Merge pull request #3286 from splunk/version_bump_alpha2

Version bumps

detections/application/crushftp_server_side_template_injection.yml

@@ -1,7 +1,7 @@
 name: CrushFTP Server Side Template Injection
 id: ccf6b7a3-bd39-4bc9-a949-143a8d640dbc
-version: 2
-date: '2024-09-30'
+version: 3
+date: '2025-01-21'
 author: Michael Haag, Splunk
 data_source:
 - CrushFTP

detections/application/detect_distributed_password_spray_attempts.yml

@@ -1,7 +1,7 @@
 name: Detect Distributed Password Spray Attempts
 id: b1a82fc8-8a9f-4344-9ec2-bde5c5331b57
-version: 2
-date: '2024-10-17'
+version: 3
+date: '2025-01-21'
 author: Dean Luxton
 status: production
 type: Hunting

detections/application/detect_new_login_attempts_to_routers.yml

@@ -1,7 +1,7 @@
 name: Detect New Login Attempts to Routers
 id: bce3ed7c-9b1f-42a0-abdf-d8b123a34836
-version: 3
-date: '2024-10-17'
+version: 4
+date: '2025-01-21'
 author: Bhavin Patel, Splunk
 status: experimental
 type: TTP

detections/application/detect_password_spray_attempts.yml

@@ -1,7 +1,7 @@
 name: Detect Password Spray Attempts
 id: 086ab581-8877-42b3-9aee-4a7ecb0923af
-version: 4
-date: '2024-10-17'
+version: 5
+date: '2025-01-21'
 author: Dean Luxton
 status: production
 type: TTP

detections/application/email_attachments_with_lots_of_spaces.yml

@@ -1,7 +1,7 @@
 name: Email Attachments With Lots Of Spaces
 id: 56e877a6-1455-4479-ada6-0550dc1e22f8
-version: 4
-date: '2024-10-17'
+version: 5
+date: '2025-01-21'
 author: David Dorsey, Splunk
 status: experimental
 type: Anomaly

detections/application/email_files_written_outside_of_the_outlook_directory.yml

@@ -1,7 +1,7 @@
 name: Email files written outside of the Outlook directory
 id: 8d52cf03-ba25-4101-aa78-07994aed4f74
-version: 5
-date: '2024-10-17'
+version: 6
+date: '2025-01-21'
 author: Bhavin Patel, Splunk
 status: experimental
 type: TTP

detections/application/email_servers_sending_high_volume_traffic_to_hosts.yml

@@ -1,7 +1,7 @@
 name: Email servers sending high volume traffic to hosts
 id: 7f5fb3e1-4209-4914-90db-0ec21b556378
-version: 4
-date: '2024-10-17'
+version: 5
+date: '2025-01-21'
 author: Bhavin Patel, Splunk
 status: experimental
 type: Anomaly

detections/application/ivanti_vtm_new_account_creation.yml

@@ -1,7 +1,7 @@
 name: Ivanti VTM New Account Creation
 id: b04be6e5-2002-4349-8742-52285635b8f5
-version: 2
-date: '2024-09-30'
+version: 3
+date: '2025-01-21'
 author: Michael Haag, Splunk
 data_source:
 - Ivanti VTM Audit

detections/application/monitor_email_for_brand_abuse.yml

@@ -1,7 +1,7 @@
 name: Monitor Email For Brand Abuse
 id: b2ea1f38-3a3e-4b8a-9cf1-82760d86a6b8
-version: 4
-date: '2024-10-17'
+version: 5
+date: '2025-01-21'
 author: David Dorsey, Splunk
 status: experimental
 type: TTP

detections/application/no_windows_updates_in_a_time_frame.yml

@@ -1,7 +1,7 @@
 name: No Windows Updates in a time frame
 id: 1a77c08c-2f56-409c-a2d3-7d64617edd4f
-version: 3
-date: '2024-10-17'
+version: 4
+date: '2025-01-21'
 author: Bhavin Patel, Splunk
 status: experimental
 type: Hunting

