Commit Graph

Select branches

Hide Pull Requests

main

7.11

ML-Beaconing-20211130-1

ML-Beaconing-20211216-1

ML-DGA-20201111-1

ML-DGA-20201111-2

ML-DGA-20201111-3

ML-DGA-20201118-1

ML-DGA-20201216-1

ML-DGA-20210421-2

ML-DGA-20210421-3

ML-DGA-20210601-3

ML-DGA-20210602-3

ML-DGA-20210604-4

ML-DGA-20210629-5

ML-DGA-20210706-5

ML-HostRiskScore-20210728-1

ML-HostRiskScore-20210803-1

ML-HostRiskScore-20210826-2

ML-HostRiskScore-20211007-3

ML-HostRiskScore-20220210-4

ML-HostRiskScore-20220215-4

ML-HostRiskScore-20220228-5

ML-HostRiskScore-20220404-5

ML-ProblemChild-20210519-1

ML-ProblemChild-20210520-1

ML-ProblemChild-20210526-1

ML-ProblemChild-20210602-1

ML-URLSpoof-20210804-1

ML-URLSpoof-20210805-1

ML-UserRiskScore-20220628-1

ML-UserRiskScore-20220812-2

ML-experimental-detections-20200506-3

ML-experimental-detections-20201028-1

ML-experimental-detections-20201029-1

ML-experimental-detections-20201118-1

ML-experimental-detections-20201209-1

ML-experimental-detections-20201221-2

ML-experimental-detections-20210527-4

ML-experimental-detections-20210602-4

ML-experimental-detections-20210603-5

ML-experimental-detections-20210804-6

ML-experimental-detections-20210805-6

ML-experimental-detections-20211130-7

apr_2025_updates

aug_2025_updates

august_updates

dev-v0.1.0

dev-v0.1.2

dev-v0.1.3

dev-v0.1.4

dev-v0.1.5

dev-v0.1.6

dev-v0.1.7

dev-v0.2.0

dev-v0.2.1

dev-v0.3.0

dev-v0.3.1

dev-v0.3.10

dev-v0.3.11

dev-v0.3.12

dev-v0.3.13

dev-v0.3.14

dev-v0.3.15

dev-v0.3.16

dev-v0.3.17

dev-v0.3.18

dev-v0.3.19

dev-v0.3.2

dev-v0.3.3

dev-v0.3.4

dev-v0.3.5

dev-v0.3.6

dev-v0.3.7

dev-v0.3.8

dev-v0.3.9

dev-v0.4.0

dev-v0.4.1

dev-v0.4.10

dev-v0.4.11

dev-v0.4.12

dev-v0.4.13

dev-v0.4.14

dev-v0.4.15

dev-v0.4.16

dev-v0.4.17

dev-v0.4.18

dev-v0.4.19

dev-v0.4.2

dev-v0.4.20

dev-v0.4.21

dev-v0.4.22

dev-v0.4.23

dev-v0.4.24

dev-v0.4.25

dev-v0.4.26

dev-v0.4.3

dev-v0.4.4

dev-v0.4.5

dev-v0.4.6

dev-v0.4.7

dev-v0.4.8

dev-v0.4.9

dev-v1.0.0

dev-v1.0.1

dev-v1.0.10

dev-v1.0.13

dev-v1.0.14

dev-v1.0.15

dev-v1.0.16

dev-v1.0.17

dev-v1.0.18

dev-v1.0.2

dev-v1.0.3

dev-v1.0.4

dev-v1.0.5

dev-v1.0.6

dev-v1.0.7

dev-v1.0.8

dev-v1.0.9

dev-v1.1.0

dev-v1.1.1

dev-v1.1.2

dev-v1.1.3

dev-v1.1.4

dev-v1.1.5

dev-v1.1.6

dev-v1.1.7

dev-v1.2.0

dev-v1.2.1

dev-v1.2.10

dev-v1.2.11

dev-v1.2.12

dev-v1.2.13

dev-v1.2.14

dev-v1.2.15

dev-v1.2.16

dev-v1.2.17

dev-v1.2.18

dev-v1.2.19

dev-v1.2.2

dev-v1.2.20

dev-v1.2.21

dev-v1.2.22

dev-v1.2.23

dev-v1.2.24

dev-v1.2.25

dev-v1.2.26

dev-v1.2.3

dev-v1.2.4

dev-v1.2.5

dev-v1.2.7

dev-v1.2.8

dev-v1.2.9

dev-v1.3.0

dev-v1.3.1

dev-v1.3.10

