Commit Graph

Select branches

Hide Pull Requests

main

7.11

ML-Beaconing-20211130-1

ML-Beaconing-20211216-1

ML-DGA-20201111-1

ML-DGA-20201111-2

ML-DGA-20201111-3

ML-DGA-20201118-1

ML-DGA-20201216-1

ML-DGA-20210421-2

ML-DGA-20210421-3

ML-DGA-20210601-3

ML-DGA-20210602-3

ML-DGA-20210604-4

ML-DGA-20210629-5

ML-DGA-20210706-5

ML-HostRiskScore-20210728-1

ML-HostRiskScore-20210803-1

ML-HostRiskScore-20210826-2

ML-HostRiskScore-20211007-3

ML-HostRiskScore-20220210-4

ML-HostRiskScore-20220215-4

ML-HostRiskScore-20220228-5

ML-HostRiskScore-20220404-5

ML-ProblemChild-20210519-1

ML-ProblemChild-20210520-1

ML-ProblemChild-20210526-1

ML-ProblemChild-20210602-1

ML-URLSpoof-20210804-1

ML-URLSpoof-20210805-1

ML-UserRiskScore-20220628-1

ML-UserRiskScore-20220812-2

ML-experimental-detections-20200506-3

ML-experimental-detections-20201028-1

ML-experimental-detections-20201029-1

ML-experimental-detections-20201118-1

ML-experimental-detections-20201209-1

ML-experimental-detections-20201221-2

ML-experimental-detections-20210527-4

ML-experimental-detections-20210602-4

ML-experimental-detections-20210603-5

ML-experimental-detections-20210804-6

ML-experimental-detections-20210805-6

ML-experimental-detections-20211130-7

apr_2025_updates

aug_2025_updates

august_updates

dev-v0.1.0

dev-v0.1.2

dev-v0.1.3

dev-v0.1.4

dev-v0.1.5

dev-v0.1.6

dev-v0.1.7

dev-v0.2.0

dev-v0.2.1

dev-v0.3.0

dev-v0.3.1

dev-v0.3.10

dev-v0.3.11

dev-v0.3.12

dev-v0.3.13

dev-v0.3.14

dev-v0.3.15

dev-v0.3.16

dev-v0.3.17

dev-v0.3.18

dev-v0.3.19

dev-v0.3.2

dev-v0.3.3

dev-v0.3.4

dev-v0.3.5

dev-v0.3.6

dev-v0.3.7

dev-v0.3.8

dev-v0.3.9

dev-v0.4.0

dev-v0.4.1

dev-v0.4.10

dev-v0.4.11

dev-v0.4.12

dev-v0.4.13

dev-v0.4.14

dev-v0.4.15

dev-v0.4.16

dev-v0.4.17

dev-v0.4.18

dev-v0.4.19

dev-v0.4.2

dev-v0.4.20

dev-v0.4.21

dev-v0.4.22

dev-v0.4.23

dev-v0.4.24

dev-v0.4.25

dev-v0.4.26

dev-v0.4.3

dev-v0.4.4

dev-v0.4.5

dev-v0.4.6

dev-v0.4.7

dev-v0.4.8

dev-v0.4.9

dev-v1.0.0

dev-v1.0.1

dev-v1.0.10

dev-v1.0.13

dev-v1.0.14

dev-v1.0.15

dev-v1.0.16

dev-v1.0.17

dev-v1.0.18

dev-v1.0.2

dev-v1.0.3

dev-v1.0.4

dev-v1.0.5

dev-v1.0.6

dev-v1.0.7

dev-v1.0.8

dev-v1.0.9

dev-v1.1.0

dev-v1.1.1

dev-v1.1.2

dev-v1.1.3

dev-v1.1.4

dev-v1.1.5

dev-v1.1.6

dev-v1.1.7

dev-v1.2.0

dev-v1.2.1

dev-v1.2.10

dev-v1.2.11

dev-v1.2.12

dev-v1.2.13

dev-v1.2.14

dev-v1.2.15

dev-v1.2.16

dev-v1.2.17

dev-v1.2.18

dev-v1.2.19

dev-v1.2.2

dev-v1.2.20

dev-v1.2.21

dev-v1.2.22

dev-v1.2.23

dev-v1.2.24

dev-v1.2.25

dev-v1.2.26

dev-v1.2.3

dev-v1.2.4

dev-v1.2.5

dev-v1.2.7

dev-v1.2.8

dev-v1.2.9

dev-v1.3.0

