 shashank-elastic
|
63e91c2f12
|
Back-porting Version Trimming (#3704)
|
2024-05-23 00:45:10 +05:30 |
|
|
Mika Ayenson
|
2c3dbfc039
|
Revert "Back-porting Version Trimming (#3681)"
This reverts commit 71d2c59b5c.
|
2024-05-22 13:51:46 -05:00 |
|
|
shashank-elastic
|
71d2c59b5c
|
Back-porting Version Trimming (#3681)
|
2024-05-23 00:11:50 +05:30 |
|
|
Jonhnathan
|
458e67918a
|
[Security Content] Small tweaks on the setup guides (#3308)
* [Security Content] Small tweaks on the setup guides
* Additional Fixes
* Avoid touching deprecated rules
|
2024-03-11 09:09:40 -03:00 |
|
|
Ruben Groenewoud
|
3484cac7eb
|
[Tuning] Event.dataset removal & Tag Addition (#3451)
* [Tuning] Removed event.dataset and added tag
* [Tuning] Removed event.dataset and added tag
* fixed typo
---------
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
|
2024-02-20 15:18:27 +01:00 |
|
|
shashank-elastic
|
a568c56bc1
|
Move Config Guides for Pre-Built Detection Rules to Setup Field - Windows, MacOS, BBR and Cross Platform (#3157)
|
2023-10-30 16:53:04 +05:30 |
|
|
Ruben Groenewoud
|
020fff3aea
|
[Rule Tuning] Linux Rules (#3092)
* [Rule Tuning] [WIP] Linux DR
* Update defense_evasion_binary_copied_to_suspicious_directory.toml
* Fixed tag
* Added additional tuning
* unit test fix
* Additional tuning
* tuning
* added max signals
* Added max_signals=1 to brute force rules
* Cross-Platform Tuning
* Small fix
* new_terms conversion
* typo
* new_terms conversion
* Ransomware rule tuning
* performance tuning
* new_terms conversion for auditd_manager
* tune
* Need coffee
* kql/eql stuff
* formatting improvement
* new_terms sudo hijacking conversion
* exclusion
* Deprecations that were added last tuning
* Deprecations that were added last tuning
* Increased max timespan for brute force rules
* version bump
* added domain tag
* Two tunings
* More tuning
* Additional tuning
* updated_date bump
* query optimization
* Tuning
* Readded the exclusions for this one
* Changed int comparison
* Some tunings
* Update persistence_systemd_scheduled_timer_created.toml
* Update rules/linux/privilege_escalation_ld_preload_shared_object_modif.toml
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
* [New Rule] Potential curl CVE-2023-38545 Exploitation
* Revert "[New Rule] Potential curl CVE-2023-38545 Exploitation"
This reverts commit 9c04d1b53d3d63678289f43ec0c7b617d26f1ce0.
* Update rules/cross-platform/command_and_control_non_standard_ssh_port.toml
* Update rules/linux/command_and_control_cat_network_activity.toml
* Update persistence_message_of_the_day_execution.toml
* Changed max_signals
* Revert "Merge branch 'main' into rule-tuning-ongoing-dr"
This reverts commit 1106b5d2eba1a3529eff325226d6baabfd4b0bf3, reversing
changes made to 5ff510757f25b0cb32e1ef18e9e2c34c8ec325a8.
* Revertable merge
* Update defense_evasion_ld_preload_env_variable_process_injection.toml
* File name change
---------
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
|
2023-10-23 16:28:58 +02:00 |
|
|
Ruben Groenewoud
|
a1716bd673
|
[Rule Tuning] Several rule tunings (#3024)
* [Rule Tuning] Several rule tunings
* Added 1 more
* optimized ransomware encryption rules
* Update rules/linux/impact_potential_linux_ransomware_file_encryption.toml
* Update rules/linux/impact_potential_linux_ransomware_note_detected.toml
* Added 2 more tunings based on todays telemetry
* Some tunings
* Tuning
* Tuning
* fixed user.id comparison
* Something went wrong with deprecation
* Something went wrong with deprecation
* Update rules/linux/impact_potential_linux_ransomware_file_encryption.toml
* Update rules/linux/discovery_linux_nping_activity.toml
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
* Update rules/linux/discovery_linux_hping_activity.toml
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
* Dedeprecated the rule to deprecate later
---------
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
|
2023-08-25 14:03:29 +02:00 |
|