Commit Graph

Select branches

Hide Pull Requests

main

7.11

ML-Beaconing-20211130-1

ML-Beaconing-20211216-1

ML-DGA-20201111-1

ML-DGA-20201111-2

ML-DGA-20201111-3

ML-DGA-20201118-1

ML-DGA-20201216-1

ML-DGA-20210421-2

ML-DGA-20210421-3

ML-DGA-20210601-3

ML-DGA-20210602-3

ML-DGA-20210604-4

ML-DGA-20210629-5

ML-DGA-20210706-5

ML-HostRiskScore-20210728-1

ML-HostRiskScore-20210803-1

ML-HostRiskScore-20210826-2

ML-HostRiskScore-20211007-3

ML-HostRiskScore-20220210-4

ML-HostRiskScore-20220215-4

ML-HostRiskScore-20220228-5

ML-HostRiskScore-20220404-5

ML-ProblemChild-20210519-1

ML-ProblemChild-20210520-1

ML-ProblemChild-20210526-1

ML-ProblemChild-20210602-1

ML-URLSpoof-20210804-1

ML-URLSpoof-20210805-1

ML-UserRiskScore-20220628-1

ML-UserRiskScore-20220812-2

ML-experimental-detections-20200506-3

ML-experimental-detections-20201028-1

ML-experimental-detections-20201029-1

ML-experimental-detections-20201118-1

ML-experimental-detections-20201209-1

ML-experimental-detections-20201221-2

ML-experimental-detections-20210527-4

ML-experimental-detections-20210602-4

ML-experimental-detections-20210603-5

ML-experimental-detections-20210804-6

ML-experimental-detections-20210805-6

ML-experimental-detections-20211130-7

apr_2025_updates

aug_2025_updates

august_updates

dev-v0.1.0

dev-v0.1.2

dev-v0.1.3

dev-v0.1.4

dev-v0.1.5

dev-v0.1.6

dev-v0.1.7

dev-v0.2.0

dev-v0.2.1

dev-v0.3.0

dev-v0.3.1

dev-v0.3.10

dev-v0.3.11

dev-v0.3.12

dev-v0.3.13

dev-v0.3.14

dev-v0.3.15

dev-v0.3.16

dev-v0.3.17

dev-v0.3.18

dev-v0.3.19

dev-v0.3.2

dev-v0.3.3

dev-v0.3.4

dev-v0.3.5

dev-v0.3.6

dev-v0.3.7

dev-v0.3.8

dev-v0.3.9

dev-v0.4.0

dev-v0.4.1

dev-v0.4.10

dev-v0.4.11

dev-v0.4.12

dev-v0.4.13

dev-v0.4.14

dev-v0.4.15

dev-v0.4.16

dev-v0.4.17

dev-v0.4.18

dev-v0.4.19

dev-v0.4.2

dev-v0.4.20

dev-v0.4.21

dev-v0.4.22

dev-v0.4.23

dev-v0.4.24

dev-v0.4.25

dev-v0.4.26

dev-v0.4.3

dev-v0.4.4

dev-v0.4.5

dev-v0.4.6

dev-v0.4.7

dev-v0.4.8

dev-v0.4.9

dev-v1.0.0

dev-v1.0.1

dev-v1.0.10

dev-v1.0.13

dev-v1.0.14

dev-v1.0.15

dev-v1.0.16

dev-v1.0.17

dev-v1.0.18

dev-v1.0.2

dev-v1.0.3

dev-v1.0.4

dev-v1.0.5

dev-v1.0.6

dev-v1.0.7

dev-v1.0.8

dev-v1.0.9

dev-v1.1.0

dev-v1.1.1

dev-v1.1.2

dev-v1.1.3

dev-v1.1.4

dev-v1.1.5

dev-v1.1.6

dev-v1.1.7

dev-v1.2.0

dev-v1.2.1

dev-v1.2.10

dev-v1.2.11

dev-v1.2.12

dev-v1.2.13

dev-v1.2.14

dev-v1.2.15

dev-v1.2.16

dev-v1.2.17

dev-v1.2.18

dev-v1.2.19

dev-v1.2.2

dev-v1.2.20

dev-v1.2.21

dev-v1.2.22

dev-v1.2.23

dev-v1.2.24

dev-v1.2.25

dev-v1.2.26

dev-v1.2.3

dev-v1.2.4

dev-v1.2.5

dev-v1.2.7

dev-v1.2.8

dev-v1.2.9

dev-v1.3.0

dev-v1.3.1

dev-v1.3.10

