Commit Graph

Select branches

Hide Pull Requests

main

7.11

ML-Beaconing-20211130-1

ML-Beaconing-20211216-1

ML-DGA-20201111-1

ML-DGA-20201111-2

ML-DGA-20201111-3

ML-DGA-20201118-1

ML-DGA-20201216-1

ML-DGA-20210421-2

ML-DGA-20210421-3

ML-DGA-20210601-3

ML-DGA-20210602-3

ML-DGA-20210604-4

ML-DGA-20210629-5

ML-DGA-20210706-5

ML-HostRiskScore-20210728-1

ML-HostRiskScore-20210803-1

ML-HostRiskScore-20210826-2

ML-HostRiskScore-20211007-3

ML-HostRiskScore-20220210-4

ML-HostRiskScore-20220215-4

ML-HostRiskScore-20220228-5

ML-HostRiskScore-20220404-5

ML-ProblemChild-20210519-1

ML-ProblemChild-20210520-1

ML-ProblemChild-20210526-1

ML-ProblemChild-20210602-1

ML-URLSpoof-20210804-1

ML-URLSpoof-20210805-1

ML-UserRiskScore-20220628-1

ML-UserRiskScore-20220812-2

ML-experimental-detections-20200506-3

ML-experimental-detections-20201028-1

ML-experimental-detections-20201029-1

ML-experimental-detections-20201118-1

ML-experimental-detections-20201209-1

ML-experimental-detections-20201221-2

ML-experimental-detections-20210527-4

ML-experimental-detections-20210602-4

ML-experimental-detections-20210603-5

ML-experimental-detections-20210804-6

ML-experimental-detections-20210805-6

ML-experimental-detections-20211130-7

apr_2025_updates

aug_2025_updates

august_updates

dev-v0.1.0

dev-v0.1.2

dev-v0.1.3

dev-v0.1.4

dev-v0.1.5

dev-v0.1.6

dev-v0.1.7

dev-v0.2.0

dev-v0.2.1

dev-v0.3.0

dev-v0.3.1

dev-v0.3.10

dev-v0.3.11

dev-v0.3.12

dev-v0.3.13

dev-v0.3.14

dev-v0.3.15

dev-v0.3.16

dev-v0.3.17

dev-v0.3.18

dev-v0.3.19

dev-v0.3.2

dev-v0.3.3

dev-v0.3.4

dev-v0.3.5

dev-v0.3.6

dev-v0.3.7

dev-v0.3.8

dev-v0.3.9

dev-v0.4.0

dev-v0.4.1

dev-v0.4.10

dev-v0.4.11

dev-v0.4.12

dev-v0.4.13

dev-v0.4.14

dev-v0.4.15

dev-v0.4.16

dev-v0.4.17

dev-v0.4.18

dev-v0.4.19

dev-v0.4.2

dev-v0.4.20

dev-v0.4.21

dev-v0.4.22

dev-v0.4.23

dev-v0.4.24

dev-v0.4.25

dev-v0.4.26

dev-v0.4.3

dev-v0.4.4

dev-v0.4.5

dev-v0.4.6

dev-v0.4.7

dev-v0.4.8

dev-v0.4.9

dev-v1.0.0

dev-v1.0.1

dev-v1.0.10

dev-v1.0.13

dev-v1.0.14

dev-v1.0.15

dev-v1.0.16

dev-v1.0.17

dev-v1.0.18

dev-v1.0.2

dev-v1.0.3

dev-v1.0.4

dev-v1.0.5

dev-v1.0.6

dev-v1.0.7

dev-v1.0.8

dev-v1.0.9

dev-v1.1.0

dev-v1.1.1

dev-v1.1.2

dev-v1.1.3

dev-v1.1.4

dev-v1.1.5

dev-v1.1.6

dev-v1.1.7

dev-v1.2.0

dev-v1.2.1

dev-v1.2.10

dev-v1.2.11

dev-v1.2.12

dev-v1.2.13

dev-v1.2.14

dev-v1.2.15

dev-v1.2.16

dev-v1.2.17

dev-v1.2.18

dev-v1.2.19

dev-v1.2.2

dev-v1.2.20

dev-v1.2.21

dev-v1.2.22

dev-v1.2.23

dev-v1.2.24

dev-v1.2.25

dev-v1.2.26

dev-v1.2.3

dev-v1.2.4

dev-v1.2.5

dev-v1.2.7

dev-v1.2.8

dev-v1.2.9

dev-v1.3.0

dev-v1.3.1

dev-v1.3.10

dev-v1.3.11

dev-v1.3.12

dev-v1.3.13

dev-v1.3.14

dev-v1.3.15

dev-v1.3.16

dev-v1.3.17

dev-v1.3.18

dev-v1.3.19

dev-v1.3.2

dev-v1.3.20

