 shashank-elastic
|
18fcd83683
|
Back-porting Version Trimming (#3704)
(cherry picked from commit 63e91c2f12)
|
2024-05-22 19:18:10 +00:00 |
|
|
Mika Ayenson
|
ca8af123d2
|
[FR] Add max_signal note, unit test, and rule tuning (#3669)
(cherry picked from commit f07a9e6fbc)
|
2024-05-14 16:23:18 +00:00 |
|
|
Jonhnathan
|
b4c84e8a40
|
[Security Content] Tags Reform (#2725)
* Update Tags
* Bump updated date separately to be easy to revert if needed
* Update resource_development_ml_linux_anomalous_compiler_activity.toml
* Apply changes from the discussion
* Update persistence_init_d_file_creation.toml
* Update defense_evasion_timestomp_sysmon.toml
* Update defense_evasion_application_removed_from_blocklist_in_google_workspace.toml
* Update missing Tactic tags
* Update unit tests to match new tags
* Add missing IG tags
* Delete okta_threat_detected_by_okta_threatinsight.toml
* Update command_and_control_google_drive_malicious_file_download.toml
* Update persistence_rc_script_creation.toml
* Mass bump
* Update persistence_shell_activity_by_web_server.toml
* .
---------
Co-authored-by: Mika Ayenson <Mika.ayenson@elastic.co>
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>
|
2023-06-22 18:38:56 -03:00 |
|
|
Karl Godard
|
7435ac39d2
|
[Rule Tuning] added rule name override for cloud_defend integration rule (#2767)
|
2023-05-02 00:05:24 -04:00 |
|
|
Karl Godard
|
d0ea8c6f98
|
[New Rule] new CWP rule to surface alerts from the cloud_defend integration (#2679)
* new CWP rule to surface alerts from the cloud_defend integration
* created new rule uuid
* updated version info. removed risk level overrides and endpoint exception list
* added event.module
* removed rule name override
* updated_date and min_stack_comments updated
* updated external alerts updated_date. added kubernetes to cwp rule tags
---------
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
|
2023-04-05 21:31:03 -03:00 |
|