 Ruben Groenewoud
|
80ee91b0f2
|
[Rule Tuning] Linux DR Tuning - 11 (#5511)
* [Rule Tuning] Linux DR Tuning - 11
* Update privilege_escalation_potential_suid_sgid_exploitation.toml
* Update rules/linux/privilege_escalation_suspicious_uid_guid_elevation.toml
* Update privilege_escalation_docker_escape_via_nsenter.toml
---------
Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
|
2026-01-07 16:31:13 +01:00 |
|
|
shashank-elastic
|
9b292b97ea
|
Prep 8.19/9.1 (#4869)
* Prep 8.19/9.1 Release
* Download Beats Schema
* Download API Schema
* Download 8.18.3 Beats Schema
* Download Latest Integrations manifest and schema
* Comment old schemas
* Update Patch version
|
2025-07-07 11:27:48 -04:00 |
|
|
Jonhnathan
|
0268daa17d
|
[Rule Tuning] Tighten Up Elastic Defend Indexes - Linux (#4446)
|
2025-02-05 15:25:45 -03:00 |
|
|
Mika Ayenson
|
fe8c81d762
|
[FR] Generate investigation guides (#4358)
|
2025-01-22 11:17:38 -06:00 |
|
|
shashank-elastic
|
f0291b440a
|
Minstack endpoint rules with process.group.id fields (#4294)
|
2024-12-10 21:03:32 +05:30 |
|
|
Ruben Groenewoud
|
ac6a49eeea
|
[Rule Tuning] Q2 Linux DR Tuning - Part 6 (#4167)
|
2024-10-18 16:25:54 +02:00 |
|
|
Mika Ayenson
|
b80d8342d6
|
[Docs | Rule Tuning] Add blog references to rules (#4097)
* [Docs | Rule Tuning] Add blog references to rules
* Apply suggestions from code review
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
* Apply suggestions from code review
* Update google_workspace blog references
* add okta blog references
* Update dates
---------
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
|
2024-09-25 15:19:20 -05:00 |
|
|
Ruben Groenewoud
|
c3ba7b1262
|
[New Rule] Privilege Escalation via SUID/SGID (#3793)
* [New Rule] Privilege Escalation via SUID/SGID
* unit test error fix?
* Update rules/linux/privilege_escalation_potential_suid_sgid_exploitation.toml
|
2024-06-27 16:50:09 +02:00 |
|