Commit Graph

Select branches

Hide Pull Requests

main

7.11

ML-Beaconing-20211130-1

ML-Beaconing-20211216-1

ML-DGA-20201111-1

ML-DGA-20201111-2

ML-DGA-20201111-3

ML-DGA-20201118-1

ML-DGA-20201216-1

ML-DGA-20210421-2

ML-DGA-20210421-3

ML-DGA-20210601-3

ML-DGA-20210602-3

ML-DGA-20210604-4

ML-DGA-20210629-5

ML-DGA-20210706-5

ML-HostRiskScore-20210728-1

ML-HostRiskScore-20210803-1

ML-HostRiskScore-20210826-2

ML-HostRiskScore-20211007-3

ML-HostRiskScore-20220210-4

ML-HostRiskScore-20220215-4

ML-HostRiskScore-20220228-5

ML-HostRiskScore-20220404-5

ML-ProblemChild-20210519-1

ML-ProblemChild-20210520-1

ML-ProblemChild-20210526-1

ML-ProblemChild-20210602-1

ML-URLSpoof-20210804-1

ML-URLSpoof-20210805-1

ML-UserRiskScore-20220628-1

ML-UserRiskScore-20220812-2

ML-experimental-detections-20200506-3

ML-experimental-detections-20201028-1

ML-experimental-detections-20201029-1

ML-experimental-detections-20201118-1

ML-experimental-detections-20201209-1

ML-experimental-detections-20201221-2

ML-experimental-detections-20210527-4

ML-experimental-detections-20210602-4

ML-experimental-detections-20210603-5

ML-experimental-detections-20210804-6

ML-experimental-detections-20210805-6

ML-experimental-detections-20211130-7

apr_2025_updates

aug_2025_updates

august_updates

dev-v0.1.0

dev-v0.1.2

dev-v0.1.3

dev-v0.1.4

dev-v0.1.5

dev-v0.1.6

dev-v0.1.7

dev-v0.2.0

dev-v0.2.1

dev-v0.3.0

dev-v0.3.1

dev-v0.3.10

dev-v0.3.11

dev-v0.3.12

dev-v0.3.13

dev-v0.3.14

dev-v0.3.15

dev-v0.3.16

dev-v0.3.17

dev-v0.3.18

dev-v0.3.19

dev-v0.3.2

dev-v0.3.3

dev-v0.3.4

dev-v0.3.5

dev-v0.3.6

dev-v0.3.7

dev-v0.3.8

dev-v0.3.9

dev-v0.4.0

dev-v0.4.1

dev-v0.4.10

dev-v0.4.11

dev-v0.4.12

dev-v0.4.13

dev-v0.4.14

dev-v0.4.15

dev-v0.4.16

dev-v0.4.17

dev-v0.4.18

dev-v0.4.19

dev-v0.4.2

dev-v0.4.20

dev-v0.4.21

dev-v0.4.22

dev-v0.4.23

dev-v0.4.24

dev-v0.4.25

dev-v0.4.26

dev-v0.4.3

dev-v0.4.4

dev-v0.4.5

dev-v0.4.6

dev-v0.4.7

dev-v0.4.8

dev-v0.4.9

dev-v1.0.0

dev-v1.0.1

dev-v1.0.10

dev-v1.0.13

dev-v1.0.14

dev-v1.0.15

dev-v1.0.16

dev-v1.0.17

dev-v1.0.18

dev-v1.0.2

dev-v1.0.3

dev-v1.0.4

dev-v1.0.5

dev-v1.0.6

dev-v1.0.7

dev-v1.0.8

dev-v1.0.9

dev-v1.1.0

dev-v1.1.1

dev-v1.1.2

dev-v1.1.3

dev-v1.1.4

dev-v1.1.5

dev-v1.1.6

dev-v1.1.7

dev-v1.2.0

dev-v1.2.1

dev-v1.2.10

dev-v1.2.11

dev-v1.2.12

dev-v1.2.13

dev-v1.2.14

dev-v1.2.15

dev-v1.2.16

dev-v1.2.17

dev-v1.2.18

dev-v1.2.19

dev-v1.2.2

dev-v1.2.20

dev-v1.2.21

dev-v1.2.22

dev-v1.2.23

dev-v1.2.24

dev-v1.2.25

dev-v1.2.26

dev-v1.2.3

dev-v1.2.4

dev-v1.2.5

dev-v1.2.7

dev-v1.2.8

dev-v1.2.9

dev-v1.3.0

dev-v1.3.1

dev-v1.3.10

dev-v1.3.11

dev-v1.3.12

dev-v1.3.13

dev-v1.3.14

