Deprecated old GItHub detections

Patrick Bareiss · Patrick Bareiss · commit b7298867d338 · 2025-01-15T11:01:38.000+01:00
diff --git a/detections/deprecated/github_pull_request_from_unknown_user.yml b/detections/deprecated/github_pull_request_from_unknown_user.yml
@@ -1,9 +1,9 @@
 name: GitHub Pull Request from Unknown User
 id: 9d7b9100-8878-4404-914e-ca5e551a641e
-version: 3
-date: '2024-09-30'
+version: 4
+date: '2025-01-15'
 author: Patrick Bareiss, Splunk
-status: production
+status: deprecated
 type: Anomaly
 description: The following analytic detects pull requests from unknown users on GitHub. It uses a Splunk query to identify pull requests where the user ID is not specified and cross-references these with a known users lookup table. This activity is significant because pull requests from unknown users can introduce malicious code or unauthorized changes to repositories. If confirmed malicious, this could lead to unauthorized code changes, data breaches, or other security incidents. Immediate steps include reviewing the author's name, repository, head reference, and commit message, and investigating any related artifacts and processes.
 data_source:
