756-11f0-8e3b-f661ea17fbcd_4.json index d7b38af8e94..730d245854c 100644 --- a/packages/security_detection_engine/kibana/security_rule/8d696bd0-5756-11f0-8e3b-f661ea17fbcd_4.json +++ b/packages/security_detection_engine/kibana/security_rule/8d696bd0-5756-11f0-8e3b-f661ea17fbcd_4.json @@ -26,7 +26,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8d8c0b55-ef27-4c20-959f-fa8dd3ac25e6_3.json b/packages/security_detection_engine/kibana/security_rule/8d8c0b55-ef27-4c20-959f-fa8dd3ac25e6_3.json index 3a681e689f1..5f8adb50d63 100644 --- a/packages/security_detection_engine/kibana/security_rule/8d8c0b55-ef27-4c20-959f-fa8dd3ac25e6_3.json +++ b/packages/security_detection_engine/kibana/security_rule/8d8c0b55-ef27-4c20-959f-fa8dd3ac25e6_3.json @@ -25,19 +25,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8d9c4128-372a-11f0-9d8f-f661ea17fbcd_5.json b/packages/security_detection_engine/kibana/security_rule/8d9c4128-372a-11f0-9d8f-f661ea17fbcd_5.json index 664d6cf6007..1528f1eefe4 100644 --- a/packages/security_detection_engine/kibana/security_rule/8d9c4128-372a-11f0-9d8f-f661ea17fbcd_5.json +++ b/packages/security_detection_engine/kibana/security_rule/8d9c4128-372a-11f0-9d8f-f661ea17fbcd_5.json @@ -27,7 +27,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8da41fc9-7735-4b24-9cc6-c78dfc9fc9c9_213.json b/packages/security_detection_engine/kibana/security_rule/8da41fc9-7735-4b24-9cc6-c78dfc9fc9c9_213.json index 51f629b23fc..3b8b46c8347 100644 --- a/packages/security_detection_engine/kibana/security_rule/8da41fc9-7735-4b24-9cc6-c78dfc9fc9c9_213.json +++ b/packages/security_detection_engine/kibana/security_rule/8da41fc9-7735-4b24-9cc6-c78dfc9fc9c9_213.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8ddab73b-3d15-4e5d-9413-47f05553c1d7_108.json b/packages/security_detection_engine/kibana/security_rule/8ddab73b-3d15-4e5d-9413-47f05553c1d7_108.json index 96a8f27fcad..94effee4c6f 100644 --- a/packages/security_detection_engine/kibana/security_rule/8ddab73b-3d15-4e5d-9413-47f05553c1d7_108.json +++ b/packages/security_detection_engine/kibana/security_rule/8ddab73b-3d15-4e5d-9413-47f05553c1d7_108.json @@ -24,7 +24,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8e2485b6-a74f-411b-bf7f-38b819f3a846_213.json b/packages/security_detection_engine/kibana/security_rule/8e2485b6-a74f-411b-bf7f-38b819f3a846_213.json index ad9dbe5e27d..e30d5929970 100644 --- a/packages/security_detection_engine/kibana/security_rule/8e2485b6-a74f-411b-bf7f-38b819f3a846_213.json +++ b/packages/security_detection_engine/kibana/security_rule/8e2485b6-a74f-411b-bf7f-38b819f3a846_213.json @@ -26,27 +26,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8e39f54e-910b-4adb-a87e-494fbba5fb65_6.json b/packages/security_detection_engine/kibana/security_rule/8e39f54e-910b-4adb-a87e-494fbba5fb65_6.json index c546321dfd6..5bf71879859 100644 --- a/packages/security_detection_engine/kibana/security_rule/8e39f54e-910b-4adb-a87e-494fbba5fb65_6.json +++ b/packages/security_detection_engine/kibana/security_rule/8e39f54e-910b-4adb-a87e-494fbba5fb65_6.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8e66c55f-8db6-4e3e-bf4f-3a3e242bdf66_1.json b/packages/security_detection_engine/kibana/security_rule/8e66c55f-8db6-4e3e-bf4f-3a3e242bdf66_1.json index b82bf621e49..ab727d31c0c 100644 --- a/packages/security_detection_engine/kibana/security_rule/8e66c55f-8db6-4e3e-bf4f-3a3e242bdf66_1.json +++ b/packages/security_detection_engine/kibana/security_rule/8e66c55f-8db6-4e3e-bf4f-3a3e242bdf66_1.json @@ -17,7 +17,7 @@ { "integration": "graphactivitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8e7a4f2c-9b3d-4e5a-a1b6-c2d8f7e9b3a5_6.json b/packages/security_detection_engine/kibana/security_rule/8e7a4f2c-9b3d-4e5a-a1b6-c2d8f7e9b3a5_6.json index ebbf6328d57..b426c1ae445 100644 --- a/packages/security_detection_engine/kibana/security_rule/8e7a4f2c-9b3d-4e5a-a1b6-c2d8f7e9b3a5_6.json +++ b/packages/security_detection_engine/kibana/security_rule/8e7a4f2c-9b3d-4e5a-a1b6-c2d8f7e9b3a5_6.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8eec4df1-4b4b-4502-b6c3-c788714604c9_108.json b/packages/security_detection_engine/kibana/security_rule/8eec4df1-4b4b-4502-b6c3-c788714604c9_108.json index 86388b7a7e4..fb556d31f4d 100644 --- a/packages/security_detection_engine/kibana/security_rule/8eec4df1-4b4b-4502-b6c3-c788714604c9_108.json +++ b/packages/security_detection_engine/kibana/security_rule/8eec4df1-4b4b-4502-b6c3-c788714604c9_108.json @@ -21,15 +21,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8eeeda11-dca6-4c3e-910f-7089db412d1c_12.json b/packages/security_detection_engine/kibana/security_rule/8eeeda11-dca6-4c3e-910f-7089db412d1c_12.json index cb6dfa31194..43e02959cdb 100644 --- a/packages/security_detection_engine/kibana/security_rule/8eeeda11-dca6-4c3e-910f-7089db412d1c_12.json +++ b/packages/security_detection_engine/kibana/security_rule/8eeeda11-dca6-4c3e-910f-7089db412d1c_12.json @@ -14,7 +14,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8efcd3da-103b-4a65-8ab2-6a3a9df7ba8b_1.json b/packages/security_detection_engine/kibana/security_rule/8efcd3da-103b-4a65-8ab2-6a3a9df7ba8b_1.json index c06bb4c9a01..e6ac874970e 100644 --- a/packages/security_detection_engine/kibana/security_rule/8efcd3da-103b-4a65-8ab2-6a3a9df7ba8b_1.json +++ b/packages/security_detection_engine/kibana/security_rule/8efcd3da-103b-4a65-8ab2-6a3a9df7ba8b_1.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8f242ffb-b191-4803-90ec-0f19942e17fd_108.json b/packages/security_detection_engine/kibana/security_rule/8f242ffb-b191-4803-90ec-0f19942e17fd_108.json index 947cea798a0..b563a224a95 100644 --- a/packages/security_detection_engine/kibana/security_rule/8f242ffb-b191-4803-90ec-0f19942e17fd_108.json +++ b/packages/security_detection_engine/kibana/security_rule/8f242ffb-b191-4803-90ec-0f19942e17fd_108.json @@ -36,11 +36,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8f3e91c7-d791-4704-80a1-42c160d7aa27_113.json b/packages/security_detection_engine/kibana/security_rule/8f3e91c7-d791-4704-80a1-42c160d7aa27_113.json index 0172860cb3e..8f890cf7a93 100644 --- a/packages/security_detection_engine/kibana/security_rule/8f3e91c7-d791-4704-80a1-42c160d7aa27_113.json +++ b/packages/security_detection_engine/kibana/security_rule/8f3e91c7-d791-4704-80a1-42c160d7aa27_113.json @@ -21,11 +21,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8f8004e1-0783-485f-a3da-aca4362f74a7_2.json b/packages/security_detection_engine/kibana/security_rule/8f8004e1-0783-485f-a3da-aca4362f74a7_2.json index 12bbfd3dc25..81bd41ef9fa 100644 --- a/packages/security_detection_engine/kibana/security_rule/8f8004e1-0783-485f-a3da-aca4362f74a7_2.json +++ b/packages/security_detection_engine/kibana/security_rule/8f8004e1-0783-485f-a3da-aca4362f74a7_2.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8f919d4b-a5af-47ca-a594-6be59cd924a4_212.json b/packages/security_detection_engine/kibana/security_rule/8f919d4b-a5af-47ca-a594-6be59cd924a4_212.json index a63a08b610a..527c2857d84 100644 --- a/packages/security_detection_engine/kibana/security_rule/8f919d4b-a5af-47ca-a594-6be59cd924a4_212.json +++ b/packages/security_detection_engine/kibana/security_rule/8f919d4b-a5af-47ca-a594-6be59cd924a4_212.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8f985da6-66e8-4838-a63e-21636eb9adc5_1.json b/packages/security_detection_engine/kibana/security_rule/8f985da6-66e8-4838-a63e-21636eb9adc5_1.json index c8a77ba6361..8dd8a4bde6d 100644 --- a/packages/security_detection_engine/kibana/security_rule/8f985da6-66e8-4838-a63e-21636eb9adc5_1.json +++ b/packages/security_detection_engine/kibana/security_rule/8f985da6-66e8-4838-a63e-21636eb9adc5_1.json @@ -42,7 +42,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/8fb75dda-c47a-4e34-8ecd-34facf7aad13_108.json b/packages/security_detection_engine/kibana/security_rule/8fb75dda-c47a-4e34-8ecd-34facf7aad13_108.json index 154fe387467..a34b94558d2 100644 --- a/packages/security_detection_engine/kibana/security_rule/8fb75dda-c47a-4e34-8ecd-34facf7aad13_108.json +++ b/packages/security_detection_engine/kibana/security_rule/8fb75dda-c47a-4e34-8ecd-34facf7aad13_108.json @@ -23,7 +23,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/90169566-2260-4824-b8e4-8615c3b4ed52_213.json b/packages/security_detection_engine/kibana/security_rule/90169566-2260-4824-b8e4-8615c3b4ed52_213.json index 9dc7aff0898..4676438c57c 100644 --- a/packages/security_detection_engine/kibana/security_rule/90169566-2260-4824-b8e4-8615c3b4ed52_213.json +++ b/packages/security_detection_engine/kibana/security_rule/90169566-2260-4824-b8e4-8615c3b4ed52_213.json @@ -27,19 +27,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/904023d7-8307-48bc-ad49-c454dfc2fae3_1.json b/packages/security_detection_engine/kibana/security_rule/904023d7-8307-48bc-ad49-c454dfc2fae3_1.json index bda1d819b7a..9e12cf6a28e 100644 --- a/packages/security_detection_engine/kibana/security_rule/904023d7-8307-48bc-ad49-c454dfc2fae3_1.json +++ b/packages/security_detection_engine/kibana/security_rule/904023d7-8307-48bc-ad49-c454dfc2fae3_1.json @@ -19,19 +19,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9050506c-df6d-4bdf-bc82-fcad0ef1e8c1_5.json b/packages/security_detection_engine/kibana/security_rule/9050506c-df6d-4bdf-bc82-fcad0ef1e8c1_5.json index 319860353e4..f2bbd0f0307 100644 --- a/packages/security_detection_engine/kibana/security_rule/9050506c-df6d-4bdf-bc82-fcad0ef1e8c1_5.json +++ b/packages/security_detection_engine/kibana/security_rule/9050506c-df6d-4bdf-bc82-fcad0ef1e8c1_5.json @@ -26,7 +26,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9055ece6-2689-4224-a0e0-b04881e1f8ad_212.json b/packages/security_detection_engine/kibana/security_rule/9055ece6-2689-4224-a0e0-b04881e1f8ad_212.json index 8c4fb7b8a08..8b328efaa06 100644 --- a/packages/security_detection_engine/kibana/security_rule/9055ece6-2689-4224-a0e0-b04881e1f8ad_212.json +++ b/packages/security_detection_engine/kibana/security_rule/9055ece6-2689-4224-a0e0-b04881e1f8ad_212.json @@ -43,7 +43,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9056d577-4da5-47bf-8c94-6c0b1bb3f8a5_1.json b/packages/security_detection_engine/kibana/security_rule/9056d577-4da5-47bf-8c94-6c0b1bb3f8a5_1.json index 5b42aadbe53..ba841254a07 100644 --- a/packages/security_detection_engine/kibana/security_rule/9056d577-4da5-47bf-8c94-6c0b1bb3f8a5_1.json +++ b/packages/security_detection_engine/kibana/security_rule/9056d577-4da5-47bf-8c94-6c0b1bb3f8a5_1.json @@ -25,11 +25,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/907a26f5-3eb6-4338-a70e-6c375c1cde8a_106.json b/packages/security_detection_engine/kibana/security_rule/907a26f5-3eb6-4338-a70e-6c375c1cde8a_106.json index 8995421f1e0..24062f0240d 100644 --- a/packages/security_detection_engine/kibana/security_rule/907a26f5-3eb6-4338-a70e-6c375c1cde8a_106.json +++ b/packages/security_detection_engine/kibana/security_rule/907a26f5-3eb6-4338-a70e-6c375c1cde8a_106.json @@ -19,15 +19,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9092cd6c-650f-4fa3-8a8a-28256c7489c9_114.json b/packages/security_detection_engine/kibana/security_rule/9092cd6c-650f-4fa3-8a8a-28256c7489c9_114.json index a272de35e7d..764e185053c 100644 --- a/packages/security_detection_engine/kibana/security_rule/9092cd6c-650f-4fa3-8a8a-28256c7489c9_114.json +++ b/packages/security_detection_engine/kibana/security_rule/9092cd6c-650f-4fa3-8a8a-28256c7489c9_114.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/909bf7c8-d371-11ef-bcc3-f661ea17fbcd_6.json b/packages/security_detection_engine/kibana/security_rule/909bf7c8-d371-11ef-bcc3-f661ea17fbcd_6.json index 53ff6e337dc..2d8237da0ac 100644 --- a/packages/security_detection_engine/kibana/security_rule/909bf7c8-d371-11ef-bcc3-f661ea17fbcd_6.json +++ b/packages/security_detection_engine/kibana/security_rule/909bf7c8-d371-11ef-bcc3-f661ea17fbcd_6.json @@ -42,7 +42,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/90babaa8-5216-4568-992d-d4a01a105d98_107.json b/packages/security_detection_engine/kibana/security_rule/90babaa8-5216-4568-992d-d4a01a105d98_107.json index 468c652ead3..d79b861c090 100644 --- a/packages/security_detection_engine/kibana/security_rule/90babaa8-5216-4568-992d-d4a01a105d98_107.json +++ b/packages/security_detection_engine/kibana/security_rule/90babaa8-5216-4568-992d-d4a01a105d98_107.json @@ -21,15 +21,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/90c0ce77-3fb4-484f-a8ad-4648e12b35b1_1.json b/packages/security_detection_engine/kibana/security_rule/90c0ce77-3fb4-484f-a8ad-4648e12b35b1_1.json index 5dce7dadfa2..f4c3d7274ff 100644 --- a/packages/security_detection_engine/kibana/security_rule/90c0ce77-3fb4-484f-a8ad-4648e12b35b1_1.json +++ b/packages/security_detection_engine/kibana/security_rule/90c0ce77-3fb4-484f-a8ad-4648e12b35b1_1.json @@ -40,7 +40,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/90e4ceab-79a5-4f8e-879b-513cac7fcad9_5.json b/packages/security_detection_engine/kibana/security_rule/90e4ceab-79a5-4f8e-879b-513cac7fcad9_5.json index f96c151e928..57afd069f3d 100644 --- a/packages/security_detection_engine/kibana/security_rule/90e4ceab-79a5-4f8e-879b-513cac7fcad9_5.json +++ b/packages/security_detection_engine/kibana/security_rule/90e4ceab-79a5-4f8e-879b-513cac7fcad9_5.json @@ -14,23 +14,23 @@ "related_integrations": [ { "package": "nginx", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "apache", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "apache_tomcat", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "iis", - "version": "^1.21.0" + "version": ">=1.21.0" }, { "package": "traefik", - "version": "^2.5.0" + "version": ">=2.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/90e5976d-ed8c-489a-a293-bfc57ff8ba89_5.json b/packages/security_detection_engine/kibana/security_rule/90e5976d-ed8c-489a-a293-bfc57ff8ba89_5.json index cf0b54ef350..bb361142846 100644 --- a/packages/security_detection_engine/kibana/security_rule/90e5976d-ed8c-489a-a293-bfc57ff8ba89_5.json +++ b/packages/security_detection_engine/kibana/security_rule/90e5976d-ed8c-489a-a293-bfc57ff8ba89_5.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/90efea04-5675-11f0-8f80-f661ea17fbcd_5.json b/packages/security_detection_engine/kibana/security_rule/90efea04-5675-11f0-8f80-f661ea17fbcd_5.json index 8d04f1fcff7..24a7a10882f 100644 --- a/packages/security_detection_engine/kibana/security_rule/90efea04-5675-11f0-8f80-f661ea17fbcd_5.json +++ b/packages/security_detection_engine/kibana/security_rule/90efea04-5675-11f0-8f80-f661ea17fbcd_5.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9180ffdf-f3d0-4db3-bf66-7a14bcff71b8_109.json b/packages/security_detection_engine/kibana/security_rule/9180ffdf-f3d0-4db3-bf66-7a14bcff71b8_109.json index d699572cf60..ccd10e842e0 100644 --- a/packages/security_detection_engine/kibana/security_rule/9180ffdf-f3d0-4db3-bf66-7a14bcff71b8_109.json +++ b/packages/security_detection_engine/kibana/security_rule/9180ffdf-f3d0-4db3-bf66-7a14bcff71b8_109.json @@ -24,7 +24,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/91d04cd4-47a9-4334-ab14-084abe274d49_212.json b/packages/security_detection_engine/kibana/security_rule/91d04cd4-47a9-4334-ab14-084abe274d49_212.json index 0900a5855d5..756f6af5c6e 100644 --- a/packages/security_detection_engine/kibana/security_rule/91d04cd4-47a9-4334-ab14-084abe274d49_212.json +++ b/packages/security_detection_engine/kibana/security_rule/91d04cd4-47a9-4334-ab14-084abe274d49_212.json @@ -41,7 +41,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/91f02f01-969f-4167-8d77-07827ac4cee0_207.json b/packages/security_detection_engine/kibana/security_rule/91f02f01-969f-4167-8d77-07827ac4cee0_207.json index 0433d663a3d..19734dc1b40 100644 --- a/packages/security_detection_engine/kibana/security_rule/91f02f01-969f-4167-8d77-07827ac4cee0_207.json +++ b/packages/security_detection_engine/kibana/security_rule/91f02f01-969f-4167-8d77-07827ac4cee0_207.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/91f02f01-969f-4167-8f55-07827ac3acc9_208.json b/packages/security_detection_engine/kibana/security_rule/91f02f01-969f-4167-8f55-07827ac3acc9_208.json index 48f6e72e01f..ca86a43d543 100644 --- a/packages/security_detection_engine/kibana/security_rule/91f02f01-969f-4167-8f55-07827ac3acc9_208.json +++ b/packages/security_detection_engine/kibana/security_rule/91f02f01-969f-4167-8f55-07827ac3acc9_208.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/91f02f01-969f-4167-8f66-07827ac3bdd9_208.json b/packages/security_detection_engine/kibana/security_rule/91f02f01-969f-4167-8f66-07827ac3bdd9_208.json index c6a608502a7..f18392407fd 100644 --- a/packages/security_detection_engine/kibana/security_rule/91f02f01-969f-4167-8f66-07827ac3bdd9_208.json +++ b/packages/security_detection_engine/kibana/security_rule/91f02f01-969f-4167-8f66-07827ac3bdd9_208.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/92984446-aefb-4d5e-ad12-598042ca80ba_214.json b/packages/security_detection_engine/kibana/security_rule/92984446-aefb-4d5e-ad12-598042ca80ba_214.json index a70a436f327..d7658253a83 100644 --- a/packages/security_detection_engine/kibana/security_rule/92984446-aefb-4d5e-ad12-598042ca80ba_214.json +++ b/packages/security_detection_engine/kibana/security_rule/92984446-aefb-4d5e-ad12-598042ca80ba_214.json @@ -81,7 +81,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/929d0766-204b-11f0-9c1f-f661ea17fbcd_5.json b/packages/security_detection_engine/kibana/security_rule/929d0766-204b-11f0-9c1f-f661ea17fbcd_5.json index c265d382e71..cf20257b614 100644 --- a/packages/security_detection_engine/kibana/security_rule/929d0766-204b-11f0-9c1f-f661ea17fbcd_5.json +++ b/packages/security_detection_engine/kibana/security_rule/929d0766-204b-11f0-9c1f-f661ea17fbcd_5.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/92a36c98-b24a-4bf7-aac7-1eac71fa39cf_2.json b/packages/security_detection_engine/kibana/security_rule/92a36c98-b24a-4bf7-aac7-1eac71fa39cf_2.json index 2631d76a9c3..9a96a2954c5 100644 --- a/packages/security_detection_engine/kibana/security_rule/92a36c98-b24a-4bf7-aac7-1eac71fa39cf_2.json +++ b/packages/security_detection_engine/kibana/security_rule/92a36c98-b24a-4bf7-aac7-1eac71fa39cf_2.json @@ -26,7 +26,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/92a6faf5-78ec-4e25-bea1-73bacc9b59d9_115.json b/packages/security_detection_engine/kibana/security_rule/92a6faf5-78ec-4e25-bea1-73bacc9b59d9_115.json index 0eff7295401..da80e785f04 100644 --- a/packages/security_detection_engine/kibana/security_rule/92a6faf5-78ec-4e25-bea1-73bacc9b59d9_115.json +++ b/packages/security_detection_engine/kibana/security_rule/92a6faf5-78ec-4e25-bea1-73bacc9b59d9_115.json @@ -24,11 +24,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/92b11a06-57ab-4f6d-a18b-fb7fdf3cc63f_1.json b/packages/security_detection_engine/kibana/security_rule/92b11a06-57ab-4f6d-a18b-fb7fdf3cc63f_1.json index 6846c033b87..f1396a76dd3 100644 --- a/packages/security_detection_engine/kibana/security_rule/92b11a06-57ab-4f6d-a18b-fb7fdf3cc63f_1.json +++ b/packages/security_detection_engine/kibana/security_rule/92b11a06-57ab-4f6d-a18b-fb7fdf3cc63f_1.json @@ -24,19 +24,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/92d3a04e-6487-4b62-892d-70e640a590dc_111.json b/packages/security_detection_engine/kibana/security_rule/92d3a04e-6487-4b62-892d-70e640a590dc_111.json index a5247a04762..7c08040d9e7 100644 --- a/packages/security_detection_engine/kibana/security_rule/92d3a04e-6487-4b62-892d-70e640a590dc_111.json +++ b/packages/security_detection_engine/kibana/security_rule/92d3a04e-6487-4b62-892d-70e640a590dc_111.json @@ -25,11 +25,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/93075852-b0f5-4b8b-89c3-a226efae5726_216.json b/packages/security_detection_engine/kibana/security_rule/93075852-b0f5-4b8b-89c3-a226efae5726_216.json index 1ca8e168826..39c71c39715 100644 --- a/packages/security_detection_engine/kibana/security_rule/93075852-b0f5-4b8b-89c3-a226efae5726_216.json +++ b/packages/security_detection_engine/kibana/security_rule/93075852-b0f5-4b8b-89c3-a226efae5726_216.json @@ -49,7 +49,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/93120a05-caf5-47f6-a305-e8abee463fb9_1.json b/packages/security_detection_engine/kibana/security_rule/93120a05-caf5-47f6-a305-e8abee463fb9_1.json index c441bd99b38..0bdb341139e 100644 --- a/packages/security_detection_engine/kibana/security_rule/93120a05-caf5-47f6-a305-e8abee463fb9_1.json +++ b/packages/security_detection_engine/kibana/security_rule/93120a05-caf5-47f6-a305-e8abee463fb9_1.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/931e25a5-0f5e-4ae0-ba0d-9e94eff7e3a4_211.json b/packages/security_detection_engine/kibana/security_rule/931e25a5-0f5e-4ae0-ba0d-9e94eff7e3a4_211.json index 3d4a145b9e0..9ee3b557294 100644 --- a/packages/security_detection_engine/kibana/security_rule/931e25a5-0f5e-4ae0-ba0d-9e94eff7e3a4_211.json +++ b/packages/security_detection_engine/kibana/security_rule/931e25a5-0f5e-4ae0-ba0d-9e94eff7e3a4_211.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9395fd2c-9947-4472-86ef-4aceb2f7e872_213.json b/packages/security_detection_engine/kibana/security_rule/9395fd2c-9947-4472-86ef-4aceb2f7e872_213.json index b88a71e6844..c826d4ed2fc 100644 --- a/packages/security_detection_engine/kibana/security_rule/9395fd2c-9947-4472-86ef-4aceb2f7e872_213.json +++ b/packages/security_detection_engine/kibana/security_rule/9395fd2c-9947-4472-86ef-4aceb2f7e872_213.json @@ -43,7 +43,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/93b22c0a-06a0-4131-b830-b10d5e166ff4_214.json b/packages/security_detection_engine/kibana/security_rule/93b22c0a-06a0-4131-b830-b10d5e166ff4_214.json index 18a09e6a1e0..f386b90d70b 100644 --- a/packages/security_detection_engine/kibana/security_rule/93b22c0a-06a0-4131-b830-b10d5e166ff4_214.json +++ b/packages/security_detection_engine/kibana/security_rule/93b22c0a-06a0-4131-b830-b10d5e166ff4_214.json @@ -25,11 +25,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/93c1ce76-494c-4f01-8167-35edfb52f7b1_419.json b/packages/security_detection_engine/kibana/security_rule/93c1ce76-494c-4f01-8167-35edfb52f7b1_419.json index 803fa2cefbd..709a390a66a 100644 --- a/packages/security_detection_engine/kibana/security_rule/93c1ce76-494c-4f01-8167-35edfb52f7b1_419.json +++ b/packages/security_detection_engine/kibana/security_rule/93c1ce76-494c-4f01-8167-35edfb52f7b1_419.json @@ -22,23 +22,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/93d2c5bf-dac1-4e0f-ab52-16f440782bb8_1.json b/packages/security_detection_engine/kibana/security_rule/93d2c5bf-dac1-4e0f-ab52-16f440782bb8_1.json index 3cf9c192628..f543e750044 100644 --- a/packages/security_detection_engine/kibana/security_rule/93d2c5bf-dac1-4e0f-ab52-16f440782bb8_1.json +++ b/packages/security_detection_engine/kibana/security_rule/93d2c5bf-dac1-4e0f-ab52-16f440782bb8_1.json @@ -40,7 +40,7 @@ "related_integrations": [ { "package": "google_workspace", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/93dd73f9-3e59-45be-b023-c681273baf81_2.json b/packages/security_detection_engine/kibana/security_rule/93dd73f9-3e59-45be-b023-c681273baf81_2.json index 817ee248f0d..c0532762185 100644 --- a/packages/security_detection_engine/kibana/security_rule/93dd73f9-3e59-45be-b023-c681273baf81_2.json +++ b/packages/security_detection_engine/kibana/security_rule/93dd73f9-3e59-45be-b023-c681273baf81_2.json @@ -23,11 +23,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/93e63c3e-4154-4fc6-9f86-b411e0987bbf_211.json b/packages/security_detection_engine/kibana/security_rule/93e63c3e-4154-4fc6-9f86-b411e0987bbf_211.json index e5044d79716..5be0dfb2db9 100644 --- a/packages/security_detection_engine/kibana/security_rule/93e63c3e-4154-4fc6-9f86-b411e0987bbf_211.json +++ b/packages/security_detection_engine/kibana/security_rule/93e63c3e-4154-4fc6-9f86-b411e0987bbf_211.json @@ -35,7 +35,7 @@ "related_integrations": [ { "package": "google_workspace", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/94418745-529f-4259-8d25-a713a6feb6ae_109.json b/packages/security_detection_engine/kibana/security_rule/94418745-529f-4259-8d25-a713a6feb6ae_109.json index bc3aafde6de..bd0af4287f5 100644 --- a/packages/security_detection_engine/kibana/security_rule/94418745-529f-4259-8d25-a713a6feb6ae_109.json +++ b/packages/security_detection_engine/kibana/security_rule/94418745-529f-4259-8d25-a713a6feb6ae_109.json @@ -24,11 +24,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/94556bc7-e057-4759-9e49-fa79ee366101_1.json b/packages/security_detection_engine/kibana/security_rule/94556bc7-e057-4759-9e49-fa79ee366101_1.json index 7c00a0f8226..8954e684eff 100644 --- a/packages/security_detection_engine/kibana/security_rule/94556bc7-e057-4759-9e49-fa79ee366101_1.json +++ b/packages/security_detection_engine/kibana/security_rule/94556bc7-e057-4759-9e49-fa79ee366101_1.json @@ -19,7 +19,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/94a401ba-4fa2-455c-b7ae-b6e037afc0b7_216.json b/packages/security_detection_engine/kibana/security_rule/94a401ba-4fa2-455c-b7ae-b6e037afc0b7_216.json index 21e8b564cbe..fc584070365 100644 --- a/packages/security_detection_engine/kibana/security_rule/94a401ba-4fa2-455c-b7ae-b6e037afc0b7_216.json +++ b/packages/security_detection_engine/kibana/security_rule/94a401ba-4fa2-455c-b7ae-b6e037afc0b7_216.json @@ -24,27 +24,27 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/94e734c0-2cda-11ef-84e1-f661ea17fbce_211.json b/packages/security_detection_engine/kibana/security_rule/94e734c0-2cda-11ef-84e1-f661ea17fbce_211.json index f3a0a656243..8f16188f259 100644 --- a/packages/security_detection_engine/kibana/security_rule/94e734c0-2cda-11ef-84e1-f661ea17fbce_211.json +++ b/packages/security_detection_engine/kibana/security_rule/94e734c0-2cda-11ef-84e1-f661ea17fbce_211.json @@ -28,7 +28,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9510add4-3392-11ed-bd01-f661ea17fbce_111.json b/packages/security_detection_engine/kibana/security_rule/9510add4-3392-11ed-bd01-f661ea17fbce_111.json index 9b62e9873c5..bfb68acabef 100644 --- a/packages/security_detection_engine/kibana/security_rule/9510add4-3392-11ed-bd01-f661ea17fbce_111.json +++ b/packages/security_detection_engine/kibana/security_rule/9510add4-3392-11ed-bd01-f661ea17fbce_111.json @@ -37,7 +37,7 @@ "related_integrations": [ { "package": "google_workspace", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/951779c2-82ad-4a6c-82b8-296c1f691449_110.json b/packages/security_detection_engine/kibana/security_rule/951779c2-82ad-4a6c-82b8-296c1f691449_110.json index e7c14531cb0..3fe174989a4 100644 --- a/packages/security_detection_engine/kibana/security_rule/951779c2-82ad-4a6c-82b8-296c1f691449_110.json +++ b/packages/security_detection_engine/kibana/security_rule/951779c2-82ad-4a6c-82b8-296c1f691449_110.json @@ -43,7 +43,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/952c92af-d67f-4f01-8a9c-725efefa7e07_7.json b/packages/security_detection_engine/kibana/security_rule/952c92af-d67f-4f01-8a9c-725efefa7e07_7.json index 44629cf1c42..a8b3d0b8682 100644 --- a/packages/security_detection_engine/kibana/security_rule/952c92af-d67f-4f01-8a9c-725efefa7e07_7.json +++ b/packages/security_detection_engine/kibana/security_rule/952c92af-d67f-4f01-8a9c-725efefa7e07_7.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/954ee7c8-5437-49ae-b2d6-2960883898e9_215.json b/packages/security_detection_engine/kibana/security_rule/954ee7c8-5437-49ae-b2d6-2960883898e9_215.json index a977ddf4b3d..2cc2affd00b 100644 --- a/packages/security_detection_engine/kibana/security_rule/954ee7c8-5437-49ae-b2d6-2960883898e9_215.json +++ b/packages/security_detection_engine/kibana/security_rule/954ee7c8-5437-49ae-b2d6-2960883898e9_215.json @@ -23,15 +23,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9550ec87-e73c-4baa-ad44-e448a33fbc3d_1.json b/packages/security_detection_engine/kibana/security_rule/9550ec87-e73c-4baa-ad44-e448a33fbc3d_1.json index 7f7607eea89..4df3a50c1d8 100644 --- a/packages/security_detection_engine/kibana/security_rule/9550ec87-e73c-4baa-ad44-e448a33fbc3d_1.json +++ b/packages/security_detection_engine/kibana/security_rule/9550ec87-e73c-4baa-ad44-e448a33fbc3d_1.json @@ -41,7 +41,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9563dace-5822-11f0-b1d3-f661ea17fbcd_5.json b/packages/security_detection_engine/kibana/security_rule/9563dace-5822-11f0-b1d3-f661ea17fbcd_5.json index b67a3038be6..1adadd9f67b 100644 --- a/packages/security_detection_engine/kibana/security_rule/9563dace-5822-11f0-b1d3-f661ea17fbcd_5.json +++ b/packages/security_detection_engine/kibana/security_rule/9563dace-5822-11f0-b1d3-f661ea17fbcd_5.json @@ -49,7 +49,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/959a7353-1129-4aa7-9084-30746b256a70_214.json b/packages/security_detection_engine/kibana/security_rule/959a7353-1129-4aa7-9084-30746b256a70_214.json index 867376bcbcc..85f6b6e2f57 100644 --- a/packages/security_detection_engine/kibana/security_rule/959a7353-1129-4aa7-9084-30746b256a70_214.json +++ b/packages/security_detection_engine/kibana/security_rule/959a7353-1129-4aa7-9084-30746b256a70_214.json @@ -39,7 +39,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/95b99adc-2cda-11ef-84e1-f661ea17fbce_211.json b/packages/security_detection_engine/kibana/security_rule/95b99adc-2cda-11ef-84e1-f661ea17fbce_211.json index 82585cde462..66d6a92d9cd 100644 --- a/packages/security_detection_engine/kibana/security_rule/95b99adc-2cda-11ef-84e1-f661ea17fbce_211.json +++ b/packages/security_detection_engine/kibana/security_rule/95b99adc-2cda-11ef-84e1-f661ea17fbce_211.json @@ -26,7 +26,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/962a71ae-aac9-11ef-9348-f661ea17fbce_8.json b/packages/security_detection_engine/kibana/security_rule/962a71ae-aac9-11ef-9348-f661ea17fbce_8.json index df32955fa5d..0a3af9bcc3f 100644 --- a/packages/security_detection_engine/kibana/security_rule/962a71ae-aac9-11ef-9348-f661ea17fbce_8.json +++ b/packages/security_detection_engine/kibana/security_rule/962a71ae-aac9-11ef-9348-f661ea17fbce_8.json @@ -50,7 +50,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9661ed8b-001c-40dc-a777-0983b7b0c91a_105.json b/packages/security_detection_engine/kibana/security_rule/9661ed8b-001c-40dc-a777-0983b7b0c91a_105.json index aff3ed09605..8dabcfd4676 100644 --- a/packages/security_detection_engine/kibana/security_rule/9661ed8b-001c-40dc-a777-0983b7b0c91a_105.json +++ b/packages/security_detection_engine/kibana/security_rule/9661ed8b-001c-40dc-a777-0983b7b0c91a_105.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9679c838-ec24-4e3a-bf0b-68a9878828c3_1.json b/packages/security_detection_engine/kibana/security_rule/9679c838-ec24-4e3a-bf0b-68a9878828c3_1.json index 5130e331fab..75edcaeac2d 100644 --- a/packages/security_detection_engine/kibana/security_rule/9679c838-ec24-4e3a-bf0b-68a9878828c3_1.json +++ b/packages/security_detection_engine/kibana/security_rule/9679c838-ec24-4e3a-bf0b-68a9878828c3_1.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/968ccab9-da51-4a87-9ce2-d3c9782fd759_217.json b/packages/security_detection_engine/kibana/security_rule/968ccab9-da51-4a87-9ce2-d3c9782fd759_217.json index ca5807cc694..942e8772c9c 100644 --- a/packages/security_detection_engine/kibana/security_rule/968ccab9-da51-4a87-9ce2-d3c9782fd759_217.json +++ b/packages/security_detection_engine/kibana/security_rule/968ccab9-da51-4a87-9ce2-d3c9782fd759_217.json @@ -22,19 +22,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/96b2a03e-003b-11f0-8541-f661ea17fbcd_6.json b/packages/security_detection_engine/kibana/security_rule/96b2a03e-003b-11f0-8541-f661ea17fbcd_6.json index 9941c54968d..0faf5ff173b 100644 --- a/packages/security_detection_engine/kibana/security_rule/96b2a03e-003b-11f0-8541-f661ea17fbcd_6.json +++ b/packages/security_detection_engine/kibana/security_rule/96b2a03e-003b-11f0-8541-f661ea17fbcd_6.json @@ -47,7 +47,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/96b9f4ea-0e8c-435b-8d53-2096e75fcac5_414.json b/packages/security_detection_engine/kibana/security_rule/96b9f4ea-0e8c-435b-8d53-2096e75fcac5_414.json index b12d30ea9c0..a762f6ebf4e 100644 --- a/packages/security_detection_engine/kibana/security_rule/96b9f4ea-0e8c-435b-8d53-2096e75fcac5_414.json +++ b/packages/security_detection_engine/kibana/security_rule/96b9f4ea-0e8c-435b-8d53-2096e75fcac5_414.json @@ -26,7 +26,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/96d11d31-9a79-480f-8401-da28b194608f_17.json b/packages/security_detection_engine/kibana/security_rule/96d11d31-9a79-480f-8401-da28b194608f_17.json index 7da900518c1..e46aae2af33 100644 --- a/packages/security_detection_engine/kibana/security_rule/96d11d31-9a79-480f-8401-da28b194608f_17.json +++ b/packages/security_detection_engine/kibana/security_rule/96d11d31-9a79-480f-8401-da28b194608f_17.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/96dd08d8-8f3d-4f55-ada8-7dc1e05dbd47_1.json b/packages/security_detection_engine/kibana/security_rule/96dd08d8-8f3d-4f55-ada8-7dc1e05dbd47_1.json index 5942cf74a29..94665da84b0 100644 --- a/packages/security_detection_engine/kibana/security_rule/96dd08d8-8f3d-4f55-ada8-7dc1e05dbd47_1.json +++ b/packages/security_detection_engine/kibana/security_rule/96dd08d8-8f3d-4f55-ada8-7dc1e05dbd47_1.json @@ -26,7 +26,7 @@ "related_integrations": [ { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/96e90768-c3b7-4df6-b5d9-6237f8bc36a8_212.json b/packages/security_detection_engine/kibana/security_rule/96e90768-c3b7-4df6-b5d9-6237f8bc36a8_212.json index d3068583e98..6244eaa7d40 100644 --- a/packages/security_detection_engine/kibana/security_rule/96e90768-c3b7-4df6-b5d9-6237f8bc36a8_212.json +++ b/packages/security_detection_engine/kibana/security_rule/96e90768-c3b7-4df6-b5d9-6237f8bc36a8_212.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/96f29282-ffcc-4ce7-834b-b17aee905568_4.json b/packages/security_detection_engine/kibana/security_rule/96f29282-ffcc-4ce7-834b-b17aee905568_4.json index 02a95a64532..31b7d72a336 100644 --- a/packages/security_detection_engine/kibana/security_rule/96f29282-ffcc-4ce7-834b-b17aee905568_4.json +++ b/packages/security_detection_engine/kibana/security_rule/96f29282-ffcc-4ce7-834b-b17aee905568_4.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/97020e61-e591-4191-8a3b-2861a2b887cd_114.json b/packages/security_detection_engine/kibana/security_rule/97020e61-e591-4191-8a3b-2861a2b887cd_114.json index 5e267dc4184..5b91dfa7ba8 100644 --- a/packages/security_detection_engine/kibana/security_rule/97020e61-e591-4191-8a3b-2861a2b887cd_114.json +++ b/packages/security_detection_engine/kibana/security_rule/97020e61-e591-4191-8a3b-2861a2b887cd_114.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9705b458-689a-4ec6-afe8-b4648d090612_6.json b/packages/security_detection_engine/kibana/security_rule/9705b458-689a-4ec6-afe8-b4648d090612_6.json index aa2668f8091..ea96e4d391d 100644 --- a/packages/security_detection_engine/kibana/security_rule/9705b458-689a-4ec6-afe8-b4648d090612_6.json +++ b/packages/security_detection_engine/kibana/security_rule/9705b458-689a-4ec6-afe8-b4648d090612_6.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/97266eb4-b8c3-4e3e-9417-7d0ace6b3dfe_1.json b/packages/security_detection_engine/kibana/security_rule/97266eb4-b8c3-4e3e-9417-7d0ace6b3dfe_1.json index 20b42b81558..0146219a85d 100644 --- a/packages/security_detection_engine/kibana/security_rule/97266eb4-b8c3-4e3e-9417-7d0ace6b3dfe_1.json +++ b/packages/security_detection_engine/kibana/security_rule/97266eb4-b8c3-4e3e-9417-7d0ace6b3dfe_1.json @@ -48,7 +48,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/97314185-2568-4561-ae81-f3e480e5e695_212.json b/packages/security_detection_engine/kibana/security_rule/97314185-2568-4561-ae81-f3e480e5e695_212.json index ee74e865a9e..c72f5d1afef 100644 --- a/packages/security_detection_engine/kibana/security_rule/97314185-2568-4561-ae81-f3e480e5e695_212.json +++ b/packages/security_detection_engine/kibana/security_rule/97314185-2568-4561-ae81-f3e480e5e695_212.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/97359fd8-757d-4b1d-9af1-ef29e4a8680e_109.json b/packages/security_detection_engine/kibana/security_rule/97359fd8-757d-4b1d-9af1-ef29e4a8680e_109.json index 805a630260a..703261a2ac1 100644 --- a/packages/security_detection_engine/kibana/security_rule/97359fd8-757d-4b1d-9af1-ef29e4a8680e_109.json +++ b/packages/security_detection_engine/kibana/security_rule/97359fd8-757d-4b1d-9af1-ef29e4a8680e_109.json @@ -23,7 +23,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/97697a52-4a76-4f0a-aa4f-25c178aae6eb_104.json b/packages/security_detection_engine/kibana/security_rule/97697a52-4a76-4f0a-aa4f-25c178aae6eb_104.json index 39ce5cbbdc2..1ce9874b8d0 100644 --- a/packages/security_detection_engine/kibana/security_rule/97697a52-4a76-4f0a-aa4f-25c178aae6eb_104.json +++ b/packages/security_detection_engine/kibana/security_rule/97697a52-4a76-4f0a-aa4f-25c178aae6eb_104.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/976b2391-413f-4a94-acb4-7911f3803346_11.json b/packages/security_detection_engine/kibana/security_rule/976b2391-413f-4a94-acb4-7911f3803346_11.json deleted file mode 100644 index 1bf2f424ce0..00000000000 --- a/packages/security_detection_engine/kibana/security_rule/976b2391-413f-4a94-acb4-7911f3803346_11.json +++ /dev/null @@ -1,188 +0,0 @@ -{ - "attributes": { - "author": [ - "Elastic" - ], - "description": "This rule detects unusual processes spawned from a web server parent process by identifying low frequency counts of process spawning activity. Unusual process spawning activity may indicate an attacker attempting to establish persistence, execute malicious commands, or establish command and control channels on the host system. ESQL rules have limited fields available in its alert documents. Make sure to review the original documents to aid in the investigation of this alert.", - "from": "now-61m", - "interval": "1h", - "language": "esql", - "license": "Elastic License v2", - "name": "Unusual Process Spawned from Web Server Parent", - "note": " ## Triage and analysis\n\n> **Disclaimer**:\n> This investigation guide was created using generative AI technology and has been reviewed to improve its accuracy and relevance. While every effort has been made to ensure its quality, we recommend validating the content and adapting it to suit your specific environment and operational needs.\n\n### Investigating Unusual Process Spawned from Web Server Parent\n\nWeb servers like Apache, Nginx, and others are crucial for hosting applications and services. Adversaries exploit these servers by spawning unauthorized processes to maintain persistence or execute malicious commands. The detection rule identifies anomalies by monitoring low-frequency process spawns from web server parents, focusing on unusual user IDs, directories, and process counts, which may indicate potential threats.\n\n### Possible investigation steps\n\n- Review the process.executable and process.command_line fields to understand the nature of the process that was spawned and assess if it aligns with expected behavior for the web server environment.\n- Examine the process.working_directory to determine if the directory is a legitimate location for web server operations or if it appears suspicious, such as being outside typical web server directories.\n- Check the user.name and user.id fields to verify if the process was executed by a legitimate web server user or if it was initiated by an unexpected or unauthorized user account.\n- Investigate the process.parent.executable to confirm whether the parent process is a known and trusted web server executable or if it has been tampered with or replaced.\n- Correlate the event with other logs or alerts from the same agent.id to identify any additional suspicious activities or patterns that may indicate a broader compromise.\n- Assess the host.os.type to ensure the alert pertains to a Linux system, as specified in the query, and verify if there are any known vulnerabilities or misconfigurations on the host that could have been exploited.\n\n### False positive analysis\n\n- Processes related to legitimate web server maintenance tasks may trigger alerts. Review scheduled tasks or cron jobs that align with the alert timing and consider excluding these specific processes if they are verified as non-threatening.\n- Development environments often spawn processes that mimic attack patterns. Identify and exclude processes originating from known development directories or executed by development user accounts.\n- Automated scripts or monitoring tools running under web server user accounts can be mistaken for malicious activity. Verify these scripts and add exceptions for their specific process names or working directories.\n- Frequent updates or deployments in web applications can lead to unusual process spawns. Document these activities and exclude related processes if they consistently match the alert criteria during known update windows.\n- Custom web server modules or plugins may execute processes that appear suspicious. Validate these modules and exclude their associated processes if they are part of normal operations.\n\n### Response and remediation\n\n- Immediately isolate the affected host from the network to prevent further malicious activity and potential lateral movement.\n- Terminate any suspicious processes identified by the alert that are not part of legitimate web server operations.\n- Conduct a thorough review of the process command lines and executables flagged by the alert to identify any malicious scripts or binaries. Remove or quarantine these files as necessary.\n- Check for unauthorized changes in web server configurations or files within the working directories flagged by the alert. Restore any altered files from a known good backup.\n- Review user accounts and permissions associated with the web server processes to ensure no unauthorized accounts or privilege escalations have occurred. Reset passwords and revoke unnecessary access.\n- Monitor network traffic from the affected host for any signs of command and control communication, and block any identified malicious IP addresses or domains.\n- Escalate the incident to the security operations center (SOC) or incident response team for further analysis and to determine if additional systems are compromised.\n", - "query": "from logs-endpoint.events.process-* metadata _id, _index, _version\n| mv_expand event.action\n| where\n host.os.type == \"linux\" and\n event.type == \"start\" and\n event.action == \"exec\" and (\n (\n process.parent.name in (\n \"apache\", \"nginx\", \"apache2\", \"httpd\", \"lighttpd\", \"caddy\", \"mongrel_rails\", \"gunicorn\",\n \"uwsgi\", \"openresty\", \"cherokee\", \"h2o\", \"resin\", \"puma\", \"unicorn\", \"traefik\", \"tornado\", \"hypercorn\",\n \"daphne\", \"twistd\", \"yaws\", \"webfsd\", \"httpd.worker\", \"flask\", \"rails\", \"mongrel\", \"php-cgi\",\n \"php-fcgi\", \"php-cgi.cagefs\", \"catalina.sh\", \"hiawatha\", \"lswsctrl\"\n ) or\n process.parent.name like \"php-fpm*\" or\n user.name in (\"apache\", \"www-data\", \"httpd\", \"nginx\", \"lighttpd\", \"tomcat\", \"tomcat8\", \"tomcat9\") or\n user.id in (\"33\", \"498\", \"48\") or\n (process.parent.name == \"java\" and process.parent.working_directory like \"/u0?/*\") or\n process.parent.working_directory like \"/var/www/*\"\n )\n ) and (\n process.name in (\n \"bash\", \"dash\", \"sh\", \"tcsh\", \"csh\", \"zsh\", \"ksh\", \"fish\", \"socat\", \"openssl\", \"busybox\",\n \"nc\", \"ncat\", \"netcat\", \"nc.openbsd\", \"nc.traditional\", \"nohup\", \"setsid\", \"mkfifo\", \"mknod\",\n \"node\", \"socket\"\n ) or\n process.name like \"python*\" or\n process.name like \"php*\" or\n process.name like \"perl\" or\n process.name like \"ruby*\" or\n process.name like \"lua*\" or\n process.executable like \"/tmp/*\" or\n process.executable like \"/var/tmp/*\" or\n process.executable like \"/dev/shm/*\" or\n process.executable like \"/var/log/*\" or\n process.executable like \"/sys/*\" or\n process.executable like \"/media/*\" or\n process.executable like \"/proc/*\" or\n process.executable like \"/var/backups/*\" or\n process.executable like \"/var/mail/*\" or\n process.executable like \"/var/spool/*\" or\n process.executable like \"/var/www/*\" or\n process.executable like \"./*\" or\n process.name like \".*\"\n ) and \n not (\n process.working_directory like \"/home/*\" or\n process.working_directory == \"/\" or\n process.working_directory like \"/var/www/*.ch\" or\n process.parent.executable like \"/vscode/vscode-server/*\"\n )\n\n| keep\n @timestamp,\n _id,\n _index,\n _version,\n host.os.type,\n event.type,\n event.action,\n process.parent.name,\n user.name,\n user.id,\n process.working_directory,\n process.parent.working_directory,\n process.name,\n process.executable,\n process.command_line,\n process.parent.executable,\n agent.id,\n host.name,\n data_stream.dataset,\n data_stream.namespace\n\n| stats\n Esql.event_count = count(),\n Esql.agent_id_count_distinct = count_distinct(agent.id),\n Esql.host_name_values = values(host.name),\n Esql.agent_id_values = values(agent.id),\n Esql.data_stream_dataset_values = values(data_stream.dataset),\n Esql.data_stream_namespace_values = values(data_stream.namespace)\n\n by process.executable, process.working_directory, process.parent.executable\n\n| where\n Esql.agent_id_count_distinct == 1 and\n Esql.event_count < 5\n| sort Esql.event_count asc\n\n// Extract unique values to ECS fields for alerts exclusion\n| eval agent.id = mv_min(Esql.agent_id_values),\n host.name = mv_min(Esql.host_name_values)\n\n| keep agent.id, host.name, process.executable, process.working_directory, process.parent.executable, Esql.*\n", - "related_integrations": [ - { - "package": "endpoint", - "version": "^9.0.0" - } - ], - "required_fields": [ - { - "ecs": false, - "name": "Esql.agent_id_count_distinct", - "type": "long" - }, - { - "ecs": false, - "name": "Esql.agent_id_values", - "type": "keyword" - }, - { - "ecs": false, - "name": "Esql.data_stream_dataset_values", - "type": "keyword" - }, - { - "ecs": false, - "name": "Esql.data_stream_namespace_values", - "type": "keyword" - }, - { - "ecs": false, - "name": "Esql.event_count", - "type": "long" - }, - { - "ecs": false, - "name": "Esql.host_name_values", - "type": "keyword" - }, - { - "ecs": true, - "name": "agent.id", - "type": "keyword" - }, - { - "ecs": true, - "name": "host.name", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.executable", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.parent.executable", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.working_directory", - "type": "keyword" - } - ], - "risk_score": 21, - "rule_id": "976b2391-413f-4a94-acb4-7911f3803346", - "setup": "## Setup\n\nThis rule requires data coming in from Elastic Defend.\n\n### Elastic Defend Integration Setup\nElastic Defend is integrated into the Elastic Agent using Fleet. Upon configuration, the integration allows the Elastic Agent to monitor events on your host and send data to the Elastic Security app.\n\n#### Prerequisite Requirements:\n- Fleet is required for Elastic Defend.\n- To configure Fleet Server refer to the [documentation](https://www.elastic.co/guide/en/fleet/current/fleet-server.html).\n\n#### The following steps should be executed in order to add the Elastic Defend integration on a Linux System:\n- Go to the Kibana home page and click \"Add integrations\".\n- In the query bar, search for \"Elastic Defend\" and select the integration to see more details about it.\n- Click \"Add Elastic Defend\".\n- Configure the integration name and optionally add a description.\n- Select the type of environment you want to protect, either \"Traditional Endpoints\" or \"Cloud Workloads\".\n- Select a configuration preset. Each preset comes with different default settings for Elastic Agent, you can further customize these later by configuring the Elastic Defend integration policy. [Helper guide](https://www.elastic.co/guide/en/security/current/configure-endpoint-integration-policy.html).\n- We suggest selecting \"Complete EDR (Endpoint Detection and Response)\" as a configuration setting, that provides \"All events; all preventions\"\n- Enter a name for the agent policy in \"New agent policy name\". If other agent policies already exist, you can click the \"Existing hosts\" tab and select an existing policy instead.\nFor more details on Elastic Agent configuration settings, refer to the [helper guide](https://www.elastic.co/guide/en/fleet/8.10/agent-policy.html).\n- Click \"Save and Continue\".\n- To complete the integration, select \"Add Elastic Agent to your hosts\" and continue to the next section to install the Elastic Agent on your hosts.\nFor more details on Elastic Defend refer to the [helper guide](https://www.elastic.co/guide/en/security/current/install-endpoint.html).\n", - "severity": "low", - "tags": [ - "Domain: Endpoint", - "OS: Linux", - "Use Case: Threat Detection", - "Tactic: Persistence", - "Tactic: Execution", - "Tactic: Command and Control", - "Data Source: Elastic Defend", - "Resources: Investigation Guide" - ], - "threat": [ - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0003", - "name": "Persistence", - "reference": "https://attack.mitre.org/tactics/TA0003/" - }, - "technique": [ - { - "id": "T1505", - "name": "Server Software Component", - "reference": "https://attack.mitre.org/techniques/T1505/", - "subtechnique": [ - { - "id": "T1505.003", - "name": "Web Shell", - "reference": "https://attack.mitre.org/techniques/T1505/003/" - } - ] - } - ] - }, - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0002", - "name": "Execution", - "reference": "https://attack.mitre.org/tactics/TA0002/" - }, - "technique": [ - { - "id": "T1059", - "name": "Command and Scripting Interpreter", - "reference": "https://attack.mitre.org/techniques/T1059/", - "subtechnique": [ - { - "id": "T1059.004", - "name": "Unix Shell", - "reference": "https://attack.mitre.org/techniques/T1059/004/" - }, - { - "id": "T1059.006", - "name": "Python", - "reference": "https://attack.mitre.org/techniques/T1059/006/" - }, - { - "id": "T1059.007", - "name": "JavaScript", - "reference": "https://attack.mitre.org/techniques/T1059/007/" - }, - { - "id": "T1059.011", - "name": "Lua", - "reference": "https://attack.mitre.org/techniques/T1059/011/" - } - ] - } - ] - }, - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0011", - "name": "Command and Control", - "reference": "https://attack.mitre.org/tactics/TA0011/" - }, - "technique": [ - { - "id": "T1071", - "name": "Application Layer Protocol", - "reference": "https://attack.mitre.org/techniques/T1071/" - } - ] - }, - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0001", - "name": "Initial Access", - "reference": "https://attack.mitre.org/tactics/TA0001/" - }, - "technique": [ - { - "id": "T1190", - "name": "Exploit Public-Facing Application", - "reference": "https://attack.mitre.org/techniques/T1190/" - } - ] - } - ], - "timestamp_override": "event.ingested", - "type": "esql", - "version": 11 - }, - "id": "976b2391-413f-4a94-acb4-7911f3803346_11", - "type": "security-rule" -} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/979729e7-0c52-4c4c-b71e-88103304a79f_214.json b/packages/security_detection_engine/kibana/security_rule/979729e7-0c52-4c4c-b71e-88103304a79f_214.json index 7e9ff309652..e7f0f264918 100644 --- a/packages/security_detection_engine/kibana/security_rule/979729e7-0c52-4c4c-b71e-88103304a79f_214.json +++ b/packages/security_detection_engine/kibana/security_rule/979729e7-0c52-4c4c-b71e-88103304a79f_214.json @@ -42,7 +42,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/97a8e584-fd3b-421f-9b9d-9c9d9e57e9d7_419.json b/packages/security_detection_engine/kibana/security_rule/97a8e584-fd3b-421f-9b9d-9c9d9e57e9d7_419.json index 37e9bb9b574..36b863b7545 100644 --- a/packages/security_detection_engine/kibana/security_rule/97a8e584-fd3b-421f-9b9d-9c9d9e57e9d7_419.json +++ b/packages/security_detection_engine/kibana/security_rule/97a8e584-fd3b-421f-9b9d-9c9d9e57e9d7_419.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/97aba1ef-6034-4bd3-8c1a-1e0996b27afa_423.json b/packages/security_detection_engine/kibana/security_rule/97aba1ef-6034-4bd3-8c1a-1e0996b27afa_423.json index 4c13b5c4065..a6719d95eee 100644 --- a/packages/security_detection_engine/kibana/security_rule/97aba1ef-6034-4bd3-8c1a-1e0996b27afa_423.json +++ b/packages/security_detection_engine/kibana/security_rule/97aba1ef-6034-4bd3-8c1a-1e0996b27afa_423.json @@ -24,27 +24,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/97db8b42-69d8-4bf3-9fd4-c69a1d895d68_13.json b/packages/security_detection_engine/kibana/security_rule/97db8b42-69d8-4bf3-9fd4-c69a1d895d68_13.json index fc9d3f22787..2b8395d47ea 100644 --- a/packages/security_detection_engine/kibana/security_rule/97db8b42-69d8-4bf3-9fd4-c69a1d895d68_13.json +++ b/packages/security_detection_engine/kibana/security_rule/97db8b42-69d8-4bf3-9fd4-c69a1d895d68_13.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/97fc44d3-8dae-4019-ae83-298c3015600f_120.json b/packages/security_detection_engine/kibana/security_rule/97fc44d3-8dae-4019-ae83-298c3015600f_120.json index d8b7cc17938..dca9ab81d52 100644 --- a/packages/security_detection_engine/kibana/security_rule/97fc44d3-8dae-4019-ae83-298c3015600f_120.json +++ b/packages/security_detection_engine/kibana/security_rule/97fc44d3-8dae-4019-ae83-298c3015600f_120.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/980b70a0-c820-11ed-8799-f661ea17fbcc_10.json b/packages/security_detection_engine/kibana/security_rule/980b70a0-c820-11ed-8799-f661ea17fbcc_10.json index 40e5f6d3074..8ccb42c767e 100644 --- a/packages/security_detection_engine/kibana/security_rule/980b70a0-c820-11ed-8799-f661ea17fbcc_10.json +++ b/packages/security_detection_engine/kibana/security_rule/980b70a0-c820-11ed-8799-f661ea17fbcc_10.json @@ -35,7 +35,7 @@ "related_integrations": [ { "package": "google_workspace", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9822c5a1-1494-42de-b197-487197bb540c_7.json b/packages/security_detection_engine/kibana/security_rule/9822c5a1-1494-42de-b197-487197bb540c_7.json index 36c3f0f84c2..fbf2b7c0581 100644 --- a/packages/security_detection_engine/kibana/security_rule/9822c5a1-1494-42de-b197-487197bb540c_7.json +++ b/packages/security_detection_engine/kibana/security_rule/9822c5a1-1494-42de-b197-487197bb540c_7.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/986361cd-3dac-47fe-afa1-5c5dd89f2fb4_107.json b/packages/security_detection_engine/kibana/security_rule/986361cd-3dac-47fe-afa1-5c5dd89f2fb4_107.json index c78d327eca3..445651d0876 100644 --- a/packages/security_detection_engine/kibana/security_rule/986361cd-3dac-47fe-afa1-5c5dd89f2fb4_107.json +++ b/packages/security_detection_engine/kibana/security_rule/986361cd-3dac-47fe-afa1-5c5dd89f2fb4_107.json @@ -25,15 +25,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/98843d35-645e-4e66-9d6a-5049acd96ce1_107.json b/packages/security_detection_engine/kibana/security_rule/98843d35-645e-4e66-9d6a-5049acd96ce1_107.json index d4aee200158..5abbd5f54a9 100644 --- a/packages/security_detection_engine/kibana/security_rule/98843d35-645e-4e66-9d6a-5049acd96ce1_107.json +++ b/packages/security_detection_engine/kibana/security_rule/98843d35-645e-4e66-9d6a-5049acd96ce1_107.json @@ -21,15 +21,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9890ee61-d061-403d-9bf6-64934c51f638_109.json b/packages/security_detection_engine/kibana/security_rule/9890ee61-d061-403d-9bf6-64934c51f638_109.json index 5860040cd79..b681849ed0e 100644 --- a/packages/security_detection_engine/kibana/security_rule/9890ee61-d061-403d-9bf6-64934c51f638_109.json +++ b/packages/security_detection_engine/kibana/security_rule/9890ee61-d061-403d-9bf6-64934c51f638_109.json @@ -24,7 +24,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/98995807-5b09-4e37-8a54-5cae5dc932d7_213.json b/packages/security_detection_engine/kibana/security_rule/98995807-5b09-4e37-8a54-5cae5dc932d7_213.json index 039a33de0fe..6a6bcb70be0 100644 --- a/packages/security_detection_engine/kibana/security_rule/98995807-5b09-4e37-8a54-5cae5dc932d7_213.json +++ b/packages/security_detection_engine/kibana/security_rule/98995807-5b09-4e37-8a54-5cae5dc932d7_213.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/98ac2919-f8b3-4d2d-b85b-e1c13ac0c68b_103.json b/packages/security_detection_engine/kibana/security_rule/98ac2919-f8b3-4d2d-b85b-e1c13ac0c68b_103.json index 19b14d9693e..71c6962986a 100644 --- a/packages/security_detection_engine/kibana/security_rule/98ac2919-f8b3-4d2d-b85b-e1c13ac0c68b_103.json +++ b/packages/security_detection_engine/kibana/security_rule/98ac2919-f8b3-4d2d-b85b-e1c13ac0c68b_103.json @@ -22,19 +22,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/98cfaa44-83f0-4aba-90c4-363fb9d51a75_2.json b/packages/security_detection_engine/kibana/security_rule/98cfaa44-83f0-4aba-90c4-363fb9d51a75_2.json index c664b30dd78..adb94026f82 100644 --- a/packages/security_detection_engine/kibana/security_rule/98cfaa44-83f0-4aba-90c4-363fb9d51a75_2.json +++ b/packages/security_detection_engine/kibana/security_rule/98cfaa44-83f0-4aba-90c4-363fb9d51a75_2.json @@ -33,7 +33,7 @@ "related_integrations": [ { "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/98ebd6a1-77db-4fe1-b4fd-1bd3c737b780_2.json b/packages/security_detection_engine/kibana/security_rule/98ebd6a1-77db-4fe1-b4fd-1bd3c737b780_2.json index 666245f9348..7285e64c817 100644 --- a/packages/security_detection_engine/kibana/security_rule/98ebd6a1-77db-4fe1-b4fd-1bd3c737b780_2.json +++ b/packages/security_detection_engine/kibana/security_rule/98ebd6a1-77db-4fe1-b4fd-1bd3c737b780_2.json @@ -27,7 +27,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/99239e7d-b0d4-46e3-8609-acafcf99f68c_113.json b/packages/security_detection_engine/kibana/security_rule/99239e7d-b0d4-46e3-8609-acafcf99f68c_113.json index f57753077ab..7394837d520 100644 --- a/packages/security_detection_engine/kibana/security_rule/99239e7d-b0d4-46e3-8609-acafcf99f68c_113.json +++ b/packages/security_detection_engine/kibana/security_rule/99239e7d-b0d4-46e3-8609-acafcf99f68c_113.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/994e40aa-8c85-43de-825e-15f665375ee8_116.json b/packages/security_detection_engine/kibana/security_rule/994e40aa-8c85-43de-825e-15f665375ee8_116.json index 89cd0dddb4a..de7379b4a0e 100644 --- a/packages/security_detection_engine/kibana/security_rule/994e40aa-8c85-43de-825e-15f665375ee8_116.json +++ b/packages/security_detection_engine/kibana/security_rule/994e40aa-8c85-43de-825e-15f665375ee8_116.json @@ -21,11 +21,11 @@ "related_integrations": [ { "package": "problemchild", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9960432d-9b26-409f-972b-839a959e79e2_314.json b/packages/security_detection_engine/kibana/security_rule/9960432d-9b26-409f-972b-839a959e79e2_314.json index af0c5ecb534..313571c46e9 100644 --- a/packages/security_detection_engine/kibana/security_rule/9960432d-9b26-409f-972b-839a959e79e2_314.json +++ b/packages/security_detection_engine/kibana/security_rule/9960432d-9b26-409f-972b-839a959e79e2_314.json @@ -40,7 +40,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/996e2e09-087e-4e99-a3cc-a9225d24ba3d_1.json b/packages/security_detection_engine/kibana/security_rule/996e2e09-087e-4e99-a3cc-a9225d24ba3d_1.json index f073de0c83a..4e8f2542a8d 100644 --- a/packages/security_detection_engine/kibana/security_rule/996e2e09-087e-4e99-a3cc-a9225d24ba3d_1.json +++ b/packages/security_detection_engine/kibana/security_rule/996e2e09-087e-4e99-a3cc-a9225d24ba3d_1.json @@ -17,11 +17,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/999565a2-fc52-4d72-91e4-ba6712c0377e_107.json b/packages/security_detection_engine/kibana/security_rule/999565a2-fc52-4d72-91e4-ba6712c0377e_107.json index f2f2b91aa6f..5fbdb1610bd 100644 --- a/packages/security_detection_engine/kibana/security_rule/999565a2-fc52-4d72-91e4-ba6712c0377e_107.json +++ b/packages/security_detection_engine/kibana/security_rule/999565a2-fc52-4d72-91e4-ba6712c0377e_107.json @@ -24,19 +24,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/99ac5005-8a9e-4625-a0af-5f7bb447204b_3.json b/packages/security_detection_engine/kibana/security_rule/99ac5005-8a9e-4625-a0af-5f7bb447204b_3.json index 637570091a7..3264a503f7d 100644 --- a/packages/security_detection_engine/kibana/security_rule/99ac5005-8a9e-4625-a0af-5f7bb447204b_3.json +++ b/packages/security_detection_engine/kibana/security_rule/99ac5005-8a9e-4625-a0af-5f7bb447204b_3.json @@ -46,19 +46,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/99c2b626-de44-4322-b1f9-157ca408c17e_106.json b/packages/security_detection_engine/kibana/security_rule/99c2b626-de44-4322-b1f9-157ca408c17e_106.json index 0e8316781f1..590db12e6d3 100644 --- a/packages/security_detection_engine/kibana/security_rule/99c2b626-de44-4322-b1f9-157ca408c17e_106.json +++ b/packages/security_detection_engine/kibana/security_rule/99c2b626-de44-4322-b1f9-157ca408c17e_106.json @@ -19,15 +19,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/99c9af5a-67cf-11f0-b69e-f661ea17fbcd_1.json b/packages/security_detection_engine/kibana/security_rule/99c9af5a-67cf-11f0-b69e-f661ea17fbcd_1.json index e3e9de5295c..ffc5c9d8c2c 100644 --- a/packages/security_detection_engine/kibana/security_rule/99c9af5a-67cf-11f0-b69e-f661ea17fbcd_1.json +++ b/packages/security_detection_engine/kibana/security_rule/99c9af5a-67cf-11f0-b69e-f661ea17fbcd_1.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/99dcf974-6587-4f65-9252-d866a3fdfd9c_208.json b/packages/security_detection_engine/kibana/security_rule/99dcf974-6587-4f65-9252-d866a3fdfd9c_208.json index faca37fcec7..385a2f64a37 100644 --- a/packages/security_detection_engine/kibana/security_rule/99dcf974-6587-4f65-9252-d866a3fdfd9c_208.json +++ b/packages/security_detection_engine/kibana/security_rule/99dcf974-6587-4f65-9252-d866a3fdfd9c_208.json @@ -20,15 +20,15 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/9a1a2dae-0b5f-4c3d-8305-a268d404c306_108.json b/packages/security_detection_engine/kibana/security_rule/9a1a2dae-0b5f-4c3d-8305-a268d404c306_108.json index 443d1ab7fbd..75aa04c7cf8 100644 --- a/packages/security_detection_engine/kibana/security_rule/9a1a2dae-0b5f-4c3d-8305-a268d404c306_108.json +++ b/packages/security_detection_engine/kibana/security_rule/9a1a2dae-0b5f-4c3d-8305-a268d404c306_108.json @@ -27,7 +27,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9a1ba0ac-aa6f-4c0d-8c80-b7f6ea2efa36_1.json b/packages/security_detection_engine/kibana/security_rule/9a1ba0ac-aa6f-4c0d-8c80-b7f6ea2efa36_1.json index 08c9d98b8d6..96c5297106c 100644 --- a/packages/security_detection_engine/kibana/security_rule/9a1ba0ac-aa6f-4c0d-8c80-b7f6ea2efa36_1.json +++ b/packages/security_detection_engine/kibana/security_rule/9a1ba0ac-aa6f-4c0d-8c80-b7f6ea2efa36_1.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9a3884d0-282d-45ea-86ce-b9c81100f026_5.json b/packages/security_detection_engine/kibana/security_rule/9a3884d0-282d-45ea-86ce-b9c81100f026_5.json index 6fc6c32f95f..d0e1582edbb 100644 --- a/packages/security_detection_engine/kibana/security_rule/9a3884d0-282d-45ea-86ce-b9c81100f026_5.json +++ b/packages/security_detection_engine/kibana/security_rule/9a3884d0-282d-45ea-86ce-b9c81100f026_5.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9a3a3689-8ed1-4cdb-83fb-9506db54c61f_213.json b/packages/security_detection_engine/kibana/security_rule/9a3a3689-8ed1-4cdb-83fb-9506db54c61f_213.json index 09daa1399b8..5149935b114 100644 --- a/packages/security_detection_engine/kibana/security_rule/9a3a3689-8ed1-4cdb-83fb-9506db54c61f_213.json +++ b/packages/security_detection_engine/kibana/security_rule/9a3a3689-8ed1-4cdb-83fb-9506db54c61f_213.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9a5b4e31-6cde-4295-9ff7-6be1b8567e1b_315.json b/packages/security_detection_engine/kibana/security_rule/9a5b4e31-6cde-4295-9ff7-6be1b8567e1b_315.json index 07a1fba2637..ed0a5cf7d9c 100644 --- a/packages/security_detection_engine/kibana/security_rule/9a5b4e31-6cde-4295-9ff7-6be1b8567e1b_315.json +++ b/packages/security_detection_engine/kibana/security_rule/9a5b4e31-6cde-4295-9ff7-6be1b8567e1b_315.json @@ -21,19 +21,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9a6f5d74-c7e7-4a8b-945e-462c102daee4_104.json b/packages/security_detection_engine/kibana/security_rule/9a6f5d74-c7e7-4a8b-945e-462c102daee4_104.json index 1ee6fdd41e9..d19db60ad3e 100644 --- a/packages/security_detection_engine/kibana/security_rule/9a6f5d74-c7e7-4a8b-945e-462c102daee4_104.json +++ b/packages/security_detection_engine/kibana/security_rule/9a6f5d74-c7e7-4a8b-945e-462c102daee4_104.json @@ -21,11 +21,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9aa0e1f6-52ce-42e1-abb3-09657cee2698_316.json b/packages/security_detection_engine/kibana/security_rule/9aa0e1f6-52ce-42e1-abb3-09657cee2698_316.json index a061888cc11..f75aa5dc108 100644 --- a/packages/security_detection_engine/kibana/security_rule/9aa0e1f6-52ce-42e1-abb3-09657cee2698_316.json +++ b/packages/security_detection_engine/kibana/security_rule/9aa0e1f6-52ce-42e1-abb3-09657cee2698_316.json @@ -25,23 +25,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9aa4be8d-5828-417d-9f54-7cd304571b24_10.json b/packages/security_detection_engine/kibana/security_rule/9aa4be8d-5828-417d-9f54-7cd304571b24_10.json index 7a52385dc6f..e48e02d5f96 100644 --- a/packages/security_detection_engine/kibana/security_rule/9aa4be8d-5828-417d-9f54-7cd304571b24_10.json +++ b/packages/security_detection_engine/kibana/security_rule/9aa4be8d-5828-417d-9f54-7cd304571b24_10.json @@ -43,7 +43,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9aeca498-1e3d-4496-9e12-6ef40047eb23_4.json b/packages/security_detection_engine/kibana/security_rule/9aeca498-1e3d-4496-9e12-6ef40047eb23_4.json index 1c41f5f2112..9b25b4dda7b 100644 --- a/packages/security_detection_engine/kibana/security_rule/9aeca498-1e3d-4496-9e12-6ef40047eb23_4.json +++ b/packages/security_detection_engine/kibana/security_rule/9aeca498-1e3d-4496-9e12-6ef40047eb23_4.json @@ -27,27 +27,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9b343b62-d173-4cfd-bd8b-e6379f964ca4_211.json b/packages/security_detection_engine/kibana/security_rule/9b343b62-d173-4cfd-bd8b-e6379f964ca4_211.json index abaf3078908..687e884da62 100644 --- a/packages/security_detection_engine/kibana/security_rule/9b343b62-d173-4cfd-bd8b-e6379f964ca4_211.json +++ b/packages/security_detection_engine/kibana/security_rule/9b343b62-d173-4cfd-bd8b-e6379f964ca4_211.