changes prebuilt rules to match endpoint schema

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_dns_directly_to_the_internet.json

@@ -34,8 +34,7 @@
         "id": "TA0011",
         "name": "Command and Control",
         "reference": "https://attack.mitre.org/tactics/TA0011/"
-      },
-      "technique": []
+      }
     }
   ],
   "timestamp_override": "event.ingested",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_ftp_file_transfer_protocol_activity_to_the_internet.json

@@ -33,8 +33,7 @@
         "id": "TA0011",
         "name": "Command and Control",
         "reference": "https://attack.mitre.org/tactics/TA0011/"
-      },
-      "technique": []
+      }
     },
     {
       "framework": "MITRE ATT&CK",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_irc_internet_relay_chat_protocol_activity_to_the_internet.json

@@ -33,8 +33,7 @@
         "id": "TA0011",
         "name": "Command and Control",
         "reference": "https://attack.mitre.org/tactics/TA0011/"
-      },
-      "technique": []
+      }
     },
     {
       "framework": "MITRE ATT&CK",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_nat_traversal_port_activity.json

@@ -33,8 +33,7 @@
         "id": "TA0011",
         "name": "Command and Control",
         "reference": "https://attack.mitre.org/tactics/TA0011/"
-      },
-      "technique": []
+      }
     }
   ],
   "timestamp_override": "event.ingested",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_port_26_activity.json

@@ -37,8 +37,7 @@
         "id": "TA0011",
         "name": "Command and Control",
         "reference": "https://attack.mitre.org/tactics/TA0011/"
-      },
-      "technique": []
+      }
     },
     {
       "framework": "MITRE ATT&CK",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_port_8000_activity_to_the_internet.json

@@ -33,8 +33,7 @@
         "id": "TA0011",
         "name": "Command and Control",
         "reference": "https://attack.mitre.org/tactics/TA0011/"
-      },
-      "technique": []
+      }
     }
   ],
   "timestamp_override": "event.ingested",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_pptp_point_to_point_tunneling_protocol_activity.json

@@ -33,8 +33,7 @@
         "id": "TA0011",
         "name": "Command and Control",
         "reference": "https://attack.mitre.org/tactics/TA0011/"
-      },
-      "technique": []
+      }
     }
   ],
   "timestamp_override": "event.ingested",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_proxy_port_activity_to_the_internet.json

@@ -33,8 +33,7 @@
         "id": "TA0011",
         "name": "Command and Control",
         "reference": "https://attack.mitre.org/tactics/TA0011/"
-      },
-      "technique": []
+      }
     }
   ],
   "timestamp_override": "event.ingested",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_rdp_remote_desktop_protocol_from_the_internet.json

@@ -33,8 +33,7 @@
         "id": "TA0011",
         "name": "Command and Control",
         "reference": "https://attack.mitre.org/tactics/TA0011/"
-      },
-      "technique": []
+      }
     },
     {
       "framework": "MITRE ATT&CK",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_smtp_to_the_internet.json

@@ -33,8 +33,7 @@
         "id": "TA0011",
         "name": "Command and Control",
         "reference": "https://attack.mitre.org/tactics/TA0011/"
-      },
-      "technique": []
+      }
     },
     {
       "framework": "MITRE ATT&CK",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_sql_server_port_activity_to_the_internet.json

@@ -33,8 +33,7 @@
         "id": "TA0011",
         "name": "Command and Control",
         "reference": "https://attack.mitre.org/tactics/TA0011/"
-      },
-      "technique": []
+      }
     }
   ],
   "timestamp_override": "event.ingested",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_ssh_secure_shell_from_the_internet.json

@@ -33,8 +33,7 @@
         "id": "TA0011",
         "name": "Command and Control",
         "reference": "https://attack.mitre.org/tactics/TA0011/"
-      },
-      "technique": []
+      }
     },
     {
       "framework": "MITRE ATT&CK",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_ssh_secure_shell_to_the_internet.json

@@ -33,8 +33,7 @@
         "id": "TA0011",
         "name": "Command and Control",
         "reference": "https://attack.mitre.org/tactics/TA0011/"
-      },
-      "technique": []
+      }
     }
   ],
   "timestamp_override": "event.ingested",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_telnet_port_activity.json

@@ -33,8 +33,7 @@
         "id": "TA0011",
         "name": "Command and Control",
         "reference": "https://attack.mitre.org/tactics/TA0011/"
-      },
-      "technique": []
+      }
     },
     {
       "framework": "MITRE ATT&CK",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_iam_user_addition_to_group.json

@@ -38,8 +38,7 @@
         "id": "TA0006",
         "name": "Credential Access",
         "reference": "https://attack.mitre.org/tactics/TA0006/"
-      },
-      "technique": []
+      }
     },
     {
       "framework": "MITRE ATT&CK",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_adding_the_hidden_file_attribute_with_via_attribexe.json

@@ -52,8 +52,7 @@
         "id": "TA0003",
         "name": "Persistence",
         "reference": "https://attack.mitre.org/tactics/TA0003/"
-      },
-      "technique": []
+      }
     }
   ],
   "timestamp_override": "event.ingested",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_execution_msbuild_started_by_office_app.json

