upgrade analytics version

nasbench · nasbench · commit 04d10316f805 · 2025-01-20T11:02:07.000+01:00
diff --git a/detections/endpoint/linux_auditd_add_user_account.yml b/detections/endpoint/linux_auditd_add_user_account.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd Add User Account
 id: aae66dc0-74b4-4807-b480-b35f8027abb4
-version: 2
-date: '2024-09-30'
+version: 3
+date: '2025-01-20'
 author: Teoderick Contreras, Splunk
 status: production
 type: Anomaly
diff --git a/detections/endpoint/linux_auditd_add_user_account_type.yml b/detections/endpoint/linux_auditd_add_user_account_type.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd Add User Account Type
 id: f8c325ea-506e-4105-8ccf-da1492e90115
-version: 3
-date: '2024-09-30'
+version: 4
+date: '2025-01-20'
 author: Teoderick Contreras, Splunk
 status: production
 type: Anomaly
diff --git a/detections/endpoint/linux_auditd_at_application_execution.yml b/detections/endpoint/linux_auditd_at_application_execution.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd At Application Execution
 id: 9f306e0a-1c36-469e-8892-968ca12470dd
-version: 2
-date: '2024-09-30'
+version: 3
+date: '2025-01-20'
 author: Teoderick Contreras, Splunk
 status: production
 type: Anomaly
diff --git a/detections/endpoint/linux_auditd_auditd_service_stop.yml b/detections/endpoint/linux_auditd_auditd_service_stop.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd Auditd Service Stop
 id: 6cb9d0e1-eabe-41de-a11a-5efade354e9d
-version: 2
-date: '2024-09-30'
+version: 3
+date: '2025-01-20'
 author: Teoderick Contreras, Splunk
 status: production
 type: Anomaly
diff --git a/detections/endpoint/linux_auditd_change_file_owner_to_root.yml b/detections/endpoint/linux_auditd_change_file_owner_to_root.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd Change File Owner To Root
 id: 7b87c556-0ca4-47e0-b84c-6cd62a0a3e90
-version: 3
-date: '2024-10-17'
+version: 4
+date: '2025-01-20'
 author: Teoderick Contreras, Splunk
 status: production
 type: TTP
diff --git a/detections/endpoint/linux_auditd_data_transfer_size_limits_via_split_syscall.yml b/detections/endpoint/linux_auditd_data_transfer_size_limits_via_split_syscall.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd Data Transfer Size Limits Via Split Syscall
 id: c03d4a49-cf9d-435b-86e9-c6f8c9b6c42e
-version: 2
-date: '2024-09-30'
+version: 3
+date: '2025-01-20'
 author: Teoderick Contreras, Splunk
 status: production
 type: Anomaly
diff --git a/detections/endpoint/linux_auditd_dd_file_overwrite.yml b/detections/endpoint/linux_auditd_dd_file_overwrite.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd Dd File Overwrite
 id: d1b74420-4cea-4752-a123-9b40dfcca49a
-version: 2
-date: '2024-09-30'
+version: 3
+date: '2025-01-20'
 author: Teoderick Contreras, Splunk
 status: production
 type: TTP
diff --git a/detections/endpoint/linux_auditd_disable_or_modify_system_firewall.yml b/detections/endpoint/linux_auditd_disable_or_modify_system_firewall.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd Disable Or Modify System Firewall
 id: 07052556-d4b5-4bae-89aa-cbdc1bb11250
-version: 2
-date: '2024-09-30'
+version: 3
+date: '2025-01-20'
 author: Teoderick Contreras, Splunk
 status: production
 type: Anomaly
diff --git a/detections/endpoint/linux_auditd_doas_conf_file_creation.yml b/detections/endpoint/linux_auditd_doas_conf_file_creation.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd Doas Conf File Creation
 id: 61059783-574b-40d2-ac2f-69b898afd6b4
-version: 2
-date: '2024-09-30'
+version: 3
+date: '2025-01-20'
 author: Teoderick Contreras, Splunk
 status: production
 type: TTP
diff --git a/detections/endpoint/linux_auditd_doas_tool_execution.yml b/detections/endpoint/linux_auditd_doas_tool_execution.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd Doas Tool Execution
 id: 91b8ca78-f205-4826-a3ef-cd8d6b24e97b
-version: 2
-date: '2024-09-30'
+version: 3
+date: '2025-01-20'
 author: Teoderick Contreras, Splunk
 status: production
 type: Anomaly
diff --git a/detections/endpoint/linux_auditd_edit_cron_table_parameter.yml b/detections/endpoint/linux_auditd_edit_cron_table_parameter.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd Edit Cron Table Parameter
 id: f4bb7321-7e64-4d1e-b1aa-21f8b019a91f
