Bump version for endpoint promotion rules for 7.12.1

etc/version.lock.json

@@ -106,8 +106,8 @@
   },
   "0a97b20f-4144-49ea-be32-b540ecc445de": {
     "rule_name": "Malware - Detected - Elastic Endgame",
-    "sha256": "00f0fcc8e4641d92ddcd42b804404c551bdeca5e6d327e99b421533b456b060b",
-    "version": 5
+    "sha256": "9b7bd55891baec28d77bb897969b40cc982c15102259ffff69b3796919202dbd",
+    "version": 6
   },
   "0b29cab4-dbbd-4a3f-9e8e-1287c7c11ae5": {
     "rule_name": "Anomalous Windows Process Creation",
@@ -356,8 +356,8 @@
   },
   "2003cdc8-8d83-4aa5-b132-1f9a8eb48514": {
     "rule_name": "Exploit - Detected - Elastic Endgame",
-    "sha256": "6641c38a9f21bb4d011f23be360818e0a26261aee77dd52572cb4b1e74db9d54",
-    "version": 5
+    "sha256": "da7b6e128ad5867cbd3456cf71fb4583caf272f62e76d422a6e765b5a019b508",
+    "version": 6
   },
   "201200f1-a99b-43fb-88ed-f65a45c4972c": {
     "rule_name": "Suspicious .NET Code Compilation",
@@ -451,8 +451,8 @@
   },
   "2863ffeb-bf77-44dd-b7a5-93ef94b72036": {
     "rule_name": "Exploit - Prevented - Elastic Endgame",
-    "sha256": "fd0d6607641a2a3fe279fa21859438372610f47c0073b8cff12a4b16d4482a5f",
-    "version": 5
+    "sha256": "027892bbc77dec382e1fff007e985d1ddaa09db9765397a995bca7504228a92d",
+    "version": 6
   },
   "28896382-7d4f-4d50-9b72-67091901fd26": {
     "rule_name": "Suspicious Process from Conhost",
@@ -646,8 +646,8 @@
   },
   "3b382770-efbb-44f4-beed-f5e0a051b895": {
     "rule_name": "Malware - Prevented - Elastic Endgame",
-    "sha256": "50b2c302ad283dc7ef63c2d065b0af314e0ece8c2c206130440099a3f7377e8e",
-    "version": 5
+    "sha256": "ee3b4a6b601f7f4929ff9f2d474a2deab9cef75f96c390b99208f95b12d8d619",
+    "version": 6
   },
   "3b47900d-e793-49e8-968f-c90dc3526aa1": {
     "rule_name": "Unusual Parent Process for cmd.exe",
@@ -726,8 +726,8 @@
   },
   "453f659e-0429-40b1-bfdb-b6957286e04b": {
     "rule_name": "Permission Theft - Prevented - Elastic Endgame",
-    "sha256": "6bc20dfde21b99bceb78555445eed77ed4cc1aeaacee0be75f5be13d6baff80f",
-    "version": 5
+    "sha256": "905e269e6ada516092e74e17fb1bb5d2bdc1ffdff1d87d42e253940d621e10bc",
+    "version": 6
   },
   "45ac4800-840f-414c-b221-53dd36a5aaf7": {
     "rule_name": "Windows Event Logs Cleared",
@@ -901,8 +901,8 @@
   },
   "571afc56-5ed9-465d-a2a9-045f099f6e7e": {
     "rule_name": "Credential Dumping - Detected - Elastic Endgame",
-    "sha256": "92dbac698697ff1baba20201340efa2fa6909bd0332febd19dc7b120157b8288",
-    "version": 5
+    "sha256": "e75e954e18e9d0dc6cbbbdbcb5deb63eb2dd29996703bc5dc2af235c82af3b0c",
+    "version": 6
   },
   "581add16-df76-42bb-af8e-c979bfb39a59": {
     "rule_name": "Deleting Backup Catalogs with Wbadmin",
@@ -1266,8 +1266,8 @@
   },
   "77a3c3df-8ec4-4da4-b758-878f551dee69": {
     "rule_name": "Adversary Behavior - Detected - Elastic Endgame",
-    "sha256": "3d4c7e624f49095b9d4e05a486080f30e75d992cbac6947a37cbba3922afb684",
-    "version": 5
+    "sha256": "8319fdbcc75a28932ed1ad89f7cae48a392d08b6bfd4a78ff5272c567bd03f6a",
+    "version": 6
   },
   "785a404b-75aa-4ffd-8be5-3334a5a544dd": {
     "rule_name": "Application Added to Google Workspace Domain",
@@ -1331,8 +1331,8 @@
   },
   "80c52164-c82a-402c-9964-852533d58be1": {
     "rule_name": "Process Injection - Detected - Elastic Endgame",
-    "sha256": "1230896bf33c82b435b0a085a3cc4d4211dc4910eee62d13d35e8cd672bb3f9d",
-    "version": 5
