chore: promote older rules status from experimental to test

Author: marvi

rules-emerging-threats/2022/Exploits/CVE-2022-41120/proc_creation_win_exploit_cve_2022_41120_sysmon_eop.yml

@@ -1,6 +1,6 @@
 title: Suspicious Sysmon as Execution Parent
 id: 6d1058a4-407e-4f3a-a144-1968c11dc5c3
-status: experimental
+status: test
 description: Detects suspicious process executions in which Sysmon itself is the parent of a process, which could be a sign of exploitation (e.g. CVE-2022-41120)
 references:
     - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41120

rules-emerging-threats/2022/Exploits/CVE-2022-42475/fortios_sslvpnd_exploit_cve_2022_42475_exploitation_indicators.yml

@@ -1,6 +1,6 @@
 title: Exploitation Indicator Of CVE-2022-42475
 id: 293ccb8c-bed8-4868-8296-bef30e303b7e
-status: experimental
+status: test
 description: Detects exploitation indicators of CVE-2022-42475 a heap-based buffer overflow in sslvpnd.
 references:
     - https://www.fortiguard.com/psirt/FG-IR-22-398

rules-emerging-threats/2023/Exploits/CVE-2023-20198/cisco_syslog_cve_2023_20198_ios_xe_web_ui.yml

@@ -1,6 +1,6 @@
 title: Exploitation Indicators Of CVE-2023-20198
 id: 2ece8816-b7a0-4d9b-b0e8-ae7ad18bc02b
-status: experimental
+status: test
 description: Detecting exploitation indicators of CVE-2023-20198 a privilege escalation vulnerability in Cisco IOS XE Software Web UI.
 references:
     - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z

rules-emerging-threats/2023/Exploits/CVE-2023-22518/proc_creation_lnx_exploit_cve_2023_22518_confluence_java_child_proc.yml

@@ -3,7 +3,7 @@ id: f8987c03-4290-4c96-870f-55e75ee377f4
 related:
     - id: 1ddaa9a4-eb0b-4398-a9fe-7b018f9e23db
       type: similar
-status: experimental
+status: test
 description: |
     Detects exploitation attempt of CVE-2023-22518 (Confluence Data Center / Confluence Server), where an attacker can exploit vulnerable endpoints to e.g. create admin accounts and execute arbitrary commands.
 references:

rules-emerging-threats/2023/Exploits/CVE-2023-22518/proc_creation_win_exploit_cve_2023_22518_confluence_tomcat_child_proc.yml

@@ -3,7 +3,7 @@ id: 1ddaa9a4-eb0b-4398-a9fe-7b018f9e23db
 related:
     - id: f8987c03-4290-4c96-870f-55e75ee377f4
       type: similar
-status: experimental
+status: test
 description: |
     Detects exploitation attempt of CVE-2023-22518 (Confluence Data Center / Confluence Server), where an attacker can exploit vulnerable endpoints to e.g. create admin accounts and execute arbitrary commands.
 references:

rules-emerging-threats/2023/Exploits/CVE-2023-22518/proxy_exploit_cve_2023_22518_confluence_auth_bypass.yml

@@ -3,7 +3,7 @@ id: 27d2cdde-9778-490e-91ec-9bd0be6e8cc6
 related:
     - id: a902d249-9b9c-4dc4-8fd0-fbe528ef965c
       type: similar
-status: experimental
+status: test
 description: |
     Detects exploitation attempt of CVE-2023-22518 (Confluence Data Center / Confluence Server), where an attacker can exploit vulnerable endpoints to e.g. create admin accounts and execute arbitrary commands.
 references:

rules-emerging-threats/2023/Exploits/CVE-2023-22518/web_exploit_cve_2023_22518_confluence_auth_bypass.yml

@@ -3,7 +3,7 @@ id: a902d249-9b9c-4dc4-8fd0-fbe528ef965c
 related:
     - id: 27d2cdde-9778-490e-91ec-9bd0be6e8cc6
       type: similar
-status: experimental
+status: test
 description: |
     Detects exploitation attempt of CVE-2023-22518 (Confluence Data Center / Confluence Server), where an attacker can exploit vulnerable endpoints to e.g. create admin accounts and execute arbitrary commands.
 references:

rules-emerging-threats/2023/Exploits/CVE-2023-27363/file_event_win_cve_2023_27363_foxit_rce.yml

@@ -1,6 +1,6 @@
 title: Potential CVE-2023-27363 Exploitation - HTA File Creation By FoxitPDFReader
 id: 9cae055f-e1d2-4f81-b8a5-1986a68cdd84
-status: experimental
+status: test
 description: Detects suspicious ".hta" file creation in the startup folder by Foxit Reader. This can be an indication of CVE-2023-27363 exploitation.
 references:
     - https://github.com/j00sean/SecBugs/tree/ff72d553f75d93e1a0652830c0f74a71b3f19c46/CVEs/CVE-2023-27363

rules-emerging-threats/2023/Exploits/CVE-2023-36874/file_event_win_exploit_cve_2023_36874_wermgr_creation.yml

@@ -1,6 +1,6 @@
 title: Potential CVE-2023-36874 Exploitation - Fake Wermgr.Exe Creation
 id: ad0960eb-0015-4d16-be13-b3d9f18f1342
-status: experimental
+status: test
 description: Detects the creation of a file named "wermgr.exe" being created in an uncommon directory. This could be a sign of potential exploitation of CVE-2023-36874.
 references:
     - https://github.com/Wh04m1001/CVE-2023-36874

rules-emerging-threats/2023/Exploits/CVE-2023-38831/proc_creation_win_exploit_cve_2023_38831_winrar_child_proc.yml

@@ -3,7 +3,7 @@ id: ec3a3c2f-9bb0-4a9b-8f4b-5ec386544343
 related:
     - id: e4556676-fc5c-4e95-8c39-5ef27791541f
       type: similar
-status: experimental
+status: test
 description: Detects exploitation attempt of CVE-2023-38331 (WinRAR before v6.23), where an attacker can leverage WinRAR to execute arbitrary commands and binaries.
 references:
     - https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/