removes rule changes so they can be implemented programatically

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_dns_directly_to_the_internet.json

@@ -34,7 +34,8 @@
         "id": "TA0011",
         "name": "Command and Control",
         "reference": "https://attack.mitre.org/tactics/TA0011/"
-      }
+      },
+      "technique": []
     }
   ],
   "timestamp_override": "event.ingested",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_ftp_file_transfer_protocol_activity_to_the_internet.json

@@ -33,7 +33,8 @@
         "id": "TA0011",
         "name": "Command and Control",
         "reference": "https://attack.mitre.org/tactics/TA0011/"
-      }
+      },
+      "technique": []
     },
     {
       "framework": "MITRE ATT&CK",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_irc_internet_relay_chat_protocol_activity_to_the_internet.json

@@ -33,7 +33,8 @@
         "id": "TA0011",
         "name": "Command and Control",
         "reference": "https://attack.mitre.org/tactics/TA0011/"
-      }
+      },
+      "technique": []
     },
     {
       "framework": "MITRE ATT&CK",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_nat_traversal_port_activity.json

@@ -33,7 +33,8 @@
         "id": "TA0011",
         "name": "Command and Control",
         "reference": "https://attack.mitre.org/tactics/TA0011/"
-      }
+      },
+      "technique": []
     }
   ],
   "timestamp_override": "event.ingested",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_port_26_activity.json

@@ -37,7 +37,8 @@
         "id": "TA0011",
         "name": "Command and Control",
         "reference": "https://attack.mitre.org/tactics/TA0011/"
-      }
+      },
+      "technique": []
     },
     {
       "framework": "MITRE ATT&CK",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_port_8000_activity_to_the_internet.json

@@ -33,7 +33,8 @@
         "id": "TA0011",
         "name": "Command and Control",
         "reference": "https://attack.mitre.org/tactics/TA0011/"
-      }
+      },
+      "technique": []
     }
   ],
   "timestamp_override": "event.ingested",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_pptp_point_to_point_tunneling_protocol_activity.json

@@ -33,7 +33,8 @@
         "id": "TA0011",
         "name": "Command and Control",
         "reference": "https://attack.mitre.org/tactics/TA0011/"
-      }
+      },
+      "technique": []
     }
   ],
   "timestamp_override": "event.ingested",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_proxy_port_activity_to_the_internet.json

@@ -33,7 +33,8 @@
         "id": "TA0011",
         "name": "Command and Control",
         "reference": "https://attack.mitre.org/tactics/TA0011/"
-      }
+      },
+      "technique": []
     }
   ],
   "timestamp_override": "event.ingested",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_rdp_remote_desktop_protocol_from_the_internet.json

@@ -33,7 +33,8 @@
         "id": "TA0011",
         "name": "Command and Control",
         "reference": "https://attack.mitre.org/tactics/TA0011/"
-      }
+      },
+      "technique": []
     },
     {
       "framework": "MITRE ATT&CK",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_smtp_to_the_internet.json

@@ -33,7 +33,8 @@
         "id": "TA0011",
         "name": "Command and Control",
         "reference": "https://attack.mitre.org/tactics/TA0011/"
-      }
+      },
+      "technique": []
     },
     {
       "framework": "MITRE ATT&CK",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_sql_server_port_activity_to_the_internet.json

@@ -33,7 +33,8 @@
         "id": "TA0011",
         "name": "Command and Control",
         "reference": "https://attack.mitre.org/tactics/TA0011/"
-      }
+      },
+      "technique": []
     }
   ],
   "timestamp_override": "event.ingested",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_ssh_secure_shell_from_the_internet.json

@@ -33,7 +33,8 @@
         "id": "TA0011",
         "name": "Command and Control",
         "reference": "https://attack.mitre.org/tactics/TA0011/"
-      }
+      },
+      "technique": []
     },
     {
       "framework": "MITRE ATT&CK",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_ssh_secure_shell_to_the_internet.json

@@ -33,7 +33,8 @@
         "id": "TA0011",
         "name": "Command and Control",
         "reference": "https://attack.mitre.org/tactics/TA0011/"
-      }
+      },
+      "technique": []
     }
   ],
   "timestamp_override": "event.ingested",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_telnet_port_activity.json

@@ -33,7 +33,8 @@
         "id": "TA0011",
         "name": "Command and Control",
         "reference": "https://attack.mitre.org/tactics/TA0011/"
-      }
+      },
+      "technique": []
     },
     {
       "framework": "MITRE ATT&CK",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_iam_user_addition_to_group.json

@@ -38,7 +38,8 @@
         "id": "TA0006",
         "name": "Credential Access",
         "reference": "https://attack.mitre.org/tactics/TA0006/"
-      }
+      },
+      "technique": []
     },
     {
       "framework": "MITRE ATT&CK",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_adding_the_hidden_file_attribute_with_via_attribexe.json

@@ -52,7 +52,8 @@
         "id": "TA0003",
         "name": "Persistence",
         "reference": "https://attack.mitre.org/tactics/TA0003/"
-      }
+      },
+      "technique": []
     }
   ],
   "timestamp_override": "event.ingested",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_execution_msbuild_started_by_office_app.json