dev-v1.3.21

dev-v1.3.22

dev-v1.3.23

dev-v1.3.24

dev-v1.3.25

dev-v1.3.26

dev-v1.3.27

dev-v1.3.28

dev-v1.3.29

dev-v1.3.3

dev-v1.3.30

dev-v1.3.31

dev-v1.3.32

dev-v1.3.33

dev-v1.3.4

dev-v1.3.5

dev-v1.3.6

dev-v1.3.7

dev-v1.3.9

dev-v1.4.0

dev-v1.4.1

dev-v1.4.10

dev-v1.4.11

dev-v1.4.12

dev-v1.4.2

dev-v1.4.3

dev-v1.4.4

dev-v1.4.5

dev-v1.4.6

dev-v1.4.7

dev-v1.4.8

dev-v1.4.9

dev-v1.5.0

dev-v1.5.1

dev-v1.5.10

dev-v1.5.11

dev-v1.5.12

dev-v1.5.13

dev-v1.5.14

dev-v1.5.15

dev-v1.5.16

dev-v1.5.17

dev-v1.5.18

dev-v1.5.19

dev-v1.5.2

dev-v1.5.20

dev-v1.5.21

dev-v1.5.22

dev-v1.5.23

dev-v1.5.24

dev-v1.5.25

dev-v1.5.26

dev-v1.5.27

dev-v1.5.28

dev-v1.5.29

dev-v1.5.3

dev-v1.5.31

dev-v1.5.32

dev-v1.5.33

dev-v1.5.34

dev-v1.5.35

dev-v1.5.36

dev-v1.5.37

dev-v1.5.38

dev-v1.5.39

dev-v1.5.4

dev-v1.5.40

dev-v1.5.41

dev-v1.5.42

dev-v1.5.43

dev-v1.5.44

dev-v1.5.45

dev-v1.5.46

dev-v1.5.47

dev-v1.5.48

dev-v1.5.49

dev-v1.5.5

dev-v1.5.50

dev-v1.5.51

dev-v1.5.52

dev-v1.5.53

dev-v1.5.54

dev-v1.5.56

dev-v1.5.6

dev-v1.5.7

dev-v1.5.8

dev-v1.5.9

dev-v1.6.0

dev-v1.6.1

dev-v1.6.10

dev-v1.6.11

dev-v1.6.12

dev-v1.6.13

dev-v1.6.14

dev-v1.6.15

dev-v1.6.16

dev-v1.6.17

dev-v1.6.18

dev-v1.6.19

dev-v1.6.2

dev-v1.6.20

dev-v1.6.21

dev-v1.6.22

dev-v1.6.23

dev-v1.6.24

dev-v1.6.25

dev-v1.6.26

dev-v1.6.28

dev-v1.6.29

dev-v1.6.3

dev-v1.6.30

dev-v1.6.31

dev-v1.6.32

dev-v1.6.4

dev-v1.6.5

dev-v1.6.6

dev-v1.6.7

dev-v1.6.8

dev-v1.6.9

dev7.10-ML-DGA-v0.1.0

dev7.10-ML-DGA-v0.1.0.zip

dev7.10-abc-v0.1.0

feb_2025_updates

integration-v0.13.1

integration-v0.13.2

integration-v0.13.3

integration-v0.14.1

integration-v0.14.2

integration-v0.14.3

integration-v0.16.1

integration-v0.16.2

integration-v1.0.1

integration-v1.0.2

integration-v7.16.3

integration-v7.16.4

integration-v7.16.5

integration-v8.1.1

integration-v8.10.1

integration-v8.10.10

integration-v8.10.11

integration-v8.10.12

integration-v8.10.13

integration-v8.10.14

integration-v8.10.15

integration-v8.10.16

integration-v8.10.17

integration-v8.10.18

integration-v8.10.2

integration-v8.10.3

integration-v8.10.4

integration-v8.10.5

integration-v8.10.6

integration-v8.10.7

integration-v8.10.8

integration-v8.10.9

integration-v8.11.1

integration-v8.11.10

integration-v8.11.11

integration-v8.11.12

integration-v8.11.13

integration-v8.11.14

integration-v8.11.15

integration-v8.11.16

integration-v8.11.17

integration-v8.11.18

integration-v8.11.19

integration-v8.11.2

integration-v8.11.20

integration-v8.11.21

Mono Color

• 5e1546c57c [Rule Tuning] Multiple Users with the Same Okta Device Token Hash (#3304) Terrance DeJesus 2023-12-06 10:35:46 -05:00
• 8e6a01e9ee [Rule Tuning] Windows DR Tuning - 5 (#3229) Jonhnathan 2023-12-05 19:20:40 -03:00