dev-v1.3.11

dev-v1.3.12

dev-v1.3.13

dev-v1.3.14

dev-v1.3.15

dev-v1.3.16

dev-v1.3.17

dev-v1.3.18

dev-v1.3.19

dev-v1.3.2

dev-v1.3.20

dev-v1.3.21

dev-v1.3.22

dev-v1.3.23

dev-v1.3.24

dev-v1.3.25

dev-v1.3.26

dev-v1.3.27

dev-v1.3.28

dev-v1.3.29

dev-v1.3.3

dev-v1.3.30

dev-v1.3.31

dev-v1.3.32

dev-v1.3.33

dev-v1.3.4

dev-v1.3.5

dev-v1.3.6

dev-v1.3.7

dev-v1.3.9

dev-v1.4.0

dev-v1.4.1

dev-v1.4.10

dev-v1.4.11

dev-v1.4.12

dev-v1.4.2

dev-v1.4.3

dev-v1.4.4

dev-v1.4.5

dev-v1.4.6

dev-v1.4.7

dev-v1.4.8

dev-v1.4.9

dev-v1.5.0

dev-v1.5.1

dev-v1.5.10

dev-v1.5.11

dev-v1.5.12

dev-v1.5.13

dev-v1.5.14

dev-v1.5.15

dev-v1.5.16

dev-v1.5.17

dev-v1.5.18

dev-v1.5.19

dev-v1.5.2

dev-v1.5.20

dev-v1.5.21

dev-v1.5.22

dev-v1.5.23

dev-v1.5.24

dev-v1.5.25

dev-v1.5.26

dev-v1.5.27

dev-v1.5.28

dev-v1.5.29

dev-v1.5.3

dev-v1.5.31

dev-v1.5.32

dev-v1.5.33

dev-v1.5.34

dev-v1.5.35

dev-v1.5.36

dev-v1.5.37

dev-v1.5.38

dev-v1.5.39

dev-v1.5.4

dev-v1.5.40

dev-v1.5.41

dev-v1.5.42

dev-v1.5.43

dev-v1.5.44

dev-v1.5.45

dev-v1.5.46

dev-v1.5.47

dev-v1.5.48

dev-v1.5.49

dev-v1.5.5

dev-v1.5.50

dev-v1.5.51

dev-v1.5.52

dev-v1.5.53

dev-v1.5.54

dev-v1.5.56

dev-v1.5.6

dev-v1.5.7

dev-v1.5.8

dev-v1.5.9

dev-v1.6.0

dev-v1.6.1

dev-v1.6.10

dev-v1.6.11

dev-v1.6.12

dev-v1.6.13

dev-v1.6.14

dev-v1.6.15

dev-v1.6.16

dev-v1.6.17

dev-v1.6.18

dev-v1.6.19

dev-v1.6.2

dev-v1.6.20

dev-v1.6.21

dev-v1.6.22

dev-v1.6.23

dev-v1.6.24

dev-v1.6.25

dev-v1.6.26

dev-v1.6.28

dev-v1.6.29

dev-v1.6.3

dev-v1.6.30

dev-v1.6.31

dev-v1.6.32

dev-v1.6.4

dev-v1.6.5

dev-v1.6.6

dev-v1.6.7

dev-v1.6.8

dev-v1.6.9

dev7.10-ML-DGA-v0.1.0

dev7.10-ML-DGA-v0.1.0.zip

dev7.10-abc-v0.1.0

feb_2025_updates

integration-v0.13.1

integration-v0.13.2

integration-v0.13.3

integration-v0.14.1

integration-v0.14.2

integration-v0.14.3

integration-v0.16.1

integration-v0.16.2

integration-v1.0.1

integration-v1.0.2

integration-v7.16.3

integration-v7.16.4

integration-v7.16.5

integration-v8.1.1

integration-v8.10.1

integration-v8.10.10

integration-v8.10.11

integration-v8.10.12

integration-v8.10.13

integration-v8.10.14

integration-v8.10.15

integration-v8.10.16

integration-v8.10.17

integration-v8.10.18

integration-v8.10.2

integration-v8.10.3

integration-v8.10.4

integration-v8.10.5

integration-v8.10.6

integration-v8.10.7

integration-v8.10.8

integration-v8.10.9

integration-v8.11.1

integration-v8.11.10

integration-v8.11.11

integration-v8.11.12

integration-v8.11.13

integration-v8.11.14

integration-v8.11.15

integration-v8.11.16

integration-v8.11.17

integration-v8.11.18

integration-v8.11.19

integration-v8.11.2

