Minstack versions for Okta and Github Integration (#4273)

Removed changes from:
- rules/integrations/okta/credential_access_attempted_bypass_of_okta_mfa.toml
- rules/integrations/okta/credential_access_attempts_to_brute_force_okta_user_account.toml
- rules/integrations/okta/credential_access_multiple_auth_events_from_single_device_behind_proxy.toml
- rules/integrations/okta/credential_access_multiple_device_token_hashes_for_single_okta_session.toml
- rules/integrations/okta/credential_access_okta_authentication_for_multiple_users_from_single_source.toml
- rules/integrations/okta/credential_access_okta_authentication_for_multiple_users_with_the_same_device_token_hash.toml
- rules/integrations/okta/credential_access_okta_brute_force_or_password_spraying.toml
- rules/integrations/okta/credential_access_okta_mfa_bombing_via_push_notifications.toml
- rules/integrations/okta/credential_access_okta_multiple_device_token_hashes_for_single_user.toml
- rules/integrations/okta/credential_access_okta_potentially_successful_okta_bombing_via_push_notifications.toml
- rules/integrations/okta/credential_access_user_impersonation_access.toml
- rules/integrations/okta/defense_evasion_attempt_to_deactivate_okta_network_zone.toml
- rules/integrations/okta/defense_evasion_attempt_to_delete_okta_network_zone.toml
- rules/integrations/okta/defense_evasion_first_occurence_public_app_client_credential_token_exchange.toml
- rules/integrations/okta/defense_evasion_okta_attempt_to_deactivate_okta_policy.toml
- rules/integrations/okta/defense_evasion_okta_attempt_to_deactivate_okta_policy_rule.toml
- rules/integrations/okta/defense_evasion_okta_attempt_to_delete_okta_policy.toml
- rules/integrations/okta/defense_evasion_okta_attempt_to_delete_okta_policy_rule.toml
- rules/integrations/okta/defense_evasion_okta_attempt_to_modify_okta_network_zone.toml
- rules/integrations/okta/defense_evasion_okta_attempt_to_modify_okta_policy.toml
- rules/integrations/okta/defense_evasion_okta_attempt_to_modify_okta_policy_rule.toml
- rules/integrations/okta/defense_evasion_suspicious_okta_user_password_reset_or_unlock_attempts.toml
- rules/integrations/okta/impact_attempt_to_revoke_okta_api_token.toml
- rules/integrations/okta/impact_okta_attempt_to_deactivate_okta_application.toml
- rules/integrations/okta/impact_okta_attempt_to_delete_okta_application.toml
- rules/integrations/okta/impact_okta_attempt_to_modify_okta_application.toml
- rules/integrations/okta/impact_possible_okta_dos_attack.toml
- rules/integrations/okta/initial_access_first_occurrence_user_session_started_via_proxy.toml
- rules/integrations/okta/initial_access_new_authentication_behavior_detection.toml
- rules/integrations/okta/initial_access_okta_fastpass_phishing.toml
- rules/integrations/okta/initial_access_okta_user_attempted_unauthorized_access.toml
- rules/integrations/okta/initial_access_okta_user_sessions_started_from_different_geolocations.toml
- rules/integrations/okta/initial_access_sign_in_events_via_third_party_idp.toml
- rules/integrations/okta/initial_access_successful_application_sso_from_unknown_client_device.toml
- rules/integrations/okta/initial_access_suspicious_activity_reported_by_okta_user.toml
- rules/integrations/okta/lateral_movement_multiple_sessions_for_single_user.toml
- rules/integrations/okta/okta_threatinsight_threat_suspected_promotion.toml
- rules/integrations/okta/persistence_administrator_privileges_assigned_to_okta_group.toml
- rules/integrations/okta/persistence_administrator_role_assigned_to_okta_user.toml
- rules/integrations/okta/persistence_attempt_to_create_okta_api_token.toml
- rules/integrations/okta/persistence_attempt_to_reset_mfa_factors_for_okta_user_account.toml
- rules/integrations/okta/persistence_mfa_deactivation_with_no_reactivation.toml
- rules/integrations/okta/persistence_new_idp_successfully_added_by_admin.toml
- rules/integrations/okta/persistence_okta_attempt_to_modify_or_delete_application_sign_on_policy.toml
- rules/integrations/okta/persistence_stolen_credentials_used_to_login_to_okta_account_after_mfa_reset.toml

(selectively cherry picked from commit 5ab7565)

rules/integrations/github/defense_evasion_github_protected_branch_settings_changed.toml

@@ -2,7 +2,9 @@
 creation_date = "2023/08/29"
 integration = ["github"]
 maturity = "production"
-updated_date = "2024/05/21"
+updated_date = "2024/11/27"
+min_stack_version = "8.12.0"
+min_stack_comments = "Breaking change at 8.12.0 for the Github Integration."
 