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "github", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9b35422b-9102-45a9-8610-2e0c22281c55_1.json b/packages/security_detection_engine/kibana/security_rule/9b35422b-9102-45a9-8610-2e0c22281c55_1.json index 67f3d3a126b..9e4b9a9117b 100644 --- a/packages/security_detection_engine/kibana/security_rule/9b35422b-9102-45a9-8610-2e0c22281c55_1.json +++ b/packages/security_detection_engine/kibana/security_rule/9b35422b-9102-45a9-8610-2e0c22281c55_1.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "sentinel_one", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9b6813a1-daf1-457e-b0e6-0bb4e55b8a4c_319.json b/packages/security_detection_engine/kibana/security_rule/9b6813a1-daf1-457e-b0e6-0bb4e55b8a4c_319.json index 0f8841899b1..66f72f82a0a 100644 --- a/packages/security_detection_engine/kibana/security_rule/9b6813a1-daf1-457e-b0e6-0bb4e55b8a4c_319.json +++ b/packages/security_detection_engine/kibana/security_rule/9b6813a1-daf1-457e-b0e6-0bb4e55b8a4c_319.json @@ -27,27 +27,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9b80cb26-9966-44b5-abbf-764fbdbc3586_10.json b/packages/security_detection_engine/kibana/security_rule/9b80cb26-9966-44b5-abbf-764fbdbc3586_10.json index c4682aad7b3..4489e92109f 100644 --- a/packages/security_detection_engine/kibana/security_rule/9b80cb26-9966-44b5-abbf-764fbdbc3586_10.json +++ b/packages/security_detection_engine/kibana/security_rule/9b80cb26-9966-44b5-abbf-764fbdbc3586_10.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9bed06f5-0c32-488a-9353-d565fc9d1573_1.json b/packages/security_detection_engine/kibana/security_rule/9bed06f5-0c32-488a-9353-d565fc9d1573_1.json index 26a899bed98..7ac32b213b0 100644 --- a/packages/security_detection_engine/kibana/security_rule/9bed06f5-0c32-488a-9353-d565fc9d1573_1.json +++ b/packages/security_detection_engine/kibana/security_rule/9bed06f5-0c32-488a-9353-d565fc9d1573_1.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9c0f61fa-abf4-4b11-8d9d-5978c09182dd_3.json b/packages/security_detection_engine/kibana/security_rule/9c0f61fa-abf4-4b11-8d9d-5978c09182dd_3.json index 95206359a62..bcda0ee1c70 100644 --- a/packages/security_detection_engine/kibana/security_rule/9c0f61fa-abf4-4b11-8d9d-5978c09182dd_3.json +++ b/packages/security_detection_engine/kibana/security_rule/9c0f61fa-abf4-4b11-8d9d-5978c09182dd_3.json @@ -33,7 +33,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9c260313-c811-4ec8-ab89-8f6530e0246c_214.json b/packages/security_detection_engine/kibana/security_rule/9c260313-c811-4ec8-ab89-8f6530e0246c_214.json index ac94c994bff..baec19366ea 100644 --- a/packages/security_detection_engine/kibana/security_rule/9c260313-c811-4ec8-ab89-8f6530e0246c_214.json +++ b/packages/security_detection_engine/kibana/security_rule/9c260313-c811-4ec8-ab89-8f6530e0246c_214.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9c5b2382-19d2-4b5d-8f14-9e1631a3acdb_6.json b/packages/security_detection_engine/kibana/security_rule/9c5b2382-19d2-4b5d-8f14-9e1631a3acdb_6.json index 19530076c3a..6316ef84d71 100644 --- a/packages/security_detection_engine/kibana/security_rule/9c5b2382-19d2-4b5d-8f14-9e1631a3acdb_6.json +++ b/packages/security_detection_engine/kibana/security_rule/9c5b2382-19d2-4b5d-8f14-9e1631a3acdb_6.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9c865691-5599-447a-bac9-b3f2df5f9a9d_115.json b/packages/security_detection_engine/kibana/security_rule/9c865691-5599-447a-bac9-b3f2df5f9a9d_115.json index 721c943e338..be8bbbb10f0 100644 --- a/packages/security_detection_engine/kibana/security_rule/9c865691-5599-447a-bac9-b3f2df5f9a9d_115.json +++ b/packages/security_detection_engine/kibana/security_rule/9c865691-5599-447a-bac9-b3f2df5f9a9d_115.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9c951837-7d13-4b0c-be7a-f346623c8795_7.json b/packages/security_detection_engine/kibana/security_rule/9c951837-7d13-4b0c-be7a-f346623c8795_7.json index 2f172e086cf..8bb99d5ffc7 100644 --- a/packages/security_detection_engine/kibana/security_rule/9c951837-7d13-4b0c-be7a-f346623c8795_7.json +++ b/packages/security_detection_engine/kibana/security_rule/9c951837-7d13-4b0c-be7a-f346623c8795_7.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9ccf3ce0-0057-440a-91f5-870c6ad39093_315.json b/packages/security_detection_engine/kibana/security_rule/9ccf3ce0-0057-440a-91f5-870c6ad39093_315.json index 6928d556b7c..6abfe9e6e87 100644 --- a/packages/security_detection_engine/kibana/security_rule/9ccf3ce0-0057-440a-91f5-870c6ad39093_315.json +++ b/packages/security_detection_engine/kibana/security_rule/9ccf3ce0-0057-440a-91f5-870c6ad39093_315.json @@ -24,19 +24,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae2_318.json b/packages/security_detection_engine/kibana/security_rule/9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae2_318.json index bd10a576c2a..f9b93834341 100644 --- a/packages/security_detection_engine/kibana/security_rule/9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae2_318.json +++ b/packages/security_detection_engine/kibana/security_rule/9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae2_318.json @@ -25,11 +25,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae3_319.json b/packages/security_detection_engine/kibana/security_rule/9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae3_319.json index 7c13b82ed0c..9033a9a0435 100644 --- a/packages/security_detection_engine/kibana/security_rule/9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae3_319.json +++ b/packages/security_detection_engine/kibana/security_rule/9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae3_319.json @@ -27,27 +27,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae4_220.json b/packages/security_detection_engine/kibana/security_rule/9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae4_220.json index c95994d18cf..b40747a009a 100644 --- a/packages/security_detection_engine/kibana/security_rule/9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae4_220.json +++ b/packages/security_detection_engine/kibana/security_rule/9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae4_220.json @@ -24,19 +24,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae5_214.json b/packages/security_detection_engine/kibana/security_rule/9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae5_214.json index 0f317ea4019..190e6a923f5 100644 --- a/packages/security_detection_engine/kibana/security_rule/9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae5_214.json +++ b/packages/security_detection_engine/kibana/security_rule/9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae5_214.json @@ -44,11 +44,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae6_321.json b/packages/security_detection_engine/kibana/security_rule/9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae6_321.json index 366ddb7b283..3a5d632702c 100644 --- a/packages/security_detection_engine/kibana/security_rule/9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae6_321.json +++ b/packages/security_detection_engine/kibana/security_rule/9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae6_321.json @@ -30,15 +30,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae9_212.json b/packages/security_detection_engine/kibana/security_rule/9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae9_212.json index ef718ccaecf..7532a45306b 100644 --- a/packages/security_detection_engine/kibana/security_rule/9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae9_212.json +++ b/packages/security_detection_engine/kibana/security_rule/9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae9_212.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9d302377-d226-4e12-b54c-1906b5aec4f6_207.json b/packages/security_detection_engine/kibana/security_rule/9d302377-d226-4e12-b54c-1906b5aec4f6_207.json index e7082edf2c2..c2eb356ce36 100644 --- a/packages/security_detection_engine/kibana/security_rule/9d302377-d226-4e12-b54c-1906b5aec4f6_207.json +++ b/packages/security_detection_engine/kibana/security_rule/9d302377-d226-4e12-b54c-1906b5aec4f6_207.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/9d312839-339a-4e10-af2e-a49b15b15d13_3.json b/packages/security_detection_engine/kibana/security_rule/9d312839-339a-4e10-af2e-a49b15b15d13_3.json index 8cedd392e08..24847ce3b73 100644 --- a/packages/security_detection_engine/kibana/security_rule/9d312839-339a-4e10-af2e-a49b15b15d13_3.json +++ b/packages/security_detection_engine/kibana/security_rule/9d312839-339a-4e10-af2e-a49b15b15d13_3.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" }, { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9d94d61b-9476-41ff-a8d3-3d24b4bb8158_2.json b/packages/security_detection_engine/kibana/security_rule/9d94d61b-9476-41ff-a8d3-3d24b4bb8158_2.json index 1e74e969c96..36c1d403b03 100644 --- a/packages/security_detection_engine/kibana/security_rule/9d94d61b-9476-41ff-a8d3-3d24b4bb8158_2.json +++ b/packages/security_detection_engine/kibana/security_rule/9d94d61b-9476-41ff-a8d3-3d24b4bb8158_2.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9e11faee-fddb-11ef-8257-f661ea17fbcd_8.json b/packages/security_detection_engine/kibana/security_rule/9e11faee-fddb-11ef-8257-f661ea17fbcd_8.json index d7335e20148..ba4ff3b55bd 100644 --- a/packages/security_detection_engine/kibana/security_rule/9e11faee-fddb-11ef-8257-f661ea17fbcd_8.json +++ b/packages/security_detection_engine/kibana/security_rule/9e11faee-fddb-11ef-8257-f661ea17fbcd_8.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9e5dbd3b-5e19-4648-a1cf-c2649c91b015_1.json b/packages/security_detection_engine/kibana/security_rule/9e5dbd3b-5e19-4648-a1cf-c2649c91b015_1.json index ce595c4b4e6..76d4e21851f 100644 --- a/packages/security_detection_engine/kibana/security_rule/9e5dbd3b-5e19-4648-a1cf-c2649c91b015_1.json +++ b/packages/security_detection_engine/kibana/security_rule/9e5dbd3b-5e19-4648-a1cf-c2649c91b015_1.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9e81b1fd-e9fb-49a7-8ebe-0d1a14090142_3.json b/packages/security_detection_engine/kibana/security_rule/9e81b1fd-e9fb-49a7-8ebe-0d1a14090142_3.json index 336d067deba..c412d289212 100644 --- a/packages/security_detection_engine/kibana/security_rule/9e81b1fd-e9fb-49a7-8ebe-0d1a14090142_3.json +++ b/packages/security_detection_engine/kibana/security_rule/9e81b1fd-e9fb-49a7-8ebe-0d1a14090142_3.json @@ -13,7 +13,7 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9e8c185c-8237-4b13-a4da-4a8d4e9bb6ef_1.json b/packages/security_detection_engine/kibana/security_rule/9e8c185c-8237-4b13-a4da-4a8d4e9bb6ef_1.json index a1921a6c6b1..dab2c6880ac 100644 --- a/packages/security_detection_engine/kibana/security_rule/9e8c185c-8237-4b13-a4da-4a8d4e9bb6ef_1.json +++ b/packages/security_detection_engine/kibana/security_rule/9e8c185c-8237-4b13-a4da-4a8d4e9bb6ef_1.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9eaa3fb1-3f70-48ed-bb0e-d7ae4d3c8f28_3.json b/packages/security_detection_engine/kibana/security_rule/9eaa3fb1-3f70-48ed-bb0e-d7ae4d3c8f28_3.json index 06bf86ab69a..9af2c834baf 100644 --- a/packages/security_detection_engine/kibana/security_rule/9eaa3fb1-3f70-48ed-bb0e-d7ae4d3c8f28_3.json +++ b/packages/security_detection_engine/kibana/security_rule/9eaa3fb1-3f70-48ed-bb0e-d7ae4d3c8f28_3.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9ebd48ac-a0e2-430a-a219-fe072a50146b_3.json b/packages/security_detection_engine/kibana/security_rule/9ebd48ac-a0e2-430a-a219-fe072a50146b_3.json index 9acb0ec4737..4bd177d47e9 100644 --- a/packages/security_detection_engine/kibana/security_rule/9ebd48ac-a0e2-430a-a219-fe072a50146b_3.json +++ b/packages/security_detection_engine/kibana/security_rule/9ebd48ac-a0e2-430a-a219-fe072a50146b_3.json @@ -42,7 +42,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9ed5d08f-aad6-4c03-838c-d686da887c2c_3.json b/packages/security_detection_engine/kibana/security_rule/9ed5d08f-aad6-4c03-838c-d686da887c2c_3.json index c2136e16c71..0b5e85e033c 100644 --- a/packages/security_detection_engine/kibana/security_rule/9ed5d08f-aad6-4c03-838c-d686da887c2c_3.json +++ b/packages/security_detection_engine/kibana/security_rule/9ed5d08f-aad6-4c03-838c-d686da887c2c_3.json @@ -26,7 +26,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9edd000e-cbd1-4d6a-be72-2197b5625a05_4.json b/packages/security_detection_engine/kibana/security_rule/9edd000e-cbd1-4d6a-be72-2197b5625a05_4.json index 0969158899f..89034d84605 100644 --- a/packages/security_detection_engine/kibana/security_rule/9edd000e-cbd1-4d6a-be72-2197b5625a05_4.json +++ b/packages/security_detection_engine/kibana/security_rule/9edd000e-cbd1-4d6a-be72-2197b5625a05_4.json @@ -23,11 +23,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "suricata", - "version": "^2.24.0" + "version": ">=2.24.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9edd1804-83c7-4e48-b97d-c776b4c97564_10.json b/packages/security_detection_engine/kibana/security_rule/9edd1804-83c7-4e48-b97d-c776b4c97564_10.json index 5f9abe7405b..3c190edae18 100644 --- a/packages/security_detection_engine/kibana/security_rule/9edd1804-83c7-4e48-b97d-c776b4c97564_10.json +++ b/packages/security_detection_engine/kibana/security_rule/9edd1804-83c7-4e48-b97d-c776b4c97564_10.json @@ -32,7 +32,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9efb3f79-b77b-466a-9fa0-3645d22d1e7f_9.json b/packages/security_detection_engine/kibana/security_rule/9efb3f79-b77b-466a-9fa0-3645d22d1e7f_9.json index bda5a53392c..5768b6b0faf 100644 --- a/packages/security_detection_engine/kibana/security_rule/9efb3f79-b77b-466a-9fa0-3645d22d1e7f_9.json +++ b/packages/security_detection_engine/kibana/security_rule/9efb3f79-b77b-466a-9fa0-3645d22d1e7f_9.json @@ -44,7 +44,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9f1c4ca3-44b5-481d-ba42-32dc215a2769_216.json b/packages/security_detection_engine/kibana/security_rule/9f1c4ca3-44b5-481d-ba42-32dc215a2769_216.json index ce0fcdfdd3a..1afb75e5b12 100644 --- a/packages/security_detection_engine/kibana/security_rule/9f1c4ca3-44b5-481d-ba42-32dc215a2769_216.json +++ b/packages/security_detection_engine/kibana/security_rule/9f1c4ca3-44b5-481d-ba42-32dc215a2769_216.json @@ -25,19 +25,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9f420cca-cb27-44db-a13d-c43c7b48e04a_1.json b/packages/security_detection_engine/kibana/security_rule/9f420cca-cb27-44db-a13d-c43c7b48e04a_1.json index c5d298202eb..f5b4ee0a990 100644 --- a/packages/security_detection_engine/kibana/security_rule/9f420cca-cb27-44db-a13d-c43c7b48e04a_1.json +++ b/packages/security_detection_engine/kibana/security_rule/9f420cca-cb27-44db-a13d-c43c7b48e04a_1.json @@ -25,11 +25,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9f432a8b-9588-4550-838e-1f77285580d3_12.json b/packages/security_detection_engine/kibana/security_rule/9f432a8b-9588-4550-838e-1f77285580d3_12.json index 35bd1869a49..a5a91aaf61e 100644 --- a/packages/security_detection_engine/kibana/security_rule/9f432a8b-9588-4550-838e-1f77285580d3_12.json +++ b/packages/security_detection_engine/kibana/security_rule/9f432a8b-9588-4550-838e-1f77285580d3_12.json @@ -32,7 +32,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9f8e3c5e-f72e-4e91-93f6-e98a4fae3e4f_2.json b/packages/security_detection_engine/kibana/security_rule/9f8e3c5e-f72e-4e91-93f6-e98a4fae3e4f_2.json index b24c256feaa..44d84fcaa46 100644 --- a/packages/security_detection_engine/kibana/security_rule/9f8e3c5e-f72e-4e91-93f6-e98a4fae3e4f_2.json +++ b/packages/security_detection_engine/kibana/security_rule/9f8e3c5e-f72e-4e91-93f6-e98a4fae3e4f_2.json @@ -46,7 +46,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9f962927-1a4f-45f3-a57b-287f2c7029c1_221.json b/packages/security_detection_engine/kibana/security_rule/9f962927-1a4f-45f3-a57b-287f2c7029c1_221.json index 120f96ba071..b38258d6ce4 100644 --- a/packages/security_detection_engine/kibana/security_rule/9f962927-1a4f-45f3-a57b-287f2c7029c1_221.json +++ b/packages/security_detection_engine/kibana/security_rule/9f962927-1a4f-45f3-a57b-287f2c7029c1_221.json @@ -35,11 +35,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/9f9a2a82-93a8-4b1a-8778-1780895626d4_216.json b/packages/security_detection_engine/kibana/security_rule/9f9a2a82-93a8-4b1a-8778-1780895626d4_216.json index dd7c39a2de0..3751b6efea3 100644 --- a/packages/security_detection_engine/kibana/security_rule/9f9a2a82-93a8-4b1a-8778-1780895626d4_216.json +++ b/packages/security_detection_engine/kibana/security_rule/9f9a2a82-93a8-4b1a-8778-1780895626d4_216.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a00681e3-9ed6-447c-ab2c-be648821c622_319.json b/packages/security_detection_engine/kibana/security_rule/a00681e3-9ed6-447c-ab2c-be648821c622_319.json index cc2738bc34e..12d5867f19f 100644 --- a/packages/security_detection_engine/kibana/security_rule/a00681e3-9ed6-447c-ab2c-be648821c622_319.json +++ b/packages/security_detection_engine/kibana/security_rule/a00681e3-9ed6-447c-ab2c-be648821c622_319.json @@ -49,7 +49,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a02cb68e-7c93-48d1-93b2-2c39023308eb_118.json b/packages/security_detection_engine/kibana/security_rule/a02cb68e-7c93-48d1-93b2-2c39023308eb_118.json index a1fcbc09b10..e079c5046a1 100644 --- a/packages/security_detection_engine/kibana/security_rule/a02cb68e-7c93-48d1-93b2-2c39023308eb_118.json +++ b/packages/security_detection_engine/kibana/security_rule/a02cb68e-7c93-48d1-93b2-2c39023308eb_118.json @@ -28,11 +28,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a0ddb77b-0318-41f0-91e4-8c1b5528834f_9.json b/packages/security_detection_engine/kibana/security_rule/a0ddb77b-0318-41f0-91e4-8c1b5528834f_9.json index bf7da135fd1..0bd46399c39 100644 --- a/packages/security_detection_engine/kibana/security_rule/a0ddb77b-0318-41f0-91e4-8c1b5528834f_9.json +++ b/packages/security_detection_engine/kibana/security_rule/a0ddb77b-0318-41f0-91e4-8c1b5528834f_9.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a0fbd7a9-1923-4e05-92df-b484168f17bc_2.json b/packages/security_detection_engine/kibana/security_rule/a0fbd7a9-1923-4e05-92df-b484168f17bc_2.json index 78bf0eb3edc..ce8cc49c122 100644 --- a/packages/security_detection_engine/kibana/security_rule/a0fbd7a9-1923-4e05-92df-b484168f17bc_2.json +++ b/packages/security_detection_engine/kibana/security_rule/a0fbd7a9-1923-4e05-92df-b484168f17bc_2.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a10d3d9d-0f65-48f1-8b25-af175e2594f5_110.json b/packages/security_detection_engine/kibana/security_rule/a10d3d9d-0f65-48f1-8b25-af175e2594f5_110.json index 8a4fd3c9429..171d2e75bfe 100644 --- a/packages/security_detection_engine/kibana/security_rule/a10d3d9d-0f65-48f1-8b25-af175e2594f5_110.json +++ b/packages/security_detection_engine/kibana/security_rule/a10d3d9d-0f65-48f1-8b25-af175e2594f5_110.json @@ -23,7 +23,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a13167f1-eec2-4015-9631-1fee60406dcf_212.json b/packages/security_detection_engine/kibana/security_rule/a13167f1-eec2-4015-9631-1fee60406dcf_212.json index e8089f4b88a..05f0882358d 100644 --- a/packages/security_detection_engine/kibana/security_rule/a13167f1-eec2-4015-9631-1fee60406dcf_212.json +++ b/packages/security_detection_engine/kibana/security_rule/a13167f1-eec2-4015-9631-1fee60406dcf_212.json @@ -20,15 +20,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a1329140-8de3-4445-9f87-908fb6d824f4_216.json b/packages/security_detection_engine/kibana/security_rule/a1329140-8de3-4445-9f87-908fb6d824f4_216.json index 315078a022e..438df166068 100644 --- a/packages/security_detection_engine/kibana/security_rule/a1329140-8de3-4445-9f87-908fb6d824f4_216.json +++ b/packages/security_detection_engine/kibana/security_rule/a1329140-8de3-4445-9f87-908fb6d824f4_216.json @@ -21,19 +21,19 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a16612dd-b30e-4d41-86a0-ebe70974ec00_213.json b/packages/security_detection_engine/kibana/security_rule/a16612dd-b30e-4d41-86a0-ebe70974ec00_213.json index e4b1866ac43..7289a12f7d6 100644 --- a/packages/security_detection_engine/kibana/security_rule/a16612dd-b30e-4d41-86a0-ebe70974ec00_213.json +++ b/packages/security_detection_engine/kibana/security_rule/a16612dd-b30e-4d41-86a0-ebe70974ec00_213.json @@ -41,11 +41,11 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a1699af0-8e1e-4ed0-8ec1-89783538a061_215.json b/packages/security_detection_engine/kibana/security_rule/a1699af0-8e1e-4ed0-8ec1-89783538a061_215.json index fc51af2cb7b..93b4cfbf96e 100644 --- a/packages/security_detection_engine/kibana/security_rule/a1699af0-8e1e-4ed0-8ec1-89783538a061_215.json +++ b/packages/security_detection_engine/kibana/security_rule/a1699af0-8e1e-4ed0-8ec1-89783538a061_215.json @@ -25,23 +25,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a17bcc91-297b-459b-b5ce-bc7460d8f82a_109.json b/packages/security_detection_engine/kibana/security_rule/a17bcc91-297b-459b-b5ce-bc7460d8f82a_109.json index 1fe4b3fbc35..acf14a1d1bf 100644 --- a/packages/security_detection_engine/kibana/security_rule/a17bcc91-297b-459b-b5ce-bc7460d8f82a_109.json +++ b/packages/security_detection_engine/kibana/security_rule/a17bcc91-297b-459b-b5ce-bc7460d8f82a_109.json @@ -24,7 +24,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a17f2e5f-de52-49e8-9d86-ccfe91cd54d4_1.json b/packages/security_detection_engine/kibana/security_rule/a17f2e5f-de52-49e8-9d86-ccfe91cd54d4_1.json index 7de4cb7f02c..14b1f33717e 100644 --- a/packages/security_detection_engine/kibana/security_rule/a17f2e5f-de52-49e8-9d86-ccfe91cd54d4_1.json +++ b/packages/security_detection_engine/kibana/security_rule/a17f2e5f-de52-49e8-9d86-ccfe91cd54d4_1.json @@ -45,7 +45,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a1a0375f-22c2-48c0-81a4-7c2d11cc6856_112.json b/packages/security_detection_engine/kibana/security_rule/a1a0375f-22c2-48c0-81a4-7c2d11cc6856_112.json index 68a975e1cfa..09c37d30899 100644 --- a/packages/security_detection_engine/kibana/security_rule/a1a0375f-22c2-48c0-81a4-7c2d11cc6856_112.json +++ b/packages/security_detection_engine/kibana/security_rule/a1a0375f-22c2-48c0-81a4-7c2d11cc6856_112.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a1b2c3d4-5e6f-7a8b-9c0d-1e2f3a4b5c6d_2.json b/packages/security_detection_engine/kibana/security_rule/a1b2c3d4-5e6f-7a8b-9c0d-1e2f3a4b5c6d_2.json index f0c64403e38..1cfc4797d59 100644 --- a/packages/security_detection_engine/kibana/security_rule/a1b2c3d4-5e6f-7a8b-9c0d-1e2f3a4b5c6d_2.json +++ b/packages/security_detection_engine/kibana/security_rule/a1b2c3d4-5e6f-7a8b-9c0d-1e2f3a4b5c6d_2.json @@ -27,7 +27,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a1b2c3d4-e5f6-4789-a0b1-c2d3e4f5a6b7_1.json b/packages/security_detection_engine/kibana/security_rule/a1b2c3d4-e5f6-4789-a0b1-c2d3e4f5a6b7_1.json index 3927bf295d8..c4243560239 100644 --- a/packages/security_detection_engine/kibana/security_rule/a1b2c3d4-e5f6-4789-a0b1-c2d3e4f5a6b7_1.json +++ b/packages/security_detection_engine/kibana/security_rule/a1b2c3d4-e5f6-4789-a0b1-c2d3e4f5a6b7_1.json @@ -37,7 +37,7 @@ "related_integrations": [ { "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a1b2c3d4-e5f6-4a5b-8c9d-0e1f2a3b4c5d_3.json b/packages/security_detection_engine/kibana/security_rule/a1b2c3d4-e5f6-4a5b-8c9d-0e1f2a3b4c5d_3.json index 2c074e675be..6d313ea4f2f 100644 --- a/packages/security_detection_engine/kibana/security_rule/a1b2c3d4-e5f6-4a5b-8c9d-0e1f2a3b4c5d_3.json +++ b/packages/security_detection_engine/kibana/security_rule/a1b2c3d4-e5f6-4a5b-8c9d-0e1f2a3b4c5d_3.json @@ -17,11 +17,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a1b2c3d4-e5f6-7890-a1b2-c3d4e5f67890_3.json b/packages/security_detection_engine/kibana/security_rule/a1b2c3d4-e5f6-7890-a1b2-c3d4e5f67890_3.json index 104c2941f1a..faa3f6acc94 100644 --- a/packages/security_detection_engine/kibana/security_rule/a1b2c3d4-e5f6-7890-a1b2-c3d4e5f67890_3.json +++ b/packages/security_detection_engine/kibana/security_rule/a1b2c3d4-e5f6-7890-a1b2-c3d4e5f67890_3.json @@ -44,7 +44,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a1b2c3d4-e5f6-7890-abcd-ef1234567890_1.json b/packages/security_detection_engine/kibana/security_rule/a1b2c3d4-e5f6-7890-abcd-ef1234567890_1.json index 3f335dbe5f2..e48795340be 100644 --- a/packages/security_detection_engine/kibana/security_rule/a1b2c3d4-e5f6-7890-abcd-ef1234567890_1.json +++ b/packages/security_detection_engine/kibana/security_rule/a1b2c3d4-e5f6-7890-abcd-ef1234567890_1.json @@ -23,11 +23,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a1b7ffa4-bf80-4bf1-86ad-c3f4dc718b35_5.json b/packages/security_detection_engine/kibana/security_rule/a1b7ffa4-bf80-4bf1-86ad-c3f4dc718b35_5.json index f471c0261f1..12f9c0dc1b5 100644 --- a/packages/security_detection_engine/kibana/security_rule/a1b7ffa4-bf80-4bf1-86ad-c3f4dc718b35_5.json +++ b/packages/security_detection_engine/kibana/security_rule/a1b7ffa4-bf80-4bf1-86ad-c3f4dc718b35_5.json @@ -14,23 +14,23 @@ "related_integrations": [ { "package": "nginx", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "apache", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "apache_tomcat", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "iis", - "version": "^1.21.0" + "version": ">=1.21.0" }, { "package": "traefik", - "version": "^2.5.0" + "version": ">=2.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a1c2589e-0c8c-4ca8-9eb6-f83c4bbdbe8f_11.json b/packages/security_detection_engine/kibana/security_rule/a1c2589e-0c8c-4ca8-9eb6-f83c4bbdbe8f_11.json index d0e8341ba91..ba267948240 100644 --- a/packages/security_detection_engine/kibana/security_rule/a1c2589e-0c8c-4ca8-9eb6-f83c4bbdbe8f_11.json +++ b/packages/security_detection_engine/kibana/security_rule/a1c2589e-0c8c-4ca8-9eb6-f83c4bbdbe8f_11.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a22a09c2-2162-4df0-a356-9aacbeb56a04_317.json b/packages/security_detection_engine/kibana/security_rule/a22a09c2-2162-4df0-a356-9aacbeb56a04_317.json index 211e57948f6..f8a25200cd9 100644 --- a/packages/security_detection_engine/kibana/security_rule/a22a09c2-2162-4df0-a356-9aacbeb56a04_317.json +++ b/packages/security_detection_engine/kibana/security_rule/a22a09c2-2162-4df0-a356-9aacbeb56a04_317.json @@ -26,23 +26,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a22b8486-5c4b-4e05-ad16-28de550b1ccc_6.json b/packages/security_detection_engine/kibana/security_rule/a22b8486-5c4b-4e05-ad16-28de550b1ccc_6.json index abda2959f46..51e9797e6e9 100644 --- a/packages/security_detection_engine/kibana/security_rule/a22b8486-5c4b-4e05-ad16-28de550b1ccc_6.json +++ b/packages/security_detection_engine/kibana/security_rule/a22b8486-5c4b-4e05-ad16-28de550b1ccc_6.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a22f566b-5b23-4412-880d-c6c957acd321_8.json b/packages/security_detection_engine/kibana/security_rule/a22f566b-5b23-4412-880d-c6c957acd321_8.json index 3073cd1920d..ee57774ee80 100644 --- a/packages/security_detection_engine/kibana/security_rule/a22f566b-5b23-4412-880d-c6c957acd321_8.json +++ b/packages/security_detection_engine/kibana/security_rule/a22f566b-5b23-4412-880d-c6c957acd321_8.json @@ -50,7 +50,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a2795334-2499-11ed-9e1a-f661ea17fbce_113.json b/packages/security_detection_engine/kibana/security_rule/a2795334-2499-11ed-9e1a-f661ea17fbce_113.json index 5441125d373..e6fde7876a0 100644 --- a/packages/security_detection_engine/kibana/security_rule/a2795334-2499-11ed-9e1a-f661ea17fbce_113.json +++ b/packages/security_detection_engine/kibana/security_rule/a2795334-2499-11ed-9e1a-f661ea17fbce_113.json @@ -37,7 +37,7 @@ "related_integrations": [ { "package": "google_workspace", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a2951930-dd35-438c-b10e-1bbdc5881cb4_2.json b/packages/security_detection_engine/kibana/security_rule/a2951930-dd35-438c-b10e-1bbdc5881cb4_2.json index b2d607ce07a..883858d08e2 100644 --- a/packages/security_detection_engine/kibana/security_rule/a2951930-dd35-438c-b10e-1bbdc5881cb4_2.json +++ b/packages/security_detection_engine/kibana/security_rule/a2951930-dd35-438c-b10e-1bbdc5881cb4_2.json @@ -18,7 +18,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a2d04374-187c-4fd9-b513-3ad4e7fdd67a_113.json b/packages/security_detection_engine/kibana/security_rule/a2d04374-187c-4fd9-b513-3ad4e7fdd67a_113.json index bd8d02c61af..267ba8ecdf5 100644 --- a/packages/security_detection_engine/kibana/security_rule/a2d04374-187c-4fd9-b513-3ad4e7fdd67a_113.json +++ b/packages/security_detection_engine/kibana/security_rule/a2d04374-187c-4fd9-b513-3ad4e7fdd67a_113.json @@ -40,7 +40,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a2e5e290-f534-4b71-bc3f-2dd1932b4cd6_1.json b/packages/security_detection_engine/kibana/security_rule/a2e5e290-f534-4b71-bc3f-2dd1932b4cd6_1.json index a8cce11b4e5..80450ea095c 100644 --- a/packages/security_detection_engine/kibana/security_rule/a2e5e290-f534-4b71-bc3f-2dd1932b4cd6_1.json +++ b/packages/security_detection_engine/kibana/security_rule/a2e5e290-f534-4b71-bc3f-2dd1932b4cd6_1.json @@ -21,19 +21,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a300dea6-e228-40e1-9123-a339e207378b_104.json b/packages/security_detection_engine/kibana/security_rule/a300dea6-e228-40e1-9123-a339e207378b_104.json index 76d8308e3d6..6db0066cecc 100644 --- a/packages/security_detection_engine/kibana/security_rule/a300dea6-e228-40e1-9123-a339e207378b_104.json +++ b/packages/security_detection_engine/kibana/security_rule/a300dea6-e228-40e1-9123-a339e207378b_104.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "pad", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/a337c3f8-e264-4eb4-9998-22669ca52791_2.json b/packages/security_detection_engine/kibana/security_rule/a337c3f8-e264-4eb4-9998-22669ca52791_2.json index 2535151c32f..e84d44f4dab 100644 --- a/packages/security_detection_engine/kibana/security_rule/a337c3f8-e264-4eb4-9998-22669ca52791_2.json +++ b/packages/security_detection_engine/kibana/security_rule/a337c3f8-e264-4eb4-9998-22669ca52791_2.json @@ -15,7 +15,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a3cc60d8-2701-11f0-accf-f661ea17fbcd_6.json b/packages/security_detection_engine/kibana/security_rule/a3cc60d8-2701-11f0-accf-f661ea17fbcd_6.json index 408cd44d70a..b32996318b0 100644 --- a/packages/security_detection_engine/kibana/security_rule/a3cc60d8-2701-11f0-accf-f661ea17fbcd_6.json +++ b/packages/security_detection_engine/kibana/security_rule/a3cc60d8-2701-11f0-accf-f661ea17fbcd_6.json @@ -32,7 +32,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a3ea12f3-0d4e-4667-8b44-4230c63f3c75_315.json b/packages/security_detection_engine/kibana/security_rule/a3ea12f3-0d4e-4667-8b44-4230c63f3c75_315.json index 60b4c229b31..cf25ad5d97a 100644 --- a/packages/security_detection_engine/kibana/security_rule/a3ea12f3-0d4e-4667-8b44-4230c63f3c75_315.json +++ b/packages/security_detection_engine/kibana/security_rule/a3ea12f3-0d4e-4667-8b44-4230c63f3c75_315.json @@ -25,23 +25,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a44bcb58-5109-4870-a7c6-11f5fe7dd4b1_4.json b/packages/security_detection_engine/kibana/security_rule/a44bcb58-5109-4870-a7c6-11f5fe7dd4b1_4.json index a8f0c441bcc..ef7f9e21e5f 100644 --- a/packages/security_detection_engine/kibana/security_rule/a44bcb58-5109-4870-a7c6-11f5fe7dd4b1_4.json +++ b/packages/security_detection_engine/kibana/security_rule/a44bcb58-5109-4870-a7c6-11f5fe7dd4b1_4.json @@ -42,7 +42,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a4b740e4-be17-4048-9aa4-1e6f42b455b1_101.json b/packages/security_detection_engine/kibana/security_rule/a4b740e4-be17-4048-9aa4-1e6f42b455b1_101.json index a72d086fe39..8bc6d6af020 100644 --- a/packages/security_detection_engine/kibana/security_rule/a4b740e4-be17-4048-9aa4-1e6f42b455b1_101.json +++ b/packages/security_detection_engine/kibana/security_rule/a4b740e4-be17-4048-9aa4-1e6f42b455b1_101.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/a4c7473a-5cb4-4bc1-9d06-e4a75adbc494_114.json b/packages/security_detection_engine/kibana/security_rule/a4c7473a-5cb4-4bc1-9d06-e4a75adbc494_114.json index 605f3c1330c..05b99281487 100644 --- a/packages/security_detection_engine/kibana/security_rule/a4c7473a-5cb4-4bc1-9d06-e4a75adbc494_114.json +++ b/packages/security_detection_engine/kibana/security_rule/a4c7473a-5cb4-4bc1-9d06-e4a75adbc494_114.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a4c8e901-2b7f-4d6e-9a3c-8e1f0d5b6c2a_1.json b/packages/security_detection_engine/kibana/security_rule/a4c8e901-2b7f-4d6e-9a3c-8e1f0d5b6c2a_1.json index ffb37ef5af6..62a800d45a1 100644 --- a/packages/security_detection_engine/kibana/security_rule/a4c8e901-2b7f-4d6e-9a3c-8e1f0d5b6c2a_1.json +++ b/packages/security_detection_engine/kibana/security_rule/a4c8e901-2b7f-4d6e-9a3c-8e1f0d5b6c2a_1.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a4f7a295-aba1-4382-9c00-f7b02097acbc_3.json b/packages/security_detection_engine/kibana/security_rule/a4f7a295-aba1-4382-9c00-f7b02097acbc_3.json index b96c17db9ff..ffce09de76e 100644 --- a/packages/security_detection_engine/kibana/security_rule/a4f7a295-aba1-4382-9c00-f7b02097acbc_3.json +++ b/packages/security_detection_engine/kibana/security_rule/a4f7a295-aba1-4382-9c00-f7b02097acbc_3.json @@ -39,7 +39,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a52a9439-d52c-401c-be37-2785235c6547_105.json b/packages/security_detection_engine/kibana/security_rule/a52a9439-d52c-401c-be37-2785235c6547_105.json index aac6cb048c0..800881abfda 100644 --- a/packages/security_detection_engine/kibana/security_rule/a52a9439-d52c-401c-be37-2785235c6547_105.json +++ b/packages/security_detection_engine/kibana/security_rule/a52a9439-d52c-401c-be37-2785235c6547_105.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a5eb21b7-13cc-4b94-9fe2-29bb2914e037_12.json b/packages/security_detection_engine/kibana/security_rule/a5eb21b7-13cc-4b94-9fe2-29bb2914e037_12.json index 4fcebb6f199..26e530897f1 100644 --- a/packages/security_detection_engine/kibana/security_rule/a5eb21b7-13cc-4b94-9fe2-29bb2914e037_12.json +++ b/packages/security_detection_engine/kibana/security_rule/a5eb21b7-13cc-4b94-9fe2-29bb2914e037_12.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a60326d7-dca7-4fb7-93eb-1ca03a1febbd_317.json b/packages/security_detection_engine/kibana/security_rule/a60326d7-dca7-4fb7-93eb-1ca03a1febbd_317.json index 4c931018f35..a95b8a260e6 100644 --- a/packages/security_detection_engine/kibana/security_rule/a60326d7-dca7-4fb7-93eb-1ca03a1febbd_317.json +++ b/packages/security_detection_engine/kibana/security_rule/a60326d7-dca7-4fb7-93eb-1ca03a1febbd_317.json @@ -47,7 +47,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a605c51a-73ad-406d-bf3a-f24cc41d5c97_110.json b/packages/security_detection_engine/kibana/security_rule/a605c51a-73ad-406d-bf3a-f24cc41d5c97_110.json index c42768ea820..7db05b5e764 100644 --- a/packages/security_detection_engine/kibana/security_rule/a605c51a-73ad-406d-bf3a-f24cc41d5c97_110.json +++ b/packages/security_detection_engine/kibana/security_rule/a605c51a-73ad-406d-bf3a-f24cc41d5c97_110.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a6129187-c47b-48ab-a412-67a44836d918_2.json b/packages/security_detection_engine/kibana/security_rule/a6129187-c47b-48ab-a412-67a44836d918_2.json index a61d848d87a..c01824af643 100644 --- a/packages/security_detection_engine/kibana/security_rule/a6129187-c47b-48ab-a412-67a44836d918_2.json +++ b/packages/security_detection_engine/kibana/security_rule/a6129187-c47b-48ab-a412-67a44836d918_2.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "microsoft_exchange_online_message_trace", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a624863f-a70d-417f-a7d2-7a404638d47f_320.json b/packages/security_detection_engine/kibana/security_rule/a624863f-a70d-417f-a7d2-7a404638d47f_320.json index 012f0119932..c216f879bc8 100644 --- a/packages/security_detection_engine/kibana/security_rule/a624863f-a70d-417f-a7d2-7a404638d47f_320.json +++ b/packages/security_detection_engine/kibana/security_rule/a624863f-a70d-417f-a7d2-7a404638d47f_320.json @@ -27,27 +27,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a640ef5b-e1da-4b17-8391-468fdbd1b517_3.json b/packages/security_detection_engine/kibana/security_rule/a640ef5b-e1da-4b17-8391-468fdbd1b517_3.json index 10976d9f75c..f6ed96fe82e 100644 --- a/packages/security_detection_engine/kibana/security_rule/a640ef5b-e1da-4b17-8391-468fdbd1b517_3.json +++ b/packages/security_detection_engine/kibana/security_rule/a640ef5b-e1da-4b17-8391-468fdbd1b517_3.json @@ -33,31 +33,31 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a643e6b8-ba2a-45f1-8d71-d265bfe2ae43_1.json b/packages/security_detection_engine/kibana/security_rule/a643e6b8-ba2a-45f1-8d71-d265bfe2ae43_1.json index 4e64391fd81..91b40b7d291 100644 --- a/packages/security_detection_engine/kibana/security_rule/a643e6b8-ba2a-45f1-8d71-d265bfe2ae43_1.json +++ b/packages/security_detection_engine/kibana/security_rule/a643e6b8-ba2a-45f1-8d71-d265bfe2ae43_1.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a6788d4b-b241-4bf0-8986-a3b4315c5b70_7.json b/packages/security_detection_engine/kibana/security_rule/a6788d4b-b241-4bf0-8986-a3b4315c5b70_7.json index 108621adb8a..f0b04fc0a2e 100644 --- a/packages/security_detection_engine/kibana/security_rule/a6788d4b-b241-4bf0-8986-a3b4315c5b70_7.json +++ b/packages/security_detection_engine/kibana/security_rule/a6788d4b-b241-4bf0-8986-a3b4315c5b70_7.json @@ -44,7 +44,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a68da7d6-7eab-45bd-97c5-93b469c0706e_1.json b/packages/security_detection_engine/kibana/security_rule/a68da7d6-7eab-45bd-97c5-93b469c0706e_1.json index aaea3349d11..2e59e40a2f3 100644 --- a/packages/security_detection_engine/kibana/security_rule/a68da7d6-7eab-45bd-97c5-93b469c0706e_1.json +++ b/packages/security_detection_engine/kibana/security_rule/a68da7d6-7eab-45bd-97c5-93b469c0706e_1.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a698a653-e144-4e40-bade-35135935be45_2.json b/packages/security_detection_engine/kibana/security_rule/a698a653-e144-4e40-bade-35135935be45_2.json index 6651cd28364..216454c9df7 100644 --- a/packages/security_detection_engine/kibana/security_rule/a698a653-e144-4e40-bade-35135935be45_2.json +++ b/packages/security_detection_engine/kibana/security_rule/a698a653-e144-4e40-bade-35135935be45_2.json @@ -25,11 +25,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a6bf4dd4-743e-4da8-8c03-3ebd753a6c90_113.json b/packages/security_detection_engine/kibana/security_rule/a6bf4dd4-743e-4da8-8c03-3ebd753a6c90_113.json index 60efc3c9eb9..8c9888954ae 100644 --- a/packages/security_detection_engine/kibana/security_rule/a6bf4dd4-743e-4da8-8c03-3ebd753a6c90_113.json +++ b/packages/security_detection_engine/kibana/security_rule/a6bf4dd4-743e-4da8-8c03-3ebd753a6c90_113.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a6d4e070-b9b9-4294-b028-d9e21ad47413_4.json b/packages/security_detection_engine/kibana/security_rule/a6d4e070-b9b9-4294-b028-d9e21ad47413_4.json index 889daa1ca1f..1205c774fca 100644 --- a/packages/security_detection_engine/kibana/security_rule/a6d4e070-b9b9-4294-b028-d9e21ad47413_4.json +++ b/packages/security_detection_engine/kibana/security_rule/a6d4e070-b9b9-4294-b028-d9e21ad47413_4.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a74c60cb-70ee-4629-a127-608ead14ebf1_109.json b/packages/security_detection_engine/kibana/security_rule/a74c60cb-70ee-4629-a127-608ead14ebf1_109.json index 9aaa5e4348c..b3d7a135105 100644 --- a/packages/security_detection_engine/kibana/security_rule/a74c60cb-70ee-4629-a127-608ead14ebf1_109.json +++ b/packages/security_detection_engine/kibana/security_rule/a74c60cb-70ee-4629-a127-608ead14ebf1_109.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "lmd", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/a750bbcc-863f-41ef-9924-fd8224e23694_3.json b/packages/security_detection_engine/kibana/security_rule/a750bbcc-863f-41ef-9924-fd8224e23694_3.json index da1b0c3d7fb..e9b2377b6f9 100644 --- a/packages/security_detection_engine/kibana/security_rule/a750bbcc-863f-41ef-9924-fd8224e23694_3.json +++ b/packages/security_detection_engine/kibana/security_rule/a750bbcc-863f-41ef-9924-fd8224e23694_3.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a7577205-88a1-4a08-85d4-7b72a9a2e969_3.json b/packages/security_detection_engine/kibana/security_rule/a7577205-88a1-4a08-85d4-7b72a9a2e969_3.json index e428dc3c854..7a26aedd6d4 100644 --- a/packages/security_detection_engine/kibana/security_rule/a7577205-88a1-4a08-85d4-7b72a9a2e969_3.json +++ b/packages/security_detection_engine/kibana/security_rule/a7577205-88a1-4a08-85d4-7b72a9a2e969_3.json @@ -38,7 +38,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a7b984e4-16ff-405b-80be-31a94a03e929_1.json b/packages/security_detection_engine/kibana/security_rule/a7b984e4-16ff-405b-80be-31a94a03e929_1.json index 9d4e10d9a45..83d9d2aa67d 100644 --- a/packages/security_detection_engine/kibana/security_rule/a7b984e4-16ff-405b-80be-31a94a03e929_1.json +++ b/packages/security_detection_engine/kibana/security_rule/a7b984e4-16ff-405b-80be-31a94a03e929_1.json @@ -23,7 +23,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a7c3e8f2-4b19-4d6a-9e5c-8f1a2b3c4d5e_4.json b/packages/security_detection_engine/kibana/security_rule/a7c3e8f2-4b19-4d6a-9e5c-8f1a2b3c4d5e_4.json index 817bbd034cf..b30a996c56f 100644 --- a/packages/security_detection_engine/kibana/security_rule/a7c3e8f2-4b19-4d6a-9e5c-8f1a2b3c4d5e_4.json +++ b/packages/security_detection_engine/kibana/security_rule/a7c3e8f2-4b19-4d6a-9e5c-8f1a2b3c4d5e_4.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a7ccae7b-9d2c-44b2-a061-98e5946971fa_118.json b/packages/security_detection_engine/kibana/security_rule/a7ccae7b-9d2c-44b2-a061-98e5946971fa_118.json index 70b5c45a61c..e3301bf8c53 100644 --- a/packages/security_detection_engine/kibana/security_rule/a7ccae7b-9d2c-44b2-a061-98e5946971fa_118.json +++ b/packages/security_detection_engine/kibana/security_rule/a7ccae7b-9d2c-44b2-a061-98e5946971fa_118.json @@ -21,11 +21,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a7e7bfa3-088e-4f13-b29e-3986e0e756b8_315.json b/packages/security_detection_engine/kibana/security_rule/a7e7bfa3-088e-4f13-b29e-3986e0e756b8_315.json deleted file mode 100644 index c142f209f19..00000000000 --- a/packages/security_detection_engine/kibana/security_rule/a7e7bfa3-088e-4f13-b29e-3986e0e756b8_315.json +++ /dev/null @@ -1,133 +0,0 @@ -{ - "attributes": { - "author": [ - "Elastic" - ], - "description": "Identifies attempts to export a registry hive which may contain credentials using the Windows reg.exe tool.", - "from": "now-9m", - "index": [ - "endgame-*", - "logs-crowdstrike.fdr*", - "logs-endpoint.events.process-*", - "logs-m365_defender.event-*", - "logs-sentinel_one_cloud_funnel.*", - "logs-system.security*", - "logs-windows.forwarded*", - "logs-windows.sysmon_operational-*", - "winlogbeat-*" - ], - "language": "eql", - "license": "Elastic License v2", - "name": "Credential Acquisition via Registry Hive Dumping", - "note": "## Triage and analysis\n\n### Investigating Credential Acquisition via Registry Hive Dumping\n\nDumping registry hives is a common way to access credential information as some hives store credential material.\n\nFor example, the SAM hive stores locally cached credentials (SAM Secrets), and the SECURITY hive stores domain cached credentials (LSA secrets).\n\nDumping these hives in combination with the SYSTEM hive enables the attacker to decrypt these secrets.\n\nThis rule identifies the usage of `reg.exe` to dump SECURITY and/or SAM hives, which potentially indicates the compromise of the credentials stored in the host.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Investigate if the credential material was exfiltrated or processed locally by other tools.\n- Investigate potentially compromised accounts. Analysts can do this by searching for login events (e.g., 4624) to the target host.\n\n### False positive analysis\n\n- Administrators can export registry hives for backup purposes using command line tools like `reg.exe`. Check whether the user is legitamitely performing this kind of activity.\n\n### Related rules\n\n- Registry Hive File Creation via SMB - a4c7473a-5cb4-4bc1-9d06-e4a75adbc494\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved hosts to prevent further post-compromise behavior.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system and restore compromised files to clean versions.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n", - "query": "process where host.os.type == \"windows\" and event.type == \"start\" and\n (?process.pe.original_file_name == \"reg.exe\" or process.name : \"reg.exe\") and\n process.args : (\"save\", \"export\") and\n process.args : (\"hklm\\\\sam\", \"hklm\\\\security\")\n", - "references": [ - "https://medium.com/threatpunter/detecting-attempts-to-steal-passwords-from-the-registry-7512674487f8", - "https://www.elastic.co/security-labs/detect-credential-access" - ], - "related_integrations": [ - { - "package": "endpoint", - "version": "^9.0.0" - }, - { - "package": "windows", - "version": "^3.0.0" - }, - { - "package": "system", - "version": "^2.0.0" - }, - { - "package": "m365_defender", - "version": "^5.0.0" - }, - { - "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" - }, - { - "package": "crowdstrike", - "version": "^3.0.0" - } - ], - "required_fields": [ - { - "ecs": true, - "name": "event.type", - "type": "keyword" - }, - { - "ecs": true, - "name": "host.os.type", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.args", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.name", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.pe.original_file_name", - "type": "keyword" - } - ], - "risk_score": 73, - "rule_id": "a7e7bfa3-088e-4f13-b29e-3986e0e756b8", - "severity": "high", - "tags": [ - "Domain: Endpoint", - "OS: Windows", - "Use Case: Threat Detection", - "Tactic: Credential Access", - "Resources: Investigation Guide", - "Data Source: Elastic Endgame", - "Data Source: Elastic Defend", - "Data Source: Windows Security Event Logs", - "Data Source: Microsoft Defender for Endpoint", - "Data Source: SentinelOne", - "Data Source: Sysmon", - "Data Source: Crowdstrike" - ], - "threat": [ - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0006", - "name": "Credential Access", - "reference": "https://attack.mitre.org/tactics/TA0006/" - }, - "technique": [ - { - "id": "T1003", - "name": "OS Credential Dumping", - "reference": "https://attack.mitre.org/techniques/T1003/", - "subtechnique": [ - { - "id": "T1003.002", - "name": "Security Account Manager", - "reference": "https://attack.mitre.org/techniques/T1003/002/" - }, - { - "id": "T1003.004", - "name": "LSA Secrets", - "reference": "https://attack.mitre.org/techniques/T1003/004/" - } - ] - } - ] - } - ], - "timestamp_override": "event.ingested", - "type": "eql", - "version": 315 - }, - "id": "a7e7bfa3-088e-4f13-b29e-3986e0e756b8_315", - "type": "security-rule" -} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/a7e7bfa3-088e-4f13-b29e-3986e0e756b8_318.json b/packages/security_detection_engine/kibana/security_rule/a7e7bfa3-088e-4f13-b29e-3986e0e756b8_318.json index 5bc53319276..8d5869cbc95 100644 --- a/packages/security_detection_engine/kibana/security_rule/a7e7bfa3-088e-4f13-b29e-3986e0e756b8_318.json +++ b/packages/security_detection_engine/kibana/security_rule/a7e7bfa3-088e-4f13-b29e-3986e0e756b8_318.json @@ -47,27 +47,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a7e9e2e8-3c5d-4b9a-8e7f-1a2b3c4d5e6f_1.json b/packages/security_detection_engine/kibana/security_rule/a7e9e2e8-3c5d-4b9a-8e7f-1a2b3c4d5e6f_1.json index 122b162b7ba..1ad5897c055 100644 --- a/packages/security_detection_engine/kibana/security_rule/a7e9e2e8-3c5d-4b9a-8e7f-1a2b3c4d5e6f_1.json +++ b/packages/security_detection_engine/kibana/security_rule/a7e9e2e8-3c5d-4b9a-8e7f-1a2b3c4d5e6f_1.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a7f2c1b4-5d8e-4f3a-9b0c-2e1d4a6b8f3e_3.json b/packages/security_detection_engine/kibana/security_rule/a7f2c1b4-5d8e-4f3a-9b0c-2e1d4a6b8f3e_3.json index 38a38b45dc9..6c0b6ed45d1 100644 --- a/packages/security_detection_engine/kibana/security_rule/a7f2c1b4-5d8e-4f3a-9b0c-2e1d4a6b8f3e_3.json +++ b/packages/security_detection_engine/kibana/security_rule/a7f2c1b4-5d8e-4f3a-9b0c-2e1d4a6b8f3e_3.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "fortinet_fortigate", - "version": "^1.31.0" + "version": ">=1.31.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a80d96cd-1164-41b3-9852-ef58724be496_7.json b/packages/security_detection_engine/kibana/security_rule/a80d96cd-1164-41b3-9852-ef58724be496_7.json index 07be252f43b..3955ea3ae14 100644 --- a/packages/security_detection_engine/kibana/security_rule/a80d96cd-1164-41b3-9852-ef58724be496_7.json +++ b/packages/security_detection_engine/kibana/security_rule/a80d96cd-1164-41b3-9852-ef58724be496_7.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a80ffc40-a256-475a-a86a-74361930cdb1_3.json b/packages/security_detection_engine/kibana/security_rule/a80ffc40-a256-475a-a86a-74361930cdb1_3.json index dd7101230bc..41ace13ac98 100644 --- a/packages/security_detection_engine/kibana/security_rule/a80ffc40-a256-475a-a86a-74361930cdb1_3.json +++ b/packages/security_detection_engine/kibana/security_rule/a80ffc40-a256-475a-a86a-74361930cdb1_3.json @@ -43,7 +43,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a8256685-9736-465b-b159-f25a172d08e8_2.json b/packages/security_detection_engine/kibana/security_rule/a8256685-9736-465b-b159-f25a172d08e8_2.json index ed941514acc..55d851d1f5d 100644 --- a/packages/security_detection_engine/kibana/security_rule/a8256685-9736-465b-b159-f25a172d08e8_2.json +++ b/packages/security_detection_engine/kibana/security_rule/a8256685-9736-465b-b159-f25a172d08e8_2.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a83b3dac-325a-11ef-b3e6-f661ea17fbce_8.json b/packages/security_detection_engine/kibana/security_rule/a83b3dac-325a-11ef-b3e6-f661ea17fbce_8.json index cfbd0d965f8..760c5ac6341 100644 --- a/packages/security_detection_engine/kibana/security_rule/a83b3dac-325a-11ef-b3e6-f661ea17fbce_8.json +++ b/packages/security_detection_engine/kibana/security_rule/a83b3dac-325a-11ef-b3e6-f661ea17fbce_8.json @@ -24,11 +24,11 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" }, { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a87a4e42-1d82-44bd-b0bf-d9b7f91fb89e_105.json b/packages/security_detection_engine/kibana/security_rule/a87a4e42-1d82-44bd-b0bf-d9b7f91fb89e_105.json index e96f0c80ca2..d4b73a2c16f 100644 --- a/packages/security_detection_engine/kibana/security_rule/a87a4e42-1d82-44bd-b0bf-d9b7f91fb89e_105.json +++ b/packages/security_detection_engine/kibana/security_rule/a87a4e42-1d82-44bd-b0bf-d9b7f91fb89e_105.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "apm", - "version": "^9.0.0-preview-1738343125" + "version": ">=9.0.0-preview-1738343125" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a87d49f0-24ae-4d6e-a0b4-5fd2f6188d6a_2.json b/packages/security_detection_engine/kibana/security_rule/a87d49f0-24ae-4d6e-a0b4-5fd2f6188d6a_2.json index d78658d8ab7..6e927cfa17e 100644 --- a/packages/security_detection_engine/kibana/security_rule/a87d49f0-24ae-4d6e-a0b4-5fd2f6188d6a_2.json +++ b/packages/security_detection_engine/kibana/security_rule/a87d49f0-24ae-4d6e-a0b4-5fd2f6188d6a_2.json @@ -25,23 +25,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a8a48752-58f3-43a9-beb5-14b9e9f6a8b0_1.json b/packages/security_detection_engine/kibana/security_rule/a8a48752-58f3-43a9-beb5-14b9e9f6a8b0_1.json index 54a03e35260..83ba5479778 100644 --- a/packages/security_detection_engine/kibana/security_rule/a8a48752-58f3-43a9-beb5-14b9e9f6a8b0_1.json +++ b/packages/security_detection_engine/kibana/security_rule/a8a48752-58f3-43a9-beb5-14b9e9f6a8b0_1.json @@ -23,7 +23,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a8aaa49d-9834-462d-bf8f-b1255cebc004_6.json b/packages/security_detection_engine/kibana/security_rule/a8aaa49d-9834-462d-bf8f-b1255cebc004_6.json index 516171ba109..dcf88f7c9df 100644 --- a/packages/security_detection_engine/kibana/security_rule/a8aaa49d-9834-462d-bf8f-b1255cebc004_6.json +++ b/packages/security_detection_engine/kibana/security_rule/a8aaa49d-9834-462d-bf8f-b1255cebc004_6.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a8afdce2-0ec1-11ee-b843-f661ea17fbcd_9.json b/packages/security_detection_engine/kibana/security_rule/a8afdce2-0ec1-11ee-b843-f661ea17fbcd_9.json index ab5a961f13c..6a5d45a2fcb 100644 --- a/packages/security_detection_engine/kibana/security_rule/a8afdce2-0ec1-11ee-b843-f661ea17fbcd_9.json +++ b/packages/security_detection_engine/kibana/security_rule/a8afdce2-0ec1-11ee-b843-f661ea17fbcd_9.json @@ -26,11 +26,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a8b08d2d-6dfe-453f-87d1-11d5fc3ec746_1.json b/packages/security_detection_engine/kibana/security_rule/a8b08d2d-6dfe-453f-87d1-11d5fc3ec746_1.json deleted file mode 100644 index 3a0815abf6b..00000000000 --- a/packages/security_detection_engine/kibana/security_rule/a8b08d2d-6dfe-453f-87d1-11d5fc3ec746_1.json +++ /dev/null @@ -1,137 +0,0 @@ -{ - "attributes": { - "author": [ - "Elastic" - ], - "description": "This rule detects the download of files from inside a container. The files are downloaded using the \"curl\" or \"wget\" command-line tools. Adversaries may use these tools to download files from the internet to gain access to sensitive data or communicate with C2 servers.", - "false_positives": [ - "There is a potential for false positives if the files are downloaded for legitimate purposes, such as debugging or troubleshooting, or if the files are downloaded from a known benign source. It is important to investigate any alerts generated by this rule to determine if they are indicative of malicious activity or part of legitimate container activity." - ], - "from": "now-6m", - "index": [ - "logs-cloud_defend.process*" - ], - "interval": "5m", - "language": "eql", - "license": "Elastic License v2", - "name": "File Download Detected via Defend for Containers", - "note": "## Triage and analysis\n\n> **Disclaimer**:\n> This investigation guide was created using generative AI technology and has been reviewed to improve its accuracy and relevance. While every effort has been made to ensure its quality, we recommend validating the content and adapting it to suit your specific environment and operational needs.\n\n### Investigating File Download Detected via Defend for Containers\n\nThis rule flags an interactive session inside a Linux container that runs curl or wget to pull content from a URL or IP and immediately writes a new file, signaling hands-on retrieval of tools, payloads, or data. It matters because attackers often use on-demand downloads to stage second-phase execution and establish application-layer command-and-control without baking artifacts into images. A common pattern is an operator execing into a running container, fetching a script or binary from paste/CDN infrastructure, then saving it for rapid follow-on execution.\n\n### Possible investigation steps\n\n- Attribute the interactive session to an initiator by correlating the container exec/attach event with Kubernetes audit logs or Docker daemon logs to identify the user/service account, source IP, and access path. \n- Inspect the created file\u2019s full path, size, magic/format, and hash, then retrieve it from the container or node filesystem for static analysis and malware scanning. \n- Pivot on the download destination (domain/IP/URL path) to review outbound connection telemetry, DNS/TLS indicators, and threat reputation, and determine whether the endpoint is expected for this workload. \n- Review subsequent container activity after the download for follow-on actions such as chmod, interpreter execution, new processes, cron modifications, credential access, or lateral movement attempts. \n- Validate whether the container/image and namespace normally permit interactive access and external downloads, and if not, assess for compromised credentials, exposed exec permissions, or a misconfigured runtime policy.\n\n### False positive analysis\n\n- A developer or SRE may exec into a running container for interactive troubleshooting and use curl or wget to fetch a diagnostic script, configuration file, or test payload from an internal HTTP endpoint, resulting in a new file creation event. \n- An operator may interactively run curl or wget to download a patch, certificate bundle, or updated artifact into the container during an emergency fix or recovery workflow, especially in minimal images lacking package managers, which can appear indistinguishable from attacker staging.\n\n### Response and remediation\n\n- Immediately isolate the affected pod/container by applying a deny-all egress policy and, if possible, pausing or cordoning the hosting node to stop additional downloads and outbound C2 traffic. \n- Capture and preserve the downloaded artifact(s) created by curl/wget (path, timestamps, hashes) plus the interactive shell history/command line, then delete the file(s) from the container and revoke any injected tools or scripts. \n- Terminate the interactive session and rotate credentials used to exec/attach (Kubernetes user/service account tokens, kubeconfig, SSH keys) and invalidate any newly created access (added users, API tokens, or modified secrets/config). \n- Redeploy the workload from a known-good image and configuration, then scan the node and cluster for persistence or reuse of the same URL/IP and hashes across other containers, blocking them at egress and proxy/IDS. \n- Escalate to incident response immediately if the downloaded file is executed, connects to an unapproved external host, modifies startup paths (entrypoint/cron), or if the exec user is unknown or high-privileged. \n- Harden by removing exec/attach permissions from non-admin roles, enforcing runtime policies that block interactive curl/wget and restrict outbound traffic to approved destinations, and ensuring images include required tools so ad-hoc downloads are unnecessary.", - "query": "process where host.os.type == \"linux\" and event.type == \"start\" and event.action == \"exec\" and process.interactive == true and (\n (\n (process.name == \"curl\" or process.args in (\"curl\", \"/bin/curl\", \"/usr/bin/curl\", \"/usr/local/bin/curl\")) and\n process.args in (\"-o\", \"-O\", \"--output\", \"--remote-name\", \"--remote-name-all\", \"--output-dir\")\n ) or\n (\n (process.name == \"wget\" or process.args in (\"wget\", \"/bin/wget\", \"/usr/bin/wget\", \"/usr/local/bin/wget\")) and\n (\n process.args like (\"-*O*\", \"--output-document=*\", \"--output-file=*\") or\n /* to address for wget without any flags (storing in CWD), where wget is the process name */\n process.args_count == 2\n )\n ) or\n /* to address for wget without any flags (storing in CWD), where wget isn't the process name */\n (\n (process.name != \"wget\" and process.args in (\"wget\", \"/bin/wget\", \"/usr/bin/wget\", \"/usr/local/bin/wget\")) and\n process.args_count in (2, 3)\n )\n) and (\n process.args like~ \"*http*\" or\n process.args regex~ \".*[0-9]{1,3}\\\\.[0-9]{1,3}\\\\.[0-9]{1,3}\\\\.[0-9]{1,3}[:/]{1}.*\"\n) and container.id like \"?*\"\n", - "references": [ - "https://heilancoos.github.io/research/2025/12/16/kubernetes.html#kubelet-api", - "https://www.cyberark.com/resources/threat-research-blog/using-kubelet-client-to-attack-the-kubernetes-cluster", - "https://www.aquasec.com/blog/kubernetes-exposed-exploiting-the-kubelet-api/" - ], - "related_integrations": [ - { - "package": "cloud_defend", - "version": "^1.4.0" - } - ], - "required_fields": [ - { - "ecs": true, - "name": "container.id", - "type": "keyword" - }, - { - "ecs": true, - "name": "event.action", - "type": "keyword" - }, - { - "ecs": true, - "name": "event.type", - "type": "keyword" - }, - { - "ecs": true, - "name": "host.os.type", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.args", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.args_count", - "type": "long" - }, - { - "ecs": true, - "name": "process.interactive", - "type": "boolean" - }, - { - "ecs": true, - "name": "process.name", - "type": "keyword" - } - ], - "risk_score": 47, - "rule_id": "a8b08d2d-6dfe-453f-87d1-11d5fc3ec746", - "severity": "medium", - "tags": [ - "Data Source: Elastic Defend for Containers", - "Domain: Container", - "OS: Linux", - "Use Case: Threat Detection", - "Tactic: Command and Control", - "Tactic: Execution", - "Resources: Investigation Guide" - ], - "threat": [ - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0011", - "name": "Command and Control", - "reference": "https://attack.mitre.org/tactics/TA0011/" - }, - "technique": [ - { - "id": "T1071", - "name": "Application Layer Protocol", - "reference": "https://attack.mitre.org/techniques/T1071/", - "subtechnique": [ - { - "id": "T1071.001", - "name": "Web Protocols", - "reference": "https://attack.mitre.org/techniques/T1071/001/" - } - ] - } - ] - }, - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0002", - "name": "Execution", - "reference": "https://attack.mitre.org/tactics/TA0002/" - }, - "technique": [ - { - "id": "T1059", - "name": "Command and Scripting Interpreter", - "reference": "https://attack.mitre.org/techniques/T1059/", - "subtechnique": [ - { - "id": "T1059.004", - "name": "Unix Shell", - "reference": "https://attack.mitre.org/techniques/T1059/004/" - } - ] - } - ] - } - ], - "timestamp_override": "event.ingested", - "type": "eql", - "version": 1 - }, - "id": "a8b08d2d-6dfe-453f-87d1-11d5fc3ec746_1", - "type": "security-rule" -} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/a8b08d2d-6dfe-453f-87d1-11d5fc3ec746_4.json b/packages/security_detection_engine/kibana/security_rule/a8b08d2d-6dfe-453f-87d1-11d5fc3ec746_4.json index a283e06757a..77912a4c3c9 100644 --- a/packages/security_detection_engine/kibana/security_rule/a8b08d2d-6dfe-453f-87d1-11d5fc3ec746_4.json +++ b/packages/security_detection_engine/kibana/security_rule/a8b08d2d-6dfe-453f-87d1-11d5fc3ec746_4.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a8b2c4d6-e8f0-12a4-b6c8-d0e2f4a6b8c0_3.json b/packages/security_detection_engine/kibana/security_rule/a8b2c4d6-e8f0-12a4-b6c8-d0e2f4a6b8c0_3.json index c2b09b9b106..e2ccf8fcd97 100644 --- a/packages/security_detection_engine/kibana/security_rule/a8b2c4d6-e8f0-12a4-b6c8-d0e2f4a6b8c0_3.json +++ b/packages/security_detection_engine/kibana/security_rule/a8b2c4d6-e8f0-12a4-b6c8-d0e2f4a6b8c0_3.json @@ -29,7 +29,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a8b3c4d5-e6f7-8901-a2b3-c4d5e6f78901_3.json b/packages/security_detection_engine/kibana/security_rule/a8b3c4d5-e6f7-8901-a2b3-c4d5e6f78901_3.json index 90b3a5a74a0..a5b051095ab 100644 --- a/packages/security_detection_engine/kibana/security_rule/a8b3c4d5-e6f7-8901-a2b3-c4d5e6f78901_3.json +++ b/packages/security_detection_engine/kibana/security_rule/a8b3c4d5-e6f7-8901-a2b3-c4d5e6f78901_3.json @@ -31,7 +31,7 @@ { "integration": "platformlogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a8b3e2f0-8c7d-11ef-b4c6-f661ea17fbcd_4.json b/packages/security_detection_engine/kibana/security_rule/a8b3e2f0-8c7d-11ef-b4c6-f661ea17fbcd_4.json index 968b46b8516..dc4f1e8d6c1 100644 --- a/packages/security_detection_engine/kibana/security_rule/a8b3e2f0-8c7d-11ef-b4c6-f661ea17fbcd_4.json +++ b/packages/security_detection_engine/kibana/security_rule/a8b3e2f0-8c7d-11ef-b4c6-f661ea17fbcd_4.json @@ -25,12 +25,12 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "risk_score": 47, diff --git a/packages/security_detection_engine/kibana/security_rule/a8d35ca0-ad8d-48a9-9f6c-553622dca61a_109.json b/packages/security_detection_engine/kibana/security_rule/a8d35ca0-ad8d-48a9-9f6c-553622dca61a_109.json index 8d169cecd7a..04136758edd 100644 --- a/packages/security_detection_engine/kibana/security_rule/a8d35ca0-ad8d-48a9-9f6c-553622dca61a_109.json +++ b/packages/security_detection_engine/kibana/security_rule/a8d35ca0-ad8d-48a9-9f6c-553622dca61a_109.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "lmd", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/a8e7d6c5-b4a3-2918-0f9e-8d7c6b5a4032_1.json b/packages/security_detection_engine/kibana/security_rule/a8e7d6c5-b4a3-2918-0f9e-8d7c6b5a4032_1.json index 5d4d3cb7db1..ebb21ca247b 100644 --- a/packages/security_detection_engine/kibana/security_rule/a8e7d6c5-b4a3-2918-0f9e-8d7c6b5a4032_1.json +++ b/packages/security_detection_engine/kibana/security_rule/a8e7d6c5-b4a3-2918-0f9e-8d7c6b5a4032_1.json @@ -18,7 +18,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a8f3c2e1-4d5b-4e6f-8a9b-0c1d2e3f4a5b_1.json b/packages/security_detection_engine/kibana/security_rule/a8f3c2e1-4d5b-4e6f-8a9b-0c1d2e3f4a5b_1.json index 13d49d83b9d..99a11650a51 100644 --- a/packages/security_detection_engine/kibana/security_rule/a8f3c2e1-4d5b-4e6f-8a9b-0c1d2e3f4a5b_1.json +++ b/packages/security_detection_engine/kibana/security_rule/a8f3c2e1-4d5b-4e6f-8a9b-0c1d2e3f4a5b_1.json @@ -45,7 +45,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a8f7187f-76d6-4c1d-a1d5-1ff301ccc120_104.json b/packages/security_detection_engine/kibana/security_rule/a8f7187f-76d6-4c1d-a1d5-1ff301ccc120_104.json index e47f3c7f15b..553a17918fe 100644 --- a/packages/security_detection_engine/kibana/security_rule/a8f7187f-76d6-4c1d-a1d5-1ff301ccc120_104.json +++ b/packages/security_detection_engine/kibana/security_rule/a8f7187f-76d6-4c1d-a1d5-1ff301ccc120_104.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "pad", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/a8f7e9d4-3b2c-4d5e-8f1a-6c9b0e2d4a7f_1.json b/packages/security_detection_engine/kibana/security_rule/a8f7e9d4-3b2c-4d5e-8f1a-6c9b0e2d4a7f_1.json index 8bc34543684..961afd48242 100644 --- a/packages/security_detection_engine/kibana/security_rule/a8f7e9d4-3b2c-4d5e-8f1a-6c9b0e2d4a7f_1.json +++ b/packages/security_detection_engine/kibana/security_rule/a8f7e9d4-3b2c-4d5e-8f1a-6c9b0e2d4a7f_1.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a953f6d5-01cd-4f4c-94dc-207e34965cac_1.json b/packages/security_detection_engine/kibana/security_rule/a953f6d5-01cd-4f4c-94dc-207e34965cac_1.json index 519b2314123..8151e697204 100644 --- a/packages/security_detection_engine/kibana/security_rule/a953f6d5-01cd-4f4c-94dc-207e34965cac_1.json +++ b/packages/security_detection_engine/kibana/security_rule/a953f6d5-01cd-4f4c-94dc-207e34965cac_1.json @@ -48,7 +48,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a989fa1b-9a11-4dd8-a3e9-f0de9c6eb5f2_213.json b/packages/security_detection_engine/kibana/security_rule/a989fa1b-9a11-4dd8-a3e9-f0de9c6eb5f2_213.json index d61c53f9b1d..878b30c60aa 100644 --- a/packages/security_detection_engine/kibana/security_rule/a989fa1b-9a11-4dd8-a3e9-f0de9c6eb5f2_213.json +++ b/packages/security_detection_engine/kibana/security_rule/a989fa1b-9a11-4dd8-a3e9-f0de9c6eb5f2_213.