dev-v1.3.11

dev-v1.3.12

dev-v1.3.13

dev-v1.3.14

dev-v1.3.15

dev-v1.3.16

dev-v1.3.17

dev-v1.3.18

dev-v1.3.19

dev-v1.3.2

dev-v1.3.20

dev-v1.3.21

dev-v1.3.22

dev-v1.3.23

dev-v1.3.24

dev-v1.3.25

dev-v1.3.26

dev-v1.3.27

dev-v1.3.28

dev-v1.3.29

dev-v1.3.3

dev-v1.3.30

dev-v1.3.31

dev-v1.3.32

dev-v1.3.33

dev-v1.3.4

dev-v1.3.5

dev-v1.3.6

dev-v1.3.7

dev-v1.3.9

dev-v1.4.0

dev-v1.4.1

dev-v1.4.10

dev-v1.4.11

dev-v1.4.12

dev-v1.4.2

dev-v1.4.3

dev-v1.4.4

dev-v1.4.5

dev-v1.4.6

dev-v1.4.7

dev-v1.4.8

dev-v1.4.9

dev-v1.5.0

dev-v1.5.1

dev-v1.5.10

dev-v1.5.11

dev-v1.5.12

dev-v1.5.13

dev-v1.5.14

dev-v1.5.15

dev-v1.5.16

dev-v1.5.17

dev-v1.5.18

dev-v1.5.19

dev-v1.5.2

dev-v1.5.20

dev-v1.5.21

dev-v1.5.22

dev-v1.5.23

dev-v1.5.24

dev-v1.5.25

dev-v1.5.26

dev-v1.5.27

dev-v1.5.28

dev-v1.5.29

dev-v1.5.3

dev-v1.5.31

dev-v1.5.32

dev-v1.5.33

dev-v1.5.34

dev-v1.5.35

dev-v1.5.36

dev-v1.5.37

dev-v1.5.38

dev-v1.5.39

dev-v1.5.4

dev-v1.5.40

dev-v1.5.41

dev-v1.5.42

dev-v1.5.43

dev-v1.5.44

dev-v1.5.45

dev-v1.5.46

dev-v1.5.47

dev-v1.5.48

dev-v1.5.49

dev-v1.5.5

dev-v1.5.50

dev-v1.5.51

dev-v1.5.52

dev-v1.5.53

dev-v1.5.54

dev-v1.5.56

dev-v1.5.6

dev-v1.5.7

dev-v1.5.8

dev-v1.5.9

dev-v1.6.0

dev-v1.6.1

dev-v1.6.10

dev-v1.6.11

dev-v1.6.12

dev-v1.6.13

dev-v1.6.14

dev-v1.6.15

dev-v1.6.16

dev-v1.6.17

dev-v1.6.18

dev-v1.6.19

dev-v1.6.2

dev-v1.6.20

dev-v1.6.21

dev-v1.6.22

dev-v1.6.23

dev-v1.6.24

dev-v1.6.25

dev-v1.6.26

dev-v1.6.28

dev-v1.6.29

dev-v1.6.3

dev-v1.6.30

dev-v1.6.31

dev-v1.6.32

dev-v1.6.4

dev-v1.6.5

dev-v1.6.6

dev-v1.6.7

dev-v1.6.8

dev-v1.6.9

dev7.10-ML-DGA-v0.1.0

dev7.10-ML-DGA-v0.1.0.zip

dev7.10-abc-v0.1.0

feb_2025_updates

integration-v0.13.1

integration-v0.13.2

integration-v0.13.3

integration-v0.14.1

integration-v0.14.2

integration-v0.14.3

integration-v0.16.1

integration-v0.16.2

integration-v1.0.1

integration-v1.0.2

integration-v7.16.3

integration-v7.16.4

integration-v7.16.5

integration-v8.1.1

integration-v8.10.1

integration-v8.10.10

integration-v8.10.11

integration-v8.10.12

integration-v8.10.13

integration-v8.10.14

integration-v8.10.15

integration-v8.10.16

integration-v8.10.17

integration-v8.10.18

integration-v8.10.2

integration-v8.10.3

integration-v8.10.4

integration-v8.10.5

integration-v8.10.6

integration-v8.10.7

integration-v8.10.8

integration-v8.10.9

integration-v8.11.1

integration-v8.11.10

integration-v8.11.11

integration-v8.11.12

integration-v8.11.13

integration-v8.11.14

integration-v8.11.15

integration-v8.11.16

integration-v8.11.17

integration-v8.11.18

integration-v8.11.19

integration-v8.11.2

