 Ruben Groenewoud
|
aaf99b1873
|
[Rule Tuning] agent.id --> host.id new_terms Key Modification (#5802)
* [Rule Tuning] `agent.id` --> `host.id` Migration
* Updated_date bump
|
2026-03-02 13:24:25 +01:00 |
|
|
Ruben Groenewoud
|
e1698890a4
|
[Rule Tuning] Linux DR Tuning - 7 (#5504)
* [Rule Tuning] Linux DR Tuning - 7
* Update execution_egress_connection_from_entrypoint_in_container.toml
* Update execution_kubernetes_direct_api_request_via_curl_or_wget.toml
* Update rules/linux/execution_perl_tty_shell.toml
* Update execution_perl_tty_shell.toml
* Update rules/linux/execution_unix_socket_communication.toml
* Update execution_file_made_executable_via_chmod_inside_container.toml
* Remove duplicate Crowdstrike data source entry
---------
Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
|
2026-01-08 11:10:46 +01:00 |
|
|
Ruben Groenewoud
|
37e18af7a5
|
[Rule Tuning] Adds Crowdstrike Compatibility to Linux Process Rules (#5232)
* First batch
* Second batch
* Batch 2
|
2025-11-10 16:03:39 +01:00 |
|
|
shashank-elastic
|
7175b3ab06
|
Add investigation guides for detection rules (#4886)
|
2025-07-08 00:25:42 +05:30 |
|
|
Ruben Groenewoud
|
25dc8498ae
|
[New Rule] Suspicious Named Pipe Creation (#4681)
|
2025-05-06 17:30:38 +05:30 |
|