dev-v1.3.15

dev-v1.3.16

dev-v1.3.17

dev-v1.3.18

dev-v1.3.19

dev-v1.3.2

dev-v1.3.20

dev-v1.3.21

dev-v1.3.22

dev-v1.3.23

dev-v1.3.24

dev-v1.3.25

dev-v1.3.26

dev-v1.3.27

dev-v1.3.28

dev-v1.3.29

dev-v1.3.3

dev-v1.3.30

dev-v1.3.31

dev-v1.3.32

dev-v1.3.33

dev-v1.3.4

dev-v1.3.5

dev-v1.3.6

dev-v1.3.7

dev-v1.3.9

dev-v1.4.0

dev-v1.4.1

dev-v1.4.10

dev-v1.4.11

dev-v1.4.12

dev-v1.4.2

dev-v1.4.3

dev-v1.4.4

dev-v1.4.5

dev-v1.4.6

dev-v1.4.7

dev-v1.4.8

dev-v1.4.9

dev-v1.5.0

dev-v1.5.1

dev-v1.5.10

dev-v1.5.11

dev-v1.5.12

dev-v1.5.13

dev-v1.5.14

dev-v1.5.15

dev-v1.5.16

dev-v1.5.17

dev-v1.5.18

dev-v1.5.19

dev-v1.5.2

dev-v1.5.20

dev-v1.5.21

dev-v1.5.22

dev-v1.5.23

dev-v1.5.24

dev-v1.5.25

dev-v1.5.26

dev-v1.5.27

dev-v1.5.28

dev-v1.5.29

dev-v1.5.3

dev-v1.5.31

dev-v1.5.32

dev-v1.5.33

dev-v1.5.34

dev-v1.5.35

dev-v1.5.36

dev-v1.5.37

dev-v1.5.38

dev-v1.5.39

dev-v1.5.4

dev-v1.5.40

dev-v1.5.41

dev-v1.5.42

dev-v1.5.43

dev-v1.5.44

dev-v1.5.45

dev-v1.5.46

dev-v1.5.47

dev-v1.5.48

dev-v1.5.49

dev-v1.5.5

dev-v1.5.50

dev-v1.5.51

dev-v1.5.52

dev-v1.5.53

dev-v1.5.54

dev-v1.5.56

dev-v1.5.6

dev-v1.5.7

dev-v1.5.8

dev-v1.5.9

dev-v1.6.0

dev-v1.6.1

dev-v1.6.10

dev-v1.6.11

dev-v1.6.12

dev-v1.6.13

dev-v1.6.14

dev-v1.6.15

dev-v1.6.16

dev-v1.6.17

dev-v1.6.18

dev-v1.6.19

dev-v1.6.2

dev-v1.6.20

dev-v1.6.21

dev-v1.6.22

dev-v1.6.23

dev-v1.6.24

dev-v1.6.25

dev-v1.6.26

dev-v1.6.28

dev-v1.6.29

dev-v1.6.3

dev-v1.6.30

dev-v1.6.31

dev-v1.6.32

dev-v1.6.4

dev-v1.6.5

dev-v1.6.6

dev-v1.6.7

dev-v1.6.8

dev-v1.6.9

dev7.10-ML-DGA-v0.1.0

dev7.10-ML-DGA-v0.1.0.zip

dev7.10-abc-v0.1.0

feb_2025_updates

integration-v0.13.1

integration-v0.13.2

integration-v0.13.3

integration-v0.14.1

integration-v0.14.2

integration-v0.14.3

integration-v0.16.1

integration-v0.16.2

integration-v1.0.1

integration-v1.0.2

integration-v7.16.3

integration-v7.16.4

integration-v7.16.5

integration-v8.1.1

integration-v8.10.1

integration-v8.10.10

integration-v8.10.11

integration-v8.10.12

integration-v8.10.13

integration-v8.10.14

integration-v8.10.15

integration-v8.10.16

integration-v8.10.17

integration-v8.10.18

integration-v8.10.2

integration-v8.10.3

integration-v8.10.4

integration-v8.10.5

integration-v8.10.6

integration-v8.10.7

integration-v8.10.8

integration-v8.10.9

integration-v8.11.1

integration-v8.11.10

integration-v8.11.11

integration-v8.11.12

integration-v8.11.13

integration-v8.11.14

integration-v8.11.15

integration-v8.11.16

integration-v8.11.17

integration-v8.11.18

integration-v8.11.19

integration-v8.11.2

integration-v8.11.20

integration-v8.11.21

Mono Color

