 Mika Ayenson, PhD
|
bbe83452b4
|
Revert "[Rule Tuning] Adding D4C Compatibility to Compatible K8s-related Rules (#5578)" (#5620)
This reverts commit c608b673bf.
|
2026-01-26 08:31:53 -06:00 |
|
|
Ruben Groenewoud
|
c608b673bf
|
[Rule Tuning] Adding D4C Compatibility to Compatible K8s-related Rules (#5578)
* [Rule Tuning] Adding D4C Compatibility to Compatible K8s-related Rules
* Update manifests & schemas
* [New/Updated] Migrated `process.command_line` --> `process.args` for Compatibility
* Pyproject.toml Patch
* ++
|
2026-01-26 13:28:08 +01:00 |
|
|
Ruben Groenewoud
|
e1698890a4
|
[Rule Tuning] Linux DR Tuning - 7 (#5504)
* [Rule Tuning] Linux DR Tuning - 7
* Update execution_egress_connection_from_entrypoint_in_container.toml
* Update execution_kubernetes_direct_api_request_via_curl_or_wget.toml
* Update rules/linux/execution_perl_tty_shell.toml
* Update execution_perl_tty_shell.toml
* Update rules/linux/execution_unix_socket_communication.toml
* Update execution_file_made_executable_via_chmod_inside_container.toml
* Remove duplicate Crowdstrike data source entry
---------
Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
|
2026-01-08 11:10:46 +01:00 |
|
|
shashank-elastic
|
7175b3ab06
|
Add investigation guides for detection rules (#4886)
|
2025-07-08 00:25:42 +05:30 |
|
|
Ruben Groenewoud
|
715e3f44f4
|
[New Rule] Kubectl Apply Pod from URL (#4855)
* [New Rule] Kubectl Apply Pod from URL
* Update execution_kubectl_apply_pod_from_url.toml
|
2025-07-03 10:47:07 +02:00 |
|