 shashank-elastic
|
2a48db0598
|
Setup information for Linux Rules - Set5 (#3188)
|
2023-10-17 19:11:20 +05:30 |
|
|
Jonhnathan
|
4233fef238
|
[Security Content] Include "Data Source: Elastic Defend" tag (#3002)
* win folder
* Other folders
* Update test_all_rules.py
* .
* updated missing elastic defend tags
---------
Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co>
|
2023-09-05 14:22:01 -04:00 |
|
|
Ruben Groenewoud
|
a1716bd673
|
[Rule Tuning] Several rule tunings (#3024)
* [Rule Tuning] Several rule tunings
* Added 1 more
* optimized ransomware encryption rules
* Update rules/linux/impact_potential_linux_ransomware_file_encryption.toml
* Update rules/linux/impact_potential_linux_ransomware_note_detected.toml
* Added 2 more tunings based on todays telemetry
* Some tunings
* Tuning
* Tuning
* fixed user.id comparison
* Something went wrong with deprecation
* Something went wrong with deprecation
* Update rules/linux/impact_potential_linux_ransomware_file_encryption.toml
* Update rules/linux/discovery_linux_nping_activity.toml
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
* Update rules/linux/discovery_linux_hping_activity.toml
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
* Dedeprecated the rule to deprecate later
---------
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
|
2023-08-25 14:03:29 +02:00 |
|
|
Ruben Groenewoud
|
e5d6d6e4a7
|
[New Rule] sus cmds executed by unknown executable (#2858)
* [New Rule] sus cmds executed by unknown executable
* added an event.action filter
* Added endgame support, fixed stack version comment
* Update execution_suspicious_executable_running_system_commands.toml
* Update rules/linux/execution_suspicious_executable_running_system_commands.toml
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
* Update execution_suspicious_executable_running_system_commands.toml
---------
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
|
2023-07-06 17:32:56 +02:00 |
|