• cf1cdb1791 update description (#2149) Mika Ayenson 2022-07-22 17:12:41 -04:00
• f07c72254d update description (#2149) Mika Ayenson 2022-07-22 17:12:41 -04:00
• 2a160e0106 [Rule Tuning] Remote SSH Login Enabled via systemsetup Command (#2147) Mika Ayenson 2022-07-22 17:10:09 -04:00
• b3334941f9 [Rule Tuning] Remote SSH Login Enabled via systemsetup Command (#2147) Mika Ayenson 2022-07-22 17:10:09 -04:00
• 53e035a91f exclude google drive FP (#2145) Mika Ayenson 2022-07-22 17:00:00 -04:00
• 84104773a6 exclude google drive FP (#2145) Mika Ayenson 2022-07-22 17:00:00 -04:00
• 5e21144896 [Rule Tuning] Suspicious Automator Workflows Execution (#2142) Mika Ayenson 2022-07-22 16:50:45 -04:00
• 44ae72d054 [Rule Tuning] Suspicious Automator Workflows Execution (#2142) Mika Ayenson 2022-07-22 16:50:45 -04:00
• f6ed0dcf7e update tags to include C2 tactic (#2140) Mika Ayenson 2022-07-22 16:39:25 -04:00
• f176b5ef57 update tags to include C2 tactic (#2140) Mika Ayenson 2022-07-22 16:39:25 -04:00
• 3be3902038 [Rule Tuning] Remove File Quarantine Attribute (#2129) Colson Wilhoit 2022-07-22 15:25:12 -05:00
• d6527afd51 [Rule Tuning] Remove File Quarantine Attribute (#2129) Colson Wilhoit 2022-07-22 15:25:12 -05:00
• db6ff5588c [Rule Tuning] Enumeration of Users or Groups via Built-in Commands (#2136) Mika Ayenson 2022-07-22 16:16:27 -04:00
• 1e28385ea4 [Rule Tuning] Enumeration of Users or Groups via Built-in Commands (#2136) Mika Ayenson 2022-07-22 16:16:27 -04:00
• ca898d0680 [Rule Tuning] Potential Privacy Control Bypass via TCCDB Modification (#2121) Mika Ayenson 2022-07-22 16:07:41 -04:00
• d2be29b226 [Rule Tuning] Potential Privacy Control Bypass via TCCDB Modification (#2121) Mika Ayenson 2022-07-22 16:07:41 -04:00
• f1af12e81b [Rule Tuning] Modification of Environment Variable via Launchctl (#2119) Mika Ayenson 2022-07-22 16:03:46 -04:00
• cefb84ae15 [Rule Tuning] Modification of Environment Variable via Launchctl (#2119) Mika Ayenson 2022-07-22 16:03:46 -04:00
• 61d671a1a6 [Rule Tuning] Missing MITRE ATT&CK Mappings (#2073) Terrance DeJesus 2022-07-22 14:30:34 -04:00
• 141b00ec41 [Rule Tuning] Missing MITRE ATT&CK Mappings (#2073) Terrance DeJesus 2022-07-22 14:30:34 -04:00
• e8c39d19a7 [Rule Tuning] Missing MITRE ATT&CK Mappings (#2073) Terrance DeJesus 2022-07-22 14:30:34 -04:00
• c12b3dcf50 [Rule Tuning] Attempt to Remove File Quarantine Attribute (#2117) Mika Ayenson 2022-07-22 14:26:48 -04:00
• cd11001fe8 [Rule Tuning] Attempt to Remove File Quarantine Attribute (#2117) Mika Ayenson 2022-07-22 14:26:48 -04:00
• 5c5f49a96c [Rule Tuning] Kerberos Cached Credentials Dumping (#2103) Mika Ayenson 2022-07-22 14:19:04 -04:00
• c1c83a536c [Rule Tuning] Kerberos Cached Credentials Dumping (#2103) Mika Ayenson 2022-07-22 14:19:04 -04:00