@@ -51,8 +51,7 @@
         "id": "TA0002",
         "name": "Execution",
         "reference": "https://attack.mitre.org/tactics/TA0002/"
-      },
-      "technique": []
+      }
     }
   ],
   "timestamp_override": "event.ingested",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_execution_msbuild_started_by_script.json

@@ -48,8 +48,7 @@
         "id": "TA0002",
         "name": "Execution",
         "reference": "https://attack.mitre.org/tactics/TA0002/"
-      },
-      "technique": []
+      }
     }
   ],
   "timestamp_override": "event.ingested",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_execution_msbuild_started_by_system_process.json

@@ -48,8 +48,7 @@
         "id": "TA0002",
         "name": "Execution",
         "reference": "https://attack.mitre.org/tactics/TA0002/"
-      },
-      "technique": []
+      }
     }
   ],
   "timestamp_override": "event.ingested",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_execution_via_trusted_developer_utilities.json

@@ -48,8 +48,7 @@
         "id": "TA0002",
         "name": "Execution",
         "reference": "https://attack.mitre.org/tactics/TA0002/"
-      },
-      "technique": []
+      }
     }
   ],
   "timestamp_override": "event.ingested",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_hidden_file_dir_tmp.json

@@ -55,8 +55,7 @@
         "id": "TA0003",
         "name": "Persistence",
         "reference": "https://attack.mitre.org/tactics/TA0003/"
-      },
-      "technique": []
+      }
     }
   ],
   "timestamp_override": "event.ingested",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_misc_lolbin_connecting_to_the_internet.json

@@ -45,8 +45,7 @@
         "id": "TA0002",
         "name": "Execution",
         "reference": "https://attack.mitre.org/tactics/TA0002/"
-      },
-      "technique": []
+      }
     }
   ],
   "type": "eql",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_suspicious_scrobj_load.json

@@ -30,8 +30,7 @@
         "id": "TA0005",
         "name": "Defense Evasion",
         "reference": "https://attack.mitre.org/tactics/TA0005/"
-      },
-      "technique": []
+      }
     }
   ],
   "type": "eql",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_html_help_executable_program_connecting_to_the_internet.json

@@ -30,8 +30,7 @@
         "id": "TA0002",
         "name": "Execution",
         "reference": "https://attack.mitre.org/tactics/TA0002/"
-      },
-      "technique": []
+      }
     },
     {
       "framework": "MITRE ATT&CK",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_ms_office_written_file.json

@@ -30,8 +30,7 @@
         "id": "TA0002",
         "name": "Execution",
         "reference": "https://attack.mitre.org/tactics/TA0002/"
-      },
-      "technique": []
+      }
     },
     {
       "framework": "MITRE ATT&CK",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_pdf_written_file.json

@@ -30,8 +30,7 @@
         "id": "TA0002",
         "name": "Execution",
         "reference": "https://attack.mitre.org/tactics/TA0002/"
-      },
-      "technique": []
+      }
     },
     {
       "framework": "MITRE ATT&CK",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_psexec_lateral_movement_command.json

@@ -55,8 +55,7 @@
         "id": "TA0008",
         "name": "Lateral Movement",
         "reference": "https://attack.mitre.org/tactics/TA0008/"
-      },
-      "technique": []
+      }
     }
   ],
   "type": "eql",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_register_server_program_connecting_to_the_internet.json

@@ -33,8 +33,7 @@
         "id": "TA0002",
         "name": "Execution",
         "reference": "https://attack.mitre.org/tactics/TA0002/"
-      },
-      "technique": []
+      }
     },
     {
       "framework": "MITRE ATT&CK",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_via_compiled_html_file.json

@@ -33,8 +33,7 @@
         "id": "TA0002",
         "name": "Execution",
         "reference": "https://attack.mitre.org/tactics/TA0002/"
-      },
-      "technique": []
+      }
     },
     {
       "framework": "MITRE ATT&CK",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_via_net_com_assemblies.json

@@ -30,8 +30,7 @@
         "id": "TA0002",
         "name": "Execution",
         "reference": "https://attack.mitre.org/tactics/TA0002/"
-      },
-      "technique": []
+      }
     },
     {
       "framework": "MITRE ATT&CK",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/lateral_movement_incoming_wmi.json

@@ -30,8 +30,7 @@
         "id": "TA0008",
         "name": "Lateral Movement",
         "reference": "https://attack.mitre.org/tactics/TA0008/"
-      },
-      "technique": []
+      }
     },
     {
       "framework": "MITRE ATT&CK",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_rds_cluster_creation.json

@@ -56,8 +56,7 @@
         "id": "TA0005",
         "name": "Defense Evasion",
         "reference": "https://attack.mitre.org/tactics/TA0005/"
-      },
-      "technique": []
+      }
     }
   ],
   "timestamp_override": "event.ingested",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_registry_uncommon.json

@@ -33,8 +33,7 @@
         "id": "TA0003",
         "name": "Persistence",
         "reference": "https://attack.mitre.org/tactics/TA0003/"
-      },
-      "technique": []
+      }
     },
     {
       "framework": "MITRE ATT&CK",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_setuid_setgid_bit_set_via_chmod.json

@@ -53,8 +53,7 @@
         "id": "TA0003",
         "name": "Persistence",
         "reference": "https://attack.mitre.org/tactics/TA0003/"
-      },
-      "technique": []
+      }
     }
   ],
   "timestamp_override": "event.ingested",