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a99f82f5-8e77-4f8b-b3ce-10c0f6afbc73_211.json b/packages/security_detection_engine/kibana/security_rule/a99f82f5-8e77-4f8b-b3ce-10c0f6afbc73_211.json index 20fb0677f2b..50e4eb5a759 100644 --- a/packages/security_detection_engine/kibana/security_rule/a99f82f5-8e77-4f8b-b3ce-10c0f6afbc73_211.json +++ b/packages/security_detection_engine/kibana/security_rule/a99f82f5-8e77-4f8b-b3ce-10c0f6afbc73_211.json @@ -50,7 +50,7 @@ "related_integrations": [ { "package": "google_workspace", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a9b05c3b-b304-4bf9-970d-acdfaef2944c_216.json b/packages/security_detection_engine/kibana/security_rule/a9b05c3b-b304-4bf9-970d-acdfaef2944c_216.json index de052bf7cc7..33a5398f22b 100644 --- a/packages/security_detection_engine/kibana/security_rule/a9b05c3b-b304-4bf9-970d-acdfaef2944c_216.json +++ b/packages/security_detection_engine/kibana/security_rule/a9b05c3b-b304-4bf9-970d-acdfaef2944c_216.json @@ -45,23 +45,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/a9cb3641-ff4b-4cdc-a063-b4b8d02a67c7_109.json b/packages/security_detection_engine/kibana/security_rule/a9cb3641-ff4b-4cdc-a063-b4b8d02a67c7_109.json deleted file mode 100644 index eec5675f6a2..00000000000 --- a/packages/security_detection_engine/kibana/security_rule/a9cb3641-ff4b-4cdc-a063-b4b8d02a67c7_109.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "attributes": { - "author": [ - "Elastic" - ], - "description": "This rule detects events that could be describing IPSEC NAT Traversal traffic. IPSEC is a VPN technology that allows one system to talk to another using encrypted tunnels. NAT Traversal enables these tunnels to communicate over the Internet where one of the sides is behind a NAT router gateway. This may be common on your network, but this technique is also used by threat actors to avoid detection.", - "false_positives": [ - "Some networks may utilize these protocols but usage that is unfamiliar to local network administrators can be unexpected and suspicious. Because this port is in the ephemeral range, this rule may false under certain conditions, such as when an application server with a public IP address replies to a client which has used a UDP port in the range by coincidence. This is uncommon but such servers can be excluded." - ], - "from": "now-9m", - "index": [ - "packetbeat-*", - "auditbeat-*", - "filebeat-*", - "logs-network_traffic.*", - "logs-panw.*" - ], - "language": "kuery", - "license": "Elastic License v2", - "name": "IPSEC NAT Traversal Port Activity", - "note": "## Triage and analysis\n\n> **Disclaimer**:\n> This investigation guide was created using generative AI technology and has been reviewed to improve its accuracy and relevance. While every effort has been made to ensure its quality, we recommend validating the content and adapting it to suit your specific environment and operational needs.\n\n### Investigating IPSEC NAT Traversal Port Activity\n\nIPSEC NAT Traversal facilitates secure VPN communication across NAT devices by encapsulating IPSEC packets in UDP, typically using port 4500. While essential for legitimate encrypted traffic, adversaries exploit this to mask malicious activities, bypassing network defenses. The detection rule identifies unusual UDP traffic on port 4500, flagging potential misuse for further investigation.\n\n### Possible investigation steps\n\n- Review the source and destination IP addresses associated with the UDP traffic on port 4500 to determine if they are known or expected within your network environment.\n- Analyze the volume and frequency of the detected traffic to assess whether it aligns with typical IPSEC NAT Traversal usage or if it appears anomalous.\n- Check for any associated network traffic events in the same timeframe that might indicate a pattern of suspicious activity, such as unusual data transfer volumes or connections to known malicious IP addresses.\n- Investigate the endpoint or device generating the traffic to verify if it is authorized to use IPSEC NAT Traversal and if it has any history of security incidents or vulnerabilities.\n- Correlate the detected activity with any recent changes in network configurations or security policies that might explain the traffic pattern.\n- Consult threat intelligence sources to determine if the destination IP address or domain has been associated with known threat actors or command and control infrastructure.\n\n### False positive analysis\n\n- Legitimate VPN traffic using IPSEC NAT Traversal can trigger alerts. Regularly review and whitelist known IP addresses or subnets associated with authorized VPN connections to reduce false positives.\n- Network devices or services that rely on IPSEC for secure communication may generate expected traffic on port 4500. Identify and document these devices, then create exceptions in the detection rule to prevent unnecessary alerts.\n- Automated backup or synchronization services that use IPSEC for secure data transfer might be flagged. Monitor these services and exclude their traffic patterns if they are verified as non-threatening.\n- Some enterprise applications may use IPSEC NAT Traversal for secure communication. Conduct an inventory of such applications and adjust the rule to exclude their traffic after confirming their legitimacy.\n- Regularly update the list of known safe IP addresses and services to ensure that new legitimate sources of IPSEC NAT Traversal traffic are promptly excluded from triggering alerts.\n\n### Response and remediation\n\n- Immediately isolate the affected system from the network to prevent further potential malicious activity and lateral movement.\n- Conduct a thorough analysis of the isolated system to identify any signs of compromise, such as unauthorized access or data exfiltration, focusing on logs and network traffic related to UDP port 4500.\n- Block all suspicious IP addresses associated with the detected traffic on port 4500 at the network perimeter to prevent further communication with potential threat actors.\n- Review and update firewall and intrusion detection/prevention system (IDS/IPS) rules to ensure they effectively block unauthorized IPSEC NAT Traversal traffic, particularly on UDP port 4500.\n- Restore the affected system from a known good backup if any signs of compromise are confirmed, ensuring that all security patches and updates are applied before reconnecting to the network.\n- Escalate the incident to the security operations center (SOC) or incident response team for further investigation and to determine if additional systems are affected.\n- Implement enhanced monitoring and logging for UDP traffic on port 4500 to detect and respond to any future suspicious activity promptly.", - "query": "(event.dataset: network_traffic.flow or (event.category: (network or network_traffic))) and network.transport:udp and destination.port:4500\n", - "related_integrations": [ - { - "package": "network_traffic", - "version": "^1.33.0" - }, - { - "package": "panw", - "version": "^5.2.0" - } - ], - "required_fields": [ - { - "ecs": true, - "name": "destination.port", - "type": "long" - }, - { - "ecs": true, - "name": "event.category", - "type": "keyword" - }, - { - "ecs": true, - "name": "event.dataset", - "type": "keyword" - }, - { - "ecs": true, - "name": "network.transport", - "type": "keyword" - } - ], - "risk_score": 21, - "rule_id": "a9cb3641-ff4b-4cdc-a063-b4b8d02a67c7", - "severity": "low", - "tags": [ - "Tactic: Command and Control", - "Domain: Endpoint", - "Use Case: Threat Detection", - "Data Source: PAN-OS", - "Resources: Investigation Guide" - ], - "threat": [ - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0011", - "name": "Command and Control", - "reference": "https://attack.mitre.org/tactics/TA0011/" - }, - "technique": [ - { - "id": "T1095", - "name": "Non-Application Layer Protocol", - "reference": "https://attack.mitre.org/techniques/T1095/" - }, - { - "id": "T1572", - "name": "Protocol Tunneling", - "reference": "https://attack.mitre.org/techniques/T1572/" - }, - { - "id": "T1573", - "name": "Encrypted Channel", - "reference": "https://attack.mitre.org/techniques/T1573/" - } - ] - } - ], - "timestamp_override": "event.ingested", - "type": "query", - "version": 109 - }, - "id": "a9cb3641-ff4b-4cdc-a063-b4b8d02a67c7_109", - "type": "security-rule" -} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/a9cb3641-ff4b-4cdc-a063-b4b8d02a67c7_112.json b/packages/security_detection_engine/kibana/security_rule/a9cb3641-ff4b-4cdc-a063-b4b8d02a67c7_112.json index ae71ee2a625..e34ce63c702 100644 --- a/packages/security_detection_engine/kibana/security_rule/a9cb3641-ff4b-4cdc-a063-b4b8d02a67c7_112.json +++ b/packages/security_detection_engine/kibana/security_rule/a9cb3641-ff4b-4cdc-a063-b4b8d02a67c7_112.json @@ -25,19 +25,19 @@ "related_integrations": [ { "package": "panw", - "version": "^5.2.0" + "version": ">=5.2.0" }, { "package": "pfsense", - "version": "^1.22.0" + "version": ">=1.22.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" }, { "package": "zeek", - "version": "^5.0.0" + "version": ">=5.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/aa04377a-19b5-4940-952f-aad173790d23_1.json b/packages/security_detection_engine/kibana/security_rule/aa04377a-19b5-4940-952f-aad173790d23_1.json index 09fda16918e..2ff1bb236ce 100644 --- a/packages/security_detection_engine/kibana/security_rule/aa04377a-19b5-4940-952f-aad173790d23_1.json +++ b/packages/security_detection_engine/kibana/security_rule/aa04377a-19b5-4940-952f-aad173790d23_1.json @@ -46,11 +46,11 @@ { "integration": "aadgraphactivitylogs", "package": "azure", - "version": "^1.37.0" + "version": ">=1.37.0" }, { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/aa1e007a-2997-4247-b048-dd9344742560_2.json b/packages/security_detection_engine/kibana/security_rule/aa1e007a-2997-4247-b048-dd9344742560_2.json index 5f8ee464385..ae8516cb28f 100644 --- a/packages/security_detection_engine/kibana/security_rule/aa1e007a-2997-4247-b048-dd9344742560_2.json +++ b/packages/security_detection_engine/kibana/security_rule/aa1e007a-2997-4247-b048-dd9344742560_2.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/aa28f01d-bc93-4c8f-bc01-6f67f2a0a833_104.json b/packages/security_detection_engine/kibana/security_rule/aa28f01d-bc93-4c8f-bc01-6f67f2a0a833_104.json index 7dce63e5a35..73d6f7cfce4 100644 --- a/packages/security_detection_engine/kibana/security_rule/aa28f01d-bc93-4c8f-bc01-6f67f2a0a833_104.json +++ b/packages/security_detection_engine/kibana/security_rule/aa28f01d-bc93-4c8f-bc01-6f67f2a0a833_104.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "pad", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/aa8007f0-d1df-49ef-8520-407857594827_109.json b/packages/security_detection_engine/kibana/security_rule/aa8007f0-d1df-49ef-8520-407857594827_109.json index b3ec2bfa2eb..e7a66befb61 100644 --- a/packages/security_detection_engine/kibana/security_rule/aa8007f0-d1df-49ef-8520-407857594827_109.json +++ b/packages/security_detection_engine/kibana/security_rule/aa8007f0-d1df-49ef-8520-407857594827_109.json @@ -23,7 +23,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/aa895aea-b69c-4411-b110-8d7599634b30_218.json b/packages/security_detection_engine/kibana/security_rule/aa895aea-b69c-4411-b110-8d7599634b30_218.json index 1bc9fd8455d..10e560c3f49 100644 --- a/packages/security_detection_engine/kibana/security_rule/aa895aea-b69c-4411-b110-8d7599634b30_218.json +++ b/packages/security_detection_engine/kibana/security_rule/aa895aea-b69c-4411-b110-8d7599634b30_218.json @@ -23,11 +23,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/aa9a274d-6b53-424d-ac5e-cb8ca4251650_218.json b/packages/security_detection_engine/kibana/security_rule/aa9a274d-6b53-424d-ac5e-cb8ca4251650_218.json index 0c9cd95b693..82cde0db606 100644 --- a/packages/security_detection_engine/kibana/security_rule/aa9a274d-6b53-424d-ac5e-cb8ca4251650_218.json +++ b/packages/security_detection_engine/kibana/security_rule/aa9a274d-6b53-424d-ac5e-cb8ca4251650_218.json @@ -23,11 +23,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/aaab30ec-b004-4191-95e1-4a14387ef6a6_6.json b/packages/security_detection_engine/kibana/security_rule/aaab30ec-b004-4191-95e1-4a14387ef6a6_6.json index 872f66dc034..6b2ea696ca8 100644 --- a/packages/security_detection_engine/kibana/security_rule/aaab30ec-b004-4191-95e1-4a14387ef6a6_6.json +++ b/packages/security_detection_engine/kibana/security_rule/aaab30ec-b004-4191-95e1-4a14387ef6a6_6.json @@ -33,7 +33,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/aabdad51-51fb-4a66-9d82-3873e42accb8_6.json b/packages/security_detection_engine/kibana/security_rule/aabdad51-51fb-4a66-9d82-3873e42accb8_6.json index 70fede373da..c7c9186140a 100644 --- a/packages/security_detection_engine/kibana/security_rule/aabdad51-51fb-4a66-9d82-3873e42accb8_6.json +++ b/packages/security_detection_engine/kibana/security_rule/aabdad51-51fb-4a66-9d82-3873e42accb8_6.json @@ -19,15 +19,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ab75c24b-2502-43a0-bf7c-e60e662c811e_123.json b/packages/security_detection_engine/kibana/security_rule/ab75c24b-2502-43a0-bf7c-e60e662c811e_123.json index 45464fe0ad9..cb927f14ea0 100644 --- a/packages/security_detection_engine/kibana/security_rule/ab75c24b-2502-43a0-bf7c-e60e662c811e_123.json +++ b/packages/security_detection_engine/kibana/security_rule/ab75c24b-2502-43a0-bf7c-e60e662c811e_123.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ab7795cc-0e0b-4f9d-a934-1f17a58f869a_3.json b/packages/security_detection_engine/kibana/security_rule/ab7795cc-0e0b-4f9d-a934-1f17a58f869a_3.json index 1a0983e5029..327a6c11837 100644 --- a/packages/security_detection_engine/kibana/security_rule/ab7795cc-0e0b-4f9d-a934-1f17a58f869a_3.json +++ b/packages/security_detection_engine/kibana/security_rule/ab7795cc-0e0b-4f9d-a934-1f17a58f869a_3.json @@ -23,15 +23,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ab8f074c-5565-4bc4-991c-d49770e19fc9_12.json b/packages/security_detection_engine/kibana/security_rule/ab8f074c-5565-4bc4-991c-d49770e19fc9_12.json index f249b694474..0f2e1716286 100644 --- a/packages/security_detection_engine/kibana/security_rule/ab8f074c-5565-4bc4-991c-d49770e19fc9_12.json +++ b/packages/security_detection_engine/kibana/security_rule/ab8f074c-5565-4bc4-991c-d49770e19fc9_12.json @@ -46,7 +46,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ab9a334a-f2c3-4f49-879f-480de71020d3_2.json b/packages/security_detection_engine/kibana/security_rule/ab9a334a-f2c3-4f49-879f-480de71020d3_2.json index bbfd19372d2..0a2e82209e6 100644 --- a/packages/security_detection_engine/kibana/security_rule/ab9a334a-f2c3-4f49-879f-480de71020d3_2.json +++ b/packages/security_detection_engine/kibana/security_rule/ab9a334a-f2c3-4f49-879f-480de71020d3_2.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/aba3bc11-e02f-4a03-8889-d86ea1a44f76_2.json b/packages/security_detection_engine/kibana/security_rule/aba3bc11-e02f-4a03-8889-d86ea1a44f76_2.json index 0cdc569a91c..602e8f56420 100644 --- a/packages/security_detection_engine/kibana/security_rule/aba3bc11-e02f-4a03-8889-d86ea1a44f76_2.json +++ b/packages/security_detection_engine/kibana/security_rule/aba3bc11-e02f-4a03-8889-d86ea1a44f76_2.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/abae61a8-c560-4dbd-acca-1e1438bff36b_310.json b/packages/security_detection_engine/kibana/security_rule/abae61a8-c560-4dbd-acca-1e1438bff36b_310.json index f33a2b8131e..987fc36120c 100644 --- a/packages/security_detection_engine/kibana/security_rule/abae61a8-c560-4dbd-acca-1e1438bff36b_310.json +++ b/packages/security_detection_engine/kibana/security_rule/abae61a8-c560-4dbd-acca-1e1438bff36b_310.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/abb7bc31-b865-4318-80a9-b9ee4edd57b6_1.json b/packages/security_detection_engine/kibana/security_rule/abb7bc31-b865-4318-80a9-b9ee4edd57b6_1.json index df6d44d2144..771dbcf571f 100644 --- a/packages/security_detection_engine/kibana/security_rule/abb7bc31-b865-4318-80a9-b9ee4edd57b6_1.json +++ b/packages/security_detection_engine/kibana/security_rule/abb7bc31-b865-4318-80a9-b9ee4edd57b6_1.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/abc7a2be-479e-428b-b0b3-1d22bda46dd9_2.json b/packages/security_detection_engine/kibana/security_rule/abc7a2be-479e-428b-b0b3-1d22bda46dd9_2.json index e6d98eac720..526dc55fbfc 100644 --- a/packages/security_detection_engine/kibana/security_rule/abc7a2be-479e-428b-b0b3-1d22bda46dd9_2.json +++ b/packages/security_detection_engine/kibana/security_rule/abc7a2be-479e-428b-b0b3-1d22bda46dd9_2.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ac412404-57a5-476f-858f-4e8fbb4f48d8_112.json b/packages/security_detection_engine/kibana/security_rule/ac412404-57a5-476f-858f-4e8fbb4f48d8_112.json index 9a0fb53218f..c1ac1f35fe3 100644 --- a/packages/security_detection_engine/kibana/security_rule/ac412404-57a5-476f-858f-4e8fbb4f48d8_112.json +++ b/packages/security_detection_engine/kibana/security_rule/ac412404-57a5-476f-858f-4e8fbb4f48d8_112.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ac5012b8-8da8-440b-aaaf-aedafdea2dff_420.json b/packages/security_detection_engine/kibana/security_rule/ac5012b8-8da8-440b-aaaf-aedafdea2dff_420.json index ae7e818a8d1..4b374b47ad0 100644 --- a/packages/security_detection_engine/kibana/security_rule/ac5012b8-8da8-440b-aaaf-aedafdea2dff_420.json +++ b/packages/security_detection_engine/kibana/security_rule/ac5012b8-8da8-440b-aaaf-aedafdea2dff_420.json @@ -30,19 +30,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ac531fcc-1d3b-476d-bbb5-1357728c9a37_108.json b/packages/security_detection_engine/kibana/security_rule/ac531fcc-1d3b-476d-bbb5-1357728c9a37_108.json index 02f353b1f27..495b7f913f0 100644 --- a/packages/security_detection_engine/kibana/security_rule/ac531fcc-1d3b-476d-bbb5-1357728c9a37_108.json +++ b/packages/security_detection_engine/kibana/security_rule/ac531fcc-1d3b-476d-bbb5-1357728c9a37_108.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ac5a2759-5c34-440a-b0c4-51fe674611d6_209.json b/packages/security_detection_engine/kibana/security_rule/ac5a2759-5c34-440a-b0c4-51fe674611d6_209.json index 8464706f927..a60d67f6a01 100644 --- a/packages/security_detection_engine/kibana/security_rule/ac5a2759-5c34-440a-b0c4-51fe674611d6_209.json +++ b/packages/security_detection_engine/kibana/security_rule/ac5a2759-5c34-440a-b0c4-51fe674611d6_209.json @@ -43,23 +43,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ac6bc744-e82b-41ad-b58d-90654fa4ebfb_106.json b/packages/security_detection_engine/kibana/security_rule/ac6bc744-e82b-41ad-b58d-90654fa4ebfb_106.json index 3d8deb0c0e9..232138291fe 100644 --- a/packages/security_detection_engine/kibana/security_rule/ac6bc744-e82b-41ad-b58d-90654fa4ebfb_106.json +++ b/packages/security_detection_engine/kibana/security_rule/ac6bc744-e82b-41ad-b58d-90654fa4ebfb_106.json @@ -40,11 +40,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ac706eae-d5ec-4b14-b4fd-e8ba8086f0e1_313.json b/packages/security_detection_engine/kibana/security_rule/ac706eae-d5ec-4b14-b4fd-e8ba8086f0e1_313.json index 92334d1ea46..54751333ef4 100644 --- a/packages/security_detection_engine/kibana/security_rule/ac706eae-d5ec-4b14-b4fd-e8ba8086f0e1_313.json +++ b/packages/security_detection_engine/kibana/security_rule/ac706eae-d5ec-4b14-b4fd-e8ba8086f0e1_313.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/ac96ceb8-4399-4191-af1d-4feeac1f1f46_216.json b/packages/security_detection_engine/kibana/security_rule/ac96ceb8-4399-4191-af1d-4feeac1f1f46_216.json index e25e96458d8..1a05731ac44 100644 --- a/packages/security_detection_engine/kibana/security_rule/ac96ceb8-4399-4191-af1d-4feeac1f1f46_216.json +++ b/packages/security_detection_engine/kibana/security_rule/ac96ceb8-4399-4191-af1d-4feeac1f1f46_216.json @@ -41,7 +41,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/acbc8bb9-2486-49a8-8779-45fb5f9a93ee_212.json b/packages/security_detection_engine/kibana/security_rule/acbc8bb9-2486-49a8-8779-45fb5f9a93ee_212.json index 1a1dac51b4d..f6182e7145b 100644 --- a/packages/security_detection_engine/kibana/security_rule/acbc8bb9-2486-49a8-8779-45fb5f9a93ee_212.json +++ b/packages/security_detection_engine/kibana/security_rule/acbc8bb9-2486-49a8-8779-45fb5f9a93ee_212.json @@ -37,7 +37,7 @@ "related_integrations": [ { "package": "google_workspace", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/acd611f3-2b93-47b3-a0a3-7723bcc46f6d_111.json b/packages/security_detection_engine/kibana/security_rule/acd611f3-2b93-47b3-a0a3-7723bcc46f6d_111.json index e35d45085ba..5f71acc5c8c 100644 --- a/packages/security_detection_engine/kibana/security_rule/acd611f3-2b93-47b3-a0a3-7723bcc46f6d_111.json +++ b/packages/security_detection_engine/kibana/security_rule/acd611f3-2b93-47b3-a0a3-7723bcc46f6d_111.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ace1e989-a541-44df-93a8-a8b0591b63c0_113.json b/packages/security_detection_engine/kibana/security_rule/ace1e989-a541-44df-93a8-a8b0591b63c0_113.json index bedd1fdd013..c7ada79b421 100644 --- a/packages/security_detection_engine/kibana/security_rule/ace1e989-a541-44df-93a8-a8b0591b63c0_113.json +++ b/packages/security_detection_engine/kibana/security_rule/ace1e989-a541-44df-93a8-a8b0591b63c0_113.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/acf738b5-b5b2-4acc-bad9-1e18ee234f40_315.json b/packages/security_detection_engine/kibana/security_rule/acf738b5-b5b2-4acc-bad9-1e18ee234f40_315.json index 4a56c8a8939..098c8c06ccd 100644 --- a/packages/security_detection_engine/kibana/security_rule/acf738b5-b5b2-4acc-bad9-1e18ee234f40_315.json +++ b/packages/security_detection_engine/kibana/security_rule/acf738b5-b5b2-4acc-bad9-1e18ee234f40_315.json @@ -44,23 +44,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ad02da2f-443d-454c-a12e-d9e6c65831ff_1.json b/packages/security_detection_engine/kibana/security_rule/ad02da2f-443d-454c-a12e-d9e6c65831ff_1.json index a2214dfe559..c1b8fe573f5 100644 --- a/packages/security_detection_engine/kibana/security_rule/ad02da2f-443d-454c-a12e-d9e6c65831ff_1.json +++ b/packages/security_detection_engine/kibana/security_rule/ad02da2f-443d-454c-a12e-d9e6c65831ff_1.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ad0d2742-9a49-11ec-8d6b-acde48001122_317.json b/packages/security_detection_engine/kibana/security_rule/ad0d2742-9a49-11ec-8d6b-acde48001122_317.json index 4fab1169b8b..9e442660ada 100644 --- a/packages/security_detection_engine/kibana/security_rule/ad0d2742-9a49-11ec-8d6b-acde48001122_317.json +++ b/packages/security_detection_engine/kibana/security_rule/ad0d2742-9a49-11ec-8d6b-acde48001122_317.json @@ -29,23 +29,23 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ad3f2807-2b3e-47d7-b282-f84acbbe14be_211.json b/packages/security_detection_engine/kibana/security_rule/ad3f2807-2b3e-47d7-b282-f84acbbe14be_211.json index 844ec5c3d1d..29dd629fbeb 100644 --- a/packages/security_detection_engine/kibana/security_rule/ad3f2807-2b3e-47d7-b282-f84acbbe14be_211.json +++ b/packages/security_detection_engine/kibana/security_rule/ad3f2807-2b3e-47d7-b282-f84acbbe14be_211.json @@ -35,7 +35,7 @@ "related_integrations": [ { "package": "google_workspace", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ad5a3757-c872-4719-8c72-12d3f08db655_108.json b/packages/security_detection_engine/kibana/security_rule/ad5a3757-c872-4719-8c72-12d3f08db655_108.json index 51bd297cc46..17b93cdc676 100644 --- a/packages/security_detection_engine/kibana/security_rule/ad5a3757-c872-4719-8c72-12d3f08db655_108.json +++ b/packages/security_detection_engine/kibana/security_rule/ad5a3757-c872-4719-8c72-12d3f08db655_108.json @@ -21,11 +21,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ad66db2e-1cc7-4a2c-8fa5-5f3895e44a18_105.json b/packages/security_detection_engine/kibana/security_rule/ad66db2e-1cc7-4a2c-8fa5-5f3895e44a18_105.json index 8cc12499f3d..a2407139cd4 100644 --- a/packages/security_detection_engine/kibana/security_rule/ad66db2e-1cc7-4a2c-8fa5-5f3895e44a18_105.json +++ b/packages/security_detection_engine/kibana/security_rule/ad66db2e-1cc7-4a2c-8fa5-5f3895e44a18_105.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/ad84d445-b1ce-4377-82d9-7c633f28bf9a_217.json b/packages/security_detection_engine/kibana/security_rule/ad84d445-b1ce-4377-82d9-7c633f28bf9a_217.json index 0416e282efa..ad62d06ef6c 100644 --- a/packages/security_detection_engine/kibana/security_rule/ad84d445-b1ce-4377-82d9-7c633f28bf9a_217.json +++ b/packages/security_detection_engine/kibana/security_rule/ad84d445-b1ce-4377-82d9-7c633f28bf9a_217.json @@ -39,7 +39,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ad88231f-e2ab-491c-8fc6-64746da26cfe_111.json b/packages/security_detection_engine/kibana/security_rule/ad88231f-e2ab-491c-8fc6-64746da26cfe_111.json index 2df136eb1c0..fcfca34b6d6 100644 --- a/packages/security_detection_engine/kibana/security_rule/ad88231f-e2ab-491c-8fc6-64746da26cfe_111.json +++ b/packages/security_detection_engine/kibana/security_rule/ad88231f-e2ab-491c-8fc6-64746da26cfe_111.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ad959eeb-2b7b-4722-ba08-a45f6622f005_111.json b/packages/security_detection_engine/kibana/security_rule/ad959eeb-2b7b-4722-ba08-a45f6622f005_111.json index 77784ba2bbc..6ab4cfc1cc1 100644 --- a/packages/security_detection_engine/kibana/security_rule/ad959eeb-2b7b-4722-ba08-a45f6622f005_111.json +++ b/packages/security_detection_engine/kibana/security_rule/ad959eeb-2b7b-4722-ba08-a45f6622f005_111.json @@ -21,15 +21,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/adb961e0-cb74-42a0-af9e-29fc41f88f5f_216.json b/packages/security_detection_engine/kibana/security_rule/adb961e0-cb74-42a0-af9e-29fc41f88f5f_216.json index 6e6f2e521ea..e0daa302ea4 100644 --- a/packages/security_detection_engine/kibana/security_rule/adb961e0-cb74-42a0-af9e-29fc41f88f5f_216.json +++ b/packages/security_detection_engine/kibana/security_rule/adb961e0-cb74-42a0-af9e-29fc41f88f5f_216.json @@ -32,19 +32,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/adbfa3ee-777e-4747-b6b0-7bd645f30880_14.json b/packages/security_detection_engine/kibana/security_rule/adbfa3ee-777e-4747-b6b0-7bd645f30880_14.json index 008cb28aa1d..365f505363d 100644 --- a/packages/security_detection_engine/kibana/security_rule/adbfa3ee-777e-4747-b6b0-7bd645f30880_14.json +++ b/packages/security_detection_engine/kibana/security_rule/adbfa3ee-777e-4747-b6b0-7bd645f30880_14.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ae32268b-bfd0-4c35-b002-13461b5830ca_2.json b/packages/security_detection_engine/kibana/security_rule/ae32268b-bfd0-4c35-b002-13461b5830ca_2.json index 23f28d83f16..c68836cabb5 100644 --- a/packages/security_detection_engine/kibana/security_rule/ae32268b-bfd0-4c35-b002-13461b5830ca_2.json +++ b/packages/security_detection_engine/kibana/security_rule/ae32268b-bfd0-4c35-b002-13461b5830ca_2.json @@ -47,7 +47,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ae343298-97bc-47bc-9ea2-5f2ad831c16e_111.json b/packages/security_detection_engine/kibana/security_rule/ae343298-97bc-47bc-9ea2-5f2ad831c16e_111.json index 6a1a615706e..3e787b9a3c9 100644 --- a/packages/security_detection_engine/kibana/security_rule/ae343298-97bc-47bc-9ea2-5f2ad831c16e_111.json +++ b/packages/security_detection_engine/kibana/security_rule/ae343298-97bc-47bc-9ea2-5f2ad831c16e_111.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ae3e9625-89ad-4fc3-a7bf-fced5e64f01b_3.json b/packages/security_detection_engine/kibana/security_rule/ae3e9625-89ad-4fc3-a7bf-fced5e64f01b_3.json index 1f74bd40f60..fe74ee68e74 100644 --- a/packages/security_detection_engine/kibana/security_rule/ae3e9625-89ad-4fc3-a7bf-fced5e64f01b_3.json +++ b/packages/security_detection_engine/kibana/security_rule/ae3e9625-89ad-4fc3-a7bf-fced5e64f01b_3.json @@ -23,19 +23,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ae8a142c-6a1d-4918-bea7-0b617e99ecfa_211.json b/packages/security_detection_engine/kibana/security_rule/ae8a142c-6a1d-4918-bea7-0b617e99ecfa_211.json index 15196ab3f6f..f389a8d2533 100644 --- a/packages/security_detection_engine/kibana/security_rule/ae8a142c-6a1d-4918-bea7-0b617e99ecfa_211.json +++ b/packages/security_detection_engine/kibana/security_rule/ae8a142c-6a1d-4918-bea7-0b617e99ecfa_211.json @@ -25,19 +25,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/aebaa51f-2a91-4f6a-850b-b601db2293f4_15.json b/packages/security_detection_engine/kibana/security_rule/aebaa51f-2a91-4f6a-850b-b601db2293f4_15.json index 7f34c2b7305..97441e4949e 100644 --- a/packages/security_detection_engine/kibana/security_rule/aebaa51f-2a91-4f6a-850b-b601db2293f4_15.json +++ b/packages/security_detection_engine/kibana/security_rule/aebaa51f-2a91-4f6a-850b-b601db2293f4_15.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/aed4b9d5-f853-40cf-8489-4fdcff03e272_1.json b/packages/security_detection_engine/kibana/security_rule/aed4b9d5-f853-40cf-8489-4fdcff03e272_1.json index 4cb76b73c8f..5a21eb700a5 100644 --- a/packages/security_detection_engine/kibana/security_rule/aed4b9d5-f853-40cf-8489-4fdcff03e272_1.json +++ b/packages/security_detection_engine/kibana/security_rule/aed4b9d5-f853-40cf-8489-4fdcff03e272_1.json @@ -40,7 +40,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/aeebe561-c338-4118-9924-8cb4e478aa58_2.json b/packages/security_detection_engine/kibana/security_rule/aeebe561-c338-4118-9924-8cb4e478aa58_2.json index 25839f97c93..503870c69f3 100644 --- a/packages/security_detection_engine/kibana/security_rule/aeebe561-c338-4118-9924-8cb4e478aa58_2.json +++ b/packages/security_detection_engine/kibana/security_rule/aeebe561-c338-4118-9924-8cb4e478aa58_2.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/af1e36fe-0abd-4463-b5ec-4e276dec0b26_5.json b/packages/security_detection_engine/kibana/security_rule/af1e36fe-0abd-4463-b5ec-4e276dec0b26_5.json index 046fd186293..541c86d366c 100644 --- a/packages/security_detection_engine/kibana/security_rule/af1e36fe-0abd-4463-b5ec-4e276dec0b26_5.json +++ b/packages/security_detection_engine/kibana/security_rule/af1e36fe-0abd-4463-b5ec-4e276dec0b26_5.json @@ -21,19 +21,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/af22d970-7106-45b4-b5e3-460d15333727_10.json b/packages/security_detection_engine/kibana/security_rule/af22d970-7106-45b4-b5e3-460d15333727_10.json index 409481dfb66..1a88d837f58 100644 --- a/packages/security_detection_engine/kibana/security_rule/af22d970-7106-45b4-b5e3-460d15333727_10.json +++ b/packages/security_detection_engine/kibana/security_rule/af22d970-7106-45b4-b5e3-460d15333727_10.json @@ -31,11 +31,11 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" }, { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/af2d8e4c-3b7c-4e91-8f5a-6c9d0e1f2a3b_3.json b/packages/security_detection_engine/kibana/security_rule/af2d8e4c-3b7c-4e91-8f5a-6c9d0e1f2a3b_3.json index f3a3485ff5a..59753ba98bb 100644 --- a/packages/security_detection_engine/kibana/security_rule/af2d8e4c-3b7c-4e91-8f5a-6c9d0e1f2a3b_3.json +++ b/packages/security_detection_engine/kibana/security_rule/af2d8e4c-3b7c-4e91-8f5a-6c9d0e1f2a3b_3.json @@ -29,7 +29,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/afa135c0-a365-43ab-aa35-fd86df314a47_10.json b/packages/security_detection_engine/kibana/security_rule/afa135c0-a365-43ab-aa35-fd86df314a47_10.json index b3d38f92968..2d8d5bbce46 100644 --- a/packages/security_detection_engine/kibana/security_rule/afa135c0-a365-43ab-aa35-fd86df314a47_10.json +++ b/packages/security_detection_engine/kibana/security_rule/afa135c0-a365-43ab-aa35-fd86df314a47_10.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/afcce5ad-65de-4ed2-8516-5e093d3ac99a_213.json b/packages/security_detection_engine/kibana/security_rule/afcce5ad-65de-4ed2-8516-5e093d3ac99a_213.json index ec9fce55055..9bf580ddbe6 100644 --- a/packages/security_detection_engine/kibana/security_rule/afcce5ad-65de-4ed2-8516-5e093d3ac99a_213.json +++ b/packages/security_detection_engine/kibana/security_rule/afcce5ad-65de-4ed2-8516-5e093d3ac99a_213.json @@ -27,11 +27,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/afd04601-12fc-4149-9b78-9c3f8fe45d39_12.json b/packages/security_detection_engine/kibana/security_rule/afd04601-12fc-4149-9b78-9c3f8fe45d39_12.json index 6bc10eaf564..f4a877ea954 100644 --- a/packages/security_detection_engine/kibana/security_rule/afd04601-12fc-4149-9b78-9c3f8fe45d39_12.json +++ b/packages/security_detection_engine/kibana/security_rule/afd04601-12fc-4149-9b78-9c3f8fe45d39_12.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/afdca1e0-0f8a-4fcf-9e1e-95e09791e3cd_2.json b/packages/security_detection_engine/kibana/security_rule/afdca1e0-0f8a-4fcf-9e1e-95e09791e3cd_2.json index 52ab2811d3a..0c44517464e 100644 --- a/packages/security_detection_engine/kibana/security_rule/afdca1e0-0f8a-4fcf-9e1e-95e09791e3cd_2.json +++ b/packages/security_detection_engine/kibana/security_rule/afdca1e0-0f8a-4fcf-9e1e-95e09791e3cd_2.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/afe6b0eb-dd9d-4922-b08a-1910124d524d_11.json b/packages/security_detection_engine/kibana/security_rule/afe6b0eb-dd9d-4922-b08a-1910124d524d_11.json index c6c5d5bde10..cd5e045ed1e 100644 --- a/packages/security_detection_engine/kibana/security_rule/afe6b0eb-dd9d-4922-b08a-1910124d524d_11.json +++ b/packages/security_detection_engine/kibana/security_rule/afe6b0eb-dd9d-4922-b08a-1910124d524d_11.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/aff74d85-5bfa-4ff1-ace2-4e3995a37cfa_1.json b/packages/security_detection_engine/kibana/security_rule/aff74d85-5bfa-4ff1-ace2-4e3995a37cfa_1.json index a46b1ff7929..4ec22e9753d 100644 --- a/packages/security_detection_engine/kibana/security_rule/aff74d85-5bfa-4ff1-ace2-4e3995a37cfa_1.json +++ b/packages/security_detection_engine/kibana/security_rule/aff74d85-5bfa-4ff1-ace2-4e3995a37cfa_1.json @@ -37,7 +37,7 @@ "related_integrations": [ { "package": "google_workspace", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b0046934-486e-462f-9487-0d4cf9e429c6_110.json b/packages/security_detection_engine/kibana/security_rule/b0046934-486e-462f-9487-0d4cf9e429c6_110.json index 780f9698f83..610c2c8e86c 100644 --- a/packages/security_detection_engine/kibana/security_rule/b0046934-486e-462f-9487-0d4cf9e429c6_110.json +++ b/packages/security_detection_engine/kibana/security_rule/b0046934-486e-462f-9487-0d4cf9e429c6_110.json @@ -18,7 +18,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b00bcd89-000c-4425-b94c-716ef67762f6_111.json b/packages/security_detection_engine/kibana/security_rule/b00bcd89-000c-4425-b94c-716ef67762f6_111.json index d823af9a797..8174c5cdcab 100644 --- a/packages/security_detection_engine/kibana/security_rule/b00bcd89-000c-4425-b94c-716ef67762f6_111.json +++ b/packages/security_detection_engine/kibana/security_rule/b00bcd89-000c-4425-b94c-716ef67762f6_111.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b0450411-46e5-46d2-9b35-8b5dd9ba763e_5.json b/packages/security_detection_engine/kibana/security_rule/b0450411-46e5-46d2-9b35-8b5dd9ba763e_5.json index 8ab2649df4e..b4d523b4a9b 100644 --- a/packages/security_detection_engine/kibana/security_rule/b0450411-46e5-46d2-9b35-8b5dd9ba763e_5.json +++ b/packages/security_detection_engine/kibana/security_rule/b0450411-46e5-46d2-9b35-8b5dd9ba763e_5.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "azure_openai", - "version": "^1.5.0" + "version": ">=1.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b0638186-4f12-48ac-83d2-47e686d08e82_208.json b/packages/security_detection_engine/kibana/security_rule/b0638186-4f12-48ac-83d2-47e686d08e82_208.json index 5cff5a08c0f..1195b2c1ce1 100644 --- a/packages/security_detection_engine/kibana/security_rule/b0638186-4f12-48ac-83d2-47e686d08e82_208.json +++ b/packages/security_detection_engine/kibana/security_rule/b0638186-4f12-48ac-83d2-47e686d08e82_208.json @@ -21,23 +21,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b07f0fba-0a78-11f0-8311-b66272739ecb_6.json b/packages/security_detection_engine/kibana/security_rule/b07f0fba-0a78-11f0-8311-b66272739ecb_6.json index b4eedc632cb..66ab63746a9 100644 --- a/packages/security_detection_engine/kibana/security_rule/b07f0fba-0a78-11f0-8311-b66272739ecb_6.json +++ b/packages/security_detection_engine/kibana/security_rule/b07f0fba-0a78-11f0-8311-b66272739ecb_6.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b0c98cfb-0745-4513-b6f9-08dddb033490_11.json b/packages/security_detection_engine/kibana/security_rule/b0c98cfb-0745-4513-b6f9-08dddb033490_11.json index ce32c92feb3..c74298c2783 100644 --- a/packages/security_detection_engine/kibana/security_rule/b0c98cfb-0745-4513-b6f9-08dddb033490_11.json +++ b/packages/security_detection_engine/kibana/security_rule/b0c98cfb-0745-4513-b6f9-08dddb033490_11.json @@ -32,7 +32,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b11116fd-023c-4718-aeb8-fa9d283fc53b_104.json b/packages/security_detection_engine/kibana/security_rule/b11116fd-023c-4718-aeb8-fa9d283fc53b_104.json index 0fb1b712086..3a7cbda347d 100644 --- a/packages/security_detection_engine/kibana/security_rule/b11116fd-023c-4718-aeb8-fa9d283fc53b_104.json +++ b/packages/security_detection_engine/kibana/security_rule/b11116fd-023c-4718-aeb8-fa9d283fc53b_104.json @@ -21,11 +21,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b15a15f2-becf-475d-aa69-45c9e0ff1c49_106.json b/packages/security_detection_engine/kibana/security_rule/b15a15f2-becf-475d-aa69-45c9e0ff1c49_106.json index f87d9d8d479..d6e2110dcf0 100644 --- a/packages/security_detection_engine/kibana/security_rule/b15a15f2-becf-475d-aa69-45c9e0ff1c49_106.json +++ b/packages/security_detection_engine/kibana/security_rule/b15a15f2-becf-475d-aa69-45c9e0ff1c49_106.json @@ -21,11 +21,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b1773d05-f349-45fb-9850-287b8f92f02d_7.json b/packages/security_detection_engine/kibana/security_rule/b1773d05-f349-45fb-9850-287b8f92f02d_7.json index cef09d97a7d..fd5205005bd 100644 --- a/packages/security_detection_engine/kibana/security_rule/b1773d05-f349-45fb-9850-287b8f92f02d_7.json +++ b/packages/security_detection_engine/kibana/security_rule/b1773d05-f349-45fb-9850-287b8f92f02d_7.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "aws_bedrock", - "version": "^1.1.0" + "version": ">=1.1.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b2318c71-5959-469a-a3ce-3a0768e63b9c_110.json b/packages/security_detection_engine/kibana/security_rule/b2318c71-5959-469a-a3ce-3a0768e63b9c_110.json index 7197ac5fcd5..4138b385ef5 100644 --- a/packages/security_detection_engine/kibana/security_rule/b2318c71-5959-469a-a3ce-3a0768e63b9c_110.json +++ b/packages/security_detection_engine/kibana/security_rule/b2318c71-5959-469a-a3ce-3a0768e63b9c_110.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b240bfb8-26b7-4e5e-924e-218144a3fa71_108.json b/packages/security_detection_engine/kibana/security_rule/b240bfb8-26b7-4e5e-924e-218144a3fa71_108.json index 91b09eba86d..b1552962623 100644 --- a/packages/security_detection_engine/kibana/security_rule/b240bfb8-26b7-4e5e-924e-218144a3fa71_108.json +++ b/packages/security_detection_engine/kibana/security_rule/b240bfb8-26b7-4e5e-924e-218144a3fa71_108.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/b25a7df2-120a-4db2-bd3f-3e4b86b24bee_218.json b/packages/security_detection_engine/kibana/security_rule/b25a7df2-120a-4db2-bd3f-3e4b86b24bee_218.json index b96e27e691f..6b28230dac1 100644 --- a/packages/security_detection_engine/kibana/security_rule/b25a7df2-120a-4db2-bd3f-3e4b86b24bee_218.json +++ b/packages/security_detection_engine/kibana/security_rule/b25a7df2-120a-4db2-bd3f-3e4b86b24bee_218.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b2951150-658f-4a60-832f-a00d1e6c6745_213.json b/packages/security_detection_engine/kibana/security_rule/b2951150-658f-4a60-832f-a00d1e6c6745_213.json index 5ab2d1b5e8a..68605ae40ee 100644 --- a/packages/security_detection_engine/kibana/security_rule/b2951150-658f-4a60-832f-a00d1e6c6745_213.json +++ b/packages/security_detection_engine/kibana/security_rule/b2951150-658f-4a60-832f-a00d1e6c6745_213.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b29b7652-219f-468b-aa1f-5da7bcc24b03_3.json b/packages/security_detection_engine/kibana/security_rule/b29b7652-219f-468b-aa1f-5da7bcc24b03_3.json index b632d628d04..3f3cbb67b11 100644 --- a/packages/security_detection_engine/kibana/security_rule/b29b7652-219f-468b-aa1f-5da7bcc24b03_3.json +++ b/packages/security_detection_engine/kibana/security_rule/b29b7652-219f-468b-aa1f-5da7bcc24b03_3.json @@ -29,27 +29,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b29ee2be-bf99-446c-ab1a-2dc0183394b8_214.json b/packages/security_detection_engine/kibana/security_rule/b29ee2be-bf99-446c-ab1a-2dc0183394b8_214.json index ab3e07a26b5..36c8ee73781 100644 --- a/packages/security_detection_engine/kibana/security_rule/b29ee2be-bf99-446c-ab1a-2dc0183394b8_214.json +++ b/packages/security_detection_engine/kibana/security_rule/b29ee2be-bf99-446c-ab1a-2dc0183394b8_214.json @@ -23,15 +23,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b2c3d4e5-6f7a-8b9c-0d1e-2f3a4b5c6d7e_2.json b/packages/security_detection_engine/kibana/security_rule/b2c3d4e5-6f7a-8b9c-0d1e-2f3a4b5c6d7e_2.json index a7b1501d4be..1ce30d61f7d 100644 --- a/packages/security_detection_engine/kibana/security_rule/b2c3d4e5-6f7a-8b9c-0d1e-2f3a4b5c6d7e_2.json +++ b/packages/security_detection_engine/kibana/security_rule/b2c3d4e5-6f7a-8b9c-0d1e-2f3a4b5c6d7e_2.json @@ -23,7 +23,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b2c3d4e5-f6a7-4890-b1c2-d3e4f5a60789_1.json b/packages/security_detection_engine/kibana/security_rule/b2c3d4e5-f6a7-4890-b1c2-d3e4f5a60789_1.json index b11e1b6a6b6..1ea21f7be61 100644 --- a/packages/security_detection_engine/kibana/security_rule/b2c3d4e5-f6a7-4890-b1c2-d3e4f5a60789_1.json +++ b/packages/security_detection_engine/kibana/security_rule/b2c3d4e5-f6a7-4890-b1c2-d3e4f5a60789_1.json @@ -18,7 +18,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b2c3d4e5-f6a7-5b6c-9d0e-1f2a3b4c5d6e_3.json b/packages/security_detection_engine/kibana/security_rule/b2c3d4e5-f6a7-5b6c-9d0e-1f2a3b4c5d6e_3.json index c888ee483a3..e98f066a141 100644 --- a/packages/security_detection_engine/kibana/security_rule/b2c3d4e5-f6a7-5b6c-9d0e-1f2a3b4c5d6e_3.json +++ b/packages/security_detection_engine/kibana/security_rule/b2c3d4e5-f6a7-5b6c-9d0e-1f2a3b4c5d6e_3.json @@ -17,11 +17,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b2c3d4e5-f6a7-8901-bcde-f123456789ab_3.json b/packages/security_detection_engine/kibana/security_rule/b2c3d4e5-f6a7-8901-bcde-f123456789ab_3.json index 18461b60aa4..a922c940f15 100644 --- a/packages/security_detection_engine/kibana/security_rule/b2c3d4e5-f6a7-8901-bcde-f123456789ab_3.json +++ b/packages/security_detection_engine/kibana/security_rule/b2c3d4e5-f6a7-8901-bcde-f123456789ab_3.json @@ -24,23 +24,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b2c3d4e5-f6a7-8901-bcde-f23456789012_3.json b/packages/security_detection_engine/kibana/security_rule/b2c3d4e5-f6a7-8901-bcde-f23456789012_3.json index aebb93edb8d..dd75f245239 100644 --- a/packages/security_detection_engine/kibana/security_rule/b2c3d4e5-f6a7-8901-bcde-f23456789012_3.json +++ b/packages/security_detection_engine/kibana/security_rule/b2c3d4e5-f6a7-8901-bcde-f23456789012_3.json @@ -20,19 +20,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b2f0ea08-2b60-4a2d-93d7-fe996a30031a_2.json b/packages/security_detection_engine/kibana/security_rule/b2f0ea08-2b60-4a2d-93d7-fe996a30031a_2.json index 72c46a452f0..88f2bfe55a4 100644 --- a/packages/security_detection_engine/kibana/security_rule/b2f0ea08-2b60-4a2d-93d7-fe996a30031a_2.json +++ b/packages/security_detection_engine/kibana/security_rule/b2f0ea08-2b60-4a2d-93d7-fe996a30031a_2.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b2f8c4e1-6a73-4f1e-9c2d-8e5b0a1d3f7c_1.json b/packages/security_detection_engine/kibana/security_rule/b2f8c4e1-6a73-4f1e-9c2d-8e5b0a1d3f7c_1.json index b193ac76d58..5255c8d79e0 100644 --- a/packages/security_detection_engine/kibana/security_rule/b2f8c4e1-6a73-4f1e-9c2d-8e5b0a1d3f7c_1.json +++ b/packages/security_detection_engine/kibana/security_rule/b2f8c4e1-6a73-4f1e-9c2d-8e5b0a1d3f7c_1.json @@ -46,7 +46,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b347b919-665f-4aac-b9e8-68369bf2340c_207.json b/packages/security_detection_engine/kibana/security_rule/b347b919-665f-4aac-b9e8-68369bf2340c_207.json index f59ff663a51..ee310352a60 100644 --- a/packages/security_detection_engine/kibana/security_rule/b347b919-665f-4aac-b9e8-68369bf2340c_207.json +++ b/packages/security_detection_engine/kibana/security_rule/b347b919-665f-4aac-b9e8-68369bf2340c_207.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/b36c99af-b944-4509-a523-7e0fad275be1_9.json b/packages/security_detection_engine/kibana/security_rule/b36c99af-b944-4509-a523-7e0fad275be1_9.json index 1aede13464d..ce5bc925757 100644 --- a/packages/security_detection_engine/kibana/security_rule/b36c99af-b944-4509-a523-7e0fad275be1_9.json +++ b/packages/security_detection_engine/kibana/security_rule/b36c99af-b944-4509-a523-7e0fad275be1_9.json @@ -42,7 +42,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b41a13c6-ba45-4bab-a534-df53d0cfed6a_322.json b/packages/security_detection_engine/kibana/security_rule/b41a13c6-ba45-4bab-a534-df53d0cfed6a_322.json index 3fbc188c1d0..80035c43e62 100644 --- a/packages/security_detection_engine/kibana/security_rule/b41a13c6-ba45-4bab-a534-df53d0cfed6a_322.json +++ b/packages/security_detection_engine/kibana/security_rule/b41a13c6-ba45-4bab-a534-df53d0cfed6a_322.json @@ -23,23 +23,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b42e4b88-fc4a-417b-a45e-4d4a3db9fd41_4.json b/packages/security_detection_engine/kibana/security_rule/b42e4b88-fc4a-417b-a45e-4d4a3db9fd41_4.json index df46a337ec9..1419caedd5b 100644 --- a/packages/security_detection_engine/kibana/security_rule/b42e4b88-fc4a-417b-a45e-4d4a3db9fd41_4.json +++ b/packages/security_detection_engine/kibana/security_rule/b42e4b88-fc4a-417b-a45e-4d4a3db9fd41_4.json @@ -13,7 +13,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b43570de-a908-4f7f-8bdb-b2df6ffd8c80_216.json b/packages/security_detection_engine/kibana/security_rule/b43570de-a908-4f7f-8bdb-b2df6ffd8c80_216.json index fe2965e9cce..9e45d634384 100644 --- a/packages/security_detection_engine/kibana/security_rule/b43570de-a908-4f7f-8bdb-b2df6ffd8c80_216.json +++ b/packages/security_detection_engine/kibana/security_rule/b43570de-a908-4f7f-8bdb-b2df6ffd8c80_216.json @@ -24,27 +24,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b4449455-f986-4b5a-82ed-e36b129331f7_111.json b/packages/security_detection_engine/kibana/security_rule/b4449455-f986-4b5a-82ed-e36b129331f7_111.json index aa1a6f7f3e3..d1016194b2d 100644 --- a/packages/security_detection_engine/kibana/security_rule/b4449455-f986-4b5a-82ed-e36b129331f7_111.json +++ b/packages/security_detection_engine/kibana/security_rule/b4449455-f986-4b5a-82ed-e36b129331f7_111.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b45ab1d2-712f-4f01-a751-df3826969807_211.json b/packages/security_detection_engine/kibana/security_rule/b45ab1d2-712f-4f01-a751-df3826969807_211.json index 54e6dff1356..21a0f9571b6 100644 --- a/packages/security_detection_engine/kibana/security_rule/b45ab1d2-712f-4f01-a751-df3826969807_211.json +++ b/packages/security_detection_engine/kibana/security_rule/b45ab1d2-712f-4f01-a751-df3826969807_211.json @@ -43,7 +43,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b483365c-98a8-40c0-92d8-0458ca25058a_108.json b/packages/security_detection_engine/kibana/security_rule/b483365c-98a8-40c0-92d8-0458ca25058a_108.json index 6751231e5c1..0b9633ec87c 100644 --- a/packages/security_detection_engine/kibana/security_rule/b483365c-98a8-40c0-92d8-0458ca25058a_108.json +++ b/packages/security_detection_engine/kibana/security_rule/b483365c-98a8-40c0-92d8-0458ca25058a_108.json @@ -21,15 +21,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b4a80990-e028-4792-83eb-09e59959059f_1.json b/packages/security_detection_engine/kibana/security_rule/b4a80990-e028-4792-83eb-09e59959059f_1.json index 4b7314afacb..be2f0b9fd15 100644 --- a/packages/security_detection_engine/kibana/security_rule/b4a80990-e028-4792-83eb-09e59959059f_1.json +++ b/packages/security_detection_engine/kibana/security_rule/b4a80990-e028-4792-83eb-09e59959059f_1.json @@ -49,7 +49,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b4bb1440-0fcb-4ed1-87e5-b06d58efc5e9_415.json b/packages/security_detection_engine/kibana/security_rule/b4bb1440-0fcb-4ed1-87e5-b06d58efc5e9_415.json index 7ca971b23be..184ef502b46 100644 --- a/packages/security_detection_engine/kibana/security_rule/b4bb1440-0fcb-4ed1-87e5-b06d58efc5e9_415.json +++ b/packages/security_detection_engine/kibana/security_rule/b4bb1440-0fcb-4ed1-87e5-b06d58efc5e9_415.json @@ -27,7 +27,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b4bd186b-69c6-45ad-8bef-5c35bbadeaef_3.json b/packages/security_detection_engine/kibana/security_rule/b4bd186b-69c6-45ad-8bef-5c35bbadeaef_3.json index 5d2b1f2e396..7bf85ccc695 100644 --- a/packages/security_detection_engine/kibana/security_rule/b4bd186b-69c6-45ad-8bef-5c35bbadeaef_3.json +++ b/packages/security_detection_engine/kibana/security_rule/b4bd186b-69c6-45ad-8bef-5c35bbadeaef_3.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b4c8e2a1-9f3d-4e7c-a2b1-0d5e6f7a8b9c_2.json b/packages/security_detection_engine/kibana/security_rule/b4c8e2a1-9f3d-4e7c-a2b1-0d5e6f7a8b9c_2.json index 8a7f4fb2c32..4f48b5f2eb7 100644 --- a/packages/security_detection_engine/kibana/security_rule/b4c8e2a1-9f3d-4e7c-a2b1-0d5e6f7a8b9c_2.json +++ b/packages/security_detection_engine/kibana/security_rule/b4c8e2a1-9f3d-4e7c-a2b1-0d5e6f7a8b9c_2.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b51dbc92-84e2-4af1-ba47-65183fcd0c57_12.json b/packages/security_detection_engine/kibana/security_rule/b51dbc92-84e2-4af1-ba47-65183fcd0c57_12.json index 23a22ccbb55..0c49bcf7d86 100644 --- a/packages/security_detection_engine/kibana/security_rule/b51dbc92-84e2-4af1-ba47-65183fcd0c57_12.json +++ b/packages/security_detection_engine/kibana/security_rule/b51dbc92-84e2-4af1-ba47-65183fcd0c57_12.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b53f1d73-150d-484d-8f02-222abeb5d5fa_104.json b/packages/security_detection_engine/kibana/security_rule/b53f1d73-150d-484d-8f02-222abeb5d5fa_104.json index f9b51c4ace6..f6e94cf5300 100644 --- a/packages/security_detection_engine/kibana/security_rule/b53f1d73-150d-484d-8f02-222abeb5d5fa_104.json +++ b/packages/security_detection_engine/kibana/security_rule/b53f1d73-150d-484d-8f02-222abeb5d5fa_104.json @@ -26,31 +26,31 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b5877334-677f-4fb9-86d5-a9721274223b_320.json b/packages/security_detection_engine/kibana/security_rule/b5877334-677f-4fb9-86d5-a9721274223b_320.json index 9105f01b16f..b280a27e2f7 100644 --- a/packages/security_detection_engine/kibana/security_rule/b5877334-677f-4fb9-86d5-a9721274223b_320.json +++ b/packages/security_detection_engine/kibana/security_rule/b5877334-677f-4fb9-86d5-a9721274223b_320.json @@ -29,27 +29,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b5ea4bfe-a1b2-421f-9d47-22a75a6f2921_318.json b/packages/security_detection_engine/kibana/security_rule/b5ea4bfe-a1b2-421f-9d47-22a75a6f2921_318.json index 9877e511625..5d57ca55338 100644 --- a/packages/security_detection_engine/kibana/security_rule/b5ea4bfe-a1b2-421f-9d47-22a75a6f2921_318.json +++ b/packages/security_detection_engine/kibana/security_rule/b5ea4bfe-a1b2-421f-9d47-22a75a6f2921_318.json @@ -40,27 +40,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b5f94e78-fb4d-4f4b-879e-e51ea667d09c_1.json b/packages/security_detection_engine/kibana/security_rule/b5f94e78-fb4d-4f4b-879e-e51ea667d09c_1.json index 4b4151979e8..3702093f0de 100644 --- a/packages/security_detection_engine/kibana/security_rule/b5f94e78-fb4d-4f4b-879e-e51ea667d09c_1.json +++ b/packages/security_detection_engine/kibana/security_rule/b5f94e78-fb4d-4f4b-879e-e51ea667d09c_1.json @@ -18,7 +18,7 @@ "related_integrations": [ { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "risk_score": 47, diff --git a/packages/security_detection_engine/kibana/security_rule/b605f262-f7dc-41b5-9ebc-06bafe7a83b6_8.json b/packages/security_detection_engine/kibana/security_rule/b605f262-f7dc-41b5-9ebc-06bafe7a83b6_8.json index 4449186e65e..7fc9c4f8e0f 100644 --- a/packages/security_detection_engine/kibana/security_rule/b605f262-f7dc-41b5-9ebc-06bafe7a83b6_8.json +++ b/packages/security_detection_engine/kibana/security_rule/b605f262-f7dc-41b5-9ebc-06bafe7a83b6_8.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b625c9ad-16e5-4f16-8d38-3e9631952554_3.json b/packages/security_detection_engine/kibana/security_rule/b625c9ad-16e5-4f16-8d38-3e9631952554_3.json index 31f2abf0910..f0dc9c9d89c 100644 --- a/packages/security_detection_engine/kibana/security_rule/b625c9ad-16e5-4f16-8d38-3e9631952554_3.json +++ b/packages/security_detection_engine/kibana/security_rule/b625c9ad-16e5-4f16-8d38-3e9631952554_3.json @@ -42,7 +42,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b627cd12-dac4-11ec-9582-f661ea17fbcd_114.json b/packages/security_detection_engine/kibana/security_rule/b627cd12-dac4-11ec-9582-f661ea17fbcd_114.json index 2cb4b630562..55f191c5bb2 100644 --- a/packages/security_detection_engine/kibana/security_rule/b627cd12-dac4-11ec-9582-f661ea17fbcd_114.json +++ b/packages/security_detection_engine/kibana/security_rule/b627cd12-dac4-11ec-9582-f661ea17fbcd_114.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b64b183e-1a76-422d-9179-7b389513e74d_215.json b/packages/security_detection_engine/kibana/security_rule/b64b183e-1a76-422d-9179-7b389513e74d_215.json index a45c383f6a9..c173e5dfb2c 100644 --- a/packages/security_detection_engine/kibana/security_rule/b64b183e-1a76-422d-9179-7b389513e74d_215.json +++ b/packages/security_detection_engine/kibana/security_rule/b64b183e-1a76-422d-9179-7b389513e74d_215.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b661f86d-1c23-4ce7-a59e-2edbdba28247_210.json b/packages/security_detection_engine/kibana/security_rule/b661f86d-1c23-4ce7-a59e-2edbdba28247_210.json index 0bccb3ba13c..9a6963f8609 100644 --- a/packages/security_detection_engine/kibana/security_rule/b661f86d-1c23-4ce7-a59e-2edbdba28247_210.json +++ b/packages/security_detection_engine/kibana/security_rule/b661f86d-1c23-4ce7-a59e-2edbdba28247_210.json @@ -27,27 +27,27 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b66b7e2b-d50a-49b9-a6fc-3a383baedc6b_110.json b/packages/security_detection_engine/kibana/security_rule/b66b7e2b-d50a-49b9-a6fc-3a383baedc6b_110.json index 40fbeafbbeb..ea66744745f 100644 --- a/packages/security_detection_engine/kibana/security_rule/b66b7e2b-d50a-49b9-a6fc-3a383baedc6b_110.json +++ b/packages/security_detection_engine/kibana/security_rule/b66b7e2b-d50a-49b9-a6fc-3a383baedc6b_110.json @@ -25,23 +25,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b6dce542-2b75-4ffb-b7d6-38787298ba9d_109.json b/packages/security_detection_engine/kibana/security_rule/b6dce542-2b75-4ffb-b7d6-38787298ba9d_109.json index e517b9b179d..1677e9eb1fc 100644 --- a/packages/security_detection_engine/kibana/security_rule/b6dce542-2b75-4ffb-b7d6-38787298ba9d_109.json +++ b/packages/security_detection_engine/kibana/security_rule/b6dce542-2b75-4ffb-b7d6-38787298ba9d_109.json @@ -24,7 +24,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b719a170-3bdb-4141-b0e3-13e3cf627bfe_415.json b/packages/security_detection_engine/kibana/security_rule/b719a170-3bdb-4141-b0e3-13e3cf627bfe_415.json index f4513f1b81e..b3d1ea66581 100644 --- a/packages/security_detection_engine/kibana/security_rule/b719a170-3bdb-4141-b0e3-13e3cf627bfe_415.json +++ b/packages/security_detection_engine/kibana/security_rule/b719a170-3bdb-4141-b0e3-13e3cf627bfe_415.json @@ -27,7 +27,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b799720e-40d0-4dd6-9c9c-4f193a6ed643_1.json b/packages/security_detection_engine/kibana/security_rule/b799720e-40d0-4dd6-9c9c-4f193a6ed643_1.json index bdaf8e20850..211f8ba6178 100644 --- a/packages/security_detection_engine/kibana/security_rule/b799720e-40d0-4dd6-9c9c-4f193a6ed643_1.json +++ b/packages/security_detection_engine/kibana/security_rule/b799720e-40d0-4dd6-9c9c-4f193a6ed643_1.json @@ -18,7 +18,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b7e2a04d-4f8a-4e12-8c9a-1d5e6f7a8b9c_3.json b/packages/security_detection_engine/kibana/security_rule/b7e2a04d-4f8a-4e12-8c9a-1d5e6f7a8b9c_3.json index f2375938e15..323aaf6ad82 100644 --- a/packages/security_detection_engine/kibana/security_rule/b7e2a04d-4f8a-4e12-8c9a-1d5e6f7a8b9c_3.json +++ b/packages/security_detection_engine/kibana/security_rule/b7e2a04d-4f8a-4e12-8c9a-1d5e6f7a8b9c_3.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "fortinet_fortigate", - "version": "^1.31.0" + "version": ">=1.31.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b8075894-0b62-46e5-977c-31275da34419_414.json b/packages/security_detection_engine/kibana/security_rule/b8075894-0b62-46e5-977c-31275da34419_414.json index f0f35dfe05e..c36c2f8679d 100644 --- a/packages/security_detection_engine/kibana/security_rule/b8075894-0b62-46e5-977c-31275da34419_414.json +++ b/packages/security_detection_engine/kibana/security_rule/b8075894-0b62-46e5-977c-31275da34419_414.json @@ -27,7 +27,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b81bd314-db5b-4d97-82e8-88e3e5fc9de5_8.json b/packages/security_detection_engine/kibana/security_rule/b81bd314-db5b-4d97-82e8-88e3e5fc9de5_8.json index 3e6169f3b57..8104629ae9b 100644 --- a/packages/security_detection_engine/kibana/security_rule/b81bd314-db5b-4d97-82e8-88e3e5fc9de5_8.json +++ b/packages/security_detection_engine/kibana/security_rule/b81bd314-db5b-4d97-82e8-88e3e5fc9de5_8.json @@ -25,11 +25,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b8386923-b02c-4b94-986a-d223d9b01f88_113.json b/packages/security_detection_engine/kibana/security_rule/b8386923-b02c-4b94-986a-d223d9b01f88_113.json index d1f8d7e4843..c02b07d981d 100644 --- a/packages/security_detection_engine/kibana/security_rule/b8386923-b02c-4b94-986a-d223d9b01f88_113.json +++ b/packages/security_detection_engine/kibana/security_rule/b8386923-b02c-4b94-986a-d223d9b01f88_113.json @@ -39,7 +39,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b83a7e96-2eb3-4edf-8346-427b6858d3bd_418.json b/packages/security_detection_engine/kibana/security_rule/b83a7e96-2eb3-4edf-8346-427b6858d3bd_418.json index 1bb89235070..b38c42c6976 100644 --- a/packages/security_detection_engine/kibana/security_rule/b83a7e96-2eb3-4edf-8346-427b6858d3bd_418.json +++ b/packages/security_detection_engine/kibana/security_rule/b83a7e96-2eb3-4edf-8346-427b6858d3bd_418.json @@ -45,23 +45,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b84264aa-37a3-49f8-8bbc-60acbe9d4f86_1.json b/packages/security_detection_engine/kibana/security_rule/b84264aa-37a3-49f8-8bbc-60acbe9d4f86_1.json index eb8e1d993e1..d6b56824091 100644 --- a/packages/security_detection_engine/kibana/security_rule/b84264aa-37a3-49f8-8bbc-60acbe9d4f86_1.json +++ b/packages/security_detection_engine/kibana/security_rule/b84264aa-37a3-49f8-8bbc-60acbe9d4f86_1.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b86afe07-0d98-4738-b15d-8d7465f95ff5_212.json b/packages/security_detection_engine/kibana/security_rule/b86afe07-0d98-4738-b15d-8d7465f95ff5_212.json index d34b5e6fb7b..d0f57323117 100644 --- a/packages/security_detection_engine/kibana/security_rule/b86afe07-0d98-4738-b15d-8d7465f95ff5_212.json +++ b/packages/security_detection_engine/kibana/security_rule/b86afe07-0d98-4738-b15d-8d7465f95ff5_212.json @@ -23,15 +23,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b8c3e5d0-8a1a-11ef-9b4a-f661ea17fbce_1.json b/packages/security_detection_engine/kibana/security_rule/b8c3e5d0-8a1a-11ef-9b4a-f661ea17fbce_1.json index f71620b5580..ae5153914e7 100644 --- a/packages/security_detection_engine/kibana/security_rule/b8c3e5d0-8a1a-11ef-9b4a-f661ea17fbce_1.json +++ b/packages/security_detection_engine/kibana/security_rule/b8c3e5d0-8a1a-11ef-9b4a-f661ea17fbce_1.json @@ -21,7 +21,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b8c7d6e5-f4a3-4b2c-9d8e-7f6a5b4c3d2e_1.json b/packages/security_detection_engine/kibana/security_rule/b8c7d6e5-f4a3-4b2c-9d8e-7f6a5b4c3d2e_1.json index 055c72d3b45..0c35c62ea30 100644 --- a/packages/security_detection_engine/kibana/security_rule/b8c7d6e5-f4a3-4b2c-9d8e-7f6a5b4c3d2e_1.json +++ b/packages/security_detection_engine/kibana/security_rule/b8c7d6e5-f4a3-4b2c-9d8e-7f6a5b4c3d2e_1.json @@ -29,7 +29,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b8e4c2a1-7f3d-4e9b-8c5a-1d0e6f2a4b8c_1.json b/packages/security_detection_engine/kibana/security_rule/b8e4c2a1-7f3d-4e9b-8c5a-1d0e6f2a4b8c_1.json index eb6916562b1..ef691a0d17d 100644 --- a/packages/security_detection_engine/kibana/security_rule/b8e4c2a1-7f3d-4e9b-8c5a-1d0e6f2a4b8c_1.json +++ b/packages/security_detection_engine/kibana/security_rule/b8e4c2a1-7f3d-4e9b-8c5a-1d0e6f2a4b8c_1.json @@ -18,7 +18,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b8f54e38-7a1d-4c9b-9e2f-3a4b5c6d7e8f_2.json b/packages/security_detection_engine/kibana/security_rule/b8f54e38-7a1d-4c9b-9e2f-3a4b5c6d7e8f_2.json index f5e19868e96..64583a8f800 100644 --- a/packages/security_detection_engine/kibana/security_rule/b8f54e38-7a1d-4c9b-9e2f-3a4b5c6d7e8f_2.json +++ b/packages/security_detection_engine/kibana/security_rule/b8f54e38-7a1d-4c9b-9e2f-3a4b5c6d7e8f_2.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b8f8da2d-a9dc-48c0-90e4-955c0aa1259a_316.json b/packages/security_detection_engine/kibana/security_rule/b8f8da2d-a9dc-48c0-90e4-955c0aa1259a_316.json index 2c3a1261205..74f1b72f4dd 100644 --- a/packages/security_detection_engine/kibana/security_rule/b8f8da2d-a9dc-48c0-90e4-955c0aa1259a_316.json +++ b/packages/security_detection_engine/kibana/security_rule/b8f8da2d-a9dc-48c0-90e4-955c0aa1259a_316.json @@ -44,23 +44,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b90cdde7-7e0d-4359-8bf0-2c112ce2008a_314.json b/packages/security_detection_engine/kibana/security_rule/b90cdde7-7e0d-4359-8bf0-2c112ce2008a_314.json index ffa8b89e702..0ca3f49da1b 100644 --- a/packages/security_detection_engine/kibana/security_rule/b90cdde7-7e0d-4359-8bf0-2c112ce2008a_314.json +++ b/packages/security_detection_engine/kibana/security_rule/b90cdde7-7e0d-4359-8bf0-2c112ce2008a_314.json @@ -43,19 +43,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b910f25a-2d44-47f2-a873-aabdc0d355e6_219.json b/packages/security_detection_engine/kibana/security_rule/b910f25a-2d44-47f2-a873-aabdc0d355e6_219.json index 340b3fed670..782253555a0 100644 --- a/packages/security_detection_engine/kibana/security_rule/b910f25a-2d44-47f2-a873-aabdc0d355e6_219.json +++ b/packages/security_detection_engine/kibana/security_rule/b910f25a-2d44-47f2-a873-aabdc0d355e6_219.json @@ -21,11 +21,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b92d5eae-70bb-4b66-be27-f98ba9d0ccdc_6.json b/packages/security_detection_engine/kibana/security_rule/b92d5eae-70bb-4b66-be27-f98ba9d0ccdc_6.json index 4ccf330eab1..ef3fcbfcc91 100644 --- a/packages/security_detection_engine/kibana/security_rule/b92d5eae-70bb-4b66-be27-f98ba9d0ccdc_6.json +++ b/packages/security_detection_engine/kibana/security_rule/b92d5eae-70bb-4b66-be27-f98ba9d0ccdc_6.json @@ -21,15 +21,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b946c2f7-df06-4c00-a5aa-1f6fbc7bb72c_4.json b/packages/security_detection_engine/kibana/security_rule/b946c2f7-df06-4c00-a5aa-1f6fbc7bb72c_4.json deleted file mode 100644 index 9df39c28e5e..00000000000 --- a/packages/security_detection_engine/kibana/security_rule/b946c2f7-df06-4c00-a5aa-1f6fbc7bb72c_4.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "attributes": { - "author": [ - "Elastic" - ], - "description": "This rule uses alert data to determine when multiple alerts in different phases of an attack involving the same host are triggered. Analysts can use this to prioritize triage and response, as these hosts are more likely to be compromised.", - "false_positives": [ - "False positives can occur because the rules may be mapped to a few MITRE ATT&CK tactics. Use the attached Timeline to determine which detections were triggered on the host." - ], - "from": "now-24h", - "index": [ - ".alerts-security.*" - ], - "interval": "1h", - "language": "kuery", - "license": "Elastic License v2", - "name": "Multiple Alerts in Different ATT&CK Tactics on a Single Host", - "query": "signal.rule.name:* and kibana.alert.rule.threat.tactic.id:*\n", - "required_fields": [ - { - "ecs": false, - "name": "kibana.alert.rule.threat.tactic.id", - "type": "unknown" - }, - { - "ecs": false, - "name": "signal.rule.name", - "type": "unknown" - } - ], - "risk_score": 73, - "rule_id": "b946c2f7-df06-4c00-a5aa-1f6fbc7bb72c", - "severity": "high", - "tags": [ - "Use Case: Threat Detection", - "Rule Type: Higher-Order Rule" - ], - "threshold": { - "cardinality": [ - { - "field": "kibana.alert.rule.threat.tactic.id", - "value": 3 - } - ], - "field": [ - "host.id" - ], - "value": 1 - }, - "timestamp_override": "event.ingested", - "type": "threshold", - "version": 4 - }, - "id": "b946c2f7-df06-4c00-a5aa-1f6fbc7bb72c_4", - "type": "security-rule" -} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/b9554892-5e0e-424b-83a0-5aef95aa43bf_215.json b/packages/security_detection_engine/kibana/security_rule/b9554892-5e0e-424b-83a0-5aef95aa43bf_215.json index 27e24b865d5..8d5adfaa71d 100644 --- a/packages/security_detection_engine/kibana/security_rule/b9554892-5e0e-424b-83a0-5aef95aa43bf_215.json +++ b/packages/security_detection_engine/kibana/security_rule/b9554892-5e0e-424b-83a0-5aef95aa43bf_215.json @@ -39,11 +39,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b9666521-4742-49ce-9ddc-b8e84c35acae_116.json b/packages/security_detection_engine/kibana/security_rule/b9666521-4742-49ce-9ddc-b8e84c35acae_116.json index 49100b0f719..d4a87c4223c 100644 --- a/packages/security_detection_engine/kibana/security_rule/b9666521-4742-49ce-9ddc-b8e84c35acae_116.json +++ b/packages/security_detection_engine/kibana/security_rule/b9666521-4742-49ce-9ddc-b8e84c35acae_116.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b9960fef-82c6-4816-befa-44745030e917_317.json b/packages/security_detection_engine/kibana/security_rule/b9960fef-82c6-4816-befa-44745030e917_317.json index fe90500f300..071faa2f097 100644 --- a/packages/security_detection_engine/kibana/security_rule/b9960fef-82c6-4816-befa-44745030e917_317.json +++ b/packages/security_detection_engine/kibana/security_rule/b9960fef-82c6-4816-befa-44745030e917_317.json @@ -25,23 +25,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b9b14be7-b7f4-4367-9934-81f07d2f63c4_107.json b/packages/security_detection_engine/kibana/security_rule/b9b14be7-b7f4-4367-9934-81f07d2f63c4_107.json index 5fb1aceb7fb..424432c2386 100644 --- a/packages/security_detection_engine/kibana/security_rule/b9b14be7-b7f4-4367-9934-81f07d2f63c4_107.json +++ b/packages/security_detection_engine/kibana/security_rule/b9b14be7-b7f4-4367-9934-81f07d2f63c4_107.json @@ -24,11 +24,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/b9c8d7e6-5a4f-3c2b-1d0e-9f8a7b6c5d4e_1.json b/packages/security_detection_engine/kibana/security_rule/b9c8d7e6-5a4f-3c2b-1d0e-9f8a7b6c5d4e_1.json index 0177c9f1bcc..57bb7c578a9 100644 --- a/packages/security_detection_engine/kibana/security_rule/b9c8d7e6-5a4f-3c2b-1d0e-9f8a7b6c5d4e_1.json +++ b/packages/security_detection_engine/kibana/security_rule/b9c8d7e6-5a4f-3c2b-1d0e-9f8a7b6c5d4e_1.