Complete porinting of playbooks. Fix references to old, removed detections

in playbooks that were previously unvalidated.
Add a MANUAL_REVIEW section, which is commented out,
for clarity and to allow CICD to run and pass on this content.
Renamed an existing playbook because it diverges from the name
of that playbook elsewhere.

Author: pyth0n1c

.vscode/settings.json

@@ -17,6 +17,7 @@
         "./schemas/KVStoreLookup.schema.json": "lookups/kvstore/*.yml",
         "./schemas/FilebackedMacro.schema.json": "macros/*.yml",
         "./schemas/FilebackedSchedule.schema.json": "schedules/*.yml",
+        "./schemas/Playbook.schema.json": "playbooks/*.yml",
         "./schemas/Story.schema.json": ["stories/*.yml", "!removed/stories/*.yml"]
     }
 }

…ence_Identifier_Reputation_Analysis.json …ence_Identifier_Reputation_Analysis.jsonplaybooks/Cisco_Talos_Intelligence_Identifier_Reputation_Analysis.json renamed to playbooks/CiscoTalosIntelligence_Identifier_Reputation_Analysis.json playbooks/Cisco_Talos_Intelligence_Identifier_Reputation_Analysis.json renamed to playbooks/CiscoTalosIntelligence_Identifier_Reputation_Analysis.json

@@ -1,4 +1,4 @@
-name: Cisco Talos Intelligence Identifier Reputation Analysis
+name: CiscoTalosIntelligence Identifier Reputation Analysis
 id: 9cea2ec7-9e6c-4861-b828-336410cdc1cc
 version: 2
 creation_date: '2025-01-17'
@@ -27,3 +27,6 @@ use_cases:
     - Enrichment
 defend_technique_id:
     - D3-IRA
+# MANUAL_REVIEW:
+#     rationale: This filename was changed from Cisco Talos Intelligence Identifier Reputation Analysis to 
+#       CiscoTalosIntelligence Identifier Reputation Analysis in line with how it exists in the source of truth.

…igence_Identifier_Reputation_Analysis.py …igence_Identifier_Reputation_Analysis.pyplaybooks/Cisco_Talos_Intelligence_Identifier_Reputation_Analysis.py renamed to playbooks/CiscoTalosIntelligence_Identifier_Reputation_Analysis.py playbooks/Cisco_Talos_Intelligence_Identifier_Reputation_Analysis.py renamed to playbooks/CiscoTalosIntelligence_Identifier_Reputation_Analysis.py

@@ -24,12 +24,27 @@ product:
 analytic_story:
     - Log4Shell CVE-2021-44228
 detections:
-    - Curl Download and Bash Execution
-    - Wget Download and Bash Execution
-    - Linux Java Spawning Shell
-    - Windows Java Spawning Shells
+    - File Download or Read to Pipe Execution
+    - Web or Application Server Spawning a Shell
     - Java Class File download by Java User Agent
     - Outbound Network Connection from Java Using Default Ports
     - Log4Shell JNDI Payload Injection Attempt
     - Log4Shell JNDI Payload Injection with Outbound Connection
     - Detect Outbound LDAP Traffic
+# MANUAL_REVIEW:
+#    rationale: detections section contained references to two removed detections. 
+#      They have been remapped to their replacement content.
+#    unmodified_detections_section:
+#     - Curl Download and Bash Execution
+#     - Wget Download and Bash Execution
+#     - Linux Java Spawning Shell
+#     - Windows Java Spawning Shells
+#     - Java Class File download by Java User Agent
+#     - Outbound Network Connection from Java Using Default Ports
+#     - Log4Shell JNDI Payload Injection Attempt
+#     - Log4Shell JNDI Payload Injection with Outbound Connection
+#     - Detect Outbound LDAP Traffic
+#    manually_added_detections_from_replacement_content:
+#     - File Download or Read to Pipe Execution
+#     - Web or Application Server Spawning a Shell
+

…gence_Identifier_Reputation_Analysis.yml …gence_Identifier_Reputation_Analysis.ymlplaybooks/Cisco_Talos_Intelligence_Identifier_Reputation_Analysis.yml renamed to playbooks/CiscoTalosIntelligence_Identifier_Reputation_Analysis.yml playbooks/Cisco_Talos_Intelligence_Identifier_Reputation_Analysis.yml renamed to playbooks/CiscoTalosIntelligence_Identifier_Reputation_Analysis.yml

@@ -24,12 +24,26 @@ product:
 analytic_story:
     - Log4Shell CVE-2021-44228
 detections:
-    - Curl Download and Bash Execution
-    - Wget Download and Bash Execution
-    - Linux Java Spawning Shell
-    - Windows Java Spawning Shells
+    - File Download or Read to Pipe Execution
+    - Web or Application Server Spawning a Shell
     - Java Class File download by Java User Agent
     - Outbound Network Connection from Java Using Default Ports
     - Log4Shell JNDI Payload Injection Attempt
     - Log4Shell JNDI Payload Injection with Outbound Connection
     - Detect Outbound LDAP Traffic
+# MANUAL_REVIEW:
+#    rationale: detections section contained references to two removed detections. 
+#      They have been remapped to their replacement content.
+#    unmodified_detections_section:
+#     - Curl Download and Bash Execution
+#     - Wget Download and Bash Execution
+#     - Linux Java Spawning Shell
+#     - Windows Java Spawning Shells
+#     - Java Class File download by Java User Agent
+#     - Outbound Network Connection from Java Using Default Ports
+#     - Log4Shell JNDI Payload Injection Attempt
+#     - Log4Shell JNDI Payload Injection with Outbound Connection
+#     - Detect Outbound LDAP Traffic
+#    manually_added_detections_from_replacement_content:
+#     - File Download or Read to Pipe Execution
+#     - Web or Application Server Spawning a Shell