changeset[backend](windows dll filter): removed rundll32 no arguments and abuse rule

AlexSanchez-bit · AlexSanchez-bit · commit 3236c4d712a7 · 2026-03-24T09:07:20.000-04:00
diff --git a/backend/src/main/resources/config/liquibase/changelog/20260324001_remove_rundll32_no_arguments.xml b/backend/src/main/resources/config/liquibase/changelog/20260324001_remove_rundll32_no_arguments.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="utf-8"?>
+<databaseChangeLog
+    xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd">
+
+    <changeSet id="20260324001" author="Alex">
+        <sql dbms="postgresql" splitStatements="true" stripComments="true">
+            <![CDATA[
+            DELETE FROM utm_correlation_rules WHERE rule_name = 'Windows: Unusual Child Processes of RunDLL32';
+            ]]>
+        </sql>
+    </changeSet>
+</databaseChangeLog>
diff --git a/backend/src/main/resources/config/liquibase/changelog/20260324002_remove_rundll32_abuse.xml b/backend/src/main/resources/config/liquibase/changelog/20260324002_remove_rundll32_abuse.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="utf-8"?>
+<databaseChangeLog
+    xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd">
+
+    <changeSet id="20260324002" author="Alex">
+        <sql dbms="postgresql" splitStatements="true" stripComments="true">
+            <![CDATA[
+            DELETE FROM utm_correlation_rules WHERE rule_name = 'Rundll32 Suspicious Abuse Detection';
+            ]]>
+        </sql>
+    </changeSet>
+</databaseChangeLog>
diff --git a/backend/src/main/resources/config/liquibase/master.xml b/backend/src/main/resources/config/liquibase/master.xml
@@ -529,6 +529,10 @@
 
   <include file="/config/liquibase/changelog/20260319002_update_windosw_filter.xml" relativeToChangelogFile="false"/>
 
+  <include file="/config/liquibase/changelog/20260324001_remove_rundll32_no_arguments.xml" relativeToChangelogFile="false"/>
+
+  <include file="/config/liquibase/changelog/20260324002_remove_rundll32_abuse.xml" relativeToChangelogFile="false"/>
+
 
 
 </databaseChangeLog>