• 4c5511254f [Rule Tuning] Windows DR Tuning - 5 (#3229) Jonhnathan 2023-12-05 19:20:40 -03:00
• e5d676797e [Rule Tuning] Windows DR Tuning - 5 (#3229) Jonhnathan 2023-12-05 19:20:40 -03:00
• f931ba4ef6 [New] Interactive Logon by an Unusual Process (#3299) Samirbous 2023-12-05 17:34:10 +00:00
• d9860ca855 [New] Interactive Logon by an Unusual Process (#3299) Samirbous 2023-12-05 17:34:10 +00:00
• e6df245ff3 [New] Interactive Logon by an Unusual Process (#3299) Samirbous 2023-12-05 17:34:10 +00:00
• 7df6661596 Adjust ESQLRuleData to Inherit QueryRuleData Dataclass (#3297) Terrance DeJesus 2023-11-30 09:06:34 -05:00
• 2168afc8f8 Adjust ESQLRuleData to Inherit QueryRuleData Dataclass (#3297) Terrance DeJesus 2023-11-30 09:06:34 -05:00
• 5358361754 Adjust ESQLRuleData to Inherit QueryRuleData Dataclass (#3297) Terrance DeJesus 2023-11-30 09:06:34 -05:00
• 5bceaa3e01 Update QueryRuleData (#3294) Mika Ayenson 2023-11-29 09:43:04 -06:00
• 7c22714ce0 Update QueryRuleData (#3294) Mika Ayenson 2023-11-29 09:43:04 -06:00
• f7b9a1f8df Update QueryRuleData (#3294) Mika Ayenson 2023-11-29 09:43:04 -06:00
• 802a869db0 Merge branch 'main' of github.com:elastic/detection-rules Mika Ayenson 2023-11-29 08:10:41 -06:00
• 53c4ff1fdc FR] Add Core Support for ES|QL Rule Type (#3292) Mika Ayenson 2023-11-28 13:03:09 -06:00
• 2c5e0fa2f7 FR] Add Core Support for ES|QL Rule Type (#3292) Mika Ayenson 2023-11-28 13:03:09 -06:00
• bc39c20eaf FR] Add Core Support for ES|QL Rule Type (#3292) Mika Ayenson 2023-11-28 13:03:09 -06:00
• 1d05f49436 Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11 (#3291) github-actions[bot] 2023-11-28 12:30:55 -05:00
• 9d34fc21ae Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11 (#3291) integration-v8.10.7 github-actions[bot] 2023-11-28 12:30:55 -05:00
• ba7b2722c2 Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11 (#3291) github-actions[bot] 2023-11-28 12:30:55 -05:00
• 7a383770bc [New Rule] Okta FastPass Phishing (#2782) Austin Songer 2023-11-28 08:26:16 -06:00
• 12d78bf05b [New Rule] Okta FastPass Phishing (#2782) Austin Songer 2023-11-28 08:26:16 -06:00
• 1f47e3c1a9 [New Rule] Okta FastPass Phishing (#2782) Austin Songer 2023-11-28 08:26:16 -06:00
• e1e8b12f26 [New Rule] Okta MFA Bombing Attempt (#3278) Terrance DeJesus 2023-11-28 09:16:20 -05:00
• cc3fb35b06 [New Rule] Okta MFA Bombing Attempt (#3278) Terrance DeJesus 2023-11-28 09:16:20 -05:00
• e6fef85899 [New Rule] Okta MFA Bombing Attempt (#3278) Terrance DeJesus 2023-11-28 09:16:20 -05:00
• 23ef78cb60 [New Rule] Adding Detection for Multiple Okta Users with the Same Device Token Hash (#3267) Terrance DeJesus 2023-11-27 19:23:38 -05:00
• 00bf0b2d6f [New Rule] Adding Detection for Multiple Okta Users with the Same Device Token Hash (#3267) Terrance DeJesus 2023-11-27 19:23:38 -05:00