dev-v1.3.1

dev-v1.3.10

dev-v1.3.11

dev-v1.3.12

dev-v1.3.13

dev-v1.3.14

dev-v1.3.15

dev-v1.3.16

dev-v1.3.17

dev-v1.3.18

dev-v1.3.19

dev-v1.3.2

dev-v1.3.20

dev-v1.3.21

dev-v1.3.22

dev-v1.3.23

dev-v1.3.24

dev-v1.3.25

dev-v1.3.26

dev-v1.3.27

dev-v1.3.28

dev-v1.3.29

dev-v1.3.3

dev-v1.3.30

dev-v1.3.31

dev-v1.3.32

dev-v1.3.33

dev-v1.3.4

dev-v1.3.5

dev-v1.3.6

dev-v1.3.7

dev-v1.3.9

dev-v1.4.0

dev-v1.4.1

dev-v1.4.10

dev-v1.4.11

dev-v1.4.12

dev-v1.4.2

dev-v1.4.3

dev-v1.4.4

dev-v1.4.5

dev-v1.4.6

dev-v1.4.7

dev-v1.4.8

dev-v1.4.9

dev-v1.5.0

dev-v1.5.1

dev-v1.5.10

dev-v1.5.11

dev-v1.5.12

dev-v1.5.13

dev-v1.5.14

dev-v1.5.15

dev-v1.5.16

dev-v1.5.17

dev-v1.5.18

dev-v1.5.19

dev-v1.5.2

dev-v1.5.20

dev-v1.5.21

dev-v1.5.22

dev-v1.5.23

dev-v1.5.24

dev-v1.5.25

dev-v1.5.26

dev-v1.5.27

dev-v1.5.28

dev-v1.5.29

dev-v1.5.3

dev-v1.5.31

dev-v1.5.32

dev-v1.5.33

dev-v1.5.34

dev-v1.5.35

dev-v1.5.36

dev-v1.5.37

dev-v1.5.38

dev-v1.5.39

dev-v1.5.4

dev-v1.5.40

dev-v1.5.41

dev-v1.5.42

dev-v1.5.43

dev-v1.5.44

dev-v1.5.45

dev-v1.5.46

dev-v1.5.47

dev-v1.5.48

dev-v1.5.49

dev-v1.5.5

dev-v1.5.50

dev-v1.5.51

dev-v1.5.52

dev-v1.5.53

dev-v1.5.54

dev-v1.5.56

dev-v1.5.6

dev-v1.5.7

dev-v1.5.8

dev-v1.5.9

dev-v1.6.0

dev-v1.6.1

dev-v1.6.10

dev-v1.6.11

dev-v1.6.12

dev-v1.6.13

dev-v1.6.14

dev-v1.6.15

dev-v1.6.16

dev-v1.6.17

dev-v1.6.18

dev-v1.6.19

dev-v1.6.2

dev-v1.6.20

dev-v1.6.21

dev-v1.6.22

dev-v1.6.23

dev-v1.6.24

dev-v1.6.25

dev-v1.6.26

dev-v1.6.28

dev-v1.6.29

dev-v1.6.3

dev-v1.6.30

dev-v1.6.31

dev-v1.6.32

dev-v1.6.4

dev-v1.6.5

dev-v1.6.6

dev-v1.6.7

dev-v1.6.8

dev-v1.6.9

dev7.10-ML-DGA-v0.1.0

dev7.10-ML-DGA-v0.1.0.zip

dev7.10-abc-v0.1.0

feb_2025_updates

integration-v0.13.1

integration-v0.13.2

integration-v0.13.3

integration-v0.14.1

integration-v0.14.2

integration-v0.14.3

integration-v0.16.1

integration-v0.16.2

integration-v1.0.1

integration-v1.0.2

integration-v7.16.3

integration-v7.16.4

integration-v7.16.5

integration-v8.1.1

integration-v8.10.1

integration-v8.10.10

integration-v8.10.11

integration-v8.10.12

integration-v8.10.13

integration-v8.10.14

integration-v8.10.15

integration-v8.10.16

integration-v8.10.17

integration-v8.10.18

integration-v8.10.2

integration-v8.10.3

integration-v8.10.4

integration-v8.10.5

integration-v8.10.6

integration-v8.10.7

integration-v8.10.8

integration-v8.10.9

integration-v8.11.1

integration-v8.11.10

integration-v8.11.11

integration-v8.11.12

integration-v8.11.13

integration-v8.11.14

integration-v8.11.15

integration-v8.11.16

integration-v8.11.17

integration-v8.11.18