• 6e98740a90 [Rule Tuning] Access to Keychain Credentials Directories (#2101) Mika Ayenson 2022-07-22 14:14:12 -04:00
• a9de227cfa [Rule Tuning] Access to Keychain Credentials Directories (#2101) Mika Ayenson 2022-07-22 14:14:12 -04:00
• 75560f96ec [Rule Tuning] Access of Stored Browser Credentials (#2098) Mika Ayenson 2022-07-22 13:57:59 -04:00
• aaf9a708ae [Rule Tuning] Access of Stored Browser Credentials (#2098) Mika Ayenson 2022-07-22 13:57:59 -04:00
• cf4b6e6e1e [Security Content] Add Investigation Guides - Cloud - 2 (#2124) Jonhnathan 2022-07-22 14:32:42 -03:00
• 7ddae4b493 [Security Content] Add Investigation Guides - Cloud - 2 (#2124) Jonhnathan 2022-07-22 14:32:42 -03:00
• 7909fb47a0 [New Rule] Hidden so file (#2131) Colson Wilhoit 2022-07-22 11:37:47 -05:00
• 98d93bc21e [New Rule] Hidden so file (#2131) Colson Wilhoit 2022-07-22 11:37:47 -05:00
• 25493a90c9 [New Rule] Suspicious HTML File Creation (#2068) Samirbous 2022-07-22 16:21:53 +02:00
• d312f49117 [New Rule] Suspicious HTML File Creation (#2068) Samirbous 2022-07-22 16:21:53 +02:00
• fc26e83bfb removed googlecloud.audit from event datasets (#2105) Terrance DeJesus 2022-07-21 12:11:15 -04:00
• 9cefd88b90 removed googlecloud.audit from event datasets (#2105) Terrance DeJesus 2022-07-21 12:11:15 -04:00
• dd5501d167 [Rule Tuning] GCP Firewall Rules Should Include App Engine (#2107) Terrance DeJesus 2022-07-21 11:56:28 -04:00
• 5ff3844fbe [Rule Tuning] GCP Firewall Rules Should Include App Engine (#2107) Terrance DeJesus 2022-07-21 11:56:28 -04:00
• edef90b3ec [Security Content] Add Investigation Guides to Cloud Rules - AWS (#2104) Jonhnathan 2022-07-20 12:28:58 -03:00
• d854b943e5 [Security Content] Add Investigation Guides to Cloud Rules - AWS (#2104) Jonhnathan 2022-07-20 12:28:58 -03:00
• 900a8cdbe9 [New Rule] Suspicious LSASS Access via MalSecLogon (#2063) Samirbous 2022-07-20 16:30:19 +02:00
• 59736e3973 [New Rule] Suspicious LSASS Access via MalSecLogon (#2063) Samirbous 2022-07-20 16:30:19 +02:00
• c010acb175 [Rule Tuning] Elastic Agent Service Terminated (#2112) Jonhnathan 2022-07-19 13:33:52 -03:00
• 1276f98a70 [Rule Tuning] Elastic Agent Service Terminated (#2112) Jonhnathan 2022-07-19 13:33:52 -03:00
• 9951ee66e5 2058 add setup field to metadata (#2061) Mika Ayenson 2022-07-18 15:41:32 -04:00
• ec17d0b54d 2058 add setup field to metadata (#2061) Mika Ayenson 2022-07-18 15:41:32 -04:00
• 62298d92f4 2058 add setup field to metadata (#2061) Mika Ayenson 2022-07-18 15:41:32 -04:00
• c2bcfc575f [New Rule] Elastic Agent Stopped (#1991) Terrance DeJesus 2022-05-25 13:16:21 -04:00
• a52751494e 2058 add setup field to metadata (#2061) Mika Ayenson 2022-07-18 15:41:32 -04:00