integration-v8.11.20

integration-v8.11.21

Mono Color

• 63d6a54804 [Rule Tuning] Add system index to Windows Event Logs Cleared (#1502) Justin Ibarra 2021-09-24 09:04:56 -08:00
• 5b13666054 [Rule Tuning] Update threat mappings for Windows rules (#1497) Jonhnathan 2021-09-23 14:08:38 -03:00
• 61afb1c1c0 [Rule Tuning] Update threat mappings for Windows rules (#1497) Jonhnathan 2021-09-23 14:08:38 -03:00
• 216d06ef30 [New Rule] AWS STS GetSessionToken Abuse (#1213) Austin Songer 2021-09-22 14:28:02 -05:00
• 93b8038d7d [New Rule] AWS STS GetSessionToken Abuse (#1213) Austin Songer 2021-09-22 14:28:02 -05:00
• 0610e66ec2 [New Rule] Okta User Attempted Unauthorized Access (#1209) Austin Songer 2021-09-22 01:44:20 -05:00
• 3e2cf4f53e [New Rule] Okta User Attempted Unauthorized Access (#1209) Austin Songer 2021-09-22 01:44:20 -05:00
• 98735808ab [Rule Tuning] Fix typos in rule metadata (#1494) Justin Ibarra 2021-09-21 11:31:00 -08:00
• 8e3b1d28c4 [Rule Tuning] Fix typos in rule metadata (#1494) Justin Ibarra 2021-09-21 11:31:00 -08:00
• c1a0398c3f Additional Att&ck Mappings for credential access Rules (#1495) Jonhnathan 2021-09-21 13:04:16 -03:00
• f6421d8c53 Additional Att&ck Mappings for credential access Rules (#1495) Jonhnathan 2021-09-21 13:04:16 -03:00
• 2bb9fdb724 Add default timestamp condition for threat_query (#1486) Khristinin Nikita 2021-09-20 21:19:52 +02:00
• 10a977914b Add default timestamp condition for threat_query (#1486) Khristinin Nikita 2021-09-20 21:19:52 +02:00
• 143afc4f38 [KQL] Add support for date fields in parser (#1487) Justin Ibarra 2021-09-16 09:25:26 -08:00
• 582a842e32 [KQL] Add support for date fields in parser (#1487) Justin Ibarra 2021-09-16 09:25:26 -08:00
• 0a3bd9130d Allow CLi config to be multiple formats (#1485) Justin Ibarra 2021-09-15 20:12:39 -08:00
• 7179942be3 Allow CLi config to be multiple formats (#1485) Justin Ibarra 2021-09-15 20:12:39 -08:00
• c864538606 [rule-tuning] Adding more context with triage/investigation (#1481) dstepanic17 2021-09-15 18:07:21 -07:00
• 9ff3873ee7 [rule-tuning] Adding more context with triage/investigation (#1481) dstepanic17 2021-09-15 18:07:21 -07:00
• 31202bf4f6 [Rule tuning] Fix typo in ML rule descriptions (#1484) Justin Ibarra 2021-09-14 08:37:01 -08:00
• 51a2bc815b [Rule tuning] Fix typo in ML rule descriptions (#1484) Justin Ibarra 2021-09-14 08:37:01 -08:00
• 938cc5b8b5 [Bug] CLI Fixes (#1073) Justin Ibarra 2021-09-10 10:06:04 -08:00
• 5b24eca0bc [Bug] CLI Fixes (#1073) Justin Ibarra 2021-09-10 10:06:04 -08:00
• 105a1fd023 [New Rule] Behavior Rule for CVE-2021-40444 Exploitation (#1479) Samirbous 2021-09-08 21:26:14 +02:00
