 Mika Ayenson, PhD
|
8993d1450b
|
[Rule Tuning] Add Supplemental Mitre Mappings (#5876)
---------
Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co>
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
Co-authored-by: eric-forte-elastic <eric.forte@elastic.co>
|
2026-04-01 09:12:42 -05:00 |
|
|
Ruben Groenewoud
|
473df70fbb
|
[Rule Tuning] Linux DR Tuning - 5 (#5494)
* [Rule Tuning] Linux DR Tuning - 5
* Fix query syntax for shared object detection rule
* Update defense_evasion_kernel_module_removal.toml
* Fix condition for process working directory check
* Refactor query in defense_evasion_symlink_binary rule
---------
Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
|
2026-01-07 15:55:06 +01:00 |
|
|
Ruben Groenewoud
|
be3af09d9d
|
[Rule Tuning] Misc. Linux Community Tunings (#5160)
* [Rule Tuning] Misc. Linux Community Tunings
* ++
* Fix query syntax in execution_unusual_path_invocation rule
* Refactor process.parent conditions for clarity
|
2025-10-06 12:05:59 +02:00 |
|
|
shashank-elastic
|
3966981dae
|
Add investigation guides (#4600)
|
2025-04-07 20:55:39 +05:30 |
|
|
Ruben Groenewoud
|
06002cd9ac
|
[New Rule] Kill Command Execution (#4485)
* [New Rule] Kill Command Execution
* Update defense_evasion_kill_command_executed.toml
---------
Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
|
2025-02-28 11:26:50 +01:00 |
|