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ba342eb2-583c-439f-b04d-1fdd7c1417cc_311.json b/packages/security_detection_engine/kibana/security_rule/ba342eb2-583c-439f-b04d-1fdd7c1417cc_311.json index c7f22892de8..7083d006809 100644 --- a/packages/security_detection_engine/kibana/security_rule/ba342eb2-583c-439f-b04d-1fdd7c1417cc_311.json +++ b/packages/security_detection_engine/kibana/security_rule/ba342eb2-583c-439f-b04d-1fdd7c1417cc_311.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/ba5a0b0c-b477-4729-a3dc-0147c2049cf1_6.json b/packages/security_detection_engine/kibana/security_rule/ba5a0b0c-b477-4729-a3dc-0147c2049cf1_6.json index 9a92b9fe237..bacaa330231 100644 --- a/packages/security_detection_engine/kibana/security_rule/ba5a0b0c-b477-4729-a3dc-0147c2049cf1_6.json +++ b/packages/security_detection_engine/kibana/security_rule/ba5a0b0c-b477-4729-a3dc-0147c2049cf1_6.json @@ -52,7 +52,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ba81c182-4287-489d-af4d-8ae834b06040_8.json b/packages/security_detection_engine/kibana/security_rule/ba81c182-4287-489d-af4d-8ae834b06040_8.json index 30c623b3a65..764cd9a3978 100644 --- a/packages/security_detection_engine/kibana/security_rule/ba81c182-4287-489d-af4d-8ae834b06040_8.json +++ b/packages/security_detection_engine/kibana/security_rule/ba81c182-4287-489d-af4d-8ae834b06040_8.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/baa5d22c-5e1c-4f33-bfc9-efa73bb53022_214.json b/packages/security_detection_engine/kibana/security_rule/baa5d22c-5e1c-4f33-bfc9-efa73bb53022_214.json index 5d01d519690..6ef432b5277 100644 --- a/packages/security_detection_engine/kibana/security_rule/baa5d22c-5e1c-4f33-bfc9-efa73bb53022_214.json +++ b/packages/security_detection_engine/kibana/security_rule/baa5d22c-5e1c-4f33-bfc9-efa73bb53022_214.json @@ -23,11 +23,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/bab88bb8-cdd9-11ef-bd9a-f661ea17fbcd_8.json b/packages/security_detection_engine/kibana/security_rule/bab88bb8-cdd9-11ef-bd9a-f661ea17fbcd_8.json index a6d4bded63f..44dc21f739d 100644 --- a/packages/security_detection_engine/kibana/security_rule/bab88bb8-cdd9-11ef-bd9a-f661ea17fbcd_8.json +++ b/packages/security_detection_engine/kibana/security_rule/bab88bb8-cdd9-11ef-bd9a-f661ea17fbcd_8.json @@ -43,7 +43,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/bb3ac0e3-2c9c-4069-a26d-75ca6a6e547b_1.json b/packages/security_detection_engine/kibana/security_rule/bb3ac0e3-2c9c-4069-a26d-75ca6a6e547b_1.json index 4af402337b2..c514ff2b2a2 100644 --- a/packages/security_detection_engine/kibana/security_rule/bb3ac0e3-2c9c-4069-a26d-75ca6a6e547b_1.json +++ b/packages/security_detection_engine/kibana/security_rule/bb3ac0e3-2c9c-4069-a26d-75ca6a6e547b_1.json @@ -43,7 +43,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/bb4fe8d2-7ae2-475c-8b5d-55b449e4264f_109.json b/packages/security_detection_engine/kibana/security_rule/bb4fe8d2-7ae2-475c-8b5d-55b449e4264f_109.json index cef0c4f3589..5e77b2c707b 100644 --- a/packages/security_detection_engine/kibana/security_rule/bb4fe8d2-7ae2-475c-8b5d-55b449e4264f_109.json +++ b/packages/security_detection_engine/kibana/security_rule/bb4fe8d2-7ae2-475c-8b5d-55b449e4264f_109.json @@ -24,7 +24,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/bb9b13b2-1700-48a8-a750-b43b0a72ab69_213.json b/packages/security_detection_engine/kibana/security_rule/bb9b13b2-1700-48a8-a750-b43b0a72ab69_213.json index a66d1dfb07d..3d0c0093532 100644 --- a/packages/security_detection_engine/kibana/security_rule/bb9b13b2-1700-48a8-a750-b43b0a72ab69_213.json +++ b/packages/security_detection_engine/kibana/security_rule/bb9b13b2-1700-48a8-a750-b43b0a72ab69_213.json @@ -42,7 +42,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/bba1b212-b85c-41c6-9b28-be0e5cdfc9b1_213.json b/packages/security_detection_engine/kibana/security_rule/bba1b212-b85c-41c6-9b28-be0e5cdfc9b1_213.json index f5022d77319..6378875ba92 100644 --- a/packages/security_detection_engine/kibana/security_rule/bba1b212-b85c-41c6-9b28-be0e5cdfc9b1_213.json +++ b/packages/security_detection_engine/kibana/security_rule/bba1b212-b85c-41c6-9b28-be0e5cdfc9b1_213.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/bba8c7d1-172b-435d-9034-02ed9289c628_2.json b/packages/security_detection_engine/kibana/security_rule/bba8c7d1-172b-435d-9034-02ed9289c628_2.json index 6f4ee9fdd2a..f198d44b19d 100644 --- a/packages/security_detection_engine/kibana/security_rule/bba8c7d1-172b-435d-9034-02ed9289c628_2.json +++ b/packages/security_detection_engine/kibana/security_rule/bba8c7d1-172b-435d-9034-02ed9289c628_2.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/bbaa96b9-f36c-4898-ace2-581acb00a409_14.json b/packages/security_detection_engine/kibana/security_rule/bbaa96b9-f36c-4898-ace2-581acb00a409_14.json index 92ac28a788c..6d72d813f71 100644 --- a/packages/security_detection_engine/kibana/security_rule/bbaa96b9-f36c-4898-ace2-581acb00a409_14.json +++ b/packages/security_detection_engine/kibana/security_rule/bbaa96b9-f36c-4898-ace2-581acb00a409_14.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" }, { "package": "panw", - "version": "^5.2.0" + "version": ">=5.2.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/bbd1a775-8267-41fa-9232-20e5582596ac_214.json b/packages/security_detection_engine/kibana/security_rule/bbd1a775-8267-41fa-9232-20e5582596ac_214.json index 5531dfa3e9f..81751c9ba66 100644 --- a/packages/security_detection_engine/kibana/security_rule/bbd1a775-8267-41fa-9232-20e5582596ac_214.json +++ b/packages/security_detection_engine/kibana/security_rule/bbd1a775-8267-41fa-9232-20e5582596ac_214.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/bc0f2d83-32b8-4ae2-b0e6-6a45772e9331_108.json b/packages/security_detection_engine/kibana/security_rule/bc0f2d83-32b8-4ae2-b0e6-6a45772e9331_108.json index b69272a45fc..49a604891f2 100644 --- a/packages/security_detection_engine/kibana/security_rule/bc0f2d83-32b8-4ae2-b0e6-6a45772e9331_108.json +++ b/packages/security_detection_engine/kibana/security_rule/bc0f2d83-32b8-4ae2-b0e6-6a45772e9331_108.json @@ -23,7 +23,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/bc0fc359-68db-421e-a435-348ced7a7f92_7.json b/packages/security_detection_engine/kibana/security_rule/bc0fc359-68db-421e-a435-348ced7a7f92_7.json index df5514a75b6..360ed5eb5cb 100644 --- a/packages/security_detection_engine/kibana/security_rule/bc0fc359-68db-421e-a435-348ced7a7f92_7.json +++ b/packages/security_detection_engine/kibana/security_rule/bc0fc359-68db-421e-a435-348ced7a7f92_7.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/bc1eeacf-2972-434f-b782-3a532b100d67_110.json b/packages/security_detection_engine/kibana/security_rule/bc1eeacf-2972-434f-b782-3a532b100d67_110.json index faa6bade47f..27d2f5b2c28 100644 --- a/packages/security_detection_engine/kibana/security_rule/bc1eeacf-2972-434f-b782-3a532b100d67_110.json +++ b/packages/security_detection_engine/kibana/security_rule/bc1eeacf-2972-434f-b782-3a532b100d67_110.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/bc48bba7-4a23-4232-b551-eca3ca1e3f20_110.json b/packages/security_detection_engine/kibana/security_rule/bc48bba7-4a23-4232-b551-eca3ca1e3f20_110.json index c42cbb7f511..d9cc394f2ef 100644 --- a/packages/security_detection_engine/kibana/security_rule/bc48bba7-4a23-4232-b551-eca3ca1e3f20_110.json +++ b/packages/security_detection_engine/kibana/security_rule/bc48bba7-4a23-4232-b551-eca3ca1e3f20_110.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/bc9e4f5a-e263-4213-a2ac-1edf9b417ada_4.json b/packages/security_detection_engine/kibana/security_rule/bc9e4f5a-e263-4213-a2ac-1edf9b417ada_4.json index c73367e5424..129a1146c3e 100644 --- a/packages/security_detection_engine/kibana/security_rule/bc9e4f5a-e263-4213-a2ac-1edf9b417ada_4.json +++ b/packages/security_detection_engine/kibana/security_rule/bc9e4f5a-e263-4213-a2ac-1edf9b417ada_4.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/bca7d28e-4a48-47b1-adb7-5074310e9a61_108.json b/packages/security_detection_engine/kibana/security_rule/bca7d28e-4a48-47b1-adb7-5074310e9a61_108.json index 561f67be007..c72e90395e0 100644 --- a/packages/security_detection_engine/kibana/security_rule/bca7d28e-4a48-47b1-adb7-5074310e9a61_108.json +++ b/packages/security_detection_engine/kibana/security_rule/bca7d28e-4a48-47b1-adb7-5074310e9a61_108.json @@ -23,7 +23,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/bcaa15ce-2d41-44d7-a322-918f9db77766_10.json b/packages/security_detection_engine/kibana/security_rule/bcaa15ce-2d41-44d7-a322-918f9db77766_10.json index ef540866f3a..25c171abab0 100644 --- a/packages/security_detection_engine/kibana/security_rule/bcaa15ce-2d41-44d7-a322-918f9db77766_10.json +++ b/packages/security_detection_engine/kibana/security_rule/bcaa15ce-2d41-44d7-a322-918f9db77766_10.json @@ -22,15 +22,15 @@ "related_integrations": [ { "package": "dga", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/bcf0e362-0a2f-4f5e-9dd8-0d34f901781f_5.json b/packages/security_detection_engine/kibana/security_rule/bcf0e362-0a2f-4f5e-9dd8-0d34f901781f_5.json index 6924b411c6d..21fb7701ca2 100644 --- a/packages/security_detection_engine/kibana/security_rule/bcf0e362-0a2f-4f5e-9dd8-0d34f901781f_5.json +++ b/packages/security_detection_engine/kibana/security_rule/bcf0e362-0a2f-4f5e-9dd8-0d34f901781f_5.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/bd18f4a3-c4c6-43b9-a1e4-b05e09998110_4.json b/packages/security_detection_engine/kibana/security_rule/bd18f4a3-c4c6-43b9-a1e4-b05e09998110_4.json index 51951f1b67e..771c0fcd703 100644 --- a/packages/security_detection_engine/kibana/security_rule/bd18f4a3-c4c6-43b9-a1e4-b05e09998110_4.json +++ b/packages/security_detection_engine/kibana/security_rule/bd18f4a3-c4c6-43b9-a1e4-b05e09998110_4.json @@ -21,19 +21,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/bd1eadf6-3ac6-4e66-91aa-4a1e6711915f_104.json b/packages/security_detection_engine/kibana/security_rule/bd1eadf6-3ac6-4e66-91aa-4a1e6711915f_104.json index 01ea5fc2892..59979328d37 100644 --- a/packages/security_detection_engine/kibana/security_rule/bd1eadf6-3ac6-4e66-91aa-4a1e6711915f_104.json +++ b/packages/security_detection_engine/kibana/security_rule/bd1eadf6-3ac6-4e66-91aa-4a1e6711915f_104.json @@ -18,15 +18,15 @@ "related_integrations": [ { "package": "pad", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sysmon_linux", - "version": "^1.8.0" + "version": ">=1.8.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/bd2c86a0-8b61-4457-ab38-96943984e889_219.json b/packages/security_detection_engine/kibana/security_rule/bd2c86a0-8b61-4457-ab38-96943984e889_219.json index d5979e0ad74..4c6f81d40e0 100644 --- a/packages/security_detection_engine/kibana/security_rule/bd2c86a0-8b61-4457-ab38-96943984e889_219.json +++ b/packages/security_detection_engine/kibana/security_rule/bd2c86a0-8b61-4457-ab38-96943984e889_219.json @@ -40,7 +40,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/bd3d058d-5405-4cee-b890-337f09366ba2_109.json b/packages/security_detection_engine/kibana/security_rule/bd3d058d-5405-4cee-b890-337f09366ba2_109.json index 94d10774934..1ce87682fec 100644 --- a/packages/security_detection_engine/kibana/security_rule/bd3d058d-5405-4cee-b890-337f09366ba2_109.json +++ b/packages/security_detection_engine/kibana/security_rule/bd3d058d-5405-4cee-b890-337f09366ba2_109.json @@ -23,15 +23,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/bd7eefee-f671-494e-98df-f01daf9e5f17_215.json b/packages/security_detection_engine/kibana/security_rule/bd7eefee-f671-494e-98df-f01daf9e5f17_215.json index 9b071ae5980..f2640943e0d 100644 --- a/packages/security_detection_engine/kibana/security_rule/bd7eefee-f671-494e-98df-f01daf9e5f17_215.json +++ b/packages/security_detection_engine/kibana/security_rule/bd7eefee-f671-494e-98df-f01daf9e5f17_215.json @@ -36,19 +36,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/bdcf646b-08d4-492c-870a-6c04e3700034_216.json b/packages/security_detection_engine/kibana/security_rule/bdcf646b-08d4-492c-870a-6c04e3700034_216.json index d4c7f193972..64cbd32706d 100644 --- a/packages/security_detection_engine/kibana/security_rule/bdcf646b-08d4-492c-870a-6c04e3700034_216.json +++ b/packages/security_detection_engine/kibana/security_rule/bdcf646b-08d4-492c-870a-6c04e3700034_216.json @@ -43,11 +43,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/bdfaddc4-4438-48b4-bc43-9f5cf8151c46_111.json b/packages/security_detection_engine/kibana/security_rule/bdfaddc4-4438-48b4-bc43-9f5cf8151c46_111.json index a9c8812cade..19d228e26f9 100644 --- a/packages/security_detection_engine/kibana/security_rule/bdfaddc4-4438-48b4-bc43-9f5cf8151c46_111.json +++ b/packages/security_detection_engine/kibana/security_rule/bdfaddc4-4438-48b4-bc43-9f5cf8151c46_111.json @@ -25,27 +25,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/bdfebe11-e169-42e3-b344-c5d2015533d3_211.json b/packages/security_detection_engine/kibana/security_rule/bdfebe11-e169-42e3-b344-c5d2015533d3_211.json index 7f2f7ec15f0..cc41d4e34d7 100644 --- a/packages/security_detection_engine/kibana/security_rule/bdfebe11-e169-42e3-b344-c5d2015533d3_211.json +++ b/packages/security_detection_engine/kibana/security_rule/bdfebe11-e169-42e3-b344-c5d2015533d3_211.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "problemchild", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/be4c5aed-90f5-4221-8bd5-7ab3a4334751_109.json b/packages/security_detection_engine/kibana/security_rule/be4c5aed-90f5-4221-8bd5-7ab3a4334751_109.json index d128366ebe9..acac70915bb 100644 --- a/packages/security_detection_engine/kibana/security_rule/be4c5aed-90f5-4221-8bd5-7ab3a4334751_109.json +++ b/packages/security_detection_engine/kibana/security_rule/be4c5aed-90f5-4221-8bd5-7ab3a4334751_109.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "lmd", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/be70614d-4295-473c-a953-582aef41c865_8.json b/packages/security_detection_engine/kibana/security_rule/be70614d-4295-473c-a953-582aef41c865_8.json index 9060075078e..94a3194dc4b 100644 --- a/packages/security_detection_engine/kibana/security_rule/be70614d-4295-473c-a953-582aef41c865_8.json +++ b/packages/security_detection_engine/kibana/security_rule/be70614d-4295-473c-a953-582aef41c865_8.json @@ -28,27 +28,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/be8afaed-4bcd-4e0a-b5f9-5562003dde81_318.json b/packages/security_detection_engine/kibana/security_rule/be8afaed-4bcd-4e0a-b5f9-5562003dde81_318.json index cac3ec3e0a0..67eb3ba73f7 100644 --- a/packages/security_detection_engine/kibana/security_rule/be8afaed-4bcd-4e0a-b5f9-5562003dde81_318.json +++ b/packages/security_detection_engine/kibana/security_rule/be8afaed-4bcd-4e0a-b5f9-5562003dde81_318.json @@ -29,27 +29,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/bea0589d-c7a4-4dc6-a931-9fecaa8689fb_1.json b/packages/security_detection_engine/kibana/security_rule/bea0589d-c7a4-4dc6-a931-9fecaa8689fb_1.json index a7d7512151a..0ed452dd6e4 100644 --- a/packages/security_detection_engine/kibana/security_rule/bea0589d-c7a4-4dc6-a931-9fecaa8689fb_1.json +++ b/packages/security_detection_engine/kibana/security_rule/bea0589d-c7a4-4dc6-a931-9fecaa8689fb_1.json @@ -30,7 +30,7 @@ "related_integrations": [ { "package": "google_workspace", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/bf1073bf-ce26-4607-b405-ba1ed8e9e204_214.json b/packages/security_detection_engine/kibana/security_rule/bf1073bf-ce26-4607-b405-ba1ed8e9e204_214.json index 6282d12b5f7..09f403894c4 100644 --- a/packages/security_detection_engine/kibana/security_rule/bf1073bf-ce26-4607-b405-ba1ed8e9e204_214.json +++ b/packages/security_detection_engine/kibana/security_rule/bf1073bf-ce26-4607-b405-ba1ed8e9e204_214.json @@ -44,7 +44,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/bf8c007c-7dee-4842-8e9a-ee534c09d205_8.json b/packages/security_detection_engine/kibana/security_rule/bf8c007c-7dee-4842-8e9a-ee534c09d205_8.json index 2a39580e6a2..d09a19f1ca7 100644 --- a/packages/security_detection_engine/kibana/security_rule/bf8c007c-7dee-4842-8e9a-ee534c09d205_8.json +++ b/packages/security_detection_engine/kibana/security_rule/bf8c007c-7dee-4842-8e9a-ee534c09d205_8.json @@ -25,11 +25,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/bfba5158-1fd6-4937-a205-77d96213b341_107.json b/packages/security_detection_engine/kibana/security_rule/bfba5158-1fd6-4937-a205-77d96213b341_107.json index 4d714a237c7..a7aa4a973e0 100644 --- a/packages/security_detection_engine/kibana/security_rule/bfba5158-1fd6-4937-a205-77d96213b341_107.json +++ b/packages/security_detection_engine/kibana/security_rule/bfba5158-1fd6-4937-a205-77d96213b341_107.json @@ -19,15 +19,15 @@ "related_integrations": [ { "package": "ded", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/bfeaf89b-a2a7-48a3-817f-e41829dc61ee_219.json b/packages/security_detection_engine/kibana/security_rule/bfeaf89b-a2a7-48a3-817f-e41829dc61ee_219.json index a573d38dceb..c3ffac16262 100644 --- a/packages/security_detection_engine/kibana/security_rule/bfeaf89b-a2a7-48a3-817f-e41829dc61ee_219.json +++ b/packages/security_detection_engine/kibana/security_rule/bfeaf89b-a2a7-48a3-817f-e41829dc61ee_219.json @@ -26,11 +26,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c0136397-f82a-45e5-9b9f-a3651d77e21a_5.json b/packages/security_detection_engine/kibana/security_rule/c0136397-f82a-45e5-9b9f-a3651d77e21a_5.json deleted file mode 100644 index 901c2694198..00000000000 --- a/packages/security_detection_engine/kibana/security_rule/c0136397-f82a-45e5-9b9f-a3651d77e21a_5.json +++ /dev/null @@ -1,157 +0,0 @@ -{ - "attributes": { - "author": [ - "Elastic" - ], - "description": "Detects when GenAI tools access sensitive files such as cloud credentials, SSH keys, browser password databases, or shell configurations. Attackers leverage GenAI agents to systematically locate and exfiltrate credentials, API keys, and tokens. Access to credential stores (.aws/credentials, .ssh/id_*) suggests harvesting, while writes to shell configs (.bashrc, .zshrc) indicate persistence attempts. Note: On linux only creation events are available. Access events are not yet implemented.", - "from": "now-9m", - "index": [ - "logs-endpoint.events.file*" - ], - "language": "eql", - "license": "Elastic License v2", - "name": "GenAI Process Accessing Sensitive Files", - "note": "## Triage and analysis\n\n### Investigating GenAI Process Accessing Sensitive Files\n\nThis rule detects GenAI tools accessing credential files, SSH keys, browser data, or shell configurations. While GenAI tools legitimately access project files, access to sensitive credential stores is unusual and warrants investigation.\n\n### Possible investigation steps\n\n- Review the GenAI process that triggered the alert to identify which tool is being used and verify if it's an expected/authorized tool.\n- Investigate the user account associated with the GenAI process to determine if this activity is expected for that user.\n- Review the types of sensitive files being accessed (credentials, keys, browser data, etc.) to assess the potential impact of credential harvesting or data exfiltration.\n- Check for other alerts or suspicious activity on the same host around the same time, particularly network exfiltration events.\n- Verify if the GenAI tool or extension is from a trusted source and if it's authorized for use in your environment.\n- Determine if the GenAI process accessed multiple sensitive directories in sequence, an indication of credential harvesting.\n- Check if the GenAI tool recently created or accessed AI agent config files, which may contain instructions enabling autonomous file scanning.\n- Review whether the access was preceded by an MCP server, LangChain agent, or background automation.\n\n### False positive analysis\n\n- Automated security scanning or auditing tools that leverage GenAI may access sensitive files as part of their normal operation.\n- Development workflows that use GenAI tools for code analysis may occasionally access credential files.\n\n### Response and remediation\n\n- Immediately review the GenAI process that accessed the documents to determine if it's compromised or malicious.\n- Review, rotate, and revoke any API keys, tokens, or credentials that may have been exposed or used by the GenAI tool.\n- Investigate the document access patterns to determine the scope of potential data exfiltration.\n- Update security policies to restrict or monitor GenAI tool usage in the environment, especially for access to sensitive files.\n", - "query": "file where event.action in (\"open\", \"creation\", \"modification\") and event.outcome == \"success\" and\n\n // GenAI process \n (\n process.name in (\n \"ollama.exe\", \"ollama\", \"Ollama\",\n \"textgen.exe\", \"textgen\", \"text-generation-webui.exe\", \"oobabooga.exe\",\n \"lmstudio.exe\", \"lmstudio\", \"LM Studio\",\n \"claude.exe\", \"claude\", \"Claude\",\n \"cursor.exe\", \"cursor\", \"Cursor\",\n \"copilot.exe\", \"copilot\", \"Copilot\",\n \"codex.exe\", \"codex\",\n \"Jan\", \"jan.exe\", \"jan\",\n \"gpt4all.exe\", \"gpt4all\", \"GPT4All\",\n \"gemini-cli.exe\", \"gemini-cli\",\n \"genaiscript.exe\", \"genaiscript\",\n \"grok.exe\", \"grok\",\n \"qwen.exe\", \"qwen\",\n \"koboldcpp.exe\", \"koboldcpp\", \"KoboldCpp\",\n \"llama-server\", \"llama-cli\"\n ) or\n // OpenClaw/Moltbot/Clawdbot via Node.js\n (process.name in (\"node\", \"node.exe\") and\n process.command_line like~ (\"*openclaw*\", \"*moltbot*\", \"*clawdbot*\"))\n ) and\n\n // Sensitive file paths\n (\n // Persistence via Shell configs\n file.name in (\".bashrc\", \".bash_profile\", \".zshrc\", \".zshenv\", \".zprofile\", \".profile\", \".bash_logout\") or\n\n // Credentials In Files \n file.name like~ \n (\"key?.db\", \n \"logins.json\", \n \"Login Data\", \n \"Local State\",\n \"signons.sqlite\",\n \"Cookies\", \n \"cookies.sqlite\",\n \"Cookies.binarycookies\", \n \"login.keychain-db\", \n \"System.keychain\", \n \"credentials.db\", \n \"credentials\", \n \"access_tokens.db\", \n \"accessTokens.json\", \n \"azureProfile.json\",\n \"RDCMan.settings\", \n \"known_hosts\", \n \"KeePass.config.xml\", \n \"Unattended.xml\")\n ) and not (\n host.os.type == \"windows\" and\n process.name : (\"claude.exe\", \"Claude\") and\n file.path : (\"?:\\\\Users\\\\*\\\\AppData\\\\Roaming\\\\Claude\\\\Local State\",\n \"?:\\\\Users\\\\*\\\\AppData\\\\Local\\\\Packages\\\\Claude_*\\\\LocalCache\\\\Roaming\\\\Claude\\\\Local State\")\n )\n", - "references": [ - "https://atlas.mitre.org/techniques/AML.T0085", - "https://atlas.mitre.org/techniques/AML.T0085.001", - "https://atlas.mitre.org/techniques/AML.T0055", - "https://glama.ai/blog/2025-11-11-the-lethal-trifecta-securing-model-context-protocol-against-data-flow-attacks", - "https://www.elastic.co/security-labs/elastic-advances-llm-security", - "https://specterops.io/blog/2025/11/21/an-evening-with-claude-code" - ], - "related_integrations": [ - { - "package": "endpoint", - "version": "^9.0.0" - } - ], - "required_fields": [ - { - "ecs": true, - "name": "event.action", - "type": "keyword" - }, - { - "ecs": true, - "name": "event.outcome", - "type": "keyword" - }, - { - "ecs": true, - "name": "file.name", - "type": "keyword" - }, - { - "ecs": true, - "name": "file.path", - "type": "keyword" - }, - { - "ecs": true, - "name": "host.os.type", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.command_line", - "type": "wildcard" - }, - { - "ecs": true, - "name": "process.name", - "type": "keyword" - } - ], - "risk_score": 73, - "rule_id": "c0136397-f82a-45e5-9b9f-a3651d77e21a", - "severity": "high", - "tags": [ - "Domain: Endpoint", - "OS: Linux", - "OS: macOS", - "OS: Windows", - "Use Case: Threat Detection", - "Tactic: Collection", - "Tactic: Credential Access", - "Data Source: Elastic Defend", - "Resources: Investigation Guide", - "Domain: LLM", - "Mitre Atlas: T0085", - "Mitre Atlas: T0085.001", - "Mitre Atlas: T0055" - ], - "threat": [ - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0006", - "name": "Credential Access", - "reference": "https://attack.mitre.org/tactics/TA0006/" - }, - "technique": [ - { - "id": "T1552", - "name": "Unsecured Credentials", - "reference": "https://attack.mitre.org/techniques/T1552/", - "subtechnique": [ - { - "id": "T1552.001", - "name": "Credentials In Files", - "reference": "https://attack.mitre.org/techniques/T1552/001/" - } - ] - }, - { - "id": "T1555", - "name": "Credentials from Password Stores", - "reference": "https://attack.mitre.org/techniques/T1555/" - } - ] - }, - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0009", - "name": "Collection", - "reference": "https://attack.mitre.org/tactics/TA0009/" - }, - "technique": [ - { - "id": "T1005", - "name": "Data from Local System", - "reference": "https://attack.mitre.org/techniques/T1005/" - } - ] - }, - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0003", - "name": "Persistence", - "reference": "https://attack.mitre.org/tactics/TA0003/" - }, - "technique": [ - { - "id": "T1037", - "name": "Boot or Logon Initialization Scripts", - "reference": "https://attack.mitre.org/techniques/T1037/", - "subtechnique": [ - { - "id": "T1037.004", - "name": "RC Scripts", - "reference": "https://attack.mitre.org/techniques/T1037/004/" - } - ] - } - ] - } - ], - "timestamp_override": "event.ingested", - "type": "eql", - "version": 5 - }, - "id": "c0136397-f82a-45e5-9b9f-a3651d77e21a_5", - "type": "security-rule" -} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/c0136397-f82a-45e5-9b9f-a3651d77e21a_8.json b/packages/security_detection_engine/kibana/security_rule/c0136397-f82a-45e5-9b9f-a3651d77e21a_8.json index 7fa38c8acec..4844b5b6f74 100644 --- a/packages/security_detection_engine/kibana/security_rule/c0136397-f82a-45e5-9b9f-a3651d77e21a_8.json +++ b/packages/security_detection_engine/kibana/security_rule/c0136397-f82a-45e5-9b9f-a3651d77e21a_8.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c02c8b9f-5e1d-463c-a1b0-04edcdfe1a3d_114.json b/packages/security_detection_engine/kibana/security_rule/c02c8b9f-5e1d-463c-a1b0-04edcdfe1a3d_114.json index 0bea0e91562..e91dea93431 100644 --- a/packages/security_detection_engine/kibana/security_rule/c02c8b9f-5e1d-463c-a1b0-04edcdfe1a3d_114.json +++ b/packages/security_detection_engine/kibana/security_rule/c02c8b9f-5e1d-463c-a1b0-04edcdfe1a3d_114.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c040c962-1c60-4259-8ea3-601a40d4ab9f_1.json b/packages/security_detection_engine/kibana/security_rule/c040c962-1c60-4259-8ea3-601a40d4ab9f_1.json index 7a4565cfe14..8777f493427 100644 --- a/packages/security_detection_engine/kibana/security_rule/c040c962-1c60-4259-8ea3-601a40d4ab9f_1.json +++ b/packages/security_detection_engine/kibana/security_rule/c040c962-1c60-4259-8ea3-601a40d4ab9f_1.json @@ -28,7 +28,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c0429aa8-9974-42da-bfb6-53a0a515a145_316.json b/packages/security_detection_engine/kibana/security_rule/c0429aa8-9974-42da-bfb6-53a0a515a145_316.json index 53a460e8917..cc7cce8a2b5 100644 --- a/packages/security_detection_engine/kibana/security_rule/c0429aa8-9974-42da-bfb6-53a0a515a145_316.json +++ b/packages/security_detection_engine/kibana/security_rule/c0429aa8-9974-42da-bfb6-53a0a515a145_316.json @@ -21,19 +21,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c04be7e0-b0fc-11ef-a826-f661ea17fbce_7.json b/packages/security_detection_engine/kibana/security_rule/c04be7e0-b0fc-11ef-a826-f661ea17fbce_7.json index 412ccb210e0..cb83ceb2daa 100644 --- a/packages/security_detection_engine/kibana/security_rule/c04be7e0-b0fc-11ef-a826-f661ea17fbce_7.json +++ b/packages/security_detection_engine/kibana/security_rule/c04be7e0-b0fc-11ef-a826-f661ea17fbce_7.json @@ -34,7 +34,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c07f7898-5dc3-11f0-9f27-f661ea17fbcd_9.json b/packages/security_detection_engine/kibana/security_rule/c07f7898-5dc3-11f0-9f27-f661ea17fbcd_9.json index e50b5934d62..74df681b47d 100644 --- a/packages/security_detection_engine/kibana/security_rule/c07f7898-5dc3-11f0-9f27-f661ea17fbcd_9.json +++ b/packages/security_detection_engine/kibana/security_rule/c07f7898-5dc3-11f0-9f27-f661ea17fbcd_9.json @@ -23,7 +23,7 @@ { "integration": "platformlogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "risk_score": 43, diff --git a/packages/security_detection_engine/kibana/security_rule/c0b9dc99-c696-4779-b086-0d37dc2b3778_4.json b/packages/security_detection_engine/kibana/security_rule/c0b9dc99-c696-4779-b086-0d37dc2b3778_4.json index 2f6d34888a0..ea6c92f8d2f 100644 --- a/packages/security_detection_engine/kibana/security_rule/c0b9dc99-c696-4779-b086-0d37dc2b3778_4.json +++ b/packages/security_detection_engine/kibana/security_rule/c0b9dc99-c696-4779-b086-0d37dc2b3778_4.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c124dc1b-cef2-4d01-8d74-ff6b0d5096b6_108.json b/packages/security_detection_engine/kibana/security_rule/c124dc1b-cef2-4d01-8d74-ff6b0d5096b6_108.json index ad26407232b..a9b9352ef1f 100644 --- a/packages/security_detection_engine/kibana/security_rule/c124dc1b-cef2-4d01-8d74-ff6b0d5096b6_108.json +++ b/packages/security_detection_engine/kibana/security_rule/c124dc1b-cef2-4d01-8d74-ff6b0d5096b6_108.json @@ -36,7 +36,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c1326e45-6d3c-4a2d-9882-606a0c310299_1.json b/packages/security_detection_engine/kibana/security_rule/c1326e45-6d3c-4a2d-9882-606a0c310299_1.json index 5314618d038..d520ec7fcb3 100644 --- a/packages/security_detection_engine/kibana/security_rule/c1326e45-6d3c-4a2d-9882-606a0c310299_1.json +++ b/packages/security_detection_engine/kibana/security_rule/c1326e45-6d3c-4a2d-9882-606a0c310299_1.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c17ffbf9-595a-4c0b-a126-aacedb6dd179_101.json b/packages/security_detection_engine/kibana/security_rule/c17ffbf9-595a-4c0b-a126-aacedb6dd179_101.json index 8f4739f1cc9..052414e7e90 100644 --- a/packages/security_detection_engine/kibana/security_rule/c17ffbf9-595a-4c0b-a126-aacedb6dd179_101.json +++ b/packages/security_detection_engine/kibana/security_rule/c17ffbf9-595a-4c0b-a126-aacedb6dd179_101.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/c1812764-0788-470f-8e74-eb4a14d47573_213.json b/packages/security_detection_engine/kibana/security_rule/c1812764-0788-470f-8e74-eb4a14d47573_213.json index b1cb20afb20..40dc0490154 100644 --- a/packages/security_detection_engine/kibana/security_rule/c1812764-0788-470f-8e74-eb4a14d47573_213.json +++ b/packages/security_detection_engine/kibana/security_rule/c1812764-0788-470f-8e74-eb4a14d47573_213.json @@ -43,7 +43,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c18975f5-676c-4091-b626-81e8938aa2ee_7.json b/packages/security_detection_engine/kibana/security_rule/c18975f5-676c-4091-b626-81e8938aa2ee_7.json index 7eec482b3ec..2c581bcfb32 100644 --- a/packages/security_detection_engine/kibana/security_rule/c18975f5-676c-4091-b626-81e8938aa2ee_7.json +++ b/packages/security_detection_engine/kibana/security_rule/c18975f5-676c-4091-b626-81e8938aa2ee_7.json @@ -24,19 +24,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c1a3e2f0-8a1b-11ef-9b4a-f661ea17fbce_2.json b/packages/security_detection_engine/kibana/security_rule/c1a3e2f0-8a1b-11ef-9b4a-f661ea17fbce_2.json index 56841d7b1fe..b9a847d47f2 100644 --- a/packages/security_detection_engine/kibana/security_rule/c1a3e2f0-8a1b-11ef-9b4a-f661ea17fbce_2.json +++ b/packages/security_detection_engine/kibana/security_rule/c1a3e2f0-8a1b-11ef-9b4a-f661ea17fbce_2.json @@ -29,7 +29,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c1a9ed70-d349-11ef-841c-f661ea17fbcd_8.json b/packages/security_detection_engine/kibana/security_rule/c1a9ed70-d349-11ef-841c-f661ea17fbcd_8.json index a176cc2d0ac..bac5060e9b7 100644 --- a/packages/security_detection_engine/kibana/security_rule/c1a9ed70-d349-11ef-841c-f661ea17fbcd_8.json +++ b/packages/security_detection_engine/kibana/security_rule/c1a9ed70-d349-11ef-841c-f661ea17fbcd_8.json @@ -48,7 +48,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c1e79a70-fa6f-11ee-8bc8-f661ea17fbce_9.json b/packages/security_detection_engine/kibana/security_rule/c1e79a70-fa6f-11ee-8bc8-f661ea17fbce_9.json index 5537cf4e3bc..3682b260fbb 100644 --- a/packages/security_detection_engine/kibana/security_rule/c1e79a70-fa6f-11ee-8bc8-f661ea17fbce_9.json +++ b/packages/security_detection_engine/kibana/security_rule/c1e79a70-fa6f-11ee-8bc8-f661ea17fbce_9.json @@ -45,7 +45,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c20cd758-07b1-46a1-b03f-fa66158258b8_107.json b/packages/security_detection_engine/kibana/security_rule/c20cd758-07b1-46a1-b03f-fa66158258b8_107.json index f35e79cfdff..1ac5df48c82 100644 --- a/packages/security_detection_engine/kibana/security_rule/c20cd758-07b1-46a1-b03f-fa66158258b8_107.json +++ b/packages/security_detection_engine/kibana/security_rule/c20cd758-07b1-46a1-b03f-fa66158258b8_107.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c22f89d9-b674-4650-8454-02242c8b35eb_1.json b/packages/security_detection_engine/kibana/security_rule/c22f89d9-b674-4650-8454-02242c8b35eb_1.json index a710334139c..fa794f8c7c4 100644 --- a/packages/security_detection_engine/kibana/security_rule/c22f89d9-b674-4650-8454-02242c8b35eb_1.json +++ b/packages/security_detection_engine/kibana/security_rule/c22f89d9-b674-4650-8454-02242c8b35eb_1.json @@ -44,7 +44,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c24e9a43-f67e-431d-991b-09cdb83b3c0c_7.json b/packages/security_detection_engine/kibana/security_rule/c24e9a43-f67e-431d-991b-09cdb83b3c0c_7.json index 0c8d9fc8be7..467c5fcd625 100644 --- a/packages/security_detection_engine/kibana/security_rule/c24e9a43-f67e-431d-991b-09cdb83b3c0c_7.json +++ b/packages/security_detection_engine/kibana/security_rule/c24e9a43-f67e-431d-991b-09cdb83b3c0c_7.json @@ -23,11 +23,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c25e9c87-95e1-4368-bfab-9fd34cf867ec_319.json b/packages/security_detection_engine/kibana/security_rule/c25e9c87-95e1-4368-bfab-9fd34cf867ec_319.json index 4ffe36d29c1..7ced996b915 100644 --- a/packages/security_detection_engine/kibana/security_rule/c25e9c87-95e1-4368-bfab-9fd34cf867ec_319.json +++ b/packages/security_detection_engine/kibana/security_rule/c25e9c87-95e1-4368-bfab-9fd34cf867ec_319.json @@ -48,27 +48,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c28c4d8c-f014-40ef-88b6-79a1d67cd499_207.json b/packages/security_detection_engine/kibana/security_rule/c28c4d8c-f014-40ef-88b6-79a1d67cd499_207.json index d364bfdd863..7c3aa379b4c 100644 --- a/packages/security_detection_engine/kibana/security_rule/c28c4d8c-f014-40ef-88b6-79a1d67cd499_207.json +++ b/packages/security_detection_engine/kibana/security_rule/c28c4d8c-f014-40ef-88b6-79a1d67cd499_207.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/c292fa52-4115-408a-b897-e14f684b3cb7_113.json b/packages/security_detection_engine/kibana/security_rule/c292fa52-4115-408a-b897-e14f684b3cb7_113.json index 69ff3027aa8..5696f95ed35 100644 --- a/packages/security_detection_engine/kibana/security_rule/c292fa52-4115-408a-b897-e14f684b3cb7_113.json +++ b/packages/security_detection_engine/kibana/security_rule/c292fa52-4115-408a-b897-e14f684b3cb7_113.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c296f888-eac6-4543-8da5-b6abb0d3304f_7.json b/packages/security_detection_engine/kibana/security_rule/c296f888-eac6-4543-8da5-b6abb0d3304f_7.json index e3ca114a30d..b1ec43cbd73 100644 --- a/packages/security_detection_engine/kibana/security_rule/c296f888-eac6-4543-8da5-b6abb0d3304f_7.json +++ b/packages/security_detection_engine/kibana/security_rule/c296f888-eac6-4543-8da5-b6abb0d3304f_7.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c2a91e88-4f4b-4e1d-9c7b-8fde112a9403_2.json b/packages/security_detection_engine/kibana/security_rule/c2a91e88-4f4b-4e1d-9c7b-8fde112a9403_2.json index b160d2d3f7d..497ce78b98c 100644 --- a/packages/security_detection_engine/kibana/security_rule/c2a91e88-4f4b-4e1d-9c7b-8fde112a9403_2.json +++ b/packages/security_detection_engine/kibana/security_rule/c2a91e88-4f4b-4e1d-9c7b-8fde112a9403_2.json @@ -18,7 +18,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c2d90150-0133-451c-a783-533e736c12d7_213.json b/packages/security_detection_engine/kibana/security_rule/c2d90150-0133-451c-a783-533e736c12d7_213.json index 88f5ccb697a..96d69f18f43 100644 --- a/packages/security_detection_engine/kibana/security_rule/c2d90150-0133-451c-a783-533e736c12d7_213.json +++ b/packages/security_detection_engine/kibana/security_rule/c2d90150-0133-451c-a783-533e736c12d7_213.json @@ -23,15 +23,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c371e9fc-6a10-11ef-a0ac-f661ea17fbcc_7.json b/packages/security_detection_engine/kibana/security_rule/c371e9fc-6a10-11ef-a0ac-f661ea17fbcc_7.json index 2b14c135f2f..9c66d4ebfa2 100644 --- a/packages/security_detection_engine/kibana/security_rule/c371e9fc-6a10-11ef-a0ac-f661ea17fbcc_7.json +++ b/packages/security_detection_engine/kibana/security_rule/c371e9fc-6a10-11ef-a0ac-f661ea17fbcc_7.json @@ -50,11 +50,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c37ffc64-da75-447e-ad1c-cbc64727b3b8_5.json b/packages/security_detection_engine/kibana/security_rule/c37ffc64-da75-447e-ad1c-cbc64727b3b8_5.json index 98213c26cfc..aefcc9a40df 100644 --- a/packages/security_detection_engine/kibana/security_rule/c37ffc64-da75-447e-ad1c-cbc64727b3b8_5.json +++ b/packages/security_detection_engine/kibana/security_rule/c37ffc64-da75-447e-ad1c-cbc64727b3b8_5.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c3b915e0-22f3-4bf7-991d-b643513c722f_415.json b/packages/security_detection_engine/kibana/security_rule/c3b915e0-22f3-4bf7-991d-b643513c722f_415.json index 1673c92a67f..68dc20c8ea4 100644 --- a/packages/security_detection_engine/kibana/security_rule/c3b915e0-22f3-4bf7-991d-b643513c722f_415.json +++ b/packages/security_detection_engine/kibana/security_rule/c3b915e0-22f3-4bf7-991d-b643513c722f_415.json @@ -27,19 +27,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c3d4e5f6-7a8b-9c0d-1e2f-3a4b5c6d7e8f_2.json b/packages/security_detection_engine/kibana/security_rule/c3d4e5f6-7a8b-9c0d-1e2f-3a4b5c6d7e8f_2.json index ad09531400f..80c9fa1649d 100644 --- a/packages/security_detection_engine/kibana/security_rule/c3d4e5f6-7a8b-9c0d-1e2f-3a4b5c6d7e8f_2.json +++ b/packages/security_detection_engine/kibana/security_rule/c3d4e5f6-7a8b-9c0d-1e2f-3a4b5c6d7e8f_2.json @@ -43,7 +43,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c3d4e5f6-a7b8-6c9d-0e1f-2a3b4c5d6e7f_3.json b/packages/security_detection_engine/kibana/security_rule/c3d4e5f6-a7b8-6c9d-0e1f-2a3b4c5d6e7f_3.json index ddc52b2bf94..1e1451b5b74 100644 --- a/packages/security_detection_engine/kibana/security_rule/c3d4e5f6-a7b8-6c9d-0e1f-2a3b4c5d6e7f_3.json +++ b/packages/security_detection_engine/kibana/security_rule/c3d4e5f6-a7b8-6c9d-0e1f-2a3b4c5d6e7f_3.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c3d4e5f6-a7b8-9012-cdef-123456789abc_3.json b/packages/security_detection_engine/kibana/security_rule/c3d4e5f6-a7b8-9012-cdef-123456789abc_3.json index cd7bb33f8c3..5b2c28d1966 100644 --- a/packages/security_detection_engine/kibana/security_rule/c3d4e5f6-a7b8-9012-cdef-123456789abc_3.json +++ b/packages/security_detection_engine/kibana/security_rule/c3d4e5f6-a7b8-9012-cdef-123456789abc_3.json @@ -26,19 +26,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c3f5e1d8-910e-43b4-8d44-d748e498ca86_108.json b/packages/security_detection_engine/kibana/security_rule/c3f5e1d8-910e-43b4-8d44-d748e498ca86_108.json index d92e227ff1d..5723a18db29 100644 --- a/packages/security_detection_engine/kibana/security_rule/c3f5e1d8-910e-43b4-8d44-d748e498ca86_108.json +++ b/packages/security_detection_engine/kibana/security_rule/c3f5e1d8-910e-43b4-8d44-d748e498ca86_108.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c3f8a1d2-4b5e-4c6f-9a8b-1e2d3f4a5b6c_1.json b/packages/security_detection_engine/kibana/security_rule/c3f8a1d2-4b5e-4c6f-9a8b-1e2d3f4a5b6c_1.json deleted file mode 100644 index aebac5f2571..00000000000 --- a/packages/security_detection_engine/kibana/security_rule/c3f8a1d2-4b5e-4c6f-9a8b-1e2d3f4a5b6c_1.json +++ /dev/null @@ -1,129 +0,0 @@ -{ - "attributes": { - "author": [ - "Elastic" - ], - "description": "Identifies a Windows host where two or more distinct remote monitoring and management (RMM) or remote-access tool vendors are observed starting processes within the same eight-minute window. Legitimate MSP environments may run multiple tools, but this pattern can also indicate compromise, shadow IT, or attacker staging of redundant access. Processes are mapped to a single vendor label so multiple binaries from the same vendor do not inflate the count.", - "from": "now-9m", - "interval": "8m", - "language": "esql", - "license": "Elastic License v2", - "name": "Multiple Remote Management Tool Vendors on Same Host", - "note": "## Triage and analysis\n\n### Investigating Multiple Remote Management Tool Vendors on Same Host\n\nThis rule aggregates process start events by `host.id`, host name, and a nine-minute time bucket. Data can come from\nElastic Defend, Sysmon, Winlogbeat, Windows Security / forwarded events, Microsoft Defender for Endpoint, SentinelOne,\nCrowdStrike FDR, or Elastic Endgame\u2014where ECS process fields are populated. Each known RMM-related process name maps\nto one **vendor** label (e.g. TeamViewer, AnyDesk, ScreenConnect). If **two or more different vendor labels** appear in\nthe same bucket, the rule signals.\n\n### Possible investigation steps\n\n- Open **Esql.vendors_seen** and **Esql.processes_name_values** on the alert to see which tools fired in the window.\n- Confirm whether the host is an MSP-managed jump box, helpdesk workstation, or lab where multiple RMM stacks are expected.\n- For servers or standard user endpoints, treat as higher risk: review install source, code signatures, and recent logons.\n- Correlate with other alerts (ingress tool transfer, suspicious scripting, new persistence) on the same `host.id`.\n- Check asset inventory and change tickets for approved RMM software.\n\n### False positive analysis\n\n- **MSP / IT tooling**: A technician machine with two approved agents (e.g. RMM + remote support) may match. Tune with\n host or organizational unit exceptions, or raise the vendor threshold if your environment standardizes on a known pair.\n- **Vendor rebrands or bundles**: Rare overlaps during migrations can briefly show two vendors; validate timeline and packages.\n\n### Response and remediation\n\n- If unauthorized or unexplained: isolate the host, inventory installed remote-access software, remove unapproved tools,\n and reset credentials that may have been exposed. Enforce a single approved RMM stack per asset class where possible.\n", - "query": "from logs-endpoint.events.process-*, endgame-*, logs-crowdstrike.fdr*, logs-m365_defender.event-*, logs-sentinel_one_cloud_funnel.*, logs-system.security*, logs-windows.sysmon_operational-*, logs-windows.forwarded*, winlogbeat-* metadata _id, _version, _index\n| where (host.os.type == \"windows\" or host.os.family == \"windows\")\n and event.category == \"process\"\n and event.type == \"start\"\n and process.name is not null\n| eval Esql.rmm_vendor = case(\n process.name == \"AeroAdmin.exe\", \"AeroAdmin\",\n process.name == \"AnyDesk.exe\", \"AnyDesk\",\n process.name == \"AteraAgent.exe\", \"Atera\",\n process.name == \"AweSun.exe\", \"AweSun\",\n process.name like \"aweray_remote*.exe\", \"AweSun\",\n process.name == \"apc_Admin.exe\", \"APC\",\n process.name == \"apc_host.exe\", \"APC\",\n process.name == \"BASupSrvc.exe\", \"BeyondTrust\",\n process.name == \"bomgar-scc.exe\", \"BeyondTrust\",\n process.name == \"Remote Support.exe\", \"BeyondTrust\",\n process.name == \"B4-Service.exe\", \"BeyondTrust\",\n process.name == \"CagService.exe\", \"BarracudaRMM\",\n process.name == \"domotzagent.exe\", \"Domotz\",\n process.name == \"domotz-windows-x64-10.exe\", \"Domotz\",\n process.name == \"dwagsvc.exe\", \"DWService\",\n process.name == \"DWRCC.exe\", \"DWService\",\n process.name like \"fleetdeck_commander*.exe\", \"FleetDeck\",\n process.name == \"getscreen.exe\", \"GetScreen\",\n process.name == \"g2aservice.exe\", \"GoTo\",\n process.name == \"GoToAssistService.exe\", \"GoTo\",\n process.name == \"gotohttp.exe\", \"GoTo\",\n process.name == \"GoToResolveProcessChecker.exe\", \"GoTo\",\n process.name == \"GoToResolveUnattended.exe\", \"GoTo\",\n process.name == \"ImperoClientSVC.exe\", \"Impero\",\n process.name == \"ImperoServerSVC.exe\", \"Impero\",\n process.name == \"ISLLight.exe\", \"ISLOnline\",\n process.name == \"ISLLightClient.exe\", \"ISLOnline\",\n process.name == \"jumpcloud-agent.exe\", \"JumpCloud\",\n process.name == \"level.exe\", \"Level\",\n process.name == \"LvAgent.exe\", \"Level\",\n process.name == \"LMIIgnition.exe\", \"LogMeIn\",\n process.name == \"LogMeIn.exe\", \"LogMeIn\",\n process.name == \"ManageEngine_Remote_Access_Plus.exe\", \"ManageEngine\",\n process.name == \"MeshAgent.exe\", \"MeshCentral\",\n process.name == \"meshagent.exe\", \"MeshCentral\",\n process.name == \"Mikogo-Service.exe\", \"Mikogo\",\n process.name == \"NinjaRMMAgent.exe\", \"NinjaOne\",\n process.name == \"NinjaRMMAgenPatcher.exe\", \"NinjaOne\",\n process.name == \"ninjarmm-cli.exe\", \"NinjaOne\",\n process.name == \"parsec.exe\", \"Parsec\",\n process.name == \"PService.exe\", \"Pulseway\",\n process.name == \"r_server.exe\", \"Radmin\",\n process.name == \"radmin.exe\", \"Radmin\",\n process.name == \"radmin3.exe\", \"Radmin\",\n process.name == \"rserver3.exe\", \"Radmin\",\n process.name == \"vncserver.exe\", \"RealVNC\",\n process.name == \"vncviewer.exe\", \"RealVNC\",\n process.name == \"winvnc.exe\", \"RealVNC\",\n process.name == \"ROMServer.exe\", \"RealVNC\",\n process.name == \"ROMViewer.exe\", \"RealVNC\",\n process.name == \"RemotePC.exe\", \"RemotePC\",\n process.name == \"RemotePCDesktop.exe\", \"RemotePC\",\n process.name == \"RemotePCService.exe\", \"RemotePC\",\n process.name == \"RemoteDesktopManager.exe\", \"Devolutions\",\n process.name == \"RCClient.exe\", \"RPCSuite\",\n process.name == \"RCService.exe\", \"RPCSuite\",\n process.name == \"RPCSuite.exe\", \"RPCSuite\",\n process.name == \"rustdesk.exe\", \"RustDesk\",\n process.name == \"rutserv.exe\", \"RemoteUtilities\",\n process.name == \"rutview.exe\", \"RemoteUtilities\",\n process.name == \"saazapsc.exe\", \"Kaseya\",\n process.name like \"ScreenConnect*.exe\", \"ScreenConnect\",\n process.name == \"ScreenConnect.ClientService.exe\", \"ScreenConnect\",\n process.name == \"Splashtop-streamer.exe\", \"Splashtop\",\n process.name == \"strwinclt.exe\", \"Splashtop\",\n process.name == \"SRService.exe\", \"Splashtop\",\n process.name == \"smpcview.exe\", \"Splashtop\",\n process.name == \"spclink.exe\", \"Splashtop\",\n process.name == \"rfusclient.exe\", \"Splashtop\",\n process.name == \"Supremo.exe\", \"Supremo\",\n process.name == \"SupremoService.exe\", \"Supremo\",\n process.name == \"Syncro.Overmind.Service.exe\", \"Splashtop\",\n process.name == \"SyncroLive.Agent.Runner.exe\", \"Splashtop\",\n process.name == \"Syncro.Installer.exe\", \"Splashtop\",\n process.name == \"tacticalrmm.exe\", \"TacticalRMM\",\n process.name == \"tailscale.exe\", \"Tailscale\",\n process.name == \"tailscaled.exe\", \"Tailscale\",\n process.name == \"teamviewer.exe\", \"TeamViewer\",\n process.name == \"ticlientcore.exe\", \"Tiflux\",\n process.name == \"TiAgent.exe\", \"Tiflux\",\n process.name == \"ToDesk_Service.exe\", \"ToDesk\",\n process.name == \"twingate.exe\", \"Twingate\",\n process.name == \"tvn.exe\", \"TightVNC\",\n process.name == \"tvnserver.exe\", \"TightVNC\",\n process.name == \"tvnviewer.exe\", \"TightVNC\",\n process.name == \"winwvc.exe\", \"TightVNC\",\n process.name like \"UltraVNC*.exe\", \"UltraVNC\",\n process.name like \"UltraViewer*.exe\", \"UltraViewer\",\n process.name like \"AA_v*.exe\", \"AnyAssist\",\n process.name == \"Velociraptor.exe\", \"Velociraptor\",\n process.name == \"ToolsIQ.exe\", \"ToolsIQ\",\n process.name == \"session_win.exe\", \"ZohoAssist\",\n process.name == \"Zaservice.exe\", \"ZohoAssist\",\n process.name == \"ZohoURS.exe\", \"ZohoAssist\",\n \"\"\n )\n| where Esql.rmm_vendor != \"\" and Esql.rmm_vendor is not NULL\n| stats Esql.vendor_count = count_distinct(Esql.rmm_vendor),\n Esql.vendors_seen = values(Esql.rmm_vendor),\n Esql.processes_executable_values = values(process.executable),\n Esql.first_seen = min(@timestamp),\n Esql.last_seen = max(@timestamp)\n by host.name, host.id\n| where Esql.vendor_count >= 2\n| sort Esql.vendor_count desc\n| keep host.id, host.name, Esql.*\n", - "references": [ - "https://attack.mitre.org/techniques/T1219/", - "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-025a" - ], - "related_integrations": [ - { - "package": "endpoint", - "version": "^9.0.0" - }, - { - "package": "windows", - "version": "^3.0.0" - }, - { - "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" - }, - { - "package": "m365_defender", - "version": "^5.0.0" - }, - { - "package": "system", - "version": "^2.0.0" - }, - { - "package": "crowdstrike", - "version": "^3.0.0" - } - ], - "required_fields": [ - { - "ecs": false, - "name": "Esql.first_seen", - "type": "date" - }, - { - "ecs": false, - "name": "Esql.last_seen", - "type": "date" - }, - { - "ecs": false, - "name": "Esql.processes_executable_values", - "type": "keyword" - }, - { - "ecs": false, - "name": "Esql.vendor_count", - "type": "long" - }, - { - "ecs": false, - "name": "Esql.vendors_seen", - "type": "keyword" - }, - { - "ecs": true, - "name": "host.id", - "type": "keyword" - }, - { - "ecs": true, - "name": "host.name", - "type": "keyword" - } - ], - "risk_score": 47, - "rule_id": "c3f8a1d2-4b5e-4c6f-9a8b-1e2d3f4a5b6c", - "severity": "medium", - "tags": [ - "Domain: Endpoint", - "OS: Windows", - "Use Case: Threat Detection", - "Tactic: Command and Control", - "Resources: Investigation Guide", - "Data Source: Elastic Defend", - "Data Source: Sysmon", - "Data Source: SentinelOne", - "Data Source: Microsoft Defender for Endpoint", - "Data Source: CrowdStrike", - "Data Source: Windows Security Event Logs", - "Data Source: Elastic Endgame", - "Data Source: Winlogbeat" - ], - "threat": [ - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0011", - "name": "Command and Control", - "reference": "https://attack.mitre.org/tactics/TA0011/" - }, - "technique": [ - { - "id": "T1219", - "name": "Remote Access Tools", - "reference": "https://attack.mitre.org/techniques/T1219/", - "subtechnique": [ - { - "id": "T1219.002", - "name": "Remote Desktop Software", - "reference": "https://attack.mitre.org/techniques/T1219/002/" - } - ] - } - ] - } - ], - "timestamp_override": "event.ingested", - "type": "esql", - "version": 1 - }, - "id": "c3f8a1d2-4b5e-4c6f-9a8b-1e2d3f4a5b6c_1", - "type": "security-rule" -} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/c3f8a1d2-4b5e-4c6f-9a8b-1e2d3f4a5b6c_4.json b/packages/security_detection_engine/kibana/security_rule/c3f8a1d2-4b5e-4c6f-9a8b-1e2d3f4a5b6c_4.json index d2564459415..250b8dab160 100644 --- a/packages/security_detection_engine/kibana/security_rule/c3f8a1d2-4b5e-4c6f-9a8b-1e2d3f4a5b6c_4.json +++ b/packages/security_detection_engine/kibana/security_rule/c3f8a1d2-4b5e-4c6f-9a8b-1e2d3f4a5b6c_4.json @@ -19,27 +19,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c4210e1c-64f2-4f48-b67e-b5a8ffe3aa14_317.json b/packages/security_detection_engine/kibana/security_rule/c4210e1c-64f2-4f48-b67e-b5a8ffe3aa14_317.json index 531c876ac1a..021bbdf9d7f 100644 --- a/packages/security_detection_engine/kibana/security_rule/c4210e1c-64f2-4f48-b67e-b5a8ffe3aa14_317.json +++ b/packages/security_detection_engine/kibana/security_rule/c4210e1c-64f2-4f48-b67e-b5a8ffe3aa14_317.json @@ -24,27 +24,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c435defe-8438-4d5a-b4d0-86ab0faf9a49_1.json b/packages/security_detection_engine/kibana/security_rule/c435defe-8438-4d5a-b4d0-86ab0faf9a49_1.json index b45ad780997..e47cb4488e6 100644 --- a/packages/security_detection_engine/kibana/security_rule/c435defe-8438-4d5a-b4d0-86ab0faf9a49_1.json +++ b/packages/security_detection_engine/kibana/security_rule/c435defe-8438-4d5a-b4d0-86ab0faf9a49_1.json @@ -42,7 +42,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c4818812-d44f-47be-aaef-4cfb2f9cc799_313.json b/packages/security_detection_engine/kibana/security_rule/c4818812-d44f-47be-aaef-4cfb2f9cc799_313.json index fb405bc6643..7a45ae2894c 100644 --- a/packages/security_detection_engine/kibana/security_rule/c4818812-d44f-47be-aaef-4cfb2f9cc799_313.json +++ b/packages/security_detection_engine/kibana/security_rule/c4818812-d44f-47be-aaef-4cfb2f9cc799_313.json @@ -27,19 +27,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c4e9ed3e-55a2-4309-a012-bc3c78dad10a_7.json b/packages/security_detection_engine/kibana/security_rule/c4e9ed3e-55a2-4309-a012-bc3c78dad10a_7.json index 264ba8faa82..73937b15f27 100644 --- a/packages/security_detection_engine/kibana/security_rule/c4e9ed3e-55a2-4309-a012-bc3c78dad10a_7.json +++ b/packages/security_detection_engine/kibana/security_rule/c4e9ed3e-55a2-4309-a012-bc3c78dad10a_7.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c55badd3-3e61-4292-836f-56209dc8a601_111.json b/packages/security_detection_engine/kibana/security_rule/c55badd3-3e61-4292-836f-56209dc8a601_111.json index 1ab79ddca96..3fb7a7dea6c 100644 --- a/packages/security_detection_engine/kibana/security_rule/c55badd3-3e61-4292-836f-56209dc8a601_111.json +++ b/packages/security_detection_engine/kibana/security_rule/c55badd3-3e61-4292-836f-56209dc8a601_111.json @@ -21,15 +21,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c562a800-cf97-464e-9d6f-84db91e86e10_4.json b/packages/security_detection_engine/kibana/security_rule/c562a800-cf97-464e-9d6f-84db91e86e10_4.json index 4d5b29228b5..1519bd7cc3b 100644 --- a/packages/security_detection_engine/kibana/security_rule/c562a800-cf97-464e-9d6f-84db91e86e10_4.json +++ b/packages/security_detection_engine/kibana/security_rule/c562a800-cf97-464e-9d6f-84db91e86e10_4.json @@ -14,11 +14,11 @@ "related_integrations": [ { "package": "checkpoint_email", - "version": "^1.0.0" + "version": ">=1.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 73, diff --git a/packages/security_detection_engine/kibana/security_rule/c5637438-e32d-4bb3-bc13-bd7932b3289f_11.json b/packages/security_detection_engine/kibana/security_rule/c5637438-e32d-4bb3-bc13-bd7932b3289f_11.json index 18d83f9a4d3..aaff65dfc1d 100644 --- a/packages/security_detection_engine/kibana/security_rule/c5637438-e32d-4bb3-bc13-bd7932b3289f_11.json +++ b/packages/security_detection_engine/kibana/security_rule/c5637438-e32d-4bb3-bc13-bd7932b3289f_11.json @@ -14,7 +14,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c5677997-f75b-4cda-b830-a75920514096_109.json b/packages/security_detection_engine/kibana/security_rule/c5677997-f75b-4cda-b830-a75920514096_109.json index 43811c3c234..4d61cff24c2 100644 --- a/packages/security_detection_engine/kibana/security_rule/c5677997-f75b-4cda-b830-a75920514096_109.json +++ b/packages/security_detection_engine/kibana/security_rule/c5677997-f75b-4cda-b830-a75920514096_109.json @@ -21,15 +21,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c57f8579-e2a5-4804-847f-f2732edc5156_316.json b/packages/security_detection_engine/kibana/security_rule/c57f8579-e2a5-4804-847f-f2732edc5156_316.json index 0a1672e902f..fd995429027 100644 --- a/packages/security_detection_engine/kibana/security_rule/c57f8579-e2a5-4804-847f-f2732edc5156_316.json +++ b/packages/security_detection_engine/kibana/security_rule/c57f8579-e2a5-4804-847f-f2732edc5156_316.json @@ -45,19 +45,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c58c3081-2e1d-4497-8491-e73a45d1a6d6_109.json b/packages/security_detection_engine/kibana/security_rule/c58c3081-2e1d-4497-8491-e73a45d1a6d6_109.json index 099dc7138be..3900c1ae7c6 100644 --- a/packages/security_detection_engine/kibana/security_rule/c58c3081-2e1d-4497-8491-e73a45d1a6d6_109.json +++ b/packages/security_detection_engine/kibana/security_rule/c58c3081-2e1d-4497-8491-e73a45d1a6d6_109.json @@ -23,7 +23,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c595363f-52a6-49e1-9257-0e08ae043dbd_2.json b/packages/security_detection_engine/kibana/security_rule/c595363f-52a6-49e1-9257-0e08ae043dbd_2.json index 7453b83a388..fead3a1c9d7 100644 --- a/packages/security_detection_engine/kibana/security_rule/c595363f-52a6-49e1-9257-0e08ae043dbd_2.json +++ b/packages/security_detection_engine/kibana/security_rule/c595363f-52a6-49e1-9257-0e08ae043dbd_2.json @@ -21,19 +21,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c5c9f591-d111-4cf8-baec-c26a39bc31ef_214.json b/packages/security_detection_engine/kibana/security_rule/c5c9f591-d111-4cf8-baec-c26a39bc31ef_214.json index 8edf5e1949b..10a79c7b5af 100644 --- a/packages/security_detection_engine/kibana/security_rule/c5c9f591-d111-4cf8-baec-c26a39bc31ef_214.json +++ b/packages/security_detection_engine/kibana/security_rule/c5c9f591-d111-4cf8-baec-c26a39bc31ef_214.json @@ -39,7 +39,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c5ce48a6-7f57-4ee8-9313-3d0024caee10_315.json b/packages/security_detection_engine/kibana/security_rule/c5ce48a6-7f57-4ee8-9313-3d0024caee10_315.json index 1827e3ad1a9..382d116c84a 100644 --- a/packages/security_detection_engine/kibana/security_rule/c5ce48a6-7f57-4ee8-9313-3d0024caee10_315.json +++ b/packages/security_detection_engine/kibana/security_rule/c5ce48a6-7f57-4ee8-9313-3d0024caee10_315.json @@ -22,23 +22,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c5da2519-160c-4cc9-bf69-b0223e99d0db_3.json b/packages/security_detection_engine/kibana/security_rule/c5da2519-160c-4cc9-bf69-b0223e99d0db_3.json index 1a2a0c92b9f..9c4a821913b 100644 --- a/packages/security_detection_engine/kibana/security_rule/c5da2519-160c-4cc9-bf69-b0223e99d0db_3.json +++ b/packages/security_detection_engine/kibana/security_rule/c5da2519-160c-4cc9-bf69-b0223e99d0db_3.json @@ -24,19 +24,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c5dc3223-13a2-44a2-946c-e9dc0aa0449c_318.json b/packages/security_detection_engine/kibana/security_rule/c5dc3223-13a2-44a2-946c-e9dc0aa0449c_318.json index 90cd1adfd2d..989c07dade0 100644 --- a/packages/security_detection_engine/kibana/security_rule/c5dc3223-13a2-44a2-946c-e9dc0aa0449c_318.json +++ b/packages/security_detection_engine/kibana/security_rule/c5dc3223-13a2-44a2-946c-e9dc0aa0449c_318.json @@ -49,27 +49,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c5f81243-56e0-47f9-b5bb-55a5ed89ba57_107.json b/packages/security_detection_engine/kibana/security_rule/c5f81243-56e0-47f9-b5bb-55a5ed89ba57_107.json index f8288281d0a..a43993f96bf 100644 --- a/packages/security_detection_engine/kibana/security_rule/c5f81243-56e0-47f9-b5bb-55a5ed89ba57_107.json +++ b/packages/security_detection_engine/kibana/security_rule/c5f81243-56e0-47f9-b5bb-55a5ed89ba57_107.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "cyberarkpas", - "version": "^2.27.0" + "version": ">=2.27.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c5fc788c-7576-4a02-b3d6-d2c016eb85a6_6.json b/packages/security_detection_engine/kibana/security_rule/c5fc788c-7576-4a02-b3d6-d2c016eb85a6_6.json index e864dcc5bc6..eba2e81bd16 100644 --- a/packages/security_detection_engine/kibana/security_rule/c5fc788c-7576-4a02-b3d6-d2c016eb85a6_6.json +++ b/packages/security_detection_engine/kibana/security_rule/c5fc788c-7576-4a02-b3d6-d2c016eb85a6_6.json @@ -21,19 +21,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c62733ff-9373-4fdf-9733-3d992e148c93_1.json b/packages/security_detection_engine/kibana/security_rule/c62733ff-9373-4fdf-9733-3d992e148c93_1.json index afaf163ba47..afd3faf670f 100644 --- a/packages/security_detection_engine/kibana/security_rule/c62733ff-9373-4fdf-9733-3d992e148c93_1.json +++ b/packages/security_detection_engine/kibana/security_rule/c62733ff-9373-4fdf-9733-3d992e148c93_1.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c6453e73-90eb-4fe7-a98c-cde7bbfc504a_320.json b/packages/security_detection_engine/kibana/security_rule/c6453e73-90eb-4fe7-a98c-cde7bbfc504a_320.json index 087e8632d74..e1a84d26a9e 100644 --- a/packages/security_detection_engine/kibana/security_rule/c6453e73-90eb-4fe7-a98c-cde7bbfc504a_320.json +++ b/packages/security_detection_engine/kibana/security_rule/c6453e73-90eb-4fe7-a98c-cde7bbfc504a_320.json @@ -28,27 +28,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c6b40f4c-c6a9-434e-adb8-989b0d06d005_3.json b/packages/security_detection_engine/kibana/security_rule/c6b40f4c-c6a9-434e-adb8-989b0d06d005_3.json deleted file mode 100644 index 0fb4e835492..00000000000 --- a/packages/security_detection_engine/kibana/security_rule/c6b40f4c-c6a9-434e-adb8-989b0d06d005_3.json +++ /dev/null @@ -1,154 +0,0 @@ -{ - "attributes": { - "author": [ - "Elastic" - ], - "description": "Correlates network connections to the standard Kerberos port by an unusual process from the source machine with a Kerberos authentication ticket request from the target domain controller.", - "from": "now-9m", - "index": [ - "logs-endpoint.events.network-*", - "logs-windows.sysmon_operational-*", - "logs-system.security*", - "logs-windows.forwarded*", - "winlogbeat-*" - ], - "language": "eql", - "license": "Elastic License v2", - "name": "Suspicious Kerberos Authentication Ticket Request", - "note": "## Triage and analysis\n\n### Investigating Suspicious Kerberos Authentication Ticket Request\n\nKerberos is the default authentication protocol in Active Directory, designed to provide strong authentication for client/server applications by using secret-key cryptography.\n\nDomain-joined hosts usually perform Kerberos traffic using the `lsass.exe` process. This rule detects the occurrence of traffic on the Kerberos port (88) by processes other than `lsass.exe` to detect the unusual request and usage of Kerberos tickets.\n\n#### Possible investigation steps\n\n- Investigate the process execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if the Destination IP is related to a Domain Controller.\n- Review events ID 4769 and 4768 for suspicious ticket requests.\n- Investigate potentially compromised accounts. Analysts can do this by searching for login events (for example, 4624) to the target host after the registry modification.\n\n### False positive analysis\n\n- Active Directory audit tools.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further post-compromise behavior.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n - Ticket requests can be used to investigate potentially compromised accounts.\n- If the triage identified malware, search the environment for additional compromised hosts.\n - Implement temporary network rules, procedures, and segmentation to contain the malware.\n - Stop suspicious processes.\n - Immediately block the identified indicators of compromise (IoCs).\n - Inspect the affected systems for additional malware backdoors like reverse shells, reverse proxies, or droppers that attackers could use to reinfect the system.\n- Remove and block malicious artifacts identified during triage.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n", - "query": "sequence by source.port, source.ip with maxspan=3s\n [network where host.os.type == \"windows\" and destination.port == 88 and\n process.executable != null and process.pid != 4 and \n not process.executable : \n (\"?:\\\\Windows\\\\system32\\\\lsass.exe\", \n \"\\\\device\\\\harddiskvolume*\\\\windows\\\\system32\\\\lsass.exe\", \n \"\\\\device\\\\harddiskvolume*\\\\windows\\\\system32\\\\svchost.exe\") and\n not (process.executable : (\"C:\\\\Windows\\\\System32\\\\svchost.exe\", \n \"C:\\\\Program Files\\\\VMware\\\\VMware View\\\\Server\\\\bin\\\\ws_TomcatService.exe\", \n \"F:\\\\IGEL\\\\RemoteManager\\\\*\\\\bin\\\\tomcat10.exe\") and user.id in (\"S-1-5-20\", \"S-1-5-18\")) and \n source.ip != \"127.0.0.1\" and destination.ip != \"::1\" and destination.ip != \"127.0.0.1\"]\n [authentication where host.os.type == \"windows\" and event.code in (\"4768\", \"4769\")]\n", - "references": [ - "https://github.com/its-a-feature/bifrost", - "https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/event-4768" - ], - "related_integrations": [ - { - "package": "endpoint", - "version": "^9.0.0" - }, - { - "package": "windows", - "version": "^3.0.0" - }, - { - "package": "system", - "version": "^2.0.0" - } - ], - "required_fields": [ - { - "ecs": true, - "name": "destination.ip", - "type": "ip" - }, - { - "ecs": true, - "name": "destination.port", - "type": "long" - }, - { - "ecs": true, - "name": "event.code", - "type": "keyword" - }, - { - "ecs": true, - "name": "host.os.type", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.executable", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.pid", - "type": "long" - }, - { - "ecs": true, - "name": "source.ip", - "type": "ip" - }, - { - "ecs": true, - "name": "source.port", - "type": "long" - }, - { - "ecs": true, - "name": "user.id", - "type": "keyword" - } - ], - "risk_score": 73, - "rule_id": "c6b40f4c-c6a9-434e-adb8-989b0d06d005", - "severity": "high", - "tags": [ - "Domain: Endpoint", - "Domain: Identity", - "OS: Windows", - "Use Case: Threat Detection", - "Tactic: Credential Access", - "Tactic: Lateral Movement", - "Use Case: Active Directory Monitoring", - "Data Source: Active Directory", - "Data Source: Elastic Defend", - "Data Source: Sysmon", - "Data Source: Windows Security Event Logs", - "Resources: Investigation Guide" - ], - "threat": [ - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0008", - "name": "Lateral Movement", - "reference": "https://attack.mitre.org/tactics/TA0008/" - }, - "technique": [ - { - "id": "T1550", - "name": "Use Alternate Authentication Material", - "reference": "https://attack.mitre.org/techniques/T1550/", - "subtechnique": [ - { - "id": "T1550.003", - "name": "Pass the Ticket", - "reference": "https://attack.mitre.org/techniques/T1550/003/" - } - ] - } - ] - }, - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0006", - "name": "Credential Access", - "reference": "https://attack.mitre.org/tactics/TA0006/" - }, - "technique": [ - { - "id": "T1558", - "name": "Steal or Forge Kerberos Tickets", - "reference": "https://attack.mitre.org/techniques/T1558/", - "subtechnique": [ - { - "id": "T1558.003", - "name": "Kerberoasting", - "reference": "https://attack.mitre.org/techniques/T1558/003/" - } - ] - } - ] - } - ], - "timestamp_override": "event.ingested", - "type": "eql", - "version": 3 - }, - "id": "c6b40f4c-c6a9-434e-adb8-989b0d06d005_3", - "type": "security-rule" -} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/c6b40f4c-c6a9-434e-adb8-989b0d06d005_6.json b/packages/security_detection_engine/kibana/security_rule/c6b40f4c-c6a9-434e-adb8-989b0d06d005_6.json index e706280d1bd..b97e824d033 100644 --- a/packages/security_detection_engine/kibana/security_rule/c6b40f4c-c6a9-434e-adb8-989b0d06d005_6.json +++ b/packages/security_detection_engine/kibana/security_rule/c6b40f4c-c6a9-434e-adb8-989b0d06d005_6.json @@ -33,15 +33,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c70d9f0d-8cb6-4cfc-85df-a95c1ccf4eab_108.json b/packages/security_detection_engine/kibana/security_rule/c70d9f0d-8cb6-4cfc-85df-a95c1ccf4eab_108.json index ff91d761a57..7948b88cb46 100644 --- a/packages/security_detection_engine/kibana/security_rule/c70d9f0d-8cb6-4cfc-85df-a95c1ccf4eab_108.json +++ b/packages/security_detection_engine/kibana/security_rule/c70d9f0d-8cb6-4cfc-85df-a95c1ccf4eab_108.json @@ -43,7 +43,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c73cc6ab-b30e-46bf-b5f2-29d9ab4caf7b_3.json b/packages/security_detection_engine/kibana/security_rule/c73cc6ab-b30e-46bf-b5f2-29d9ab4caf7b_3.json index 6a5bafd88b2..98bfd7ffa51 100644 --- a/packages/security_detection_engine/kibana/security_rule/c73cc6ab-b30e-46bf-b5f2-29d9ab4caf7b_3.json +++ b/packages/security_detection_engine/kibana/security_rule/c73cc6ab-b30e-46bf-b5f2-29d9ab4caf7b_3.