integration-v8.11.19

integration-v8.11.2

integration-v8.11.20

integration-v8.11.21

Mono Color

• ebeb270075 [Security Content] Current Investigation Guides Review (#1896) Jonhnathan 2022-04-12 22:05:13 -03:00
• 77ceccf49e [Security Content] Add Investigation Guides - 5 (#1895) Jonhnathan 2022-04-12 21:12:59 -03:00
• 03677ca4e8 [Security Content] Add Investigation Guides - 5 (#1895) Jonhnathan 2022-04-12 21:12:59 -03:00
• 46f5af436e [Security Content] Add Investigation Guides - 5 (#1895) Jonhnathan 2022-04-12 21:12:59 -03:00
• 9c15f99d99 [Security Content] Add Investigation Guides - 3 (#1836) Jonhnathan 2022-04-12 20:58:50 -03:00
• 7fdf870d31 [Security Content] Add Investigation Guides - 3 (#1836) Jonhnathan 2022-04-12 20:58:50 -03:00
• 3a5fceac3b [Security Content] Add Investigation Guides - 3 (#1836) Jonhnathan 2022-04-12 20:58:50 -03:00
• a80bc6da9a Remove deprecated elasticsearch parameter (#1913) Justin Ibarra 2022-04-12 12:06:11 -08:00
• a911907422 Remove deprecated elasticsearch parameter (#1913) Justin Ibarra 2022-04-12 12:06:11 -08:00
• b3e789a202 Remove deprecated elasticsearch parameter (#1913) Justin Ibarra 2022-04-12 12:06:11 -08:00
• 5294bca91d Update discovery_net_command_system_account.toml (#1912) Jonhnathan 2022-04-11 15:03:49 -03:00
• deed08b896 Update discovery_net_command_system_account.toml (#1912) Jonhnathan 2022-04-11 15:03:49 -03:00
• 3b6c594a22 Update discovery_net_command_system_account.toml (#1912) Jonhnathan 2022-04-11 15:03:49 -03:00
• 8b3d4f6691 [Rule Tuning] AWS RDS Instance/Cluster Deletion (#1916) Isai 2022-04-10 15:33:33 -04:00
• dfa41821ef [Rule Tuning] AWS RDS Instance/Cluster Deletion (#1916) Isai 2022-04-10 15:33:33 -04:00
• 9640ecb3fe [Rule Tuning] AWS RDS Instance/Cluster Deletion (#1916) Isai 2022-04-10 15:33:33 -04:00
• 3d838c2e7f [Security Content] Add Investigation Guides - 4 (#1871) Jonhnathan 2022-04-10 15:37:06 -03:00
• 3c503f7c95 [Security Content] Add Investigation Guides - 4 (#1871) Jonhnathan 2022-04-10 15:37:06 -03:00
• 290763d9bb [Security Content] Add Investigation Guides - 4 (#1871) Jonhnathan 2022-04-10 15:37:06 -03:00
• 2a48335813 [Rule Tuning] AWS Security Group Configuration Change Detection (#1915) Isai 2022-04-07 14:47:09 -04:00
• b3e51520c4 [Rule Tuning] AWS Security Group Configuration Change Detection (#1915) Isai 2022-04-07 14:47:09 -04:00
• 5073ef8be7 [Rule Tuning] AWS Security Group Configuration Change Detection (#1915) Isai 2022-04-07 14:47:09 -04:00
• 1b32a137f7 Update elasticsearch dependency to 8.1 (#1911) Justin Ibarra 2022-04-06 11:52:22 -08:00
• bd5ada51e3 Update elasticsearch dependency to 8.1 (#1911) Justin Ibarra 2022-04-06 11:52:22 -08:00
