This website requires JavaScript.
b31a1b761c
[FR] Re-factor Build Integrations Manifest (#2274 )
2022-09-28 09:33:49 -04:00
aaa01c126f
Lock versions for releases: 7.16,8.0,8.1,8.2,8.3,8.4,8.5 (#2329 )
2022-09-26 14:24:12 -04:00
1b6355eee9
Lock versions for releases: 7.16,8.0,8.1,8.2,8.3,8.4,8.5 (#2329 )
2022-09-26 14:24:12 -04:00
f5c992b6de
[Security Content] Add Investigation Guides - 2 - 8.5 (#2314 )
2022-09-26 08:59:39 -07:00
acde8f3791
[Rule Tuning] adjust duplicate ssh brute force rule names and add unit test (#2321 )
2022-09-26 10:04:38 -04:00
b00de3e445
[Rule Tuning] adjust duplicate ssh brute force rule names and add unit test (#2321 )
2022-09-26 10:04:38 -04:00
4366702b34
[Rule Tuning] Removed potential typo within rule "persistence_gpo_schtask_service_creation" (#2301 )
2022-09-26 15:23:54 +02:00
f02ffbbe13
[Security Content] Add Investigation Guides - 8.5 (#2305 )
2022-09-23 14:44:24 -07:00
ec04a39413
[Security Content] Tag rules with robust Investigation Guides (#2297 )
2022-09-23 10:20:32 -07:00
2f062ecf84
Add investigation guides (#2326 )
2022-09-23 20:18:48 +05:30
146279fd4f
[Bug] Remove duplicate key in non-ecs-schema (#2319 )
2022-09-21 18:03:08 -04:00
ca0e4ac72a
[Bug] Remove duplicate key in non-ecs-schema (#2319 )
2022-09-21 18:03:08 -04:00
07d540c844
Prep for 8.6 Branch Creation (#2308 )
2022-09-21 17:01:02 -04:00
facaef1389
Prep for 8.6 Branch Creation (#2308 )
2022-09-21 17:01:02 -04:00
4e3c72e9a6
[Bug] Add ready_for_review to backport activity types (#2312 )
2022-09-21 14:22:27 -04:00
8e240f9e79
[Bug] Add ready_for_review to backport activity types (#2312 )
2022-09-21 14:22:27 -04:00
f561eb2b61
Revert "Add backporting diagram"
2022-09-21 14:17:06 -04:00
e9d2d7f57f
Add backporting diagram
2022-09-21 14:07:17 -04:00
514df3656d
updating non-ecs-schema to match content on main
2022-09-21 13:22:20 -04:00
5b8593559c
[Rule Tuning] Kubernetes - update min_stack for new rules (#2310 )
2022-09-20 17:09:22 -04:00
bafab880bb
adding adjustment to route c of manage_versions (#2307 )
2022-09-19 14:50:46 -04:00
3c97d34615
adding adjustment to route c of manage_versions (#2307 )
2022-09-19 14:50:46 -04:00
09565d97b7
[New Rule] PowerShell Script with Token Impersonation Capabilities (#2246 )
2022-09-19 11:43:38 -07:00
a955e34b43
[New Rule] PowerShell Share Enumeration Script (#2243 )
2022-09-19 11:38:23 -07:00
033a4b0646
[Rule Tuning] Remove "process_started" from Windows Rules (#2238 )
2022-09-19 11:06:30 -07:00
d52c0d2257
[Rule Tuning] Remove "process_started" from Windows Rules (#2238 )
2022-09-19 11:06:30 -07:00
acdfe5ddab
[New Rule] Process Creation via Secondary Logon (#2282 )
2022-09-19 20:04:08 +02:00
4844b69ced
[Rule Deprecation] Web Application Suspicious Activity: No User Agent (#2295 )
2022-09-19 10:56:03 -07:00
963d01ba89
[New Rule] Kubernetes Suspicious Assignment of Controller Service Account (#2298 )
2022-09-19 13:35:37 -04:00
a9364beef9
[New Rule] Kubernetes Denied Service Account Request (#2299 )
2022-09-19 13:22:20 -04:00
d7eb2766b0
[New Rule] Multiple Vault Web credentials were read (#2281 )
2022-09-19 19:07:05 +02:00
99dcfe2055
[New Rule] Multiple Vault Web credentials were read (#2281 )
2022-09-19 19:07:05 +02:00
812a54fc70
[New Rule] Custom Gmail Route Created or Modified - Google Workspace (#2296 )