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c749e367-a069-4a73-b1f2-43a3798153ad_414.json b/packages/security_detection_engine/kibana/security_rule/c749e367-a069-4a73-b1f2-43a3798153ad_414.json index 79d16854f97..10a62e0f051 100644 --- a/packages/security_detection_engine/kibana/security_rule/c749e367-a069-4a73-b1f2-43a3798153ad_414.json +++ b/packages/security_detection_engine/kibana/security_rule/c749e367-a069-4a73-b1f2-43a3798153ad_414.json @@ -27,7 +27,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c74fd275-ab2c-4d49-8890-e2943fa65c09_413.json b/packages/security_detection_engine/kibana/security_rule/c74fd275-ab2c-4d49-8890-e2943fa65c09_413.json index 39fd0699ca6..6a65979500e 100644 --- a/packages/security_detection_engine/kibana/security_rule/c74fd275-ab2c-4d49-8890-e2943fa65c09_413.json +++ b/packages/security_detection_engine/kibana/security_rule/c74fd275-ab2c-4d49-8890-e2943fa65c09_413.json @@ -27,7 +27,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c75d0c86-38d6-4821-98a1-465cff8ff4c8_7.json b/packages/security_detection_engine/kibana/security_rule/c75d0c86-38d6-4821-98a1-465cff8ff4c8_7.json index 85c46a3582c..aa654ccaada 100644 --- a/packages/security_detection_engine/kibana/security_rule/c75d0c86-38d6-4821-98a1-465cff8ff4c8_7.json +++ b/packages/security_detection_engine/kibana/security_rule/c75d0c86-38d6-4821-98a1-465cff8ff4c8_7.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c766bc56-fdca-11ef-b194-f661ea17fbcd_7.json b/packages/security_detection_engine/kibana/security_rule/c766bc56-fdca-11ef-b194-f661ea17fbcd_7.json index 0a699423222..fee66a5b0c8 100644 --- a/packages/security_detection_engine/kibana/security_rule/c766bc56-fdca-11ef-b194-f661ea17fbcd_7.json +++ b/packages/security_detection_engine/kibana/security_rule/c766bc56-fdca-11ef-b194-f661ea17fbcd_7.json @@ -44,7 +44,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c7894234-7814-44c2-92a9-f7d851ea246a_213.json b/packages/security_detection_engine/kibana/security_rule/c7894234-7814-44c2-92a9-f7d851ea246a_213.json index 28e203c5c2b..fa2dfa9b531 100644 --- a/packages/security_detection_engine/kibana/security_rule/c7894234-7814-44c2-92a9-f7d851ea246a_213.json +++ b/packages/security_detection_engine/kibana/security_rule/c7894234-7814-44c2-92a9-f7d851ea246a_213.json @@ -25,15 +25,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c7908cac-337a-4f38-b50d-5eeb78bdb531_210.json b/packages/security_detection_engine/kibana/security_rule/c7908cac-337a-4f38-b50d-5eeb78bdb531_210.json index f97cd5d2a89..7638b261c8a 100644 --- a/packages/security_detection_engine/kibana/security_rule/c7908cac-337a-4f38-b50d-5eeb78bdb531_210.json +++ b/packages/security_detection_engine/kibana/security_rule/c7908cac-337a-4f38-b50d-5eeb78bdb531_210.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c7ce36c0-32ff-4f9a-bfc2-dcb242bf99f9_218.json b/packages/security_detection_engine/kibana/security_rule/c7ce36c0-32ff-4f9a-bfc2-dcb242bf99f9_218.json index 9361533a19d..e8670458c7f 100644 --- a/packages/security_detection_engine/kibana/security_rule/c7ce36c0-32ff-4f9a-bfc2-dcb242bf99f9_218.json +++ b/packages/security_detection_engine/kibana/security_rule/c7ce36c0-32ff-4f9a-bfc2-dcb242bf99f9_218.json @@ -29,11 +29,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c7db5533-ca2a-41f6-a8b0-ee98abe0f573_110.json b/packages/security_detection_engine/kibana/security_rule/c7db5533-ca2a-41f6-a8b0-ee98abe0f573_110.json index 170b26b3291..6adc624748c 100644 --- a/packages/security_detection_engine/kibana/security_rule/c7db5533-ca2a-41f6-a8b0-ee98abe0f573_110.json +++ b/packages/security_detection_engine/kibana/security_rule/c7db5533-ca2a-41f6-a8b0-ee98abe0f573_110.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/c81cefcb-82b9-4408-a533-3c3df549e62d_112.json b/packages/security_detection_engine/kibana/security_rule/c81cefcb-82b9-4408-a533-3c3df549e62d_112.json index 4df1e90353b..6abba55b653 100644 --- a/packages/security_detection_engine/kibana/security_rule/c81cefcb-82b9-4408-a533-3c3df549e62d_112.json +++ b/packages/security_detection_engine/kibana/security_rule/c81cefcb-82b9-4408-a533-3c3df549e62d_112.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c82b2bd8-d701-420c-ba43-f11a155b681a_112.json b/packages/security_detection_engine/kibana/security_rule/c82b2bd8-d701-420c-ba43-f11a155b681a_112.json index 4344697a123..fa11c068303 100644 --- a/packages/security_detection_engine/kibana/security_rule/c82b2bd8-d701-420c-ba43-f11a155b681a_112.json +++ b/packages/security_detection_engine/kibana/security_rule/c82b2bd8-d701-420c-ba43-f11a155b681a_112.json @@ -27,23 +27,23 @@ "related_integrations": [ { "package": "panw", - "version": "^5.2.0" + "version": ">=5.2.0" }, { "package": "pfsense", - "version": "^1.22.0" + "version": ">=1.22.0" }, { "package": "corelight", - "version": "^1.0.0" + "version": ">=1.0.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" }, { "package": "zeek", - "version": "^5.0.0" + "version": ">=5.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c82c7d8f-fb9e-4874-a4bd-fd9e3f9becf1_117.json b/packages/security_detection_engine/kibana/security_rule/c82c7d8f-fb9e-4874-a4bd-fd9e3f9becf1_117.json index d96543f9ba4..be676c2e3c5 100644 --- a/packages/security_detection_engine/kibana/security_rule/c82c7d8f-fb9e-4874-a4bd-fd9e3f9becf1_117.json +++ b/packages/security_detection_engine/kibana/security_rule/c82c7d8f-fb9e-4874-a4bd-fd9e3f9becf1_117.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c85eb82c-d2c8-485c-a36f-534f914b7663_109.json b/packages/security_detection_engine/kibana/security_rule/c85eb82c-d2c8-485c-a36f-534f914b7663_109.json index c8be648a51e..fb2ff2dfcfb 100644 --- a/packages/security_detection_engine/kibana/security_rule/c85eb82c-d2c8-485c-a36f-534f914b7663_109.json +++ b/packages/security_detection_engine/kibana/security_rule/c85eb82c-d2c8-485c-a36f-534f914b7663_109.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c88d4bd0-5649-4c52-87ea-9be59dbfbcf2_111.json b/packages/security_detection_engine/kibana/security_rule/c88d4bd0-5649-4c52-87ea-9be59dbfbcf2_111.json index e5102c3dc7e..af2f746667f 100644 --- a/packages/security_detection_engine/kibana/security_rule/c88d4bd0-5649-4c52-87ea-9be59dbfbcf2_111.json +++ b/packages/security_detection_engine/kibana/security_rule/c88d4bd0-5649-4c52-87ea-9be59dbfbcf2_111.json @@ -39,7 +39,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c8935a8b-634a-4449-98f7-bb24d3b2c0af_15.json b/packages/security_detection_engine/kibana/security_rule/c8935a8b-634a-4449-98f7-bb24d3b2c0af_15.json index 79e930deb7f..8ba60b4f1be 100644 --- a/packages/security_detection_engine/kibana/security_rule/c8935a8b-634a-4449-98f7-bb24d3b2c0af_15.json +++ b/packages/security_detection_engine/kibana/security_rule/c8935a8b-634a-4449-98f7-bb24d3b2c0af_15.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c8b150f0-0164-475b-a75e-74b47800a9ff_320.json b/packages/security_detection_engine/kibana/security_rule/c8b150f0-0164-475b-a75e-74b47800a9ff_320.json index 3f455c84356..986f9738645 100644 --- a/packages/security_detection_engine/kibana/security_rule/c8b150f0-0164-475b-a75e-74b47800a9ff_320.json +++ b/packages/security_detection_engine/kibana/security_rule/c8b150f0-0164-475b-a75e-74b47800a9ff_320.json @@ -45,23 +45,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c8cc8192-f4f5-4ed3-8368-544ca738d506_1.json b/packages/security_detection_engine/kibana/security_rule/c8cc8192-f4f5-4ed3-8368-544ca738d506_1.json index 6a7749f569c..3a12fc9e649 100644 --- a/packages/security_detection_engine/kibana/security_rule/c8cc8192-f4f5-4ed3-8368-544ca738d506_1.json +++ b/packages/security_detection_engine/kibana/security_rule/c8cc8192-f4f5-4ed3-8368-544ca738d506_1.json @@ -48,7 +48,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c8cccb06-faf2-4cd5-886e-2c9636cfcb87_319.json b/packages/security_detection_engine/kibana/security_rule/c8cccb06-faf2-4cd5-886e-2c9636cfcb87_319.json index 031fe9544c4..5b9b33ffa69 100644 --- a/packages/security_detection_engine/kibana/security_rule/c8cccb06-faf2-4cd5-886e-2c9636cfcb87_319.json +++ b/packages/security_detection_engine/kibana/security_rule/c8cccb06-faf2-4cd5-886e-2c9636cfcb87_319.json @@ -33,27 +33,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c8e4f1a2-9b3d-4c5e-a6f7-8b9c0d1e2f3a_1.json b/packages/security_detection_engine/kibana/security_rule/c8e4f1a2-9b3d-4c5e-a6f7-8b9c0d1e2f3a_1.json index f81fc525141..f2b7f0f2e5c 100644 --- a/packages/security_detection_engine/kibana/security_rule/c8e4f1a2-9b3d-4c5e-a6f7-8b9c0d1e2f3a_1.json +++ b/packages/security_detection_engine/kibana/security_rule/c8e4f1a2-9b3d-4c5e-a6f7-8b9c0d1e2f3a_1.json @@ -47,7 +47,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c8e5f6a2-1234-4d5e-9f8a-b7c6d5e4f3a2_4.json b/packages/security_detection_engine/kibana/security_rule/c8e5f6a2-1234-4d5e-9f8a-b7c6d5e4f3a2_4.json index 0e4800572d5..2e05d6e3faa 100644 --- a/packages/security_detection_engine/kibana/security_rule/c8e5f6a2-1234-4d5e-9f8a-b7c6d5e4f3a2_4.json +++ b/packages/security_detection_engine/kibana/security_rule/c8e5f6a2-1234-4d5e-9f8a-b7c6d5e4f3a2_4.json @@ -46,7 +46,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c8f4a2e1-9b3d-4c7e-8f2a-1d0e5b6c7a89_1.json b/packages/security_detection_engine/kibana/security_rule/c8f4a2e1-9b3d-4c7e-8f2a-1d0e5b6c7a89_1.json index a9215b6a5c1..74afbfba06a 100644 --- a/packages/security_detection_engine/kibana/security_rule/c8f4a2e1-9b3d-4c7e-8f2a-1d0e5b6c7a89_1.json +++ b/packages/security_detection_engine/kibana/security_rule/c8f4a2e1-9b3d-4c7e-8f2a-1d0e5b6c7a89_1.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c9482bfa-a553-4226-8ea2-4959bd4f7923_13.json b/packages/security_detection_engine/kibana/security_rule/c9482bfa-a553-4226-8ea2-4959bd4f7923_13.json index 7a9f507ec4a..7a95a702856 100644 --- a/packages/security_detection_engine/kibana/security_rule/c9482bfa-a553-4226-8ea2-4959bd4f7923_13.json +++ b/packages/security_detection_engine/kibana/security_rule/c9482bfa-a553-4226-8ea2-4959bd4f7923_13.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c9636a6e-125e-11f1-9cd3-f661ea17fbce_3.json b/packages/security_detection_engine/kibana/security_rule/c9636a6e-125e-11f1-9cd3-f661ea17fbce_3.json index 9bb015ad298..e9982a18094 100644 --- a/packages/security_detection_engine/kibana/security_rule/c9636a6e-125e-11f1-9cd3-f661ea17fbce_3.json +++ b/packages/security_detection_engine/kibana/security_rule/c9636a6e-125e-11f1-9cd3-f661ea17fbce_3.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c9847fe9-3bed-4e6b-b319-f9956d6dd02a_5.json b/packages/security_detection_engine/kibana/security_rule/c9847fe9-3bed-4e6b-b319-f9956d6dd02a_5.json index 0279697a814..9bab801da54 100644 --- a/packages/security_detection_engine/kibana/security_rule/c9847fe9-3bed-4e6b-b319-f9956d6dd02a_5.json +++ b/packages/security_detection_engine/kibana/security_rule/c9847fe9-3bed-4e6b-b319-f9956d6dd02a_5.json @@ -43,27 +43,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/c9d4e8f1-2a3b-4c5d-8e9f-0a1b2c3d4e5f_1.json b/packages/security_detection_engine/kibana/security_rule/c9d4e8f1-2a3b-4c5d-8e9f-0a1b2c3d4e5f_1.json index 3307cf0165c..83b7555a3eb 100644 --- a/packages/security_detection_engine/kibana/security_rule/c9d4e8f1-2a3b-4c5d-8e9f-0a1b2c3d4e5f_1.json +++ b/packages/security_detection_engine/kibana/security_rule/c9d4e8f1-2a3b-4c5d-8e9f-0a1b2c3d4e5f_1.json @@ -18,7 +18,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ca3bcacc-9285-4452-a742-5dae77538f61_8.json b/packages/security_detection_engine/kibana/security_rule/ca3bcacc-9285-4452-a742-5dae77538f61_8.json index c4ec1cb8f3f..689dbb5e2d8 100644 --- a/packages/security_detection_engine/kibana/security_rule/ca3bcacc-9285-4452-a742-5dae77538f61_8.json +++ b/packages/security_detection_engine/kibana/security_rule/ca3bcacc-9285-4452-a742-5dae77538f61_8.json @@ -21,19 +21,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ca79768e-40e1-4e45-a097-0e5fbc876ac2_213.json b/packages/security_detection_engine/kibana/security_rule/ca79768e-40e1-4e45-a097-0e5fbc876ac2_213.json index 26f47cb9b07..f5ab44b9ed7 100644 --- a/packages/security_detection_engine/kibana/security_rule/ca79768e-40e1-4e45-a097-0e5fbc876ac2_213.json +++ b/packages/security_detection_engine/kibana/security_rule/ca79768e-40e1-4e45-a097-0e5fbc876ac2_213.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ca98c7cf-a56e-4057-a4e8-39603f7f0389_15.json b/packages/security_detection_engine/kibana/security_rule/ca98c7cf-a56e-4057-a4e8-39603f7f0389_15.json index 7021b7c3289..c8302b9505e 100644 --- a/packages/security_detection_engine/kibana/security_rule/ca98c7cf-a56e-4057-a4e8-39603f7f0389_15.json +++ b/packages/security_detection_engine/kibana/security_rule/ca98c7cf-a56e-4057-a4e8-39603f7f0389_15.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/caaa8b78-367c-11f0-beb8-f661ea17fbcd_6.json b/packages/security_detection_engine/kibana/security_rule/caaa8b78-367c-11f0-beb8-f661ea17fbcd_6.json index 78ae5b10fe7..b3fc33e3ac9 100644 --- a/packages/security_detection_engine/kibana/security_rule/caaa8b78-367c-11f0-beb8-f661ea17fbcd_6.json +++ b/packages/security_detection_engine/kibana/security_rule/caaa8b78-367c-11f0-beb8-f661ea17fbcd_6.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/cac91072-d165-11ec-a764-f661ea17fbce_219.json b/packages/security_detection_engine/kibana/security_rule/cac91072-d165-11ec-a764-f661ea17fbce_219.json index cbefe1af553..f2e2f15d5c5 100644 --- a/packages/security_detection_engine/kibana/security_rule/cac91072-d165-11ec-a764-f661ea17fbce_219.json +++ b/packages/security_detection_engine/kibana/security_rule/cac91072-d165-11ec-a764-f661ea17fbce_219.json @@ -31,7 +31,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/cad4500a-abd7-4ef3-b5d3-95524de7cfe1_213.json b/packages/security_detection_engine/kibana/security_rule/cad4500a-abd7-4ef3-b5d3-95524de7cfe1_213.json index f593cfd785d..0537475fb10 100644 --- a/packages/security_detection_engine/kibana/security_rule/cad4500a-abd7-4ef3-b5d3-95524de7cfe1_213.json +++ b/packages/security_detection_engine/kibana/security_rule/cad4500a-abd7-4ef3-b5d3-95524de7cfe1_213.json @@ -37,7 +37,7 @@ "related_integrations": [ { "package": "google_workspace", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/cb71aa62-55c8-42f0-b0dd-afb0bb0b1f51_110.json b/packages/security_detection_engine/kibana/security_rule/cb71aa62-55c8-42f0-b0dd-afb0bb0b1f51_110.json index 94245ea6f1e..327cf6e99c2 100644 --- a/packages/security_detection_engine/kibana/security_rule/cb71aa62-55c8-42f0-b0dd-afb0bb0b1f51_110.json +++ b/packages/security_detection_engine/kibana/security_rule/cb71aa62-55c8-42f0-b0dd-afb0bb0b1f51_110.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/cb9554e8-9f31-41a8-b4f5-d82144e6dc33_1.json b/packages/security_detection_engine/kibana/security_rule/cb9554e8-9f31-41a8-b4f5-d82144e6dc33_1.json index 67775851ad2..e9b5409d6ea 100644 --- a/packages/security_detection_engine/kibana/security_rule/cb9554e8-9f31-41a8-b4f5-d82144e6dc33_1.json +++ b/packages/security_detection_engine/kibana/security_rule/cb9554e8-9f31-41a8-b4f5-d82144e6dc33_1.json @@ -24,11 +24,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/cbbe0523-33f3-4420-b88d-5c940d9e72c1_2.json b/packages/security_detection_engine/kibana/security_rule/cbbe0523-33f3-4420-b88d-5c940d9e72c1_2.json index aa3c4beca79..695fed8743e 100644 --- a/packages/security_detection_engine/kibana/security_rule/cbbe0523-33f3-4420-b88d-5c940d9e72c1_2.json +++ b/packages/security_detection_engine/kibana/security_rule/cbbe0523-33f3-4420-b88d-5c940d9e72c1_2.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "fortinet_fortigate", - "version": "^1.31.0" + "version": ">=1.31.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/cbda9a0e-2be4-4eaa-9571-8d6a503e9828_3.json b/packages/security_detection_engine/kibana/security_rule/cbda9a0e-2be4-4eaa-9571-8d6a503e9828_3.json index b68683f076e..a742ec5b671 100644 --- a/packages/security_detection_engine/kibana/security_rule/cbda9a0e-2be4-4eaa-9571-8d6a503e9828_3.json +++ b/packages/security_detection_engine/kibana/security_rule/cbda9a0e-2be4-4eaa-9571-8d6a503e9828_3.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/cc2fd2d0-ba3a-4939-b87f-2901764ed036_111.json b/packages/security_detection_engine/kibana/security_rule/cc2fd2d0-ba3a-4939-b87f-2901764ed036_111.json index c94840d8bee..d6ea28ffefc 100644 --- a/packages/security_detection_engine/kibana/security_rule/cc2fd2d0-ba3a-4939-b87f-2901764ed036_111.json +++ b/packages/security_detection_engine/kibana/security_rule/cc2fd2d0-ba3a-4939-b87f-2901764ed036_111.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/cc382a2e-7e52-11ee-9aac-f661ea17fbcd_311.json b/packages/security_detection_engine/kibana/security_rule/cc382a2e-7e52-11ee-9aac-f661ea17fbcd_311.json index 15354e2ec2b..c3bc53121db 100644 --- a/packages/security_detection_engine/kibana/security_rule/cc382a2e-7e52-11ee-9aac-f661ea17fbcd_311.json +++ b/packages/security_detection_engine/kibana/security_rule/cc382a2e-7e52-11ee-9aac-f661ea17fbcd_311.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/cc653d77-ddd2-45b1-9197-c75ad19df66c_107.json b/packages/security_detection_engine/kibana/security_rule/cc653d77-ddd2-45b1-9197-c75ad19df66c_107.json index dc8d8fea734..8034cad3a69 100644 --- a/packages/security_detection_engine/kibana/security_rule/cc653d77-ddd2-45b1-9197-c75ad19df66c_107.json +++ b/packages/security_detection_engine/kibana/security_rule/cc653d77-ddd2-45b1-9197-c75ad19df66c_107.json @@ -19,15 +19,15 @@ "related_integrations": [ { "package": "ded", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/cc6a8a20-2df2-11ed-8378-f661ea17fbce_112.json b/packages/security_detection_engine/kibana/security_rule/cc6a8a20-2df2-11ed-8378-f661ea17fbce_112.json index 81df136e18c..6b55df63210 100644 --- a/packages/security_detection_engine/kibana/security_rule/cc6a8a20-2df2-11ed-8378-f661ea17fbce_112.json +++ b/packages/security_detection_engine/kibana/security_rule/cc6a8a20-2df2-11ed-8378-f661ea17fbce_112.json @@ -40,7 +40,7 @@ "related_integrations": [ { "package": "google_workspace", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/cc89312d-6f47-48e4-a87c-4977bd4633c3_109.json b/packages/security_detection_engine/kibana/security_rule/cc89312d-6f47-48e4-a87c-4977bd4633c3_109.json index 1354efa2a9c..b9acf281d65 100644 --- a/packages/security_detection_engine/kibana/security_rule/cc89312d-6f47-48e4-a87c-4977bd4633c3_109.json +++ b/packages/security_detection_engine/kibana/security_rule/cc89312d-6f47-48e4-a87c-4977bd4633c3_109.json @@ -23,7 +23,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/cc92c835-da92-45c9-9f29-b4992ad621a0_416.json b/packages/security_detection_engine/kibana/security_rule/cc92c835-da92-45c9-9f29-b4992ad621a0_416.json index 7433326638a..270d5ba8ef7 100644 --- a/packages/security_detection_engine/kibana/security_rule/cc92c835-da92-45c9-9f29-b4992ad621a0_416.json +++ b/packages/security_detection_engine/kibana/security_rule/cc92c835-da92-45c9-9f29-b4992ad621a0_416.json @@ -27,7 +27,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/cca64114-fb8b-11ef-86e2-f661ea17fbce_9.json b/packages/security_detection_engine/kibana/security_rule/cca64114-fb8b-11ef-86e2-f661ea17fbce_9.json index 24fd2bc3ebb..178f4a97d18 100644 --- a/packages/security_detection_engine/kibana/security_rule/cca64114-fb8b-11ef-86e2-f661ea17fbce_9.json +++ b/packages/security_detection_engine/kibana/security_rule/cca64114-fb8b-11ef-86e2-f661ea17fbce_9.json @@ -28,7 +28,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "risk_score": 47, diff --git a/packages/security_detection_engine/kibana/security_rule/cccc9be5-d8b0-466e-8a37-617eae57351a_2.json b/packages/security_detection_engine/kibana/security_rule/cccc9be5-d8b0-466e-8a37-617eae57351a_2.json index 8bb88dc287d..d48f3b4cfc6 100644 --- a/packages/security_detection_engine/kibana/security_rule/cccc9be5-d8b0-466e-8a37-617eae57351a_2.json +++ b/packages/security_detection_engine/kibana/security_rule/cccc9be5-d8b0-466e-8a37-617eae57351a_2.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/cd16fb10-0261-46e8-9932-a0336278cdbe_415.json b/packages/security_detection_engine/kibana/security_rule/cd16fb10-0261-46e8-9932-a0336278cdbe_415.json index 673b4d1ddc3..8b30e12fb95 100644 --- a/packages/security_detection_engine/kibana/security_rule/cd16fb10-0261-46e8-9932-a0336278cdbe_415.json +++ b/packages/security_detection_engine/kibana/security_rule/cd16fb10-0261-46e8-9932-a0336278cdbe_415.json @@ -27,7 +27,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/cd24c340-b778-44bd-ab69-2f739bd70ce1_3.json b/packages/security_detection_engine/kibana/security_rule/cd24c340-b778-44bd-ab69-2f739bd70ce1_3.json index e114709c509..e0a116acae8 100644 --- a/packages/security_detection_engine/kibana/security_rule/cd24c340-b778-44bd-ab69-2f739bd70ce1_3.json +++ b/packages/security_detection_engine/kibana/security_rule/cd24c340-b778-44bd-ab69-2f739bd70ce1_3.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/cd66a419-9b3f-4f57-8ff8-ac4cd2d5f530_208.json b/packages/security_detection_engine/kibana/security_rule/cd66a419-9b3f-4f57-8ff8-ac4cd2d5f530_208.json index 675ece0d2f3..b3ada409381 100644 --- a/packages/security_detection_engine/kibana/security_rule/cd66a419-9b3f-4f57-8ff8-ac4cd2d5f530_208.json +++ b/packages/security_detection_engine/kibana/security_rule/cd66a419-9b3f-4f57-8ff8-ac4cd2d5f530_208.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/cd66a5af-e34b-4bb0-8931-57d0a043f2ef_215.json b/packages/security_detection_engine/kibana/security_rule/cd66a5af-e34b-4bb0-8931-57d0a043f2ef_215.json index d20398242d0..7517ebf84e3 100644 --- a/packages/security_detection_engine/kibana/security_rule/cd66a5af-e34b-4bb0-8931-57d0a043f2ef_215.json +++ b/packages/security_detection_engine/kibana/security_rule/cd66a5af-e34b-4bb0-8931-57d0a043f2ef_215.json @@ -25,15 +25,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/cd82e3d6-1346-4afd-8f22-38388bbf34cb_9.json b/packages/security_detection_engine/kibana/security_rule/cd82e3d6-1346-4afd-8f22-38388bbf34cb_9.json index b3ea2b1b9d2..8a314a7b0d0 100644 --- a/packages/security_detection_engine/kibana/security_rule/cd82e3d6-1346-4afd-8f22-38388bbf34cb_9.json +++ b/packages/security_detection_engine/kibana/security_rule/cd82e3d6-1346-4afd-8f22-38388bbf34cb_9.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/cd89602e-9db0-48e3-9391-ae3bf241acd8_419.json b/packages/security_detection_engine/kibana/security_rule/cd89602e-9db0-48e3-9391-ae3bf241acd8_419.json index 612e33dbca0..a1e0abf17e0 100644 --- a/packages/security_detection_engine/kibana/security_rule/cd89602e-9db0-48e3-9391-ae3bf241acd8_419.json +++ b/packages/security_detection_engine/kibana/security_rule/cd89602e-9db0-48e3-9391-ae3bf241acd8_419.json @@ -27,7 +27,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/cdbebdc1-dc97-43c6-a538-f26a20c0a911_416.json b/packages/security_detection_engine/kibana/security_rule/cdbebdc1-dc97-43c6-a538-f26a20c0a911_416.json index d6bc391a030..92a0ad0c09b 100644 --- a/packages/security_detection_engine/kibana/security_rule/cdbebdc1-dc97-43c6-a538-f26a20c0a911_416.json +++ b/packages/security_detection_engine/kibana/security_rule/cdbebdc1-dc97-43c6-a538-f26a20c0a911_416.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/cde1bafa-9f01-4f43-a872-605b678968b0_221.json b/packages/security_detection_engine/kibana/security_rule/cde1bafa-9f01-4f43-a872-605b678968b0_221.json index d7bc9179522..c973a20f411 100644 --- a/packages/security_detection_engine/kibana/security_rule/cde1bafa-9f01-4f43-a872-605b678968b0_221.json +++ b/packages/security_detection_engine/kibana/security_rule/cde1bafa-9f01-4f43-a872-605b678968b0_221.json @@ -56,7 +56,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/cdf1a39b-1ca5-4e2a-9739-17fc4d026029_7.json b/packages/security_detection_engine/kibana/security_rule/cdf1a39b-1ca5-4e2a-9739-17fc4d026029_7.json index 0063ba3f799..04b8ce05e7b 100644 --- a/packages/security_detection_engine/kibana/security_rule/cdf1a39b-1ca5-4e2a-9739-17fc4d026029_7.json +++ b/packages/security_detection_engine/kibana/security_rule/cdf1a39b-1ca5-4e2a-9739-17fc4d026029_7.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/cdf7b922-909c-440c-8df0-0efe72aa7bea_1.json b/packages/security_detection_engine/kibana/security_rule/cdf7b922-909c-440c-8df0-0efe72aa7bea_1.json index ec3a0fc49bc..d522a09b6c2 100644 --- a/packages/security_detection_engine/kibana/security_rule/cdf7b922-909c-440c-8df0-0efe72aa7bea_1.json +++ b/packages/security_detection_engine/kibana/security_rule/cdf7b922-909c-440c-8df0-0efe72aa7bea_1.json @@ -43,7 +43,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ce08b55a-f67d-4804-92b5-617b0fe5a5b5_208.json b/packages/security_detection_engine/kibana/security_rule/ce08b55a-f67d-4804-92b5-617b0fe5a5b5_208.json index 66ae67cc631..4ee42e92a0e 100644 --- a/packages/security_detection_engine/kibana/security_rule/ce08b55a-f67d-4804-92b5-617b0fe5a5b5_208.json +++ b/packages/security_detection_engine/kibana/security_rule/ce08b55a-f67d-4804-92b5-617b0fe5a5b5_208.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "github", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ce08cdb8-e6cb-46bb-a7cc-16d17547323f_102.json b/packages/security_detection_engine/kibana/security_rule/ce08cdb8-e6cb-46bb-a7cc-16d17547323f_102.json index 0a0589390d2..19d79e52957 100644 --- a/packages/security_detection_engine/kibana/security_rule/ce08cdb8-e6cb-46bb-a7cc-16d17547323f_102.json +++ b/packages/security_detection_engine/kibana/security_rule/ce08cdb8-e6cb-46bb-a7cc-16d17547323f_102.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/ce4a32e5-32aa-47e6-80da-ced6d234387d_6.json b/packages/security_detection_engine/kibana/security_rule/ce4a32e5-32aa-47e6-80da-ced6d234387d_6.json index a8cd890427b..21d3b658f3d 100644 --- a/packages/security_detection_engine/kibana/security_rule/ce4a32e5-32aa-47e6-80da-ced6d234387d_6.json +++ b/packages/security_detection_engine/kibana/security_rule/ce4a32e5-32aa-47e6-80da-ced6d234387d_6.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ce64d965-6cb0-466d-b74f-8d2c76f47f05_318.json b/packages/security_detection_engine/kibana/security_rule/ce64d965-6cb0-466d-b74f-8d2c76f47f05_318.json index 8a4d1bcccc8..01a45b13e7e 100644 --- a/packages/security_detection_engine/kibana/security_rule/ce64d965-6cb0-466d-b74f-8d2c76f47f05_318.json +++ b/packages/security_detection_engine/kibana/security_rule/ce64d965-6cb0-466d-b74f-8d2c76f47f05_318.json @@ -31,27 +31,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ce73954b-a0a4-4f05-b67b-294c500dac77_4.json b/packages/security_detection_engine/kibana/security_rule/ce73954b-a0a4-4f05-b67b-294c500dac77_4.json index 2068a3fdb5e..7dd4e148db4 100644 --- a/packages/security_detection_engine/kibana/security_rule/ce73954b-a0a4-4f05-b67b-294c500dac77_4.json +++ b/packages/security_detection_engine/kibana/security_rule/ce73954b-a0a4-4f05-b67b-294c500dac77_4.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/cebabc1e-1145-4e39-b04b-34d621ee1e2c_1.json b/packages/security_detection_engine/kibana/security_rule/cebabc1e-1145-4e39-b04b-34d621ee1e2c_1.json index 03a49db72b1..6ba662817bf 100644 --- a/packages/security_detection_engine/kibana/security_rule/cebabc1e-1145-4e39-b04b-34d621ee1e2c_1.json +++ b/packages/security_detection_engine/kibana/security_rule/cebabc1e-1145-4e39-b04b-34d621ee1e2c_1.json @@ -18,7 +18,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/cf2b8cf5-3364-4396-b551-42aae9b6d37e_3.json b/packages/security_detection_engine/kibana/security_rule/cf2b8cf5-3364-4396-b551-42aae9b6d37e_3.json index a93302e23c9..b76d2b4af7e 100644 --- a/packages/security_detection_engine/kibana/security_rule/cf2b8cf5-3364-4396-b551-42aae9b6d37e_3.json +++ b/packages/security_detection_engine/kibana/security_rule/cf2b8cf5-3364-4396-b551-42aae9b6d37e_3.json @@ -29,19 +29,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/cf307a5a-d503-44a4-8158-db196d99c9df_2.json b/packages/security_detection_engine/kibana/security_rule/cf307a5a-d503-44a4-8158-db196d99c9df_2.json index b1e25f5729f..99b7f0819ee 100644 --- a/packages/security_detection_engine/kibana/security_rule/cf307a5a-d503-44a4-8158-db196d99c9df_2.json +++ b/packages/security_detection_engine/kibana/security_rule/cf307a5a-d503-44a4-8158-db196d99c9df_2.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/cf549724-c577-4fd6-8f9b-d1b8ec519ec0_211.json b/packages/security_detection_engine/kibana/security_rule/cf549724-c577-4fd6-8f9b-d1b8ec519ec0_211.json index 124ad3ee52d..7daf4b94ffe 100644 --- a/packages/security_detection_engine/kibana/security_rule/cf549724-c577-4fd6-8f9b-d1b8ec519ec0_211.json +++ b/packages/security_detection_engine/kibana/security_rule/cf549724-c577-4fd6-8f9b-d1b8ec519ec0_211.json @@ -36,7 +36,7 @@ "related_integrations": [ { "package": "google_workspace", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/cf6995ec-32a9-4b2d-9340-f8e61acf3f4e_6.json b/packages/security_detection_engine/kibana/security_rule/cf6995ec-32a9-4b2d-9340-f8e61acf3f4e_6.json index b7710ac5f7f..6eab035cddc 100644 --- a/packages/security_detection_engine/kibana/security_rule/cf6995ec-32a9-4b2d-9340-f8e61acf3f4e_6.json +++ b/packages/security_detection_engine/kibana/security_rule/cf6995ec-32a9-4b2d-9340-f8e61acf3f4e_6.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/cff92c41-2225-4763-b4ce-6f71e5bda5e6_322.json b/packages/security_detection_engine/kibana/security_rule/cff92c41-2225-4763-b4ce-6f71e5bda5e6_322.json index 2ab89bd6917..4e88ed80895 100644 --- a/packages/security_detection_engine/kibana/security_rule/cff92c41-2225-4763-b4ce-6f71e5bda5e6_322.json +++ b/packages/security_detection_engine/kibana/security_rule/cff92c41-2225-4763-b4ce-6f71e5bda5e6_322.json @@ -27,23 +27,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/cffbaf47-9391-4e09-a83c-1f27d7474826_4.json b/packages/security_detection_engine/kibana/security_rule/cffbaf47-9391-4e09-a83c-1f27d7474826_4.json index 122274251d9..a9ddc8b4138 100644 --- a/packages/security_detection_engine/kibana/security_rule/cffbaf47-9391-4e09-a83c-1f27d7474826_4.json +++ b/packages/security_detection_engine/kibana/security_rule/cffbaf47-9391-4e09-a83c-1f27d7474826_4.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d0088204-675b-4175-bf07-1665da2d4810_1.json b/packages/security_detection_engine/kibana/security_rule/d0088204-675b-4175-bf07-1665da2d4810_1.json index 3cca5066953..19241f76ae0 100644 --- a/packages/security_detection_engine/kibana/security_rule/d0088204-675b-4175-bf07-1665da2d4810_1.json +++ b/packages/security_detection_engine/kibana/security_rule/d0088204-675b-4175-bf07-1665da2d4810_1.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d00f33e7-b57d-4023-9952-2db91b1767c4_116.json b/packages/security_detection_engine/kibana/security_rule/d00f33e7-b57d-4023-9952-2db91b1767c4_116.json index 1f486c88f6c..e761fc22b42 100644 --- a/packages/security_detection_engine/kibana/security_rule/d00f33e7-b57d-4023-9952-2db91b1767c4_116.json +++ b/packages/security_detection_engine/kibana/security_rule/d00f33e7-b57d-4023-9952-2db91b1767c4_116.json @@ -24,15 +24,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d08ba1ed-a0a3-4fe0-9c02-e643b9a25a03_2.json b/packages/security_detection_engine/kibana/security_rule/d08ba1ed-a0a3-4fe0-9c02-e643b9a25a03_2.json index 9d1dfa959d1..fb79d36dc02 100644 --- a/packages/security_detection_engine/kibana/security_rule/d08ba1ed-a0a3-4fe0-9c02-e643b9a25a03_2.json +++ b/packages/security_detection_engine/kibana/security_rule/d08ba1ed-a0a3-4fe0-9c02-e643b9a25a03_2.json @@ -27,7 +27,7 @@ "related_integrations": [ { "package": "fortinet_fortigate", - "version": "^1.31.0" + "version": ">=1.31.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d0b0f3ed-0b37-44bf-adee-e8cb7de92767_104.json b/packages/security_detection_engine/kibana/security_rule/d0b0f3ed-0b37-44bf-adee-e8cb7de92767_104.json index 762ce8e5981..cdebb2c0f13 100644 --- a/packages/security_detection_engine/kibana/security_rule/d0b0f3ed-0b37-44bf-adee-e8cb7de92767_104.json +++ b/packages/security_detection_engine/kibana/security_rule/d0b0f3ed-0b37-44bf-adee-e8cb7de92767_104.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d0e159cf-73e9-40d1-a9ed-077e3158a855_317.json b/packages/security_detection_engine/kibana/security_rule/d0e159cf-73e9-40d1-a9ed-077e3158a855_317.json index d4a9cf5c24a..a4163c7014f 100644 --- a/packages/security_detection_engine/kibana/security_rule/d0e159cf-73e9-40d1-a9ed-077e3158a855_317.json +++ b/packages/security_detection_engine/kibana/security_rule/d0e159cf-73e9-40d1-a9ed-077e3158a855_317.json @@ -22,23 +22,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d117cbb4-7d56-41b4-b999-bdf8c25648a0_319.json b/packages/security_detection_engine/kibana/security_rule/d117cbb4-7d56-41b4-b999-bdf8c25648a0_319.json index 401f65ecb20..e4fbf69af3f 100644 --- a/packages/security_detection_engine/kibana/security_rule/d117cbb4-7d56-41b4-b999-bdf8c25648a0_319.json +++ b/packages/security_detection_engine/kibana/security_rule/d117cbb4-7d56-41b4-b999-bdf8c25648a0_319.json @@ -34,27 +34,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d121f0a8-4875-11f0-bb2b-f661ea17fbcd_4.json b/packages/security_detection_engine/kibana/security_rule/d121f0a8-4875-11f0-bb2b-f661ea17fbcd_4.json index deaa80ac636..54f66485b96 100644 --- a/packages/security_detection_engine/kibana/security_rule/d121f0a8-4875-11f0-bb2b-f661ea17fbcd_4.json +++ b/packages/security_detection_engine/kibana/security_rule/d121f0a8-4875-11f0-bb2b-f661ea17fbcd_4.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d12bac54-ab2a-4159-933f-d7bcefa7b61d_10.json b/packages/security_detection_engine/kibana/security_rule/d12bac54-ab2a-4159-933f-d7bcefa7b61d_10.json index e7fe4f9b229..803b3894ec4 100644 --- a/packages/security_detection_engine/kibana/security_rule/d12bac54-ab2a-4159-933f-d7bcefa7b61d_10.json +++ b/packages/security_detection_engine/kibana/security_rule/d12bac54-ab2a-4159-933f-d7bcefa7b61d_10.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d197478e-39f0-4347-a22f-ba654718b148_6.json b/packages/security_detection_engine/kibana/security_rule/d197478e-39f0-4347-a22f-ba654718b148_6.json index 9f6b929d012..2c678677b99 100644 --- a/packages/security_detection_engine/kibana/security_rule/d197478e-39f0-4347-a22f-ba654718b148_6.json +++ b/packages/security_detection_engine/kibana/security_rule/d197478e-39f0-4347-a22f-ba654718b148_6.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d19a2399-f8e2-4b10-80d8-a561ce9d24d1_5.json b/packages/security_detection_engine/kibana/security_rule/d19a2399-f8e2-4b10-80d8-a561ce9d24d1_5.json index bf7808b2b23..8935a61f25a 100644 --- a/packages/security_detection_engine/kibana/security_rule/d19a2399-f8e2-4b10-80d8-a561ce9d24d1_5.json +++ b/packages/security_detection_engine/kibana/security_rule/d19a2399-f8e2-4b10-80d8-a561ce9d24d1_5.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d1b37c0b-4f8b-4cfb-9a1d-639bf8c028b7_1.json b/packages/security_detection_engine/kibana/security_rule/d1b37c0b-4f8b-4cfb-9a1d-639bf8c028b7_1.json index 22c9c69143c..f278579014e 100644 --- a/packages/security_detection_engine/kibana/security_rule/d1b37c0b-4f8b-4cfb-9a1d-639bf8c028b7_1.json +++ b/packages/security_detection_engine/kibana/security_rule/d1b37c0b-4f8b-4cfb-9a1d-639bf8c028b7_1.json @@ -28,7 +28,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d1e5e410-3e34-412e-9b1f-dd500b3b55cd_8.json b/packages/security_detection_engine/kibana/security_rule/d1e5e410-3e34-412e-9b1f-dd500b3b55cd_8.json index e1105ad4d17..aa48c387a9b 100644 --- a/packages/security_detection_engine/kibana/security_rule/d1e5e410-3e34-412e-9b1f-dd500b3b55cd_8.json +++ b/packages/security_detection_engine/kibana/security_rule/d1e5e410-3e34-412e-9b1f-dd500b3b55cd_8.json @@ -42,7 +42,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d1ee711a-a3ba-4d73-b5ab-84cab5b37fb3_2.json b/packages/security_detection_engine/kibana/security_rule/d1ee711a-a3ba-4d73-b5ab-84cab5b37fb3_2.json index eca58df3448..ca6287eea47 100644 --- a/packages/security_detection_engine/kibana/security_rule/d1ee711a-a3ba-4d73-b5ab-84cab5b37fb3_2.json +++ b/packages/security_detection_engine/kibana/security_rule/d1ee711a-a3ba-4d73-b5ab-84cab5b37fb3_2.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d1f310cb-5921-4d37-bbdf-cfdab7a6df9c_2.json b/packages/security_detection_engine/kibana/security_rule/d1f310cb-5921-4d37-bbdf-cfdab7a6df9c_2.json index e2d95516ecc..81103f42a3f 100644 --- a/packages/security_detection_engine/kibana/security_rule/d1f310cb-5921-4d37-bbdf-cfdab7a6df9c_2.json +++ b/packages/security_detection_engine/kibana/security_rule/d1f310cb-5921-4d37-bbdf-cfdab7a6df9c_2.json @@ -27,19 +27,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d22a85c6-d2ad-4cc4-bf7b-54787473669a_111.json b/packages/security_detection_engine/kibana/security_rule/d22a85c6-d2ad-4cc4-bf7b-54787473669a_111.json index b6d5200ca0c..ae57578a4d8 100644 --- a/packages/security_detection_engine/kibana/security_rule/d22a85c6-d2ad-4cc4-bf7b-54787473669a_111.json +++ b/packages/security_detection_engine/kibana/security_rule/d22a85c6-d2ad-4cc4-bf7b-54787473669a_111.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d26331be-affe-46b2-bf4e-203d0e2d364c_1.json b/packages/security_detection_engine/kibana/security_rule/d26331be-affe-46b2-bf4e-203d0e2d364c_1.json index 1a6ad5a2a4e..b561ddd39ae 100644 --- a/packages/security_detection_engine/kibana/security_rule/d26331be-affe-46b2-bf4e-203d0e2d364c_1.json +++ b/packages/security_detection_engine/kibana/security_rule/d26331be-affe-46b2-bf4e-203d0e2d364c_1.json @@ -25,19 +25,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d2703b82-f92c-4489-a4a7-62aa29a62542_104.json b/packages/security_detection_engine/kibana/security_rule/d2703b82-f92c-4489-a4a7-62aa29a62542_104.json index 8bcebbb91d0..e1545a6f0f2 100644 --- a/packages/security_detection_engine/kibana/security_rule/d2703b82-f92c-4489-a4a7-62aa29a62542_104.json +++ b/packages/security_detection_engine/kibana/security_rule/d2703b82-f92c-4489-a4a7-62aa29a62542_104.json @@ -18,15 +18,15 @@ "related_integrations": [ { "package": "pad", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/d31f183a-e5b1-451b-8534-ba62bca0b404_318.json b/packages/security_detection_engine/kibana/security_rule/d31f183a-e5b1-451b-8534-ba62bca0b404_318.json index c020c5cd7b9..b47408eb4a5 100644 --- a/packages/security_detection_engine/kibana/security_rule/d31f183a-e5b1-451b-8534-ba62bca0b404_318.json +++ b/packages/security_detection_engine/kibana/security_rule/d31f183a-e5b1-451b-8534-ba62bca0b404_318.json @@ -28,23 +28,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d32f0c27-8edb-4bcf-975e-01696c961e08_1.json b/packages/security_detection_engine/kibana/security_rule/d32f0c27-8edb-4bcf-975e-01696c961e08_1.json index 8beaf58754d..5871d41caa9 100644 --- a/packages/security_detection_engine/kibana/security_rule/d32f0c27-8edb-4bcf-975e-01696c961e08_1.json +++ b/packages/security_detection_engine/kibana/security_rule/d32f0c27-8edb-4bcf-975e-01696c961e08_1.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d331bbe2-6db4-4941-80a5-8270db72eb61_322.json b/packages/security_detection_engine/kibana/security_rule/d331bbe2-6db4-4941-80a5-8270db72eb61_322.json index 020c9e46c01..3db8fbb8581 100644 --- a/packages/security_detection_engine/kibana/security_rule/d331bbe2-6db4-4941-80a5-8270db72eb61_322.json +++ b/packages/security_detection_engine/kibana/security_rule/d331bbe2-6db4-4941-80a5-8270db72eb61_322.json @@ -27,27 +27,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d33ea3bf-9a11-463e-bd46-f648f2a0f4b1_114.json b/packages/security_detection_engine/kibana/security_rule/d33ea3bf-9a11-463e-bd46-f648f2a0f4b1_114.json index ed1b22ba308..993044892d9 100644 --- a/packages/security_detection_engine/kibana/security_rule/d33ea3bf-9a11-463e-bd46-f648f2a0f4b1_114.json +++ b/packages/security_detection_engine/kibana/security_rule/d33ea3bf-9a11-463e-bd46-f648f2a0f4b1_114.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d3551433-782f-4e22-bbea-c816af2d41c6_107.json b/packages/security_detection_engine/kibana/security_rule/d3551433-782f-4e22-bbea-c816af2d41c6_107.json index da99bb48671..2b39130fcc7 100644 --- a/packages/security_detection_engine/kibana/security_rule/d3551433-782f-4e22-bbea-c816af2d41c6_107.json +++ b/packages/security_detection_engine/kibana/security_rule/d3551433-782f-4e22-bbea-c816af2d41c6_107.json @@ -21,15 +21,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d3b6222f-537e-4b84-956a-3ebae2dcf811_1.json b/packages/security_detection_engine/kibana/security_rule/d3b6222f-537e-4b84-956a-3ebae2dcf811_1.json index 2a48ab59440..379e75d6b91 100644 --- a/packages/security_detection_engine/kibana/security_rule/d3b6222f-537e-4b84-956a-3ebae2dcf811_1.json +++ b/packages/security_detection_engine/kibana/security_rule/d3b6222f-537e-4b84-956a-3ebae2dcf811_1.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "splunk", - "version": "^1.0.0" + "version": ">=1.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d43f2b43-02a1-4219-8ce9-10929a32a618_11.json b/packages/security_detection_engine/kibana/security_rule/d43f2b43-02a1-4219-8ce9-10929a32a618_11.json index 74636e395e4..024a2146d09 100644 --- a/packages/security_detection_engine/kibana/security_rule/d43f2b43-02a1-4219-8ce9-10929a32a618_11.json +++ b/packages/security_detection_engine/kibana/security_rule/d43f2b43-02a1-4219-8ce9-10929a32a618_11.json @@ -30,7 +30,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d461fac0-43e8-49e2-85ea-3a58fe120b4f_113.json b/packages/security_detection_engine/kibana/security_rule/d461fac0-43e8-49e2-85ea-3a58fe120b4f_113.json index 4d07d3f200f..6377d687a41 100644 --- a/packages/security_detection_engine/kibana/security_rule/d461fac0-43e8-49e2-85ea-3a58fe120b4f_113.json +++ b/packages/security_detection_engine/kibana/security_rule/d461fac0-43e8-49e2-85ea-3a58fe120b4f_113.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d4695889-0410-4e7b-a4aa-59be525a11a6_1.json b/packages/security_detection_engine/kibana/security_rule/d4695889-0410-4e7b-a4aa-59be525a11a6_1.json index f5afc3220e8..3ab2d1a4a05 100644 --- a/packages/security_detection_engine/kibana/security_rule/d4695889-0410-4e7b-a4aa-59be525a11a6_1.json +++ b/packages/security_detection_engine/kibana/security_rule/d4695889-0410-4e7b-a4aa-59be525a11a6_1.json @@ -37,7 +37,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d488f026-7907-4f56-ad51-742feb3db01c_8.json b/packages/security_detection_engine/kibana/security_rule/d488f026-7907-4f56-ad51-742feb3db01c_8.json index 025aa556e32..b4635317edd 100644 --- a/packages/security_detection_engine/kibana/security_rule/d488f026-7907-4f56-ad51-742feb3db01c_8.json +++ b/packages/security_detection_engine/kibana/security_rule/d488f026-7907-4f56-ad51-742feb3db01c_8.json @@ -44,7 +44,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d48e1c13-4aca-4d1f-a7b1-a9161c0ad86f_413.json b/packages/security_detection_engine/kibana/security_rule/d48e1c13-4aca-4d1f-a7b1-a9161c0ad86f_413.json index 3f7143319f4..9bda9bc23b5 100644 --- a/packages/security_detection_engine/kibana/security_rule/d48e1c13-4aca-4d1f-a7b1-a9161c0ad86f_413.json +++ b/packages/security_detection_engine/kibana/security_rule/d48e1c13-4aca-4d1f-a7b1-a9161c0ad86f_413.json @@ -26,7 +26,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d49cc73f-7a16-4def-89ce-9fc7127d7820_105.json b/packages/security_detection_engine/kibana/security_rule/d49cc73f-7a16-4def-89ce-9fc7127d7820_105.json index 98ab40b950f..24053386b08 100644 --- a/packages/security_detection_engine/kibana/security_rule/d49cc73f-7a16-4def-89ce-9fc7127d7820_105.json +++ b/packages/security_detection_engine/kibana/security_rule/d49cc73f-7a16-4def-89ce-9fc7127d7820_105.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "apm", - "version": "^9.0.0-preview-1738343125" + "version": ">=9.0.0-preview-1738343125" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d4af3a06-1e0a-48ec-b96a-faf2309fae46_207.json b/packages/security_detection_engine/kibana/security_rule/d4af3a06-1e0a-48ec-b96a-faf2309fae46_207.json index 599d629efdb..b79e685df72 100644 --- a/packages/security_detection_engine/kibana/security_rule/d4af3a06-1e0a-48ec-b96a-faf2309fae46_207.json +++ b/packages/security_detection_engine/kibana/security_rule/d4af3a06-1e0a-48ec-b96a-faf2309fae46_207.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/d4b73fa0-9d43-465e-b8bf-50230da6718b_208.json b/packages/security_detection_engine/kibana/security_rule/d4b73fa0-9d43-465e-b8bf-50230da6718b_208.json index ea4b1a45ea7..3966221690e 100644 --- a/packages/security_detection_engine/kibana/security_rule/d4b73fa0-9d43-465e-b8bf-50230da6718b_208.json +++ b/packages/security_detection_engine/kibana/security_rule/d4b73fa0-9d43-465e-b8bf-50230da6718b_208.json @@ -20,15 +20,15 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/d4e5f6a7-8b9c-0d1e-2f3a-4b5c6d7e8f9a_2.json b/packages/security_detection_engine/kibana/security_rule/d4e5f6a7-8b9c-0d1e-2f3a-4b5c6d7e8f9a_2.json index a98ea122159..6590fd5ba69 100644 --- a/packages/security_detection_engine/kibana/security_rule/d4e5f6a7-8b9c-0d1e-2f3a-4b5c6d7e8f9a_2.json +++ b/packages/security_detection_engine/kibana/security_rule/d4e5f6a7-8b9c-0d1e-2f3a-4b5c6d7e8f9a_2.json @@ -38,7 +38,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d4e8f0a1-2b3c-4d5e-a6f7-8b9c0d1e2f3a_1.json b/packages/security_detection_engine/kibana/security_rule/d4e8f0a1-2b3c-4d5e-a6f7-8b9c0d1e2f3a_1.json index 538869da583..cff1c20b621 100644 --- a/packages/security_detection_engine/kibana/security_rule/d4e8f0a1-2b3c-4d5e-a6f7-8b9c0d1e2f3a_1.json +++ b/packages/security_detection_engine/kibana/security_rule/d4e8f0a1-2b3c-4d5e-a6f7-8b9c0d1e2f3a_1.json @@ -45,7 +45,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d4ff2f53-c802-4d2e-9fb9-9ecc08356c3f_112.json b/packages/security_detection_engine/kibana/security_rule/d4ff2f53-c802-4d2e-9fb9-9ecc08356c3f_112.json index 83d40d45e7b..413243f39ff 100644 --- a/packages/security_detection_engine/kibana/security_rule/d4ff2f53-c802-4d2e-9fb9-9ecc08356c3f_112.json +++ b/packages/security_detection_engine/kibana/security_rule/d4ff2f53-c802-4d2e-9fb9-9ecc08356c3f_112.json @@ -25,19 +25,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d54b649d-46d0-4b4c-a9a7-1bc9fc458d3c_3.json b/packages/security_detection_engine/kibana/security_rule/d54b649d-46d0-4b4c-a9a7-1bc9fc458d3c_3.json index d0b5dfcc355..51d455504d0 100644 --- a/packages/security_detection_engine/kibana/security_rule/d54b649d-46d0-4b4c-a9a7-1bc9fc458d3c_3.json +++ b/packages/security_detection_engine/kibana/security_rule/d54b649d-46d0-4b4c-a9a7-1bc9fc458d3c_3.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d55abdfb-5384-402b-add4-6c401501b0c3_8.json b/packages/security_detection_engine/kibana/security_rule/d55abdfb-5384-402b-add4-6c401501b0c3_8.json index 1cfa61bc130..00eb14534ce 100644 --- a/packages/security_detection_engine/kibana/security_rule/d55abdfb-5384-402b-add4-6c401501b0c3_8.json +++ b/packages/security_detection_engine/kibana/security_rule/d55abdfb-5384-402b-add4-6c401501b0c3_8.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d563aaba-2e72-462b-8658-3e5ea22db3a6_316.json b/packages/security_detection_engine/kibana/security_rule/d563aaba-2e72-462b-8658-3e5ea22db3a6_316.json index 56c7b747492..4665df79e61 100644 --- a/packages/security_detection_engine/kibana/security_rule/d563aaba-2e72-462b-8658-3e5ea22db3a6_316.json +++ b/packages/security_detection_engine/kibana/security_rule/d563aaba-2e72-462b-8658-3e5ea22db3a6_316.json @@ -42,23 +42,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d591d7af-399b-4888-b705-ae612690c48d_3.json b/packages/security_detection_engine/kibana/security_rule/d591d7af-399b-4888-b705-ae612690c48d_3.json index 6119b5c2a83..8857bbb648d 100644 --- a/packages/security_detection_engine/kibana/security_rule/d591d7af-399b-4888-b705-ae612690c48d_3.json +++ b/packages/security_detection_engine/kibana/security_rule/d591d7af-399b-4888-b705-ae612690c48d_3.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "suricata", - "version": "^2.24.0" + "version": ">=2.24.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d5d86bf5-cf0c-4c06-b688-53fdc072fdfd_415.json b/packages/security_detection_engine/kibana/security_rule/d5d86bf5-cf0c-4c06-b688-53fdc072fdfd_415.json index f68cdc9300e..0e2afca1ea0 100644 --- a/packages/security_detection_engine/kibana/security_rule/d5d86bf5-cf0c-4c06-b688-53fdc072fdfd_415.json +++ b/packages/security_detection_engine/kibana/security_rule/d5d86bf5-cf0c-4c06-b688-53fdc072fdfd_415.json @@ -27,7 +27,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d61cbcf8-1bc1-4cff-85ba-e7b21c5beedc_212.json b/packages/security_detection_engine/kibana/security_rule/d61cbcf8-1bc1-4cff-85ba-e7b21c5beedc_212.json index 811b208ffe2..1a898120261 100644 --- a/packages/security_detection_engine/kibana/security_rule/d61cbcf8-1bc1-4cff-85ba-e7b21c5beedc_212.json +++ b/packages/security_detection_engine/kibana/security_rule/d61cbcf8-1bc1-4cff-85ba-e7b21c5beedc_212.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d6241c90-99f2-44db-b50f-299b6ebd7ee9_8.json b/packages/security_detection_engine/kibana/security_rule/d6241c90-99f2-44db-b50f-299b6ebd7ee9_8.json index b9a49c0168a..b7fd7d94749 100644 --- a/packages/security_detection_engine/kibana/security_rule/d6241c90-99f2-44db-b50f-299b6ebd7ee9_8.json +++ b/packages/security_detection_engine/kibana/security_rule/d6241c90-99f2-44db-b50f-299b6ebd7ee9_8.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d624f0ae-3dd1-4856-9aad-ccfe4d4bfa17_215.json b/packages/security_detection_engine/kibana/security_rule/d624f0ae-3dd1-4856-9aad-ccfe4d4bfa17_215.json index 9f182a31a98..fd4c4ff5837 100644 --- a/packages/security_detection_engine/kibana/security_rule/d624f0ae-3dd1-4856-9aad-ccfe4d4bfa17_215.json +++ b/packages/security_detection_engine/kibana/security_rule/d624f0ae-3dd1-4856-9aad-ccfe4d4bfa17_215.json @@ -41,7 +41,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d62b64a8-a7c9-43e5-aee3-15a725a794e7_110.json b/packages/security_detection_engine/kibana/security_rule/d62b64a8-a7c9-43e5-aee3-15a725a794e7_110.json index c85da353309..b9cee90d529 100644 --- a/packages/security_detection_engine/kibana/security_rule/d62b64a8-a7c9-43e5-aee3-15a725a794e7_110.json +++ b/packages/security_detection_engine/kibana/security_rule/d62b64a8-a7c9-43e5-aee3-15a725a794e7_110.json @@ -23,7 +23,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d6702168-2be6-4d7d-a549-9bff67733df3_1.json b/packages/security_detection_engine/kibana/security_rule/d6702168-2be6-4d7d-a549-9bff67733df3_1.json index fc7dabca67c..ac99e4bdc8d 100644 --- a/packages/security_detection_engine/kibana/security_rule/d6702168-2be6-4d7d-a549-9bff67733df3_1.json +++ b/packages/security_detection_engine/kibana/security_rule/d6702168-2be6-4d7d-a549-9bff67733df3_1.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "ibm_qradar", - "version": "^0.1.0" + "version": ">=0.1.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d68e95ad-1c82-4074-a12a-125fe10ac8ba_118.json b/packages/security_detection_engine/kibana/security_rule/d68e95ad-1c82-4074-a12a-125fe10ac8ba_118.json index ec9e05c4cb8..70d71f7169d 100644 --- a/packages/security_detection_engine/kibana/security_rule/d68e95ad-1c82-4074-a12a-125fe10ac8ba_118.json +++ b/packages/security_detection_engine/kibana/security_rule/d68e95ad-1c82-4074-a12a-125fe10ac8ba_118.json @@ -21,15 +21,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d68eb1b5-5f1c-4b6d-9e63-5b6b145cd4aa_213.json b/packages/security_detection_engine/kibana/security_rule/d68eb1b5-5f1c-4b6d-9e63-5b6b145cd4aa_213.json index 4f10088b5bf..45862abcab0 100644 --- a/packages/security_detection_engine/kibana/security_rule/d68eb1b5-5f1c-4b6d-9e63-5b6b145cd4aa_213.json +++ b/packages/security_detection_engine/kibana/security_rule/d68eb1b5-5f1c-4b6d-9e63-5b6b145cd4aa_213.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d69d05f8-d48a-4dcb-b226-fb2efbedd6ba_1.json b/packages/security_detection_engine/kibana/security_rule/d69d05f8-d48a-4dcb-b226-fb2efbedd6ba_1.json index 097e5c5e97c..89ae37d6517 100644 --- a/packages/security_detection_engine/kibana/security_rule/d69d05f8-d48a-4dcb-b226-fb2efbedd6ba_1.json +++ b/packages/security_detection_engine/kibana/security_rule/d69d05f8-d48a-4dcb-b226-fb2efbedd6ba_1.json @@ -50,7 +50,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d6e1b3f0-8a2c-4e7d-b5f9-1c0e3a6d8b2f_4.json b/packages/security_detection_engine/kibana/security_rule/d6e1b3f0-8a2c-4e7d-b5f9-1c0e3a6d8b2f_4.json index c02b893d3cd..71efeeba39e 100644 --- a/packages/security_detection_engine/kibana/security_rule/d6e1b3f0-8a2c-4e7d-b5f9-1c0e3a6d8b2f_4.json +++ b/packages/security_detection_engine/kibana/security_rule/d6e1b3f0-8a2c-4e7d-b5f9-1c0e3a6d8b2f_4.json @@ -27,27 +27,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d703a5af-d5b0-43bd-8ddb-7a5d500b7da5_217.json b/packages/security_detection_engine/kibana/security_rule/d703a5af-d5b0-43bd-8ddb-7a5d500b7da5_217.json index b3c63ea403c..11e58a2a8fb 100644 --- a/packages/security_detection_engine/kibana/security_rule/d703a5af-d5b0-43bd-8ddb-7a5d500b7da5_217.json +++ b/packages/security_detection_engine/kibana/security_rule/d703a5af-d5b0-43bd-8ddb-7a5d500b7da5_217.json @@ -45,15 +45,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d70c966f-c5ef-4228-9548-346593cd422d_1.json b/packages/security_detection_engine/kibana/security_rule/d70c966f-c5ef-4228-9548-346593cd422d_1.json index 76934cc0cbe..98e8f344953 100644 --- a/packages/security_detection_engine/kibana/security_rule/d70c966f-c5ef-4228-9548-346593cd422d_1.json +++ b/packages/security_detection_engine/kibana/security_rule/d70c966f-c5ef-4228-9548-346593cd422d_1.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d7182e12-df8f-4ecf-b8f8-7cc0adcec425_1.json b/packages/security_detection_engine/kibana/security_rule/d7182e12-df8f-4ecf-b8f8-7cc0adcec425_1.json index 4edabe1dacf..465ef0a8683 100644 --- a/packages/security_detection_engine/kibana/security_rule/d7182e12-df8f-4ecf-b8f8-7cc0adcec425_1.json +++ b/packages/security_detection_engine/kibana/security_rule/d7182e12-df8f-4ecf-b8f8-7cc0adcec425_1.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d72e33fc-6e91-42ff-ac8b-e573268c5a87_319.json b/packages/security_detection_engine/kibana/security_rule/d72e33fc-6e91-42ff-ac8b-e573268c5a87_319.json index c0f8e754de5..e79b9c21796 100644 --- a/packages/security_detection_engine/kibana/security_rule/d72e33fc-6e91-42ff-ac8b-e573268c5a87_319.json +++ b/packages/security_detection_engine/kibana/security_rule/d72e33fc-6e91-42ff-ac8b-e573268c5a87_319.json @@ -31,27 +31,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d743ff2a-203e-4a46-a3e3-40512cfe8fbb_213.json b/packages/security_detection_engine/kibana/security_rule/d743ff2a-203e-4a46-a3e3-40512cfe8fbb_213.json index 055f958e4c3..f2a3be66800 100644 --- a/packages/security_detection_engine/kibana/security_rule/d743ff2a-203e-4a46-a3e3-40512cfe8fbb_213.json +++ b/packages/security_detection_engine/kibana/security_rule/d743ff2a-203e-4a46-a3e3-40512cfe8fbb_213.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d74d6506-427a-4790-b170-0c2a6ddac799_109.json b/packages/security_detection_engine/kibana/security_rule/d74d6506-427a-4790-b170-0c2a6ddac799_109.json index 2662cb2b796..c16e57d0a69 100644 --- a/packages/security_detection_engine/kibana/security_rule/d74d6506-427a-4790-b170-0c2a6ddac799_109.json +++ b/packages/security_detection_engine/kibana/security_rule/d74d6506-427a-4790-b170-0c2a6ddac799_109.json @@ -24,19 +24,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d75991f2-b989-419d-b797-ac1e54ec2d61_211.json b/packages/security_detection_engine/kibana/security_rule/d75991f2-b989-419d-b797-ac1e54ec2d61_211.json index ea5eaa5f37f..ea1c2f07377 100644 --- a/packages/security_detection_engine/kibana/security_rule/d75991f2-b989-419d-b797-ac1e54ec2d61_211.json +++ b/packages/security_detection_engine/kibana/security_rule/d75991f2-b989-419d-b797-ac1e54ec2d61_211.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d76b02ef-fc95-4001-9297-01cb7412232f_216.json b/packages/security_detection_engine/kibana/security_rule/d76b02ef-fc95-4001-9297-01cb7412232f_216.json index 6b0f59e1661..787a272b579 100644 --- a/packages/security_detection_engine/kibana/security_rule/d76b02ef-fc95-4001-9297-01cb7412232f_216.json +++ b/packages/security_detection_engine/kibana/security_rule/d76b02ef-fc95-4001-9297-01cb7412232f_216.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d788313c-9e0b-4c5a-8c4b-c3f05a47d5a8_7.json b/packages/security_detection_engine/kibana/security_rule/d788313c-9e0b-4c5a-8c4b-c3f05a47d5a8_7.json index 5627536eeb6..0532edeab95 100644 --- a/packages/security_detection_engine/kibana/security_rule/d788313c-9e0b-4c5a-8c4b-c3f05a47d5a8_7.json +++ b/packages/security_detection_engine/kibana/security_rule/d788313c-9e0b-4c5a-8c4b-c3f05a47d5a8_7.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d79c4b2a-6134-4edd-86e6-564a92a933f9_110.json b/packages/security_detection_engine/kibana/security_rule/d79c4b2a-6134-4edd-86e6-564a92a933f9_110.json index 39c29fd1524..e08bb7d0350 100644 --- a/packages/security_detection_engine/kibana/security_rule/d79c4b2a-6134-4edd-86e6-564a92a933f9_110.json +++ b/packages/security_detection_engine/kibana/security_rule/d79c4b2a-6134-4edd-86e6-564a92a933f9_110.json @@ -24,7 +24,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d7b57cbd-de03-4c3b-8278-daa1ee4a6772_2.json b/packages/security_detection_engine/kibana/security_rule/d7b57cbd-de03-4c3b-8278-daa1ee4a6772_2.json index ff5a3fb0ffa..401c6e3d71b 100644 --- a/packages/security_detection_engine/kibana/security_rule/d7b57cbd-de03-4c3b-8278-daa1ee4a6772_2.json +++ b/packages/security_detection_engine/kibana/security_rule/d7b57cbd-de03-4c3b-8278-daa1ee4a6772_2.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d7d5c059-c19a-4a96-8ae3-41496ef3bcf9_208.json b/packages/security_detection_engine/kibana/security_rule/d7d5c059-c19a-4a96-8ae3-41496ef3bcf9_208.json index 94d68f22107..9fdef52d33d 100644 --- a/packages/security_detection_engine/kibana/security_rule/d7d5c059-c19a-4a96-8ae3-41496ef3bcf9_208.json +++ b/packages/security_detection_engine/kibana/security_rule/d7d5c059-c19a-4a96-8ae3-41496ef3bcf9_208.json @@ -20,15 +20,15 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/d7e62693-aab9-4f66-a21a-3d79ecdd603d_110.json b/packages/security_detection_engine/kibana/security_rule/d7e62693-aab9-4f66-a21a-3d79ecdd603d_110.json deleted file mode 100644 index b8b5f7e02fc..00000000000 --- a/packages/security_detection_engine/kibana/security_rule/d7e62693-aab9-4f66-a21a-3d79ecdd603d_110.json +++ /dev/null @@ -1,120 +0,0 @@ -{ - "attributes": { - "author": [ - "Elastic" - ], - "description": "This rule detects events that may indicate use of SMTP on TCP port 26. This port is commonly used by several popular mail transfer agents to deconflict with the default SMTP port 25. This port has also been used by a malware family called BadPatch for command and control of Windows systems.", - "false_positives": [ - "Servers that process email traffic may cause false positives and should be excluded from this rule as this is expected behavior." - ], - "from": "now-9m", - "index": [ - "packetbeat-*", - "auditbeat-*", - "filebeat-*", - "logs-network_traffic.*", - "logs-panw.panos*" - ], - "language": "kuery", - "license": "Elastic License v2", - "name": "SMTP on Port 26/TCP", - "note": "## Triage and analysis\n\n> **Disclaimer**:\n> This investigation guide was created using generative AI technology and has been reviewed to improve its accuracy and relevance. While every effort has been made to ensure its quality, we recommend validating the content and adapting it to suit your specific environment and operational needs.\n\n### Investigating SMTP on Port 26/TCP\n\nSMTP, typically operating on port 25, is crucial for email transmission. However, port 26 is often used to avoid conflicts or restrictions on port 25. Adversaries exploit this by using port 26 for covert command and control, as seen with the BadPatch malware. The detection rule identifies suspicious SMTP activity on port 26 by analyzing network traffic patterns, helping to uncover potential threats.\n\n### Possible investigation steps\n\n- Review the network traffic logs to identify any unusual patterns or anomalies associated with TCP port 26, focusing on the event.dataset fields such as network_traffic.flow or zeek.smtp.\n- Analyze the source and destination IP addresses involved in the alert to determine if they are known or associated with any previous suspicious activities.\n- Check for any additional alerts or logs related to the same source or destination IP addresses to identify potential patterns or repeated attempts of communication on port 26.\n- Investigate the context of the communication by examining the payload data, if available, to identify any indicators of compromise or malicious content.\n- Correlate the findings with threat intelligence sources to determine if the IP addresses or domains are associated with known threat actors or malware, such as BadPatch.\n- Assess the risk and impact on the affected systems by determining if any sensitive data or critical systems are involved in the communication on port 26.\n\n### False positive analysis\n\n- Legitimate mail transfer agents may use port 26 to avoid conflicts with port 25. Identify these agents and create exceptions in the detection rule to prevent unnecessary alerts.\n- Some network configurations might reroute SMTP traffic to port 26 for load balancing or security reasons. Verify these configurations and whitelist known IP addresses or domains to reduce false positives.\n- Internal testing or development environments might use port 26 for non-malicious purposes. Document these environments and exclude their traffic from triggering alerts.\n- Certain email service providers may use port 26 as an alternative to port 25. Confirm these providers and adjust the rule to recognize their traffic as benign.\n\n### Response and remediation\n\n- Immediately isolate the affected system from the network to prevent further command and control communication via port 26.\n- Conduct a thorough scan of the isolated system using updated antivirus and anti-malware tools to identify and remove the BadPatch malware or any other malicious software.\n- Review and analyze network logs to identify any other systems that may have communicated with the same command and control server, and isolate those systems as well.\n- Change all passwords and credentials that may have been compromised or accessed by the affected system to prevent unauthorized access.\n- Apply security patches and updates to the affected system and any other vulnerable systems to mitigate exploitation by similar threats.\n- Monitor network traffic for any further suspicious activity on port 26 and other non-standard ports, adjusting firewall rules to block unauthorized SMTP traffic.\n- Escalate the incident to the security operations center (SOC) or relevant cybersecurity team for further investigation and to ensure comprehensive threat eradication.", - "query": "(data_stream.dataset: (network_traffic.flow or zeek.smtp) or event.category:(network or network_traffic)) and network.transport:tcp and destination.port:26\n", - "references": [ - "https://unit42.paloaltonetworks.com/unit42-badpatch/", - "https://isc.sans.edu/forums/diary/Next+up+whats+up+with+TCP+port+26/25564/" - ], - "related_integrations": [ - { - "package": "network_traffic", - "version": "^1.33.0" - }, - { - "package": "panw", - "version": "^5.2.0" - } - ], - "required_fields": [ - { - "ecs": true, - "name": "data_stream.dataset", - "type": "constant_keyword" - }, - { - "ecs": true, - "name": "destination.port", - "type": "long" - }, - { - "ecs": true, - "name": "event.category", - "type": "keyword" - }, - { - "ecs": true, - "name": "network.transport", - "type": "keyword" - } - ], - "risk_score": 21, - "rule_id": "d7e62693-aab9-4f66-a21a-3d79ecdd603d", - "severity": "low", - "tags": [ - "Tactic: Command and Control", - "Tactic: Exfiltration", - "Domain: Endpoint", - "Use Case: Threat Detection", - "Data Source: PAN-OS", - "Resources: Investigation Guide" - ], - "threat": [ - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0011", - "name": "Command and Control", - "reference": "https://attack.mitre.org/tactics/TA0011/" - }, - "technique": [ - { - "id": "T1071", - "name": "Application Layer Protocol", - "reference": "https://attack.mitre.org/techniques/T1071/", - "subtechnique": [ - { - "id": "T1071.003", - "name": "Mail Protocols", - "reference": "https://attack.mitre.org/techniques/T1071/003/" - } - ] - }, - { - "id": "T1571", - "name": "Non-Standard Port", - "reference": "https://attack.mitre.org/techniques/T1571/" - } - ] - }, - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0010", - "name": "Exfiltration", - "reference": "https://attack.mitre.org/tactics/TA0010/" - }, - "technique": [ - { - "id": "T1048", - "name": "Exfiltration Over Alternative Protocol", - "reference": "https://attack.mitre.org/techniques/T1048/" - } - ] - } - ], - "timestamp_override": "event.ingested", - "type": "query", - "version": 110 - }, - "id": "d7e62693-aab9-4f66-a21a-3d79ecdd603d_110", - "type": "security-rule" -} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/d7e62693-aab9-4f66-a21a-3d79ecdd603d_113.json b/packages/security_detection_engine/kibana/security_rule/d7e62693-aab9-4f66-a21a-3d79ecdd603d_113.json index 025479c1368..17bcfc2e7dd 100644 --- a/packages/security_detection_engine/kibana/security_rule/d7e62693-aab9-4f66-a21a-3d79ecdd603d_113.json +++ b/packages/security_detection_engine/kibana/security_rule/d7e62693-aab9-4f66-a21a-3d79ecdd603d_113.json @@ -27,23 +27,23 @@ "related_integrations": [ { "package": "panw", - "version": "^5.2.0" + "version": ">=5.2.0" }, { "package": "pfsense", - "version": "^1.22.0" + "version": ">=1.22.0" }, { "package": "corelight", - "version": "^1.0.0" + "version": ">=1.0.