e8c54169a4
Prep main for 9.1 ( #4555 )
...
* Prep for Release 9.1
* Update Patch Version
* Update Patch version
* Update Patch version
2025-03-26 11:04:14 -04:00
c0f12ddecf
[Rule Tuning] Tighten Up Windows EventLog Indexes, Improve tags ( #4464 )
...
* [Rule Tuning] Tighten Up Windows EventLog Indexes, Improve tags
* Format & order
* Update pyproject.toml
* Update credential_access_cookies_chromium_browsers_debugging.toml
2025-02-19 12:54:31 -03:00
15177246cc
[Rule Tuning] Windows - Improve Index Pattern Consistency ( #4462 )
2025-02-17 07:04:34 -03:00
fe8c81d762
[FR] Generate investigation guides ( #4358 )
2025-01-22 11:17:38 -06:00
a743b9c8c4
[Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 6 ( #4231 )
...
* [Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 6
* Update credential_access_cmdline_dump_tool.toml
* Update defense_evasion_powershell_windows_firewall_disabled.toml
* Revert "Update defense_evasion_powershell_windows_firewall_disabled.toml"
This reverts commit d2df2a848290425ebfe0bb5157332ad0611f726f.
* Update lateral_movement_via_wsus_update.toml
---------
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com >
2024-11-05 15:00:43 -03:00
2c07e88c07
[Rule Tuning] Fix double bumps caused by Windows Integration Update ( #4156 )
2024-10-15 23:57:44 +05:30
f5069763b6
[Rule Tuning] Add System tag to DRs ( #3968 )
...
* [Rule Tuning] Add System tag to DRs
* bump
2024-08-09 11:14:33 -03:00
25ad765acb
[Rule Tuning] Include winlogbeat index in sysmon-related rules ( #3966 )
2024-08-08 12:02:23 -03:00
2ee5ae1f19
Fix Version Bump for Related Integrations ( #3960 )
2024-08-06 18:48:24 +05:30
5536a78d89
[New Rule] Potential WSUS Abuse for Lateral Movement ( #3908 )
...
* [New Rule] Potential WSUS Abuse for Lateral Movement
* Update lateral_movement_via_wsus_update.toml
* Update lateral_movement_via_wsus_update.toml
2024-07-22 17:04:08 -03:00
shashank-elastic