Lock versions for releases: 8.12,8.13,8.14,8.15,8.16,8.17 (#4463)

(cherry picked from commit bd62867)
elastic · Feb 17, 2025 · ee0dda8 · ee0dda8
1 parent a3d7a2d
commit ee0dda8
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 41 deletions.
diff --git a/detection_rules/etc/version.lock.json b/detection_rules/etc/version.lock.json
@@ -177,9 +177,9 @@
   },
   "02bab13d-fb14-4d7c-b6fe-4a28874d37c5": {
     "rule_name": "Potential Ransomware Note File Dropped via SMB",
-    "sha256": "c09424400f8baab1bc7e15018527a7b26314073d02a79aac933a265ba32a2bf5",
+    "sha256": "8ddaecb1abd24bc5406103c8f6edc29cd35f7748ba01ecc725ade824b6e50cde",
     "type": "eql",
-    "version": 3
+    "version": 4
   },
   "02ea4563-ec10-4974-b7de-12e65aa4f9b3": {
     "rule_name": "Dumping Account Hashes via Built-In Commands",
@@ -233,9 +233,9 @@
   },
   "03a514d9-500e-443e-b6a9-72718c548f6c": {
     "rule_name": "SSH Process Launched From Inside A Container",
-    "sha256": "f20d44b0d750d0c26fca0b620394312ba50e05209f19a2c8efe8a5779d97e899",
+    "sha256": "6948774242c4260c8922dc9fb5cf20d83968255d9cb7b32e14ecc3ec3d9e9a0f",
     "type": "eql",
-    "version": 3
+    "version": 4
   },
   "03c23d45-d3cb-4ad4-ab5d-b361ffe8724a": {
     "rule_name": "Potential Network Scan Executed From Host",
@@ -911,9 +911,9 @@
   "0ef5d3eb-67ef-43ab-93b7-305cfa5a21f6": {
     "min_stack_version": "8.14",
     "rule_name": "Sensitive Audit Policy Sub-Category Disabled",
-    "sha256": "2ccd6e44765c01f2922e5dbfec21d3112b12ea481499e274cc65faed4937a76a",
+    "sha256": "6cc9d9a4fbb39e93e41deb9292f97dde010faa4b55b759e788d4ee53bad3fa1b",
     "type": "query",
-    "version": 2
+    "version": 3
   },
   "0f4d35e4-925e-4959-ab24-911be207ee6f": {
     "rule_name": "rc.local/rc.common File Creation",
@@ -1189,9 +1189,9 @@
       }
     },
     "rule_name": "Potential Exploitation of an Unquoted Service Path Vulnerability",
-    "sha256": "1a23f04cf58db376fd7b4ec19d06758a03d9ff61f0e7e73111cd6bdebc85966f",
+    "sha256": "782eb2c51362b3ee9cdf7131c0a816f7635452ff4f82263c5b890f72cd09baf8",
     "type": "eql",
-    "version": 204
+    "version": 205
   },
   "12f07955-1674-44f7-86b5-c35da0a6f41a": {
     "min_stack_version": "8.14",
@@ -1958,9 +1958,9 @@
   },
   "1dee0500-4aeb-44ca-b24b-4a285d7b6ba1": {
     "rule_name": "Suspicious Inter-Process Communication via Outlook",
-    "sha256": "c0dac1892d3e83d5514d879ef3a350f6156b44bf4e67c8e1055de7ef2c6d1a8b",
+    "sha256": "8ec48ccef8861234829d698a6d82615fdf25beacab841fc91cc525636fdf4bd2",
     "type": "eql",
-    "version": 8
+    "version": 9
   },
   "1defdd62-cd8d-426e-a246-81a37751bb2b": {
     "min_stack_version": "8.14",
@@ -2258,9 +2258,9 @@
   },
   "210d4430-b371-470e-b879-80b7182aa75e": {
     "rule_name": "Mofcomp Activity",
-    "sha256": "43f37baa64cc4804bd89840d33aefed80888653d43e7e46330bfb4849e0880e3",
+    "sha256": "eef05c9d6268c618653406ebb0048636315857414a69dad77fdebfdc5f04707d",
     "type": "eql",
-    "version": 5
+    "version": 6
   },
   "2112ecce-cd34-11ef-873f-f661ea17fbcd": {
     "rule_name": "SNS Topic Message Publish by Rare User",
@@ -2501,9 +2501,9 @@
       }
     },
     "rule_name": "Potential Relay Attack against a Domain Controller",