+    "sha256": "e8ed57396574222f759925fd3d4da6c63688d077a18de5a0bcec00ecf6de88d5",
+    "version": 6
   },
   "81cc58f5-8062-49a2-ba84-5cc4b4d31c40": {
     "rule_name": "Persistence via Kernel Module Modification",
@@ -1436,8 +1436,8 @@
   },
   "8cb4f625-7743-4dfb-ae1b-ad92be9df7bd": {
     "rule_name": "Ransomware - Detected - Elastic Endgame",
-    "sha256": "f887bad77276d23f9ce70a494ad975b51f2435f0f81308eb19c6b8f7760f5047",
-    "version": 5
+    "sha256": "d8491d74b0dd8ca7304f3b8147e98c0dbb00f6551f61cc67bcbeb2a9a8ed8336",
+    "version": 6
   },
   "8ddab73b-3d15-4e5d-9413-47f05553c1d7": {
     "rule_name": "Azure Automation Runbook Deleted",
@@ -1591,8 +1591,8 @@
   },
   "990838aa-a953-4f3e-b3cb-6ddf7584de9e": {
     "rule_name": "Process Injection - Prevented - Elastic Endgame",
-    "sha256": "c88ab010c4f6cce83349370811a1c01d6910cd907c7003a960779c7a87788b78",
-    "version": 5
+    "sha256": "c3f63131525208fb1a8d655818506192b58ed5ddca6f26501f96672999d58085",
+    "version": 6
   },
   "99239e7d-b0d4-46e3-8609-acafcf99f68c": {
     "rule_name": "macOS Installer Spawns Network Event",
@@ -2036,8 +2036,8 @@
   },
   "c0be5f31-e180-48ed-aa08-96b36899d48f": {
     "rule_name": "Credential Manipulation - Detected - Elastic Endgame",
-    "sha256": "beac6937eddc5c8bf327f253e55ae6002c455efcf0f7ad0115c03ee4b5ac28f0",
-    "version": 5
+    "sha256": "a536250a00d6139b67326b7a160bef3ce820b1202add2eb68e37aea8c81b572b",
+    "version": 6
   },
   "c25e9c87-95e1-4368-bfab-9fd34cf867ec": {
     "rule_name": "Microsoft IIS Connection Strings Decryption",
@@ -2061,8 +2061,8 @@
   },
   "c3167e1b-f73c-41be-b60b-87f4df707fe3": {
     "rule_name": "Permission Theft - Detected - Elastic Endgame",
-    "sha256": "1daef429f179b7b2decc62fd0040a1a0869724f0c5ad862e930de744a7ea8d20",
-    "version": 5
+    "sha256": "b8e5fdd1a58640907a636b837eff2d2740c456b57954eac5fe0325d8f31c156c",
+    "version": 6
   },
   "c4210e1c-64f2-4f48-b67e-b5a8ffe3aa14": {
     "rule_name": "Mounting Hidden or WebDav Remote Shares",
@@ -2131,8 +2131,8 @@
   },
   "c9e38e64-3f4c-4bf3-ad48-0e61a60ea1fa": {
     "rule_name": "Credential Manipulation - Prevented - Elastic Endgame",
-    "sha256": "8701300b12edca7b1d753f35667a8ac660486880e262916978b2d93fc36f9b85",
-    "version": 5
+    "sha256": "490cbfae68721fb35c3c8b8a0d41bc4b6efed8cc396d829e4afecc2e651c9ae1",
+    "version": 6
   },
   "ca79768e-40e1-4e45-a097-0e5fbc876ac2": {
     "rule_name": "Microsoft 365 Exchange Malware Filter Rule Modification",
@@ -2346,8 +2346,8 @@
   },
   "db8c33a8-03cd-4988-9e2c-d0a4863adb13": {
     "rule_name": "Credential Dumping - Prevented - Elastic Endgame",
-    "sha256": "c96b35d3ac54f63415568d6a1f55de7c57c1b8e3e7bdff5e38c956812059b15e",
-    "version": 5
+    "sha256": "27d6e4256f3c3e790e0339e015ee47e5c922269bdbb9091c04efe12ed0ec4592",
+    "version": 6
   },
   "dc9c1f74-dac3-48e3-b47f-eb79db358f57": {
     "rule_name": "Volume Shadow Copy Deletion via WMIC",
@@ -2431,8 +2431,8 @@
   },
   "e3c5d5cb-41d5-4206-805c-f30561eae3ac": {
     "rule_name": "Ransomware - Prevented - Elastic Endgame",
-    "sha256": "2fc23dc4ae8c8b6aa5864423da31e254624822a593ee182936070c3436dfa49b",
-    "version": 5
+    "sha256": "843eb805ba1977ac107e77885fa675b0633fea7cdf90a7437b83997cfe6ff5c8",
+    "version": 6
   },
   "e3cf38fa-d5b8-46cc-87f9-4a7513e4281d": {
     "rule_name": "Connection to Commonly Abused Free SSL Certificate Providers",