• 4235b5d798 [New Rule] Dynamic Linker Copy (#2099) Colson Wilhoit 2022-07-13 10:17:46 -05:00
• 9995558b2a [New Rule] Dynamic Linker Copy (#2099) Colson Wilhoit 2022-07-13 10:17:46 -05:00
• 4913be81e0 [New Rule] Tc BPF Filter (#2091) Colson Wilhoit 2022-07-13 09:41:46 -05:00
• 58ad0823ca [New Rule] Tc BPF Filter (#2091) Colson Wilhoit 2022-07-13 09:41:46 -05:00
• d8ee4473a2 [Security Content] 8.4 - Add Investigation Guides (#2069) Jonhnathan 2022-07-13 11:28:34 -03:00
• 3a8efc8183 [Security Content] 8.4 - Add Investigation Guides (#2069) Jonhnathan 2022-07-13 11:28:34 -03:00
• 3e73a3c60a [New Rule] Insmod kernel module load (#2093) Colson Wilhoit 2022-07-13 09:22:21 -05:00
• d7d0466344 [New Rule] Insmod kernel module load (#2093) Colson Wilhoit 2022-07-13 09:22:21 -05:00
• e241df5d76 [Rule Tuning] Potential Reverse Shell Activity via Terminal (#2077) Terrance DeJesus 2022-07-12 22:33:38 -04:00
• 7581234fe8 [Rule Tuning] Potential Reverse Shell Activity via Terminal (#2077) Terrance DeJesus 2022-07-12 22:33:38 -04:00
• 06ce0015df Add new required_fields as a build-time restricted field (#2059) Mika Ayenson 2022-07-06 11:49:44 -04:00
• c76a397969 Add new required_fields as a build-time restricted field (#2059) Mika Ayenson 2022-07-06 11:49:44 -04:00
• de2a90090c [New Rule] Domain Trust Enumeration via Nltest (#2010) Terrance DeJesus 2022-07-05 10:48:25 -04:00
• 329530c8c3 [New Rule] Domain Trust Enumeration via Nltest (#2010) Terrance DeJesus 2022-07-05 10:48:25 -04:00
• 45e804f3e5 Fixing doc bugs reported by QA. (#2065) Janeen Mikell-Straughn 2022-06-30 15:59:48 -04:00
• 13c63ceaef Fixing doc bugs reported by QA. (#2065) Janeen Mikell-Straughn 2022-06-30 15:59:48 -04:00
• 8011420e71 Update discovery_privileged_localgroup_membership.toml (#2046) Jonhnathan 2022-06-30 14:26:17 -03:00
• 853f8db8d0 Update discovery_privileged_localgroup_membership.toml (#2046) Jonhnathan 2022-06-30 14:26:17 -03:00
• b47e763949 user risk score docs (#2055) Craig Chamberlain 2022-06-28 11:52:38 -04:00
• 1bb2273c0c user risk score docs (#2055) Craig Chamberlain 2022-06-28 11:52:38 -04:00
• cf952854d6 test automatically prevent future merges when a backport fails (#1909) Mika Ayenson 2022-06-23 14:59:25 -04:00
• 179a3bd284 Add support for restricted fields (#2053) Justin Ibarra 2022-06-27 10:02:15 -05:00
• cc01d3fb1a Add support for restricted fields (#2053) ML-UserRiskScore-20220628-1 Justin Ibarra 2022-06-27 10:02:15 -05:00
• eb6deea9ac Update cli documentation for search-alerts (#2051) Mika Ayenson 2022-06-24 09:58:58 -04:00
• 4ef1a1a627 Update cli documentation for search-alerts (#2051) Mika Ayenson 2022-06-24 09:58:58 -04:00
• 3f6be4155c test automatically prevent future merges when a backport fails (#1909) Mika Ayenson 2022-06-23 14:59:25 -04:00