• ad99c6b489 Update elasticsearch dependency to 8.1 (#1911) Justin Ibarra 2022-04-06 11:52:22 -08:00
• c31d5ffd32 [Rule Tuning] Add EQL optional field syntax (#1910) Jonhnathan 2022-04-05 16:32:37 -03:00
• c425d98de1 [Rule Tuning] Add EQL optional field syntax (#1910) Jonhnathan 2022-04-05 16:32:37 -03:00
• 49074ddeaa [Rule Tuning] Add EQL optional field syntax (#1910) Jonhnathan 2022-04-05 16:32:37 -03:00
• 3311168e28 Expand timestamp override tests (#1907) Justin Ibarra 2022-04-01 15:27:08 -08:00
• eeb8ab7744 Expand timestamp override tests (#1907) Justin Ibarra 2022-04-01 15:27:08 -08:00
• 6bdfddac8e Expand timestamp override tests (#1907) ML-HostRiskScore-20220404-5 Justin Ibarra 2022-04-01 15:27:08 -08:00
• 4d9124aaf7 Prep for Creation of 8.3 Branch (#1906) Terrance DeJesus 2022-04-01 17:33:18 -04:00
• 2edb1e0ee7 Prep for Creation of 8.3 Branch (#1906) Terrance DeJesus 2022-04-01 17:33:18 -04:00
• 648daf1237 Prep for Creation of 8.3 Branch (#1906) Terrance DeJesus 2022-04-01 17:33:18 -04:00
• 93edc44284 [Rule Tuning] Timeline Templates For Windows and Linux (#1892) Terrance DeJesus 2022-04-01 13:44:35 -04:00
• 16fa48b56d added comprehensive timeline template definitions (#1905) Terrance DeJesus 2022-04-01 12:51:54 -04:00
• 1ca68f9d85 added comprehensive timeline template definitions (#1905) Terrance DeJesus 2022-04-01 12:51:54 -04:00
• e72031a71a added comprehensive timeline template definitions (#1905) Terrance DeJesus 2022-04-01 12:51:54 -04:00
• c3b7dc58b0 Svchost spawning Cmd - False Positives Tuning (#1894) Jonhnathan 2022-03-31 19:28:46 -03:00
• 8d322f40c0 Svchost spawning Cmd - False Positives Tuning (#1894) Jonhnathan 2022-03-31 19:28:46 -03:00
• e1b4a0d87c Svchost spawning Cmd - False Positives Tuning (#1894) Jonhnathan 2022-03-31 19:28:46 -03:00
• a078da877b [Security Content] Adjust Investigation Guides to be less generic (#1805) Jonhnathan 2022-03-31 11:29:30 -03:00
• 4ed2fbe932 [Security Content] Adjust Investigation Guides to be less generic (#1805) Jonhnathan 2022-03-31 11:29:30 -03:00
• 8a59b49fea [Security Content] Adjust Investigation Guides to be less generic (#1805) Jonhnathan 2022-03-31 11:29:30 -03:00
• 2ad8b32ce2 [Security Content] Add Investigation Guides - 2 (#1822) Jonhnathan 2022-03-30 14:43:55 -03:00
• 5a263b253d [Security Content] Add Investigation Guides - 2 (#1822) Jonhnathan 2022-03-30 14:43:55 -03:00
• a3d7427d29 [Security Content] Add Investigation Guides - 2 (#1822) Jonhnathan 2022-03-30 14:43:55 -03:00
• b67a0f6602 Linux Shell Evasion Rule Tuning (#1878) Colson Wilhoit 2022-03-29 09:16:21 -05:00
• 150ff0502e Linux Shell Evasion Rule Tuning (#1878) Colson Wilhoit 2022-03-29 09:16:21 -05:00
