Merge PR #4950 from @nasbench - Comply With v2 Spec Changes

chore: change tags, date, modified fields to comply with v2 of the Sigma spec.
chore: update the related type from `obsoletes` to `obsolete`.
chore: update local json schema to the latest version.

Author: nasbench

.github/workflows/sigma-test.yml

@@ -75,8 +75,7 @@ jobs:
         python-version: 3.11
     - name: Install dependencies
       run: |
-        # pip install sigma-cli~=0.7.1
-        pip install pysigma==0.11.9
+        pip install pysigma
         pip install sigma-cli
         pip install pySigma-validators-sigmahq==0.7.0
     - name: Test Sigma Rule Syntax

other/godmode_sigma_rule.yml

@@ -18,8 +18,8 @@ id: def6caac-a999-4fc9-8800-cfeff700ba98
 description: 'PoC rule to detect malicious activity - following the principle: if you had only one shot, what would you look for?'
 status: experimental
 author: Florian Roth (Nextron Systems)
-date: 2019/12/22
-modified: 2022/08/04
+date: 2019-12-22
+modified: 2022-08-04
 level: high
 action: global
 ---

rules-emerging-threats/2010/Exploits/CVE-2010-5278/web_cve_2010_5278_exploitation_attempt.yml

@@ -7,13 +7,13 @@ description: |
 references:
     - https://github.com/projectdiscovery/nuclei-templates
 author: Subhash Popuri (@pbssubhash)
-date: 2021/08/25
-modified: 2023/01/02
+date: 2021-08-25
+modified: 2023-01-02
 tags:
-    - attack.initial_access
+    - attack.initial-access
     - attack.t1190
-    - cve.2010.5278
-    - detection.emerging_threats
+    - cve.2010-5278
+    - detection.emerging-threats
 logsource:
     category: webserver
 detection:

rules-emerging-threats/2014/Exploits/CVE-2014-6287/web_cve_2014_6287_hfs_rce.yml

@@ -7,14 +7,14 @@ references:
     - https://www.exploit-db.com/exploits/39161
     - https://github.com/Twigonometry/Cybersecurity-Notes/blob/c875b0f52df7d2c7a870e75e1f0c2679d417931d/Writeups/Hack%20the%20Box/Boxes/Optimum/10%20-%20Website.md
 author: Nasreddine Bencherchali (Nextron Systems)
-date: 2022/07/19
-modified: 2023/01/02
+date: 2022-07-19
+modified: 2023-01-02
 tags:
-    - attack.initial_access
+    - attack.initial-access
     - attack.t1190
     - attack.t1505.003
-    - cve.2014.6287
-    - detection.emerging_threats
+    - cve.2014-6287
+    - detection.emerging-threats
 logsource:
     category: webserver
 detection:

rules-emerging-threats/2014/TA/Axiom/proc_creation_win_apt_zxshell.yml

@@ -6,16 +6,16 @@ references:
     - https://www.hybrid-analysis.com/sample/5d2a4cde9fa7c2fdbf39b2e2ffd23378d0c50701a3095d1e91e3cf922d7b0b16?environmentId=100
     - https://pub-7cb8ac806c1b4c4383e585c474a24719.r2.dev/116309e7121bc8b0e66e4166c06f7b818e1d3629.pdf
 author: Florian Roth (Nextron Systems), oscd.community, Jonhnathan Ribeiro
-date: 2017/07/20
-modified: 2021/11/27
+date: 2017-07-20
+modified: 2021-11-27
 tags:
     - attack.execution
     - attack.t1059.003
-    - attack.defense_evasion
+    - attack.defense-evasion
     - attack.t1218.011
     - attack.s0412
     - attack.g0001
-    - detection.emerging_threats
+    - detection.emerging-threats
 logsource:
     category: process_creation
     product: windows

rules-emerging-threats/2014/TA/Turla/proc_creation_win_apt_turla_commands_critical.yml

