e4856d3c2c
Refresh ecs, beats, integration manifests & schemas ( #4699 )
2025-05-05 23:06:40 +05:30
e8c54169a4
Prep main for 9.1 ( #4555 )
...
* Prep for Release 9.1
* Update Patch Version
* Update Patch version
* Update Patch version
2025-03-26 11:04:14 -04:00
c0f12ddecf
[Rule Tuning] Tighten Up Windows EventLog Indexes, Improve tags ( #4464 )
...
* [Rule Tuning] Tighten Up Windows EventLog Indexes, Improve tags
* Format & order
* Update pyproject.toml
* Update credential_access_cookies_chromium_browsers_debugging.toml
2025-02-19 12:54:31 -03:00
fe8c81d762
[FR] Generate investigation guides ( #4358 )
2025-01-22 11:17:38 -06:00
81292aee8a
[Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 1 ( #4220 )
...
* [Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 1
* Update Integrations unit tests
* Update test_all_rules.py
2024-11-04 11:32:22 -03:00
275c7288a3
Add testcase to check for related_integrations based on index ( #4096 )
2024-10-22 00:17:30 +05:30
2c07e88c07
[Rule Tuning] Fix double bumps caused by Windows Integration Update ( #4156 )
2024-10-15 23:57:44 +05:30
f5069763b6
[Rule Tuning] Add System tag to DRs ( #3968 )
...
* [Rule Tuning] Add System tag to DRs
* bump
2024-08-09 11:14:33 -03:00
54d5b442cf
[Rule Tuning] Add Initial Microsoft Defender for Endpoint Compatibility to Windows DRs ( #3825 )
...
* [Rule Tuning] Add Initial Microsoft Defender for Endpoint Compatibility to Windows DRs
* .
* Update integration-schemas.json.gz
* Fix integration manifests
2024-06-26 11:06:27 -03:00
0a69c19c83
Update Minstack versions for SentinelOne rules ( #3777 )
2024-06-11 18:58:26 +05:30
2c3dbfc039
Revert "Back-porting Version Trimming ( #3681 )"
...
This reverts commit 71d2c59b5c
2024-05-22 13:51:46 -05:00
71d2c59b5c
Back-porting Version Trimming ( #3681 )
2024-05-23 00:11:50 +05:30
d023ad66b1
[Rule Tuning] Add Initial SentinelOne Compatibility to Windows DRs ( #3627 )
...
* [Rule Tuning] Add Initial SentinelOne Compatibility
* updated definitions.py; updated tags; fixed unit tests
* added prerelease versions for s1 integration; updated build CLI commands to allow prerelease; bumped min-stacks
* updating manifests and integrations
* fixing flake errors
* min_stack
---------
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com >
Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co >
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com >
2024-05-20 09:50:57 -03:00
b47b91b9ec
[Rule Tuning] Tighten up Indexes of Elastic Defend Windows Rules ( #3549 )
...
* [Rule Tuning] Tighten up Indexes of Elastic Defend Windows Rules
* Delete test.pkl
---------
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com >
2024-04-01 20:45:12 -03:00
d7aff43621
[New] Suspicious Execution via ScreenConnect ( #3541 )
...
* [New] Suspicious Execution via ScreenConnect
- Suspicious ScreenConnect Client Child Process (limited to known suspicious patterns)
- ScreenConnect Server Spawning Suspicious Processes (webshell access via ScreenConnect server)
* Update command_and_control_screenconnect_childproc.toml
* Update rules/windows/initial_access_webshell_screenconnect_server.toml
* Update rules/windows/command_and_control_screenconnect_childproc.toml
* Update rules/windows/command_and_control_screenconnect_childproc.toml
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com >
* Update command_and_control_screenconnect_childproc.toml
* Update command_and_control_screenconnect_childproc.toml
---------
Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com >
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com >
2024-03-27 11:52:47 +00:00
shashank-elastic