Merge branch 'main' into cleanup-survey-code

brokensound77 · brokensound77 · commit 739762d46b7e · 2022-04-14T15:52:15.000-08:00
diff --git a/detection_rules/devtools.py b/detection_rules/devtools.py
@@ -901,7 +901,7 @@ def rule_survey(ctx: click.Context, query, date_range, dump_file, hide_zero_coun
     from eql.table import Table
     from kibana.resources import Signal
     from .main import search_rules
-    from .eswrap import parse_unique_field_results
+    # from .eswrap import parse_unique_field_results
 
     survey_results = []
     start_time, end_time = date_range
@@ -927,11 +927,10 @@ def rule_survey(ctx: click.Context, query, date_range, dump_file, hide_zero_coun
         alerts = {a['_source']['signal']['rule']['rule_id']: a['_source']
                   for a in Signal.search(range_dsl, size=10000)['hits']['hits']}
 
-    for alert in alerts:
-        rule_id = alert['signal']['rule']['rule_id']
-        rule = rules.id_map[rule_id]
-        unique_results = parse_unique_field_results(rule.contents.data.type, rule.contents.data.unique_fields, alert)
-
+    # for alert in alerts:
+    #     rule_id = alert['signal']['rule']['rule_id']
+    #     rule = rules.id_map[rule_id]
+    #     unique_results = parse_unique_field_results(rule.contents.data.type, rule.contents.data.unique_fields, alert)
 
     for rule_id, count in counts.items():
         alert_count = len(alerts.get(rule_id, []))
diff --git a/etc/deprecated_rules.json b/etc/deprecated_rules.json
@@ -34,21 +34,11 @@
     "rule_name": "Execution via Regsvcs/Regasm",
     "stack_version": "7.14.0"
   },
-  "5e87f165-45c2-4b80-bfa5-52822552c997": {
-    "deprecation_date": "2022/03/16",
-    "rule_name": "Potential PrintNightmare File Modification",
-    "stack_version": "7.13"
-  },
   "61c31c14-507f-4627-8c31-072556b89a9c": {
     "deprecation_date": "2021/04/15",
     "rule_name": "Mknod Process Activity",
     "stack_version": "7.14.0"
   },
-  "6506c9fd-229e-4722-8f0f-69be759afd2a": {
-    "deprecation_date": "2022/03/16",
-    "rule_name": "Potential PrintNightmare Exploit Registry Modification",
-    "stack_version": "7.13"
-  },
   "67a9beba-830d-4035-bfe8-40b7e28f8ac4": {
     "deprecation_date": "2021/04/15",
     "rule_name": "SMTP to the Internet",
diff --git a/etc/version.lock.json b/etc/version.lock.json