 [rule]
 author = ["Elastic"]

rules/integrations/github/execution_github_app_deleted.toml

@@ -2,7 +2,9 @@
 creation_date = "2023/10/11"
 integration = ["github"]
 maturity = "production"
-updated_date = "2024/05/21"
+updated_date = "2024/11/27"
+min_stack_version = "8.12.0"
+min_stack_comments = "Breaking change at 8.12.0 for the Github Integration."
 
 [rule]
 author = ["Elastic"]

rules/integrations/github/execution_github_high_number_of_cloned_repos_from_pat.toml

@@ -2,7 +2,9 @@
 creation_date = "2023/10/11"
 integration = ["github"]
 maturity = "production"
-updated_date = "2024/05/21"
+updated_date = "2024/11/27"
+min_stack_version = "8.12.0"
+min_stack_comments = "Breaking change at 8.12.0 for the Github Integration."
 
 [rule]
 author = ["Elastic"]

rules/integrations/github/execution_new_github_app_installed.toml

@@ -2,7 +2,9 @@
 creation_date = "2023/08/29"
 integration = ["github"]
 maturity = "production"
-updated_date = "2024/05/21"
+updated_date = "2024/11/27"
+min_stack_version = "8.12.0"
+min_stack_comments = "Breaking change at 8.12.0 for the Github Integration."
 
 [rule]
 author = ["Elastic"]

rules/integrations/github/impact_github_repository_deleted.toml

@@ -2,7 +2,9 @@
 creation_date = "2023/08/29"
 integration = ["github"]
 maturity = "production"
-updated_date = "2024/05/21"
+updated_date = "2024/11/27"
+min_stack_version = "8.12.0"
+min_stack_comments = "Breaking change at 8.12.0 for the Github Integration."
 
 [rule]
 author = ["Elastic"]

rules/integrations/github/persistence_github_org_owner_added.toml

@@ -2,7 +2,9 @@
 creation_date = "2023/09/11"
 integration = ["github"]
 maturity = "production"
-updated_date = "2024/05/21"
+updated_date = "2024/11/27"
+min_stack_version = "8.12.0"
+min_stack_comments = "Breaking change at 8.12.0 for the Github Integration."
 
 [rule]
 author = ["Elastic"]

rules/integrations/github/persistence_organization_owner_role_granted.toml

@@ -2,7 +2,9 @@
 creation_date = "2023/09/11"
 integration = ["github"]
 maturity = "production"
-updated_date = "2024/05/21"
+updated_date = "2024/11/27"
+min_stack_version = "8.12.0"
+min_stack_comments = "Breaking change at 8.12.0 for the Github Integration."
 
 [rule]
 author = ["Elastic"]

rules_building_block/execution_github_new_event_action_for_pat.toml

@@ -3,7 +3,9 @@ bypass_bbr_timing = true
 creation_date = "2023/10/11"
 integration = ["github"]
 maturity = "production"
-updated_date = "2024/05/21"
+updated_date = "2024/11/27"
+min_stack_version = "8.12.0"
+min_stack_comments = "Breaking change at 8.12.0 for the Github Integration."
 
 [rule]
 author = ["Elastic"]

rules_building_block/execution_github_new_repo_interaction_for_pat.toml

@@ -3,7 +3,9 @@ bypass_bbr_timing = true
 creation_date = "2023/10/11"
 integration = ["github"]
 maturity = "production"
-updated_date = "2024/05/21"
+updated_date = "2024/11/27"
+min_stack_version = "8.12.0"
+min_stack_comments = "Breaking change at 8.12.0 for the Github Integration."
 
 [rule]
 author = ["Elastic"]

rules_building_block/execution_github_new_repo_interaction_for_user.toml

@@ -3,7 +3,9 @@ bypass_bbr_timing = true
 creation_date = "2023/10/11"
 integration = ["github"]
 maturity = "production"
-updated_date = "2024/05/21"
+updated_date = "2024/11/27"
+min_stack_version = "8.12.0"
+min_stack_comments = "Breaking change at 8.12.0 for the Github Integration."
 
 [rule]
 author = ["Elastic"]

rules_building_block/execution_github_repo_created.toml

@@ -3,7 +3,9 @@ bypass_bbr_timing = true
 creation_date = "2023/10/11"
 integration = ["github"]
 maturity = "production"
-updated_date = "2024/05/21"
+updated_date = "2024/11/27"
+min_stack_version = "8.12.0"
+min_stack_comments = "Breaking change at 8.12.0 for the Github Integration."
 