• 69cb2f6fc6 [New Rule] Adding Detection for Multiple Okta Users with the Same Device Token Hash (#3267) Terrance DeJesus 2023-11-27 19:23:38 -05:00
• c8e4d378ff [New Rule] Threshold Detections for Okta User Sessions and Client Addresses (#3263) Terrance DeJesus 2023-11-27 19:03:06 -05:00
• f3d55185c2 [New Rule] Threshold Detections for Okta User Sessions and Client Addresses (#3263) Terrance DeJesus 2023-11-27 19:03:06 -05:00
• 0578bd4caa [New Rule] Threshold Detections for Okta User Sessions and Client Addresses (#3263) Terrance DeJesus 2023-11-27 19:03:06 -05:00
• fdeeb7bc67 [New Rule] Detection for Okta Sign-In Events via Third-Party IdP (#3259) Terrance DeJesus 2023-11-27 18:31:27 -05:00
• bff1ce7e5d [New Rule] Detection for Okta Sign-In Events via Third-Party IdP (#3259) Terrance DeJesus 2023-11-27 18:31:27 -05:00
• 8eeb95f545 [New Rule] Detection for Okta Sign-In Events via Third-Party IdP (#3259) Terrance DeJesus 2023-11-27 18:31:27 -05:00
• 4d5b8c6f2d adding new rule 'New Okta Identity Provider (IdP) Added by Admin' (#3258) Terrance DeJesus 2023-11-27 18:06:54 -05:00
• 3e2cbe2163 adding new rule 'New Okta Identity Provider (IdP) Added by Admin' (#3258) Terrance DeJesus 2023-11-27 18:06:54 -05:00
• 73288af642 adding new rule 'New Okta Identity Provider (IdP) Added by Admin' (#3258) Terrance DeJesus 2023-11-27 18:06:54 -05:00
• 3808d01776 [New Rule] Adding Detection for First Occurrence of Okta User Session Started via Proxy (#3261) Terrance DeJesus 2023-11-27 17:50:13 -05:00
• 900e7a9ec0 [New Rule] Adding Detection for First Occurrence of Okta User Session Started via Proxy (#3261) Terrance DeJesus 2023-11-27 17:50:13 -05:00
• 8321cfe018 [New Rule] Adding Detection for First Occurrence of Okta User Session Started via Proxy (#3261) Terrance DeJesus 2023-11-27 17:50:13 -05:00
• a6b6f9279f [New Rule] Adding Detection for New Okta Authentication Behavior (#3260) Terrance DeJesus 2023-11-27 17:39:10 -05:00
• ab8ab6d596 [New Rule] Adding Detection for New Okta Authentication Behavior (#3260) Terrance DeJesus 2023-11-27 17:39:10 -05:00
• f19506f3a2 [New Rule] Adding Detection for New Okta Authentication Behavior (#3260) Terrance DeJesus 2023-11-27 17:39:10 -05:00
• d171b9a442 [New] First Time Seen NewCredentials Lgon Process (#3276) Samirbous 2023-11-27 18:37:15 +00:00
• 315b4df8ca [New] First Time Seen NewCredentials Lgon Process (#3276) Samirbous 2023-11-27 18:37:15 +00:00
• 88f752bf8b [New] First Time Seen NewCredentials Lgon Process (#3276) Samirbous 2023-11-27 18:37:15 +00:00
• 0c9509d093 Setup Guide information for MacOS rules (#3274) shashank-elastic 2023-11-22 20:18:22 +05:30
• a3388dbf36 Setup Guide information for MacOS rules (#3274) shashank-elastic 2023-11-22 20:18:22 +05:30
• 7854081cc0 Setup Guide information for MacOS rules (#3274) shashank-elastic 2023-11-22 20:18:22 +05:30
