security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[Rule Tuning] Tighten Up Elastic Defend Indexes - Linux (#4446)

Browse Source
This commit is contained in:
Jonhnathan
2025-02-05 15:25:45 -03:00
committed by GitHub
parent ab89dfb98d
commit 0268daa17d
146 changed files with 292 additions and 292 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/linux/execution_potential_hack_tool_executed.toml
+2 -2
View File
@@ -4,7 +4,7 @@ integration = ["endpoint", "auditd_manager", "crowdstrike", "sentinel_one_cloud_
maturity = "production"
min_stack_version = "8.13.0"
min_stack_comments = "Breaking change at 8.13.0 for SentinelOne Integration."
updated_date = "2025/01/15"
updated_date = "2025/02/04"
[rule]
author = ["Elastic"]
@@ -14,7 +14,7 @@ this rule should be investigated further, as hack tools are commonly used by blu
well.
"""
from = "now-9m"
index = ["logs-endpoint.events.*", "endgame-*", "auditbeat-*", "logs-auditd_manager.auditd-*", "logs-crowdstrike.fdr*", "logs-sentinel_one_cloud_funnel.*"]
index = ["auditbeat-*", "endgame-*", "logs-auditd_manager.auditd-*", "logs-crowdstrike.fdr*", "logs-endpoint.events.process*", "logs-sentinel_one_cloud_funnel.*"]
language = "eql"
license = "Elastic License v2"
name = "Potential Linux Hack Tool Launched"