3fc34b86f2
Update License to Elastic v2 ( #944 )
2021-03-03 22:12:11 -09:00
97ee8cc9ac
Refresh beats and ecs schemas and default to use latest to validate ( #570 )
...
* Refresh beats and ecs schemas and default to use latest to validate
* remove incorrect ecs_version from zoom rule
* remove stale ecs_version from rules
2020-12-01 13:24:20 -09:00
2065af89b1
[Rule Tuning] Tag Categorization Updates ( #380 )
...
* Add new categorization tags
* Change updated_date to 2020/10/26
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com >, @bm11100
2020-10-26 13:50:45 -05:00
a7dee682cc
Add Tags to Unusual Sudo Activity Rule ( #340 )
...
* Update ml_linux_anomalous_sudo_activity.toml
added T1548
* Update ml_linux_anomalous_sudo_activity.toml
* Update ml_linux_anomalous_sudo_activity.toml
2020-09-28 16:07:41 -04:00
4473f6d8f3
[New Rule] Unusual Sudo Activity ( #263 )
...
* Create ml_linux_anomalous_sudo_activity.toml
rule to accompany the unusual sudo activity job
* Update ml_linux_anomalous_sudo_activity.toml
added fp field
* Update ml_linux_anomalous_sudo_activity.toml
* Update ml_linux_anomalous_sudo_activity.toml
linting
* Update ml_linux_anomalous_sudo_activity.toml
* Update ml_linux_anomalous_sudo_activity.toml
* Update rules/ml/ml_linux_anomalous_sudo_activity.toml
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
* Update ml_linux_anomalous_sudo_activity.toml
* Update ml_linux_anomalous_sudo_activity.toml
Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com >
2020-09-24 14:55:33 -04:00
Justin Ibarra