 Mika Ayenson, PhD
|
8993d1450b
|
[Rule Tuning] Add Supplemental Mitre Mappings (#5876)
---------
Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co>
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
Co-authored-by: eric-forte-elastic <eric.forte@elastic.co>
|
2026-04-01 09:12:42 -05:00 |
|
|
Ruben Groenewoud
|
aaf99b1873
|
[Rule Tuning] agent.id --> host.id new_terms Key Modification (#5802)
* [Rule Tuning] `agent.id` --> `host.id` Migration
* Updated_date bump
|
2026-03-02 13:24:25 +01:00 |
|
|
Ruben Groenewoud
|
473df70fbb
|
[Rule Tuning] Linux DR Tuning - 5 (#5494)
* [Rule Tuning] Linux DR Tuning - 5
* Fix query syntax for shared object detection rule
* Update defense_evasion_kernel_module_removal.toml
* Fix condition for process working directory check
* Refactor query in defense_evasion_symlink_binary rule
---------
Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
|
2026-01-07 15:55:06 +01:00 |
|
|
shashank-elastic
|
7175b3ab06
|
Add investigation guides for detection rules (#4886)
|
2025-07-08 00:25:42 +05:30 |
|
|
Ruben Groenewoud
|
fdc6b09d54
|
[New Rule] System Binary Symlink to Suspicious Location (#4682)
|
2025-05-06 17:46:47 +05:30 |
|