integration-v8.11.20

integration-v8.11.21

Mono Color

• 80f16bb7ac Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10 (#3108) integration-v8.10.3 github-actions[bot] 2023-09-18 11:14:42 -04:00
• de2b97a492 Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10 (#3108) github-actions[bot] 2023-09-18 11:14:42 -04:00
• 18fb966776 [New Rule] Network Activity Detected via cat (#3069) Ruben Groenewoud 2023-09-18 09:51:20 +02:00
• b291317ea6 [New Rule] Network Activity Detected via cat (#3069) Ruben Groenewoud 2023-09-18 09:51:20 +02:00
• f4ce48063c [New Rule] Github Repository Deleted (#3056) Isai 2023-09-14 18:00:25 -04:00
• 9146e0965d [New Rule] Github Repository Deleted (#3056) Isai 2023-09-14 18:00:25 -04:00
• 09feb8b94f [New Rule] GitHub Protected Branch Settings Changed (#3054) Isai 2023-09-14 17:16:51 -04:00
• 904e37b732 [New Rule] GitHub Protected Branch Settings Changed (#3054) Isai 2023-09-14 17:16:51 -04:00
• 0bc9b126f6 Tunes Unusual Parent Process for cmd.exe rule to exclude oobe activity (#3091) Hilton 2023-09-14 02:51:07 +10:00
• ccfc931fbd Tunes Unusual Parent Process for cmd.exe rule to exclude oobe activity (#3091) Hilton 2023-09-14 02:51:07 +10:00
• ab3a15861c [Security Content] Add missing osquery transforms (#3088) Jonhnathan 2023-09-13 08:07:01 -03:00
• 4034436f06 [Security Content] Add missing osquery transforms (#3088) Jonhnathan 2023-09-13 08:07:01 -03:00
• 711e0f3ab7 [New Rule] New BBR Rules - Part 2 (#3029) Jonhnathan 2023-09-12 21:49:22 -03:00
• ddb1f75352 [New Rule] New BBR Rules - Part 2 (#3029) Jonhnathan 2023-09-12 21:49:22 -03:00
• 4b2112f4a0 [New Rule] New BBR Rules - Part 3 (#3034) Jonhnathan 2023-09-12 21:28:01 -03:00
• af99186992 [New Rule] New BBR Rules - Part 3 (#3034) Jonhnathan 2023-09-12 21:28:01 -03:00
• 40a8e64278 Merge branch 'main' of github.com:elastic/detection-rules Mika Ayenson 2023-09-11 12:53:45 -05:00
• fa494e4c46 [New Rule] Potential UDP Reverse Shell (#2906) Ruben Groenewoud 2023-09-07 17:13:22 +02:00
• f8f3576971 [New Rule] Potential UDP Reverse Shell (#2906) Ruben Groenewoud 2023-09-07 17:13:22 +02:00
• 63b817353a [New Rule] Potential Meterpreter Reverse Shell (#3007) Ruben Groenewoud 2023-09-07 17:04:06 +02:00
• 15e71ec2e8 [New Rule] Potential Meterpreter Reverse Shell (#3007) Ruben Groenewoud 2023-09-07 17:04:06 +02:00
• 49c7a9317e [FR] Add support for samples in eql 0.9.18 (#3000) Mika Ayenson 2023-09-07 09:01:28 -05:00
• 20de1d8d1d [FR] Add support for samples in eql 0.9.18 (#3000) Mika Ayenson 2023-09-07 09:01:28 -05:00
• 2e74d50950 Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10 (#3079) integration-v8.10.2 github-actions[bot] 2023-09-06 13:21:22 -04:00
