Commit Graph

Select branches

Hide Pull Requests

main

7.11

ML-Beaconing-20211130-1

ML-Beaconing-20211216-1

ML-DGA-20201111-1

ML-DGA-20201111-2

ML-DGA-20201111-3

ML-DGA-20201118-1

ML-DGA-20201216-1

ML-DGA-20210421-2

ML-DGA-20210421-3

ML-DGA-20210601-3

ML-DGA-20210602-3

ML-DGA-20210604-4

ML-DGA-20210629-5

ML-DGA-20210706-5

ML-HostRiskScore-20210728-1

ML-HostRiskScore-20210803-1

ML-HostRiskScore-20210826-2

ML-HostRiskScore-20211007-3

ML-HostRiskScore-20220210-4

ML-HostRiskScore-20220215-4

ML-HostRiskScore-20220228-5

ML-HostRiskScore-20220404-5

ML-ProblemChild-20210519-1

ML-ProblemChild-20210520-1

ML-ProblemChild-20210526-1

ML-ProblemChild-20210602-1

ML-URLSpoof-20210804-1

ML-URLSpoof-20210805-1

ML-UserRiskScore-20220628-1

ML-UserRiskScore-20220812-2

ML-experimental-detections-20200506-3

ML-experimental-detections-20201028-1

ML-experimental-detections-20201029-1

ML-experimental-detections-20201118-1

ML-experimental-detections-20201209-1

ML-experimental-detections-20201221-2

ML-experimental-detections-20210527-4

ML-experimental-detections-20210602-4

ML-experimental-detections-20210603-5

ML-experimental-detections-20210804-6

ML-experimental-detections-20210805-6

ML-experimental-detections-20211130-7

apr_2025_updates

aug_2025_updates

august_updates

dev-v0.1.0

dev-v0.1.2

dev-v0.1.3

dev-v0.1.4

dev-v0.1.5

dev-v0.1.6

dev-v0.1.7

dev-v0.2.0

dev-v0.2.1

dev-v0.3.0

dev-v0.3.1

dev-v0.3.10

dev-v0.3.11

dev-v0.3.12

dev-v0.3.13

dev-v0.3.14

dev-v0.3.15

dev-v0.3.16

dev-v0.3.17

dev-v0.3.18

dev-v0.3.19

dev-v0.3.2

dev-v0.3.3

dev-v0.3.4

dev-v0.3.5

dev-v0.3.6

dev-v0.3.7

dev-v0.3.8

dev-v0.3.9

dev-v0.4.0

dev-v0.4.1

dev-v0.4.10

dev-v0.4.11

dev-v0.4.12

dev-v0.4.13

dev-v0.4.14

dev-v0.4.15

dev-v0.4.16

dev-v0.4.17

dev-v0.4.18

dev-v0.4.19

dev-v0.4.2

dev-v0.4.20

dev-v0.4.21

dev-v0.4.22

dev-v0.4.23

dev-v0.4.24

dev-v0.4.25

dev-v0.4.26

dev-v0.4.3

dev-v0.4.4

dev-v0.4.5

dev-v0.4.6

dev-v0.4.7

dev-v0.4.8

dev-v0.4.9

dev-v1.0.0

dev-v1.0.1

dev-v1.0.10

dev-v1.0.13

dev-v1.0.14

dev-v1.0.15

dev-v1.0.16

dev-v1.0.17

dev-v1.0.18

dev-v1.0.2

dev-v1.0.3

dev-v1.0.4

dev-v1.0.5

dev-v1.0.6

dev-v1.0.7

dev-v1.0.8

dev-v1.0.9

dev-v1.1.0

dev-v1.1.1

dev-v1.1.2

dev-v1.1.3

dev-v1.1.4

dev-v1.1.5

dev-v1.1.6

dev-v1.1.7

dev-v1.2.0

dev-v1.2.1

dev-v1.2.10

dev-v1.2.11

dev-v1.2.12

dev-v1.2.13

dev-v1.2.14

dev-v1.2.15

dev-v1.2.16

dev-v1.2.17

dev-v1.2.18

dev-v1.2.19

dev-v1.2.2

dev-v1.2.20

dev-v1.2.21

dev-v1.2.22

dev-v1.2.23

dev-v1.2.24

dev-v1.2.25

dev-v1.2.26

dev-v1.2.3

dev-v1.2.4

dev-v1.2.5

dev-v1.2.7

dev-v1.2.8

dev-v1.2.9

dev-v1.3.0

dev-v1.3.1

dev-v1.3.10

dev-v1.3.11

dev-v1.3.12

dev-v1.3.13

dev-v1.3.14

dev-v1.3.15

dev-v1.3.16

dev-v1.3.17

dev-v1.3.18

dev-v1.3.19

dev-v1.3.2

dev-v1.3.20

