[Rule Tuning] GenAI DR Tuning (#5506)
This commit is contained in:
Mika Ayenson, PhD
committed by
GitHub
GitHub
parent
b39cfc34e6
commit
f123ffa0f8
@@ -2,7 +2,7 @@
|
||||
creation_date = "2025/12/04"
|
||||
integration = ["endpoint"]
|
||||
maturity = "production"
|
||||
updated_date = "2025/12/04"
|
||||
updated_date = "2026/01/08"
|
||||
|
||||
[rule]
|
||||
author = ["Elastic"]
|
||||
@@ -72,7 +72,7 @@ timestamp_override = "event.ingested"
|
||||
type = "new_terms"
|
||||
|
||||
query = '''
|
||||
event.category:network and host.os.type:macos and
|
||||
event.category:network and host.os.type:macos and event.action:connection_attempted and
|
||||
process.name:(
|
||||
Claude or "Claude Helper" or "Claude Helper (Plugin)" or Copilot or Cursor or
|
||||
"Cursor Helper" or "Cursor Helper (Plugin)" or GPT4All or Jan or "Jan Helper" or
|
||||
@@ -95,7 +95,9 @@ process.name:(
|
||||
*.lmstudio.ai or *.microsoft.com or *.mixpanel.com or *.msedge.net or *.npmjs.com or
|
||||
*.npmjs.org or *.ollama.ai or *.ollama.com or *.openai.com or *.pypi.org or
|
||||
*.r2.cloudflarestorage.com or *.segment.io or *.sentry.io or *.visualstudio.com or
|
||||
*.vsassets.io or *.vscode-cdn.net or *.windsurf.ai or *.x.ai or *.yarnpkg.com
|
||||
*.vsassets.io or *.vscode-cdn.net or *.windsurf.ai or *.x.ai or *.yarnpkg.com or
|
||||
*.cartocdn.com or *.chatgpt.com or *.ggpht.com or *.recaptcha.net or *.shields.io or
|
||||
*.travis-ci.com or *.travis-ci.org or *.ytimg.com or flagcdn.com or opencollective.com
|
||||
))
|
||||
'''
|
||||
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
creation_date = "2025/12/04"
|
||||
integration = ["endpoint"]
|
||||
maturity = "production"
|
||||
updated_date = "2025/12/04"
|
||||
updated_date = "2026/01/08"
|
||||
|
||||
[rule]
|
||||
author = ["Elastic"]
|
||||
@@ -123,6 +123,10 @@ file where event.action in ("open", "creation", "modification") and event.outcom
|
||||
"known_hosts",
|
||||
"KeePass.config.xml",
|
||||
"Unattended.xml")
|
||||
) and not (
|
||||
host.os.type == "windows" and
|
||||
process.name : ("claude.exe", "Claude") and
|
||||
file.path : "?:\\Users\\*\\AppData\\Roaming\\Claude\\Local State"
|
||||
)
|
||||
'''
|
||||
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
creation_date = "2025/12/04"
|
||||
integration = ["endpoint"]
|
||||
maturity = "production"
|
||||
updated_date = "2025/12/04"
|
||||
updated_date = "2026/01/08"
|
||||
|
||||
[rule]
|
||||
author = ["Elastic"]
|
||||
@@ -22,7 +22,7 @@ note = """## Triage and analysis
|
||||
|
||||
### Investigating Unusual Process Modifying GenAI Configuration File
|
||||
|
||||
Configuration files for GenAI tools like Cursor, Claude, Copilot, and Ollama control which MCP servers, plugins, and extensions are loaded. Attackers target these files to inject malicious MCP servers that execute arbitrary commands, exfiltrate data, or establish persistence. Threats include external processes (malware, compromised scripts, supply chain attacks) directly modifying configs, as well as prompt injection attacks that abuse the AI tool's own file access capabilities.
|
||||
Configuration files for GenAI tools like Cursor, Claude, Copilot, and Ollama control which MCP servers, plugins, and extensions are loaded. Attackers target these files to inject malicious MCP servers that execute arbitrary commands, exfiltrate data, or establish persistence. Threats include external processes (malware, compromised scripts, supply chain attacks) directly modifying configs, as well as prompt injection attacks that abuse the AI tool's own file access capabilities.
|
||||
|
||||
### Possible investigation steps
|
||||
|
||||
@@ -36,9 +36,10 @@ Configuration files for GenAI tools like Cursor, Claude, Copilot, and Ollama con
|
||||
|
||||
### False positive analysis
|
||||
|
||||
- Novel but legitimate configuration changes will trigger this rule when the process/file combination hasn't been seen in 7 days. Review the modified file content to determine legitimacy.
|
||||
- Novel but legitimate configuration changes will trigger this rule when the process hasn't been seen modifying these files within the configured history window. Review the modified file content to determine legitimacy.
|
||||
- GenAI tool updates may modify config files in new ways; correlate with recent software updates.
|
||||
- IDE extensions integrating with GenAI tools may modify configs as part of initial setup.
|
||||
- Developer tools (git, go, npm) checking out or downloading projects containing `.gemini/` or `.claude/` directories may trigger alerts. These are project-level configs, not user configs - verify by checking if the path is within a project directory.
|
||||
|
||||
### Response and remediation
|
||||
|
||||
@@ -81,6 +82,13 @@ file.path : (
|
||||
*/.grok/* or */AppData/Roaming/Grok/* or
|
||||
*/.windsurf/* or */AppData/Roaming/Windsurf/* or
|
||||
*/.vscode/extensions/*mcp*
|
||||
) and not (
|
||||
file.extension : (lck or lock) or
|
||||
(
|
||||
file.path : */.config/github-copilot/* and
|
||||
file.name : (apps.json or versions.json or copilot*nitrite.db)
|
||||
|
||||
)
|
||||
)
|
||||
'''
|
||||
|
||||
@@ -116,5 +124,3 @@ value = ["process.executable"]
|
||||
[[rule.new_terms.history_window_start]]
|
||||
field = "history_window_start"
|
||||
value = "now-7d"
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user