• 87af5b43ba Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10 (#3079) github-actions[bot] 2023-09-06 13:21:22 -04:00
• e9b1ebae3f [New Rule] New BBR Rules - Part 5 (#3052) Jonhnathan 2023-09-05 18:36:34 -03:00
• 3614f42b00 [New Rule] New BBR Rules - Part 5 (#3052) Jonhnathan 2023-09-05 18:36:34 -03:00
• 521ecdc6c4 [New Rule] New BBR Rules - Part 1 (#3026) Jonhnathan 2023-09-05 18:07:47 -03:00
• 8049c96281 [New Rule] New BBR Rules - Part 1 (#3026) Jonhnathan 2023-09-05 18:07:47 -03:00
• 56e54e714c [New Rule] Potential Masquerading as Business App Installer (#3068) Jonhnathan 2023-09-05 17:58:34 -03:00
• 26c97dc241 [New Rule] Potential Masquerading as Business App Installer (#3068) Jonhnathan 2023-09-05 17:58:34 -03:00
• 7780167504 Added unit test (#3038) eric-forte-elastic 2023-09-05 15:27:04 -04:00
• 34ebcec679 Added unit test (#3038) eric-forte-elastic 2023-09-05 15:27:04 -04:00
• 063386829c [Security Content] Include "Data Source: Elastic Defend" tag (#3002) Jonhnathan 2023-09-05 15:22:01 -03:00
• 4233fef238 [Security Content] Include "Data Source: Elastic Defend" tag (#3002) Jonhnathan 2023-09-05 15:22:01 -03:00
• 4bb0cdc3f3 [Rule Tuning] Small Linux DR Tuning (#3074) Ruben Groenewoud 2023-09-05 14:20:57 +02:00
• 6115a68aba [Rule Tuning] Small Linux DR Tuning (#3074) Ruben Groenewoud 2023-09-05 14:20:57 +02:00
• bdda925921 label bbr rules (#3067) Mika Ayenson 2023-08-31 17:00:16 -05:00
• 811d1b7727 label bbr rules (#3067) Mika Ayenson 2023-08-31 17:00:16 -05:00
• 06e3367683 [New Rule] Sus User Privilege Enumeration via id (#3049) Ruben Groenewoud 2023-08-31 18:13:42 +02:00
• 3c64b454fb [New Rule] Sus User Privilege Enumeration via id (#3049) Ruben Groenewoud 2023-08-31 18:13:42 +02:00
• 6c074f21d8 [New Rule][BBR] WRITEDAC Access on Active Directory Object (#3015) Jonhnathan 2023-08-31 12:59:02 -03:00
• fdd45148b8 [New Rule][BBR] WRITEDAC Access on Active Directory Object (#3015) Jonhnathan 2023-08-31 12:59:02 -03:00
• 3926384446 [New Rules] GDB Secret Dumping (#3060) Ruben Groenewoud 2023-08-31 17:41:22 +02:00
• f7d8d4752a [New Rules] GDB Secret Dumping (#3060) Ruben Groenewoud 2023-08-31 17:41:22 +02:00
• 5c0ff8765b [New Rule] File Creation, Exec and Self-Deletion (#3045) Ruben Groenewoud 2023-08-31 17:32:17 +02:00
• b6ed215958 [New Rule] File Creation, Exec and Self-Deletion (#3045) Ruben Groenewoud 2023-08-31 17:32:17 +02:00
• ba6952c242 [Rule Tuning] 3 tunings to reduce FPs (#3058) Ruben Groenewoud 2023-08-31 17:16:57 +02:00
• 3588600d57 [Rule Tuning] 3 tunings to reduce FPs (#3058) Ruben Groenewoud 2023-08-31 17:16:57 +02:00
• fb2fbf3589 [New Rule] Potential Disabling of AppArmor (#3046) Ruben Groenewoud 2023-08-31 17:06:15 +02:00