• 0875c1e4c4 [New Rule] Behavior Rule for CVE-2021-40444 Exploitation (#1479) Samirbous 2021-09-08 21:26:14 +02:00
• 88bfc67638 Adding control.exe (#1477) dstepanic17 2021-09-08 11:30:46 -07:00
• cb27c686e0 Adding control.exe (#1477) dstepanic17 2021-09-08 11:30:46 -07:00
• 2ed00c3f95 Lock versions for releases: 7.13,7.14,7.15 (#1474) integration-v0.14.1 github-actions[bot] 2021-09-07 12:32:40 -08:00
• 58a4483222 Lock versions for releases: 7.13,7.14,7.15 (#1474) github-actions[bot] 2021-09-07 12:32:40 -08:00
• f77e18977a Generate detection rule to alert on traffic to typosquatting/homonym domains (#1199) David French 2021-09-03 14:35:59 -06:00
• 90aa65aed3 Generate detection rule to alert on traffic to typosquatting/homonym domains (#1199) David French 2021-09-03 14:35:59 -06:00
• 2ef59e918f Revert #1440 new endpoint promotion rule (#1470) Ross Wolf 2021-09-03 08:07:20 -06:00
• c9d6527280 Revert #1440 new endpoint promotion rule (#1470) Ross Wolf 2021-09-03 08:07:20 -06:00
• eb37f07417 Add DeprecatedCollection to RuleCollection to bypass validation (#1454) Justin Ibarra 2021-09-01 15:29:53 -08:00
• 7710e2b798 Add DeprecatedCollection to RuleCollection to bypass validation (#1454) Justin Ibarra 2021-09-01 15:29:53 -08:00
• e9d67898d9 [CI] Notify slack on backport failure (#1468) Ross Wolf 2021-09-01 06:47:48 -06:00
• c395d799b4 [CI] Notify slack on backport failure (#1468) Ross Wolf 2021-09-01 06:47:48 -06:00
• 21628611a9 [Bug] Community label: use getMembershipForUser (#1469) Justin Ibarra 2021-08-31 21:32:30 -08:00
• 2a7d036443 [Bug] Community label: use getMembershipForUser (#1469) Justin Ibarra 2021-08-31 21:32:30 -08:00
• 7371608d39 [Bug] RuleTOMLContents.to_dict serialize with proper schema (#1460) Justin Ibarra 2021-08-31 21:06:14 -08:00
• 9d10458be4 [Bug] RuleTOMLContents.to_dict serialize with proper schema (#1460) Justin Ibarra 2021-08-31 21:06:14 -08:00
• 2a2bcbd870 [Rule tuning] Fix spacing in reference URLs (#1455) Justin Ibarra 2021-08-31 15:59:06 -08:00
• 655f7d91d0 [Rule tuning] Fix spacing in reference URLs (#1455) Justin Ibarra 2021-08-31 15:59:06 -08:00
• 20a814c47f [Rule tuning] Azure Active Directory High Risk Sign-in (#1463) Nic 2021-08-30 17:33:44 -05:00
• 8b2c8c2e03 [Rule tuning] Azure Active Directory High Risk Sign-in (#1463) Nic 2021-08-30 17:33:44 -05:00
• 3204a5c366 Update main to point to 7.16 (#1457) Ross Wolf 2021-08-26 14:23:55 -06:00
• 7b8b18cb20 Update main to point to 7.16 (#1457) Ross Wolf 2021-08-26 14:23:55 -06:00
• 79d3b60c9a [CI] Add GitHub actions workflow to lock versions across branches (#1456) Ross Wolf 2021-08-26 14:17:34 -06:00
• 4adad703fc [CI] Add GitHub actions workflow to lock versions across branches (#1456) Ross Wolf 2021-08-26 14:17:34 -06:00