dev-v1.3.21

dev-v1.3.22

dev-v1.3.23

dev-v1.3.24

dev-v1.3.25

dev-v1.3.26

dev-v1.3.27

dev-v1.3.28

dev-v1.3.29

dev-v1.3.3

dev-v1.3.30

dev-v1.3.31

dev-v1.3.32

dev-v1.3.33

dev-v1.3.4

dev-v1.3.5

dev-v1.3.6

dev-v1.3.7

dev-v1.3.9

dev-v1.4.0

dev-v1.4.1

dev-v1.4.10

dev-v1.4.11

dev-v1.4.12

dev-v1.4.2

dev-v1.4.3

dev-v1.4.4

dev-v1.4.5

dev-v1.4.6

dev-v1.4.7

dev-v1.4.8

dev-v1.4.9

dev-v1.5.0

dev-v1.5.1

dev-v1.5.10

dev-v1.5.11

dev-v1.5.12

dev-v1.5.13

dev-v1.5.14

dev-v1.5.15

dev-v1.5.16

dev-v1.5.17

dev-v1.5.18

dev-v1.5.19

dev-v1.5.2

dev-v1.5.20

dev-v1.5.21

dev-v1.5.22

dev-v1.5.23

dev-v1.5.24

dev-v1.5.25

dev-v1.5.26

dev-v1.5.27

dev-v1.5.28

dev-v1.5.29

dev-v1.5.3

dev-v1.5.31

dev-v1.5.32

dev-v1.5.33

dev-v1.5.34

dev-v1.5.35

dev-v1.5.36

dev-v1.5.37

dev-v1.5.38

dev-v1.5.39

dev-v1.5.4

dev-v1.5.40

dev-v1.5.41

dev-v1.5.42

dev-v1.5.43

dev-v1.5.44

dev-v1.5.45

dev-v1.5.46

dev-v1.5.47

dev-v1.5.48

dev-v1.5.49

dev-v1.5.5

dev-v1.5.50

dev-v1.5.51

dev-v1.5.52

dev-v1.5.53

dev-v1.5.54

dev-v1.5.56

dev-v1.5.6

dev-v1.5.7

dev-v1.5.8

dev-v1.5.9

dev-v1.6.0

dev-v1.6.1

dev-v1.6.10

dev-v1.6.11

dev-v1.6.12

dev-v1.6.13

dev-v1.6.14

dev-v1.6.15

dev-v1.6.16

dev-v1.6.17

dev-v1.6.18

dev-v1.6.19

dev-v1.6.2

dev-v1.6.20

dev-v1.6.21

dev-v1.6.22

dev-v1.6.23

dev-v1.6.24

dev-v1.6.25

dev-v1.6.26

dev-v1.6.28

dev-v1.6.29

dev-v1.6.3

dev-v1.6.30

dev-v1.6.31

dev-v1.6.32

dev-v1.6.4

dev-v1.6.5

dev-v1.6.6

dev-v1.6.7

dev-v1.6.8

dev-v1.6.9

dev7.10-ML-DGA-v0.1.0

dev7.10-ML-DGA-v0.1.0.zip

dev7.10-abc-v0.1.0

feb_2025_updates

integration-v0.13.1

integration-v0.13.2

integration-v0.13.3

integration-v0.14.1

integration-v0.14.2

integration-v0.14.3

integration-v0.16.1

integration-v0.16.2

integration-v1.0.1

integration-v1.0.2

integration-v7.16.3

integration-v7.16.4

integration-v7.16.5

integration-v8.1.1

integration-v8.10.1

integration-v8.10.10

integration-v8.10.11

integration-v8.10.12

integration-v8.10.13

integration-v8.10.14

integration-v8.10.15

integration-v8.10.16

integration-v8.10.17

integration-v8.10.18

integration-v8.10.2

integration-v8.10.3

integration-v8.10.4

integration-v8.10.5

integration-v8.10.6

integration-v8.10.7

integration-v8.10.8

integration-v8.10.9

integration-v8.11.1

integration-v8.11.10

integration-v8.11.11

integration-v8.11.12

integration-v8.11.13

integration-v8.11.14

integration-v8.11.15

integration-v8.11.16

integration-v8.11.17

integration-v8.11.18

integration-v8.11.19

integration-v8.11.2

integration-v8.11.20

integration-v8.11.21

Mono Color

• 06a9ba6463 Update Host Risk Score docs (#1397) ML-HostRiskScore-20210803-1 Apoorva Joshi 2021-08-02 21:52:12 -07:00
• 197bb86459 Adding host risk score docs (#1390) Apoorva Joshi 2021-08-02 14:43:27 -07:00