• 2eaaf27f1e [New Rule] Potential Disabling of AppArmor (#3046) Ruben Groenewoud 2023-08-31 17:06:15 +02:00
• 7b5897bad4 [New BBR] Suspicious which Enumeration (#3059) Ruben Groenewoud 2023-08-31 13:55:56 +02:00
• 04d1c3cd5b [New BBR] Suspicious which Enumeration (#3059) Ruben Groenewoud 2023-08-31 13:55:56 +02:00
• ed6d73bba9 [New Rule] Binary Copied and/or Moved to Suspicious Directory (#3048) Ruben Groenewoud 2023-08-31 13:46:41 +02:00
• d838a3352f [New Rule] Binary Copied and/or Moved to Suspicious Directory (#3048) Ruben Groenewoud 2023-08-31 13:46:41 +02:00
• 5857a47cd4 [New Rule] Potential Sudo Privilege Escalation via CVE-2019-14287 (#3057) Ruben Groenewoud 2023-08-31 13:11:34 +02:00
• a5b5d513af [New Rule] Potential Sudo Privilege Escalation via CVE-2019-14287 (#3057) Ruben Groenewoud 2023-08-31 13:11:34 +02:00
• dee3a5f61c [New Rule] Suspicious Communication App Child Process (#2998) Jonhnathan 2023-08-31 07:33:16 -03:00
• c89b722a34 [New Rule] Suspicious Communication App Child Process (#2998) Jonhnathan 2023-08-31 07:33:16 -03:00
• 53ac388228 [New Rules] sus program compilation activity (#3043) Ruben Groenewoud 2023-08-31 09:30:56 +02:00
• a395f54054 [New Rules] sus program compilation activity (#3043) Ruben Groenewoud 2023-08-31 09:30:56 +02:00
• ae1f704845 [New Rule] Potential Masquerading as VLC DLL (#3006) Jonhnathan 2023-08-30 17:45:45 -03:00
• a7a22a0917 [New Rule] Potential Masquerading as VLC DLL (#3006) Jonhnathan 2023-08-30 17:45:45 -03:00
• 1da5bca492 [New Rules] Linux Tunneling and Port Forwarding (#3028) Ruben Groenewoud 2023-08-30 22:12:19 +02:00
• 32abdb95f7 [New Rules] Linux Tunneling and Port Forwarding (#3028) Ruben Groenewoud 2023-08-30 22:12:19 +02:00
• 4a4588c856 Tune rule for new DLL written to Windows Servicing (#3062) Eric 2023-08-30 10:51:23 -06:00
• 41a7a36817 Tune rule for new DLL written to Windows Servicing (#3062) Eric 2023-08-30 10:51:23 -06:00
• d45b693e20 [New Rule] Suspicious WMI Event Subscription Created (#1860) Jonhnathan 2023-08-29 16:42:19 -03:00
• 6d7df50d78 [New Rule] Suspicious WMI Event Subscription Created (#1860) Jonhnathan 2023-08-29 16:42:19 -03:00
• 374ac8ad1c [New Rule] Unusual Process For MSSQL Service Accounts (#3040) Jonhnathan 2023-08-29 09:10:25 -03:00
• 7004c99ef5 [New Rule] Unusual Process For MSSQL Service Accounts (#3040) Jonhnathan 2023-08-29 09:10:25 -03:00
• 154ee50051 [New Rule] New BBR Rules - Part 4 (#3035) Jonhnathan 2023-08-29 08:49:22 -03:00
• 0e337e2c36 [New Rule] New BBR Rules - Part 4 (#3035) Jonhnathan 2023-08-29 08:49:22 -03:00
• 520a670568 [New Rule] Potential Masquerading as Browser Process (#2995) Jonhnathan 2023-08-28 13:28:26 -03:00