-version: 2
-date: '2024-09-30'
+version: 3
+date: '2025-01-20'
 author: Teoderick Contreras, Splunk
 status: production
 type: TTP
diff --git a/detections/endpoint/linux_auditd_install_kernel_module_using_modprobe_utility.yml b/detections/endpoint/linux_auditd_install_kernel_module_using_modprobe_utility.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd Install Kernel Module Using Modprobe Utility
 id: 95165985-ace5-4d42-9c42-93a89a5af901
-version: 2
-date: '2024-09-30'
+version: 3
+date: '2025-01-20'
 author: Teoderick Contreras, Splunk
 status: production
 type: Anomaly
diff --git a/detections/endpoint/linux_auditd_kernel_module_using_rmmod_utility.yml b/detections/endpoint/linux_auditd_kernel_module_using_rmmod_utility.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd Kernel Module Using Rmmod Utility
 id: 31810b7a-0abe-42be-a210-0dec8106afee
-version: 2
-date: '2024-09-30'
+version: 3
+date: '2025-01-20'
 author: Teoderick Contreras, Splunk
 status: production
 type: TTP
diff --git a/detections/endpoint/linux_auditd_nopasswd_entry_in_sudoers_file.yml b/detections/endpoint/linux_auditd_nopasswd_entry_in_sudoers_file.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd Nopasswd Entry In Sudoers File
 id: 651df959-ad17-4b73-a323-90cb96d5fa1b
-version: 2
-date: '2024-09-30'
+version: 3
+date: '2025-01-20'
 author: Teoderick Contreras, Splunk
 status: production
 type: Anomaly
diff --git a/detections/endpoint/linux_auditd_osquery_service_stop.yml b/detections/endpoint/linux_auditd_osquery_service_stop.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd Osquery Service Stop
 id: 0c320fea-6e87-4b99-a884-74d09d4b655d
-version: 2
-date: '2024-09-30'
+version: 3
+date: '2025-01-20'
 author: Teoderick Contreras, Splunk
 status: production
 type: TTP
diff --git a/detections/endpoint/linux_auditd_possible_access_or_modification_of_sshd_config_file.yml b/detections/endpoint/linux_auditd_possible_access_or_modification_of_sshd_config_file.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd Possible Access Or Modification Of Sshd Config File
 id: acb3ea33-70f7-47aa-b335-643b3aebcb2f
-version: 2
-date: '2024-09-30'
+version: 3
+date: '2025-01-20'
 author: Teoderick Contreras, Splunk
 status: production
 type: Anomaly
diff --git a/detections/endpoint/linux_auditd_possible_access_to_credential_files.yml b/detections/endpoint/linux_auditd_possible_access_to_credential_files.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd Possible Access To Credential Files
 id: 0419cb7a-57ea-467b-974f-77c303dfe2a3
-version: 2
-date: '2024-09-30'
+version: 3
+date: '2025-01-20'
 author: Teoderick Contreras, Splunk
 status: production
 type: Anomaly
diff --git a/detections/endpoint/linux_auditd_possible_access_to_sudoers_file.yml b/detections/endpoint/linux_auditd_possible_access_to_sudoers_file.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd Possible Access To Sudoers File
 id: 8be88f46-f7e8-4ae6-b15e-cf1b13392834
-version: 2
-date: '2024-09-30'
+version: 3
+date: '2025-01-20'
 author: Teoderick Contreras, Splunk
 status: production
 type: Anomaly
diff --git a/detections/endpoint/linux_auditd_preload_hijack_via_preload_file.yml b/detections/endpoint/linux_auditd_preload_hijack_via_preload_file.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd Preload Hijack Via Preload File
 id: c1b7abca-55cb-4a39-bdfb-e28c1c12745f
-version: 2
-date: '2024-09-30'
+version: 3
+date: '2025-01-20'
 author: Teoderick Contreras, Splunk
 status: production
 type: TTP
diff --git a/detections/endpoint/linux_auditd_service_restarted.yml b/detections/endpoint/linux_auditd_service_restarted.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd Service Restarted
 id: 8eb3e858-18d3-44a4-a514-52cfa39f154a
-version: 2
-date: '2024-09-30'
+version: 3
+date: '2025-01-20'
 author: Teoderick Contreras, Splunk
 status: production
 type: Anomaly
diff --git a/detections/endpoint/linux_auditd_service_started.yml b/detections/endpoint/linux_auditd_service_started.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd Service Started
 id: b5eed06d-5c97-4092-a3a1-fa4b7e77c71a
-version: 2
-date: '2024-09-30'
+version: 3
+date: '2025-01-20'
 author: Teoderick Contreras, Splunk
 status: production
 type: TTP