 [rule]
 author = ["Elastic"]

rules_building_block/execution_github_repo_interaction_from_new_ip.toml

@@ -3,7 +3,9 @@ bypass_bbr_timing = true
 creation_date = "2023/10/11"
 integration = ["github"]
 maturity = "production"
-updated_date = "2024/05/21"
+updated_date = "2024/11/27"
+min_stack_version = "8.12.0"
+min_stack_comments = "Breaking change at 8.12.0 for the Github Integration."
 
 [rule]
 author = ["Elastic"]

rules_building_block/impact_github_member_removed_from_organization.toml

@@ -3,7 +3,9 @@ bypass_bbr_timing = true
 creation_date = "2023/10/11"
 integration = ["github"]
 maturity = "production"
-updated_date = "2024/05/21"
+updated_date = "2024/11/27"
+min_stack_version = "8.12.0"
+min_stack_comments = "Breaking change at 8.12.0 for the Github Integration."
 
 [rule]
 author = ["Elastic"]

rules_building_block/impact_github_pat_access_revoked.toml

@@ -3,7 +3,9 @@ bypass_bbr_timing = true
 creation_date = "2023/10/11"
 integration = ["github"]
 maturity = "production"
-updated_date = "2024/05/21"
+updated_date = "2024/11/27"
+min_stack_version = "8.12.0"
+min_stack_comments = "Breaking change at 8.12.0 for the Github Integration."
 
 [rule]
 author = ["Elastic"]

rules_building_block/impact_github_user_blocked_from_organization.toml

@@ -3,7 +3,9 @@ bypass_bbr_timing = true
 creation_date = "2023/10/11"
 integration = ["github"]
 maturity = "production"
-updated_date = "2024/05/21"
+updated_date = "2024/11/27"
+min_stack_version = "8.12.0"
+min_stack_comments = "Breaking change at 8.12.0 for the Github Integration."
 
 [rule]
 author = ["Elastic"]

rules_building_block/initial_access_github_new_ip_address_for_pat.toml

@@ -3,7 +3,9 @@ bypass_bbr_timing = true
 creation_date = "2023/10/11"
 integration = ["github"]
 maturity = "production"
-updated_date = "2024/05/21"
+updated_date = "2024/11/27"
+min_stack_version = "8.12.0"
+min_stack_comments = "Breaking change at 8.12.0 for the Github Integration."
 
 [rule]
 author = ["Elastic"]

rules_building_block/initial_access_github_new_ip_address_for_user.toml

@@ -3,7 +3,9 @@ bypass_bbr_timing = true
 creation_date = "2023/10/11"
 integration = ["github"]
 maturity = "production"
-updated_date = "2024/05/21"
+updated_date = "2024/11/27"
+min_stack_version = "8.12.0"
+min_stack_comments = "Breaking change at 8.12.0 for the Github Integration."
 
 [rule]
 author = ["Elastic"]

rules_building_block/initial_access_github_new_user_agent_for_pat.toml

@@ -3,7 +3,9 @@ bypass_bbr_timing = true
 creation_date = "2023/10/11"
 integration = ["github"]
 maturity = "production"
-updated_date = "2024/05/21"
+updated_date = "2024/11/27"
+min_stack_version = "8.12.0"
+min_stack_comments = "Breaking change at 8.12.0 for the Github Integration."
 
 [rule]
 author = ["Elastic"]

rules_building_block/initial_access_github_new_user_agent_for_user.toml

@@ -3,7 +3,9 @@ bypass_bbr_timing = true
 creation_date = "2023/10/11"
 integration = ["github"]
 maturity = "production"
-updated_date = "2024/05/21"
+updated_date = "2024/11/27"
+min_stack_version = "8.12.0"
+min_stack_comments = "Breaking change at 8.12.0 for the Github Integration."
 
 [rule]
 author = ["Elastic"]

rules_building_block/persistence_github_new_pat_for_user.toml

@@ -3,7 +3,9 @@ bypass_bbr_timing = true
 creation_date = "2023/10/11"
 integration = ["github"]
 maturity = "production"
-updated_date = "2024/05/21"
+updated_date = "2024/11/27"
+min_stack_version = "8.12.0"
+min_stack_comments = "Breaking change at 8.12.0 for the Github Integration."
 
 [rule]
 author = ["Elastic"]

rules_building_block/persistence_github_new_user_added_to_organization.toml

@@ -3,7 +3,9 @@ bypass_bbr_timing = true
 creation_date = "2023/10/11"
 integration = ["github"]
 maturity = "production"
-updated_date = "2024/05/21"
+updated_date = "2024/11/27"
+min_stack_version = "8.12.0"
+min_stack_comments = "Breaking change at 8.12.0 for the Github Integration."
 
 [rule]
 author = ["Elastic"]