108b64f0c2
[FR] Update Detection Rules MITRE Workflow to SHA Pin ( #4581 )
...
* Update to pinned hash
* version bump
2025-04-15 09:03:34 -04:00
595d204fe6
Remove Task List reference ( #4605 )
2025-04-15 09:22:56 +05:30
e8c54169a4
Prep main for 9.1 ( #4555 )
...
* Prep for Release 9.1
* Update Patch Version
* Update Patch version
* Update Patch version
2025-03-26 11:04:14 -04:00
75b2b5cb6a
[FR] Bump changed-files Version to Patched Version ( #4542 )
...
* Bump changed-files Version to Patched Version
* patch bump
* reenable workflow
* Use full length commit hash
* Bump 44 to 46
---------
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com >
2025-03-20 12:58:21 -04:00
cd9ec7838c
[ci] Add new docs-builder automation. ( #4507 )
...
* Add new docs automation
* Add path-pattern filters for documentation folders
* Update .github/workflows/docs-build.yml
Co-authored-by: Jan Calanog <nejcalanog@gmail.com >
---------
Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com >
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com >
Co-authored-by: Jan Calanog <nejcalanog@gmail.com >
Co-authored-by: Sergey Polzunov <traut@users.noreply.github.com >
2025-03-20 17:20:27 +01:00
059d7efa25
Prep for Release 9.0 ( #4550 )
2025-03-20 20:32:07 +05:30
5ccb7ed4af
Min stack rules from 4516 ( #4549 )
2025-03-19 20:27:30 -04:00
5b3dc4a4a7
Revert "Add new ML detection rules for Privileged Access Detection ( #4516 )" ( #4548 )
...
This reverts commit 2ff8d1bb56
2025-03-19 20:08:08 -04:00
2ff8d1bb56
Add new ML detection rules for Privileged Access Detection ( #4516 )
...
Add detection-rules for privileged access detection integration
2025-03-19 11:02:28 -04:00
40a97f719f
Temporaily Disable Changed FIles Workflow ( #4538 )
...
* Temporaily Disable Changed FIles Workflow
* bump version
2025-03-14 23:42:48 -04:00
3bdda091e1
chore: use docs-dev instead of docs dir for docs ( #4522 )
...
* chore: use `docs-dev` instead of `docs` folder
* patch version bump
* Rollback an incorrect rename
* Use exact docs dir in the helper comment
* Revert some overeager renamings
* Moving `docs` to `docs-dev`
* Update Docs Paths
---------
Co-authored-by: eric-forte-elastic <eric.forte@elastic.co >
2025-03-07 14:34:51 +01:00
081bd03618
fix(ci): use negative patterns in paths instead of paths-ignore ( #4521 )
2025-03-06 13:57:41 +01:00
8854b3bea0
Ignore changes in rules/integrations except endpoint, and in _deprecated ( #4498 )
2025-03-05 12:49:46 +01:00
5f54eb8006
chore: Removing RTAs ( #4437 )
...
* Delete RTAs
* Delete RTA-related orchestration code
* Drop RTAs from tests
* Remove RTAs from README
* Further cleanup
* Readme update
* Version bump and no more RTAs
* Styling fixes
* Drop RTAs from config files
* Drop `rule-mapping.yaml`
* Bring back event collector / normalizer
* Drop rta mention
* Cleanup rta leftovers
* Style fix
---------
Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com >
2025-03-05 12:35:57 +01:00
e528feb989
chore(ci): new CI action trigger for REACT testing workflow ( #4435 )
...
* React test trigger
* Delete outdated CI trigger
* Fixing a trigger event
* Dummy rule updates
* Fix workflow name
* Fix typo in curl command
* Use correct token
* Using full workflow filename with extension
* Simplified JSON in curl request
* Using a correct value for branch
* Use a correct ref for a workflow
* Fix for invalid field name in a dispatch data
* Simplify json body
* Revert "Dummy rule updates"
This reverts commit 6c18c5b8b39702cd4106c7b46b8534c76c4c9c27.
2025-02-06 19:39:49 +01:00
80fe96109b
[New & Tuning] Persistence via GRUB Bootloader ( #4401 )
...
* [New & Tuning] Persistence via GRUB Bootloader
* testing github version code workflow update
* testing github version code workflow re-order
---------
Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co >
2025-01-27 09:58:43 +01:00
c912b78586
maintenance - remove hunting TOML files from repo version checks ( #4374 )
2025-01-14 14:45:53 -05:00
32a94dc7c7
updating token references ( #4367 )
2025-01-10 11:20:17 -05:00
46637f38a4
maintenance repository config update pt 4 ( #4364 )
2025-01-09 18:05:55 -05:00
98cef59a5b
[Maintenance] Repository Config Update pt 3 ( #4363 )
...
* updating integrations and manual backport tokens
* updated no reply address
* changed integrations to security docs token
* changed integrations to security docs token
2025-01-09 17:20:57 -05:00
4e588e8d90
updated package token ( #4361 )
2025-01-09 16:59:02 -05:00
ad180777cf
[Maintenance] Repository Config Update ( #4359 )
...
* updating tokens
* bumped patch
* updated navigator gist ID
* updated naming
* Update .github/workflows/manual-backport.yml
* updated navigator url
* updated noreply email
* updated naming
* Update .github/workflows/manual-backport.yml
Co-authored-by: Eric Forte <119343520+eric-forte-elastic@users.noreply.github.com >
* updating README
* updated gist token
* replaced guidelines token with GITHUB_TOKEN
---------
Co-authored-by: Eric Forte <119343520+eric-forte-elastic@users.noreply.github.com >
2025-01-09 16:35:18 -05:00
1a189a5749
[Python] Ignore Hunting Doc Changes for Version Code Checks ( #4331 )
...