diff --git a/detections/endpoint/linux_auditd_setuid_using_chmod_utility.yml b/detections/endpoint/linux_auditd_setuid_using_chmod_utility.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd Setuid Using Chmod Utility
 id: 8230c407-1b47-4d95-ac2e-718bd6381386
-version: 2
-date: '2024-09-30'
+version: 3
+date: '2025-01-20'
 author: Teoderick Contreras, Splunk
 status: production
 type: Anomaly
diff --git a/detections/endpoint/linux_auditd_shred_overwrite_command.yml b/detections/endpoint/linux_auditd_shred_overwrite_command.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd Shred Overwrite Command
 id: ce2bde4d-a1d4-4452-8c87-98440e5adfb3
-version: 2
-date: '2024-09-30'
+version: 3
+date: '2025-01-20'
 author: Teoderick Contreras, Splunk
 status: production
 type: TTP
diff --git a/detections/endpoint/linux_auditd_sudo_or_su_execution.yml b/detections/endpoint/linux_auditd_sudo_or_su_execution.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd Sudo Or Su Execution
 id: 817a5c89-5b92-4818-a22d-aa35e1361afe
-version: 2
-date: '2024-09-30'
+version: 3
+date: '2025-01-20'
 author: Teoderick Contreras, Splunk
 status: production
 type: Anomaly
diff --git a/detections/endpoint/linux_auditd_sysmon_service_stop.yml b/detections/endpoint/linux_auditd_sysmon_service_stop.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd Sysmon Service Stop
 id: 20901256-633a-40de-8753-7b88811a460f
-version: 2
-date: '2024-09-30'
+version: 3
+date: '2025-01-20'
 author: Teoderick Contreras, Splunk
 status: production
 type: TTP
diff --git a/detections/endpoint/linux_auditd_system_network_configuration_discovery.yml b/detections/endpoint/linux_auditd_system_network_configuration_discovery.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd System Network Configuration Discovery
 id: 5db16825-81bd-4923-a8d6-d6a13a59832a
-version: 2
-date: '2024-09-30'
+version: 3
+date: '2025-01-20'
 author: Teoderick Contreras, Splunk
 status: production
 type: Anomaly
diff --git a/detections/endpoint/linux_auditd_unix_shell_configuration_modification.yml b/detections/endpoint/linux_auditd_unix_shell_configuration_modification.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd Unix Shell Configuration Modification
 id: 66f737c6-3f7f-46ed-8e9b-cc0e5bf01f04
-version: 2
-date: '2024-09-30'
+version: 3
+date: '2025-01-20'
 author: Teoderick Contreras, Splunk
 status: production
 type: TTP
diff --git a/detections/endpoint/linux_auditd_whoami_user_discovery.yml b/detections/endpoint/linux_auditd_whoami_user_discovery.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd Whoami User Discovery
 id: d1ff2e22-310d-446a-80b3-faedaa7b3b52
-version: 2
-date: '2024-09-30'
+version: 3
+date: '2025-01-20'
 author: Teoderick Contreras, Splunk
 status: production
 type: Anomaly
diff --git a/detections/endpoint/microsoft_defender_atp_alerts.yml b/detections/endpoint/microsoft_defender_atp_alerts.yml
@@ -1,7 +1,7 @@
 name: Microsoft Defender ATP Alerts
 id: 38f034ed-1598-46c8-95e8-14edf05fdf5d
-version: 1
-date: '2024-10-30'
+version: 2
+date: '2025-01-20'
 author: Bryan Pluta, Bhavin Patel, Splunk
 status: production
 type: TTP
diff --git a/detections/endpoint/microsoft_defender_incident_alerts.yml b/detections/endpoint/microsoft_defender_incident_alerts.yml
@@ -1,7 +1,7 @@
 name: Microsoft Defender Incident Alerts
 id: 13435b55-afd8-46d4-9045-7d5457f430a5
-version: 1
-date: '2024-10-30'
+version: 2
+date: '2025-01-20'
 author: Bryan Pluta, Bhavin Patel, Splunk
 status: production
 type: TTP
diff --git a/detections/endpoint/print_spooler_failed_to_load_a_plug_in.yml b/detections/endpoint/print_spooler_failed_to_load_a_plug_in.yml
@@ -1,7 +1,7 @@
 name: Print Spooler Failed to Load a Plug-in
 id: 1adc9548-da7c-11eb-8f13-acde48001122
-version: 3
-date: '2024-09-30'
+version: 4
+date: '2025-01-20'
 author: Mauricio Velazco, Michael Haag, Splunk
 status: production
 type: TTP
diff --git a/detections/endpoint/windows_domain_admin_impersonation_indicator.yml b/detections/endpoint/windows_domain_admin_impersonation_indicator.yml
@@ -1,7 +1,7 @@
 name: Windows Domain Admin Impersonation Indicator
 id: 10381f93-6d38-470a-9c30-d25478e3bd3f
-version: '5'
-date: '2024-11-28'
+version: 6
+date: '2025-01-20'
 author: Mauricio Velazco, Splunk
 status: production
 type: TTP
