8993d1450b
[Rule Tuning] Add Supplemental Mitre Mappings ( #5876 )
...
---------
Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com >
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com >
Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co >
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com >
Co-authored-by: eric-forte-elastic <eric.forte@elastic.co >
2026-04-01 09:12:42 -05:00
e1698890a4
[Rule Tuning] Linux DR Tuning - 7 ( #5504 )
...
* [Rule Tuning] Linux DR Tuning - 7
* Update execution_egress_connection_from_entrypoint_in_container.toml
* Update execution_kubernetes_direct_api_request_via_curl_or_wget.toml
* Update rules/linux/execution_perl_tty_shell.toml
* Update execution_perl_tty_shell.toml
* Update rules/linux/execution_unix_socket_communication.toml
* Update execution_file_made_executable_via_chmod_inside_container.toml
* Remove duplicate Crowdstrike data source entry
---------
Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com >
2026-01-08 11:10:46 +01:00
be3af09d9d
[Rule Tuning] Misc. Linux Community Tunings ( #5160 )
...
* [Rule Tuning] Misc. Linux Community Tunings
* ++
* Fix query syntax in execution_unusual_path_invocation rule
* Refactor process.parent conditions for clarity
2025-10-06 12:05:59 +02:00
1c98a0d64c
[Rule Tuning] Linux DR Tuning - Part 3 ( #4420 )
...
* Initial set
* [Rule Tuning] Linux DR - Part 3
* ++
* Update execution_unusual_path_invocation_from_command_line.toml
* Update execution_unusual_path_invocation_from_command_line.toml
2025-02-03 13:17:00 +01:00
fe8c81d762
[FR] Generate investigation guides ( #4358 )
2025-01-22 11:17:38 -06:00
75c7c09595
[New Rule] Suspicious Path Invocation from Command Line ( #4338 )
2025-01-16 10:20:37 +01:00
Mika Ayenson, PhD