This website requires JavaScript.
ec609d826a
[New RTA] Input Capture via Keylog (#3033 )
2024-05-24 11:37:42 +01:00
0295db4b6b
[New Rule & Tunings] Linux Springtail Backdoor (#3692 )
2024-05-24 10:10:11 +02:00
390629da4e
[New Rule & Tunings] Linux Springtail Backdoor (#3692 )
2024-05-24 10:10:11 +02:00
39782b4295
[FR] Update utility path computation to use pathlib (#3699 )
2024-05-23 17:36:51 -04:00
f43fbfba0d
[FR] Update utility path computation to use pathlib (#3699 )
2024-05-23 17:36:51 -04:00
f27479ee12
Package Manifest changes to add capabilities (#3706 )
2024-05-24 02:16:35 +05:30
f73022b900
Package Manifest changes to add capabilities (#3706 )
2024-05-24 02:16:35 +05:30
8975b5de18
Update impact_high_freq_file_renames_by_kernel.toml (#3707 )
2024-05-23 17:59:58 +01:00
603f3c313a
Update impact_high_freq_file_renames_by_kernel.toml (#3707 )
2024-05-23 17:59:58 +01:00
18fcd83683
Back-porting Version Trimming (#3704 )
2024-05-23 00:45:10 +05:30
63e91c2f12
Back-porting Version Trimming (#3704 )
2024-05-23 00:45:10 +05:30
2c3dbfc039
Revert "Back-porting Version Trimming (#3681 )"
2024-05-22 13:51:46 -05:00
71d2c59b5c
Back-porting Version Trimming (#3681 )
2024-05-23 00:11:50 +05:30
58ba0713fe
[New Rule] AWS S3 Bucket Expiration Lifecycle Configuration Added (#3700 )
2024-05-21 16:33:17 -05:00
371e24b2ed
Revert "[FR] Update Utility Path Computation to use Pathlib (#3659 )"
2024-05-21 16:14:45 -05:00
ed0038ee1d
Revert "[New Rule] AWS S3 Bucket Expiration Lifecycle Configuration Added (#3591 )"
2024-05-21 15:53:02 -05:00
23567c1d0c
[FR] Update Utility Path Computation to use Pathlib (#3659 )
2024-05-21 14:19:20 -04:00
bc95221e93
[New Rule] AWS S3 Bucket Expiration Lifecycle Configuration Added (#3591 )
2024-05-20 16:15:46 -04:00
137b74c3aa
[New Rule] AWS S3 Bucket Expiration Lifecycle Configuration Added (#3591 )
2024-05-20 16:15:46 -04:00
e7959e88b9
[Bug] Fix test_os_and_platform_in_query test and rules (#3695 )
2024-05-20 08:43:30 -07:00
ce21acef9c
[Bug] Fix test_os_and_platform_in_query test and rules (#3695 )
2024-05-20 08:43:30 -07:00
0ab70f13a4
[Rule Tuning] Add Initial SentinelOne Compatibility to Windows DRs (#3627 )
2024-05-20 09:50:57 -03:00
d023ad66b1
[Rule Tuning] Add Initial SentinelOne Compatibility to Windows DRs (#3627 )
2024-05-20 09:50:57 -03:00
98e0777b34
Update credential_access_suspicious_web_browser_sensitive_file_access.toml (#3691 )
2024-05-18 05:30:16 +01:00
ec27bf8545
Update credential_access_suspicious_web_browser_sensitive_file_access.toml (#3691 )
2024-05-18 05:30:16 +01:00
6e25eabf71
[FR] Add --force flag to update-lock-versions (#3693 )
2024-05-17 20:25:08 -04:00
707ca32ab1
[FR] Add --force flag to update-lock-versions (#3693 )
2024-05-17 20:25:08 -04:00
0e8cce28e9
[Bug] Support spaces with capital letters (#3689 )
2024-05-17 09:04:43 -05:00
43b3a4b080
[Bug] Support spaces with capital letters (#3689 )
2024-05-17 09:04:43 -05:00
06ef471c39
[FR] Normalize yml ext to yaml (#3675 )
2024-05-15 15:18:39 -05:00
2d96f10725
[FR] Normalize yml ext to yaml (#3675 )
2024-05-15 15:18:39 -05:00
79f575b33c
[FR] Normalize yml ext to yaml (#3675 )
2024-05-15 15:18:39 -05:00
1d7e597662
[Tuning] Suspicious Microsoft 365 Mail Access by ClientAppId (#3677 )
2024-05-15 18:11:49 +01:00
f0b226c2b0
[Tuning] Suspicious Microsoft 365 Mail Access by ClientAppId (#3677 )
2024-05-15 18:11:49 +01:00
ad7a8afb32
[Rule Tuning] Windows Service Installed via an Unusual Client (#3671 )
