Updates to ADS (wagov#401)

* T1566.001 - QR Code Phishing Attachment (Quishing) - Updated the KQL with Recipient Email address

* # NSA, FBI, CISA, and Japanese Partners Release Advisory on PRC-Linked Cyber Actors - 20230928002

* Apple releases Critical Updates for Known Exploited vulnerabilities - 20231009003

* Apple releases Critical Updates for Known Exploited vulnerabilities - 20231009001

* Update T1566.001-QR-CodePhishingAttachment(Quishing).md

Updated the document version number to 1.0

* Citrix Releases Security Updates for Multiple Products - 20231012001

* Updated Citrix Releases Security Updates for Multiple Products - 20231012001

* Updated Citrix Releases Security Updates for Multiple Products - 20231012001

* Added new ADS and updates

* Updated Advisory number for Citrix advisory

* Updated ADSs with macros for MITRE URL's

* Updates libraries and requirement.txt

* Removed macros for Software ID related ADS's

* Added marcos to retrieve MITRE URL's

* Updated requirements.txt with BeautifulSoup4 req

* 20231023005-SolarWinds-ARM-ThreeCriticalRCEVulnerabilities.md

* Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities - 20231025001

* VMware vCenter Server updates address out-of-bounds write and information disclosure vulnerabilities - 20231026001

* Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature - 20231027004

* Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature - 20231027004

* Apple Releases Security Advisories for Multiple Products - 20231027005

* Updated CVSS score of CVE-2023-4966 - 20231012003

* Improper Authorization Vulnerability In Confluence Data Center and Server - 20231101002

* Added logic to resolve links to MITRE tactics

* Added new ADS's and updated existing ones

* Updated entry to hide Lateral Movement - Webservers in Guidelines table

* New Microsoft Exchange zero-days allow RCE, data theft attacks - 20231106002

* Updated ADS formatting and KQL Syntax's

* Updated ADS formatting and KQL Syntax's

* Minor updates to formatting

* updates to ads

* Updates to ADS

* Minor updates to ADS

* Updated ADS

* Updates to ADS

* Updated ADS

* Minor updates to ADS's

* Updates to ADSs

* Atlassian Confluence Data Center and Server Improper Authorization Vulnerability - 20231108001

* Updated Linux Webshell indicator ADS

* Updated the Technique ID in Linux Webshell Indicators

---------

Co-authored-by: Joshua Hitchen (DGov) <86041569+DGovEnterprise@users.noreply.github.com>
Co-authored-by: Adon Metcalfe <adon.metcalfe@dpc.wa.gov.au>

docs/guidelines/TTP_Hunt/ADS_forms/T1505.003-LinuxWebshellIndicators.md

@@ -14,7 +14,7 @@ Detects suspicious linux sub processes of web server processes.
 common persistence - Linux
 
 #### ATT&CK TACTICS
-{{ mitre("T1505")}}
+{{ mitre("T1505.003")}}
 
 Data Source(s): [Process](https://attack.mitre.org/datasources/DS0009/)
 
@@ -25,7 +25,6 @@ let selection_tomcat = dynamic(['/bin/java','tomcat']);
 let selection_websphere = dynamic(['/bin/java','websphere']);
 let sub_processes= @"/(whoami|ifconfig|ip|bin/uname|bin/cat|bin/crontab|hostname|iptables|netstat|pwd|route)$";
 DeviceProcessEvents
-| where TimeGenerated > ago(30d)
 | where InitiatingProcessFolderPath matches regex selection_general or InitiatingProcessCommandLine has_all (selection_tomcat) or InitiatingProcessCommandLine has_all (selection_websphere)
 | where FolderPath matches regex sub_processes
 //| summarize count(), earliest_time=min(TimeGenerated), set_DeviceName=make_set(DeviceName) by TenantId, InitiatingProcessFolderPath,InitiatingProcessCommandLine, FolderPath, ProcessCommandLine, SHA256
@@ -41,4 +40,4 @@ DeviceProcessEvents
 1. Web applications that invoke Linux command line tools  
 
 #### VERSION  
-Version 1.1 (date: 08/11/2023)
+Version 1.2 (date: 09/11/2023)