diff --git a/rules/windows/defense_evasion_msiexec_child_proc_netcon.toml b/rules/windows/defense_evasion_msiexec_child_proc_netcon.toml index c2cf0ce22e0..02c86e40189 100644 --- a/rules/windows/defense_evasion_msiexec_child_proc_netcon.toml +++ b/rules/windows/defense_evasion_msiexec_child_proc_netcon.toml @@ -2,7 +2,9 @@ creation_date = "2024/09/09" integration = ["endpoint", "windows", "sentinel_one_cloud_funnel"] maturity = "production" -updated_date = "2024/09/09" +min_stack_comments = "Breaking change at 8.13.0 for SentinelOne Integration." +min_stack_version = "8.13.0" +updated_date = "2024/09/16" [rule] author = ["Elastic"] diff --git a/rules/windows/execution_initial_access_foxmail_exploit.toml b/rules/windows/execution_initial_access_foxmail_exploit.toml index bc4f765992e..1e7b2bb13c8 100644 --- a/rules/windows/execution_initial_access_foxmail_exploit.toml +++ b/rules/windows/execution_initial_access_foxmail_exploit.toml @@ -2,7 +2,9 @@ creation_date = "2024/08/29" integration = ["endpoint", "windows", "system", "sentinel_one_cloud_funnel", "m365_defender"] maturity = "production" -updated_date = "2024/09/16" +min_stack_comments = "Breaking change at 8.13.0 for SentinelOne Integration." +min_stack_version = "8.13.0" +updated_date = "2024/09/17" [rule] author = ["Elastic"] diff --git a/rules/windows/execution_powershell_susp_args_via_winscript.toml b/rules/windows/execution_powershell_susp_args_via_winscript.toml index 5a8c4f4e0d2..058f714a9fc 100644 --- a/rules/windows/execution_powershell_susp_args_via_winscript.toml +++ b/rules/windows/execution_powershell_susp_args_via_winscript.toml @@ -2,7 +2,9 @@ creation_date = "2024/09/09" integration = ["windows", "system", "sentinel_one_cloud_funnel", "m365_defender"] maturity = "production" -updated_date = "2024/09/09" +min_stack_comments = "Breaking change at 8.13.0 for SentinelOne Integration." +min_stack_version = "8.13.0" +updated_date = "2024/09/16" [rule] author = ["Elastic"] diff --git a/rules/windows/execution_windows_cmd_shell_susp_args.toml b/rules/windows/execution_windows_cmd_shell_susp_args.toml index ab81b7fd39e..5d000eb6015 100644 --- a/rules/windows/execution_windows_cmd_shell_susp_args.toml +++ b/rules/windows/execution_windows_cmd_shell_susp_args.toml @@ -2,7 +2,9 @@ creation_date = "2024/09/06" integration = ["windows", "system", "sentinel_one_cloud_funnel", "m365_defender"] maturity = "production" -updated_date = "2024/09/06" +min_stack_comments = "Breaking change at 8.13.0 for SentinelOne Integration." +min_stack_version = "8.13.0" +updated_date = "2024/09/16" [rule] author = ["Elastic"] diff --git a/rules/windows/execution_windows_powershell_susp_args.toml b/rules/windows/execution_windows_powershell_susp_args.toml index 1c7bc8f804d..f0fb956a382 100644 --- a/rules/windows/execution_windows_powershell_susp_args.toml +++ b/rules/windows/execution_windows_powershell_susp_args.toml @@ -2,7 +2,9 @@ creation_date = "2024/09/06" integration = ["windows", "system", "sentinel_one_cloud_funnel", "m365_defender"] maturity = "production" -updated_date = "2024/09/06" +min_stack_comments = "Breaking change at 8.13.0 for SentinelOne Integration." +min_stack_version = "8.13.0" +updated_date = "2024/09/16" [rule] author = ["Elastic"] diff --git a/rules/windows/privilege_escalation_msi_repair_via_mshelp_link.toml b/rules/windows/privilege_escalation_msi_repair_via_mshelp_link.toml index 5db7bffb3f0..698914de208 100644 --- a/rules/windows/privilege_escalation_msi_repair_via_mshelp_link.toml +++ b/rules/windows/privilege_escalation_msi_repair_via_mshelp_link.toml @@ -2,7 +2,9 @@ creation_date = "2024/09/12" integration = ["endpoint", "sentinel_one_cloud_funnel", "m365_defender"] maturity = "production" -updated_date = "2024/09/12" +min_stack_comments = "Breaking change at 8.13.0 for SentinelOne Integration." +min_stack_version = "8.13.0" +updated_date = "2024/09/16" [rule] author = ["Elastic"]