2022-09-19 13:03:23 -04:00
0ed2918b8d
[New Rule] Scheduled Task Creation using winlog (#2277 )
2022-09-19 18:50:45 +02:00
4609a5e8fe
[New Rule] Scheduled Task Creation using winlog (#2277 )
2022-09-19 18:50:45 +02:00
e95cbc4165
[New Rule] Brute Force Detection - Windows (#2275 )
2022-09-19 18:43:28 +02:00
fc8ec668b1
[New Rule] Brute Force Detection - Windows (#2275 )
2022-09-19 18:43:28 +02:00
fa0310d0fb
[New Rule] Kubernetes Anonymous Request Authorized (#2300 )
2022-09-19 12:33:09 -04:00
323c86d986
Add test command to verify version collisions do not occur (#2272 )
2022-09-19 09:53:30 -06:00
2ee5a185c7
Add test command to verify version collisions do not occur (#2272 )
2022-09-19 09:53:30 -06:00
725f7f3480
Linux rule to detect potential ssh brute force attack (#2291 )
2022-09-19 20:26:18 +05:30
870e14828e
break out the logic to a script and manual workflow (#1908 )
2022-09-16 13:34:04 -04:00
c2e7011ec6
break out the logic to a script and manual workflow (#1908 )
2022-09-16 13:34:04 -04:00
ca2b3c2b7f
[New Rule] Full User-Mode Dumps Enabled System-Wide (#2276 )
2022-09-15 12:57:00 -07:00
b3c02d60c7
RTA Deprecation (#2303 )
2022-09-15 23:00:02 +05:30
273c589bd4
RTA Deprecation (#2303 )
2022-09-15 23:00:02 +05:30
ae2a98e3f7
[New Rule] Linux rule(s) to detect namespace manipulation,shadow file read (#2283 )
2022-09-14 22:01:46 +05:30
59297c836e
[New Rule] User Organizational Unit Changed - Google Workspace (#2289 )
2022-09-13 15:36:27 -04:00
63e4653197
[Bug] Keyerror on rule-survey hits (#2293 )
2022-09-13 11:38:29 -04:00
e3040d8019
[Bug] Keyerror on rule-survey hits (#2293 )
2022-09-13 11:38:29 -04:00
8c19e9ff6c
[New Rule] Bitlocker Settings Disabled - Google Workspace (#2288 )
2022-09-12 16:06:01 -04:00
1dfc8ca817
Release ER Production RTAs to DR (#2270 )
2022-09-08 12:50:39 -04:00
0358ec9d9a
Release ER Production RTAs to DR (#2270 )
2022-09-08 12:50:39 -04:00
6c9881027b
Cleanup rule survey code (#1923 )
2022-09-06 15:53:47 -06:00
332ea40100
Cleanup rule survey code (#1923 )
2022-09-06 15:53:47 -06:00
a23c239a21
Update RTA common.py for py3 (#2287 )
2022-09-01 09:16:39 -06:00
0fc8006e7a
Update RTA common.py for py3 (#2287 )
2022-09-01 09:16:39 -06:00
3ba777c1b1
[Rule Tuning] Disable Windows Firewall Rules via Netsh (#2231 )
2022-08-26 19:10:08 +02:00
6a6ef0ce11
[New Rule] Restrictions for Google Marketplace Modified to Allow Any App - Google Workspace (#2268 )
2022-08-26 12:43:30 -04:00
bd6befb168
[New Rule] Google Drive Ownership Transferred (#2265 )
2022-08-26 12:41:10 -04:00
18df50443c
[Rule Tuning] Admin Role Assigned to User - Google Workspace (#2266 )
2022-08-26 12:35:44 -04:00
cd2539f1eb
[New Rule] User Group Access Modified to Allow External Access (#2264 )
2022-08-26 12:25:29 -04:00
c0a339e277
[New Rule] 2SV Policy Disabled - Google Workspace (#2271 )
2022-08-26 12:22:54 -04:00
e5399bc148
[New Rule] Application Removed from Blocklist - Google Workspace (#2267 )
2022-08-26 12:16:41 -04:00
97e42d01d8
[Rule Tuning] SUNBURST Command and Control Activity (#2232 )
2022-08-26 18:11:22 +02:00
fff6b51f6a
Add test that newly introduced build-time fields for a min_stack for … (#2262 )
2022-08-25 21:56:16 -06:00
d37eac8d9d
Add test that newly introduced build-time fields for a min_stack for … (#2262 )