@@ -51,7 +51,8 @@
         "id": "TA0002",
         "name": "Execution",
         "reference": "https://attack.mitre.org/tactics/TA0002/"
-      }
+      },
+      "technique": []
     }
   ],
   "timestamp_override": "event.ingested",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_execution_msbuild_started_by_script.json

@@ -48,7 +48,8 @@
         "id": "TA0002",
         "name": "Execution",
         "reference": "https://attack.mitre.org/tactics/TA0002/"
-      }
+      },
+      "technique": []
     }
   ],
   "timestamp_override": "event.ingested",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_execution_msbuild_started_by_system_process.json

@@ -48,7 +48,8 @@
         "id": "TA0002",
         "name": "Execution",
         "reference": "https://attack.mitre.org/tactics/TA0002/"
-      }
+      },
+      "technique": []
     }
   ],
   "timestamp_override": "event.ingested",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_execution_via_trusted_developer_utilities.json

@@ -48,7 +48,8 @@
         "id": "TA0002",
         "name": "Execution",
         "reference": "https://attack.mitre.org/tactics/TA0002/"
-      }
+      },
+      "technique": []
     }
   ],
   "timestamp_override": "event.ingested",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_hidden_file_dir_tmp.json

@@ -55,7 +55,8 @@
         "id": "TA0003",
         "name": "Persistence",
         "reference": "https://attack.mitre.org/tactics/TA0003/"
-      }
+      },
+      "technique": []
     }
   ],
   "timestamp_override": "event.ingested",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_misc_lolbin_connecting_to_the_internet.json

@@ -45,7 +45,8 @@
         "id": "TA0002",
         "name": "Execution",
         "reference": "https://attack.mitre.org/tactics/TA0002/"
-      }
+      },
+      "technique": []
     }
   ],
   "type": "eql",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_suspicious_scrobj_load.json

@@ -30,7 +30,8 @@
         "id": "TA0005",
         "name": "Defense Evasion",
         "reference": "https://attack.mitre.org/tactics/TA0005/"
-      }
+      },
+      "technique": []
     }
   ],
   "type": "eql",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_html_help_executable_program_connecting_to_the_internet.json

@@ -30,7 +30,8 @@
         "id": "TA0002",
         "name": "Execution",
         "reference": "https://attack.mitre.org/tactics/TA0002/"
-      }
+      },
+      "technique": []
     },
     {
       "framework": "MITRE ATT&CK",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_ms_office_written_file.json

@@ -30,7 +30,8 @@
         "id": "TA0002",
         "name": "Execution",
         "reference": "https://attack.mitre.org/tactics/TA0002/"
-      }
+      },
+      "technique": []
     },
     {
       "framework": "MITRE ATT&CK",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_pdf_written_file.json

@@ -30,7 +30,8 @@
         "id": "TA0002",
         "name": "Execution",
         "reference": "https://attack.mitre.org/tactics/TA0002/"
-      }
+      },
+      "technique": []
     },
     {
       "framework": "MITRE ATT&CK",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_psexec_lateral_movement_command.json

@@ -55,7 +55,8 @@
         "id": "TA0008",
         "name": "Lateral Movement",
         "reference": "https://attack.mitre.org/tactics/TA0008/"
-      }
+      },
+      "technique": []
     }
   ],
   "type": "eql",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_register_server_program_connecting_to_the_internet.json

@@ -33,7 +33,8 @@
         "id": "TA0002",
         "name": "Execution",
         "reference": "https://attack.mitre.org/tactics/TA0002/"
-      }
+      },
+      "technique": []
     },
     {
       "framework": "MITRE ATT&CK",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_via_compiled_html_file.json

@@ -33,7 +33,8 @@
         "id": "TA0002",
         "name": "Execution",
         "reference": "https://attack.mitre.org/tactics/TA0002/"
-      }
+      },
+      "technique": []
     },
     {
       "framework": "MITRE ATT&CK",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_via_net_com_assemblies.json

@@ -30,7 +30,8 @@
         "id": "TA0002",
         "name": "Execution",
         "reference": "https://attack.mitre.org/tactics/TA0002/"
-      }
+      },
+      "technique": []
     },
     {
       "framework": "MITRE ATT&CK",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/lateral_movement_incoming_wmi.json

@@ -30,7 +30,8 @@
         "id": "TA0008",
         "name": "Lateral Movement",
         "reference": "https://attack.mitre.org/tactics/TA0008/"
-      }
+      },
+      "technique": []
     },
     {
       "framework": "MITRE ATT&CK",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_rds_cluster_creation.json

@@ -56,7 +56,8 @@
         "id": "TA0005",
         "name": "Defense Evasion",
         "reference": "https://attack.mitre.org/tactics/TA0005/"
-      }
+      },
+      "technique": []
     }
   ],
   "timestamp_override": "event.ingested",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_registry_uncommon.json

@@ -33,7 +33,8 @@
         "id": "TA0003",
         "name": "Persistence",
         "reference": "https://attack.mitre.org/tactics/TA0003/"
-      }
+      },
+      "technique": []
     },
     {
       "framework": "MITRE ATT&CK",

x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_setuid_setgid_bit_set_via_chmod.json

@@ -53,7 +53,8 @@
         "id": "TA0003",
         "name": "Persistence",
         "reference": "https://attack.mitre.org/tactics/TA0003/"
-      }
+      },
+      "technique": []
     }
   ],
   "timestamp_override": "event.ingested",