• c283d2a2f3 Adding host risk score docs (#1390) Apoorva Joshi 2021-08-02 14:43:27 -07:00
• 05d01bbfe0 [Rule Tuning] Rule description tweaks (#1388) Justin Ibarra 2021-07-29 10:56:13 -08:00
• b736d6e748 [Rule Tuning] Rule description tweaks (#1388) Justin Ibarra 2021-07-29 10:56:13 -08:00
• 06849a82d8 [CI] Add missing clone for Fleet on-demand job (#1387) Ross Wolf 2021-07-27 16:55:28 -06:00
• 2e8f7cd13f [CI] Add missing clone for Fleet on-demand job (#1387) Ross Wolf 2021-07-27 16:55:28 -06:00
• f6d9295ead [CI] Fix kibana PR command again (#1386) Ross Wolf 2021-07-27 16:29:50 -06:00
• b069b12c60 [CI] Fix kibana PR command again (#1386) integration-v0.13.3 Ross Wolf 2021-07-27 16:29:50 -06:00
• 92937a1ad1 [CI] Fix kibana PR command again (#1386) Ross Wolf 2021-07-27 16:29:50 -06:00
• de13977b57 Bump Fleet integration to 0.13.3 Ross Wolf 2021-07-27 16:27:36 -06:00
• 51f8ea7526 Fix kibana_pr for click.Context (#1385) Ross Wolf 2021-07-27 16:03:28 -06:00
• fc3ef8bbe0 Fix kibana_pr for click.Context (#1385) Ross Wolf 2021-07-27 16:03:28 -06:00
• 64977b01bd Fix kibana_pr for click.Context (#1385) Ross Wolf 2021-07-27 16:03:28 -06:00
• 32c0e9fff5 Disable missing rule check for the version lock (#1384) Ross Wolf 2021-07-27 13:48:28 -06:00
• 98ced817cf Disable missing rule check for the version lock (#1384) Ross Wolf 2021-07-27 13:48:28 -06:00
• c31a344593 Disable missing rule check for the version lock (#1384) Ross Wolf 2021-07-27 13:48:28 -06:00
• a534cd4e85 Update the version lock for 7.14.0 and 0.13.3 (#1383) Ross Wolf 2021-07-27 12:25:12 -06:00
• 55741e71a5 Update the version lock for 7.14.0 and 0.13.3 (#1383) Ross Wolf 2021-07-27 12:25:12 -06:00
• 5eccaf0cd5 Update the version lock for 7.14.0 and 0.13.3 (#1383) Ross Wolf 2021-07-27 12:25:12 -06:00
• 3c9079faf3 Ensure EQL rules with maxspan have a long enough lookback window (#1361) Justin Ibarra 2021-07-22 13:53:13 -08:00
• ab9f055acb Ensure EQL rules with maxspan have a long enough lookback window (#1361) Justin Ibarra 2021-07-22 13:53:13 -08:00
• 7759fa2500 Ensure EQL rules with maxspan have a long enough lookback window (#1361) Justin Ibarra 2021-07-22 13:53:13 -08:00
• 0ae93632fc [Rule Tuning] Remove \Program Files*\ style wildcards (#1369) Ross Wolf 2021-07-22 11:55:22 -06:00
• f7c154cb8f [Rule Tuning] Remove \Program Files*\ style wildcards (#1369) Ross Wolf 2021-07-22 11:55:22 -06:00
• 7b62fe296d [Rule Tuning] Remove \Program Files*\ style wildcards (#1369) Ross Wolf 2021-07-22 11:55:22 -06:00
• 8deeab2c4d [Rule Tuning] Update EQL rules with lookback < maxspan (#1362) Justin Ibarra 2021-07-22 09:08:58 -08:00
• fbc19bebb8 [Rule Tuning] Update EQL rules with lookback < maxspan (#1362) Justin Ibarra 2021-07-22 09:08:58 -08:00
• 4aab1278bf [Rule Tuning] Update EQL rules with lookback < maxspan (#1362) Justin Ibarra 2021-07-22 09:08:58 -08:00