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" }, { "package": "zeek", - "version": "^5.0.0" + "version": ">=5.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d84a11c0-eb12-4e7d-8a0a-718e38351e29_4.json b/packages/security_detection_engine/kibana/security_rule/d84a11c0-eb12-4e7d-8a0a-718e38351e29_4.json index b09c2b3917c..48ca1cef65d 100644 --- a/packages/security_detection_engine/kibana/security_rule/d84a11c0-eb12-4e7d-8a0a-718e38351e29_4.json +++ b/packages/security_detection_engine/kibana/security_rule/d84a11c0-eb12-4e7d-8a0a-718e38351e29_4.json @@ -42,11 +42,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d8ab1ec1-feeb-48b9-89e7-c12e189448aa_12.json b/packages/security_detection_engine/kibana/security_rule/d8ab1ec1-feeb-48b9-89e7-c12e189448aa_12.json deleted file mode 100644 index 90cf20ad662..00000000000 --- a/packages/security_detection_engine/kibana/security_rule/d8ab1ec1-feeb-48b9-89e7-c12e189448aa_12.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "author": [ - "Elastic" - ], - "description": "Identifies attempt to load an untrusted driver. Adversaries may modify code signing policies to enable execution of unsigned or self-signed code.", - "from": "now-9m", - "index": [ - "logs-endpoint.events.library-*" - ], - "language": "eql", - "license": "Elastic License v2", - "name": "Untrusted Driver Loaded", - "note": "## Triage and analysis\n\n### Investigating Untrusted Driver Loaded\n\nMicrosoft created the Windows Driver Signature Enforcement (DSE) security feature to prevent drivers with invalid signatures from loading and executing into the kernel (ring 0). DSE aims to protect systems by blocking attackers from loading malicious drivers on targets. \n\nThis protection is essential for maintaining system security. However, attackers or administrators can disable DSE and load untrusted drivers, which can put the system at risk. Therefore, it's important to keep this feature enabled and only load drivers from trusted sources to ensure system integrity and security.\n\nThis rule identifies an attempt to load an untrusted driver, which effectively means that DSE was disabled or bypassed. This can indicate that the system was compromised.\n\n> **Note**:\n> This investigation guide uses the [Osquery Markdown Plugin](https://www.elastic.co/guide/en/security/current/invest-guide-run-osquery.html) introduced in Elastic Stack version 8.5.0. Older Elastic Stack versions will display unrendered Markdown in this guide.\n\n#### Possible investigation steps\n\n- Examine the driver loaded to identify potentially suspicious characteristics. The following actions can help you gain context:\n - Identify the path that the driver was loaded from. If you're using Elastic Defend, path information can be found in the `dll.path` field.\n - Examine the file creation and modification timestamps:\n - On Elastic Defend, those can be found in the `dll.Ext.relative_file_creation_time` and `dll.Ext.relative_file_name_modify_time` fields. The values are in seconds.\n - Search for file creation events sharing the same file name as the `dll.name` field and identify the process responsible for the operation.\n - Investigate any other abnormal behavior by the subject process, such as network connections, registry or file modifications, and any spawned child processes.\n - Use the driver SHA-256 (`dll.hash.sha256` field) hash value to search for the existence and reputation in resources like VirusTotal, Hybrid-Analysis, CISCO Talos, Any.run, etc.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Assess whether this behavior is prevalent in the environment by looking for similar occurrences across hosts.\n- Use Osquery to investigate the drivers loaded into the system.\n - !{osquery{\"label\":\"Osquery - Retrieve All Non-Microsoft Drivers with Virustotal Link\",\"query\":\"SELECT concat('https://www.virustotal.com/gui/file/', sha1) AS VtLink, class, description, directory, image,\\nissuer_name, manufacturer, service, signed, subject_name FROM drivers JOIN authenticode ON drivers.image =\\nauthenticode.path JOIN hash ON drivers.image = hash.path WHERE NOT (provider == \\\"Microsoft\\\" AND signed == \\\"1\\\")\\n\"}}\n - !{osquery{\"label\":\"Osquery - Retrieve All Unsigned Drivers with Virustotal Link\",\"query\":\"SELECT concat('https://www.virustotal.com/gui/file/', sha1) AS VtLink, class, description, directory, image,\\nissuer_name, manufacturer, service, signed, subject_name FROM drivers JOIN authenticode ON drivers.image =\\nauthenticode.path JOIN hash ON drivers.image = hash.path WHERE signed == \\\"0\\\"\\n\"}}\n- Identify the driver's `Device Name` and `Service Name`.\n- Check for alerts from the rules specified in the `Related Rules` section.\n\n### False positive analysis\n\n- This activity should not happen legitimately. The security team should address any potential benign true positive (B-TP), as this configuration can put the user and the domain at risk.\n\n### Related Rules\n\n- First Time Seen Driver Loaded - df0fd41e-5590-4965-ad5e-cd079ec22fa9\n- Code Signing Policy Modification Through Registry - da7733b1-fe08-487e-b536-0a04c6d8b0cd\n- Code Signing Policy Modification Through Built-in tools - b43570de-a908-4f7f-8bdb-b2df6ffd8c80\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further post-compromise behavior.\n- Disable and uninstall all suspicious drivers found in the system. This can be done via Device Manager. (Note that this step may require you to boot the system into Safe Mode.)\n- Remove the related services and registry keys found in the system. Note that the service will probably not stop if the driver is still installed.\n - This can be done via PowerShell `Remove-Service` cmdlet.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- If the triage identified malware, search the environment for additional compromised hosts.\n - Implement temporary network rules, procedures, and segmentation to contain the malware.\n - Stop suspicious processes.\n - Immediately block the identified indicators of compromise (IoCs).\n - Inspect the affected systems for additional malware backdoors like reverse shells, reverse proxies, or droppers that attackers could use to reinfect the system.\n- Remove and block malicious artifacts identified during triage.\n- Ensure that the Driver Signature Enforcement is enabled on the system.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n", - "query": "driver where host.os.type == \"windows\" and process.pid == 4 and\n dll.code_signature.trusted != true and \n not dll.code_signature.status : (\"errorExpired\", \"errorRevoked\", \"errorCode_endpoint:*\")\n", - "references": [ - "https://github.com/hfiref0x/TDL", - "https://docs.microsoft.com/en-us/previous-versions/windows/hardware/design/dn653559(v=vs.85)?redirectedfrom=MSDN" - ], - "related_integrations": [ - { - "package": "endpoint", - "version": "^9.0.0" - } - ], - "required_fields": [ - { - "ecs": true, - "name": "dll.code_signature.status", - "type": "keyword" - }, - { - "ecs": true, - "name": "dll.code_signature.trusted", - "type": "boolean" - }, - { - "ecs": true, - "name": "host.os.type", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.pid", - "type": "long" - } - ], - "risk_score": 73, - "rule_id": "d8ab1ec1-feeb-48b9-89e7-c12e189448aa", - "severity": "high", - "tags": [ - "Domain: Endpoint", - "OS: Windows", - "Use Case: Threat Detection", - "Tactic: Defense Evasion", - "Resources: Investigation Guide", - "Data Source: Elastic Defend" - ], - "threat": [ - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0005", - "name": "Defense Evasion", - "reference": "https://attack.mitre.org/tactics/TA0005/" - }, - "technique": [ - { - "id": "T1036", - "name": "Masquerading", - "reference": "https://attack.mitre.org/techniques/T1036/", - "subtechnique": [ - { - "id": "T1036.001", - "name": "Invalid Code Signature", - "reference": "https://attack.mitre.org/techniques/T1036/001/" - } - ] - } - ] - } - ], - "timestamp_override": "event.ingested", - "type": "eql", - "version": 12 - }, - "id": "d8ab1ec1-feeb-48b9-89e7-c12e189448aa_12", - "type": "security-rule" -} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/d8ab1ec1-feeb-48b9-89e7-c12e189448aa_15.json b/packages/security_detection_engine/kibana/security_rule/d8ab1ec1-feeb-48b9-89e7-c12e189448aa_15.json index 76a39cfb0f4..d1d8b16edbe 100644 --- a/packages/security_detection_engine/kibana/security_rule/d8ab1ec1-feeb-48b9-89e7-c12e189448aa_15.json +++ b/packages/security_detection_engine/kibana/security_rule/d8ab1ec1-feeb-48b9-89e7-c12e189448aa_15.json @@ -39,7 +39,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d8b2f85a-cf1c-40fc-acf0-bb5d588a8ea6_3.json b/packages/security_detection_engine/kibana/security_rule/d8b2f85a-cf1c-40fc-acf0-bb5d588a8ea6_3.json index 5115908881e..63f0e28001d 100644 --- a/packages/security_detection_engine/kibana/security_rule/d8b2f85a-cf1c-40fc-acf0-bb5d588a8ea6_3.json +++ b/packages/security_detection_engine/kibana/security_rule/d8b2f85a-cf1c-40fc-acf0-bb5d588a8ea6_3.json @@ -49,19 +49,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d8f2a1b3-c4e5-6789-abcd-ef0123456789_2.json b/packages/security_detection_engine/kibana/security_rule/d8f2a1b3-c4e5-6789-abcd-ef0123456789_2.json index f5a22ead674..b009936df4b 100644 --- a/packages/security_detection_engine/kibana/security_rule/d8f2a1b3-c4e5-6789-abcd-ef0123456789_2.json +++ b/packages/security_detection_engine/kibana/security_rule/d8f2a1b3-c4e5-6789-abcd-ef0123456789_2.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d8f4e3b0-8a1b-11ef-9b4a-f661ea17fbce_2.json b/packages/security_detection_engine/kibana/security_rule/d8f4e3b0-8a1b-11ef-9b4a-f661ea17fbce_2.json index 4b51dfe8d48..62ff4a08e74 100644 --- a/packages/security_detection_engine/kibana/security_rule/d8f4e3b0-8a1b-11ef-9b4a-f661ea17fbce_2.json +++ b/packages/security_detection_engine/kibana/security_rule/d8f4e3b0-8a1b-11ef-9b4a-f661ea17fbce_2.json @@ -24,7 +24,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d8fc1cca-93ed-43c1-bbb6-c0dd3eff2958_216.json b/packages/security_detection_engine/kibana/security_rule/d8fc1cca-93ed-43c1-bbb6-c0dd3eff2958_216.json index e8f8647f497..e55bcc88c27 100644 --- a/packages/security_detection_engine/kibana/security_rule/d8fc1cca-93ed-43c1-bbb6-c0dd3eff2958_216.json +++ b/packages/security_detection_engine/kibana/security_rule/d8fc1cca-93ed-43c1-bbb6-c0dd3eff2958_216.json @@ -42,7 +42,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d93e61db-82d6-4095-99aa-714988118064_209.json b/packages/security_detection_engine/kibana/security_rule/d93e61db-82d6-4095-99aa-714988118064_209.json index 13a0f6b26ab..ced04e530ff 100644 --- a/packages/security_detection_engine/kibana/security_rule/d93e61db-82d6-4095-99aa-714988118064_209.json +++ b/packages/security_detection_engine/kibana/security_rule/d93e61db-82d6-4095-99aa-714988118064_209.json @@ -27,27 +27,27 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d994a184-ab93-4cff-8fb6-31a4b4dd18b1_1.json b/packages/security_detection_engine/kibana/security_rule/d994a184-ab93-4cff-8fb6-31a4b4dd18b1_1.json index 1f0ee8349e2..08a82160852 100644 --- a/packages/security_detection_engine/kibana/security_rule/d994a184-ab93-4cff-8fb6-31a4b4dd18b1_1.json +++ b/packages/security_detection_engine/kibana/security_rule/d994a184-ab93-4cff-8fb6-31a4b4dd18b1_1.json @@ -31,7 +31,7 @@ "related_integrations": [ { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d99a037b-c8e2-47a5-97b9-170d076827c4_319.json b/packages/security_detection_engine/kibana/security_rule/d99a037b-c8e2-47a5-97b9-170d076827c4_319.json index 492dd0ce044..2f65b3483c5 100644 --- a/packages/security_detection_engine/kibana/security_rule/d99a037b-c8e2-47a5-97b9-170d076827c4_319.json +++ b/packages/security_detection_engine/kibana/security_rule/d99a037b-c8e2-47a5-97b9-170d076827c4_319.json @@ -49,27 +49,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d9af2479-ad13-4471-a312-f586517f1243_6.json b/packages/security_detection_engine/kibana/security_rule/d9af2479-ad13-4471-a312-f586517f1243_6.json index b1133ae36d6..4ba6e7a8498 100644 --- a/packages/security_detection_engine/kibana/security_rule/d9af2479-ad13-4471-a312-f586517f1243_6.json +++ b/packages/security_detection_engine/kibana/security_rule/d9af2479-ad13-4471-a312-f586517f1243_6.json @@ -25,27 +25,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d9bfa475-270d-4b07-93cb-b1f49abe13da_3.json b/packages/security_detection_engine/kibana/security_rule/d9bfa475-270d-4b07-93cb-b1f49abe13da_3.json index d4bd79cf643..3f8fb8640af 100644 --- a/packages/security_detection_engine/kibana/security_rule/d9bfa475-270d-4b07-93cb-b1f49abe13da_3.json +++ b/packages/security_detection_engine/kibana/security_rule/d9bfa475-270d-4b07-93cb-b1f49abe13da_3.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d9faf1ba-a216-4c29-b8e0-a05a9d14b027_4.json b/packages/security_detection_engine/kibana/security_rule/d9faf1ba-a216-4c29-b8e0-a05a9d14b027_4.json index 6a85dd7496f..9f762e5f471 100644 --- a/packages/security_detection_engine/kibana/security_rule/d9faf1ba-a216-4c29-b8e0-a05a9d14b027_4.json +++ b/packages/security_detection_engine/kibana/security_rule/d9faf1ba-a216-4c29-b8e0-a05a9d14b027_4.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/d9ffc3d6-9de9-4b29-9395-5757d0695ecf_209.json b/packages/security_detection_engine/kibana/security_rule/d9ffc3d6-9de9-4b29-9395-5757d0695ecf_209.json index df262c941ac..c82abde1367 100644 --- a/packages/security_detection_engine/kibana/security_rule/d9ffc3d6-9de9-4b29-9395-5757d0695ecf_209.json +++ b/packages/security_detection_engine/kibana/security_rule/d9ffc3d6-9de9-4b29-9395-5757d0695ecf_209.json @@ -39,23 +39,23 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/da0d4bae-33ee-11f0-a59f-f661ea17fbcd_2.json b/packages/security_detection_engine/kibana/security_rule/da0d4bae-33ee-11f0-a59f-f661ea17fbcd_2.json index 2a6d7fb1fbb..37df2a4f0f3 100644 --- a/packages/security_detection_engine/kibana/security_rule/da0d4bae-33ee-11f0-a59f-f661ea17fbcd_2.json +++ b/packages/security_detection_engine/kibana/security_rule/da0d4bae-33ee-11f0-a59f-f661ea17fbcd_2.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/da0ebebe-5ad3-4277-95e7-889f5a69b959_2.json b/packages/security_detection_engine/kibana/security_rule/da0ebebe-5ad3-4277-95e7-889f5a69b959_2.json index c81fb9b9127..8063d4fe649 100644 --- a/packages/security_detection_engine/kibana/security_rule/da0ebebe-5ad3-4277-95e7-889f5a69b959_2.json +++ b/packages/security_detection_engine/kibana/security_rule/da0ebebe-5ad3-4277-95e7-889f5a69b959_2.json @@ -21,11 +21,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/da4f56b8-9bc5-4003-a46c-d23616fbc691_2.json b/packages/security_detection_engine/kibana/security_rule/da4f56b8-9bc5-4003-a46c-d23616fbc691_2.json index 8e404ba9886..d3d290882b2 100644 --- a/packages/security_detection_engine/kibana/security_rule/da4f56b8-9bc5-4003-a46c-d23616fbc691_2.json +++ b/packages/security_detection_engine/kibana/security_rule/da4f56b8-9bc5-4003-a46c-d23616fbc691_2.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "panw", - "version": "^5.2.0" + "version": ">=5.2.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/da7733b1-fe08-487e-b536-0a04c6d8b0cd_217.json b/packages/security_detection_engine/kibana/security_rule/da7733b1-fe08-487e-b536-0a04c6d8b0cd_217.json index c1bb01ab0c9..a88c76b755e 100644 --- a/packages/security_detection_engine/kibana/security_rule/da7733b1-fe08-487e-b536-0a04c6d8b0cd_217.json +++ b/packages/security_detection_engine/kibana/security_rule/da7733b1-fe08-487e-b536-0a04c6d8b0cd_217.json @@ -22,23 +22,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/da7f5803-1cd4-42fd-a890-0173ae80ac69_9.json b/packages/security_detection_engine/kibana/security_rule/da7f5803-1cd4-42fd-a890-0173ae80ac69_9.json index dbcb2e7f40c..d4d69cd50e3 100644 --- a/packages/security_detection_engine/kibana/security_rule/da7f5803-1cd4-42fd-a890-0173ae80ac69_9.json +++ b/packages/security_detection_engine/kibana/security_rule/da7f5803-1cd4-42fd-a890-0173ae80ac69_9.json @@ -22,15 +22,15 @@ "related_integrations": [ { "package": "dga", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/da87eee1-129c-4661-a7aa-57d0b9645fad_117.json b/packages/security_detection_engine/kibana/security_rule/da87eee1-129c-4661-a7aa-57d0b9645fad_117.json index 999ec175d1a..44d6c8f0b3d 100644 --- a/packages/security_detection_engine/kibana/security_rule/da87eee1-129c-4661-a7aa-57d0b9645fad_117.json +++ b/packages/security_detection_engine/kibana/security_rule/da87eee1-129c-4661-a7aa-57d0b9645fad_117.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/daafdf96-e7b1-4f14-b494-27e0d24b11f6_111.json b/packages/security_detection_engine/kibana/security_rule/daafdf96-e7b1-4f14-b494-27e0d24b11f6_111.json index f9528727466..9510d59e6e0 100644 --- a/packages/security_detection_engine/kibana/security_rule/daafdf96-e7b1-4f14-b494-27e0d24b11f6_111.json +++ b/packages/security_detection_engine/kibana/security_rule/daafdf96-e7b1-4f14-b494-27e0d24b11f6_111.json @@ -25,11 +25,11 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/dacfbecd-7927-46a7-a8ba-feb65a2e990d_3.json b/packages/security_detection_engine/kibana/security_rule/dacfbecd-7927-46a7-a8ba-feb65a2e990d_3.json index aaf29b9f72f..0a9fea3c38d 100644 --- a/packages/security_detection_engine/kibana/security_rule/dacfbecd-7927-46a7-a8ba-feb65a2e990d_3.json +++ b/packages/security_detection_engine/kibana/security_rule/dacfbecd-7927-46a7-a8ba-feb65a2e990d_3.json @@ -46,11 +46,11 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" }, { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/daf2e0e0-0bab-4672-bfa1-62db0ee5ec22_3.json b/packages/security_detection_engine/kibana/security_rule/daf2e0e0-0bab-4672-bfa1-62db0ee5ec22_3.json index f8a6750965f..6ae4558bdf9 100644 --- a/packages/security_detection_engine/kibana/security_rule/daf2e0e0-0bab-4672-bfa1-62db0ee5ec22_3.json +++ b/packages/security_detection_engine/kibana/security_rule/daf2e0e0-0bab-4672-bfa1-62db0ee5ec22_3.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "github", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/dafa3235-76dc-40e2-9f71-1773b96d24cf_111.json b/packages/security_detection_engine/kibana/security_rule/dafa3235-76dc-40e2-9f71-1773b96d24cf_111.json index 3746270f3e2..4b66a953062 100644 --- a/packages/security_detection_engine/kibana/security_rule/dafa3235-76dc-40e2-9f71-1773b96d24cf_111.json +++ b/packages/security_detection_engine/kibana/security_rule/dafa3235-76dc-40e2-9f71-1773b96d24cf_111.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/db1271cd-f574-4173-b4e5-7369f3c03d44_1.json b/packages/security_detection_engine/kibana/security_rule/db1271cd-f574-4173-b4e5-7369f3c03d44_1.json index 86782744579..e12f5f0203a 100644 --- a/packages/security_detection_engine/kibana/security_rule/db1271cd-f574-4173-b4e5-7369f3c03d44_1.json +++ b/packages/security_detection_engine/kibana/security_rule/db1271cd-f574-4173-b4e5-7369f3c03d44_1.json @@ -40,7 +40,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/db65f5ba-d1ef-4944-b9e8-7e51060c2b42_210.json b/packages/security_detection_engine/kibana/security_rule/db65f5ba-d1ef-4944-b9e8-7e51060c2b42_210.json index b3a9f054daa..f9a8689b099 100644 --- a/packages/security_detection_engine/kibana/security_rule/db65f5ba-d1ef-4944-b9e8-7e51060c2b42_210.json +++ b/packages/security_detection_engine/kibana/security_rule/db65f5ba-d1ef-4944-b9e8-7e51060c2b42_210.json @@ -24,23 +24,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/db7dbad5-08d2-4d25-b9b1-d3a1e4a15efd_217.json b/packages/security_detection_engine/kibana/security_rule/db7dbad5-08d2-4d25-b9b1-d3a1e4a15efd_217.json index ba8d174cc56..4937155ab10 100644 --- a/packages/security_detection_engine/kibana/security_rule/db7dbad5-08d2-4d25-b9b1-d3a1e4a15efd_217.json +++ b/packages/security_detection_engine/kibana/security_rule/db7dbad5-08d2-4d25-b9b1-d3a1e4a15efd_217.json @@ -27,27 +27,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/db97a2aa-3ba5-4fa5-b8b9-bf42284edb5f_3.json b/packages/security_detection_engine/kibana/security_rule/db97a2aa-3ba5-4fa5-b8b9-bf42284edb5f_3.json index 09e3cde2b12..7eb8f35992c 100644 --- a/packages/security_detection_engine/kibana/security_rule/db97a2aa-3ba5-4fa5-b8b9-bf42284edb5f_3.json +++ b/packages/security_detection_engine/kibana/security_rule/db97a2aa-3ba5-4fa5-b8b9-bf42284edb5f_3.json @@ -53,7 +53,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/dc0b7782-0df0-47ff-8337-db0d678bdb66_111.json b/packages/security_detection_engine/kibana/security_rule/dc0b7782-0df0-47ff-8337-db0d678bdb66_111.json index ca840975e0b..de179420f7b 100644 --- a/packages/security_detection_engine/kibana/security_rule/dc0b7782-0df0-47ff-8337-db0d678bdb66_111.json +++ b/packages/security_detection_engine/kibana/security_rule/dc0b7782-0df0-47ff-8337-db0d678bdb66_111.json @@ -22,15 +22,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/dc61f382-dc0c-4cc0-a845-069f2a071704_108.json b/packages/security_detection_engine/kibana/security_rule/dc61f382-dc0c-4cc0-a845-069f2a071704_108.json index d3f05af9869..5d4d08c1478 100644 --- a/packages/security_detection_engine/kibana/security_rule/dc61f382-dc0c-4cc0-a845-069f2a071704_108.json +++ b/packages/security_detection_engine/kibana/security_rule/dc61f382-dc0c-4cc0-a845-069f2a071704_108.json @@ -22,15 +22,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/dc71c186-9fe4-4437-a4d0-85ebb32b8204_115.json b/packages/security_detection_engine/kibana/security_rule/dc71c186-9fe4-4437-a4d0-85ebb32b8204_115.json index 606be095c0f..51a19dc816f 100644 --- a/packages/security_detection_engine/kibana/security_rule/dc71c186-9fe4-4437-a4d0-85ebb32b8204_115.json +++ b/packages/security_detection_engine/kibana/security_rule/dc71c186-9fe4-4437-a4d0-85ebb32b8204_115.json @@ -23,15 +23,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/dc765fb2-0c99-4e57-8c11-dafdf1992b66_6.json b/packages/security_detection_engine/kibana/security_rule/dc765fb2-0c99-4e57-8c11-dafdf1992b66_6.json index 1bd6aa99e61..7d28609b85c 100644 --- a/packages/security_detection_engine/kibana/security_rule/dc765fb2-0c99-4e57-8c11-dafdf1992b66_6.json +++ b/packages/security_detection_engine/kibana/security_rule/dc765fb2-0c99-4e57-8c11-dafdf1992b66_6.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/dc9c1f74-dac3-48e3-b47f-eb79db358f57_318.json b/packages/security_detection_engine/kibana/security_rule/dc9c1f74-dac3-48e3-b47f-eb79db358f57_318.json index ec4bb04eae7..3875e1a0dd6 100644 --- a/packages/security_detection_engine/kibana/security_rule/dc9c1f74-dac3-48e3-b47f-eb79db358f57_318.json +++ b/packages/security_detection_engine/kibana/security_rule/dc9c1f74-dac3-48e3-b47f-eb79db358f57_318.json @@ -42,27 +42,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/dca28dee-c999-400f-b640-50a081cc0fd1_212.json b/packages/security_detection_engine/kibana/security_rule/dca28dee-c999-400f-b640-50a081cc0fd1_212.json index 8140a9384d2..c1f57e2cb54 100644 --- a/packages/security_detection_engine/kibana/security_rule/dca28dee-c999-400f-b640-50a081cc0fd1_212.json +++ b/packages/security_detection_engine/kibana/security_rule/dca28dee-c999-400f-b640-50a081cc0fd1_212.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/dca6b4b0-ae70-44eb-bb7a-ce6db502ee78_213.json b/packages/security_detection_engine/kibana/security_rule/dca6b4b0-ae70-44eb-bb7a-ce6db502ee78_213.json index 31400c53ea7..45ecbf87a6a 100644 --- a/packages/security_detection_engine/kibana/security_rule/dca6b4b0-ae70-44eb-bb7a-ce6db502ee78_213.json +++ b/packages/security_detection_engine/kibana/security_rule/dca6b4b0-ae70-44eb-bb7a-ce6db502ee78_213.json @@ -46,27 +46,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/dcbd07f8-bd6e-4bb4-ac5d-cec1927ea88f_102.json b/packages/security_detection_engine/kibana/security_rule/dcbd07f8-bd6e-4bb4-ac5d-cec1927ea88f_102.json index 4a7e31fa6fb..0712fe98e7d 100644 --- a/packages/security_detection_engine/kibana/security_rule/dcbd07f8-bd6e-4bb4-ac5d-cec1927ea88f_102.json +++ b/packages/security_detection_engine/kibana/security_rule/dcbd07f8-bd6e-4bb4-ac5d-cec1927ea88f_102.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/dd34b062-b9e3-4a6b-8c0c-6c8ca6dd450e_217.json b/packages/security_detection_engine/kibana/security_rule/dd34b062-b9e3-4a6b-8c0c-6c8ca6dd450e_217.json index 992dd201d38..a542100b33e 100644 --- a/packages/security_detection_engine/kibana/security_rule/dd34b062-b9e3-4a6b-8c0c-6c8ca6dd450e_217.json +++ b/packages/security_detection_engine/kibana/security_rule/dd34b062-b9e3-4a6b-8c0c-6c8ca6dd450e_217.json @@ -47,27 +47,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/dd52d45a-4602-4195-9018-ebe0f219c273_9.json b/packages/security_detection_engine/kibana/security_rule/dd52d45a-4602-4195-9018-ebe0f219c273_9.json index a8518ce4459..388068da239 100644 --- a/packages/security_detection_engine/kibana/security_rule/dd52d45a-4602-4195-9018-ebe0f219c273_9.json +++ b/packages/security_detection_engine/kibana/security_rule/dd52d45a-4602-4195-9018-ebe0f219c273_9.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/dd983e79-22e8-44d1-9173-d57dba514cac_105.json b/packages/security_detection_engine/kibana/security_rule/dd983e79-22e8-44d1-9173-d57dba514cac_105.json index 75db8a01c98..8720e4ed3de 100644 --- a/packages/security_detection_engine/kibana/security_rule/dd983e79-22e8-44d1-9173-d57dba514cac_105.json +++ b/packages/security_detection_engine/kibana/security_rule/dd983e79-22e8-44d1-9173-d57dba514cac_105.json @@ -22,23 +22,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ddab1f5f-7089-44f5-9fda-de5b11322e77_316.json b/packages/security_detection_engine/kibana/security_rule/ddab1f5f-7089-44f5-9fda-de5b11322e77_316.json index 8f45eafc231..6b9956fd593 100644 --- a/packages/security_detection_engine/kibana/security_rule/ddab1f5f-7089-44f5-9fda-de5b11322e77_316.json +++ b/packages/security_detection_engine/kibana/security_rule/ddab1f5f-7089-44f5-9fda-de5b11322e77_316.json @@ -26,23 +26,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/dde13d58-bc39-4aa0-87fd-b4bdbf4591da_9.json b/packages/security_detection_engine/kibana/security_rule/dde13d58-bc39-4aa0-87fd-b4bdbf4591da_9.json index 6fd42860a29..d94813e0372 100644 --- a/packages/security_detection_engine/kibana/security_rule/dde13d58-bc39-4aa0-87fd-b4bdbf4591da_9.json +++ b/packages/security_detection_engine/kibana/security_rule/dde13d58-bc39-4aa0-87fd-b4bdbf4591da_9.json @@ -41,7 +41,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ddf26e25-3e30-42b2-92db-bde8eb82ad67_5.json b/packages/security_detection_engine/kibana/security_rule/ddf26e25-3e30-42b2-92db-bde8eb82ad67_5.json index 35ca7ff63ab..963a94ccd0e 100644 --- a/packages/security_detection_engine/kibana/security_rule/ddf26e25-3e30-42b2-92db-bde8eb82ad67_5.json +++ b/packages/security_detection_engine/kibana/security_rule/ddf26e25-3e30-42b2-92db-bde8eb82ad67_5.json @@ -23,11 +23,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/de0e9ed8-b68f-4249-957a-2c2bbdbd1c1b_1.json b/packages/security_detection_engine/kibana/security_rule/de0e9ed8-b68f-4249-957a-2c2bbdbd1c1b_1.json index c361b5866aa..c863486c0b6 100644 --- a/packages/security_detection_engine/kibana/security_rule/de0e9ed8-b68f-4249-957a-2c2bbdbd1c1b_1.json +++ b/packages/security_detection_engine/kibana/security_rule/de0e9ed8-b68f-4249-957a-2c2bbdbd1c1b_1.json @@ -46,7 +46,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/de67f85e-2d43-11f0-b8c9-f661ea17fbcc_9.json b/packages/security_detection_engine/kibana/security_rule/de67f85e-2d43-11f0-b8c9-f661ea17fbcc_9.json index 01a2007a621..d717bfb1b7b 100644 --- a/packages/security_detection_engine/kibana/security_rule/de67f85e-2d43-11f0-b8c9-f661ea17fbcc_9.json +++ b/packages/security_detection_engine/kibana/security_rule/de67f85e-2d43-11f0-b8c9-f661ea17fbcc_9.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "risk_score": 47, diff --git a/packages/security_detection_engine/kibana/security_rule/de9bd7e0-49e9-4e92-a64d-53ade2e66af1_319.json b/packages/security_detection_engine/kibana/security_rule/de9bd7e0-49e9-4e92-a64d-53ade2e66af1_319.json index 83486e26718..d2de6872887 100644 --- a/packages/security_detection_engine/kibana/security_rule/de9bd7e0-49e9-4e92-a64d-53ade2e66af1_319.json +++ b/packages/security_detection_engine/kibana/security_rule/de9bd7e0-49e9-4e92-a64d-53ade2e66af1_319.json @@ -42,23 +42,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/debff20a-46bc-4a4d-bae5-5cdd14222795_216.json b/packages/security_detection_engine/kibana/security_rule/debff20a-46bc-4a4d-bae5-5cdd14222795_216.json index f53f7c9bf60..30f2e6d9eb4 100644 --- a/packages/security_detection_engine/kibana/security_rule/debff20a-46bc-4a4d-bae5-5cdd14222795_216.json +++ b/packages/security_detection_engine/kibana/security_rule/debff20a-46bc-4a4d-bae5-5cdd14222795_216.json @@ -24,19 +24,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ded09d02-0137-4ccc-8005-c45e617e8d4c_108.json b/packages/security_detection_engine/kibana/security_rule/ded09d02-0137-4ccc-8005-c45e617e8d4c_108.json index be2a4d31368..973f0ec262f 100644 --- a/packages/security_detection_engine/kibana/security_rule/ded09d02-0137-4ccc-8005-c45e617e8d4c_108.json +++ b/packages/security_detection_engine/kibana/security_rule/ded09d02-0137-4ccc-8005-c45e617e8d4c_108.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/deee5856-25ba-438d-ae53-09d66f41b127_4.json b/packages/security_detection_engine/kibana/security_rule/deee5856-25ba-438d-ae53-09d66f41b127_4.json index 8e4086fcf19..f6247514521 100644 --- a/packages/security_detection_engine/kibana/security_rule/deee5856-25ba-438d-ae53-09d66f41b127_4.json +++ b/packages/security_detection_engine/kibana/security_rule/deee5856-25ba-438d-ae53-09d66f41b127_4.json @@ -43,7 +43,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/df0553c8-2296-45ef-b4dc-3b88c4c130a7_2.json b/packages/security_detection_engine/kibana/security_rule/df0553c8-2296-45ef-b4dc-3b88c4c130a7_2.json index 1f98e501380..c7f5351063d 100644 --- a/packages/security_detection_engine/kibana/security_rule/df0553c8-2296-45ef-b4dc-3b88c4c130a7_2.json +++ b/packages/security_detection_engine/kibana/security_rule/df0553c8-2296-45ef-b4dc-3b88c4c130a7_2.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/df0fd41e-5590-4965-ad5e-cd079ec22fa9_13.json b/packages/security_detection_engine/kibana/security_rule/df0fd41e-5590-4965-ad5e-cd079ec22fa9_13.json index 56d64d2c1ce..9a14927fd57 100644 --- a/packages/security_detection_engine/kibana/security_rule/df0fd41e-5590-4965-ad5e-cd079ec22fa9_13.json +++ b/packages/security_detection_engine/kibana/security_rule/df0fd41e-5590-4965-ad5e-cd079ec22fa9_13.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/df197323-72a8-46a9-a08e-3f5b04a4a97a_309.json b/packages/security_detection_engine/kibana/security_rule/df197323-72a8-46a9-a08e-3f5b04a4a97a_309.json index 2f7fe7855d9..d693b2d1869 100644 --- a/packages/security_detection_engine/kibana/security_rule/df197323-72a8-46a9-a08e-3f5b04a4a97a_309.json +++ b/packages/security_detection_engine/kibana/security_rule/df197323-72a8-46a9-a08e-3f5b04a4a97a_309.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/df26fd74-1baa-4479-b42e-48da84642330_107.json b/packages/security_detection_engine/kibana/security_rule/df26fd74-1baa-4479-b42e-48da84642330_107.json index 8c06d7c4cd4..0eed7df65a4 100644 --- a/packages/security_detection_engine/kibana/security_rule/df26fd74-1baa-4479-b42e-48da84642330_107.json +++ b/packages/security_detection_engine/kibana/security_rule/df26fd74-1baa-4479-b42e-48da84642330_107.json @@ -24,7 +24,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/df6f62d9-caab-4b88-affa-044f4395a1e0_216.json b/packages/security_detection_engine/kibana/security_rule/df6f62d9-caab-4b88-affa-044f4395a1e0_216.json index 86933fd7c2f..966d621bed9 100644 --- a/packages/security_detection_engine/kibana/security_rule/df6f62d9-caab-4b88-affa-044f4395a1e0_216.json +++ b/packages/security_detection_engine/kibana/security_rule/df6f62d9-caab-4b88-affa-044f4395a1e0_216.json @@ -21,11 +21,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/df7fda76-c92b-4943-bc68-04460a5ea5ba_210.json b/packages/security_detection_engine/kibana/security_rule/df7fda76-c92b-4943-bc68-04460a5ea5ba_210.json index 8e2e10179a8..01f0c0f2e43 100644 --- a/packages/security_detection_engine/kibana/security_rule/df7fda76-c92b-4943-bc68-04460a5ea5ba_210.json +++ b/packages/security_detection_engine/kibana/security_rule/df7fda76-c92b-4943-bc68-04460a5ea5ba_210.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/df919b5e-a0f6-4fd8-8598-e3ce79299e3b_9.json b/packages/security_detection_engine/kibana/security_rule/df919b5e-a0f6-4fd8-8598-e3ce79299e3b_9.json index 3ab8d9d0fc7..98d77f9dfa9 100644 --- a/packages/security_detection_engine/kibana/security_rule/df919b5e-a0f6-4fd8-8598-e3ce79299e3b_9.json +++ b/packages/security_detection_engine/kibana/security_rule/df919b5e-a0f6-4fd8-8598-e3ce79299e3b_9.json @@ -43,7 +43,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/dffbd37c-d4c5-46f8-9181-5afdd9172b4c_211.json b/packages/security_detection_engine/kibana/security_rule/dffbd37c-d4c5-46f8-9181-5afdd9172b4c_211.json index b5b404ebe04..01cd46782e2 100644 --- a/packages/security_detection_engine/kibana/security_rule/dffbd37c-d4c5-46f8-9181-5afdd9172b4c_211.json +++ b/packages/security_detection_engine/kibana/security_rule/dffbd37c-d4c5-46f8-9181-5afdd9172b4c_211.json @@ -44,23 +44,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e00b8d49-632f-4dc6-94a5-76153a481915_9.json b/packages/security_detection_engine/kibana/security_rule/e00b8d49-632f-4dc6-94a5-76153a481915_9.json index cb697a8927c..15029447d2e 100644 --- a/packages/security_detection_engine/kibana/security_rule/e00b8d49-632f-4dc6-94a5-76153a481915_9.json +++ b/packages/security_detection_engine/kibana/security_rule/e00b8d49-632f-4dc6-94a5-76153a481915_9.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e00c7862-43f1-48fd-aa30-950db838eded_1.json b/packages/security_detection_engine/kibana/security_rule/e00c7862-43f1-48fd-aa30-950db838eded_1.json index 6c1da976bb0..c693c3582b9 100644 --- a/packages/security_detection_engine/kibana/security_rule/e00c7862-43f1-48fd-aa30-950db838eded_1.json +++ b/packages/security_detection_engine/kibana/security_rule/e00c7862-43f1-48fd-aa30-950db838eded_1.json @@ -43,7 +43,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e02bd3ea-72c6-4181-ac2b-0f83d17ad969_108.json b/packages/security_detection_engine/kibana/security_rule/e02bd3ea-72c6-4181-ac2b-0f83d17ad969_108.json index 3fe0957496f..f6675e40d8d 100644 --- a/packages/security_detection_engine/kibana/security_rule/e02bd3ea-72c6-4181-ac2b-0f83d17ad969_108.json +++ b/packages/security_detection_engine/kibana/security_rule/e02bd3ea-72c6-4181-ac2b-0f83d17ad969_108.json @@ -24,7 +24,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e052c845-48d0-4f46-8a13-7d0aba05df82_214.json b/packages/security_detection_engine/kibana/security_rule/e052c845-48d0-4f46-8a13-7d0aba05df82_214.json index 2cb28125b2d..3dfa3b64ebb 100644 --- a/packages/security_detection_engine/kibana/security_rule/e052c845-48d0-4f46-8a13-7d0aba05df82_214.json +++ b/packages/security_detection_engine/kibana/security_rule/e052c845-48d0-4f46-8a13-7d0aba05df82_214.json @@ -41,11 +41,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e0881d20-54ac-457f-8733-fe0bc5d44c55_114.json b/packages/security_detection_engine/kibana/security_rule/e0881d20-54ac-457f-8733-fe0bc5d44c55_114.json index 663c767d63c..e9fdd2133b0 100644 --- a/packages/security_detection_engine/kibana/security_rule/e0881d20-54ac-457f-8733-fe0bc5d44c55_114.json +++ b/packages/security_detection_engine/kibana/security_rule/e0881d20-54ac-457f-8733-fe0bc5d44c55_114.json @@ -20,15 +20,15 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e08ccd49-0380-4b2b-8d71-8000377d6e49_417.json b/packages/security_detection_engine/kibana/security_rule/e08ccd49-0380-4b2b-8d71-8000377d6e49_417.json index 8cf3c006b4b..38c8d0563db 100644 --- a/packages/security_detection_engine/kibana/security_rule/e08ccd49-0380-4b2b-8d71-8000377d6e49_417.json +++ b/packages/security_detection_engine/kibana/security_rule/e08ccd49-0380-4b2b-8d71-8000377d6e49_417.json @@ -26,7 +26,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e0916edd-ea8c-49d2-882e-2cf6af161dd7_1.json b/packages/security_detection_engine/kibana/security_rule/e0916edd-ea8c-49d2-882e-2cf6af161dd7_1.json index 5307d541fa4..1020b5a83eb 100644 --- a/packages/security_detection_engine/kibana/security_rule/e0916edd-ea8c-49d2-882e-2cf6af161dd7_1.json +++ b/packages/security_detection_engine/kibana/security_rule/e0916edd-ea8c-49d2-882e-2cf6af161dd7_1.json @@ -43,7 +43,7 @@ "related_integrations": [ { "package": "google_workspace", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e0cc3807-e108-483c-bf66-5a4fbe0d7e89_111.json b/packages/security_detection_engine/kibana/security_rule/e0cc3807-e108-483c-bf66-5a4fbe0d7e89_111.json index a750deacc06..5f4c4c6fb69 100644 --- a/packages/security_detection_engine/kibana/security_rule/e0cc3807-e108-483c-bf66-5a4fbe0d7e89_111.json +++ b/packages/security_detection_engine/kibana/security_rule/e0cc3807-e108-483c-bf66-5a4fbe0d7e89_111.json @@ -19,15 +19,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e0f36de1-0342-453d-95a9-a068b257b053_109.json b/packages/security_detection_engine/kibana/security_rule/e0f36de1-0342-453d-95a9-a068b257b053_109.json index 85b40e384f9..f8d9fbe0b7b 100644 --- a/packages/security_detection_engine/kibana/security_rule/e0f36de1-0342-453d-95a9-a068b257b053_109.json +++ b/packages/security_detection_engine/kibana/security_rule/e0f36de1-0342-453d-95a9-a068b257b053_109.json @@ -26,7 +26,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e12c0318-99b1-44f2-830c-3a38a43207ca_214.json b/packages/security_detection_engine/kibana/security_rule/e12c0318-99b1-44f2-830c-3a38a43207ca_214.json index ce3a34fe70e..185b59a2f9e 100644 --- a/packages/security_detection_engine/kibana/security_rule/e12c0318-99b1-44f2-830c-3a38a43207ca_214.json +++ b/packages/security_detection_engine/kibana/security_rule/e12c0318-99b1-44f2-830c-3a38a43207ca_214.json @@ -49,7 +49,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e19e64ee-130e-4c07-961f-8a339f0b8362_213.json b/packages/security_detection_engine/kibana/security_rule/e19e64ee-130e-4c07-961f-8a339f0b8362_213.json index 7782d532ff6..d21b0ef94ee 100644 --- a/packages/security_detection_engine/kibana/security_rule/e19e64ee-130e-4c07-961f-8a339f0b8362_213.json +++ b/packages/security_detection_engine/kibana/security_rule/e19e64ee-130e-4c07-961f-8a339f0b8362_213.json @@ -24,11 +24,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e1db8899-97c1-4851-8993-3a3265353601_107.json b/packages/security_detection_engine/kibana/security_rule/e1db8899-97c1-4851-8993-3a3265353601_107.json index 103b85fade0..9ee369ef2ff 100644 --- a/packages/security_detection_engine/kibana/security_rule/e1db8899-97c1-4851-8993-3a3265353601_107.json +++ b/packages/security_detection_engine/kibana/security_rule/e1db8899-97c1-4851-8993-3a3265353601_107.json @@ -19,15 +19,15 @@ "related_integrations": [ { "package": "ded", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/e2258f48-ba75-4248-951b-7c885edf18c2_112.json b/packages/security_detection_engine/kibana/security_rule/e2258f48-ba75-4248-951b-7c885edf18c2_112.json index 64a46502ec5..1b2b5b3f665 100644 --- a/packages/security_detection_engine/kibana/security_rule/e2258f48-ba75-4248-951b-7c885edf18c2_112.json +++ b/packages/security_detection_engine/kibana/security_rule/e2258f48-ba75-4248-951b-7c885edf18c2_112.json @@ -19,15 +19,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e26aed74-c816-40d3-a810-48d6fbd8b2fd_208.json b/packages/security_detection_engine/kibana/security_rule/e26aed74-c816-40d3-a810-48d6fbd8b2fd_208.json index f7ea5a97c35..96472808400 100644 --- a/packages/security_detection_engine/kibana/security_rule/e26aed74-c816-40d3-a810-48d6fbd8b2fd_208.json +++ b/packages/security_detection_engine/kibana/security_rule/e26aed74-c816-40d3-a810-48d6fbd8b2fd_208.json @@ -20,15 +20,15 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/e26c0f76-2e80-445b-9e98-ab5532ccc46f_2.json b/packages/security_detection_engine/kibana/security_rule/e26c0f76-2e80-445b-9e98-ab5532ccc46f_2.json index 591087b2534..a3ae0b5e80e 100644 --- a/packages/security_detection_engine/kibana/security_rule/e26c0f76-2e80-445b-9e98-ab5532ccc46f_2.json +++ b/packages/security_detection_engine/kibana/security_rule/e26c0f76-2e80-445b-9e98-ab5532ccc46f_2.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e26f042e-c590-4e82-8e05-41e81bd822ad_322.json b/packages/security_detection_engine/kibana/security_rule/e26f042e-c590-4e82-8e05-41e81bd822ad_322.json index 41d908989a3..ddf373aff92 100644 --- a/packages/security_detection_engine/kibana/security_rule/e26f042e-c590-4e82-8e05-41e81bd822ad_322.json +++ b/packages/security_detection_engine/kibana/security_rule/e26f042e-c590-4e82-8e05-41e81bd822ad_322.json @@ -67,7 +67,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e28b8093-833b-4eda-b877-0873d134cf3c_7.json b/packages/security_detection_engine/kibana/security_rule/e28b8093-833b-4eda-b877-0873d134cf3c_7.json index a500eebdd78..ac7daa0c1de 100644 --- a/packages/security_detection_engine/kibana/security_rule/e28b8093-833b-4eda-b877-0873d134cf3c_7.json +++ b/packages/security_detection_engine/kibana/security_rule/e28b8093-833b-4eda-b877-0873d134cf3c_7.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e29599ee-d6ad-46a9-9c6a-dc39f361890d_5.json b/packages/security_detection_engine/kibana/security_rule/e29599ee-d6ad-46a9-9c6a-dc39f361890d_5.json index ea52e710294..cbde63ee5aa 100644 --- a/packages/security_detection_engine/kibana/security_rule/e29599ee-d6ad-46a9-9c6a-dc39f361890d_5.json +++ b/packages/security_detection_engine/kibana/security_rule/e29599ee-d6ad-46a9-9c6a-dc39f361890d_5.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "jamf_protect", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e2a67480-3b79-403d-96e3-fdd2992c50ef_214.json b/packages/security_detection_engine/kibana/security_rule/e2a67480-3b79-403d-96e3-fdd2992c50ef_214.json index 9387284e96a..b26eaac839e 100644 --- a/packages/security_detection_engine/kibana/security_rule/e2a67480-3b79-403d-96e3-fdd2992c50ef_214.json +++ b/packages/security_detection_engine/kibana/security_rule/e2a67480-3b79-403d-96e3-fdd2992c50ef_214.json @@ -39,7 +39,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e2dc8f8c-5f16-42fa-b49e-0eb8057f7444_8.json b/packages/security_detection_engine/kibana/security_rule/e2dc8f8c-5f16-42fa-b49e-0eb8057f7444_8.json index 4a658c2490d..09014a88ea4 100644 --- a/packages/security_detection_engine/kibana/security_rule/e2dc8f8c-5f16-42fa-b49e-0eb8057f7444_8.json +++ b/packages/security_detection_engine/kibana/security_rule/e2dc8f8c-5f16-42fa-b49e-0eb8057f7444_8.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e2e0537d-7d8f-4910-a11d-559bcf61295a_215.json b/packages/security_detection_engine/kibana/security_rule/e2e0537d-7d8f-4910-a11d-559bcf61295a_215.json index 96afe4fc445..5af0e10184d 100644 --- a/packages/security_detection_engine/kibana/security_rule/e2e0537d-7d8f-4910-a11d-559bcf61295a_215.json +++ b/packages/security_detection_engine/kibana/security_rule/e2e0537d-7d8f-4910-a11d-559bcf61295a_215.json @@ -27,27 +27,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e2f9fdf5-8076-45ad-9427-41e0e03dc9c2_219.json b/packages/security_detection_engine/kibana/security_rule/e2f9fdf5-8076-45ad-9427-41e0e03dc9c2_219.json index b9e5e92de1c..efd7de7cb67 100644 --- a/packages/security_detection_engine/kibana/security_rule/e2f9fdf5-8076-45ad-9427-41e0e03dc9c2_219.json +++ b/packages/security_detection_engine/kibana/security_rule/e2f9fdf5-8076-45ad-9427-41e0e03dc9c2_219.json @@ -21,19 +21,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e2fb5b18-e33c-4270-851e-c3d675c9afcd_108.json b/packages/security_detection_engine/kibana/security_rule/e2fb5b18-e33c-4270-851e-c3d675c9afcd_108.json index 111256a8049..8a630bde9ce 100644 --- a/packages/security_detection_engine/kibana/security_rule/e2fb5b18-e33c-4270-851e-c3d675c9afcd_108.json +++ b/packages/security_detection_engine/kibana/security_rule/e2fb5b18-e33c-4270-851e-c3d675c9afcd_108.json @@ -23,7 +23,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e302e6c3-448c-4243-8d9b-d41da70db582_107.json b/packages/security_detection_engine/kibana/security_rule/e302e6c3-448c-4243-8d9b-d41da70db582_107.json index 4f8077ecec1..d617298a9ac 100644 --- a/packages/security_detection_engine/kibana/security_rule/e302e6c3-448c-4243-8d9b-d41da70db582_107.json +++ b/packages/security_detection_engine/kibana/security_rule/e302e6c3-448c-4243-8d9b-d41da70db582_107.json @@ -19,15 +19,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e3343ab9-4245-4715-b344-e11c56b0a47f_319.json b/packages/security_detection_engine/kibana/security_rule/e3343ab9-4245-4715-b344-e11c56b0a47f_319.json index ab513d4ee38..f9dff15b832 100644 --- a/packages/security_detection_engine/kibana/security_rule/e3343ab9-4245-4715-b344-e11c56b0a47f_319.json +++ b/packages/security_detection_engine/kibana/security_rule/e3343ab9-4245-4715-b344-e11c56b0a47f_319.json @@ -27,27 +27,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e3a7b1c2-5d9f-4e8a-b6c3-2f1d4e5a6b7c_3.json b/packages/security_detection_engine/kibana/security_rule/e3a7b1c2-5d9f-4e8a-b6c3-2f1d4e5a6b7c_3.json index b41673bc2ae..2bcd77b9f6b 100644 --- a/packages/security_detection_engine/kibana/security_rule/e3a7b1c2-5d9f-4e8a-b6c3-2f1d4e5a6b7c_3.json +++ b/packages/security_detection_engine/kibana/security_rule/e3a7b1c2-5d9f-4e8a-b6c3-2f1d4e5a6b7c_3.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "fortinet_fortigate", - "version": "^1.31.0" + "version": ">=1.31.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e3bd85e9-7aff-46eb-b60e-20dfc9020d98_8.json b/packages/security_detection_engine/kibana/security_rule/e3bd85e9-7aff-46eb-b60e-20dfc9020d98_8.json index 09a3e04cb36..1d91cfb061e 100644 --- a/packages/security_detection_engine/kibana/security_rule/e3bd85e9-7aff-46eb-b60e-20dfc9020d98_8.json +++ b/packages/security_detection_engine/kibana/security_rule/e3bd85e9-7aff-46eb-b60e-20dfc9020d98_8.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e3c27562-709a-42bd-82f2-3ed926cced19_213.json b/packages/security_detection_engine/kibana/security_rule/e3c27562-709a-42bd-82f2-3ed926cced19_213.json index e74827186ab..0a7e7fd9842 100644 --- a/packages/security_detection_engine/kibana/security_rule/e3c27562-709a-42bd-82f2-3ed926cced19_213.json +++ b/packages/security_detection_engine/kibana/security_rule/e3c27562-709a-42bd-82f2-3ed926cced19_213.json @@ -42,7 +42,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e3c7a891-4b2d-4e8c-a1f0-9d8e7c6b5a4d_1.json b/packages/security_detection_engine/kibana/security_rule/e3c7a891-4b2d-4e8c-a1f0-9d8e7c6b5a4d_1.json index 3b091391c2d..b708eef310c 100644 --- a/packages/security_detection_engine/kibana/security_rule/e3c7a891-4b2d-4e8c-a1f0-9d8e7c6b5a4d_1.json +++ b/packages/security_detection_engine/kibana/security_rule/e3c7a891-4b2d-4e8c-a1f0-9d8e7c6b5a4d_1.json @@ -50,7 +50,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e3cf38fa-d5b8-46cc-87f9-4a7513e4281d_211.json b/packages/security_detection_engine/kibana/security_rule/e3cf38fa-d5b8-46cc-87f9-4a7513e4281d_211.json index 7136473583a..a8bbe3591ce 100644 --- a/packages/security_detection_engine/kibana/security_rule/e3cf38fa-d5b8-46cc-87f9-4a7513e4281d_211.json +++ b/packages/security_detection_engine/kibana/security_rule/e3cf38fa-d5b8-46cc-87f9-4a7513e4281d_211.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e3e904b3-0a8e-4e68-86a8-977a163e21d3_220.json b/packages/security_detection_engine/kibana/security_rule/e3e904b3-0a8e-4e68-86a8-977a163e21d3_220.json index dc13d3cfda4..bf4ed2a6362 100644 --- a/packages/security_detection_engine/kibana/security_rule/e3e904b3-0a8e-4e68-86a8-977a163e21d3_220.json +++ b/packages/security_detection_engine/kibana/security_rule/e3e904b3-0a8e-4e68-86a8-977a163e21d3_220.json @@ -25,11 +25,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e3f5a566-df31-40cc-987c-24bc4bb94ba5_1.json b/packages/security_detection_engine/kibana/security_rule/e3f5a566-df31-40cc-987c-24bc4bb94ba5_1.json index 46e5b349f01..4f9c9516c82 100644 --- a/packages/security_detection_engine/kibana/security_rule/e3f5a566-df31-40cc-987c-24bc4bb94ba5_1.json +++ b/packages/security_detection_engine/kibana/security_rule/e3f5a566-df31-40cc-987c-24bc4bb94ba5_1.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e43b7578-f3cc-4682-a8cf-f9d8a5fb07f1_1.json b/packages/security_detection_engine/kibana/security_rule/e43b7578-f3cc-4682-a8cf-f9d8a5fb07f1_1.json index dd5b8a2cd69..ced710b49d4 100644 --- a/packages/security_detection_engine/kibana/security_rule/e43b7578-f3cc-4682-a8cf-f9d8a5fb07f1_1.json +++ b/packages/security_detection_engine/kibana/security_rule/e43b7578-f3cc-4682-a8cf-f9d8a5fb07f1_1.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "sentinel_one", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e468f3f6-7c4c-45bb-846a-053738b3fe5d_111.json b/packages/security_detection_engine/kibana/security_rule/e468f3f6-7c4c-45bb-846a-053738b3fe5d_111.json index 3bfe5bad9f8..1fe874bbd35 100644 --- a/packages/security_detection_engine/kibana/security_rule/e468f3f6-7c4c-45bb-846a-053738b3fe5d_111.json +++ b/packages/security_detection_engine/kibana/security_rule/e468f3f6-7c4c-45bb-846a-053738b3fe5d_111.json @@ -25,11 +25,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e48236ca-b67a-4b4e-840c-fdc7782bc0c3_415.json b/packages/security_detection_engine/kibana/security_rule/e48236ca-b67a-4b4e-840c-fdc7782bc0c3_415.json index df126d81818..60f739b554a 100644 --- a/packages/security_detection_engine/kibana/security_rule/e48236ca-b67a-4b4e-840c-fdc7782bc0c3_415.json +++ b/packages/security_detection_engine/kibana/security_rule/e48236ca-b67a-4b4e-840c-fdc7782bc0c3_415.json @@ -27,7 +27,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e4c5d6e7-f8a9-4012-b3c4-d5e6f7a80912_1.json b/packages/security_detection_engine/kibana/security_rule/e4c5d6e7-f8a9-4012-b3c4-d5e6f7a80912_1.json index d690627d132..aea975897fa 100644 --- a/packages/security_detection_engine/kibana/security_rule/e4c5d6e7-f8a9-4012-b3c4-d5e6f7a80912_1.json +++ b/packages/security_detection_engine/kibana/security_rule/e4c5d6e7-f8a9-4012-b3c4-d5e6f7a80912_1.json @@ -26,7 +26,7 @@ { "integration": "auditd", "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e4e31051-ee01-4307-a6ee-b21b186958f4_214.json b/packages/security_detection_engine/kibana/security_rule/e4e31051-ee01-4307-a6ee-b21b186958f4_214.json index 52dd12af51a..a8f5498111e 100644 --- a/packages/security_detection_engine/kibana/security_rule/e4e31051-ee01-4307-a6ee-b21b186958f4_214.json +++ b/packages/security_detection_engine/kibana/security_rule/e4e31051-ee01-4307-a6ee-b21b186958f4_214.json @@ -43,11 +43,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e4feea34-3b62-4c83-b77f-018fbef48c00_106.json b/packages/security_detection_engine/kibana/security_rule/e4feea34-3b62-4c83-b77f-018fbef48c00_106.json index 59407f3c476..be7d73f51d7 100644 --- a/packages/security_detection_engine/kibana/security_rule/e4feea34-3b62-4c83-b77f-018fbef48c00_106.json +++ b/packages/security_detection_engine/kibana/security_rule/e4feea34-3b62-4c83-b77f-018fbef48c00_106.json @@ -40,7 +40,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e514d8cd-ed15-4011-84e2-d15147e059f1_219.json b/packages/security_detection_engine/kibana/security_rule/e514d8cd-ed15-4011-84e2-d15147e059f1_219.json index c889212e1e5..33aed7ed271 100644 --- a/packages/security_detection_engine/kibana/security_rule/e514d8cd-ed15-4011-84e2-d15147e059f1_219.json +++ b/packages/security_detection_engine/kibana/security_rule/e514d8cd-ed15-4011-84e2-d15147e059f1_219.json @@ -23,11 +23,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e516bf56-d51b-43e8-91ec-9e276331f433_4.json b/packages/security_detection_engine/kibana/security_rule/e516bf56-d51b-43e8-91ec-9e276331f433_4.json index 4c4cca18cef..798f2593149 100644 --- a/packages/security_detection_engine/kibana/security_rule/e516bf56-d51b-43e8-91ec-9e276331f433_4.json +++ b/packages/security_detection_engine/kibana/security_rule/e516bf56-d51b-43e8-91ec-9e276331f433_4.json @@ -42,19 +42,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e5420ced-bc42-4783-a8df-99320567e090_2.json b/packages/security_detection_engine/kibana/security_rule/e5420ced-bc42-4783-a8df-99320567e090_2.json index 7e326b41335..9ff77eb4ffa 100644 --- a/packages/security_detection_engine/kibana/security_rule/e5420ced-bc42-4783-a8df-99320567e090_2.json +++ b/packages/security_detection_engine/kibana/security_rule/e5420ced-bc42-4783-a8df-99320567e090_2.json @@ -43,7 +43,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e555105c-ba6d-481f-82bb-9b633e7b4827_211.json b/packages/security_detection_engine/kibana/security_rule/e555105c-ba6d-481f-82bb-9b633e7b4827_211.json index f3215d3c688..19bb911634d 100644 --- a/packages/security_detection_engine/kibana/security_rule/e555105c-ba6d-481f-82bb-9b633e7b4827_211.json +++ b/packages/security_detection_engine/kibana/security_rule/e555105c-ba6d-481f-82bb-9b633e7b4827_211.json @@ -26,7 +26,7 @@ "related_integrations": [ { "package": "google_workspace", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e5d219fd-8362-4b67-a0b8-e3dd4331acdd_1.json b/packages/security_detection_engine/kibana/security_rule/e5d219fd-8362-4b67-a0b8-e3dd4331acdd_1.json index f23519dfa5c..7e0a81c4a26 100644 --- a/packages/security_detection_engine/kibana/security_rule/e5d219fd-8362-4b67-a0b8-e3dd4331acdd_1.json +++ b/packages/security_detection_engine/kibana/security_rule/e5d219fd-8362-4b67-a0b8-e3dd4331acdd_1.json @@ -29,11 +29,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e5d69377-f8cf-4e8f-8328-690822cd012a_4.json b/packages/security_detection_engine/kibana/security_rule/e5d69377-f8cf-4e8f-8328-690822cd012a_4.json index 4d3703c6ab2..a8c992ccec1 100644 --- a/packages/security_detection_engine/kibana/security_rule/e5d69377-f8cf-4e8f-8328-690822cd012a_4.json +++ b/packages/security_detection_engine/kibana/security_rule/e5d69377-f8cf-4e8f-8328-690822cd012a_4.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e5f6a7b8-c9d0-8e1f-2a3b-4c5d6e7f8a9b_2.json b/packages/security_detection_engine/kibana/security_rule/e5f6a7b8-c9d0-8e1f-2a3b-4c5d6e7f8a9b_2.json deleted file mode 100644 index 4f17ce07050..00000000000 --- a/packages/security_detection_engine/kibana/security_rule/e5f6a7b8-c9d0-8e1f-2a3b-4c5d6e7f8a9b_2.json +++ /dev/null @@ -1,110 +0,0 @@ -{ - "attributes": { - "author": [ - "Elastic" - ], - "description": "Detects DNS queries to commonly abused remote monitoring and management (RMM) or remote access software domains from processes that are not browsers. Intended to surface RMM clients, scripts, or other non-browser activity contacting these services.", - "from": "now-9m", - "history_window_start": "now-7d", - "index": [ - "logs-endpoint.events.network-*", - "logs-windows.sysmon_operational-*" - ], - "language": "kuery", - "license": "Elastic License v2", - "name": "First Time Seen DNS Query to RMM Domain", - "new_terms_fields": [ - "host.id", - "dns.question.name" - ], - "note": "## Triage and analysis\n\n### Investigating First Time Seen DNS Query to RMM Domain\n\nThis rule flags DNS queries to commonly abused RMM or remote access domains when the requesting process is not a browser. Legitimate RMM and remote desktop software is frequently abused for C2, persistence, and lateral movement.\n\n### Possible investigation steps\n\n- Identify the process (process.name, process.executable) that performed the DNS query and verify if it is an approved RMM or remote access tool.\n- Review the full process tree and parent process to understand how the binary was launched.\n- Check process.code_signature for trusted RMM publishers; unsigned or unexpected signers may indicate abuse or trojanized installers.\n- Correlate with the companion rule \"First Time Seen Commonly Abused RMM Execution\" for the same host to see if the RMM process was first-time seen.\n- Investigate other alerts for the same host or user in the past 48 hours.\n\n### False positive analysis\n\n- Approved RMM or remote support tools used by IT will trigger this rule; consider allowlisting by process path or code signer for known managed tools.\n- Some updaters or installers (e.g. signed by the RMM vendor) may resolve these domains; combine with process name or parent context to reduce noise.\n\n### Response and remediation\n\n- If unauthorized RMM use is confirmed: isolate the host, remove the RMM software, rotate credentials, and block the domains at DNS/firewall where policy permits.\n- Enforce policy that only approved RMM tools from approved publishers may be used, and only by authorized staff.\n", - "query": "host.os.type: \"windows\" and\nevent.category: \"network\" and\ndns.question.name: (*teamviewer.com or *logmein* or *.anydesk.com or *screenconnect.com or *connectwise.com or *splashtop.com or assist.zoho.com or zohoassist.com or downloads.zohocdn.com or join.zoho.com or dwservice.net or express.gotoassist.com or getgo.com or *rustdesk.com or rs-* or remoteutilities.com or app.atera.com or agentreporting.atera.com or pubsub.atera.com or ammyy.com or n-able.com or cdn.kaseya.net or relay.kaseya.net or license.bomgar.com or beyondtrustcloud.com or api.parsec.app or parsecusercontent.com or tailscale.com or twingate.com or agent.jumpcloud.com or kickstart.jumpcloud.com or services.vnc.com or static.remotepc.com or netsupportsoftware.com or getscreen.me or client.teamviewer.com or integratedchat.teamviewer.com or relay.screenconnect.com or control.connectwise.com or authentication.logmeininc.com or secure.logmeinrescue.com or logmeincdn.http.internapcdn.net or remoteassistance.support.services.microsoft.com or remotedesktop-pa.googleapis.com or comserver.corporate.beanywhere.com or swi-rc.com or swi-tc.com or telemetry.servers.qetqo.com or tmate.io or api.playanext.com) and not process.name: (chrome.exe or msedge.exe or MicrosoftEdge.exe or MicrosoftEdgeCP.exe or firefox.exe or iexplore.exe or safari.exe or brave.exe or opera.exe or vivaldi.exe or msedgewebview2.exe or agent.tiflux.com or *.gotoresolve.com) and\nnot (process.code_signature.subject_name: (\"Google LLC\" or \"Google Inc.\" or \"Mozilla Corporation\" or \"Mozilla Foundation\" or \"Microsoft Corporation\" or \"Apple Inc.\" or \"Brave Software, Inc.\" or \"Opera Software AS\" or \"Vivaldi Technologies AS\") and process.code_signature.trusted: true)\n", - "references": [ - "https://attack.mitre.org/techniques/T1219/002/", - "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-025a" - ], - "related_integrations": [ - { - "package": "endpoint", - "version": "^9.0.0" - }, - { - "package": "windows", - "version": "^3.0.0" - } - ], - "required_fields": [ - { - "ecs": true, - "name": "dns.question.name", - "type": "keyword" - }, - { - "ecs": true, - "name": "event.category", - "type": "keyword" - }, - { - "ecs": true, - "name": "host.os.type", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.code_signature.subject_name", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.code_signature.trusted", - "type": "boolean" - }, - { - "ecs": true, - "name": "process.name", - "type": "keyword" - } - ], - "risk_score": 47, - "rule_id": "e5f6a7b8-c9d0-8e1f-2a3b-4c5d6e7f8a9b", - "severity": "medium", - "tags": [ - "Domain: Endpoint", - "OS: Windows", - "Use Case: Threat Detection", - "Tactic: Command and Control", - "Resources: Investigation Guide", - "Data Source: Elastic Defend", - "Data Source: Sysmon" - ], - "threat": [ - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0011", - "name": "Command and Control", - "reference": "https://attack.mitre.org/tactics/TA0011/" - }, - "technique": [ - { - "id": "T1219", - "name": "Remote Access Tools", - "reference": "https://attack.mitre.org/techniques/T1219/", - "subtechnique": [ - { - "id": "T1219.002", - "name": "Remote Desktop Software", - "reference": "https://attack.mitre.org/techniques/T1219/002/" - } - ] - } - ] - } - ], - "timestamp_override": "event.ingested", - "type": "new_terms", - "version": 2 - }, - "id": "e5f6a7b8-c9d0-8e1f-2a3b-4c5d6e7f8a9b_2", - "type": "security-rule" -} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/e5f6a7b8-c9d0-8e1f-2a3b-4c5d6e7f8a9b_5.json b/packages/security_detection_engine/kibana/security_rule/e5f6a7b8-c9d0-8e1f-2a3b-4c5d6e7f8a9b_5.json index 494a5b2e6ea..57fac657889 100644 --- a/packages/security_detection_engine/kibana/security_rule/e5f6a7b8-c9d0-8e1f-2a3b-4c5d6e7f8a9b_5.json +++ b/packages/security_detection_engine/kibana/security_rule/e5f6a7b8-c9d0-8e1f-2a3b-4c5d6e7f8a9b_5.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e5f9a1b2-3c4d-4e6f-a7b8-9c0d1e2f3a4b_1.json b/packages/security_detection_engine/kibana/security_rule/e5f9a1b2-3c4d-4e6f-a7b8-9c0d1e2f3a4b_1.json index dcb1914d283..33d039f94be 100644 --- a/packages/security_detection_engine/kibana/security_rule/e5f9a1b2-3c4d-4e6f-a7b8-9c0d1e2f3a4b_1.json +++ b/packages/security_detection_engine/kibana/security_rule/e5f9a1b2-3c4d-4e6f-a7b8-9c0d1e2f3a4b_1.json @@ -44,7 +44,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e6c1a552-7776-44ad-ae0f-8746cc07773c_108.json b/packages/security_detection_engine/kibana/security_rule/e6c1a552-7776-44ad-ae0f-8746cc07773c_108.json index 4cde177cfe0..4a51cb733c6 100644 --- a/packages/security_detection_engine/kibana/security_rule/e6c1a552-7776-44ad-ae0f-8746cc07773c_108.json +++ b/packages/security_detection_engine/kibana/security_rule/e6c1a552-7776-44ad-ae0f-8746cc07773c_108.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e6c98d38-633d-4b3e-9387-42112cd5ac10_112.json b/packages/security_detection_engine/kibana/security_rule/e6c98d38-633d-4b3e-9387-42112cd5ac10_112.json index 20a8e42bd82..e3bb7158c59 100644 --- a/packages/security_detection_engine/kibana/security_rule/e6c98d38-633d-4b3e-9387-42112cd5ac10_112.json +++ b/packages/security_detection_engine/kibana/security_rule/e6c98d38-633d-4b3e-9387-42112cd5ac10_112.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e6e3ecff-03dd-48ec-acbd-54a04de10c68_414.json b/packages/security_detection_engine/kibana/security_rule/e6e3ecff-03dd-48ec-acbd-54a04de10c68_414.json index 9223b1e0d58..994932c8baf 100644 --- a/packages/security_detection_engine/kibana/security_rule/e6e3ecff-03dd-48ec-acbd-54a04de10c68_414.json +++ b/packages/security_detection_engine/kibana/security_rule/e6e3ecff-03dd-48ec-acbd-54a04de10c68_414.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e6e8912f-283f-4d0d-8442-e0dcaf49944b_113.json b/packages/security_detection_engine/kibana/security_rule/e6e8912f-283f-4d0d-8442-e0dcaf49944b_113.json index 92b8e72fac3..f1e6f8758b5 100644 --- a/packages/security_detection_engine/kibana/security_rule/e6e8912f-283f-4d0d-8442-e0dcaf49944b_113.json +++ b/packages/security_detection_engine/kibana/security_rule/e6e8912f-283f-4d0d-8442-e0dcaf49944b_113.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e7075e8d-a966-458e-a183-85cd331af255_110.json b/packages/security_detection_engine/kibana/security_rule/e7075e8d-a966-458e-a183-85cd331af255_110.json index 685949b2bc4..6b2f1ae967a 100644 --- a/packages/security_detection_engine/kibana/security_rule/e7075e8d-a966-458e-a183-85cd331af255_110.json +++ b/packages/security_detection_engine/kibana/security_rule/e7075e8d-a966-458e-a183-85cd331af255_110.json @@ -27,7 +27,7 @@ "related_integrations": [ { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e707a7be-cc52-41ac-8ab3-d34b38c20005_6.json b/packages/security_detection_engine/kibana/security_rule/e707a7be-cc52-41ac-8ab3-d34b38c20005_6.json index 3253d96c581..f22e5dd7403 100644 --- a/packages/security_detection_engine/kibana/security_rule/e707a7be-cc52-41ac-8ab3-d34b38c20005_6.json +++ b/packages/security_detection_engine/kibana/security_rule/e707a7be-cc52-41ac-8ab3-d34b38c20005_6.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e7125cea-9fe1-42a5-9a05-b0792cf86f5a_212.json b/packages/security_detection_engine/kibana/security_rule/e7125cea-9fe1-42a5-9a05-b0792cf86f5a_212.json index 3dcb6c83c8a..c3db2ce9981 100644 --- a/packages/security_detection_engine/kibana/security_rule/e7125cea-9fe1-42a5-9a05-b0792cf86f5a_212.json +++ b/packages/security_detection_engine/kibana/security_rule/e7125cea-9fe1-42a5-9a05-b0792cf86f5a_212.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e72f87d0-a70e-4f8d-8443-a6407bc34643_313.json b/packages/security_detection_engine/kibana/security_rule/e72f87d0-a70e-4f8d-8443-a6407bc34643_313.json index 057e576f798..dcd99d02ab6 100644 --- a/packages/security_detection_engine/kibana/security_rule/e72f87d0-a70e-4f8d-8443-a6407bc34643_313.json +++ b/packages/security_detection_engine/kibana/security_rule/e72f87d0-a70e-4f8d-8443-a6407bc34643_313.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e7357fec-6e9c-41b9-b93d-6e4fc40c7d47_6.json b/packages/security_detection_engine/kibana/security_rule/e7357fec-6e9c-41b9-b93d-6e4fc40c7d47_6.json index 52a7fb97b05..ca14f1a92c3 100644 --- a/packages/security_detection_engine/kibana/security_rule/e7357fec-6e9c-41b9-b93d-6e4fc40c7d47_6.json +++ b/packages/security_detection_engine/kibana/security_rule/e7357fec-6e9c-41b9-b93d-6e4fc40c7d47_6.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e74d645b-fec6-431e-bf93-ca64a538e0de_7.json b/packages/security_detection_engine/kibana/security_rule/e74d645b-fec6-431e-bf93-ca64a538e0de_7.json index 445146f8745..9ffeefc52b3 100644 --- a/packages/security_detection_engine/kibana/security_rule/e74d645b-fec6-431e-bf93-ca64a538e0de_7.json +++ b/packages/security_detection_engine/kibana/security_rule/e74d645b-fec6-431e-bf93-ca64a538e0de_7.