• 4e5ad462c3 [New Rule] Adding Detection Logic for Okta User Sessions Started from Different Geolocations (#3279) Terrance DeJesus 2023-11-21 17:32:09 -05:00
• 633f364632 [New Rule] Adding Detection Logic for Okta User Sessions Started from Different Geolocations (#3279) Terrance DeJesus 2023-11-21 17:32:09 -05:00
• 832ee02aed [New Rule] Adding Detection Logic for Okta User Sessions Started from Different Geolocations (#3279) Terrance DeJesus 2023-11-21 17:32:09 -05:00
• 61bbcfec52 Add UEBA Tag (#3277) Mika Ayenson 2023-11-20 13:51:13 -06:00
• 98b331e2ce Add UEBA Tag (#3277) Mika Ayenson 2023-11-20 13:51:13 -06:00
• 93ad4b0959 Add UEBA Tag (#3277) Mika Ayenson 2023-11-20 13:51:13 -06:00
• 62b0afcdc6 Merge branch 'main' of github.com:elastic/detection-rules Mika Ayenson 2023-11-20 13:04:29 -06:00
• dd49bcc535 [Bug] Fix typo in downgrade_contents_from_rule (#3272) Eric Forte 2023-11-14 23:06:04 -05:00
• eb835a5079 [Bug] Fix typo in downgrade_contents_from_rule (#3272) Eric Forte 2023-11-14 23:06:04 -05:00
• 66c1d7f3b4 [Bug] Fix typo in downgrade_contents_from_rule (#3272) Eric Forte 2023-11-14 23:06:04 -05:00
• 337f11fa7c [Rule Tuning] Fix Menasec Expired Links (#3271) Jonhnathan 2023-11-14 10:18:34 -03:00
• 699c835043 [Rule Tuning] Fix Menasec Expired Links (#3271) Jonhnathan 2023-11-14 10:18:34 -03:00
• f53f46efd5 [Rule Tuning] Fix Menasec Expired Links (#3271) Jonhnathan 2023-11-14 10:18:34 -03:00
• b342660c3a Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11 (#3270) github-actions[bot] 2023-11-13 14:45:58 -05:00
• f1da3e86bc Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11 (#3270) integration-v8.10.6 github-actions[bot] 2023-11-13 14:45:58 -05:00
• 9195eedb9c Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11 (#3270) github-actions[bot] 2023-11-13 14:45:58 -05:00
• 538fc8c4dd Merge branch 'main' of github.com:elastic/detection-rules Mika Ayenson 2023-11-06 12:58:22 -06:00
• 8fee26a296 Enhance Setup Guide information (#3256) shashank-elastic 2023-11-03 19:05:29 +05:30
• 9c271c6591 Enhance Setup Guide information (#3256) shashank-elastic 2023-11-03 19:05:29 +05:30
• d52546eee5 Enhance Setup Guide information (#3256) shashank-elastic 2023-11-03 19:05:29 +05:30
• 96f7803431 [Bug] Add Integration Schema Validation to NewTermsRuleData.validate Method (#3227) Terrance DeJesus 2023-11-02 16:52:18 -04:00
• 39346f4b5b [Bug] Add Integration Schema Validation to NewTermsRuleData.validate Method (#3227) Terrance DeJesus 2023-11-02 16:52:18 -04:00
• 829f5ea885 [Bug] Add Integration Schema Validation to NewTermsRuleData.validate Method (#3227) Terrance DeJesus 2023-11-02 16:52:18 -04:00
• 73c239557b [New BBR] Segfault Detected (#3240) Ruben Groenewoud 2023-11-02 09:40:50 +01:00
• 515ee158fb [New BBR] Segfault Detected (#3240) Ruben Groenewoud 2023-11-02 09:40:50 +01:00