rules/promotions/endgame_adversary_behavior_detected.toml

@@ -19,7 +19,6 @@ risk_score = 47
 rule_id = "77a3c3df-8ec4-4da4-b758-878f551dee69"
 severity = "medium"
 tags = ["Elastic", "Elastic Endgame"]
-timestamp_override = "event.ingested"
 type = "query"
 
 query = '''

rules/promotions/endgame_cred_dumping_detected.toml

@@ -19,7 +19,6 @@ risk_score = 73
 rule_id = "571afc56-5ed9-465d-a2a9-045f099f6e7e"
 severity = "high"
 tags = ["Elastic", "Elastic Endgame"]
-timestamp_override = "event.ingested"
 type = "query"
 
 query = '''

rules/promotions/endgame_cred_dumping_prevented.toml

@@ -19,7 +19,6 @@ risk_score = 47
 rule_id = "db8c33a8-03cd-4988-9e2c-d0a4863adb13"
 severity = "medium"
 tags = ["Elastic", "Elastic Endgame"]
-timestamp_override = "event.ingested"
 type = "query"
 
 query = '''

rules/promotions/endgame_cred_manipulation_detected.toml

@@ -19,7 +19,6 @@ risk_score = 73
 rule_id = "c0be5f31-e180-48ed-aa08-96b36899d48f"
 severity = "high"
 tags = ["Elastic", "Elastic Endgame"]
-timestamp_override = "event.ingested"
 type = "query"
 
 query = '''

rules/promotions/endgame_cred_manipulation_prevented.toml

@@ -19,7 +19,6 @@ risk_score = 47
 rule_id = "c9e38e64-3f4c-4bf3-ad48-0e61a60ea1fa"
 severity = "medium"
 tags = ["Elastic", "Elastic Endgame"]
-timestamp_override = "event.ingested"
 type = "query"
 
 query = '''

rules/promotions/endgame_exploit_detected.toml

@@ -19,7 +19,6 @@ risk_score = 73
 rule_id = "2003cdc8-8d83-4aa5-b132-1f9a8eb48514"
 severity = "high"
 tags = ["Elastic", "Elastic Endgame"]
-timestamp_override = "event.ingested"
 type = "query"
 
 query = '''

rules/promotions/endgame_exploit_prevented.toml

@@ -19,7 +19,6 @@ risk_score = 47
 rule_id = "2863ffeb-bf77-44dd-b7a5-93ef94b72036"
 severity = "medium"
 tags = ["Elastic", "Elastic Endgame"]
-timestamp_override = "event.ingested"
 type = "query"
 
 query = '''

rules/promotions/endgame_malware_detected.toml

@@ -19,7 +19,6 @@ risk_score = 99
 rule_id = "0a97b20f-4144-49ea-be32-b540ecc445de"
 severity = "critical"
 tags = ["Elastic", "Elastic Endgame"]
-timestamp_override = "event.ingested"
 type = "query"
 
 query = '''

rules/promotions/endgame_malware_prevented.toml

@@ -19,7 +19,6 @@ risk_score = 73
 rule_id = "3b382770-efbb-44f4-beed-f5e0a051b895"
 severity = "high"
 tags = ["Elastic", "Elastic Endgame"]
-timestamp_override = "event.ingested"
 type = "query"
 
 query = '''

rules/promotions/endgame_permission_theft_detected.toml

@@ -19,7 +19,6 @@ risk_score = 73
 rule_id = "c3167e1b-f73c-41be-b60b-87f4df707fe3"
 severity = "high"
 tags = ["Elastic", "Elastic Endgame"]
-timestamp_override = "event.ingested"
 type = "query"
 
 query = '''

rules/promotions/endgame_permission_theft_prevented.toml

@@ -19,7 +19,6 @@ risk_score = 47
 rule_id = "453f659e-0429-40b1-bfdb-b6957286e04b"
 severity = "medium"
 tags = ["Elastic", "Elastic Endgame"]
-timestamp_override = "event.ingested"
 type = "query"
 
 query = '''

rules/promotions/endgame_process_injection_detected.toml

@@ -19,7 +19,6 @@ risk_score = 73
 rule_id = "80c52164-c82a-402c-9964-852533d58be1"
 severity = "high"
 tags = ["Elastic", "Elastic Endgame"]
-timestamp_override = "event.ingested"
 type = "query"
 
 query = '''

rules/promotions/endgame_process_injection_prevented.toml

@@ -19,7 +19,6 @@ risk_score = 47
 rule_id = "990838aa-a953-4f3e-b3cb-6ddf7584de9e"
 severity = "medium"
 tags = ["Elastic", "Elastic Endgame"]
-timestamp_override = "event.ingested"
 type = "query"
 
 query = '''

rules/promotions/endgame_ransomware_detected.toml

@@ -19,7 +19,6 @@ risk_score = 99
 rule_id = "8cb4f625-7743-4dfb-ae1b-ad92be9df7bd"
 severity = "critical"
 tags = ["Elastic", "Elastic Endgame"]
-timestamp_override = "event.ingested"
 type = "query"
 
 query = '''

rules/promotions/endgame_ransomware_prevented.toml

@@ -19,7 +19,6 @@ risk_score = 73
 rule_id = "e3c5d5cb-41d5-4206-805c-f30561eae3ac"
 severity = "high"
 tags = ["Elastic", "Elastic Endgame"]
-timestamp_override = "event.ingested"
 type = "query"
 
 query = '''