Flared · ireydiak · Jan 6, 2026 · Dec 15, 2025
diff --git a/Solutions/Flare/Analytic Rules/FlareCloudBucket.yaml b/Solutions/Flare/Analytic Rules/FlareCloudBucket.yaml
@@ -7,7 +7,7 @@ status: Available
 requiredDataConnectors:
   - connectorId: Flare
     dataTypes:
-      - Firework_CL
+      - FireworkV2_CL
 queryFrequency: 1h
 queryPeriod: 1h
 triggerOperator: gt
@@ -17,7 +17,7 @@ tactics:
 relevantTechniques:
   - T1593
 query: |
-  Firework_CL
+  FireworkV2_CL
   | where source_s contains "Grayhat_warfare" and (risk_score_d == "3" or risk_score_d == "4" or risk_score_d == "5")
-version: 1.0.1
-kind: Scheduled
+version: 2.0.0
+kind: Scheduled
diff --git a/Solutions/Flare/Analytic Rules/FlareCredentialLeaks.yaml b/Solutions/Flare/Analytic Rules/FlareCredentialLeaks.yaml
@@ -7,7 +7,7 @@ status: Available
 requiredDataConnectors:
   - connectorId: Flare
     dataTypes:
-      - Firework_CL
+      - FireworkV2_CL
 queryFrequency: 1h
 queryPeriod: 1h
 triggerOperator: gt
@@ -17,7 +17,7 @@ tactics:
 relevantTechniques:
   - T1110
 query: |
-  Firework_CL
+  FireworkV2_CL
   | where notempty(data_new_leaks_s) and source_s != 'stealer_logs_samples'
-version: 1.0.2
-kind: Scheduled
+version: 2.0.0
+kind: Scheduled
diff --git a/Solutions/Flare/Analytic Rules/FlareDarkweb.yaml b/Solutions/Flare/Analytic Rules/FlareDarkweb.yaml
diff --git a/Solutions/Flare/Analytic Rules/FlareDork.yaml b/Solutions/Flare/Analytic Rules/FlareDork.yaml
@@ -7,7 +7,7 @@ status: Available
 requiredDataConnectors:
   - connectorId: Flare
     dataTypes:
-      - Firework_CL
+      - FireworkV2_CL
 queryFrequency: 1h
 queryPeriod: 1h
 triggerOperator: gt
@@ -17,7 +17,7 @@ tactics:
 relevantTechniques:
   - T1593
 query: |
-  Firework_CL
+  FireworkV2_CL
   | where source_s contains "google_search" and (risk_score_d == "3" or risk_score_d == "4" or risk_score_d == "5")
-version: 1.0.1
-kind: Scheduled
+version: 2.0.0
+kind: Scheduled
diff --git a/Solutions/Flare/Analytic Rules/FlareHost.yaml b/Solutions/Flare/Analytic Rules/FlareHost.yaml
@@ -7,7 +7,7 @@ status: Available
 requiredDataConnectors:
   - connectorId: Flare
     dataTypes:
-      - Firework_CL
+      - FireworkV2_CL
 queryFrequency: 1h
 queryPeriod: 1h
 triggerOperator: gt
@@ -17,7 +17,7 @@ tactics:
 relevantTechniques:
   - T1596
 query: |
-  Firework_CL
+  FireworkV2_CL
   | where source_s contains "driller_shodan" and (risk_score_d == "3" or risk_score_d == "4" or risk_score_d == "5")
-version: 1.0.1
-kind: Scheduled
+version: 2.0.0
+kind: Scheduled
diff --git a/Solutions/Flare/Analytic Rules/FlareInfectedDevice.yaml b/Solutions/Flare/Analytic Rules/FlareInfectedDevice.yaml
@@ -7,7 +7,7 @@ status: Available
 requiredDataConnectors:
   - connectorId: Flare
     dataTypes:
-      - Firework_CL
+      - FireworkV2_CL
 queryFrequency: 1h
 queryPeriod: 1h
 triggerOperator: gt
@@ -17,7 +17,7 @@ tactics:
 relevantTechniques:
   - T1555
 query: |
-  Firework_CL
+  FireworkV2_CL
   | where category_name_s contains "Infected Device" or source_s=="genesis_market" and (risk_score_d == "3" or risk_score_d == "4" or risk_score_d == "5")
-version: 1.0.1
-kind: Scheduled
+version: 2.0.0
+kind: Scheduled
diff --git a/Solutions/Flare/Analytic Rules/FlarePaste.yaml b/Solutions/Flare/Analytic Rules/FlarePaste.yaml
@@ -7,7 +7,7 @@ status: Available
 requiredDataConnectors:
   - connectorId: Flare
     dataTypes:
-      - Firework_CL
+      - FireworkV2_CL
 queryFrequency: 1h
 queryPeriod: 1h
 triggerOperator: gt
@@ -17,7 +17,7 @@ tactics:
 relevantTechniques:
   - T1593
 query: |
-  Firework_CL
+  FireworkV2_CL
   | where source_s in ("gist_github","Pastebin","driller_stackexchange") and (risk_score_d == "3" or risk_score_d == "4" or risk_score_d == "5")
-version: 1.0.1
-kind: Scheduled
+version: 2.0.0
+kind: Scheduled
diff --git a/Solutions/Flare/Analytic Rules/FlareSSLcert.yaml b/Solutions/Flare/Analytic Rules/FlareSSLcert.yaml
@@ -7,7 +7,7 @@ status: Available
 requiredDataConnectors:
   - connectorId: Flare
     dataTypes:
-      - Firework_CL
+      - FireworkV2_CL
 queryFrequency: 1h
 queryPeriod: 1h
 triggerOperator: gt
@@ -17,7 +17,7 @@ tactics:
 relevantTechniques:
   - T1583
 query: |
-  Firework_CL
+  FireworkV2_CL
   | where source_s contains "certstream" and (risk_score_d == "3" or risk_score_d == "4" or risk_score_d == "5")
-version: 1.0.1
-kind: Scheduled
+version: 2.0.0
+kind: Scheduled
diff --git a/Solutions/Flare/Analytic Rules/FlareSourceCode.yaml b/Solutions/Flare/Analytic Rules/FlareSourceCode.yaml
@@ -7,7 +7,7 @@ status: Available
 requiredDataConnectors:
   - connectorId: Flare
     dataTypes:
-      - Firework_CL
+      - FireworkV2_CL
 queryFrequency: 1h
 queryPeriod: 1h
 triggerOperator: gt
@@ -17,7 +17,7 @@ tactics:
 relevantTechniques:
   - T1593
 query: |
-  Firework_CL
+  FireworkV2_CL
   | where source_s contains "driller_github" and (risk_score_d == "3" or risk_score_d == "4" or risk_score_d == "5")
-version: 1.0.1
-kind: Scheduled
+version: 2.0.0
+kind: Scheduled
diff --git a/Solutions/Flare/Data Connectors/Connector_REST_API_FlareSystemsFirework.json b/Solutions/Flare/Data Connectors/Connector_REST_API_FlareSystemsFirework.json