• dff4633dd4 [New BBR] Segfault Detected (#3240) Ruben Groenewoud 2023-11-02 09:40:50 +01:00
• 396bfc5bec [New BBR] Kernel Driver Load (#3236) Ruben Groenewoud 2023-11-02 09:32:38 +01:00
• 13c6fbbcea [New BBR] Kernel Driver Load (#3236) Ruben Groenewoud 2023-11-02 09:32:38 +01:00
• 967f6a4c89 [New BBR] Kernel Driver Load (#3236) Ruben Groenewoud 2023-11-02 09:32:38 +01:00
• 4c6fc3496c [FR] Adjust Prebuilt Rules Packaging to Use Elastic Package v3 (#3252) Terrance DeJesus 2023-11-01 12:47:40 -04:00
• 029c826043 [FR] Adjust Prebuilt Rules Packaging to Use Elastic Package v3 (#3252) Terrance DeJesus 2023-11-01 12:47:40 -04:00
• cdeb398ab3 [FR] Adjust Prebuilt Rules Packaging to Use Elastic Package v3 (#3252) Terrance DeJesus 2023-11-01 12:47:40 -04:00
• 8415bedf0f [FR] Support missing events (#3153) Mika Ayenson 2023-10-31 16:20:52 -05:00
• 98e8748f9f [FR] Support missing events (#3153) Mika Ayenson 2023-10-31 16:20:52 -05:00
• d0b0216362 [FR] Support missing events (#3153) Mika Ayenson 2023-10-31 16:20:52 -05:00
• b9e6c13e93 Pin python packages (#3249) Mika Ayenson 2023-10-30 12:53:26 -05:00
• d2050f755d Pin python packages (#3249) Mika Ayenson 2023-10-30 12:53:26 -05:00
• 5722257119 Pin python packages (#3249) Mika Ayenson 2023-10-30 12:53:26 -05:00
• c13ba83a91 Setup information for Linux Rules - Set8 (#3200) shashank-elastic 2023-10-30 20:58:40 +05:30
• 90c06f5fce Setup information for Linux Rules - Set8 (#3200) shashank-elastic 2023-10-30 20:58:40 +05:30
• 5c5d1b214b Setup information for Linux Rules - Set8 (#3200) shashank-elastic 2023-10-30 20:58:40 +05:30
• 9191b3e9f1 [New Rule] Adding Beaconing Rules from Advanced Analytic Beaconing Package (#3128) Apoorva Joshi 2023-10-30 07:05:24 -07:00
• f32a83791a [New Rule] Adding Beaconing Rules from Advanced Analytic Beaconing Package (#3128) Apoorva Joshi 2023-10-30 07:05:24 -07:00
• a4f9cf4616 [New Rule] Adding Beaconing Rules from Advanced Analytic Beaconing Package (#3128) Apoorva Joshi 2023-10-30 07:05:24 -07:00
• 4bde69f1ad Move Config Guides for Pre-Built Detection Rules to Setup Field - Windows, MacOS, BBR and Cross Platform (#3157) shashank-elastic 2023-10-30 16:53:04 +05:30
• a31d788dcb Move Config Guides for Pre-Built Detection Rules to Setup Field - Windows, MacOS, BBR and Cross Platform (#3157) shashank-elastic 2023-10-30 16:53:04 +05:30
• a568c56bc1 Move Config Guides for Pre-Built Detection Rules to Setup Field - Windows, MacOS, BBR and Cross Platform (#3157) shashank-elastic 2023-10-30 16:53:04 +05:30
• c16adb4f98 [Rule Tuning] Tainted Kernel Module Load (#3234) Ruben Groenewoud 2023-10-30 09:49:20 +01:00
• 01a8fd30f2 [Rule Tuning] Tainted Kernel Module Load (#3234) Ruben Groenewoud 2023-10-30 09:49:20 +01:00
• ad25c922fd [Rule Tuning] Tainted Kernel Module Load (#3234) Ruben Groenewoud 2023-10-30 09:49:20 +01:00