• 675e870a30 Set min stack to 7.15 for Behavior Protection promotion ML-HostRiskScore-20210826-2 Ross Wolf 2021-08-26 08:53:02 -06:00
• 1f7c404548 Remove the 7.15+ behavior protection promotion rule Ross Wolf 2021-08-26 08:51:38 -06:00
• b883415914 Small update to docs (#1442) Apoorva Joshi 2021-08-25 23:40:39 -07:00
• 227b67e636 Small update to docs (#1442) Apoorva Joshi 2021-08-25 23:40:39 -07:00
• 34ab6c81d3 [New Rule] Endpoint Security Behavior Protection (#1440) Ross Wolf 2021-08-25 09:56:59 -06:00
• 3b338baab0 [New Rule] Endpoint Security Behavior Protection (#1440) Ross Wolf 2021-08-25 09:56:59 -06:00
• 8a3220ef6a Track multiple stacks in lock (#1434) Ross Wolf 2021-08-24 16:56:11 -06:00
• 0d47cb324a Track multiple stacks in lock (#1434) Ross Wolf 2021-08-24 16:56:11 -06:00
• 689e690f8c [New rule] Webshell Detection (#1448) dstepanic17 2021-08-24 13:17:28 -07:00
• 8ddffc298b [New rule] Webshell Detection (#1448) dstepanic17 2021-08-24 13:17:28 -07:00
• cc75f645b6 [Rule Tuning] Add technique T1005 to 2 rules (#1405) Justin Ibarra 2021-08-20 00:19:11 -08:00
• 8099e1c733 [Rule Tuning] Add technique T1005 to 2 rules (#1405) Justin Ibarra 2021-08-20 00:19:11 -08:00
• 632a322431 Fix encoding of 'Any' type in jsonschema (#1438) Ross Wolf 2021-08-19 10:15:21 -06:00
• 11c443ba26 Fix encoding of 'Any' type in jsonschema (#1438) Ross Wolf 2021-08-19 10:15:21 -06:00
• 60caedc026 Bump package versions (#1418) Justin Ibarra 2021-08-18 21:25:53 -08:00
• 2d517432e3 Bump package versions (#1418) Justin Ibarra 2021-08-18 21:25:53 -08:00
• c1b774cdb6 Skip etc/packages.yml from backport: auto (#1437) Ross Wolf 2021-08-18 16:55:21 -06:00
• d647c7b809 Skip etc/packages.yml from backport: auto (#1437) Ross Wolf 2021-08-18 16:55:21 -06:00
• 94190321c1 [Rule Tuning] AWS Security Group Configuration Change Detection (#1426) Austin Songer 2021-08-14 23:34:13 -05:00
• 3b29498907 [Rule Tuning] AWS Security Group Configuration Change Detection (#1426) Austin Songer 2021-08-14 23:34:13 -05:00
• 604fd2a18f Fix typos discovered by codespell (#1430) Christian Clauss 2021-08-15 06:29:10 +02:00
• ddec37b731 Fix typos discovered by codespell (#1430) Christian Clauss 2021-08-15 06:29:10 +02:00
• 16bc2a24f1 Remove labeling from community workflow (#1432) Justin Ibarra 2021-08-14 02:43:34 -08:00
• 4a3bacae48 Remove labeling from community workflow (#1432) Justin Ibarra 2021-08-14 02:43:34 -08:00
• 52dee0d0c6 Add revised workflow for community label (#1431) Justin Ibarra 2021-08-14 02:18:53 -08:00
• f63a72f1ac Add revised workflow for community label (#1431) Justin Ibarra 2021-08-14 02:18:53 -08:00