2022-08-25 21:56:16 -06:00
fe34eab37d
Add TestRiskScoreMismatch (#2254 )
2022-08-25 14:29:46 -03:00
b19a02470b
Add TestRiskScoreMismatch (#2254 )
2022-08-25 14:29:46 -03:00
ef2da1d586
[Bug] Integrations-Pr Command (Elastic-Package Linting and Version Adjustments) (#2054 )
2022-08-24 14:01:30 -04:00
5a04aaf671
[Bug] Integrations-Pr Command (Elastic-Package Linting and Version Adjustments) (#2054 )
2022-08-24 14:01:30 -04:00
230cd73e28
Lock versions for releases: 7.16,8.0,8.1,8.2,8.3,8.4 (#2261 )
2022-08-24 13:26:35 -04:00
6ff7d2284d
Lock versions for releases: 7.16,8.0,8.1,8.2,8.3,8.4 (#2261 )
2022-08-24 13:26:35 -04:00
e5e0339430
min_stack all rules to 8.3 (#2259 )
2022-08-24 10:38:49 -06:00
46d5e37b76
min_stack all rules to 8.3 (#2259 )
2022-08-24 10:38:49 -06:00
3042be0824
[Rule Tuning] Clearing Windows Event Logs (#2233 )
2022-08-24 02:41:30 +02:00
023fbc7bbd
[Rule Tuning] Clearing Windows Event Logs (#2233 )
2022-08-24 02:41:30 +02:00
3fa44d3065
[Rule Tuning] Suspicious Child Process of Adobe Acrobat Reader Update Service (#2192 )
2022-08-23 10:10:40 -04:00
dfef597794
[Rule Tuning] Suspicious Child Process of Adobe Acrobat Reader Update Service (#2192 )
2022-08-23 10:10:40 -04:00
bac094acfc
[Rule Tuning] Finder Sync Plugin Registered and Enabled (#2172 )
2022-08-23 09:59:43 -04:00
2204459e73
[Rule Tuning] Finder Sync Plugin Registered and Enabled (#2172 )
2022-08-23 09:59:43 -04:00
c20582493c
[Rule Tuning] Suspicious Browser Child Process (#2138 )
2022-08-23 09:56:23 -04:00
2326b30a87
[Rule Tuning] Suspicious Browser Child Process (#2138 )
2022-08-23 09:56:23 -04:00
a37494cd5b
[Rule Tuning] Abnormal Process ID or Lock File Created (#2113 )
2022-08-23 09:59:31 -03:00
c5ff8511a9
[Rule Tuning] Abnormal Process ID or Lock File Created (#2113 )
2022-08-23 09:59:31 -03:00
3984f6e9cf
[Rule Tuning] Microsoft 365 Inbox Forwarding Rule Created (#2240 )
2022-08-23 09:43:09 -03:00
6631c4927d
[Rule Tuning] Microsoft 365 Inbox Forwarding Rule Created (#2240 )
2022-08-23 09:43:09 -03:00
ad880bb7df
[Rule Tuning] Standardizing Risk Score according to Severity (#2242 )
2022-08-21 22:29:39 -03:00
6e2d20362a
[Rule Tuning] Standardizing Risk Score according to Severity (#2242 )
2022-08-21 22:29:39 -03:00
273c9e60a0
set typing-inspect requirement to 0.7.1 (#2248 )
2022-08-17 22:17:16 -04:00
fbfe1e3530
set typing-inspect requirement to 0.7.1 (#2248 )
2022-08-17 22:17:16 -04:00
353fde10a0
[Deprecate Rule] Suspicious Process from Conhost (#2222 )
2022-08-16 16:32:24 +02:00
d3420e3386
[Deprecate Rule] Suspicious Process from Conhost (#2222 )
2022-08-16 16:32:24 +02:00
73834a3b08
[Rule Tuning] Whoami Process Activity (#2224 )
2022-08-16 16:26:10 +02:00
8e0ae64a04
[Rule Tuning] Whoami Process Activity (#2224 )
2022-08-16 16:26:10 +02:00
0a6f9c6ddf
[Rule Tuning] Suspicious Execution via Scheduled Task (#2235 )
2022-08-15 21:50:23 +02:00
0f7b29918c
[Rule Tuning] Suspicious Execution via Scheduled Task (#2235 )
2022-08-15 21:50:23 +02:00
96fd9f86a2
[Rule Tuning] Reduce FPs (#2223 )
2022-08-15 16:15:48 +02:00
b89d6185b2
[Rule Tuning] Reduce FPs (#2223 )
2022-08-15 16:15:48 +02:00
a7411d05c4
Locked versions for releases: 7.16,8.0,8.1,8.2,8.3,8.4 (#2236 )
2022-08-10 09:18:59 -04:00
Terrance DeJesus