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e7509f8f-e70b-4b67-b864-aaa4254b4484_1.json b/packages/security_detection_engine/kibana/security_rule/e7509f8f-e70b-4b67-b864-aaa4254b4484_1.json index 766e17ea228..a46e6d8acf0 100644 --- a/packages/security_detection_engine/kibana/security_rule/e7509f8f-e70b-4b67-b864-aaa4254b4484_1.json +++ b/packages/security_detection_engine/kibana/security_rule/e7509f8f-e70b-4b67-b864-aaa4254b4484_1.json @@ -44,7 +44,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e760c72b-bb1f-44f0-9f0d-37d51744ee75_208.json b/packages/security_detection_engine/kibana/security_rule/e760c72b-bb1f-44f0-9f0d-37d51744ee75_208.json index 9f65afc2fdd..cb6d158a000 100644 --- a/packages/security_detection_engine/kibana/security_rule/e760c72b-bb1f-44f0-9f0d-37d51744ee75_208.json +++ b/packages/security_detection_engine/kibana/security_rule/e760c72b-bb1f-44f0-9f0d-37d51744ee75_208.json @@ -43,19 +43,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e7856173-6489-449f-80ec-c1f5fcd7b87c_2.json b/packages/security_detection_engine/kibana/security_rule/e7856173-6489-449f-80ec-c1f5fcd7b87c_2.json index ce4e42d37d5..a20fb5951dc 100644 --- a/packages/security_detection_engine/kibana/security_rule/e7856173-6489-449f-80ec-c1f5fcd7b87c_2.json +++ b/packages/security_detection_engine/kibana/security_rule/e7856173-6489-449f-80ec-c1f5fcd7b87c_2.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e7b2c3d4-5a6b-4e8f-9c0d-1a2b3e4f5a6b_2.json b/packages/security_detection_engine/kibana/security_rule/e7b2c3d4-5a6b-4e8f-9c0d-1a2b3e4f5a6b_2.json index b1585d9a715..087b86592c6 100644 --- a/packages/security_detection_engine/kibana/security_rule/e7b2c3d4-5a6b-4e8f-9c0d-1a2b3e4f5a6b_2.json +++ b/packages/security_detection_engine/kibana/security_rule/e7b2c3d4-5a6b-4e8f-9c0d-1a2b3e4f5a6b_2.json @@ -27,7 +27,7 @@ { "integration": "auditd", "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e7cb3cfd-aaa3-4d7b-af18-23b89955062c_114.json b/packages/security_detection_engine/kibana/security_rule/e7cb3cfd-aaa3-4d7b-af18-23b89955062c_114.json index fc31a593c08..6a368d2a733 100644 --- a/packages/security_detection_engine/kibana/security_rule/e7cb3cfd-aaa3-4d7b-af18-23b89955062c_114.json +++ b/packages/security_detection_engine/kibana/security_rule/e7cb3cfd-aaa3-4d7b-af18-23b89955062c_114.json @@ -22,15 +22,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e7cd5982-17c8-4959-874c-633acde7d426_213.json b/packages/security_detection_engine/kibana/security_rule/e7cd5982-17c8-4959-874c-633acde7d426_213.json index 61f9cf5c21b..1eb3212bcbd 100644 --- a/packages/security_detection_engine/kibana/security_rule/e7cd5982-17c8-4959-874c-633acde7d426_213.json +++ b/packages/security_detection_engine/kibana/security_rule/e7cd5982-17c8-4959-874c-633acde7d426_213.json @@ -53,7 +53,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e7e0588b-2b55-4f88-afd1-cf98e95e0f58_2.json b/packages/security_detection_engine/kibana/security_rule/e7e0588b-2b55-4f88-afd1-cf98e95e0f58_2.json index 23f13e0e0ac..5166f77dafe 100644 --- a/packages/security_detection_engine/kibana/security_rule/e7e0588b-2b55-4f88-afd1-cf98e95e0f58_2.json +++ b/packages/security_detection_engine/kibana/security_rule/e7e0588b-2b55-4f88-afd1-cf98e95e0f58_2.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e7f2c4a1-9b3d-5e8f-c6a0-2d1b4e7f8c3a_4.json b/packages/security_detection_engine/kibana/security_rule/e7f2c4a1-9b3d-5e8f-c6a0-2d1b4e7f8c3a_4.json index 22f6dbc3776..e3b8a0deddb 100644 --- a/packages/security_detection_engine/kibana/security_rule/e7f2c4a1-9b3d-5e8f-c6a0-2d1b4e7f8c3a_4.json +++ b/packages/security_detection_engine/kibana/security_rule/e7f2c4a1-9b3d-5e8f-c6a0-2d1b4e7f8c3a_4.json @@ -28,27 +28,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e80ee207-9505-49ab-8ca8-bc57d80e2cab_6.json b/packages/security_detection_engine/kibana/security_rule/e80ee207-9505-49ab-8ca8-bc57d80e2cab_6.json index 9839d6263d0..39cdf37006d 100644 --- a/packages/security_detection_engine/kibana/security_rule/e80ee207-9505-49ab-8ca8-bc57d80e2cab_6.json +++ b/packages/security_detection_engine/kibana/security_rule/e80ee207-9505-49ab-8ca8-bc57d80e2cab_6.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e842d39d-ead1-48c6-97f1-6b055476c2f3_1.json b/packages/security_detection_engine/kibana/security_rule/e842d39d-ead1-48c6-97f1-6b055476c2f3_1.json index d58010e04c0..8e570714e08 100644 --- a/packages/security_detection_engine/kibana/security_rule/e842d39d-ead1-48c6-97f1-6b055476c2f3_1.json +++ b/packages/security_detection_engine/kibana/security_rule/e842d39d-ead1-48c6-97f1-6b055476c2f3_1.json @@ -40,7 +40,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e8571d5f-bea1-46c2-9f56-998de2d3ed95_220.json b/packages/security_detection_engine/kibana/security_rule/e8571d5f-bea1-46c2-9f56-998de2d3ed95_220.json index 8fbaddc97e3..7b0e594cdb4 100644 --- a/packages/security_detection_engine/kibana/security_rule/e8571d5f-bea1-46c2-9f56-998de2d3ed95_220.json +++ b/packages/security_detection_engine/kibana/security_rule/e8571d5f-bea1-46c2-9f56-998de2d3ed95_220.json @@ -25,23 +25,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e86da94d-e54b-4fb5-b96c-cecff87e8787_315.json b/packages/security_detection_engine/kibana/security_rule/e86da94d-e54b-4fb5-b96c-cecff87e8787_315.json index d3278543638..d4258fa15b9 100644 --- a/packages/security_detection_engine/kibana/security_rule/e86da94d-e54b-4fb5-b96c-cecff87e8787_315.json +++ b/packages/security_detection_engine/kibana/security_rule/e86da94d-e54b-4fb5-b96c-cecff87e8787_315.json @@ -22,23 +22,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e882e934-2aaa-11f0-8272-f661ea17fbcc_4.json b/packages/security_detection_engine/kibana/security_rule/e882e934-2aaa-11f0-8272-f661ea17fbcc_4.json deleted file mode 100644 index afe53b2ac81..00000000000 --- a/packages/security_detection_engine/kibana/security_rule/e882e934-2aaa-11f0-8272-f661ea17fbcc_4.json +++ /dev/null @@ -1,117 +0,0 @@ -{ - "attributes": { - "author": [ - "Elastic" - ], - "description": "Identifies access to email resources via Microsoft Graph API using an first-party application on behalf of a user principal. This behavior may indicate an adversary using a phished OAuth refresh token or a Primary Refresh Token (PRT) to access email resources. The pattern includes requests to Microsoft Graph API endpoints related to email, such as /me/mailFolders/inbox/messages or /users/{user_id}/messages, using a public client application ID and a user principal object ID. This is a New Terms rule that only signals if the application ID and user principal object ID have not been seen doing this activity in the last 14 days.", - "from": "now-9m", - "history_window_start": "now-7d", - "index": [ - "logs-azure.graphactivitylogs-*" - ], - "language": "kuery", - "license": "Elastic License v2", - "name": "Microsoft Graph Request Email Access by Unusual User and Client", - "new_terms_fields": [ - "azure.graphactivitylogs.properties.app_id", - "azure.graphactivitylogs.properties.user_principal_object_id" - ], - "note": "## Triage and analysis\n\n### Investigating Microsoft Graph Request Email Access by Unusual User and Client\n\nThis rule detects instances where a previously unseen or rare Microsoft Graph application client ID accesses email-related APIs, such as `/me/messages`, `/sendMail`, or `/mailFolders/inbox/messages`. These accesses are performed via delegated user credentials using common OAuth scopes like `Mail.Read`, `Mail.ReadWrite`, `Mail.Send`, or `email`. This activity may indicate unauthorized use of a newly consented or compromised application to read or exfiltrate mail content. This is a New Terms rule that only signals if the application ID (`azure.graphactivitylogs.properties.app_id`) and user principal object ID (`azure.graphactivitylogs.properties.user_principal_object_id`) have not been seen doing this activity in the last 14 days.\n\n### Possible Investigation Steps:\n\n- `azure.graphactivitylogs.properties.app_id`: Investigate the application ID involved. Is it known and sanctioned in your tenant? Pivot to Azure Portal \u2192 Enterprise Applications \u2192 Search by App ID to determine app details, publisher, and consent status.\n- `azure.graphactivitylogs.properties.scopes`: Review the scopes requested by the application. Email-related scopes such as `Mail.ReadWrite` and `Mail.Send` are especially sensitive and suggest the app is interacting with mail content.\n- `url.path` / `azure.graphactivitylogs.properties.requestUri`: Determine exactly which mail-related APIs were accessed (e.g., reading inbox, sending messages, enumerating folders).\n- `user.id`: Identify the user whose credentials were used. Determine if the user recently consented to a new app, clicked a phishing link, or reported suspicious activity.\n- `user_agent.original`: Check for suspicious automation tools (e.g., `python-requests`, `curl`, non-browser agents), which may suggest scripted access.\n- `source.ip` and `client.geo`: Investigate the source IP and geography. Look for unusual access from unexpected countries, VPS providers, or anonymizing services.\n- `http.request.method`: Determine intent based on HTTP method \u2014 `GET` (reading), `POST` (sending), `PATCH`/`DELETE` (modifying/removing messages).\n- `token_issued_at` and `@timestamp`: Determine how long the token has been active and whether access is ongoing or recent.\n- `azure.graphactivitylogs.properties.c_sid`: Use the session correlation ID to identify other related activity in the same session. This may help identify if the app is accessing multiple users' mailboxes or if the same user is accessing multiple apps.\n- Correlate with Microsoft Entra ID (`azure.auditlogs` and `azure.signinlogs`) to determine whether:\n - The app was recently granted admin or user consent\n - Risky sign-ins occurred just prior to or after mail access\n - The same IP or app ID appears across multiple users\n\n### False Positive Analysis\n\n- New legitimate apps may appear after a user consents via OAuth. Developers, third-party tools, or IT-supplied utilities may access mail APIs if users consent.\n- Users leveraging Microsoft development environments (e.g., Visual Studio Code) may trigger this behavior with delegated `.default` permissions.\n- Admin-approved apps deployed via conditional access may trigger similar access logs if not previously seen in detection baselines.\n\n### Response and Remediation\n\n- If access is unauthorized or unexpected:\n - Revoke the app's consent in Azure AD via the Enterprise Applications blade.\n - Revoke user refresh tokens via Microsoft Entra or PowerShell.\n - Investigate the user's session and alert them to possible phishing or OAuth consent abuse.\n- Review and restrict risky OAuth permissions in Conditional Access and App Governance policies.\n- Add known, trusted app IDs to a detection allowlist to reduce noise in the future.\n- Continue monitoring the app ID for additional usage across the tenant or from suspicious IPs.\n", - "query": "event.dataset:azure.graphactivitylogs\n and azure.graphactivitylogs.properties.app_id:*\n and azure.graphactivitylogs.result_signature:200\n and azure.graphactivitylogs.properties.c_idtyp:user\n and azure.graphactivitylogs.properties.client_auth_method:0\n and http.request.method:(DELETE or GET or PATCH or POST or PUT)\n and (\n (\n url.path:(/v1.0/me/*cc or /v1.0/users/*)\n and (\n url.path:((*inbox* or *mail* or *messages*) and not *mailboxSettings*)\n or azure.graphactivitylogs.properties.requestUri:(*inbox* or *mail* or *messages*)\n )\n )\n or azure.graphactivitylogs.properties.scopes:(Mail.Read or Mail.ReadWrite or Mail.Send)\n )\n", - "references": [ - "https://www.volexity.com/blog/2025/04/22/phishing-for-codes-russian-threat-actors-target-microsoft-365-oauth-workflows/", - "https://github.com/dirkjanm/ROADtools", - "https://dirkjanm.io/phishing-for-microsoft-entra-primary-refresh-tokens/", - "https://pushsecurity.com/blog/consentfix" - ], - "related_integrations": [ - { - "integration": "graphactivitylogs", - "package": "azure", - "version": "^1.22.0" - } - ], - "required_fields": [ - { - "ecs": false, - "name": "azure.graphactivitylogs.properties.app_id", - "type": "keyword" - }, - { - "ecs": false, - "name": "azure.graphactivitylogs.properties.c_idtyp", - "type": "unknown" - }, - { - "ecs": false, - "name": "azure.graphactivitylogs.properties.client_auth_method", - "type": "integer" - }, - { - "ecs": false, - "name": "azure.graphactivitylogs.properties.requestUri", - "type": "unknown" - }, - { - "ecs": false, - "name": "azure.graphactivitylogs.properties.scopes", - "type": "keyword" - }, - { - "ecs": false, - "name": "azure.graphactivitylogs.result_signature", - "type": "keyword" - }, - { - "ecs": true, - "name": "event.dataset", - "type": "keyword" - }, - { - "ecs": true, - "name": "http.request.method", - "type": "keyword" - }, - { - "ecs": true, - "name": "url.path", - "type": "wildcard" - } - ], - "risk_score": 47, - "rule_id": "e882e934-2aaa-11f0-8272-f661ea17fbcc", - "severity": "medium", - "tags": [ - "Domain: Cloud", - "Domain: Email", - "Data Source: Azure", - "Data Source: Microsoft Graph", - "Data Source: Microsoft Graph Activity Logs", - "Use Case: Threat Detection", - "Tactic: Collection", - "Resources: Investigation Guide" - ], - "threat": [ - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0009", - "name": "Collection", - "reference": "https://attack.mitre.org/tactics/TA0009/" - }, - "technique": [ - { - "id": "T1114", - "name": "Email Collection", - "reference": "https://attack.mitre.org/techniques/T1114/" - } - ] - } - ], - "timestamp_override": "event.ingested", - "type": "new_terms", - "version": 4 - }, - "id": "e882e934-2aaa-11f0-8272-f661ea17fbcc_4", - "type": "security-rule" -} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/e882e934-2aaa-11f0-8272-f661ea17fbcc_7.json b/packages/security_detection_engine/kibana/security_rule/e882e934-2aaa-11f0-8272-f661ea17fbcc_7.json index 869ffee2ff4..ab61fc1d595 100644 --- a/packages/security_detection_engine/kibana/security_rule/e882e934-2aaa-11f0-8272-f661ea17fbcc_7.json +++ b/packages/security_detection_engine/kibana/security_rule/e882e934-2aaa-11f0-8272-f661ea17fbcc_7.json @@ -28,7 +28,7 @@ { "integration": "graphactivitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e88d1fe9-b2f4-48d4-bace-a026dc745d4b_115.json b/packages/security_detection_engine/kibana/security_rule/e88d1fe9-b2f4-48d4-bace-a026dc745d4b_115.json index 933466b871b..13ce7e221f1 100644 --- a/packages/security_detection_engine/kibana/security_rule/e88d1fe9-b2f4-48d4-bace-a026dc745d4b_115.json +++ b/packages/security_detection_engine/kibana/security_rule/e88d1fe9-b2f4-48d4-bace-a026dc745d4b_115.json @@ -24,15 +24,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e8b37f18-4804-4819-8602-4aba1169c9f4_6.json b/packages/security_detection_engine/kibana/security_rule/e8b37f18-4804-4819-8602-4aba1169c9f4_6.json index 24ec4ed58bb..696c1e45be0 100644 --- a/packages/security_detection_engine/kibana/security_rule/e8b37f18-4804-4819-8602-4aba1169c9f4_6.json +++ b/packages/security_detection_engine/kibana/security_rule/e8b37f18-4804-4819-8602-4aba1169c9f4_6.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "github", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e8c9ff14-fd1e-11ee-a0df-f661ea17fbce_10.json b/packages/security_detection_engine/kibana/security_rule/e8c9ff14-fd1e-11ee-a0df-f661ea17fbce_10.json index 25833c346ef..ca2dfb18e88 100644 --- a/packages/security_detection_engine/kibana/security_rule/e8c9ff14-fd1e-11ee-a0df-f661ea17fbce_10.json +++ b/packages/security_detection_engine/kibana/security_rule/e8c9ff14-fd1e-11ee-a0df-f661ea17fbce_10.json @@ -44,7 +44,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e8e7b6b6-78b0-4015-97fe-c2f28468e0d4_1.json b/packages/security_detection_engine/kibana/security_rule/e8e7b6b6-78b0-4015-97fe-c2f28468e0d4_1.json index f08c07db7e6..34704a2db94 100644 --- a/packages/security_detection_engine/kibana/security_rule/e8e7b6b6-78b0-4015-97fe-c2f28468e0d4_1.json +++ b/packages/security_detection_engine/kibana/security_rule/e8e7b6b6-78b0-4015-97fe-c2f28468e0d4_1.json @@ -43,7 +43,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e8ea6f58-0040-11f0-a243-f661ea17fbcd_7.json b/packages/security_detection_engine/kibana/security_rule/e8ea6f58-0040-11f0-a243-f661ea17fbcd_7.json index b76ad7c6865..612d8722361 100644 --- a/packages/security_detection_engine/kibana/security_rule/e8ea6f58-0040-11f0-a243-f661ea17fbcd_7.json +++ b/packages/security_detection_engine/kibana/security_rule/e8ea6f58-0040-11f0-a243-f661ea17fbcd_7.json @@ -47,7 +47,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e9001ee6-2d00-4d2f-849e-b8b1fb05234c_112.json b/packages/security_detection_engine/kibana/security_rule/e9001ee6-2d00-4d2f-849e-b8b1fb05234c_112.json index d1ef8fb258d..a27aeaa9fc3 100644 --- a/packages/security_detection_engine/kibana/security_rule/e9001ee6-2d00-4d2f-849e-b8b1fb05234c_112.json +++ b/packages/security_detection_engine/kibana/security_rule/e9001ee6-2d00-4d2f-849e-b8b1fb05234c_112.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e903ce9a-5ce6-4246-bb14-75ed3ec2edf5_13.json b/packages/security_detection_engine/kibana/security_rule/e903ce9a-5ce6-4246-bb14-75ed3ec2edf5_13.json index e85f07d02ad..ee480bde8b3 100644 --- a/packages/security_detection_engine/kibana/security_rule/e903ce9a-5ce6-4246-bb14-75ed3ec2edf5_13.json +++ b/packages/security_detection_engine/kibana/security_rule/e903ce9a-5ce6-4246-bb14-75ed3ec2edf5_13.json @@ -32,7 +32,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e90ee3af-45fc-432e-a850-4a58cf14a457_417.json b/packages/security_detection_engine/kibana/security_rule/e90ee3af-45fc-432e-a850-4a58cf14a457_417.json index 1ac93016238..98d79a55688 100644 --- a/packages/security_detection_engine/kibana/security_rule/e90ee3af-45fc-432e-a850-4a58cf14a457_417.json +++ b/packages/security_detection_engine/kibana/security_rule/e90ee3af-45fc-432e-a850-4a58cf14a457_417.json @@ -29,7 +29,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e92c99b6-c547-4bb6-b244-2f27394bc849_108.json b/packages/security_detection_engine/kibana/security_rule/e92c99b6-c547-4bb6-b244-2f27394bc849_108.json index e768be31703..1991aa7dab9 100644 --- a/packages/security_detection_engine/kibana/security_rule/e92c99b6-c547-4bb6-b244-2f27394bc849_108.json +++ b/packages/security_detection_engine/kibana/security_rule/e92c99b6-c547-4bb6-b244-2f27394bc849_108.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "ded", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/e94262f2-c1e9-4d3f-a907-aeab16712e1a_318.json b/packages/security_detection_engine/kibana/security_rule/e94262f2-c1e9-4d3f-a907-aeab16712e1a_318.json index f1b578ea7ff..2c02ac7e61e 100644 --- a/packages/security_detection_engine/kibana/security_rule/e94262f2-c1e9-4d3f-a907-aeab16712e1a_318.json +++ b/packages/security_detection_engine/kibana/security_rule/e94262f2-c1e9-4d3f-a907-aeab16712e1a_318.json @@ -41,23 +41,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e9a3b2c1-d4f5-6789-0abc-def123456789_2.json b/packages/security_detection_engine/kibana/security_rule/e9a3b2c1-d4f5-6789-0abc-def123456789_2.json index 6d5995e7b49..86782ed3753 100644 --- a/packages/security_detection_engine/kibana/security_rule/e9a3b2c1-d4f5-6789-0abc-def123456789_2.json +++ b/packages/security_detection_engine/kibana/security_rule/e9a3b2c1-d4f5-6789-0abc-def123456789_2.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e9abe69b-1deb-4e19-ac4a-5d5ac00f72eb_111.json b/packages/security_detection_engine/kibana/security_rule/e9abe69b-1deb-4e19-ac4a-5d5ac00f72eb_111.json index 6943cc44244..03dbb4d750a 100644 --- a/packages/security_detection_engine/kibana/security_rule/e9abe69b-1deb-4e19-ac4a-5d5ac00f72eb_111.json +++ b/packages/security_detection_engine/kibana/security_rule/e9abe69b-1deb-4e19-ac4a-5d5ac00f72eb_111.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e9b0902b-c515-413b-b80b-a8dcebc81a66_109.json b/packages/security_detection_engine/kibana/security_rule/e9b0902b-c515-413b-b80b-a8dcebc81a66_109.json index 74796cf5a52..1ba161e29cf 100644 --- a/packages/security_detection_engine/kibana/security_rule/e9b0902b-c515-413b-b80b-a8dcebc81a66_109.json +++ b/packages/security_detection_engine/kibana/security_rule/e9b0902b-c515-413b-b80b-a8dcebc81a66_109.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "lmd", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/e9fe3645-f588-43d6-99f5-437b3ef56f25_3.json b/packages/security_detection_engine/kibana/security_rule/e9fe3645-f588-43d6-99f5-437b3ef56f25_3.json index b42427fc717..ad725b710b4 100644 --- a/packages/security_detection_engine/kibana/security_rule/e9fe3645-f588-43d6-99f5-437b3ef56f25_3.json +++ b/packages/security_detection_engine/kibana/security_rule/e9fe3645-f588-43d6-99f5-437b3ef56f25_3.json @@ -42,7 +42,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/e9ff9c1c-fe36-4d0d-b3fd-9e0bf4853a62_107.json b/packages/security_detection_engine/kibana/security_rule/e9ff9c1c-fe36-4d0d-b3fd-9e0bf4853a62_107.json index f979d127394..e496a7cbe9e 100644 --- a/packages/security_detection_engine/kibana/security_rule/e9ff9c1c-fe36-4d0d-b3fd-9e0bf4853a62_107.json +++ b/packages/security_detection_engine/kibana/security_rule/e9ff9c1c-fe36-4d0d-b3fd-9e0bf4853a62_107.json @@ -24,7 +24,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ea09ff26-3902-4c53-bb8e-24b7a5d029dd_211.json b/packages/security_detection_engine/kibana/security_rule/ea09ff26-3902-4c53-bb8e-24b7a5d029dd_211.json index eca3536374e..cb6986c16fc 100644 --- a/packages/security_detection_engine/kibana/security_rule/ea09ff26-3902-4c53-bb8e-24b7a5d029dd_211.json +++ b/packages/security_detection_engine/kibana/security_rule/ea09ff26-3902-4c53-bb8e-24b7a5d029dd_211.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "problemchild", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/ea248a02-bc47-4043-8e94-2885b19b2636_216.json b/packages/security_detection_engine/kibana/security_rule/ea248a02-bc47-4043-8e94-2885b19b2636_216.json index c51d9aaa06f..1a7b689d122 100644 --- a/packages/security_detection_engine/kibana/security_rule/ea248a02-bc47-4043-8e94-2885b19b2636_216.json +++ b/packages/security_detection_engine/kibana/security_rule/ea248a02-bc47-4043-8e94-2885b19b2636_216.json @@ -22,7 +22,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/eaa77d63-9679-4ce3-be25-3ba8b795e5fa_109.json b/packages/security_detection_engine/kibana/security_rule/eaa77d63-9679-4ce3-be25-3ba8b795e5fa_109.json index 25dc298cd32..2447f6e8229 100644 --- a/packages/security_detection_engine/kibana/security_rule/eaa77d63-9679-4ce3-be25-3ba8b795e5fa_109.json +++ b/packages/security_detection_engine/kibana/security_rule/eaa77d63-9679-4ce3-be25-3ba8b795e5fa_109.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/eaef8a35-12e0-4ac0-bc14-81c72b6bd27c_10.json b/packages/security_detection_engine/kibana/security_rule/eaef8a35-12e0-4ac0-bc14-81c72b6bd27c_10.json index 3f3ec4504e6..d8edeba95d9 100644 --- a/packages/security_detection_engine/kibana/security_rule/eaef8a35-12e0-4ac0-bc14-81c72b6bd27c_10.json +++ b/packages/security_detection_engine/kibana/security_rule/eaef8a35-12e0-4ac0-bc14-81c72b6bd27c_10.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/eb3150eb-e9fb-4a64-a0fc-aa66cdd35632_3.json b/packages/security_detection_engine/kibana/security_rule/eb3150eb-e9fb-4a64-a0fc-aa66cdd35632_3.json index 60dcc9de99c..b065e0ac446 100644 --- a/packages/security_detection_engine/kibana/security_rule/eb3150eb-e9fb-4a64-a0fc-aa66cdd35632_3.json +++ b/packages/security_detection_engine/kibana/security_rule/eb3150eb-e9fb-4a64-a0fc-aa66cdd35632_3.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/eb44611f-62a8-4036-a5ef-587098be6c43_110.json b/packages/security_detection_engine/kibana/security_rule/eb44611f-62a8-4036-a5ef-587098be6c43_110.json index 7ee3cffb10f..c0301a9bc8c 100644 --- a/packages/security_detection_engine/kibana/security_rule/eb44611f-62a8-4036-a5ef-587098be6c43_110.json +++ b/packages/security_detection_engine/kibana/security_rule/eb44611f-62a8-4036-a5ef-587098be6c43_110.json @@ -39,7 +39,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/eb610e70-f9e6-4949-82b9-f1c5bcd37c39_218.json b/packages/security_detection_engine/kibana/security_rule/eb610e70-f9e6-4949-82b9-f1c5bcd37c39_218.json index c3a299e9f4c..1fcb85a57d6 100644 --- a/packages/security_detection_engine/kibana/security_rule/eb610e70-f9e6-4949-82b9-f1c5bcd37c39_218.json +++ b/packages/security_detection_engine/kibana/security_rule/eb610e70-f9e6-4949-82b9-f1c5bcd37c39_218.json @@ -40,7 +40,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/eb804972-ea34-11ee-a417-f661ea17fbce_5.json b/packages/security_detection_engine/kibana/security_rule/eb804972-ea34-11ee-a417-f661ea17fbce_5.json index 6bff6a35b2b..a14e177ebe6 100644 --- a/packages/security_detection_engine/kibana/security_rule/eb804972-ea34-11ee-a417-f661ea17fbce_5.json +++ b/packages/security_detection_engine/kibana/security_rule/eb804972-ea34-11ee-a417-f661ea17fbce_5.json @@ -31,7 +31,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/eb8abab8-dea4-4903-a0ad-dfcb09224488_1.json b/packages/security_detection_engine/kibana/security_rule/eb8abab8-dea4-4903-a0ad-dfcb09224488_1.json index 3f05a23c371..34d5415d754 100644 --- a/packages/security_detection_engine/kibana/security_rule/eb8abab8-dea4-4903-a0ad-dfcb09224488_1.json +++ b/packages/security_detection_engine/kibana/security_rule/eb8abab8-dea4-4903-a0ad-dfcb09224488_1.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/eb958cb3-dead-42b6-94ff-b9de6721fab2_2.json b/packages/security_detection_engine/kibana/security_rule/eb958cb3-dead-42b6-94ff-b9de6721fab2_2.json index 6093e0fd3c0..36f07c8560b 100644 --- a/packages/security_detection_engine/kibana/security_rule/eb958cb3-dead-42b6-94ff-b9de6721fab2_2.json +++ b/packages/security_detection_engine/kibana/security_rule/eb958cb3-dead-42b6-94ff-b9de6721fab2_2.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/eb9eb8ba-a983-41d9-9c93-a1c05112ca5e_215.json b/packages/security_detection_engine/kibana/security_rule/eb9eb8ba-a983-41d9-9c93-a1c05112ca5e_215.json index f7da49c7e22..ae00f56bb54 100644 --- a/packages/security_detection_engine/kibana/security_rule/eb9eb8ba-a983-41d9-9c93-a1c05112ca5e_215.json +++ b/packages/security_detection_engine/kibana/security_rule/eb9eb8ba-a983-41d9-9c93-a1c05112ca5e_215.json @@ -21,19 +21,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ebb200e8-adf0-43f8-a0bb-4ee5b5d852c6_419.json b/packages/security_detection_engine/kibana/security_rule/ebb200e8-adf0-43f8-a0bb-4ee5b5d852c6_419.json index c4bfe812f07..8be60da5060 100644 --- a/packages/security_detection_engine/kibana/security_rule/ebb200e8-adf0-43f8-a0bb-4ee5b5d852c6_419.json +++ b/packages/security_detection_engine/kibana/security_rule/ebb200e8-adf0-43f8-a0bb-4ee5b5d852c6_419.json @@ -44,23 +44,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ebbc1959-3309-4abf-b6cb-2bee3dbc9a7b_1.json b/packages/security_detection_engine/kibana/security_rule/ebbc1959-3309-4abf-b6cb-2bee3dbc9a7b_1.json index 2f15cc71ff6..bd165198d1e 100644 --- a/packages/security_detection_engine/kibana/security_rule/ebbc1959-3309-4abf-b6cb-2bee3dbc9a7b_1.json +++ b/packages/security_detection_engine/kibana/security_rule/ebbc1959-3309-4abf-b6cb-2bee3dbc9a7b_1.json @@ -21,11 +21,11 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ebf1adea-ccf2-4943-8b96-7ab11ca173a5_318.json b/packages/security_detection_engine/kibana/security_rule/ebf1adea-ccf2-4943-8b96-7ab11ca173a5_318.json index b0a87580562..a545573288e 100644 --- a/packages/security_detection_engine/kibana/security_rule/ebf1adea-ccf2-4943-8b96-7ab11ca173a5_318.json +++ b/packages/security_detection_engine/kibana/security_rule/ebf1adea-ccf2-4943-8b96-7ab11ca173a5_318.json @@ -43,27 +43,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ebf493d1-20be-41a0-a010-c1b6a6f90e28_1.json b/packages/security_detection_engine/kibana/security_rule/ebf493d1-20be-41a0-a010-c1b6a6f90e28_1.json index 31bbbcfa3ec..618f1bf2e35 100644 --- a/packages/security_detection_engine/kibana/security_rule/ebf493d1-20be-41a0-a010-c1b6a6f90e28_1.json +++ b/packages/security_detection_engine/kibana/security_rule/ebf493d1-20be-41a0-a010-c1b6a6f90e28_1.json @@ -24,19 +24,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ebfe1448-7fac-4d59-acea-181bd89b1f7f_320.json b/packages/security_detection_engine/kibana/security_rule/ebfe1448-7fac-4d59-acea-181bd89b1f7f_320.json index c4287c70ffa..3c3ecc9c2c8 100644 --- a/packages/security_detection_engine/kibana/security_rule/ebfe1448-7fac-4d59-acea-181bd89b1f7f_320.json +++ b/packages/security_detection_engine/kibana/security_rule/ebfe1448-7fac-4d59-acea-181bd89b1f7f_320.json @@ -27,23 +27,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ec604672-bed9-43e1-8871-cf591c052550_107.json b/packages/security_detection_engine/kibana/security_rule/ec604672-bed9-43e1-8871-cf591c052550_107.json index 36814f6d433..ecdcb7dd280 100644 --- a/packages/security_detection_engine/kibana/security_rule/ec604672-bed9-43e1-8871-cf591c052550_107.json +++ b/packages/security_detection_engine/kibana/security_rule/ec604672-bed9-43e1-8871-cf591c052550_107.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ec81962e-4bc8-48e6-bfb0-545fc97d8f6a_3.json b/packages/security_detection_engine/kibana/security_rule/ec81962e-4bc8-48e6-bfb0-545fc97d8f6a_3.json index a1267c4a0f4..79bb5d54096 100644 --- a/packages/security_detection_engine/kibana/security_rule/ec81962e-4bc8-48e6-bfb0-545fc97d8f6a_3.json +++ b/packages/security_detection_engine/kibana/security_rule/ec81962e-4bc8-48e6-bfb0-545fc97d8f6a_3.json @@ -15,7 +15,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ecc0cd54-608e-11ef-ab6d-f661ea17fbce_9.json b/packages/security_detection_engine/kibana/security_rule/ecc0cd54-608e-11ef-ab6d-f661ea17fbce_9.json index 8712ba88b1c..d79084a8523 100644 --- a/packages/security_detection_engine/kibana/security_rule/ecc0cd54-608e-11ef-ab6d-f661ea17fbce_9.json +++ b/packages/security_detection_engine/kibana/security_rule/ecc0cd54-608e-11ef-ab6d-f661ea17fbce_9.json @@ -30,31 +30,31 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ecd4857b-5bac-455e-a7c9-a88b66e56a9e_4.json b/packages/security_detection_engine/kibana/security_rule/ecd4857b-5bac-455e-a7c9-a88b66e56a9e_4.json index 43794ebb7af..2401d194f80 100644 --- a/packages/security_detection_engine/kibana/security_rule/ecd4857b-5bac-455e-a7c9-a88b66e56a9e_4.json +++ b/packages/security_detection_engine/kibana/security_rule/ecd4857b-5bac-455e-a7c9-a88b66e56a9e_4.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ed2461e1-d6bf-4550-87b9-c008d6ac15f4_1.json b/packages/security_detection_engine/kibana/security_rule/ed2461e1-d6bf-4550-87b9-c008d6ac15f4_1.json index 5afb252a03f..84fbc5f7e12 100644 --- a/packages/security_detection_engine/kibana/security_rule/ed2461e1-d6bf-4550-87b9-c008d6ac15f4_1.json +++ b/packages/security_detection_engine/kibana/security_rule/ed2461e1-d6bf-4550-87b9-c008d6ac15f4_1.json @@ -31,7 +31,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ed3fedc3-dd10-45a5-a485-34a8b48cea46_7.json b/packages/security_detection_engine/kibana/security_rule/ed3fedc3-dd10-45a5-a485-34a8b48cea46_7.json index ec07b9bc638..b4a1ebde733 100644 --- a/packages/security_detection_engine/kibana/security_rule/ed3fedc3-dd10-45a5-a485-34a8b48cea46_7.json +++ b/packages/security_detection_engine/kibana/security_rule/ed3fedc3-dd10-45a5-a485-34a8b48cea46_7.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ed9ecd27-e3e6-4fd9-8586-7754803f7fc8_109.json b/packages/security_detection_engine/kibana/security_rule/ed9ecd27-e3e6-4fd9-8586-7754803f7fc8_109.json index 87b7e4f7a1b..dd332184ad4 100644 --- a/packages/security_detection_engine/kibana/security_rule/ed9ecd27-e3e6-4fd9-8586-7754803f7fc8_109.json +++ b/packages/security_detection_engine/kibana/security_rule/ed9ecd27-e3e6-4fd9-8586-7754803f7fc8_109.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/eda499b8-a073-4e35-9733-22ec71f57f3a_319.json b/packages/security_detection_engine/kibana/security_rule/eda499b8-a073-4e35-9733-22ec71f57f3a_319.json index 0770278007d..3bef45d3eab 100644 --- a/packages/security_detection_engine/kibana/security_rule/eda499b8-a073-4e35-9733-22ec71f57f3a_319.json +++ b/packages/security_detection_engine/kibana/security_rule/eda499b8-a073-4e35-9733-22ec71f57f3a_319.json @@ -32,27 +32,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/edb91186-1c7e-4db8-b53e-bfa33a1a0a8a_414.json b/packages/security_detection_engine/kibana/security_rule/edb91186-1c7e-4db8-b53e-bfa33a1a0a8a_414.json index 49362436a38..8110af52a4b 100644 --- a/packages/security_detection_engine/kibana/security_rule/edb91186-1c7e-4db8-b53e-bfa33a1a0a8a_414.json +++ b/packages/security_detection_engine/kibana/security_rule/edb91186-1c7e-4db8-b53e-bfa33a1a0a8a_414.json @@ -27,7 +27,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/edf8ee23-5ea7-4123-ba19-56b41e424ae3_321.json b/packages/security_detection_engine/kibana/security_rule/edf8ee23-5ea7-4123-ba19-56b41e424ae3_321.json index 4e08664976d..61ab2031ef4 100644 --- a/packages/security_detection_engine/kibana/security_rule/edf8ee23-5ea7-4123-ba19-56b41e424ae3_321.json +++ b/packages/security_detection_engine/kibana/security_rule/edf8ee23-5ea7-4123-ba19-56b41e424ae3_321.json @@ -27,27 +27,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/edfd5ca9-9d6c-44d9-b615-1e56b920219c_10.json b/packages/security_detection_engine/kibana/security_rule/edfd5ca9-9d6c-44d9-b615-1e56b920219c_10.json index a0ceac76f8a..771eeb588a7 100644 --- a/packages/security_detection_engine/kibana/security_rule/edfd5ca9-9d6c-44d9-b615-1e56b920219c_10.json +++ b/packages/security_detection_engine/kibana/security_rule/edfd5ca9-9d6c-44d9-b615-1e56b920219c_10.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ee39a9f7-5a79-4b0a-9815-d36b3cf28d3e_312.json b/packages/security_detection_engine/kibana/security_rule/ee39a9f7-5a79-4b0a-9815-d36b3cf28d3e_312.json index 0c02762d9ea..f014bb689ba 100644 --- a/packages/security_detection_engine/kibana/security_rule/ee39a9f7-5a79-4b0a-9815-d36b3cf28d3e_312.json +++ b/packages/security_detection_engine/kibana/security_rule/ee39a9f7-5a79-4b0a-9815-d36b3cf28d3e_312.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ee5300a7-7e31-4a72-a258-250abb8b3aa1_217.json b/packages/security_detection_engine/kibana/security_rule/ee5300a7-7e31-4a72-a258-250abb8b3aa1_217.json index 50800753668..153e3bd4b6a 100644 --- a/packages/security_detection_engine/kibana/security_rule/ee5300a7-7e31-4a72-a258-250abb8b3aa1_217.json +++ b/packages/security_detection_engine/kibana/security_rule/ee5300a7-7e31-4a72-a258-250abb8b3aa1_217.json @@ -30,27 +30,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ee53d67a-5f0c-423c-a53c-8084ae562b5c_4.json b/packages/security_detection_engine/kibana/security_rule/ee53d67a-5f0c-423c-a53c-8084ae562b5c_4.json index 8c332edc6fd..88e26d32e66 100644 --- a/packages/security_detection_engine/kibana/security_rule/ee53d67a-5f0c-423c-a53c-8084ae562b5c_4.json +++ b/packages/security_detection_engine/kibana/security_rule/ee53d67a-5f0c-423c-a53c-8084ae562b5c_4.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ee7726cc-babc-4885-988c-f915173ac0c0_4.json b/packages/security_detection_engine/kibana/security_rule/ee7726cc-babc-4885-988c-f915173ac0c0_4.json index 0b7be8aec0d..68f44588e1f 100644 --- a/packages/security_detection_engine/kibana/security_rule/ee7726cc-babc-4885-988c-f915173ac0c0_4.json +++ b/packages/security_detection_engine/kibana/security_rule/ee7726cc-babc-4885-988c-f915173ac0c0_4.json @@ -44,27 +44,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/eea82229-b002-470e-a9e1-00be38b14d32_114.json b/packages/security_detection_engine/kibana/security_rule/eea82229-b002-470e-a9e1-00be38b14d32_114.json index 10a8f67c3aa..862f8a6b0de 100644 --- a/packages/security_detection_engine/kibana/security_rule/eea82229-b002-470e-a9e1-00be38b14d32_114.json +++ b/packages/security_detection_engine/kibana/security_rule/eea82229-b002-470e-a9e1-00be38b14d32_114.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/eef9f8b5-48ec-44b5-b8bd-7b9b7d71853c_103.json b/packages/security_detection_engine/kibana/security_rule/eef9f8b5-48ec-44b5-b8bd-7b9b7d71853c_103.json index 96f251d11ec..1827dffc93f 100644 --- a/packages/security_detection_engine/kibana/security_rule/eef9f8b5-48ec-44b5-b8bd-7b9b7d71853c_103.json +++ b/packages/security_detection_engine/kibana/security_rule/eef9f8b5-48ec-44b5-b8bd-7b9b7d71853c_103.json @@ -22,23 +22,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ef04a476-07ec-48fc-8f3d-5e1742de76d3_215.json b/packages/security_detection_engine/kibana/security_rule/ef04a476-07ec-48fc-8f3d-5e1742de76d3_215.json index 3ea5da63bc3..9007879e69e 100644 --- a/packages/security_detection_engine/kibana/security_rule/ef04a476-07ec-48fc-8f3d-5e1742de76d3_215.json +++ b/packages/security_detection_engine/kibana/security_rule/ef04a476-07ec-48fc-8f3d-5e1742de76d3_215.json @@ -25,19 +25,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ef100a2e-ecd4-4f72-9d1e-2f779ff3c311_113.json b/packages/security_detection_engine/kibana/security_rule/ef100a2e-ecd4-4f72-9d1e-2f779ff3c311_113.json index e96a9a6255e..097c06b230f 100644 --- a/packages/security_detection_engine/kibana/security_rule/ef100a2e-ecd4-4f72-9d1e-2f779ff3c311_113.json +++ b/packages/security_detection_engine/kibana/security_rule/ef100a2e-ecd4-4f72-9d1e-2f779ff3c311_113.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ef35b103-7fca-4af4-879d-a7e73c918659_1.json b/packages/security_detection_engine/kibana/security_rule/ef35b103-7fca-4af4-879d-a7e73c918659_1.json index 44d53d45e05..a54abad4fd8 100644 --- a/packages/security_detection_engine/kibana/security_rule/ef35b103-7fca-4af4-879d-a7e73c918659_1.json +++ b/packages/security_detection_engine/kibana/security_rule/ef35b103-7fca-4af4-879d-a7e73c918659_1.json @@ -16,11 +16,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ef395dff-be12-4a6e-8919-d87d627c2174_5.json b/packages/security_detection_engine/kibana/security_rule/ef395dff-be12-4a6e-8919-d87d627c2174_5.json index fd0369b76aa..26ca0d7159e 100644 --- a/packages/security_detection_engine/kibana/security_rule/ef395dff-be12-4a6e-8919-d87d627c2174_5.json +++ b/packages/security_detection_engine/kibana/security_rule/ef395dff-be12-4a6e-8919-d87d627c2174_5.json @@ -23,15 +23,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ef65e82c-d8b4-4895-9824-5f6bc6166804_103.json b/packages/security_detection_engine/kibana/security_rule/ef65e82c-d8b4-4895-9824-5f6bc6166804_103.json index 3d2160e8bdb..8b76b09d793 100644 --- a/packages/security_detection_engine/kibana/security_rule/ef65e82c-d8b4-4895-9824-5f6bc6166804_103.json +++ b/packages/security_detection_engine/kibana/security_rule/ef65e82c-d8b4-4895-9824-5f6bc6166804_103.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ef862985-3f13-4262-a686-5f357bbb9bc2_219.json b/packages/security_detection_engine/kibana/security_rule/ef862985-3f13-4262-a686-5f357bbb9bc2_219.json index e9298e03f10..4517982accd 100644 --- a/packages/security_detection_engine/kibana/security_rule/ef862985-3f13-4262-a686-5f357bbb9bc2_219.json +++ b/packages/security_detection_engine/kibana/security_rule/ef862985-3f13-4262-a686-5f357bbb9bc2_219.json @@ -25,19 +25,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ef8cc01c-fc49-4954-a175-98569c646740_108.json b/packages/security_detection_engine/kibana/security_rule/ef8cc01c-fc49-4954-a175-98569c646740_108.json index 37b5d90d93b..3f42da63abc 100644 --- a/packages/security_detection_engine/kibana/security_rule/ef8cc01c-fc49-4954-a175-98569c646740_108.json +++ b/packages/security_detection_engine/kibana/security_rule/ef8cc01c-fc49-4954-a175-98569c646740_108.json @@ -19,15 +19,15 @@ "related_integrations": [ { "package": "ded", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/f036953a-4615-4707-a1ca-dc53bf69dcd5_214.json b/packages/security_detection_engine/kibana/security_rule/f036953a-4615-4707-a1ca-dc53bf69dcd5_214.json index b5b47d7a663..add7149ddad 100644 --- a/packages/security_detection_engine/kibana/security_rule/f036953a-4615-4707-a1ca-dc53bf69dcd5_214.json +++ b/packages/security_detection_engine/kibana/security_rule/f036953a-4615-4707-a1ca-dc53bf69dcd5_214.json @@ -30,15 +30,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f0493cb4-9b15-43a9-9359-68c23a7f2cf3_113.json b/packages/security_detection_engine/kibana/security_rule/f0493cb4-9b15-43a9-9359-68c23a7f2cf3_113.json index 394724d04c8..c5dc45ab05e 100644 --- a/packages/security_detection_engine/kibana/security_rule/f0493cb4-9b15-43a9-9359-68c23a7f2cf3_113.json +++ b/packages/security_detection_engine/kibana/security_rule/f0493cb4-9b15-43a9-9359-68c23a7f2cf3_113.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f06414a6-f2a4-466d-8eba-10f85e8abf71_415.json b/packages/security_detection_engine/kibana/security_rule/f06414a6-f2a4-466d-8eba-10f85e8abf71_415.json index 3e57bfff230..cd7601ce300 100644 --- a/packages/security_detection_engine/kibana/security_rule/f06414a6-f2a4-466d-8eba-10f85e8abf71_415.json +++ b/packages/security_detection_engine/kibana/security_rule/f06414a6-f2a4-466d-8eba-10f85e8abf71_415.json @@ -28,7 +28,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f0b48bbc-549e-4bcf-8ee0-a7a72586c6a7_115.json b/packages/security_detection_engine/kibana/security_rule/f0b48bbc-549e-4bcf-8ee0-a7a72586c6a7_115.json index fd6604b39d6..f2dbc6c937f 100644 --- a/packages/security_detection_engine/kibana/security_rule/f0b48bbc-549e-4bcf-8ee0-a7a72586c6a7_115.json +++ b/packages/security_detection_engine/kibana/security_rule/f0b48bbc-549e-4bcf-8ee0-a7a72586c6a7_115.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f0bc081a-2346-4744-a6a4-81514817e888_109.json b/packages/security_detection_engine/kibana/security_rule/f0bc081a-2346-4744-a6a4-81514817e888_109.json index b460ffb7656..840017db957 100644 --- a/packages/security_detection_engine/kibana/security_rule/f0bc081a-2346-4744-a6a4-81514817e888_109.json +++ b/packages/security_detection_engine/kibana/security_rule/f0bc081a-2346-4744-a6a4-81514817e888_109.json @@ -25,7 +25,7 @@ { "integration": "activitylogs", "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f0cc239b-67fa-46fc-89d4-f861753a40f5_8.json b/packages/security_detection_engine/kibana/security_rule/f0cc239b-67fa-46fc-89d4-f861753a40f5_8.json index 843f084dd07..1e08ca97c2a 100644 --- a/packages/security_detection_engine/kibana/security_rule/f0cc239b-67fa-46fc-89d4-f861753a40f5_8.json +++ b/packages/security_detection_engine/kibana/security_rule/f0cc239b-67fa-46fc-89d4-f861753a40f5_8.json @@ -17,11 +17,11 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" }, { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "risk_score": 73, diff --git a/packages/security_detection_engine/kibana/security_rule/f0dbff4c-1aa7-4458-9ed5-ada472f64970_5.json b/packages/security_detection_engine/kibana/security_rule/f0dbff4c-1aa7-4458-9ed5-ada472f64970_5.json index 59443d075ce..3cf1f5d4b90 100644 --- a/packages/security_detection_engine/kibana/security_rule/f0dbff4c-1aa7-4458-9ed5-ada472f64970_5.json +++ b/packages/security_detection_engine/kibana/security_rule/f0dbff4c-1aa7-4458-9ed5-ada472f64970_5.json @@ -44,11 +44,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f0eb70e9-71e9-40cd-813f-bf8e8c812cb1_111.json b/packages/security_detection_engine/kibana/security_rule/f0eb70e9-71e9-40cd-813f-bf8e8c812cb1_111.json index c742cc77bd5..062e30638fc 100644 --- a/packages/security_detection_engine/kibana/security_rule/f0eb70e9-71e9-40cd-813f-bf8e8c812cb1_111.json +++ b/packages/security_detection_engine/kibana/security_rule/f0eb70e9-71e9-40cd-813f-bf8e8c812cb1_111.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f16fca20-4d6c-43f9-aec1-20b6de3b0aeb_113.json b/packages/security_detection_engine/kibana/security_rule/f16fca20-4d6c-43f9-aec1-20b6de3b0aeb_113.json deleted file mode 100644 index 6dd2420a72b..00000000000 --- a/packages/security_detection_engine/kibana/security_rule/f16fca20-4d6c-43f9-aec1-20b6de3b0aeb_113.json +++ /dev/null @@ -1,158 +0,0 @@ -{ - "attributes": { - "author": [ - "Elastic" - ], - "description": "Identifies suspicious child processes executed via a web server, which may suggest a vulnerability and remote shell access. Attackers may exploit a vulnerability in a web application to execute commands via a web server, or place a backdoor file that can be abused to gain code execution as a mechanism for persistence.", - "false_positives": [ - "Network monitoring or management products may have a web server component that runs shell commands as part of normal behavior." - ], - "from": "now-9m", - "index": [ - "endgame-*", - "logs-endpoint.events.process*", - "logs-sentinel_one_cloud_funnel.*" - ], - "language": "eql", - "license": "Elastic License v2", - "name": "Suspicious Child Execution via Web Server", - "note": "## Triage and analysis\n\n### Investigating Suspicious Child Execution via Web Server\n\nAdversaries may backdoor web servers with web shells to establish persistent access to systems. A web shell is a malicious script, often embedded into a compromised web server, that grants an attacker remote access and control over the server. This enables the execution of arbitrary commands, data exfiltration, and further exploitation of the target network.\n\nThis rule detects a web server process spawning script and command line interface programs, potentially indicating attackers executing commands using the web shell.\n\n> **Note**:\n> This investigation guide uses the [Osquery Markdown Plugin](https://www.elastic.co/guide/en/security/current/invest-guide-run-osquery.html) introduced in Elastic Stack version 8.5.0. Older Elastic Stack versions will display unrendered Markdown in this guide.\n> This investigation guide uses [placeholder fields](https://www.elastic.co/guide/en/security/current/osquery-placeholder-fields.html) to dynamically pass alert data into Osquery queries. Placeholder fields were introduced in Elastic Stack version 8.7.0. If you're using Elastic Stack version 8.6.0 or earlier, you'll need to manually adjust this investigation guide's queries to ensure they properly run.\n\n#### Possible investigation steps\n\n- Investigate abnormal behaviors by the subject process such as network connections, file modifications, and any other spawned child processes.\n - Investigate listening ports and open sockets to look for potential reverse shells or data exfiltration.\n - !{osquery{\"label\":\"Osquery - Retrieve Listening Ports\",\"query\":\"SELECT pid, address, port, socket, protocol, path FROM listening_ports\"}}\n - !{osquery{\"label\":\"Osquery - Retrieve Open Sockets\",\"query\":\"SELECT pid, family, remote_address, remote_port, socket, state FROM process_open_sockets\"}}\n - Investigate the process information for malicious or uncommon processes/process trees.\n - !{osquery{\"label\":\"Osquery - Retrieve Process Info\",\"query\":\"SELECT name, cmdline, parent, path, uid FROM processes\"}}\n - Investigate the process tree spawned from the user that is used to run the web application service. A user that is running a web application should not spawn other child processes.\n - !{osquery{\"label\":\"Osquery - Retrieve Process Info for Webapp User\",\"query\":\"SELECT name, cmdline, parent, path, uid FROM processes WHERE uid = {{process.user.id}}\"}}\n- Examine the command line to determine which commands or scripts were executed.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- If scripts or executables were dropped, retrieve the files and determine if they are malicious:\n - Use a private sandboxed malware analysis system to perform analysis.\n - Observe and collect information about the following activities:\n - Attempts to contact external domains and addresses.\n - Check if the domain is newly registered or unexpected.\n - Check the reputation of the domain or IP address.\n - File access, modification, and creation activities.\n - Cron jobs, services and other persistence mechanisms.\n - !{osquery{\"label\":\"Osquery - Retrieve Crontab Information\",\"query\":\"SELECT * FROM crontab\"}}\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Any activity that triggered the alert and is not inherently malicious must be monitored by the security team.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further post-compromise behavior.\n- If the triage identified malware, search the environment for additional compromised hosts.\n - Implement temporary network rules, procedures, and segmentation to contain the malware.\n - Stop suspicious processes.\n - Immediately block the identified indicators of compromise (IoCs).\n - Inspect the affected systems for additional malware backdoors like reverse shells, reverse proxies, or droppers that attackers could use to reinfect the system.\n- Remove and block malicious artifacts identified during triage.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Leverage the incident response data and logging to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n", - "query": "process where host.os.type == \"linux\" and event.type == \"start\" and process.parent.executable != null and (\n process.parent.name like (\n \"apache\", \"nginx\", \"apache2\", \"httpd\", \"lighttpd\", \"caddy\", \"php-fpm*\", \"mongrel_rails\", \"haproxy\",\n \"gunicorn\", \"uwsgi\", \"openresty\", \"cherokee\", \"h2o\", \"resin\", \"puma\", \"unicorn\", \"traefik\", \"uvicorn\",\n \"tornado\", \"hypercorn\", \"daphne\", \"twistd\", \"yaws\", \"webfsd\", \"httpd.worker\", \"flask\", \"rails\", \"mongrel\",\n \"php-cgi\", \"php-fcgi\", \"php-cgi.cagefs\", \"catalina.sh\", \"hiawatha\", \"lswsctrl\"\n ) or\n user.name in (\"apache\", \"www-data\", \"httpd\", \"nginx\", \"lighttpd\", \"tomcat\", \"tomcat8\", \"tomcat9\") or\n user.id in (\"33\", \"498\", \"48\") or\n (process.name == \"java\" and ?process.working_directory like \"/u0?/*\")\n) and (\n process.executable like (\n \"/tmp/*\", \"/var/tmp/*\", \"/dev/shm/*\", \"./*\", \"/run/*\", \"/var/run/*\", \"/boot/*\", \"/sys/*\", \"/lost+found/*\",\n \"/proc/*\", \"/var/mail/*\", \"/var/www/*\", \"/home/*\", \"/root/*\" \n ) or\n process.name like~ (\n // Hidden processes\n \".*\",\n // Suspicious file formats\n \"*.elf\", \"*.sh\", \"*.py\", \"*.rb\", \"*.pl\", \"*.lua*\", \"*.php*\", \".js\",\n // Scheduled tasks\n \"systemd\", \"cron\", \"crond\",\n // Network utilities often used for reverse shells\n \"nc\", \"netcat\", \"ncat\", \"telnet\", \"socat\", \"openssl\", \"nc.openbsd\", \"ngrok\", \"nc.traditional\",\n // Cloud CLI\n \"az\", \"gcloud\", \"aws\",\n // Misc. tools\n \"whoami\", \"ifconfig\", \"ip\", \"ss\", \"top\", \"htop\", \"df\", \"du\", \"lsblk\", \"lsof\", \"tcpdump\",\n \"strace\", \"ltrace\", \"curl\", \"wget\", \"dig\", \"nslookup\", \"host\", \"nmap\", \"arp\", \"traceroute\"\n ) \n)\n", - "references": [ - "https://pentestlab.blog/tag/web-shell/", - "https://www.elastic.co/security-labs/elastic-response-to-the-the-spring4shell-vulnerability-cve-2022-22965" - ], - "related_integrations": [ - { - "package": "endpoint", - "version": "^9.0.0" - }, - { - "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" - } - ], - "required_fields": [ - { - "ecs": true, - "name": "event.type", - "type": "keyword" - }, - { - "ecs": true, - "name": "host.os.type", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.executable", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.name", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.parent.executable", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.parent.name", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.working_directory", - "type": "keyword" - }, - { - "ecs": true, - "name": "user.id", - "type": "keyword" - }, - { - "ecs": true, - "name": "user.name", - "type": "keyword" - } - ], - "risk_score": 47, - "rule_id": "f16fca20-4d6c-43f9-aec1-20b6de3b0aeb", - "setup": "## Setup\n\nThis rule requires data coming in from Elastic Defend.\n\n### Elastic Defend Integration Setup\nElastic Defend is integrated into the Elastic Agent using Fleet. Upon configuration, the integration allows the Elastic Agent to monitor events on your host and send data to the Elastic Security app.\n\n#### Prerequisite Requirements:\n- Fleet is required for Elastic Defend.\n- To configure Fleet Server refer to the [documentation](https://www.elastic.co/guide/en/fleet/current/fleet-server.html).\n\n#### The following steps should be executed in order to add the Elastic Defend integration on a Linux System:\n- Go to the Kibana home page and click \"Add integrations\".\n- In the query bar, search for \"Elastic Defend\" and select the integration to see more details about it.\n- Click \"Add Elastic Defend\".\n- Configure the integration name and optionally add a description.\n- Select the type of environment you want to protect, either \"Traditional Endpoints\" or \"Cloud Workloads\".\n- Select a configuration preset. Each preset comes with different default settings for Elastic Agent, you can further customize these later by configuring the Elastic Defend integration policy. [Helper guide](https://www.elastic.co/guide/en/security/current/configure-endpoint-integration-policy.html).\n- We suggest selecting \"Complete EDR (Endpoint Detection and Response)\" as a configuration setting, that provides \"All events; all preventions\"\n- Enter a name for the agent policy in \"New agent policy name\". If other agent policies already exist, you can click the \"Existing hosts\" tab and select an existing policy instead.\nFor more details on Elastic Agent configuration settings, refer to the [helper guide](https://www.elastic.co/guide/en/fleet/8.10/agent-policy.html).\n- Click \"Save and Continue\".\n- To complete the integration, select \"Add Elastic Agent to your hosts\" and continue to the next section to install the Elastic Agent on your hosts.\nFor more details on Elastic Defend refer to the [helper guide](https://www.elastic.co/guide/en/security/current/install-endpoint.html).\n", - "severity": "medium", - "tags": [ - "Domain: Endpoint", - "OS: Linux", - "Use Case: Threat Detection", - "Tactic: Persistence", - "Tactic: Initial Access", - "Data Source: Elastic Endgame", - "Use Case: Vulnerability", - "Resources: Investigation Guide", - "Data Source: Elastic Defend", - "Data Source: SentinelOne" - ], - "threat": [ - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0003", - "name": "Persistence", - "reference": "https://attack.mitre.org/tactics/TA0003/" - }, - "technique": [ - { - "id": "T1505", - "name": "Server Software Component", - "reference": "https://attack.mitre.org/techniques/T1505/", - "subtechnique": [ - { - "id": "T1505.003", - "name": "Web Shell", - "reference": "https://attack.mitre.org/techniques/T1505/003/" - } - ] - } - ] - }, - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0001", - "name": "Initial Access", - "reference": "https://attack.mitre.org/tactics/TA0001/" - }, - "technique": [ - { - "id": "T1190", - "name": "Exploit Public-Facing Application", - "reference": "https://attack.mitre.org/techniques/T1190/" - } - ] - }, - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0002", - "name": "Execution", - "reference": "https://attack.mitre.org/tactics/TA0002/" - }, - "technique": [ - { - "id": "T1059", - "name": "Command and Scripting Interpreter", - "reference": "https://attack.mitre.org/techniques/T1059/" - } - ] - } - ], - "timestamp_override": "event.ingested", - "type": "eql", - "version": 113 - }, - "id": "f16fca20-4d6c-43f9-aec1-20b6de3b0aeb_113", - "type": "security-rule" -} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/f16fca20-4d6c-43f9-aec1-20b6de3b0aeb_116.json b/packages/security_detection_engine/kibana/security_rule/f16fca20-4d6c-43f9-aec1-20b6de3b0aeb_116.json index e71c262d900..e0af7371179 100644 --- a/packages/security_detection_engine/kibana/security_rule/f16fca20-4d6c-43f9-aec1-20b6de3b0aeb_116.json +++ b/packages/security_detection_engine/kibana/security_rule/f16fca20-4d6c-43f9-aec1-20b6de3b0aeb_116.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f18a474c-3632-427f-bcf5-363c994309ee_106.json b/packages/security_detection_engine/kibana/security_rule/f18a474c-3632-427f-bcf5-363c994309ee_106.json index 9f8039b9b74..ec1b8052fc3 100644 --- a/packages/security_detection_engine/kibana/security_rule/f18a474c-3632-427f-bcf5-363c994309ee_106.json +++ b/packages/security_detection_engine/kibana/security_rule/f18a474c-3632-427f-bcf5-363c994309ee_106.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f1a2b3c4-d5e6-4789-a012-3456789abc01_1.json b/packages/security_detection_engine/kibana/security_rule/f1a2b3c4-d5e6-4789-a012-3456789abc01_1.json index f11309ef3f4..eca6169725a 100644 --- a/packages/security_detection_engine/kibana/security_rule/f1a2b3c4-d5e6-4789-a012-3456789abc01_1.json +++ b/packages/security_detection_engine/kibana/security_rule/f1a2b3c4-d5e6-4789-a012-3456789abc01_1.json @@ -18,7 +18,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f1a6d0f4-95b8-11ed-9517-f661ea17fbcc_8.json b/packages/security_detection_engine/kibana/security_rule/f1a6d0f4-95b8-11ed-9517-f661ea17fbcc_8.json index 5105fcd0ce7..d0f8ac0bf10 100644 --- a/packages/security_detection_engine/kibana/security_rule/f1a6d0f4-95b8-11ed-9517-f661ea17fbcc_8.json +++ b/packages/security_detection_engine/kibana/security_rule/f1a6d0f4-95b8-11ed-9517-f661ea17fbcc_8.json @@ -26,7 +26,7 @@ "related_integrations": [ { "package": "google_workspace", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f1f3070e-045c-4e03-ae58-d11d43d2ee51_2.json b/packages/security_detection_engine/kibana/security_rule/f1f3070e-045c-4e03-ae58-d11d43d2ee51_2.json index aa8eab4548c..168c3d6268b 100644 --- a/packages/security_detection_engine/kibana/security_rule/f1f3070e-045c-4e03-ae58-d11d43d2ee51_2.json +++ b/packages/security_detection_engine/kibana/security_rule/f1f3070e-045c-4e03-ae58-d11d43d2ee51_2.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f2015527-7c46-4bb9-80db-051657ddfb69_9.json b/packages/security_detection_engine/kibana/security_rule/f2015527-7c46-4bb9-80db-051657ddfb69_9.json index a338baffdab..f6b8bfe9e59 100644 --- a/packages/security_detection_engine/kibana/security_rule/f2015527-7c46-4bb9-80db-051657ddfb69_9.json +++ b/packages/security_detection_engine/kibana/security_rule/f2015527-7c46-4bb9-80db-051657ddfb69_9.json @@ -44,7 +44,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f20d1782-e783-4ed0-a0c4-946899a98a7c_102.json b/packages/security_detection_engine/kibana/security_rule/f20d1782-e783-4ed0-a0c4-946899a98a7c_102.json index 6d1d929a1da..162e16522b0 100644 --- a/packages/security_detection_engine/kibana/security_rule/f20d1782-e783-4ed0-a0c4-946899a98a7c_102.json +++ b/packages/security_detection_engine/kibana/security_rule/f20d1782-e783-4ed0-a0c4-946899a98a7c_102.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/f2108687-553d-45ac-b8f0-d0efeac5d45f_1.json b/packages/security_detection_engine/kibana/security_rule/f2108687-553d-45ac-b8f0-d0efeac5d45f_1.json index 232caf38a4c..c66a4073b47 100644 --- a/packages/security_detection_engine/kibana/security_rule/f2108687-553d-45ac-b8f0-d0efeac5d45f_1.json +++ b/packages/security_detection_engine/kibana/security_rule/f2108687-553d-45ac-b8f0-d0efeac5d45f_1.json @@ -23,7 +23,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f243fe39-83a4-46f3-a3b6-707557a102df_107.json b/packages/security_detection_engine/kibana/security_rule/f243fe39-83a4-46f3-a3b6-707557a102df_107.json index 011c424a337..71e6e3150a5 100644 --- a/packages/security_detection_engine/kibana/security_rule/f243fe39-83a4-46f3-a3b6-707557a102df_107.json +++ b/packages/security_detection_engine/kibana/security_rule/f243fe39-83a4-46f3-a3b6-707557a102df_107.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f246e70e-5e20-4006-8460-d72b023d6adf_2.json b/packages/security_detection_engine/kibana/security_rule/f246e70e-5e20-4006-8460-d72b023d6adf_2.json index e3c26455796..75fa58edaa9 100644 --- a/packages/security_detection_engine/kibana/security_rule/f246e70e-5e20-4006-8460-d72b023d6adf_2.json +++ b/packages/security_detection_engine/kibana/security_rule/f246e70e-5e20-4006-8460-d72b023d6adf_2.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f24bcae1-8980-4b30-b5dd-f851b055c9e7_114.json b/packages/security_detection_engine/kibana/security_rule/f24bcae1-8980-4b30-b5dd-f851b055c9e7_114.json index 79fce492af9..ca4f119c6d4 100644 --- a/packages/security_detection_engine/kibana/security_rule/f24bcae1-8980-4b30-b5dd-f851b055c9e7_114.json +++ b/packages/security_detection_engine/kibana/security_rule/f24bcae1-8980-4b30-b5dd-f851b055c9e7_114.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f28e2be4-6eca-4349-bdd9-381573730c22_216.json b/packages/security_detection_engine/kibana/security_rule/f28e2be4-6eca-4349-bdd9-381573730c22_216.json index 25cc490afe3..96591b180f3 100644 --- a/packages/security_detection_engine/kibana/security_rule/f28e2be4-6eca-4349-bdd9-381573730c22_216.json +++ b/packages/security_detection_engine/kibana/security_rule/f28e2be4-6eca-4349-bdd9-381573730c22_216.json @@ -25,11 +25,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f2a3b4c5-d6e7-4f89-a012-b3c4d5e6f789_1.json b/packages/security_detection_engine/kibana/security_rule/f2a3b4c5-d6e7-4f89-a012-b3c4d5e6f789_1.json index 64b16e0992d..052e98d649c 100644 --- a/packages/security_detection_engine/kibana/security_rule/f2a3b4c5-d6e7-4f89-a012-b3c4d5e6f789_1.json +++ b/packages/security_detection_engine/kibana/security_rule/f2a3b4c5-d6e7-4f89-a012-b3c4d5e6f789_1.json @@ -42,7 +42,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f2a8c4d1-6b3e-4a9f-8c2d-1e5f7a9b0c4d_1.json b/packages/security_detection_engine/kibana/security_rule/f2a8c4d1-6b3e-4a9f-8c2d-1e5f7a9b0c4d_1.json index 64eefc639f3..da8b663bb74 100644 --- a/packages/security_detection_engine/kibana/security_rule/f2a8c4d1-6b3e-4a9f-8c2d-1e5f7a9b0c4d_1.json +++ b/packages/security_detection_engine/kibana/security_rule/f2a8c4d1-6b3e-4a9f-8c2d-1e5f7a9b0c4d_1.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f2c3caa6-ea34-11ee-a417-f661ea17fbce_5.json b/packages/security_detection_engine/kibana/security_rule/f2c3caa6-ea34-11ee-a417-f661ea17fbce_5.json index b75cdb755c2..23916ba782a 100644 --- a/packages/security_detection_engine/kibana/security_rule/f2c3caa6-ea34-11ee-a417-f661ea17fbce_5.json +++ b/packages/security_detection_engine/kibana/security_rule/f2c3caa6-ea34-11ee-a417-f661ea17fbce_5.json @@ -31,7 +31,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f2c43e8c-ccf2-4eab-9e9a-e335da253773_1.json b/packages/security_detection_engine/kibana/security_rule/f2c43e8c-ccf2-4eab-9e9a-e335da253773_1.json index 9a0021d58aa..6a42443279f 100644 --- a/packages/security_detection_engine/kibana/security_rule/f2c43e8c-ccf2-4eab-9e9a-e335da253773_1.json +++ b/packages/security_detection_engine/kibana/security_rule/f2c43e8c-ccf2-4eab-9e9a-e335da253773_1.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f2c653b7-7daf-4774-86f2-34cdbd1fc528_5.json b/packages/security_detection_engine/kibana/security_rule/f2c653b7-7daf-4774-86f2-34cdbd1fc528_5.json index b2603898d59..98f1e9381e2 100644 --- a/packages/security_detection_engine/kibana/security_rule/f2c653b7-7daf-4774-86f2-34cdbd1fc528_5.json +++ b/packages/security_detection_engine/kibana/security_rule/f2c653b7-7daf-4774-86f2-34cdbd1fc528_5.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "aws_bedrock", - "version": "^1.1.0" + "version": ">=1.1.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f2c7b914-eda3-40c2-96ac-d23ef91776ca_316.json b/packages/security_detection_engine/kibana/security_rule/f2c7b914-eda3-40c2-96ac-d23ef91776ca_316.json index b49836e1080..f003d8b0b80 100644 --- a/packages/security_detection_engine/kibana/security_rule/f2c7b914-eda3-40c2-96ac-d23ef91776ca_316.json +++ b/packages/security_detection_engine/kibana/security_rule/f2c7b914-eda3-40c2-96ac-d23ef91776ca_316.json @@ -25,23 +25,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f2e21713-1eac-4908-a782-1b49c7e9d53b_3.json b/packages/security_detection_engine/kibana/security_rule/f2e21713-1eac-4908-a782-1b49c7e9d53b_3.json index f311fc875ad..0cc561ba5ef 100644 --- a/packages/security_detection_engine/kibana/security_rule/f2e21713-1eac-4908-a782-1b49c7e9d53b_3.json +++ b/packages/security_detection_engine/kibana/security_rule/f2e21713-1eac-4908-a782-1b49c7e9d53b_3.json @@ -18,7 +18,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f2f46686-6f3c-4724-bd7d-24e31c70f98f_316.json b/packages/security_detection_engine/kibana/security_rule/f2f46686-6f3c-4724-bd7d-24e31c70f98f_316.json index 7c84cff9201..efc348f0a54 100644 --- a/packages/security_detection_engine/kibana/security_rule/f2f46686-6f3c-4724-bd7d-24e31c70f98f_316.json +++ b/packages/security_detection_engine/kibana/security_rule/f2f46686-6f3c-4724-bd7d-24e31c70f98f_316.json @@ -44,19 +44,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f33e68a4-bd19-11ed-b02f-f661ea17fbcc_113.json b/packages/security_detection_engine/kibana/security_rule/f33e68a4-bd19-11ed-b02f-f661ea17fbcc_113.json index feb4651a2e9..9d2da108b17 100644 --- a/packages/security_detection_engine/kibana/security_rule/f33e68a4-bd19-11ed-b02f-f661ea17fbcc_113.json +++ b/packages/security_detection_engine/kibana/security_rule/f33e68a4-bd19-11ed-b02f-f661ea17fbcc_113.json @@ -34,7 +34,7 @@ "related_integrations": [ { "package": "google_workspace", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f3403393-1fd9-4686-8f6e-596c58bc00b4_9.json b/packages/security_detection_engine/kibana/security_rule/f3403393-1fd9-4686-8f6e-596c58bc00b4_9.json index 2667908d824..892d84c00ab 100644 --- a/packages/security_detection_engine/kibana/security_rule/f3403393-1fd9-4686-8f6e-596c58bc00b4_9.json +++ b/packages/security_detection_engine/kibana/security_rule/f3403393-1fd9-4686-8f6e-596c58bc00b4_9.json @@ -22,15 +22,15 @@ "related_integrations": [ { "package": "dga", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f3475224-b179-4f78-8877-c2bd64c26b88_218.json b/packages/security_detection_engine/kibana/security_rule/f3475224-b179-4f78-8877-c2bd64c26b88_218.json index 9dacda58495..42b86f588c9 100644 --- a/packages/security_detection_engine/kibana/security_rule/f3475224-b179-4f78-8877-c2bd64c26b88_218.json +++ b/packages/security_detection_engine/kibana/security_rule/f3475224-b179-4f78-8877-c2bd64c26b88_218.