-    "sha256": "0ed2079dc7c35c55a5dd08388ae09965a545b30ce73ae9974ab0d607832b6fac",
+    "sha256": "90fe252d7b42afbb9ffb9e3eeb16fca2bf847ec91789821d1fd7a25399a5a1bc",
     "type": "eql",
-    "version": 103
+    "version": 104
   },
   "2636aa6c-88b5-4337-9c31-8d0192a8ef45": {
     "rule_name": "Azure Blob Container Access Level Modification",
@@ -4577,9 +4577,9 @@
   },
   "47f76567-d58a-4fed-b32b-21f571e28910": {
     "rule_name": "Apple Script Execution followed by Network Connection",
-    "sha256": "c7d8db1796112e5e9d32eb1200a16f602a143d55b376da98b030dd7980b792b5",
+    "sha256": "c9df6be08711e9bd55271efaeed40617ea3dc66efb5a3c472e11ee4b7dffe73b",
     "type": "eql",
-    "version": 108
+    "version": 109
   },
   "483c4daf-b0c6-49e0-adf3-0bfa93231d6b": {
     "min_stack_version": "8.14",
@@ -6227,9 +6227,9 @@
       }
     },
     "rule_name": "Account Configured with Never-Expiring Password",
-    "sha256": "fbd13d6ec521fef8ffeaf94e8c126b6c3d610a7440b32fdbec53435987e3e9ea",
+    "sha256": "e764eb540d541d1ccc31e720f48a1e6fd28f31e8d274886aaece979496502235",
     "type": "eql",
-    "version": 212
+    "version": 213
   },
   "62b68eb2-1e47-4da7-85b6-8f478db5b272": {
     "rule_name": "Potential Non-Standard Port HTTP/HTTPS connection",
@@ -6270,9 +6270,9 @@
   },
   "63e381a6-0ffe-4afb-9a26-72a59ad16d7b": {
     "rule_name": "Sensitive Registry Hive Access via RegBack",
-    "sha256": "5fc949c2d8e00d3580f74fc9c2d044a0ed34182238f186e9c60e3f63df540d87",
+    "sha256": "87515f0a24197442f6f6ca7b485c9863754def3667a803880b4481e5a084fdff",
     "type": "eql",
-    "version": 2
+    "version": 3
   },
   "63e65ec3-43b1-45b0-8f2d-45b34291dc44": {
     "min_stack_version": "8.14",
@@ -7521,9 +7521,9 @@
   },
   "78e9b5d5-7c07-40a7-a591-3dbbf464c386": {
     "rule_name": "Suspicious File Renamed via SMB",
-    "sha256": "b06fe72841e973c578410fa85cc532be47a7199c613e59e094aaefce1e311a48",
+    "sha256": "72e26fad3c7116c755452d191ead805897c3c1d5c1bb5f815f437911da14931d",
     "type": "eql",
-    "version": 3
+    "version": 4
   },
   "78ef0c95-9dc2-40ac-a8da-5deb6293a14e": {
     "rule_name": "Unsigned DLL Loaded by Svchost",
@@ -7546,9 +7546,9 @@
   "79543b00-28a5-4461-81ac-644c4dc4012f": {
     "min_stack_version": "8.15",
     "rule_name": "Execution of a Downloaded Windows Script",
-    "sha256": "df935e831f7d3a8b986c24cc07232817bd2044240140b7536cd4bf61cb96811e",
+    "sha256": "20eefdd9ff8232ef3a1fa07f945114c672d29e8d82279caa606c62c8b01eece7",
     "type": "eql",
-    "version": 2
+    "version": 3
   },
   "7957f3b9-f590-4062-b9f9-003c32bfc7d6": {
     "min_stack_version": "8.13",
@@ -8523,9 +8523,9 @@
   },
   "8d3d0794-c776-476b-8674-ee2e685f6470": {
     "rule_name": "Suspicious Interactive Shell Spawned From Inside A Container",
-    "sha256": "bee7fd95d7e5e74fcf59ac4cc197777031c190f90b069ddcbe97bbb18762e92c",
+    "sha256": "3f9d9832999051ccb2f4f680d70c51666a85ffacbbdeb85974b1c3ef4eb6aff4",
     "type": "eql",
-    "version": 3
+    "version": 4
   },
   "8da41fc9-7735-4b24-9cc6-c78dfc9fc9c9": {
     "min_stack_version": "8.13",
@@ -8568,9 +8568,9 @@
       }
     },
     "rule_name": "Potential WSUS Abuse for Lateral Movement",
-    "sha256": "3827103da350a27cb215e645399cf8761a45bbe50c525c2876fa8bcad9570533",