2024-05-15 10:31:44 -03:00
0eef7f62ff
[Rule Tuning] Windows Service Installed via an Unusual Client (#3671 )
2024-05-15 10:31:44 -03:00
ed48d9fd57
Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11,8.12,8.13,8.14 (#3676 )
2024-05-15 17:04:22 +05:30
f3585da503
Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11,8.12,8.13,8.14 (#3676 )
2024-05-15 17:04:22 +05:30
891da3623d
Prepare For Next Elastic Stack 8.15 (#3670 )
2024-05-15 00:31:02 +05:30
50a8b52cd5
Prepare For Next Elastic Stack 8.15 (#3670 )
2024-05-15 00:31:02 +05:30
ca8af123d2
[FR] Add max_signal note, unit test, and rule tuning (#3669 )
2024-05-14 11:15:12 -05:00
f07a9e6fbc
[FR] Add max_signal note, unit test, and rule tuning (#3669 )
2024-05-14 11:15:12 -05:00
a4b38209b4
[New Rule] Building Block Rule - AWS IAM Login Profile Added to User (#3633 )
2024-05-14 11:10:43 -04:00
608b801088
[New Rule] Building Block Rule - AWS IAM Login Profile Added to User (#3633 )
2024-05-14 11:10:43 -04:00
9dceb36a7e
[New Rule] Route53 Resolver Query Log Configuration Deleted (#3592 )
2024-05-14 10:24:20 -04:00
2375297879
[New Rule] Route53 Resolver Query Log Configuration Deleted (#3592 )
2024-05-14 10:24:20 -04:00
cbac37db59
[New] Unusual Execution via Microsoft Common Console File (#3663 )
2024-05-14 15:07:26 +01:00
a1ef8c9fc0
[New] Unusual Execution via Microsoft Common Console File (#3663 )
2024-05-14 15:07:26 +01:00
95fd920afe
[New] Potential File Download via a Headless Browser (#3660 )
2024-05-14 13:55:14 +01:00
83462a3087
[New] Potential File Download via a Headless Browser (#3660 )
2024-05-14 13:55:14 +01:00
f918f091c3
[New Rule] AWS EC2 AMI Shared with Another Account (#3600 )
2024-05-14 00:56:26 -05:00
d505b95f3c
[New Rule] AWS EC2 AMI Shared with Another Account (#3600 )
2024-05-14 00:56:26 -05:00
727e7ada2e
[New Rule] First Occurrence of User Identity Retrieving Credentials from EC2 Instance with an Assumed Role (#3586 )
2024-05-13 22:07:39 -05:00
38e0f13e23
[New Rule] First Occurrence of User Identity Retrieving Credentials from EC2 Instance with an Assumed Role (#3586 )
2024-05-13 22:07:39 -05:00
33e44b29fc
[FR] Bundle KQL & Kibana libs into base dependencies (#3662 )
2024-05-13 14:29:03 -05:00
78837549e8
[FR] Bundle KQL & Kibana libs into base dependencies (#3662 )
2024-05-13 14:29:03 -05:00
e45c7db95e
[Bug] Update Rule Formatter (#3668 )
2024-05-13 15:00:01 -04:00
094ef22604
[Bug] Update Rule Formatter (#3668 )
2024-05-13 15:00:01 -04:00
2f88a93d62
[New Rule] Alternate Data Stream Creation at Volume Root Directory (#3517 )
2024-05-13 08:35:12 -03:00
6150f222b2
[New Rule] Alternate Data Stream Creation at Volume Root Directory (#3517 )
2024-05-13 08:35:12 -03:00
c915b9959d
[Tuning] MacOS Comprehensive Detection Rule Tuning (#3435 )
2024-05-11 12:52:18 -05:00
1fb58e1b61
[Tuning] MacOS Comprehensive Detection Rule Tuning (#3435 )
2024-05-11 12:52:18 -05:00
11dca27974
[New Rule] Potential Widespread Malware Infection (#3656 )
2024-05-10 13:51:04 -03:00
6cc39a538f
[New Rule] Potential PowerShell HackTool Script by Author (#2472 )
2024-05-09 13:00:41 -03:00
69595a5f69
updated query logic
2024-05-09 18:31:50 -07:00
2e270cf78c
[New Rule] Potential PowerShell HackTool Script by Author (#2472 )
2024-05-09 13:00:41 -03:00
f85d7482fd
[New Rule] Potential PowerShell HackTool Script by Author (#2472 )
2024-05-09 13:00:41 -03:00
ae6bb88edb