• 9f213cc9f7 [New Rule] Potential Masquerading as Browser Process (#2995) Jonhnathan 2023-08-28 13:28:26 -03:00
• d0d092a036 Update credential_access_lsass_openprocess_api.toml (#3047) Samirbous 2023-08-28 16:22:08 +01:00
• 22931d6afb Update credential_access_lsass_openprocess_api.toml (#3047) Samirbous 2023-08-28 16:22:08 +01:00
• 112e2f2864 [New Rule] Potential Masquerading as Windows System32 DLL (#3021) Jonhnathan 2023-08-28 08:31:20 -03:00
• 7496c5cb68 [New Rule] Potential Masquerading as Windows System32 DLL (#3021) Jonhnathan 2023-08-28 08:31:20 -03:00
• f00a14c3af [New Rule] Network-Level Authentication (NLA) Disabled (#3039) Jonhnathan 2023-08-28 08:05:21 -03:00
• ffa60f2d03 [New Rule] Network-Level Authentication (NLA) Disabled (#3039) Jonhnathan 2023-08-28 08:05:21 -03:00
• c067542e13 [Rule Tuning] High Number of Process and/or Service Terminations (#2940) Jonhnathan 2023-08-25 19:19:25 -03:00
• de32287889 [Rule Tuning] High Number of Process and/or Service Terminations (#2940) Jonhnathan 2023-08-25 19:19:25 -03:00
• 8aad7d7d02 BBR Rules Addition (#3027) shashank-elastic 2023-08-25 19:10:12 +05:30
• d21ed24e4f BBR Rules Addition (#3027) shashank-elastic 2023-08-25 19:10:12 +05:30
• ed2daecb25 [Rule Tuning] Several rule tunings (#3024) Ruben Groenewoud 2023-08-25 14:03:29 +02:00
• a1716bd673 [Rule Tuning] Several rule tunings (#3024) Ruben Groenewoud 2023-08-25 14:03:29 +02:00
• 939800bb03 [Rule Tuning] Threat Intel Hash Indicator Match (#3031) Eric 2023-08-25 03:21:16 -06:00
• 17d0e5cda8 [Rule Tuning] Threat Intel Hash Indicator Match (#3031) Eric 2023-08-25 03:21:16 -06:00
• a16735676f [Rule Tuning] Windows BBR Rules (#3018) Jonhnathan 2023-08-25 05:21:16 -03:00
• 17f6537e44 [Rule Tuning] Windows BBR Rules (#3018) Jonhnathan 2023-08-25 05:21:16 -03:00
• 38aca58b17 [Rule Tuning] Compression DLL Loaded by Unusual Process (#3017) Jonhnathan 2023-08-25 05:08:36 -03:00
• 460919a9d7 [Rule Tuning] Compression DLL Loaded by Unusual Process (#3017) Jonhnathan 2023-08-25 05:08:36 -03:00
• 7887392eaf Merge branch 'main' of github.com:elastic/detection-rules Mika Ayenson 2023-08-24 15:26:45 -05:00
• 4833f15de5 [Bug] Fix RTA Metadata (#3036) Mika Ayenson 2023-08-24 11:12:16 -05:00
• 5bb5994c6f [Bug] Fix RTA Metadata (#3036) Mika Ayenson 2023-08-24 11:12:16 -05:00
• 7ad30125fd Merge branch 'main' of github.com:elastic/detection-rules Mika Ayenson 2023-08-24 10:34:28 -05:00
• abdf54d4ac [Bug] Set session cookie key to sid (#3010) Mika Ayenson 2023-08-22 16:02:20 -05:00
• c72ec4da90 [Bug] Set session cookie key to sid (#3010) Mika Ayenson 2023-08-22 16:02:20 -05:00
• d96eb29614 Adding related integrations to ML rules (#2972) Apoorva Joshi 2023-08-22 20:39:18 +02:00