 Mika Ayenson, PhD
|
bbe83452b4
|
Revert "[Rule Tuning] Adding D4C Compatibility to Compatible K8s-related Rules (#5578)" (#5620)
This reverts commit c608b673bf.
|
2026-01-26 08:31:53 -06:00 |
|
|
Ruben Groenewoud
|
c608b673bf
|
[Rule Tuning] Adding D4C Compatibility to Compatible K8s-related Rules (#5578)
* [Rule Tuning] Adding D4C Compatibility to Compatible K8s-related Rules
* Update manifests & schemas
* [New/Updated] Migrated `process.command_line` --> `process.args` for Compatibility
* Pyproject.toml Patch
* ++
|
2026-01-26 13:28:08 +01:00 |
|
|
Ruben Groenewoud
|
473df70fbb
|
[Rule Tuning] Linux DR Tuning - 5 (#5494)
* [Rule Tuning] Linux DR Tuning - 5
* Fix query syntax for shared object detection rule
* Update defense_evasion_kernel_module_removal.toml
* Fix condition for process working directory check
* Refactor query in defense_evasion_symlink_binary rule
---------
Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
|
2026-01-07 15:55:06 +01:00 |
|
|
shashank-elastic
|
7175b3ab06
|
Add investigation guides for detection rules (#4886)
|
2025-07-08 00:25:42 +05:30 |
|
|
Ruben Groenewoud
|
0847c32333
|
[New Rule] Potential Kubectl Masquerading (#4832)
* [New Rule] Potential Kubectl Masquerading
* Update defense_evasion_potential_kubectl_masquerading.toml
* ++
* ++
* Update defense_evasion_potential_kubectl_masquerading.toml
* Update rules/linux/defense_evasion_potential_kubectl_masquerading.toml
|
2025-06-30 13:47:58 +02:00 |
|