• 1dc901ba09 reset evasion rules (#1902) Justin Ibarra 2022-03-29 15:47:48 -08:00
• 5214209f8d reset evasion rules (#1902) Justin Ibarra 2022-03-29 15:47:48 -08:00
• 44facd7c2a reset linux evasion rules (#1901) Justin Ibarra 2022-03-29 15:23:08 -08:00
• bd228ae2fb Re-add c89 rules (#1900) Justin Ibarra 2022-03-29 15:01:48 -08:00
• 8d09bca633 Re-add c89 rules (#1900) Justin Ibarra 2022-03-29 15:01:48 -08:00
• 507a23ba01 temp remove rule to readd with backport (#1898) Justin Ibarra 2022-03-29 14:52:04 -08:00
• bcec8a4479 Linux Shell Evasion Rule Tuning (#1878) Colson Wilhoit 2022-03-29 09:16:21 -05:00
• bec28db01c Description updation across multiple rules (#1893) shashank-elastic 2022-03-28 22:54:37 +05:30
• fb40a4a8c7 Description updation across multiple rules (#1893) shashank-elastic 2022-03-28 22:54:37 +05:30
• 941b85bcdf Add Jamf Connect exception for macOS users enumeration rule (#1891) Damià Poquet Femenia 2022-03-28 18:13:28 +02:00
• 9ad3d39a32 Add Jamf Connect exception for macOS users enumeration rule (#1891) Damià Poquet Femenia 2022-03-28 18:13:28 +02:00
• dd65a325af Adding path as stated in #1812 (#1889) Stijn Holzhauer 2022-03-27 13:07:38 +02:00
• 3d4eaf4caf Adding path as stated in #1812 (#1889) Stijn Holzhauer 2022-03-27 13:07:38 +02:00
• 0f545def6e [New Rule] Account configured with never Expiring Password (#1790) Jonhnathan 2022-03-26 08:19:28 -03:00
• 940689576d [New Rule] Account configured with never Expiring Password (#1790) Jonhnathan 2022-03-26 08:19:28 -03:00
• 3622584cf3 Add kibana-update and fleet-release templates (#1887) Justin Ibarra 2022-03-25 23:44:35 -08:00
• cbeb767156 Add kibana-update and fleet-release templates (#1887) Justin Ibarra 2022-03-25 23:44:35 -08:00
• 3d088787d2 remove update templates Justin Ibarra 2022-03-25 23:36:40 -08:00
• a843337350 Add kibana-update and fleet-release issue tempaltes Justin Ibarra 2022-03-25 23:21:12 -08:00
• be8ef24c5f Add type to deprecated rules in version.lock (#1881) Justin Ibarra 2022-03-24 17:42:13 -08:00
• d71154b272 Add type to deprecated rules in version.lock (#1881) Justin Ibarra 2022-03-24 17:42:13 -08:00
• 22945ed97b [Bug] Fix bug in version_lock.py (#1880) Justin Ibarra 2022-03-24 15:41:16 -08:00
• 17ef6c558c [Bug] Fix bug in version_lock.py (#1880) Justin Ibarra 2022-03-24 15:41:16 -08:00
• 14a55aed05 [Security Content] Add Investigation Guides (#1799) Jonhnathan 2022-03-24 18:16:00 -03:00
• cdb3dd6dbe [Security Content] Add Investigation Guides (#1799) Jonhnathan 2022-03-24 18:16:00 -03:00
• c2d4ec90cc flock shell evasion threat (#1863) shashank-elastic 2022-03-25 02:22:18 +05:30