• 6c5e101e6f test automatically prevent future merges when a backport fails (#1909) Mika Ayenson 2022-06-23 14:59:25 -04:00
• 4fdd978183 test automatically prevent future merges when a backport fails (#1909) Mika Ayenson 2022-06-23 14:59:25 -04:00
• fafe1e0ab6 Locked versions for releases: 7.16,8.0,8.1,8.2,8.3 (#2041) integration-v7.16.3 github-actions[bot] 2022-06-17 11:44:07 -04:00
• fd9c9f8abf Locked versions for releases: 7.16,8.0,8.1,8.2,8.3 (#2041) github-actions[bot] 2022-06-17 11:44:07 -04:00
• 73d68392cc Locked versions for releases: 7.16,8.0,8.1,8.2,8.3 integration-v8.1.1 terrancedejesus 2022-06-16 13:32:55 +00:00
• 69237c4ed2 [Rule tuning] existing strace activity rule. (#2028) shashank-elastic 2022-06-16 17:18:48 +05:30
• 2ee23bd80f [Rule tuning] existing strace activity rule. (#2028) shashank-elastic 2022-06-16 17:18:48 +05:30
• 0973ac07ef Update discovery_remote_system_discovery_commands_windows.toml (#2033) Jonhnathan 2022-06-14 10:50:59 -03:00
• c8ff1dc9cb Update discovery_remote_system_discovery_commands_windows.toml (#2033) Jonhnathan 2022-06-14 10:50:59 -03:00
• fa5fc6094e [New Rule] Kubernetes execution_user_exec_to_pod (#1979) Isai 2022-06-09 17:52:45 -04:00
• 63fda01fdd [New Rule] Kubernetes execution_user_exec_to_pod (#1979) Isai 2022-06-09 17:52:45 -04:00
• 8564185a7d [Bug] resolves bug in Rule version methods (#2021) Justin Ibarra 2022-06-07 15:40:46 -08:00
• 744f56d98e [Bug] resolves bug in Rule version methods (#2021) Justin Ibarra 2022-06-07 15:40:46 -08:00
• 57194b8e59 [Rule Tuning] M365 - Remove event.outcome condition from Auth Events (#2004) Jonhnathan 2022-06-03 14:24:14 -03:00
• 3aa53fc6c5 [Rule Tuning] M365 - Remove event.outcome condition from Auth Events (#2004) Jonhnathan 2022-06-03 14:24:14 -03:00
• 835b342a43 Update persistence_sdprop_exclusion_dsheuristics.toml (#2017) Jonhnathan 2022-06-03 14:22:04 -03:00
• b6631f200e Update persistence_sdprop_exclusion_dsheuristics.toml (#2017) Jonhnathan 2022-06-03 14:22:04 -03:00
• a51d251e05 Adds logs-system.* index pattern (#2016) Jonhnathan 2022-06-03 13:56:54 -03:00
• f857e009c5 Adds logs-system.* index pattern (#2016) Jonhnathan 2022-06-03 13:56:54 -03:00
• c16442517e [Bug] Fix test_matrix_to_lock_version_defaults test (#2014) Justin Ibarra 2022-06-02 16:34:54 -08:00
• e850f39526 [Bug] Fix test_matrix_to_lock_version_defaults test (#2014) Justin Ibarra 2022-06-02 16:34:54 -08:00
• 3a1a5fe12b Collapse unsupported previous version entries (#2013) Justin Ibarra 2022-06-02 15:18:12 -08:00
• f57950a3c9 Collapse unsupported previous version entries (#2013) Justin Ibarra 2022-06-02 15:18:12 -08:00
• 220996b1b8 Prep for Creation of 8.4 Branch (#2001) Terrance DeJesus 2022-06-02 14:59:18 -04:00