+    "sha256": "93bf077b552d68637b1f5ec442da5952dfac9a2d11adba7777c8199be69b8fcf",
     "type": "eql",
-    "version": 206
+    "version": 207
   },
   "8e39f54e-910b-4adb-a87e-494fbba5fb65": {
     "rule_name": "Potential Outgoing RDP Connection by Unusual Process",
@@ -8812,9 +8812,9 @@
       }
     },
     "rule_name": "Potential Evasion via Windows Filtering Platform",
-    "sha256": "1e99903005310727ca5c0bc4cc21adb68f7c312b54bc690ac668324fec1d34fd",
+    "sha256": "f2f9b1f0bae96ec9051aaa8b62628e6079e822cb5501c2ca5969afbf5d8521a1",
     "type": "eql",
-    "version": 105
+    "version": 106
   },
   "93075852-b0f5-4b8b-89c3-a226efae5726": {
     "rule_name": "AWS STS Role Assumption by Service",
@@ -10550,9 +10550,9 @@
       }
     },
     "rule_name": "Local Scheduled Task Creation",
-    "sha256": "a9a640dba899a3c92c6a25fdfce9b2ce29774069d5e4b49e89209b64d0bd8431",
+    "sha256": "1865a666788e5f1135f4e2809b5054429a200bcdac8bff00717593f7f3331386",
     "type": "eql",
-    "version": 209
+    "version": 210
   },
   "afd04601-12fc-4149-9b78-9c3f8fe45d39": {
     "rule_name": "Network Activity Detected via cat",
@@ -11388,9 +11388,9 @@
       }
     },
     "rule_name": "Execution via Windows Command Debugging Utility",
-    "sha256": "a97e98b65f9fd4cfb965319493b00bacc31ef7a46fb0a50e22baa11a6fba7ac7",
+    "sha256": "1720faed921c7d07dedcada05ff659ef564368cbddc18be19a79320dab755437",
     "type": "eql",
-    "version": 103
+    "version": 104
   },
   "bdfebe11-e169-42e3-b344-c5d2015533d3": {
     "min_stack_version": "8.14",
@@ -11467,9 +11467,9 @@
       }
     },
     "rule_name": "Suspicious DLL Loaded for Persistence or Privilege Escalation",
-    "sha256": "68ed471fcd146543d06d0854313cc5aa6f1e0cd02ff5805bce530ea781ab8d55",
+    "sha256": "c192bb9bb98950970b96a09228a47f17bdfee85d936315b127f88960a07f9fa9",
     "type": "eql",
-    "version": 213
+    "version": 214
   },
   "c02c8b9f-5e1d-463c-a1b0-04edcdfe1a3d": {
     "rule_name": "Potential Privacy Control Bypass via Localhost Secure Copy",
@@ -14494,9 +14494,9 @@
       }
     },
     "rule_name": "BPF filter applied using TC",
-    "sha256": "66e0fd97291e83d09d35179d1e16d22ed0b573f12480ce579f2d06bc6de7b380",
+    "sha256": "7ada39c6d2903cc362c1ded034828a6b929954050f650fa4d3d166b93f3ec78c",
     "type": "eql",
-    "version": 210
+    "version": 211
   },
   "ef100a2e-ecd4-4f72-9d1e-2f779ff3c311": {
     "min_stack_version": "8.13",
@@ -15233,9 +15233,9 @@
       }
     },
     "rule_name": "Untrusted DLL Loaded by Azure AD Sync Service",
-    "sha256": "f38f93c88e156a79c010dfad2f862d22927fc7fef7c08ca2dfa59a780b3d8e9b",
+    "sha256": "2e15e1eb9f168cbe35162f3f54f7fafe7bd69c93f20be54a0724c2a79542ebd7",
     "type": "eql",
-    "version": 102
+    "version": 103
   },
   "f94e898e-94f1-4545-8923-03e4b2866211": {
     "min_stack_version": "8.13",

diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "detection_rules"
-version = "0.4.11"
+version = "0.4.12"
 description = "Detection Rules is the home for rules used by Elastic Security. This repository is used for the development, maintenance, testing, validation, and release of rules for Elastic Security’s Detection Engine."
 readme = "README.md"
 requires-python = ">=3.12"