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f37f3054-d40b-49ac-aa9b-a786c74c58b8_107.json b/packages/security_detection_engine/kibana/security_rule/f37f3054-d40b-49ac-aa9b-a786c74c58b8_107.json deleted file mode 100644 index fd951d64292..00000000000 --- a/packages/security_detection_engine/kibana/security_rule/f37f3054-d40b-49ac-aa9b-a786c74c58b8_107.json +++ /dev/null @@ -1,96 +0,0 @@ -{ - "attributes": { - "author": [ - "Elastic" - ], - "description": "Identifies the attempted use of a heap-based buffer overflow vulnerability for the Sudo binary in Unix-like systems (CVE-2021-3156). Successful exploitation allows an unprivileged user to escalate to the root user.", - "false_positives": [ - "This rule could generate false positives if the process arguments leveraged by the exploit are shared by custom scripts using the Sudo or Sudoedit binaries. Only Sudo versions 1.8.2 through 1.8.31p2 and 1.9.0 through 1.9.5p1 are affected; if those versions are not present on the endpoint, this could be a false positive." - ], - "from": "now-9m", - "index": [ - "auditbeat-*", - "logs-endpoint.events.*" - ], - "language": "kuery", - "license": "Elastic License v2", - "name": "Sudo Heap-Based Buffer Overflow Attempt", - "note": "## Triage and analysis\n\n> **Disclaimer**:\n> This investigation guide was created using generative AI technology and has been reviewed to improve its accuracy and relevance. While every effort has been made to ensure its quality, we recommend validating the content and adapting it to suit your specific environment and operational needs.\n\n### Investigating Sudo Heap-Based Buffer Overflow Attempt\n\nSudo is a critical utility in Unix-like systems, allowing users to execute commands with elevated privileges. A heap-based buffer overflow in Sudo (CVE-2021-3156) can be exploited by attackers to gain root access. Adversaries may craft specific command-line arguments to trigger this vulnerability. The detection rule identifies suspicious Sudo or Sudoedit invocations with particular argument patterns, signaling potential exploitation attempts.\n\n### Possible investigation steps\n\n- Review the alert details to confirm the presence of suspicious Sudo or Sudoedit invocations with the specific argument patterns: process.args containing a backslash followed by either \"-i\" or \"-s\".\n- Examine the process execution context by gathering additional details such as the user account associated with the process, the parent process, and the command line used.\n- Check the system logs for any other unusual or unauthorized activities around the time of the alert to identify potential lateral movement or further exploitation attempts.\n- Investigate the history of the user account involved to determine if there have been any previous suspicious activities or privilege escalation attempts.\n- Assess the system for any signs of compromise or unauthorized changes, such as new user accounts, modified files, or unexpected network connections.\n- Verify the current version of Sudo installed on the system to determine if it is vulnerable to CVE-2021-3156 and consider applying patches or updates if necessary.\n\n### False positive analysis\n\n- Routine administrative tasks using sudo or sudoedit with interactive or shell options may trigger the rule. Review the context of these commands and consider excluding specific user accounts or scripts that are known to perform legitimate administrative functions.\n- Automated scripts or cron jobs that use sudo with the -i or -s options for legitimate purposes can be flagged. Identify these scripts and add them to an exception list to prevent unnecessary alerts.\n- Development or testing environments where users frequently test commands with elevated privileges might generate false positives. Implement a separate monitoring policy for these environments or exclude known test accounts.\n- Security tools or monitoring solutions that simulate attacks for testing purposes may inadvertently trigger the rule. Ensure these tools are recognized and excluded from triggering alerts by adding them to an exception list.\n- Users with legitimate reasons to frequently switch to root using sudo -i or sudo -s should be identified, and their activities should be monitored separately to avoid false positives.\n\n### Response and remediation\n\n- Immediately isolate the affected system from the network to prevent further exploitation or lateral movement by the attacker.\n- Terminate any suspicious sudo or sudoedit processes identified by the detection rule to halt ongoing exploitation attempts.\n- Apply the latest security patches and updates to the Sudo utility on all affected systems to remediate the vulnerability (CVE-2021-3156).\n- Conduct a thorough review of system logs and process execution history to identify any unauthorized access or privilege escalation activities.\n- Reset passwords for all user accounts on the affected system, especially those with elevated privileges, to mitigate potential credential compromise.\n- Escalate the incident to the security operations center (SOC) or incident response team for further investigation and to assess the scope of the breach.\n- Implement enhanced monitoring and alerting for sudo and sudoedit command executions across the network to detect similar exploitation attempts in the future.", - "query": "event.category:process and event.type:start and\n process.name:(sudo or sudoedit) and\n process.args:(*\\\\ and (\"-i\" or \"-s\"))\n", - "references": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3156", - "https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit", - "https://www.bleepingcomputer.com/news/security/latest-macos-big-sur-also-has-sudo-root-privilege-escalation-flaw", - "https://www.sudo.ws/alerts/unescape_overflow.html" - ], - "related_integrations": [ - { - "package": "endpoint", - "version": "^9.0.0" - } - ], - "required_fields": [ - { - "ecs": true, - "name": "event.category", - "type": "keyword" - }, - { - "ecs": true, - "name": "event.type", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.args", - "type": "keyword" - }, - { - "ecs": true, - "name": "process.name", - "type": "keyword" - } - ], - "risk_score": 73, - "rule_id": "f37f3054-d40b-49ac-aa9b-a786c74c58b8", - "severity": "high", - "tags": [ - "Domain: Endpoint", - "OS: Linux", - "OS: macOS", - "Use Case: Threat Detection", - "Tactic: Privilege Escalation", - "Use Case: Vulnerability", - "Data Source: Elastic Defend", - "Resources: Investigation Guide" - ], - "threat": [ - { - "framework": "MITRE ATT&CK", - "tactic": { - "id": "TA0004", - "name": "Privilege Escalation", - "reference": "https://attack.mitre.org/tactics/TA0004/" - }, - "technique": [ - { - "id": "T1068", - "name": "Exploitation for Privilege Escalation", - "reference": "https://attack.mitre.org/techniques/T1068/" - } - ] - } - ], - "threshold": { - "field": [ - "host.hostname" - ], - "value": 100 - }, - "timestamp_override": "event.ingested", - "type": "threshold", - "version": 107 - }, - "id": "f37f3054-d40b-49ac-aa9b-a786c74c58b8_107", - "type": "security-rule" -} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/f3818c85-2207-4b51-8a28-d70fb156ee87_10.json b/packages/security_detection_engine/kibana/security_rule/f3818c85-2207-4b51-8a28-d70fb156ee87_10.json index 5c5b9d327e2..d86b9e88b48 100644 --- a/packages/security_detection_engine/kibana/security_rule/f3818c85-2207-4b51-8a28-d70fb156ee87_10.json +++ b/packages/security_detection_engine/kibana/security_rule/f3818c85-2207-4b51-8a28-d70fb156ee87_10.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f38633f4-3b31-4c80-b13d-e77c70ce8254_11.json b/packages/security_detection_engine/kibana/security_rule/f38633f4-3b31-4c80-b13d-e77c70ce8254_11.json index 9907a8b212a..2c24fa201d9 100644 --- a/packages/security_detection_engine/kibana/security_rule/f38633f4-3b31-4c80-b13d-e77c70ce8254_11.json +++ b/packages/security_detection_engine/kibana/security_rule/f38633f4-3b31-4c80-b13d-e77c70ce8254_11.json @@ -32,7 +32,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f391d3fd-219b-42a3-9ba9-2f66eb0155aa_6.json b/packages/security_detection_engine/kibana/security_rule/f391d3fd-219b-42a3-9ba9-2f66eb0155aa_6.json index 7f1a3c01e57..0a3cddcd4bd 100644 --- a/packages/security_detection_engine/kibana/security_rule/f391d3fd-219b-42a3-9ba9-2f66eb0155aa_6.json +++ b/packages/security_detection_engine/kibana/security_rule/f391d3fd-219b-42a3-9ba9-2f66eb0155aa_6.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f3ac6734-7e52-4a0d-90b7-6847bf4308f2_6.json b/packages/security_detection_engine/kibana/security_rule/f3ac6734-7e52-4a0d-90b7-6847bf4308f2_6.json index ecb39798527..9155109f60f 100644 --- a/packages/security_detection_engine/kibana/security_rule/f3ac6734-7e52-4a0d-90b7-6847bf4308f2_6.json +++ b/packages/security_detection_engine/kibana/security_rule/f3ac6734-7e52-4a0d-90b7-6847bf4308f2_6.json @@ -14,23 +14,23 @@ "related_integrations": [ { "package": "nginx", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "apache", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "apache_tomcat", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "iis", - "version": "^1.21.0" + "version": ">=1.21.0" }, { "package": "traefik", - "version": "^2.5.0" + "version": ">=2.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f401a0e3-5eeb-4591-969a-f435488e7d12_9.json b/packages/security_detection_engine/kibana/security_rule/f401a0e3-5eeb-4591-969a-f435488e7d12_9.json index bf9ce9793f6..3718c9a981a 100644 --- a/packages/security_detection_engine/kibana/security_rule/f401a0e3-5eeb-4591-969a-f435488e7d12_9.json +++ b/packages/security_detection_engine/kibana/security_rule/f401a0e3-5eeb-4591-969a-f435488e7d12_9.json @@ -29,27 +29,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f44fa4b6-524c-4e87-8d9e-a32599e4fb7c_314.json b/packages/security_detection_engine/kibana/security_rule/f44fa4b6-524c-4e87-8d9e-a32599e4fb7c_314.json index 9342be74475..6f2d74858df 100644 --- a/packages/security_detection_engine/kibana/security_rule/f44fa4b6-524c-4e87-8d9e-a32599e4fb7c_314.json +++ b/packages/security_detection_engine/kibana/security_rule/f44fa4b6-524c-4e87-8d9e-a32599e4fb7c_314.json @@ -43,23 +43,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f48ecc44-7d02-437d-9562-b838d2c41987_9.json b/packages/security_detection_engine/kibana/security_rule/f48ecc44-7d02-437d-9562-b838d2c41987_9.json index ebf1c975854..0b2068de068 100644 --- a/packages/security_detection_engine/kibana/security_rule/f48ecc44-7d02-437d-9562-b838d2c41987_9.json +++ b/packages/security_detection_engine/kibana/security_rule/f48ecc44-7d02-437d-9562-b838d2c41987_9.json @@ -25,7 +25,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f494c678-3c33-43aa-b169-bb3d5198c41d_219.json b/packages/security_detection_engine/kibana/security_rule/f494c678-3c33-43aa-b169-bb3d5198c41d_219.json index 4bca7102bd4..0ec59176c06 100644 --- a/packages/security_detection_engine/kibana/security_rule/f494c678-3c33-43aa-b169-bb3d5198c41d_219.json +++ b/packages/security_detection_engine/kibana/security_rule/f494c678-3c33-43aa-b169-bb3d5198c41d_219.json @@ -41,11 +41,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f4b857b3-faef-430d-b420-90be48647f00_6.json b/packages/security_detection_engine/kibana/security_rule/f4b857b3-faef-430d-b420-90be48647f00_6.json index 895c9685a71..5a596aca6d4 100644 --- a/packages/security_detection_engine/kibana/security_rule/f4b857b3-faef-430d-b420-90be48647f00_6.json +++ b/packages/security_detection_engine/kibana/security_rule/f4b857b3-faef-430d-b420-90be48647f00_6.json @@ -21,19 +21,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f4c2515a-18bb-47ce-a768-1dc4e7b0fe6c_7.json b/packages/security_detection_engine/kibana/security_rule/f4c2515a-18bb-47ce-a768-1dc4e7b0fe6c_7.json index 4ff76026d2e..05928574d5d 100644 --- a/packages/security_detection_engine/kibana/security_rule/f4c2515a-18bb-47ce-a768-1dc4e7b0fe6c_7.json +++ b/packages/security_detection_engine/kibana/security_rule/f4c2515a-18bb-47ce-a768-1dc4e7b0fe6c_7.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "aws_bedrock", - "version": "^1.1.0" + "version": ">=1.1.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f4d1c0ac-aedb-4063-9fa6-cc651eb5e6ee_7.json b/packages/security_detection_engine/kibana/security_rule/f4d1c0ac-aedb-4063-9fa6-cc651eb5e6ee_7.json index 09d0150fdf4..cb4aa8b5808 100644 --- a/packages/security_detection_engine/kibana/security_rule/f4d1c0ac-aedb-4063-9fa6-cc651eb5e6ee_7.json +++ b/packages/security_detection_engine/kibana/security_rule/f4d1c0ac-aedb-4063-9fa6-cc651eb5e6ee_7.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f4dc90eb-e77e-4f0e-b18b-eb50da9e827e_1.json b/packages/security_detection_engine/kibana/security_rule/f4dc90eb-e77e-4f0e-b18b-eb50da9e827e_1.json index 37099aeaa9c..3e0f8b9eaca 100644 --- a/packages/security_detection_engine/kibana/security_rule/f4dc90eb-e77e-4f0e-b18b-eb50da9e827e_1.json +++ b/packages/security_detection_engine/kibana/security_rule/f4dc90eb-e77e-4f0e-b18b-eb50da9e827e_1.json @@ -44,7 +44,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f530ca17-153b-4a7a-8cd3-98dd4b4ddf73_12.json b/packages/security_detection_engine/kibana/security_rule/f530ca17-153b-4a7a-8cd3-98dd4b4ddf73_12.json index 75795c25db4..e3d32800365 100644 --- a/packages/security_detection_engine/kibana/security_rule/f530ca17-153b-4a7a-8cd3-98dd4b4ddf73_12.json +++ b/packages/security_detection_engine/kibana/security_rule/f530ca17-153b-4a7a-8cd3-98dd4b4ddf73_12.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f541ca3a-5752-11f0-b44b-f661ea17fbcd_3.json b/packages/security_detection_engine/kibana/security_rule/f541ca3a-5752-11f0-b44b-f661ea17fbcd_3.json index 3fffe585250..5b74548b9ae 100644 --- a/packages/security_detection_engine/kibana/security_rule/f541ca3a-5752-11f0-b44b-f661ea17fbcd_3.json +++ b/packages/security_detection_engine/kibana/security_rule/f541ca3a-5752-11f0-b44b-f661ea17fbcd_3.json @@ -26,11 +26,11 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" }, { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f545ff26-3c94-4fd0-bd33-3c7f95a3a0fc_317.json b/packages/security_detection_engine/kibana/security_rule/f545ff26-3c94-4fd0-bd33-3c7f95a3a0fc_317.json index 6eaf5e003bf..394a8b2b80c 100644 --- a/packages/security_detection_engine/kibana/security_rule/f545ff26-3c94-4fd0-bd33-3c7f95a3a0fc_317.json +++ b/packages/security_detection_engine/kibana/security_rule/f545ff26-3c94-4fd0-bd33-3c7f95a3a0fc_317.json @@ -24,19 +24,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f580bf0a-2d23-43bb-b8e1-17548bb947ec_214.json b/packages/security_detection_engine/kibana/security_rule/f580bf0a-2d23-43bb-b8e1-17548bb947ec_214.json index ecdfe5998c5..762248e935b 100644 --- a/packages/security_detection_engine/kibana/security_rule/f580bf0a-2d23-43bb-b8e1-17548bb947ec_214.json +++ b/packages/security_detection_engine/kibana/security_rule/f580bf0a-2d23-43bb-b8e1-17548bb947ec_214.json @@ -28,19 +28,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f5861570-e39a-4b8a-9259-abd39f84cb97_111.json b/packages/security_detection_engine/kibana/security_rule/f5861570-e39a-4b8a-9259-abd39f84cb97_111.json index ae1492b0845..adf034dd9eb 100644 --- a/packages/security_detection_engine/kibana/security_rule/f5861570-e39a-4b8a-9259-abd39f84cb97_111.json +++ b/packages/security_detection_engine/kibana/security_rule/f5861570-e39a-4b8a-9259-abd39f84cb97_111.json @@ -22,11 +22,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f596175f-b8fd-43ac-b9e9-ea2a96bb55d8_2.json b/packages/security_detection_engine/kibana/security_rule/f596175f-b8fd-43ac-b9e9-ea2a96bb55d8_2.json index f65e9bf2e22..c5b250e974c 100644 --- a/packages/security_detection_engine/kibana/security_rule/f596175f-b8fd-43ac-b9e9-ea2a96bb55d8_2.json +++ b/packages/security_detection_engine/kibana/security_rule/f596175f-b8fd-43ac-b9e9-ea2a96bb55d8_2.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f59668de-caa0-4b84-94c1-3a1549e1e798_111.json b/packages/security_detection_engine/kibana/security_rule/f59668de-caa0-4b84-94c1-3a1549e1e798_111.json index e9474c6ad0a..29966173e37 100644 --- a/packages/security_detection_engine/kibana/security_rule/f59668de-caa0-4b84-94c1-3a1549e1e798_111.json +++ b/packages/security_detection_engine/kibana/security_rule/f59668de-caa0-4b84-94c1-3a1549e1e798_111.json @@ -21,15 +21,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f5c005d3-4e17-48b0-9cd7-444d48857f97_112.json b/packages/security_detection_engine/kibana/security_rule/f5c005d3-4e17-48b0-9cd7-444d48857f97_112.json index 0b939142ff4..75864759ad6 100644 --- a/packages/security_detection_engine/kibana/security_rule/f5c005d3-4e17-48b0-9cd7-444d48857f97_112.json +++ b/packages/security_detection_engine/kibana/security_rule/f5c005d3-4e17-48b0-9cd7-444d48857f97_112.json @@ -19,15 +19,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f5d9d36d-7c30-4cdb-a856-9f653c13d4e0_211.json b/packages/security_detection_engine/kibana/security_rule/f5d9d36d-7c30-4cdb-a856-9f653c13d4e0_211.json index a55f002a152..3b4fbb1a44d 100644 --- a/packages/security_detection_engine/kibana/security_rule/f5d9d36d-7c30-4cdb-a856-9f653c13d4e0_211.json +++ b/packages/security_detection_engine/kibana/security_rule/f5d9d36d-7c30-4cdb-a856-9f653c13d4e0_211.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "problemchild", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/f5fb4598-4f10-11ed-bdc3-0242ac120002_12.json b/packages/security_detection_engine/kibana/security_rule/f5fb4598-4f10-11ed-bdc3-0242ac120002_12.json index fcdf800866c..7aedd57732e 100644 --- a/packages/security_detection_engine/kibana/security_rule/f5fb4598-4f10-11ed-bdc3-0242ac120002_12.json +++ b/packages/security_detection_engine/kibana/security_rule/f5fb4598-4f10-11ed-bdc3-0242ac120002_12.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f638a66d-3bbf-46b1-a52c-ef6f39fb6caf_7.json b/packages/security_detection_engine/kibana/security_rule/f638a66d-3bbf-46b1-a52c-ef6f39fb6caf_7.json index 4f27d2f6dcb..11566b1090b 100644 --- a/packages/security_detection_engine/kibana/security_rule/f638a66d-3bbf-46b1-a52c-ef6f39fb6caf_7.json +++ b/packages/security_detection_engine/kibana/security_rule/f638a66d-3bbf-46b1-a52c-ef6f39fb6caf_7.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f63c8e3c-d396-404f-b2ea-0379d3942d73_317.json b/packages/security_detection_engine/kibana/security_rule/f63c8e3c-d396-404f-b2ea-0379d3942d73_317.json index 1588f87b205..7aa1871f40f 100644 --- a/packages/security_detection_engine/kibana/security_rule/f63c8e3c-d396-404f-b2ea-0379d3942d73_317.json +++ b/packages/security_detection_engine/kibana/security_rule/f63c8e3c-d396-404f-b2ea-0379d3942d73_317.json @@ -33,27 +33,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f6652fb5-cd8e-499c-8311-2ce2bb6cac62_9.json b/packages/security_detection_engine/kibana/security_rule/f6652fb5-cd8e-499c-8311-2ce2bb6cac62_9.json index f4050f7fc37..19bbe6ec53e 100644 --- a/packages/security_detection_engine/kibana/security_rule/f6652fb5-cd8e-499c-8311-2ce2bb6cac62_9.json +++ b/packages/security_detection_engine/kibana/security_rule/f6652fb5-cd8e-499c-8311-2ce2bb6cac62_9.json @@ -42,7 +42,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f66a6869-d4c7-4d20-ab13-beefd03b63b4_2.json b/packages/security_detection_engine/kibana/security_rule/f66a6869-d4c7-4d20-ab13-beefd03b63b4_2.json index f56ca62f239..f595ebf481a 100644 --- a/packages/security_detection_engine/kibana/security_rule/f66a6869-d4c7-4d20-ab13-beefd03b63b4_2.json +++ b/packages/security_detection_engine/kibana/security_rule/f66a6869-d4c7-4d20-ab13-beefd03b63b4_2.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f675872f-6d85-40a3-b502-c0d2ef101e92_316.json b/packages/security_detection_engine/kibana/security_rule/f675872f-6d85-40a3-b502-c0d2ef101e92_316.json index 017060b224e..8d19f2bf6df 100644 --- a/packages/security_detection_engine/kibana/security_rule/f675872f-6d85-40a3-b502-c0d2ef101e92_316.json +++ b/packages/security_detection_engine/kibana/security_rule/f675872f-6d85-40a3-b502-c0d2ef101e92_316.json @@ -24,27 +24,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f683dcdf-a018-4801-b066-193d4ae6c8e5_111.json b/packages/security_detection_engine/kibana/security_rule/f683dcdf-a018-4801-b066-193d4ae6c8e5_111.json index 60fd03223b4..7ffe3894945 100644 --- a/packages/security_detection_engine/kibana/security_rule/f683dcdf-a018-4801-b066-193d4ae6c8e5_111.json +++ b/packages/security_detection_engine/kibana/security_rule/f683dcdf-a018-4801-b066-193d4ae6c8e5_111.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f6a0b2c3-4d5e-4f7a-8b9c-0d1e2f3a4b5c_1.json b/packages/security_detection_engine/kibana/security_rule/f6a0b2c3-4d5e-4f7a-8b9c-0d1e2f3a4b5c_1.json index 90f769c5a53..666d9c3d39a 100644 --- a/packages/security_detection_engine/kibana/security_rule/f6a0b2c3-4d5e-4f7a-8b9c-0d1e2f3a4b5c_1.json +++ b/packages/security_detection_engine/kibana/security_rule/f6a0b2c3-4d5e-4f7a-8b9c-0d1e2f3a4b5c_1.json @@ -44,7 +44,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f6d07a70-9ad0-11ef-954f-f661ea17fbcd_109.json b/packages/security_detection_engine/kibana/security_rule/f6d07a70-9ad0-11ef-954f-f661ea17fbcd_109.json index 1cc4c449c5f..4bc2e79ca55 100644 --- a/packages/security_detection_engine/kibana/security_rule/f6d07a70-9ad0-11ef-954f-f661ea17fbcd_109.json +++ b/packages/security_detection_engine/kibana/security_rule/f6d07a70-9ad0-11ef-954f-f661ea17fbcd_109.json @@ -45,7 +45,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f6d8c743-0916-4483-8333-3c6f107e0caa_12.json b/packages/security_detection_engine/kibana/security_rule/f6d8c743-0916-4483-8333-3c6f107e0caa_12.json index c677eaf3884..998bdd6a2f3 100644 --- a/packages/security_detection_engine/kibana/security_rule/f6d8c743-0916-4483-8333-3c6f107e0caa_12.json +++ b/packages/security_detection_engine/kibana/security_rule/f6d8c743-0916-4483-8333-3c6f107e0caa_12.json @@ -31,7 +31,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f6fee40d-8a5e-4cc8-9f73-8688419c6d68_1.json b/packages/security_detection_engine/kibana/security_rule/f6fee40d-8a5e-4cc8-9f73-8688419c6d68_1.json index d00c9244b88..72f57c51b39 100644 --- a/packages/security_detection_engine/kibana/security_rule/f6fee40d-8a5e-4cc8-9f73-8688419c6d68_1.json +++ b/packages/security_detection_engine/kibana/security_rule/f6fee40d-8a5e-4cc8-9f73-8688419c6d68_1.json @@ -43,7 +43,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f701be14-0a36-4e9a-a851-b3e20ae55f09_4.json b/packages/security_detection_engine/kibana/security_rule/f701be14-0a36-4e9a-a851-b3e20ae55f09_4.json index 05862e42432..9476d712951 100644 --- a/packages/security_detection_engine/kibana/security_rule/f701be14-0a36-4e9a-a851-b3e20ae55f09_4.json +++ b/packages/security_detection_engine/kibana/security_rule/f701be14-0a36-4e9a-a851-b3e20ae55f09_4.json @@ -44,11 +44,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f754e348-f36f-4510-8087-d7f29874cc12_2.json b/packages/security_detection_engine/kibana/security_rule/f754e348-f36f-4510-8087-d7f29874cc12_2.json index 5823e0e0291..e0e434701b5 100644 --- a/packages/security_detection_engine/kibana/security_rule/f754e348-f36f-4510-8087-d7f29874cc12_2.json +++ b/packages/security_detection_engine/kibana/security_rule/f754e348-f36f-4510-8087-d7f29874cc12_2.json @@ -41,7 +41,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f75f65cf-ed04-48df-a7ff-b02a8bfe636e_7.json b/packages/security_detection_engine/kibana/security_rule/f75f65cf-ed04-48df-a7ff-b02a8bfe636e_7.json index 0556a4f5b5e..a20c6bc5fce 100644 --- a/packages/security_detection_engine/kibana/security_rule/f75f65cf-ed04-48df-a7ff-b02a8bfe636e_7.json +++ b/packages/security_detection_engine/kibana/security_rule/f75f65cf-ed04-48df-a7ff-b02a8bfe636e_7.json @@ -20,11 +20,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f766ffaf-9568-4909-b734-75d19b35cbf4_110.json b/packages/security_detection_engine/kibana/security_rule/f766ffaf-9568-4909-b734-75d19b35cbf4_110.json index 87bc135921b..843113fcb72 100644 --- a/packages/security_detection_engine/kibana/security_rule/f766ffaf-9568-4909-b734-75d19b35cbf4_110.json +++ b/packages/security_detection_engine/kibana/security_rule/f766ffaf-9568-4909-b734-75d19b35cbf4_110.json @@ -31,7 +31,7 @@ "related_integrations": [ { "package": "azure", - "version": "^1.22.0" + "version": ">=1.22.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f772ec8a-e182-483c-91d2-72058f76a44c_214.json b/packages/security_detection_engine/kibana/security_rule/f772ec8a-e182-483c-91d2-72058f76a44c_214.json index b204ba728d5..1e218466856 100644 --- a/packages/security_detection_engine/kibana/security_rule/f772ec8a-e182-483c-91d2-72058f76a44c_214.json +++ b/packages/security_detection_engine/kibana/security_rule/f772ec8a-e182-483c-91d2-72058f76a44c_214.json @@ -41,7 +41,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f7769104-e8f9-4931-94a2-68fc04eadec3_106.json b/packages/security_detection_engine/kibana/security_rule/f7769104-e8f9-4931-94a2-68fc04eadec3_106.json index 1449af4a96b..12173986cba 100644 --- a/packages/security_detection_engine/kibana/security_rule/f7769104-e8f9-4931-94a2-68fc04eadec3_106.json +++ b/packages/security_detection_engine/kibana/security_rule/f7769104-e8f9-4931-94a2-68fc04eadec3_106.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f7a131f8-44b7-4957-99a4-e6c54d93d816_1.json b/packages/security_detection_engine/kibana/security_rule/f7a131f8-44b7-4957-99a4-e6c54d93d816_1.json index dc40dd653d1..110823ee3fc 100644 --- a/packages/security_detection_engine/kibana/security_rule/f7a131f8-44b7-4957-99a4-e6c54d93d816_1.json +++ b/packages/security_detection_engine/kibana/security_rule/f7a131f8-44b7-4957-99a4-e6c54d93d816_1.json @@ -25,11 +25,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f7a1c536-9ac0-11ef-9911-f661ea17fbcd_6.json b/packages/security_detection_engine/kibana/security_rule/f7a1c536-9ac0-11ef-9911-f661ea17fbcd_6.json index 91f5353bf3c..83cef3d0613 100644 --- a/packages/security_detection_engine/kibana/security_rule/f7a1c536-9ac0-11ef-9911-f661ea17fbcd_6.json +++ b/packages/security_detection_engine/kibana/security_rule/f7a1c536-9ac0-11ef-9911-f661ea17fbcd_6.json @@ -46,7 +46,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f7c4dc5a-a58d-491d-9f14-9b66507121c0_318.json b/packages/security_detection_engine/kibana/security_rule/f7c4dc5a-a58d-491d-9f14-9b66507121c0_318.json index 49bd4d8848e..6c5b68ca9ab 100644 --- a/packages/security_detection_engine/kibana/security_rule/f7c4dc5a-a58d-491d-9f14-9b66507121c0_318.json +++ b/packages/security_detection_engine/kibana/security_rule/f7c4dc5a-a58d-491d-9f14-9b66507121c0_318.json @@ -21,19 +21,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f7c64a1b-9d00-4b92-9042-d3bb4196899a_3.json b/packages/security_detection_engine/kibana/security_rule/f7c64a1b-9d00-4b92-9042-d3bb4196899a_3.json index 1e5108dd967..f14ac666352 100644 --- a/packages/security_detection_engine/kibana/security_rule/f7c64a1b-9d00-4b92-9042-d3bb4196899a_3.json +++ b/packages/security_detection_engine/kibana/security_rule/f7c64a1b-9d00-4b92-9042-d3bb4196899a_3.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "cloud_defend", - "version": "^1.4.0" + "version": ">=1.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f7c70f2e-4616-439c-85ac-5b98415042fe_8.json b/packages/security_detection_engine/kibana/security_rule/f7c70f2e-4616-439c-85ac-5b98415042fe_8.json index 5c219e80a1f..782a1f3c7b8 100644 --- a/packages/security_detection_engine/kibana/security_rule/f7c70f2e-4616-439c-85ac-5b98415042fe_8.json +++ b/packages/security_detection_engine/kibana/security_rule/f7c70f2e-4616-439c-85ac-5b98415042fe_8.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f7d588ba-e4b0-442e-879d-7ec39fbd69c5_2.json b/packages/security_detection_engine/kibana/security_rule/f7d588ba-e4b0-442e-879d-7ec39fbd69c5_2.json index ca02a8a899f..ceba5e0de07 100644 --- a/packages/security_detection_engine/kibana/security_rule/f7d588ba-e4b0-442e-879d-7ec39fbd69c5_2.json +++ b/packages/security_detection_engine/kibana/security_rule/f7d588ba-e4b0-442e-879d-7ec39fbd69c5_2.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f80ea920-f6f5-4c8a-9761-84ac97ec0cb2_5.json b/packages/security_detection_engine/kibana/security_rule/f80ea920-f6f5-4c8a-9761-84ac97ec0cb2_5.json index d1285f28621..3351889a1c5 100644 --- a/packages/security_detection_engine/kibana/security_rule/f80ea920-f6f5-4c8a-9761-84ac97ec0cb2_5.json +++ b/packages/security_detection_engine/kibana/security_rule/f80ea920-f6f5-4c8a-9761-84ac97ec0cb2_5.json @@ -45,7 +45,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f81ee52c-297e-46d9-9205-07e66931df26_316.json b/packages/security_detection_engine/kibana/security_rule/f81ee52c-297e-46d9-9205-07e66931df26_316.json index bc3d4263fb0..eb04eabfab8 100644 --- a/packages/security_detection_engine/kibana/security_rule/f81ee52c-297e-46d9-9205-07e66931df26_316.json +++ b/packages/security_detection_engine/kibana/security_rule/f81ee52c-297e-46d9-9205-07e66931df26_316.json @@ -45,19 +45,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f85ce03f-d8a8-4c83-acdc-5c8cd0592be7_110.json b/packages/security_detection_engine/kibana/security_rule/f85ce03f-d8a8-4c83-acdc-5c8cd0592be7_110.json index 45dd2bb9ca5..b9e2013007a 100644 --- a/packages/security_detection_engine/kibana/security_rule/f85ce03f-d8a8-4c83-acdc-5c8cd0592be7_110.json +++ b/packages/security_detection_engine/kibana/security_rule/f85ce03f-d8a8-4c83-acdc-5c8cd0592be7_110.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f86cd31c-5c7e-4481-99d7-6875a3e31309_10.json b/packages/security_detection_engine/kibana/security_rule/f86cd31c-5c7e-4481-99d7-6875a3e31309_10.json index ccb59549959..c59619d9200 100644 --- a/packages/security_detection_engine/kibana/security_rule/f86cd31c-5c7e-4481-99d7-6875a3e31309_10.json +++ b/packages/security_detection_engine/kibana/security_rule/f86cd31c-5c7e-4481-99d7-6875a3e31309_10.json @@ -25,15 +25,15 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f874315d-5188-4b4a-8521-d1c73093a7e4_317.json b/packages/security_detection_engine/kibana/security_rule/f874315d-5188-4b4a-8521-d1c73093a7e4_317.json index 42516ea4266..2eae454151d 100644 --- a/packages/security_detection_engine/kibana/security_rule/f874315d-5188-4b4a-8521-d1c73093a7e4_317.json +++ b/packages/security_detection_engine/kibana/security_rule/f874315d-5188-4b4a-8521-d1c73093a7e4_317.json @@ -45,23 +45,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f87e6122-ea34-11ee-a417-f661ea17fbce_5.json b/packages/security_detection_engine/kibana/security_rule/f87e6122-ea34-11ee-a417-f661ea17fbce_5.json index 26d4cae1373..f575a034660 100644 --- a/packages/security_detection_engine/kibana/security_rule/f87e6122-ea34-11ee-a417-f661ea17fbce_5.json +++ b/packages/security_detection_engine/kibana/security_rule/f87e6122-ea34-11ee-a417-f661ea17fbce_5.json @@ -31,7 +31,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f8822053-a5d2-46db-8c96-d460b12c36ac_111.json b/packages/security_detection_engine/kibana/security_rule/f8822053-a5d2-46db-8c96-d460b12c36ac_111.json index 008c5ffb5e4..40a251cd453 100644 --- a/packages/security_detection_engine/kibana/security_rule/f8822053-a5d2-46db-8c96-d460b12c36ac_111.json +++ b/packages/security_detection_engine/kibana/security_rule/f8822053-a5d2-46db-8c96-d460b12c36ac_111.json @@ -26,11 +26,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f8a31c62-0d4e-4b9a-b7e1-6c2a9d4e8f10_3.json b/packages/security_detection_engine/kibana/security_rule/f8a31c62-0d4e-4b9a-b7e1-6c2a9d4e8f10_3.json index 48a3fc0e771..0ad14b14e3e 100644 --- a/packages/security_detection_engine/kibana/security_rule/f8a31c62-0d4e-4b9a-b7e1-6c2a9d4e8f10_3.json +++ b/packages/security_detection_engine/kibana/security_rule/f8a31c62-0d4e-4b9a-b7e1-6c2a9d4e8f10_3.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f909075d-afc7-42d7-b399-600b94352fd9_107.json b/packages/security_detection_engine/kibana/security_rule/f909075d-afc7-42d7-b399-600b94352fd9_107.json index d171253e2e0..b3df872b76c 100644 --- a/packages/security_detection_engine/kibana/security_rule/f909075d-afc7-42d7-b399-600b94352fd9_107.json +++ b/packages/security_detection_engine/kibana/security_rule/f909075d-afc7-42d7-b399-600b94352fd9_107.json @@ -43,11 +43,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f92171ed-a4d3-4baa-98f9-4df1652cb11b_3.json b/packages/security_detection_engine/kibana/security_rule/f92171ed-a4d3-4baa-98f9-4df1652cb11b_3.json index 53181e05306..913d348fd8a 100644 --- a/packages/security_detection_engine/kibana/security_rule/f92171ed-a4d3-4baa-98f9-4df1652cb11b_3.json +++ b/packages/security_detection_engine/kibana/security_rule/f92171ed-a4d3-4baa-98f9-4df1652cb11b_3.json @@ -33,31 +33,31 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f94e898e-94f1-4545-8923-03e4b2866211_208.json b/packages/security_detection_engine/kibana/security_rule/f94e898e-94f1-4545-8923-03e4b2866211_208.json index 8bdc752ebf4..2c162df5afa 100644 --- a/packages/security_detection_engine/kibana/security_rule/f94e898e-94f1-4545-8923-03e4b2866211_208.json +++ b/packages/security_detection_engine/kibana/security_rule/f94e898e-94f1-4545-8923-03e4b2866211_208.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "github", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f9590f47-6bd5-4a49-bd49-a2f886476fb9_208.json b/packages/security_detection_engine/kibana/security_rule/f9590f47-6bd5-4a49-bd49-a2f886476fb9_208.json index 9f742d9688d..940b42bb4f1 100644 --- a/packages/security_detection_engine/kibana/security_rule/f9590f47-6bd5-4a49-bd49-a2f886476fb9_208.json +++ b/packages/security_detection_engine/kibana/security_rule/f9590f47-6bd5-4a49-bd49-a2f886476fb9_208.json @@ -19,11 +19,11 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/f95972d3-c23b-463b-89a8-796b3f369b49_13.json b/packages/security_detection_engine/kibana/security_rule/f95972d3-c23b-463b-89a8-796b3f369b49_13.json index e6fda69219b..f4755e4fb62 100644 --- a/packages/security_detection_engine/kibana/security_rule/f95972d3-c23b-463b-89a8-796b3f369b49_13.json +++ b/packages/security_detection_engine/kibana/security_rule/f95972d3-c23b-463b-89a8-796b3f369b49_13.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f960e8a4-31c1-4a6e-b172-8f5c8e5c8c2a_2.json b/packages/security_detection_engine/kibana/security_rule/f960e8a4-31c1-4a6e-b172-8f5c8e5c8c2a_2.json index 49f46924006..5ed079bdfac 100644 --- a/packages/security_detection_engine/kibana/security_rule/f960e8a4-31c1-4a6e-b172-8f5c8e5c8c2a_2.json +++ b/packages/security_detection_engine/kibana/security_rule/f960e8a4-31c1-4a6e-b172-8f5c8e5c8c2a_2.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f97504ac-1053-498f-aeaa-c6d01e76b379_210.json b/packages/security_detection_engine/kibana/security_rule/f97504ac-1053-498f-aeaa-c6d01e76b379_210.json index 3f9301abc6b..18b6f70a64c 100644 --- a/packages/security_detection_engine/kibana/security_rule/f97504ac-1053-498f-aeaa-c6d01e76b379_210.json +++ b/packages/security_detection_engine/kibana/security_rule/f97504ac-1053-498f-aeaa-c6d01e76b379_210.json @@ -21,19 +21,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f9753455-8d55-4ad8-b70a-e07b6f18deea_10.json b/packages/security_detection_engine/kibana/security_rule/f9753455-8d55-4ad8-b70a-e07b6f18deea_10.json index 4d536789531..898ff2cbb7c 100644 --- a/packages/security_detection_engine/kibana/security_rule/f9753455-8d55-4ad8-b70a-e07b6f18deea_10.json +++ b/packages/security_detection_engine/kibana/security_rule/f9753455-8d55-4ad8-b70a-e07b6f18deea_10.json @@ -33,7 +33,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f9790abf-bd0c-45f9-8b5f-d0b74015e029_119.json b/packages/security_detection_engine/kibana/security_rule/f9790abf-bd0c-45f9-8b5f-d0b74015e029_119.json index d5a33344020..6be1f93c85d 100644 --- a/packages/security_detection_engine/kibana/security_rule/f9790abf-bd0c-45f9-8b5f-d0b74015e029_119.json +++ b/packages/security_detection_engine/kibana/security_rule/f9790abf-bd0c-45f9-8b5f-d0b74015e029_119.json @@ -16,11 +16,11 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f994964f-6fce-4d75-8e79-e16ccc412588_413.json b/packages/security_detection_engine/kibana/security_rule/f994964f-6fce-4d75-8e79-e16ccc412588_413.json index c7419b3150e..98642e807b7 100644 --- a/packages/security_detection_engine/kibana/security_rule/f994964f-6fce-4d75-8e79-e16ccc412588_413.json +++ b/packages/security_detection_engine/kibana/security_rule/f994964f-6fce-4d75-8e79-e16ccc412588_413.json @@ -26,7 +26,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/f9abcddc-a05d-4345-a81d-000b79aa5525_12.json b/packages/security_detection_engine/kibana/security_rule/f9abcddc-a05d-4345-a81d-000b79aa5525_12.json index 96f5850bf96..8576334f462 100644 --- a/packages/security_detection_engine/kibana/security_rule/f9abcddc-a05d-4345-a81d-000b79aa5525_12.json +++ b/packages/security_detection_engine/kibana/security_rule/f9abcddc-a05d-4345-a81d-000b79aa5525_12.json @@ -32,7 +32,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fa01341d-6662-426b-9d0c-6d81e33c8a9d_320.json b/packages/security_detection_engine/kibana/security_rule/fa01341d-6662-426b-9d0c-6d81e33c8a9d_320.json index fd40fd0e9d3..3d38665799d 100644 --- a/packages/security_detection_engine/kibana/security_rule/fa01341d-6662-426b-9d0c-6d81e33c8a9d_320.json +++ b/packages/security_detection_engine/kibana/security_rule/fa01341d-6662-426b-9d0c-6d81e33c8a9d_320.json @@ -27,27 +27,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fa210b61-b627-4e5e-86f4-17e8270656ab_11.json b/packages/security_detection_engine/kibana/security_rule/fa210b61-b627-4e5e-86f4-17e8270656ab_11.json index 6c61c162ace..4dbc5cf7cab 100644 --- a/packages/security_detection_engine/kibana/security_rule/fa210b61-b627-4e5e-86f4-17e8270656ab_11.json +++ b/packages/security_detection_engine/kibana/security_rule/fa210b61-b627-4e5e-86f4-17e8270656ab_11.json @@ -18,7 +18,7 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fa3a59dc-33c3-43bf-80a9-e8437a922c7f_13.json b/packages/security_detection_engine/kibana/security_rule/fa3a59dc-33c3-43bf-80a9-e8437a922c7f_13.json index 83907dbcb98..3ca8aab7ae1 100644 --- a/packages/security_detection_engine/kibana/security_rule/fa3a59dc-33c3-43bf-80a9-e8437a922c7f_13.json +++ b/packages/security_detection_engine/kibana/security_rule/fa3a59dc-33c3-43bf-80a9-e8437a922c7f_13.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fa488440-04cc-41d7-9279-539387bf2a17_321.json b/packages/security_detection_engine/kibana/security_rule/fa488440-04cc-41d7-9279-539387bf2a17_321.json index e6e9b816495..f27c3195619 100644 --- a/packages/security_detection_engine/kibana/security_rule/fa488440-04cc-41d7-9279-539387bf2a17_321.json +++ b/packages/security_detection_engine/kibana/security_rule/fa488440-04cc-41d7-9279-539387bf2a17_321.json @@ -44,23 +44,23 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fa830742-fd41-4b12-a287-2c57bdf079ef_1.json b/packages/security_detection_engine/kibana/security_rule/fa830742-fd41-4b12-a287-2c57bdf079ef_1.json index 38bb2ebf855..4456ead06eb 100644 --- a/packages/security_detection_engine/kibana/security_rule/fa830742-fd41-4b12-a287-2c57bdf079ef_1.json +++ b/packages/security_detection_engine/kibana/security_rule/fa830742-fd41-4b12-a287-2c57bdf079ef_1.json @@ -44,7 +44,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fac52c69-2646-4e79-89c0-fd7653461010_113.json b/packages/security_detection_engine/kibana/security_rule/fac52c69-2646-4e79-89c0-fd7653461010_113.json index ab0f3b61b8b..e09d5f9a6a8 100644 --- a/packages/security_detection_engine/kibana/security_rule/fac52c69-2646-4e79-89c0-fd7653461010_113.json +++ b/packages/security_detection_engine/kibana/security_rule/fac52c69-2646-4e79-89c0-fd7653461010_113.json @@ -21,19 +21,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fb01d790-9f74-4e76-97dd-b4b0f7bf6435_111.json b/packages/security_detection_engine/kibana/security_rule/fb01d790-9f74-4e76-97dd-b4b0f7bf6435_111.json index fc712adef3f..dec7c3aa788 100644 --- a/packages/security_detection_engine/kibana/security_rule/fb01d790-9f74-4e76-97dd-b4b0f7bf6435_111.json +++ b/packages/security_detection_engine/kibana/security_rule/fb01d790-9f74-4e76-97dd-b4b0f7bf6435_111.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fb02b8d3-71ee-4af1-bacd-215d23f17efa_212.json b/packages/security_detection_engine/kibana/security_rule/fb02b8d3-71ee-4af1-bacd-215d23f17efa_212.json index 50b0d2c8c0c..a37f5798abb 100644 --- a/packages/security_detection_engine/kibana/security_rule/fb02b8d3-71ee-4af1-bacd-215d23f17efa_212.json +++ b/packages/security_detection_engine/kibana/security_rule/fb02b8d3-71ee-4af1-bacd-215d23f17efa_212.json @@ -25,11 +25,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fb0afac5-bbd6-49b0-b4f8-44e5381e1587_209.json b/packages/security_detection_engine/kibana/security_rule/fb0afac5-bbd6-49b0-b4f8-44e5381e1587_209.json index 4087301a9f8..9f15880f89d 100644 --- a/packages/security_detection_engine/kibana/security_rule/fb0afac5-bbd6-49b0-b4f8-44e5381e1587_209.json +++ b/packages/security_detection_engine/kibana/security_rule/fb0afac5-bbd6-49b0-b4f8-44e5381e1587_209.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "github", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fb16f9ef-cb03-4234-adc2-44641f3b71ee_5.json b/packages/security_detection_engine/kibana/security_rule/fb16f9ef-cb03-4234-adc2-44641f3b71ee_5.json index 0046710349f..22e7dcb7bcc 100644 --- a/packages/security_detection_engine/kibana/security_rule/fb16f9ef-cb03-4234-adc2-44641f3b71ee_5.json +++ b/packages/security_detection_engine/kibana/security_rule/fb16f9ef-cb03-4234-adc2-44641f3b71ee_5.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "azure_openai", - "version": "^1.5.0" + "version": ">=1.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fb3ca230-af4e-11f0-900d-f661ea17fbcc_1.json b/packages/security_detection_engine/kibana/security_rule/fb3ca230-af4e-11f0-900d-f661ea17fbcc_1.json index 9596947d72d..9a3b77126c6 100644 --- a/packages/security_detection_engine/kibana/security_rule/fb3ca230-af4e-11f0-900d-f661ea17fbcc_1.json +++ b/packages/security_detection_engine/kibana/security_rule/fb3ca230-af4e-11f0-900d-f661ea17fbcc_1.json @@ -29,7 +29,7 @@ "related_integrations": [ { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fb542346-1624-4cf2-bcc7-c68abaab261b_2.json b/packages/security_detection_engine/kibana/security_rule/fb542346-1624-4cf2-bcc7-c68abaab261b_2.json index 57f070e1a10..e7b9f4755f5 100644 --- a/packages/security_detection_engine/kibana/security_rule/fb542346-1624-4cf2-bcc7-c68abaab261b_2.json +++ b/packages/security_detection_engine/kibana/security_rule/fb542346-1624-4cf2-bcc7-c68abaab261b_2.json @@ -21,19 +21,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fb5d91d0-3b94-4f91-bf20-b6fbc4b2480a_104.json b/packages/security_detection_engine/kibana/security_rule/fb5d91d0-3b94-4f91-bf20-b6fbc4b2480a_104.json index 1119ac2f24b..a6e0c7ee693 100644 --- a/packages/security_detection_engine/kibana/security_rule/fb5d91d0-3b94-4f91-bf20-b6fbc4b2480a_104.json +++ b/packages/security_detection_engine/kibana/security_rule/fb5d91d0-3b94-4f91-bf20-b6fbc4b2480a_104.json @@ -18,15 +18,15 @@ "related_integrations": [ { "package": "pad", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/fb8790fc-d485-45e2-8d6e-2fb813f4af95_2.json b/packages/security_detection_engine/kibana/security_rule/fb8790fc-d485-45e2-8d6e-2fb813f4af95_2.json index becfffe28a9..66a2693ca1b 100644 --- a/packages/security_detection_engine/kibana/security_rule/fb8790fc-d485-45e2-8d6e-2fb813f4af95_2.json +++ b/packages/security_detection_engine/kibana/security_rule/fb8790fc-d485-45e2-8d6e-2fb813f4af95_2.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fb935960-d132-4bb5-853d-62f86cccc250_1.json b/packages/security_detection_engine/kibana/security_rule/fb935960-d132-4bb5-853d-62f86cccc250_1.json index cc07d4ce829..b01c7779b01 100644 --- a/packages/security_detection_engine/kibana/security_rule/fb935960-d132-4bb5-853d-62f86cccc250_1.json +++ b/packages/security_detection_engine/kibana/security_rule/fb935960-d132-4bb5-853d-62f86cccc250_1.json @@ -44,7 +44,7 @@ { "integration": "aadgraphactivitylogs", "package": "azure", - "version": "^1.37.0" + "version": ">=1.37.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fbad57ec-4442-48db-a34f-5ee907b44a22_4.json b/packages/security_detection_engine/kibana/security_rule/fbad57ec-4442-48db-a34f-5ee907b44a22_4.json index 368460bf350..504d740ea16 100644 --- a/packages/security_detection_engine/kibana/security_rule/fbad57ec-4442-48db-a34f-5ee907b44a22_4.json +++ b/packages/security_detection_engine/kibana/security_rule/fbad57ec-4442-48db-a34f-5ee907b44a22_4.json @@ -39,27 +39,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fbb10f1e-77cb-42f9-994e-5da17fc3fc15_104.json b/packages/security_detection_engine/kibana/security_rule/fbb10f1e-77cb-42f9-994e-5da17fc3fc15_104.json index 9b963767b65..d9fd2c51eb8 100644 --- a/packages/security_detection_engine/kibana/security_rule/fbb10f1e-77cb-42f9-994e-5da17fc3fc15_104.json +++ b/packages/security_detection_engine/kibana/security_rule/fbb10f1e-77cb-42f9-994e-5da17fc3fc15_104.json @@ -18,11 +18,11 @@ "related_integrations": [ { "package": "pad", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "okta", - "version": "^3.5.0" + "version": ">=3.5.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/fbd44836-0d69-4004-a0b4-03c20370c435_212.json b/packages/security_detection_engine/kibana/security_rule/fbd44836-0d69-4004-a0b4-03c20370c435_212.json index 6ae46030da1..9b7b8c97c08 100644 --- a/packages/security_detection_engine/kibana/security_rule/fbd44836-0d69-4004-a0b4-03c20370c435_212.json +++ b/packages/security_detection_engine/kibana/security_rule/fbd44836-0d69-4004-a0b4-03c20370c435_212.json @@ -41,7 +41,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fc5105ce-2584-48b6-a0cf-9ace7eeffd3c_6.json b/packages/security_detection_engine/kibana/security_rule/fc5105ce-2584-48b6-a0cf-9ace7eeffd3c_6.json index 2f6bb67503e..21f9dbcb0d9 100644 --- a/packages/security_detection_engine/kibana/security_rule/fc5105ce-2584-48b6-a0cf-9ace7eeffd3c_6.json +++ b/packages/security_detection_engine/kibana/security_rule/fc5105ce-2584-48b6-a0cf-9ace7eeffd3c_6.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fc552f49-8f1c-409b-90f8-6f5b9869b6c4_3.json b/packages/security_detection_engine/kibana/security_rule/fc552f49-8f1c-409b-90f8-6f5b9869b6c4_3.json index cb7aa3254f2..b8e6310894f 100644 --- a/packages/security_detection_engine/kibana/security_rule/fc552f49-8f1c-409b-90f8-6f5b9869b6c4_3.json +++ b/packages/security_detection_engine/kibana/security_rule/fc552f49-8f1c-409b-90f8-6f5b9869b6c4_3.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fc7c0fa4-8f03-4b3e-8336-c5feab0be022_315.json b/packages/security_detection_engine/kibana/security_rule/fc7c0fa4-8f03-4b3e-8336-c5feab0be022_315.json index 2f1cf1ed72b..38ca9076575 100644 --- a/packages/security_detection_engine/kibana/security_rule/fc7c0fa4-8f03-4b3e-8336-c5feab0be022_315.json +++ b/packages/security_detection_engine/kibana/security_rule/fc7c0fa4-8f03-4b3e-8336-c5feab0be022_315.json @@ -24,19 +24,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fc909baa-fb34-4c46-9691-be276ef4234c_208.json b/packages/security_detection_engine/kibana/security_rule/fc909baa-fb34-4c46-9691-be276ef4234c_208.json index 2a1c06a2bae..22766bd6c84 100644 --- a/packages/security_detection_engine/kibana/security_rule/fc909baa-fb34-4c46-9691-be276ef4234c_208.json +++ b/packages/security_detection_engine/kibana/security_rule/fc909baa-fb34-4c46-9691-be276ef4234c_208.json @@ -21,7 +21,7 @@ "related_integrations": [ { "package": "github", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fcd16fe8-eb29-42b3-8aee-6c9ad777a2f6_4.json b/packages/security_detection_engine/kibana/security_rule/fcd16fe8-eb29-42b3-8aee-6c9ad777a2f6_4.json index 1647941366f..a426369d46e 100644 --- a/packages/security_detection_engine/kibana/security_rule/fcd16fe8-eb29-42b3-8aee-6c9ad777a2f6_4.json +++ b/packages/security_detection_engine/kibana/security_rule/fcd16fe8-eb29-42b3-8aee-6c9ad777a2f6_4.json @@ -46,27 +46,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fcd2e4be-6ec4-482f-9222-6245367cd738_4.json b/packages/security_detection_engine/kibana/security_rule/fcd2e4be-6ec4-482f-9222-6245367cd738_4.json index f55830ad425..909ae7a0f57 100644 --- a/packages/security_detection_engine/kibana/security_rule/fcd2e4be-6ec4-482f-9222-6245367cd738_4.json +++ b/packages/security_detection_engine/kibana/security_rule/fcd2e4be-6ec4-482f-9222-6245367cd738_4.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fcf733d5-7801-4eb0-92ac-8ffacf3658f2_8.json b/packages/security_detection_engine/kibana/security_rule/fcf733d5-7801-4eb0-92ac-8ffacf3658f2_8.json index 7e6e8d2b112..e3b26c6e09a 100644 --- a/packages/security_detection_engine/kibana/security_rule/fcf733d5-7801-4eb0-92ac-8ffacf3658f2_8.json +++ b/packages/security_detection_engine/kibana/security_rule/fcf733d5-7801-4eb0-92ac-8ffacf3658f2_8.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fd00769d-b18d-450a-a844-7a9f9c71995e_2.json b/packages/security_detection_engine/kibana/security_rule/fd00769d-b18d-450a-a844-7a9f9c71995e_2.json index 2cf8fad0bba..ea10e685799 100644 --- a/packages/security_detection_engine/kibana/security_rule/fd00769d-b18d-450a-a844-7a9f9c71995e_2.json +++ b/packages/security_detection_engine/kibana/security_rule/fd00769d-b18d-450a-a844-7a9f9c71995e_2.json @@ -18,7 +18,7 @@ "related_integrations": [ { "package": "kubernetes", - "version": "^1.80.0" + "version": ">=1.80.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fd01b949-81be-46d5-bcf8-284395d5f56d_209.json b/packages/security_detection_engine/kibana/security_rule/fd01b949-81be-46d5-bcf8-284395d5f56d_209.json index d849fb19184..d7bb3f8bf45 100644 --- a/packages/security_detection_engine/kibana/security_rule/fd01b949-81be-46d5-bcf8-284395d5f56d_209.json +++ b/packages/security_detection_engine/kibana/security_rule/fd01b949-81be-46d5-bcf8-284395d5f56d_209.json @@ -16,7 +16,7 @@ "related_integrations": [ { "package": "github", - "version": "^2.4.0" + "version": ">=2.4.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fd332492-0bc6-11ef-b5be-f661ea17fbcc_9.json b/packages/security_detection_engine/kibana/security_rule/fd332492-0bc6-11ef-b5be-f661ea17fbcc_9.json index a8c8ae0c66e..ad8cd5ebffb 100644 --- a/packages/security_detection_engine/kibana/security_rule/fd332492-0bc6-11ef-b5be-f661ea17fbcc_9.json +++ b/packages/security_detection_engine/kibana/security_rule/fd332492-0bc6-11ef-b5be-f661ea17fbcc_9.json @@ -46,7 +46,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fd4a992d-6130-4802-9ff8-829b89ae801f_319.json b/packages/security_detection_engine/kibana/security_rule/fd4a992d-6130-4802-9ff8-829b89ae801f_319.json index e221a9234af..cb7b3f59841 100644 --- a/packages/security_detection_engine/kibana/security_rule/fd4a992d-6130-4802-9ff8-829b89ae801f_319.json +++ b/packages/security_detection_engine/kibana/security_rule/fd4a992d-6130-4802-9ff8-829b89ae801f_319.json @@ -24,27 +24,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fd70c98a-c410-42dc-a2e3-761c71848acf_318.json b/packages/security_detection_engine/kibana/security_rule/fd70c98a-c410-42dc-a2e3-761c71848acf_318.json index ce68f6247da..ecedf4064e2 100644 --- a/packages/security_detection_engine/kibana/security_rule/fd70c98a-c410-42dc-a2e3-761c71848acf_318.json +++ b/packages/security_detection_engine/kibana/security_rule/fd70c98a-c410-42dc-a2e3-761c71848acf_318.json @@ -32,27 +32,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fd7a6052-58fa-4397-93c3-4795249ccfa2_428.json b/packages/security_detection_engine/kibana/security_rule/fd7a6052-58fa-4397-93c3-4795249ccfa2_428.json index cc60e8e1321..29aaae72cdb 100644 --- a/packages/security_detection_engine/kibana/security_rule/fd7a6052-58fa-4397-93c3-4795249ccfa2_428.json +++ b/packages/security_detection_engine/kibana/security_rule/fd7a6052-58fa-4397-93c3-4795249ccfa2_428.json @@ -30,23 +30,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fd9484f2-1c56-44ae-8b28-dc1354e3a0e8_4.json b/packages/security_detection_engine/kibana/security_rule/fd9484f2-1c56-44ae-8b28-dc1354e3a0e8_4.json index f9cf94f2e46..1c8f61db8cc 100644 --- a/packages/security_detection_engine/kibana/security_rule/fd9484f2-1c56-44ae-8b28-dc1354e3a0e8_4.json +++ b/packages/security_detection_engine/kibana/security_rule/fd9484f2-1c56-44ae-8b28-dc1354e3a0e8_4.json @@ -17,7 +17,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fd9d2933-f0f9-4aac-810c-a31f6a4a7890_1.json b/packages/security_detection_engine/kibana/security_rule/fd9d2933-f0f9-4aac-810c-a31f6a4a7890_1.json index feff715f90a..0ec0ac5d6e5 100644 --- a/packages/security_detection_engine/kibana/security_rule/fd9d2933-f0f9-4aac-810c-a31f6a4a7890_1.json +++ b/packages/security_detection_engine/kibana/security_rule/fd9d2933-f0f9-4aac-810c-a31f6a4a7890_1.json @@ -43,7 +43,7 @@ { "integration": "aadgraphactivitylogs", "package": "azure", - "version": "^1.37.0" + "version": ">=1.37.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fda1d332-5e08-4f27-8a9b-8c802e3292a6_18.json b/packages/security_detection_engine/kibana/security_rule/fda1d332-5e08-4f27-8a9b-8c802e3292a6_18.json index dd2a3a0aef0..848ba9c9d47 100644 --- a/packages/security_detection_engine/kibana/security_rule/fda1d332-5e08-4f27-8a9b-8c802e3292a6_18.json +++ b/packages/security_detection_engine/kibana/security_rule/fda1d332-5e08-4f27-8a9b-8c802e3292a6_18.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fddff193-48a3-484d-8d35-90bb3d323a56_113.json b/packages/security_detection_engine/kibana/security_rule/fddff193-48a3-484d-8d35-90bb3d323a56_113.json index 5cab9ea1ba9..8a7e17930f1 100644 --- a/packages/security_detection_engine/kibana/security_rule/fddff193-48a3-484d-8d35-90bb3d323a56_113.json +++ b/packages/security_detection_engine/kibana/security_rule/fddff193-48a3-484d-8d35-90bb3d323a56_113.json @@ -39,7 +39,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fde4efad-9cd0-4fa4-84c8-0e3b6fc957b4_1.json b/packages/security_detection_engine/kibana/security_rule/fde4efad-9cd0-4fa4-84c8-0e3b6fc957b4_1.json index 733afd13c50..5d4b770ee79 100644 --- a/packages/security_detection_engine/kibana/security_rule/fde4efad-9cd0-4fa4-84c8-0e3b6fc957b4_1.json +++ b/packages/security_detection_engine/kibana/security_rule/fde4efad-9cd0-4fa4-84c8-0e3b6fc957b4_1.json @@ -23,7 +23,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fe25d5bc-01fa-494a-95ff-535c29cc4c96_112.json b/packages/security_detection_engine/kibana/security_rule/fe25d5bc-01fa-494a-95ff-535c29cc4c96_112.json index b995a84a977..02486b02a07 100644 --- a/packages/security_detection_engine/kibana/security_rule/fe25d5bc-01fa-494a-95ff-535c29cc4c96_112.json +++ b/packages/security_detection_engine/kibana/security_rule/fe25d5bc-01fa-494a-95ff-535c29cc4c96_112.json @@ -38,7 +38,7 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fe794edd-487f-4a90-b285-3ee54f2af2d3_320.json b/packages/security_detection_engine/kibana/security_rule/fe794edd-487f-4a90-b285-3ee54f2af2d3_320.json index 27c66dea8f0..813b1fc837d 100644 --- a/packages/security_detection_engine/kibana/security_rule/fe794edd-487f-4a90-b285-3ee54f2af2d3_320.json +++ b/packages/security_detection_engine/kibana/security_rule/fe794edd-487f-4a90-b285-3ee54f2af2d3_320.json @@ -36,23 +36,23 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fe8d6507-b543-4bbc-849f-dc0da6db29f6_105.json b/packages/security_detection_engine/kibana/security_rule/fe8d6507-b543-4bbc-849f-dc0da6db29f6_105.json index 910ce2de44f..df765ee242b 100644 --- a/packages/security_detection_engine/kibana/security_rule/fe8d6507-b543-4bbc-849f-dc0da6db29f6_105.json +++ b/packages/security_detection_engine/kibana/security_rule/fe8d6507-b543-4bbc-849f-dc0da6db29f6_105.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/feafdc51-c575-4ed2-89dd-8e20badc2d6c_11.json b/packages/security_detection_engine/kibana/security_rule/feafdc51-c575-4ed2-89dd-8e20badc2d6c_11.json index 92422a3dcaa..f3d6b8b1d87 100644 --- a/packages/security_detection_engine/kibana/security_rule/feafdc51-c575-4ed2-89dd-8e20badc2d6c_11.json +++ b/packages/security_detection_engine/kibana/security_rule/feafdc51-c575-4ed2-89dd-8e20badc2d6c_11.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/feba48f6-40ca-4d04-b41f-5dfa327de865_2.json b/packages/security_detection_engine/kibana/security_rule/feba48f6-40ca-4d04-b41f-5dfa327de865_2.json index 0aff58c842b..a6706d607dd 100644 --- a/packages/security_detection_engine/kibana/security_rule/feba48f6-40ca-4d04-b41f-5dfa327de865_2.json +++ b/packages/security_detection_engine/kibana/security_rule/feba48f6-40ca-4d04-b41f-5dfa327de865_2.json @@ -25,27 +25,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fec7ccb7-6ed9-4f98-93ab-d6b366b063a0_5.json b/packages/security_detection_engine/kibana/security_rule/fec7ccb7-6ed9-4f98-93ab-d6b366b063a0_5.json index d182e4790f4..b2921d8189a 100644 --- a/packages/security_detection_engine/kibana/security_rule/fec7ccb7-6ed9-4f98-93ab-d6b366b063a0_5.json +++ b/packages/security_detection_engine/kibana/security_rule/fec7ccb7-6ed9-4f98-93ab-d6b366b063a0_5.json @@ -23,7 +23,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/feeed87c-5e95-4339-aef1-47fd79bcfbe3_313.json b/packages/security_detection_engine/kibana/security_rule/feeed87c-5e95-4339-aef1-47fd79bcfbe3_313.json index 879bf9a0c1c..a7f5624bcc5 100644 --- a/packages/security_detection_engine/kibana/security_rule/feeed87c-5e95-4339-aef1-47fd79bcfbe3_313.json +++ b/packages/security_detection_engine/kibana/security_rule/feeed87c-5e95-4339-aef1-47fd79bcfbe3_313.json @@ -21,19 +21,19 @@ "related_integrations": [ { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/fef62ecf-0260-4b71-848b-a8624b304828_6.json b/packages/security_detection_engine/kibana/security_rule/fef62ecf-0260-4b71-848b-a8624b304828_6.json index 994c86ae04b..d5df0414d8e 100644 --- a/packages/security_detection_engine/kibana/security_rule/fef62ecf-0260-4b71-848b-a8624b304828_6.json +++ b/packages/security_detection_engine/kibana/security_rule/fef62ecf-0260-4b71-848b-a8624b304828_6.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "auditd_manager", - "version": "^1.18.0" + "version": ">=1.18.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ff013cb4-274d-434a-96bb-fe15ddd3ae92_108.json b/packages/security_detection_engine/kibana/security_rule/ff013cb4-274d-434a-96bb-fe15ddd3ae92_108.json index cd419bc5f0a..c2b55d15b0e 100644 --- a/packages/security_detection_engine/kibana/security_rule/ff013cb4-274d-434a-96bb-fe15ddd3ae92_108.json +++ b/packages/security_detection_engine/kibana/security_rule/ff013cb4-274d-434a-96bb-fe15ddd3ae92_108.json @@ -28,11 +28,11 @@ "related_integrations": [ { "package": "panw", - "version": "^5.2.0" + "version": ">=5.2.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ff0d807d-869b-4a0d-a493-52bc46d2f1b1_109.json b/packages/security_detection_engine/kibana/security_rule/ff0d807d-869b-4a0d-a493-52bc46d2f1b1_109.json index 448ad1a861d..cc448b2d068 100644 --- a/packages/security_detection_engine/kibana/security_rule/ff0d807d-869b-4a0d-a493-52bc46d2f1b1_109.json +++ b/packages/security_detection_engine/kibana/security_rule/ff0d807d-869b-4a0d-a493-52bc46d2f1b1_109.json @@ -19,15 +19,15 @@ "related_integrations": [ { "package": "dga", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "network_traffic", - "version": "^1.33.0" + "version": ">=1.33.0" } ], "risk_score": 21, diff --git a/packages/security_detection_engine/kibana/security_rule/ff10d4d8-fea7-422d-afb1-e5a2702369a9_19.json b/packages/security_detection_engine/kibana/security_rule/ff10d4d8-fea7-422d-afb1-e5a2702369a9_19.json index aa998355949..69b943042d5 100644 --- a/packages/security_detection_engine/kibana/security_rule/ff10d4d8-fea7-422d-afb1-e5a2702369a9_19.json +++ b/packages/security_detection_engine/kibana/security_rule/ff10d4d8-fea7-422d-afb1-e5a2702369a9_19.json @@ -20,7 +20,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ff18d24b-2ba6-4691-a17f-75c4380d0965_4.json b/packages/security_detection_engine/kibana/security_rule/ff18d24b-2ba6-4691-a17f-75c4380d0965_4.json index f2e752e73ec..24af596b88c 100644 --- a/packages/security_detection_engine/kibana/security_rule/ff18d24b-2ba6-4691-a17f-75c4380d0965_4.json +++ b/packages/security_detection_engine/kibana/security_rule/ff18d24b-2ba6-4691-a17f-75c4380d0965_4.json @@ -44,27 +44,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ff320c56-f8fa-11ee-8c44-f661ea17fbce_8.json b/packages/security_detection_engine/kibana/security_rule/ff320c56-f8fa-11ee-8c44-f661ea17fbce_8.json index f9d94843c00..ffc136c2715 100644 --- a/packages/security_detection_engine/kibana/security_rule/ff320c56-f8fa-11ee-8c44-f661ea17fbce_8.json +++ b/packages/security_detection_engine/kibana/security_rule/ff320c56-f8fa-11ee-8c44-f661ea17fbce_8.json @@ -43,7 +43,7 @@ { "integration": "cloudtrail", "package": "aws", - "version": "^6.0.0" + "version": ">=6.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ff4599cb-409f-4910-a239-52e4e6f532ff_19.json b/packages/security_detection_engine/kibana/security_rule/ff4599cb-409f-4910-a239-52e4e6f532ff_19.json index fbd2ba12278..eed113dfa03 100644 --- a/packages/security_detection_engine/kibana/security_rule/ff4599cb-409f-4910-a239-52e4e6f532ff_19.json +++ b/packages/security_detection_engine/kibana/security_rule/ff4599cb-409f-4910-a239-52e4e6f532ff_19.json @@ -17,11 +17,11 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ff46eb26-0684-4da3-9dd6-21032c9878e1_3.json b/packages/security_detection_engine/kibana/security_rule/ff46eb26-0684-4da3-9dd6-21032c9878e1_3.json index 7b7f7aaadb6..43abdf77a00 100644 --- a/packages/security_detection_engine/kibana/security_rule/ff46eb26-0684-4da3-9dd6-21032c9878e1_3.json +++ b/packages/security_detection_engine/kibana/security_rule/ff46eb26-0684-4da3-9dd6-21032c9878e1_3.json @@ -27,27 +27,27 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "system", - "version": "^2.0.0" + "version": ">=2.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" }, { "package": "crowdstrike", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ff4dd44a-0ac6-44c4-8609-3f81bc820f02_213.json b/packages/security_detection_engine/kibana/security_rule/ff4dd44a-0ac6-44c4-8609-3f81bc820f02_213.json index 2b94296f51a..a5c4affd8f2 100644 --- a/packages/security_detection_engine/kibana/security_rule/ff4dd44a-0ac6-44c4-8609-3f81bc820f02_213.json +++ b/packages/security_detection_engine/kibana/security_rule/ff4dd44a-0ac6-44c4-8609-3f81bc820f02_213.json @@ -24,7 +24,7 @@ "related_integrations": [ { "package": "o365", - "version": "^3.0.0" + "version": ">=3.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ff6cf8b9-b76c-4cc1-ac1b-4935164d1029_206.json b/packages/security_detection_engine/kibana/security_rule/ff6cf8b9-b76c-4cc1-ac1b-4935164d1029_206.json index 021f89ec15c..7bb5321e405 100644 --- a/packages/security_detection_engine/kibana/security_rule/ff6cf8b9-b76c-4cc1-ac1b-4935164d1029_206.json +++ b/packages/security_detection_engine/kibana/security_rule/ff6cf8b9-b76c-4cc1-ac1b-4935164d1029_206.json @@ -25,19 +25,19 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" }, { "package": "windows", - "version": "^3.0.0" + "version": ">=3.0.0" }, { "package": "m365_defender", - "version": "^5.0.0" + "version": ">=5.0.0" }, { "package": "sentinel_one_cloud_funnel", - "version": "^1.9.0" + "version": ">=1.9.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ff9b571e-61d6-4f6c-9561-eb4cca3bafe1_109.json b/packages/security_detection_engine/kibana/security_rule/ff9b571e-61d6-4f6c-9561-eb4cca3bafe1_109.json index 162dfedf630..3b829e60228 100644 --- a/packages/security_detection_engine/kibana/security_rule/ff9b571e-61d6-4f6c-9561-eb4cca3bafe1_109.json +++ b/packages/security_detection_engine/kibana/security_rule/ff9b571e-61d6-4f6c-9561-eb4cca3bafe1_109.json @@ -24,7 +24,7 @@ { "integration": "audit", "package": "gcp", - "version": "^2.41.0" + "version": ">=2.41.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ff9bc8b9-f03b-4283-be58-ee0a16f5a11b_112.json b/packages/security_detection_engine/kibana/security_rule/ff9bc8b9-f03b-4283-be58-ee0a16f5a11b_112.json index 6d92fc17ba7..72d93083b8c 100644 --- a/packages/security_detection_engine/kibana/security_rule/ff9bc8b9-f03b-4283-be58-ee0a16f5a11b_112.json +++ b/packages/security_detection_engine/kibana/security_rule/ff9bc8b9-f03b-4283-be58-ee0a16f5a11b_112.json @@ -19,7 +19,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ffa676dc-09b0-11f0-94ba-b66272739ecb_3.json b/packages/security_detection_engine/kibana/security_rule/ffa676dc-09b0-11f0-94ba-b66272739ecb_3.json index ae624b3c92f..c9492279550 100644 --- a/packages/security_detection_engine/kibana/security_rule/ffa676dc-09b0-11f0-94ba-b66272739ecb_3.json +++ b/packages/security_detection_engine/kibana/security_rule/ffa676dc-09b0-11f0-94ba-b66272739ecb_3.json @@ -22,7 +22,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/kibana/security_rule/ffd8b5e9-aa63-42b3-aead-6fdb170da9a3_3.json b/packages/security_detection_engine/kibana/security_rule/ffd8b5e9-aa63-42b3-aead-6fdb170da9a3_3.json index b928a6977a6..38509d0a435 100644 --- a/packages/security_detection_engine/kibana/security_rule/ffd8b5e9-aa63-42b3-aead-6fdb170da9a3_3.json +++ b/packages/security_detection_engine/kibana/security_rule/ffd8b5e9-aa63-42b3-aead-6fdb170da9a3_3.json @@ -13,7 +13,7 @@ "related_integrations": [ { "package": "endpoint", - "version": "^9.0.0" + "version": ">=9.0.0" } ], "required_fields": [ diff --git a/packages/security_detection_engine/manifest.yml b/packages/security_detection_engine/manifest.yml index d7221c43a3b..b5e1b84df16 100644 --- a/packages/security_detection_engine/manifest.yml +++ b/packages/security_detection_engine/manifest.yml @@ -7,7 +7,7 @@ conditions: - security subscription: basic kibana: - version: ^9.4.0 + version: ^9.5.0 description: Prebuilt detection rules for Elastic Security format_version: 3.0.0 icons: @@ -22,4 +22,4 @@ source: license: Elastic-2.0 title: Prebuilt Security Detection Rules type: integration -version: 9.4.7 +version: 9.5.1-beta.1 From 3774a3e86d149567aea6bccee5b5be7c4a9f7ab7 Mon Sep 17 00:00:00 2001 From: tradebot-elastic <178941316+tradebot-elastic@users.noreply.github.com> Date: Sun, 12 Jul 2026 23:13:22 +0000 Subject: [PATCH 2/2] Add changelog entry for 9.5.1-beta.1 --- packages/security_detection_engine/changelog.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/security_detection_engine/changelog.yml b/packages/security_detection_engine/changelog.yml index b403d6b40e9..b726752cc5d 100644 --- a/packages/security_detection_engine/changelog.yml +++ b/packages/security_detection_engine/changelog.yml @@ -4,7 +4,7 @@ changes: - description: Release security rules update type: enhancement - link: https://github.com/elastic/integrations/pulls/0000 + link: https://github.com/elastic/integrations/pull/20093 - version: 9.4.7 changes: - description: Release security rules update