• cae7fac266 Fix metadata.extended (#1377) Ross Wolf 2021-07-22 10:29:30 -06:00
• bc23bde4a6 Fix metadata.extended (#1377) Ross Wolf 2021-07-22 10:29:30 -06:00
• 5ba1c26cf1 Fix metadata.extended (#1377) Ross Wolf 2021-07-22 10:29:30 -06:00
• 600acca704 [Fleet] Track integrations in folder and metadata (#1372) Ross Wolf 2021-07-21 15:24:56 -06:00
• b13c369dab [Fleet] Track integrations in folder and metadata (#1372) Ross Wolf 2021-07-21 15:24:56 -06:00
• 1882f4456c [Fleet] Track integrations in folder and metadata (#1372) Ross Wolf 2021-07-21 15:24:56 -06:00
• 6d9997435f [Rule Tuning] Convert unusual extension rule to regex (#1368) Ross Wolf 2021-07-21 11:49:32 -06:00
• a578a3815c [Rule Tuning] Convert unusual extension rule to regex (#1368) Ross Wolf 2021-07-21 11:49:32 -06:00
• 9f3d5328f4 [Rule Tuning] Convert unusual extension rule to regex (#1368) Ross Wolf 2021-07-21 11:49:32 -06:00
• fc2f5866a2 [Rule Tuning] Creation of Hidden Files and Directories (#1357) Ross Wolf 2021-07-21 11:47:40 -06:00
• 92d432c78b [Rule Tuning] Creation of Hidden Files and Directories (#1357) Ross Wolf 2021-07-21 11:47:40 -06:00
• 9b559d0cd9 [Rule Tuning] Creation of Hidden Files and Directories (#1357) Ross Wolf 2021-07-21 11:47:40 -06:00
• f0270973bb [Rule Tuning] Update Google Workspace rules to use google_workspace event schema (#1374) David French 2021-07-21 11:38:43 -06:00
• b81f29cddf [Rule Tuning] Update Google Workspace rules to use google_workspace event schema (#1374) David French 2021-07-21 11:38:43 -06:00
• 23626b814c [Rule Tuning] Update Google Workspace rules to use google_workspace event schema (#1374) David French 2021-07-21 11:38:43 -06:00
• cb3ceb93da [New Rule] Windows Defender Exclusions Added via PowerShell (#1370) dstepanic17 2021-07-21 11:54:11 -05:00
• acc15485fa [New Rule] Windows Defender Exclusions Added via PowerShell (#1370) dstepanic17 2021-07-21 11:54:11 -05:00
• fbd4cf2117 [New Rule] Windows Defender Exclusions Added via PowerShell (#1370) dstepanic17 2021-07-21 11:54:11 -05:00
• 07a7784659 Update cardinality field in schema for threshold rules (#1349) Justin Ibarra 2021-07-21 08:32:54 -08:00
• e9b2ebab2d Update cardinality field in schema for threshold rules (#1349) Justin Ibarra 2021-07-21 08:32:54 -08:00
• 163d9e3864 Update cardinality field in schema for threshold rules (#1349) Justin Ibarra 2021-07-21 08:32:54 -08:00
• bc82e214c7 [Rule Tuning] Mimikatz powershell module activity detected (#1297) Austin Songer 2021-07-21 02:08:04 -05:00
• 34b37c0bfd [Rule Tuning] Mimikatz powershell module activity detected (#1297) Austin Songer 2021-07-21 02:08:04 -05:00
• 95e6458c6e [Rule Tuning] Mimikatz powershell module activity detected (#1297) Austin Songer 2021-07-21 02:08:04 -05:00
• ce66c684b0 [Rule Tuning] Add Filebeat and Auditbeat to Network Rules (#1282) Andrew Pease 2021-07-21 01:59:22 -05:00