* Ignore hunting docs for version code checks
* added index.md to be ignored
---------
Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com >
2025-01-07 12:54:27 +01:00
2c848c5111
Prep for Release 8.18 ( #4288 )
2024-12-09 18:25:13 +05:30
d2502c7394
Prep for Release 8.17 ( #4256 )
2024-11-07 23:53:04 +05:30
2ca746c4b4
[FR] Reset package version and push tag via ci ( #4260 )
2024-11-07 12:11:00 -06:00
48a051e3f1
[FR] Fetch history for versioning workflow ( #4259 )
2024-11-07 11:57:33 -06:00
c615df680f
[FR] Update the release versioning process and workflow ( #4257 )
2024-11-07 11:31:54 -06:00
d9154c698a
[Testing] Update release-drafter.yml ( #4255 )
2024-11-06 16:21:05 -06:00
b2b92b0edc
[Testing] Update release-drafter.yml ( #4254 )
2024-11-06 16:00:18 -06:00
c1ac8f0fae
[FR] DRAFT Release Workflow on PR Merge ( #4253 )
2024-11-06 15:36:09 -06:00
63732436b4
[FR] Update release-drafter.yml ( #4252 )
2024-11-06 09:02:55 -06:00
77f42f1168
[FR] Add Versioning Processes to DR ( #4223 )
2024-11-06 08:14:50 -06:00
50e23ba242
[Hunting] Re-factor Hunting Library Code ( #4085 )
...
* updating python code for hunting library
* fixed okta queries; added MITRE search capability
* fixed hunting unit test imports
* fixed duplicate UUID; fixed duplicate index entry bug
* fixed technique finding sub-technique in search
* added more unit tests
* linted
* flake errors addressed; fixed unit test import; fixed markdown generate bug
* added description for generate-markdown command
* updated README
* adjusted YAML index, adjusted code for index changes
* adjusted relative imports; updated CODEOWNERS
* adding updates; moving to different branch for main dependencies
* finished run-query command; made some code adjustments
* removed some comments
* revised makefile; fixed unit tests; adjusted detection rules pyproject
* updated README
* updated README
* adjusted unit tests; adjusted hunt guidelines; updated makefile; adjusted several commands
* adjusted package to be more object-oriented
* removed unused variable
* Add simple breakdown stats
* addressed feedback; added keyword option for search
* Update hunting/README.md
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com >
* Update detection_rules/etc/test_hunting_cli.bash
Co-authored-by: Eric Forte <119343520+eric-forte-elastic@users.noreply.github.com >
* addressing feedback
* addressed feedback
* added message for unknown index; fixed function call
* fixed search command
* fixed flake error
---------
Co-authored-by: Mika Ayenson <Mika.ayenson@elastic.co >
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com >
Co-authored-by: Eric Forte <119343520+eric-forte-elastic@users.noreply.github.com >
2024-10-03 12:47:40 -04:00
e2f1fcefa8
Add flag to update the docs/ATT&CK-coverage.md with markdown URL(s) ( #4077 )
2024-09-19 23:12:01 +05:30
f3b0dc1954
Prep for next release 8.16 ( #3919 )
2024-07-24 11:19:56 -04:00
baee89de9b
Revert "Prep for next release 8.16 ( #3914 )"
...
This reverts commit 4245a815d2
2024-07-23 14:06:04 -04:00
4245a815d2
Prep for next release 8.16 ( #3914 )
...
* Prep for Release 8.16
* Add subscription
* Remove double subscription
* Formatting
* Formatting
* Revert Beaconing rules minstack and lock version
2024-07-23 13:04:03 -04:00
03c99d22d3
Revert "Prep for Release 8.16 ( #3913 )"
...
This reverts commit 01135085f6
2024-07-23 09:50:04 -05:00
01135085f6
Prep for Release 8.16 ( #3913 )
2024-07-23 09:42:26 -05:00
eca7185901
Remove Rule:Promotion labels and add other relavent labels ( #3902 )
2024-07-17 17:41:05 +05:30
c62321f810
[FR] Detection Rule PR Guidelines and Issue Forms ( #3850 )
2024-07-10 17:18:45 -05:00
50f0fb3518
Test case to check updated_date ( #3818 )
2024-07-03 19:17:27 +05:30
30ffe00012
Create an Issue in Kibana for MITRE Updates ( #3796 )
2024-07-02 18:57:41 +05:30
74dd230e2d
Trim codeowners ( #3829 )
2024-06-27 13:36:58 -05:00
f9b3534cdd
Test deprecated rule modification ( #3727 )
2024-06-07 19:24:36 +05:30
f09a640ddf
updating upload-artifact to version 4 ( #3733 )
...
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com >
2024-06-03 12:04:01 -04:00
9d019dcf26
Fix nodeenv version dependancy ( #3715 )
2024-05-29 18:52:34 +05:30
63e91c2f12
Back-porting Version Trimming ( #3704 )
2024-05-23 00:45:10 +05:30
2c3dbfc039
Revert "Back-porting Version Trimming ( #3681 )"
...
This reverts commit 71d2c59b5c
2024-05-22 13:51:46 -05:00
Eric Forte