@@ -5,18 +5,18 @@ description: Detects automated lateral movement by Turla group
 references:
     - https://securelist.com/the-epic-turla-operation/65545/
 author: Markus Neis
-date: 2017/11/07
-modified: 2022/10/09
+date: 2017-11-07
+modified: 2022-10-09
 tags:
     - attack.g0010
     - attack.execution
     - attack.t1059
-    - attack.lateral_movement
+    - attack.lateral-movement
     - attack.t1021.002
     - attack.discovery
     - attack.t1083
     - attack.t1135
-    - detection.emerging_threats
+    - detection.emerging-threats
 logsource:
     category: process_creation
     product: windows

rules-emerging-threats/2014/TA/Turla/proc_creation_win_apt_turla_comrat_may20.yml

@@ -5,15 +5,15 @@ description: Detects commands used by Turla group as reported by ESET in May 202
 references:
     - https://www.welivesecurity.com/wp-content/uploads/2020/05/ESET_Turla_ComRAT.pdf
 author: Florian Roth (Nextron Systems)
-date: 2020/05/26
-modified: 2021/11/27
+date: 2020-05-26
+modified: 2021-11-27
 tags:
     - attack.g0010
     - attack.execution
     - attack.t1059.001
     - attack.t1053.005
     - attack.t1027
-    - detection.emerging_threats
+    - detection.emerging-threats
 logsource:
     category: process_creation
     product: windows

rules-emerging-threats/2015/Exploits/CVE-2015-1641/proc_creation_win_exploit_cve_2015_1641.yml

@@ -6,13 +6,13 @@ references:
     - https://www.virustotal.com/en/file/5567408950b744c4e846ba8ae726883cb15268a539f3bb21758a466e47021ae8/analysis/
     - https://www.hybrid-analysis.com/sample/5567408950b744c4e846ba8ae726883cb15268a539f3bb21758a466e47021ae8?environmentId=100
 author: Florian Roth (Nextron Systems)
-date: 2018/02/22
-modified: 2021/11/27
+date: 2018-02-22
+modified: 2021-11-27
 tags:
-    - attack.defense_evasion
+    - attack.defense-evasion
     - attack.t1036.005
-    - cve.2015.1641
-    - detection.emerging_threats
+    - cve.2015-1641
+    - detection.emerging-threats
 logsource:
     category: process_creation
     product: windows

rules-emerging-threats/2017/Exploits/CVE-2017-0261/proc_creation_win_exploit_cve_2017_0261.yml

@@ -5,16 +5,16 @@ description: Detects Winword starting uncommon sub process FLTLDR.exe as used in
 references:
     - https://www.fireeye.com/blog/threat-research/2017/05/eps-processing-zero-days.html
 author: Florian Roth (Nextron Systems)
-date: 2018/02/22
-modified: 2021/11/27
+date: 2018-02-22
+modified: 2021-11-27
 tags:
     - attack.execution
     - attack.t1203
     - attack.t1204.002
-    - attack.initial_access
+    - attack.initial-access
     - attack.t1566.001
-    - cve.2017.0261
-    - detection.emerging_threats
+    - cve.2017-0261
+    - detection.emerging-threats
 logsource:
     category: process_creation
     product: windows

rules-emerging-threats/2017/Exploits/CVE-2017-11882/proc_creation_win_exploit_cve_2017_11882.yml

@@ -7,16 +7,16 @@ references:
     - https://www.linkedin.com/pulse/exploit-available-dangerous-ms-office-rce-vuln-called-thebenygreen-
     - https://github.com/embedi/CVE-2017-11882
 author: Florian Roth (Nextron Systems)
-date: 2017/11/23
-modified: 2021/11/27
+date: 2017-11-23
+modified: 2021-11-27
 tags:
     - attack.execution
     - attack.t1203
     - attack.t1204.002
-    - attack.initial_access
+    - attack.initial-access
     - attack.t1566.001
-    - cve.2017.11882
-    - detection.emerging_threats
+    - cve.2017-11882
+    - detection.emerging-threats
 logsource:
     category: process_creation
     product: windows