• 986a515a62 Add label workflow for community issues and pulls (#1406) Justin Ibarra 2021-08-13 22:36:59 -08:00
• 006cb0e702 Add label workflow for community issues and pulls (#1406) Justin Ibarra 2021-08-13 22:36:59 -08:00
• 4bd62ef5c9 Add botelastic workflow for stale issues and PRs (#1414) Justin Ibarra 2021-08-13 22:24:55 -08:00
• 5c8029ad55 Add botelastic workflow for stale issues and PRs (#1414) Justin Ibarra 2021-08-13 22:24:55 -08:00
• 764cb5d0b4 Add paths-labeller workflow (#1407) Justin Ibarra 2021-08-13 22:13:34 -08:00
• 75d6d76926 Add paths-labeller workflow (#1407) Justin Ibarra 2021-08-13 22:13:34 -08:00
• c2b7b22496 Pull latest ECS+beats schemas and update schema-map (#1417) Justin Ibarra 2021-08-12 13:08:12 -08:00
• b27a20fc3a Pull latest ECS+beats schemas and update schema-map (#1417) Justin Ibarra 2021-08-12 13:08:12 -08:00
• e170935f1f [New Rule] AWS EC2 Security Group Configuration Change Detection (#1144) Austin Songer 2021-08-12 14:36:50 -05:00
• 67ba66c8e7 [New Rule] AWS EC2 Security Group Configuration Change Detection (#1144) Austin Songer 2021-08-12 14:36:50 -05:00
• 9e6c107de5 [New Rule] Whitespace Padding in Process Command Line (#1392) David French 2021-08-11 10:15:01 -06:00
• 14493689b9 [New Rule] Whitespace Padding in Process Command Line (#1392) David French 2021-08-11 10:15:01 -06:00
• dca8f2b712 [Bug] Flatten method improperly added subtechniques (#1404) Justin Ibarra 2021-08-05 11:15:07 -08:00
• 95486ecfdf [Bug] Flatten method improperly added subtechniques (#1404) Justin Ibarra 2021-08-05 11:15:07 -08:00
• 5a33f634a7 Add RuleCollection.load_git_branch (#1403) Ross Wolf 2021-08-05 01:15:39 -06:00
• 17bf3c1e16 Add RuleCollection.load_git_branch (#1403) ML-experimental-detections-20210805-6 ML-URLSpoof-20210805-1 Ross Wolf 2021-08-05 01:15:39 -06:00
• 91e1d1abfc Adding docs for URL Spoofing (#1400) dishadasgupta 2021-08-04 17:13:10 -07:00
• 7be58b7b09 Adding docs for URL Spoofing (#1400) dishadasgupta 2021-08-04 17:13:10 -07:00
• 121431b40b Refresh ATT&CK mappings to v9.0 (#1401) Justin Ibarra 2021-08-04 14:16:10 -08:00
• d31ea6253e Refresh ATT&CK mappings to v9.0 (#1401) Justin Ibarra 2021-08-04 14:16:10 -08:00
• 742253c61d [Rule tuning] Revise rule description and other text (#1398) Justin Ibarra 2021-08-03 13:07:47 -08:00
• f8f643041a [Rule tuning] Revise rule description and other text (#1398) Justin Ibarra 2021-08-03 13:07:47 -08:00
• fcd2071ca9 [Rule Tuning] NTDS or SAM Database File Copied (#1378) Austin Songer 2021-08-03 15:28:17 -05:00
• d2365783fa [Rule Tuning] NTDS or SAM Database File Copied (#1378) Austin Songer 2021-08-03 15:28:17 -05:00
• 99c9995967 Update Host Risk Score docs (#1397) Apoorva Joshi 2021-08-02 21:52:12 -07:00