Feature/cleanup rules and filters

[JocLRojas]

This PR includes the following changes:

1. Updated macOS filter configuration (filters/macos/macos.yml)

• Refactored filter rules to improve log processing efficiency

Reasoning

• The macOS filter update ensures better normalization and parsing of macOS logs to align with current platform standards

2. Removed obsolete detection rules:

• rules/office365/credential_access_microsoft_365_brute_force_user_account_attempt.yml
• rules/windows/powershell_empire_detection.yml
• rules/windows/rdp_brute_force_attacks.yml

Reasoning
These detection rules have been removed because they are:

• Cause false positives or a large volume of unnecessary alerts

[github-actions]

❌ Go dependencies check failed

There are outdated Go dependencies, or modules that could not be inspected.
Run bash .github/scripts/go-deps.sh --update --discover locally and
commit the updated go.mod / go.sum files.

Script output

🔍 Discovered 25 Go projects

📦 Dependencies with updates available:

  📁 ./plugins/modules-config:
     - github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs: v1.73.0 → v1.74.0
     - github.com/crowdstrike/gofalcon: v0.20.0 → v0.20.1
     - google.golang.org/api: v0.279.0 → v0.280.0

  📁 ./plugins/gcp:
     - google.golang.org/api: v0.279.0 → v0.280.0

  📁 ./plugins/crowdstrike:
     - github.com/crowdstrike/gofalcon: v0.20.0 → v0.20.1

  📁 ./plugins/aws:
     - github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs: v1.73.0 → v1.74.0

  📁 ./installer:
     - github.com/cloudfoundry/gosigar: v1.3.118 → v1.3.119

�[0;31m❌ Please update dependencies before merging.�[0m

[github-actions]

🛑 AI review — Engineer review required

This PR touches critical paths or introduces changes the model cannot judge with sufficient confidence. @Kbayero @osmontero please review.

✅ architecture (gemini-3-flash-lite) — Tier 1 — looks clean

Summary: Removal of detection rules and minor update to macOS log filtering; no architectural impact.

No findings.

✅ bugs (gemini-3-flash-lite) — Tier 1 — looks clean

Summary: The PR removes deprecated detection rules and adds a filter to drop noisy macOS system events.

No findings.

🛑 security (gemini-3-flash-lite) — Tier 3 — engineer review required

Summary: Removal of critical security detection rules for brute force and post-exploitation frameworks.

• high rules/office365/credential_access_microsoft_365_brute_force_user_account_attempt.yml:1 — Removal of critical detection rule for Microsoft 365 brute force attacks reduces visibility into account takeover attempts.
• high rules/windows/powershell_empire_detection.yml:1 — Removal of critical detection rule for PowerShell Empire framework significantly reduces detection capabilities for post-exploitation activity.
• high rules/windows/rdp_brute_force_attacks.yml:1 — Removal of critical detection rule for RDP brute force attacks increases risk of successful unauthorized access via credential guessing.

[utmstackprapprover]

Changes requested — see approver comments above.