[Tuning] Component Object Model Hijacking (#3655 )
2024-05-08 17:44:35 +01:00
7a61070e08
[Tuning] Component Object Model Hijacking (#3655 )
2024-05-08 17:44:35 +01:00
3262eaaca3
[FR] Update readme with wsl instructions for py312 (#3649 )
2024-05-07 13:50:40 -04:00
65441b8e67
[FR] Update readme with wsl instructions for py312 (#3649 )
2024-05-07 13:50:40 -04:00
4bbb8c2642
[New] Ransomware over SMB (#3638 )
2024-05-07 06:38:14 +01:00
4a2e2764cd
[New] Ransomware over SMB (#3638 )
2024-05-07 06:38:14 +01:00
947e8fd965
Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11,8.12,8.13 (#3650 )
2024-05-06 12:44:32 -04:00
21ae489cae
Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11,8.12,8.13 (#3650 )
2024-05-06 12:44:32 -04:00
84437bac03
Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11,8.12,8.13 (#3650 )
2024-05-06 12:44:32 -04:00
4396a91b40
[New Rule] Unusual High Confidence Misconduct Blocks Detected (#3647 )
2024-05-06 07:32:02 -05:00
2bd230ff60
[Bug] Query validation failing to capture InSet edge case with ip field types (#3572 )
2024-05-06 07:58:42 -04:00
ecd833923f
[Bug] Query validation failing to capture InSet edge case with ip field types (#3572 )
2024-05-06 07:58:42 -04:00
a4a0bc6a7e
[Bug] Query validation failing to capture InSet edge case with ip field types (#3572 )
2024-05-06 07:58:42 -04:00
51268581a8
[Rule Tuning] AWS Bedrock Detected Multiple Attempts to use Denied Models by a Single User (#3646 )
2024-05-04 08:20:20 -05:00
613457b97f
[New Rules] AWS Bedrock Guardrails Violations (#3641 )
2024-05-03 20:55:27 -06:00
b75a9f902b
[New Rule] Potential Abuse of Resources by High Token Count and Large Response Sizes (#3644 )
2024-05-03 18:01:53 -05:00
68e32f087e
[New Rule] Potential Abuse of Resources by High Token Count and Large Response Sizes (#3644 )
2024-05-03 18:01:53 -05:00
2ffb0e7fe2
[New Rule] Potential Abuse of Resources by High Token Count and Large Response Sizes (#3644 )
2024-05-03 18:01:53 -05:00
40015070b4
[FR] Add ability to generate hunt index (#3643 )
2024-05-03 13:43:22 -05:00
3e53610d79
[FR] Add ability to generate hunt index (#3643 )
2024-05-03 13:43:22 -05:00
c8c8c96956
[FR] Add ability to generate hunt index (#3643 )
2024-05-03 13:43:22 -05:00
90ad70e63b
[FR] Add Hunt Structure and Initial LLM Queries 🚀 (#3637 )
2024-05-03 09:33:06 -05:00
657ce6105d
[FR] Add Hunt Structure and Initial LLM Queries 🚀 (#3637 )
2024-05-03 09:33:06 -05:00
00b8a77f50
[FR] Add Hunt Structure and Initial LLM Queries 🚀 (#3637 )
2024-05-03 09:33:06 -05:00
c97395d606
[Bug] Fix missing indexes on navigator build (#3636 )
2024-05-01 15:50:54 -06:00
4712dae46d
[Bug] Fix missing indexes on navigator build (#3636 )
2024-05-01 15:50:54 -06:00
2668f5f762
[Bug] Fix missing indexes on navigator build (#3636 )
2024-05-01 15:50:54 -06:00
b83887e73d
[New Rule] AWS S3 Bucket Enumeration or Brute Force (#3635 )
2024-05-01 15:00:33 -06:00
4ef606b3c6
[New Rule] AWS S3 Bucket Enumeration or Brute Force (#3635 )
2024-05-01 15:00:33 -06:00
54ff270c62
[New Rule] AWS S3 Bucket Enumeration or Brute Force (#3635 )
2024-05-01 15:00:33 -06:00
809279b62b
Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11,8.12,8.13 (#3630 )
2024-04-30 18:06:01 +05:30
6938b486c3
Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11,8.12,8.13 (#3630 )
2024-04-30 18:06:01 +05:30
ca78f550fd
Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11,8.12,8.13 (#3630 )
2024-04-30 18:06:01 +05:30
Samirbous