detections/application/okta_authentication_failed_during_mfa_challenge.yml

@@ -1,7 +1,7 @@
 name: Okta Authentication Failed During MFA Challenge
 id: e2b99e7d-d956-411a-a120-2b14adfdde93
-version: 3
-date: '2024-09-30'
+version: 4
+date: '2025-01-21'
 author: Bhavin Patel, Splunk
 data_source:
 - Okta

detections/application/okta_idp_lifecycle_modifications.yml

@@ -1,7 +1,7 @@
 name: Okta IDP Lifecycle Modifications
 id: e0be2c83-5526-4219-a14f-c3db2e763d15
-version: 3
-date: '2024-09-30'
+version: 4
+date: '2025-01-21'
 author: Bhavin Patel, Splunk
 data_source:
 - Okta

detections/application/okta_mfa_exhaustion_hunt.yml

@@ -1,7 +1,7 @@
 name: Okta MFA Exhaustion Hunt
 id: 97e2fe57-3740-402c-988a-76b64ce04b8d
-version: 4
-date: '2024-10-17'
+version: 5
+date: '2025-01-21'
 author: Michael Haag, Marissa Bower, Mauricio Velazco, Splunk
 status: production
 type: Hunting

detections/application/okta_mismatch_between_source_and_response_for_verify_push_request.yml

@@ -1,7 +1,7 @@
 name: Okta Mismatch Between Source and Response for Verify Push Request
 id: 8085b79b-9b85-4e67-ad63-351c9e9a5e9a
-version: 4
-date: '2024-11-19'
+version: 5
+date: '2025-01-21'
 author: John Murphy and Jordan Ruocco, Okta, Michael Haag, Bhavin Patel, Splunk
 type: TTP
 status: production

detections/application/okta_multi_factor_authentication_disabled.yml

@@ -1,7 +1,7 @@
 name: Okta Multi-Factor Authentication Disabled
 id: 7c0348ce-bdf9-45f6-8a57-c18b5976f00a
-version: 4
-date: '2024-09-30'
+version: 5
+date: '2025-01-21'
 author: Mauricio Velazco, Splunk
 data_source:
 - Okta

detections/application/okta_multiple_accounts_locked_out.yml

@@ -1,7 +1,7 @@
 name: Okta Multiple Accounts Locked Out
 id: a511426e-184f-4de6-8711-cfd2af29d1e1
-version: 3
-date: '2024-09-30'
+version: 4
+date: '2025-01-21'
 author: Michael Haag, Mauricio Velazco, Splunk
 data_source:
 - Okta

detections/application/okta_multiple_failed_mfa_requests_for_user.yml

@@ -1,7 +1,7 @@
 name: Okta Multiple Failed MFA Requests For User
 id: 826dbaae-a1e6-4c8c-b384-d16898956e73
-version: 4
-date: '2024-09-30'
+version: 5
+date: '2025-01-21'
 author: Mauricio Velazco, Splunk
 data_source:
 - Okta

detections/application/okta_multiple_failed_requests_to_access_applications.yml

@@ -1,7 +1,7 @@
 name: Okta Multiple Failed Requests to Access Applications
 id: 1c21fed1-7000-4a2e-9105-5aaafa437247
-version: 3
-date: '2024-10-17'
+version: 4
+date: '2025-01-21'
 author: John Murphy, Okta, Michael Haag, Splunk
 type: Hunting
 status: experimental

detections/application/okta_multiple_users_failing_to_authenticate_from_ip.yml

@@ -1,7 +1,7 @@
 name: Okta Multiple Users Failing To Authenticate From Ip
 id: de365ffa-42f5-46b5-b43f-fa72290b8218
-version: 4
-date: '2024-09-30'
+version: 5
+date: '2025-01-21'
 author: Michael Haag, Mauricio Velazco, Splunk
 data_source:
 - Okta

detections/application/okta_new_api_token_created.yml

@@ -1,7 +1,7 @@
 name: Okta New API Token Created
 id: c3d22720-35d3-4da4-bd0a-740d37192bd4
-version: 5
-date: '2024-09-30'
+version: 6
+date: '2025-01-21'
 author: Michael Haag, Mauricio Velazco, Splunk
 status: production
 type: TTP

detections/application/okta_new_device_enrolled_on_account.yml

@@ -1,7 +1,7 @@
 name: Okta New Device Enrolled on Account
 id: bb27cbce-d4de-432c-932f-2e206e9130fb
-version: 5
-date: '2024-09-30'
+version: 6
+date: '2025-01-21'
 author: Michael Haag, Mauricio Velazco, Splunk
 status: production
 type: TTP

detections/application/okta_phishing_detection_with_fastpass_origin_check.yml

@@ -1,7 +1,7 @@
 name: Okta Phishing Detection with FastPass Origin Check
 id: f4ca0057-cbf3-44f8-82ea-4e330ee901d3
-version: 3
-date: '2024-10-17'
+version: 4
+date: '2025-01-21'
 author: Okta, Inc, Michael Haag, Splunk
 type: TTP
 status: experimental

detections/application/okta_risk_threshold_exceeded.yml

@@ -1,7 +1,7 @@
 name: Okta Risk Threshold Exceeded
 id: d8b967dd-657f-4d88-93b5-c588bcd7218c
-version: 4
-date: '2024-09-30'
+version: 5
+date: '2025-01-21'
 author: Michael Haag, Bhavin Patel, Splunk
 status: production
 type: Correlation

detections/application/okta_successful_single_factor_authentication.yml

@@ -1,7 +1,7 @@
 name: Okta Successful Single Factor Authentication
 id: 98f6ad4f-4325-4096-9d69-45dc8e638e82
-version: 3
-date: '2024-09-30'
+version: 4
+date: '2025-01-21'
 author: Bhavin Patel, Splunk
 data_source:
 - Okta

detections/application/okta_suspicious_activity_reported.yml

@@ -1,7 +1,7 @@
 name: Okta Suspicious Activity Reported
 id: bfc840f5-c9c6-454c-aa13-b46fd0bf1e79
-version: 4
-date: '2024-09-30'
+version: 5
+date: '2025-01-21'
 author: Michael Haag, Splunk
 status: production
 type: TTP

detections/application/okta_suspicious_use_of_a_session_cookie.yml

@@ -1,7 +1,7 @@
 name: Okta Suspicious Use of a Session Cookie
 id: 71ad47d1-d6bd-4e0a-b35c-020ad9a6959e
-version: 4
-date: '2024-09-30'
+version: 5
+date: '2025-01-21'
 author: Scott Dermott, Felicity Robson, Okta, Michael Haag, Bhavin Patel, Splunk
 type: Anomaly
 status: production

detections/application/okta_threatinsight_threat_detected.yml

@@ -1,7 +1,7 @@
 name: Okta ThreatInsight Threat Detected
 id: 140504ae-5fe2-4d65-b2bc-a211813fbca6
-version: 4
-date: '2024-09-30'
+version: 5
+date: '2025-01-21'
 author: Michael Haag, Mauricio Velazco, Splunk
 status: production
 type: Anomaly

detections/application/okta_unauthorized_access_to_application.yml

@@ -1,7 +1,7 @@
 name: Okta Unauthorized Access to Application
 id: 5f661629-9750-4cb9-897c-1f05d6db8727
-version: 3
-date: '2024-09-30'
+version: 4
+date: '2025-01-21'
 author: Bhavin Patel, Splunk
 data_source:
 - Okta

detections/application/okta_user_logins_from_multiple_cities.yml

@@ -1,7 +1,7 @@
 name: Okta User Logins from Multiple Cities
 id: a3d1df37-c2a9-41d0-aa8f-59f82d6192a8
-version: 3
-date: '2024-09-30'
+version: 4
+date: '2025-01-21'
 author: Bhavin Patel, Splunk
 data_source:
 - Okta

detections/application/pingid_mismatch_auth_source_and_verification_response.yml

@@ -1,7 +1,7 @@
 name: PingID Mismatch Auth Source and Verification Response
 id: 15b0694e-caa2-4009-8d83-a1f98b86d086
-version: 3
-date: '2024-09-30'
+version: 4
+date: '2025-01-21'
 author: Steven Dick
 status: production
 type: TTP

detections/application/pingid_multiple_failed_mfa_requests_for_user.yml

@@ -1,7 +1,7 @@
 name: PingID Multiple Failed MFA Requests For User
 id: c1bc706a-0025-4814-ad30-288f38865036
-version: 3
-date: '2024-09-30'
+version: 4
+date: '2025-01-21'
 author: Steven Dick
 status: production
 type: TTP

detections/application/pingid_new_mfa_method_after_credential_reset.yml

@@ -1,7 +1,7 @@
 name: PingID New MFA Method After Credential Reset
 id: 2fcbce12-cffa-4c84-b70c-192604d201d0
-version: 3
-date: '2024-09-30'
+version: 4
+date: '2025-01-21'
 author: Steven Dick
 status: production
 type: TTP

detections/application/pingid_new_mfa_method_registered_for_user.yml

@@ -1,7 +1,7 @@
 name: PingID New MFA Method Registered For User
 id: 892dfeaf-461d-4a78-aac8-b07e185c9bce
-version: 3
-date: '2024-09-30'
+version: 4
+date: '2025-01-21'
 author: Steven Dick
 status: production
 type: TTP

detections/application/suspicious_email_attachment_extensions.yml

@@ -1,7 +1,7 @@
 name: Suspicious Email Attachment Extensions
 id: 473bd65f-06ca-4dfe-a2b8-ba04ab4a0084
-version: 5
-date: '2024-10-17'
+version: 6
+date: '2025-01-21'
 author: David Dorsey, Splunk
 status: experimental
 type: Anomaly

detections/application/suspicious_java_classes.yml

@@ -1,7 +1,7 @@
 name: Suspicious Java Classes
 id: 6ed33786-5e87-4f55-b62c-cb5f1168b831
-version: 3
-date: '2024-10-17'
+version: 4
+date: '2025-01-21'
 author: Jose Hernandez, Splunk
 status: experimental
 type: Anomaly

detections/application/web_servers_executing_suspicious_processes.yml

@@ -1,7 +1,7 @@
 name: Web Servers Executing Suspicious Processes
 id: ec3b7601-689a-4463-94e0-c9f45638efb9
-version: 3
-date: '2024-10-17'
+version: 4
+date: '2025-01-21'
 author: David Dorsey, Splunk
 status: experimental
 type: TTP

detections/application/windows_ad_add_self_to_group.yml

@@ -1,7 +1,7 @@
 name: Windows AD add Self to Group
 id: 065f2701-b7ea-42f5-9ec4-fbc2261165f9
-version: 2
-date: '2024-09-30'
+version: 3
+date: '2025-01-21'
 author: Dean Luxton
 status: production
 type: TTP

detections/application/windows_ad_dangerous_deny_acl_modification.yml

@@ -1,7 +1,7 @@
 name: Windows AD Dangerous Deny ACL Modification
 id: 8e897153-2ebd-4cb2-85d3-09ad57db2fb7
-version: 2
-date: '2024-09-30'
+version: 3
+date: '2025-01-21'
 author: Dean Luxton
 status: production
 type: TTP

detections/application/windows_ad_dangerous_group_acl_modification.yml

@@ -1,7 +1,7 @@
 name: Windows AD Dangerous Group ACL Modification
 id: 59b0fc85-7a0d-4585-97ec-06a382801990
-version: 2
-date: '2024-09-30'
+version: 3
+date: '2025-01-21'
 author: Dean Luxton
 status: production
 type: TTP

detections/application/windows_ad_dangerous_user_acl_modification.yml

@@ -1,7 +1,7 @@
 name: Windows AD Dangerous User ACL Modification
 id: ec5b6790-595a-4fb8-ad43-56e5b55a9617
-version: 2
-date: '2024-09-30'
+version: 3
+date: '2025-01-21'
 author: Dean Luxton
 status: production
 type: TTP