• 3474f8c8e4 flock shell evasion threat (#1863) shashank-elastic 2022-03-25 02:22:18 +05:30
• 42c6e68cc3 vim shell evasion threat (#1865) shashank-elastic 2022-03-25 02:07:20 +05:30
• 152477904f vim shell evasion threat (#1865) shashank-elastic 2022-03-25 02:07:20 +05:30
• 37419d94e7 Prevent changes to rule type for locked rules (#1855) Justin Ibarra 2022-03-24 11:56:27 -08:00
• 11ec9c230e Prevent changes to rule type for locked rules (#1855) Justin Ibarra 2022-03-24 11:56:27 -08:00
• 742c3c49c8 [Bug] Version bump with previous (#1870) Justin Ibarra 2022-03-24 11:12:06 -08:00
• f4c94af994 [Bug] Version bump with previous (#1870) Justin Ibarra 2022-03-24 11:12:06 -08:00
• 4e97631893 1554 update eql schemas to fail validation on text fields (#1866) Mika Ayenson 2022-03-23 16:22:26 -04:00
• 1f015ebe85 1554 update eql schemas to fail validation on text fields (#1866) Mika Ayenson 2022-03-23 16:22:26 -04:00
• 8282d34781 [New Rule] User account exposed to Kerberoasting (#1789) Jonhnathan 2022-03-23 16:31:47 -03:00
• df7bed4408 [New Rule] User account exposed to Kerberoasting (#1789) Jonhnathan 2022-03-23 16:31:47 -03:00
• cfa5bafb79 [New Rule] Suspicious Remote Registry Access via SeBackupPrivilege (#1783) Samirbous 2022-03-23 19:42:03 +01:00
• c254d0de8b [New Rule] Suspicious Remote Registry Access via SeBackupPrivilege (#1783) Samirbous 2022-03-23 19:42:03 +01:00
• 5bc3d1e2d5 [New Rule] Okta User Session Impersonation (#1867) Justin Ibarra 2022-03-22 16:11:29 -08:00
• 46c2383e5b [New Rule] Okta User Session Impersonation (#1867) Justin Ibarra 2022-03-22 16:11:29 -08:00
• 99597a2ed2 [Rule Tuning] Adding event.provider to AWS WAF Rule or Rule Group Deletion (#1833) Stijn Holzhauer 2022-03-23 00:36:53 +01:00
• 2ed97d2e8c [Rule Tuning] Adding event.provider to AWS WAF Rule or Rule Group Deletion (#1833) Stijn Holzhauer 2022-03-23 00:36:53 +01:00
• bbf92cec94 crash shell evasion threat (#1861) shashank-elastic 2022-03-22 18:46:05 +05:30
• 22367d3702 crash shell evasion threat (#1861) shashank-elastic 2022-03-22 18:46:05 +05:30
• d4c426a022 [New Rule] cpulimit shell evasion threat (#1851) shashank-elastic 2022-03-21 22:46:53 +05:30
• 2ab5a1f44a [New Rule] cpulimit shell evasion threat (#1851) shashank-elastic 2022-03-21 22:46:53 +05:30
• d26759d5a8 [Rule Tuning] Symbolic Link to Shadow Copy Created (#1830) Terrance DeJesus 2022-03-18 11:08:29 -04:00
• 096723b2a1 [Rule Tuning] Symbolic Link to Shadow Copy Created (#1830) Terrance DeJesus 2022-03-18 11:08:29 -04:00
• a951b99c13 update beats master branch ref to main (#1853) Mika Ayenson 2022-03-18 10:06:34 -04:00
• 84b7ce6582 update beats master branch ref to main (#1853) Mika Ayenson 2022-03-18 10:06:34 -04:00