• f0514de6a2 [Rule Tuning] Add Filebeat and Auditbeat to Network Rules (#1282) Andrew Pease 2021-07-21 01:59:22 -05:00
• 34df7c6b89 [Rule Tuning] Add Filebeat and Auditbeat to Network Rules (#1282) Andrew Pease 2021-07-21 01:59:22 -05:00
• 324d46ee74 [New Rule] O365 Excessive SSO Logon Errors (#1215) Austin Songer 2021-07-21 01:55:00 -05:00
• f64a9599d0 [New Rule] O365 Excessive SSO Logon Errors (#1215) Austin Songer 2021-07-21 01:55:00 -05:00
• 64c3f7cdc5 [New Rule] O365 Excessive SSO Logon Errors (#1215) Austin Songer 2021-07-21 01:55:00 -05:00
• 55d2780a6e [New Rule] Disable Windows Event and Security Logs (#1181) Austin Songer 2021-07-21 01:44:35 -05:00
• 47ca92f97a [New Rule] Disable Windows Event and Security Logs (#1181) Austin Songer 2021-07-21 01:44:35 -05:00
• c82790f588 [New Rule] Disable Windows Event and Security Logs (#1181) Austin Songer 2021-07-21 01:44:35 -05:00
• 4d69ad4ae6 [Rule Tuning] Suspicious CertUtil Commands (#1180) Austin Songer 2021-07-21 01:26:36 -05:00
• 77b80d7e6d [Rule Tuning] Suspicious CertUtil Commands (#1180) Austin Songer 2021-07-21 01:26:36 -05:00
• 4a11ef9514 [Rule Tuning] Suspicious CertUtil Commands (#1180) Austin Songer 2021-07-21 01:26:36 -05:00
• 8916b7dd4b [Rule Tuning] External IP Lookup from Non-Browser Process (#1147) Austin Songer 2021-07-21 00:47:39 -05:00
• c6987f2484 [Rule Tuning] External IP Lookup from Non-Browser Process (#1147) Austin Songer 2021-07-21 00:47:39 -05:00
• 920d973064 [Rule Tuning] External IP Lookup from Non-Browser Process (#1147) Austin Songer 2021-07-21 00:47:39 -05:00
• f3c794c48a [New Rule] CyberArkPas promotion rules (#1336) Justin Ibarra 2021-07-20 10:01:02 -08:00
• adc63cd84b Add optional integration field to the schema (#1359) Ross Wolf 2021-07-19 12:52:44 -06:00
• 9bddabf8e9 Add optional integration field to the schema (#1359) Ross Wolf 2021-07-19 12:52:44 -06:00
• 816e31cd38 Add optional integration field to the schema (#1359) Ross Wolf 2021-07-19 12:52:44 -06:00
• 9b9bebbd27 [New Rule] Parent Process PID Spoofing (#1338) Samirbous 2021-07-15 22:55:46 +02:00
• f052e81907 [New Rule] Parent Process PID Spoofing (#1338) Samirbous 2021-07-15 22:55:46 +02:00
• 81ab43898c [New Rule] Parent Process PID Spoofing (#1338) Samirbous 2021-07-15 22:55:46 +02:00
• cfc0fdd5db Add 7.14 to the list of target backport branches (#1341) Ross Wolf 2021-07-14 16:29:23 -06:00
• f9cc25565c Add 7.14 to the list of target backport branches (#1341) Ross Wolf 2021-07-14 16:29:23 -06:00
• 809c06ad5f Add 7.14 to the list of target backport branches (#1341) Ross Wolf 2021-07-14 16:29:23 -06:00
• 51d171c50e [CI] Publish to integrations from on-demand job (#1340) Ross Wolf 2021-07-14 16:19:41 -06:00
• 77c23da1db [CI] Publish to integrations from on-demand job (#1340) Ross Wolf 2021-07-14 16:19:41 -06:00
• fe816747e7 [APM] