Deprecated IOC rules

packs/atlassian.yml

@@ -4,7 +4,6 @@ Description: Group of all Atlassian detections
 PackDefinition:
   IDs:
     - Atlassian.User.LoggedInAsUser
-    - Confluence.0DayIPs
     # Globals used in these detections
     - panther_base_helpers
     - panther_config

packs/panther.yml

@@ -7,10 +7,6 @@ PackDefinition:
     - Panther.SAML.Modified
     - Panther.Sensitive.Role
     - Panther.User.Modified
-    - IOC.SunburstFQDNIOCs
-    - IOC.SunburstSHA256IOCs
-    - Confluence.0DayIPs
-    - IOC.Log4jExploit
     # Data Model
     - Standard.Panther.Audit
     # Helpers

rules/panther_ioc_rules/atlassian_confluence_ip_iocs.yml

@@ -24,6 +24,7 @@ Tags:
   - Cloudflare
   - Nginx
   - Juniper
+  - Deprecated
 Severity: High
 Description: >
    Detects IP addresses observed exploiting the 0-Day CVE-2022-26134

rules/panther_ioc_rules/log4j_exploit_iocs.yml

@@ -24,6 +24,7 @@ Tags:
   - Web
   - Log4J
   - Execution:Exploitation for Client Execution
+  - Deprecated
 Reports:
   MITRE ATT&CK:
     - TA0002:T1203

rules/panther_ioc_rules/sunburst_fqdn_iocs.yml

@@ -27,6 +27,7 @@ Tags:
   - OneLogin
   - Osquery
   - Initial Access:Trusted Relationship
+  - Deprecated
 Reports:
   MITRE ATT&CK:
     - TA0001:T1199

rules/panther_ioc_rules/sunburst_ip_iocs.yml

@@ -26,6 +26,7 @@ Tags:
   - SSH
   - OneLogin
   - Osquery
+  - Deprecated
 Severity: High
 Description: >
   Monitors for communication to known Sunburst Backdoor IPs. These IOCs indicate a potential breach and have been associated with a sophisticated nation-state actor.

rules/panther_ioc_rules/sunburst_sha256_iocs.yml

@@ -25,6 +25,7 @@ Tags:
   - OneLogin
   - Osquery
   - Initial Access:Trusted Relationship
+  - Deprecated
 Reports:
   MITRE ATT&CK:
     - TA0001:T1199