chore: change state to unsupported

Author: nasbench

rules/windows/builtin/security/win_security_susp_failed_logons_single_process.yml rules-unsupported/win_security_susp_failed_logons_single_process.yml

@@ -1,6 +1,6 @@
 title: Multiple Users Failing to Authenticate from Single Process
 id: fe563ab6-ded4-4916-b49f-a3a8445fe280
-status: test
+status: unsupported
 description: Detects failed logins with multiple accounts from a single process on the system.
 references:
     - https://docs.splunk.com/Documentation/ESSOC/3.22.0/stories/UseCase#Active_directory_password_spraying
@@ -22,7 +22,7 @@ detection:
     filter:
         ProcessName: '-'
     timeframe: 24h
-    condition: 'selection1 and not filter | count(TargetUserName) by ProcessName > 10'
+    condition: selection1 and not filter | count(TargetUserName) by ProcessName > 10
 falsepositives:
     - Terminal servers
     - Jump servers

rules/windows/builtin/security/win_security_susp_failed_logons_single_source_kerberos.yml rules-unsupported/win_security_susp_failed_logons_single_source_kerberos.yml

@@ -1,6 +1,6 @@
 title: Valid Users Failing to Authenticate From Single Source Using Kerberos
 id: 5d1d946e-32e6-4d9a-a0dc-0ac022c7eb98
-status: test
+status: unsupported
 description: Detects multiple failed logins with multiple valid domain accounts from a single source system using the Kerberos protocol.
 references:
     - https://docs.splunk.com/Documentation/ESSOC/3.22.0/stories/UseCase#Active_directory_password_spraying
@@ -21,7 +21,7 @@ detection:
     filter_computer:
         TargetUserName|endswith: '$'
     timeframe: 24h
-    condition: 'selection and not filter_computer | count(TargetUserName) by IpAddress > 10'
+    condition: selection and not filter_computer | count(TargetUserName) by IpAddress > 10
 falsepositives:
     - Vulnerability scanners
     - Misconfigured systems

rules/windows/builtin/security/win_security_susp_failed_logons_single_source_kerberos2.yml rules-unsupported/win_security_susp_failed_logons_single_source_kerberos2.yml

@@ -1,6 +1,6 @@
 title: Disabled Users Failing To Authenticate From Source Using Kerberos
 id: 4b6fe998-b69c-46d8-901b-13677c9fb663
-status: test
+status: unsupported
 description: Detects failed logins with multiple disabled domain accounts from a single source system using the Kerberos protocol.
 references:
     - https://docs.splunk.com/Documentation/ESSOC/3.22.0/stories/UseCase#Active_directory_password_spraying
@@ -21,7 +21,7 @@ detection:
     filter_computer:
         TargetUserName|endswith: '$'
     timeframe: 24h
-    condition: 'selection and not filter_computer | count(TargetUserName) by IpAddress > 10'
+    condition: selection and not filter_computer | count(TargetUserName) by IpAddress > 10
 falsepositives:
     - Vulnerability scanners
     - Misconfigured systems

rules/windows/builtin/security/win_security_susp_failed_logons_single_source_kerberos3.yml rules-unsupported/win_security_susp_failed_logons_single_source_kerberos3.yml

@@ -1,6 +1,6 @@
 title: Invalid Users Failing To Authenticate From Source Using Kerberos
 id: bc93dfe6-8242-411e-a2dd-d16fa0cc8564
-status: test
+status: unsupported
 description: Detects failed logins with multiple invalid domain accounts from a single source system using the Kerberos protocol.
 references:
     - https://docs.splunk.com/Documentation/ESSOC/3.22.0/stories/UseCase#Active_directory_password_spraying
@@ -21,7 +21,7 @@ detection:
     filter_computer:
         TargetUserName|endswith: '$'
     timeframe: 24h
-    condition: 'selection and not filter_computer | count(TargetUserName) by IpAddress > 10'
+    condition: selection and not filter_computer | count(TargetUserName) by IpAddress > 10
 falsepositives:
     - Vulnerability scanners
     - Misconfigured systems

rules/windows/builtin/security/win_security_susp_failed_logons_single_source_ntlm.yml rules-unsupported/win_security_susp_failed_logons_single_source_ntlm.yml

@@ -1,6 +1,6 @@
 title: Valid Users Failing to Authenticate from Single Source Using NTLM
 id: f88bab7f-b1f4-41bb-bdb1-4b8af35b0470
-status: test
+status: unsupported
 description: Detects failed logins with multiple valid domain accounts from a single source system using the NTLM protocol.
 references:
     - https://docs.splunk.com/Documentation/ESSOC/3.22.0/stories/UseCase#Active_directory_password_spraying
@@ -21,7 +21,7 @@ detection:
     filter:
         TargetUserName: '*$'
     timeframe: 24h
-    condition: 'selection1 and not filter | count(TargetUserName) by Workstation > 10'
+    condition: selection1 and not filter | count(TargetUserName) by Workstation > 10
 falsepositives:
     - Terminal servers
     - Jump servers

rules/windows/builtin/security/win_security_susp_failed_logons_single_source_ntlm2.yml rules-unsupported/win_security_susp_failed_logons_single_source_ntlm2.yml

@@ -1,6 +1,6 @@
 title: Invalid Users Failing To Authenticate From Single Source Using NTLM
 id: 56d62ef8-3462-4890-9859-7b41e541f8d5
-status: test
+status: unsupported
 description: Detects failed logins with multiple invalid domain accounts from a single source system using the NTLM protocol.
 references:
     - https://docs.splunk.com/Documentation/ESSOC/3.22.0/stories/UseCase#Active_directory_password_spraying
@@ -21,7 +21,7 @@ detection:
     filter:
         TargetUserName: '*$'
     timeframe: 24h
-    condition: 'selection1 and not filter | count(TargetUserName) by Workstation > 10'
+    condition: selection1 and not filter | count(TargetUserName) by Workstation > 10
 falsepositives:
     - Terminal servers
     - Jump servers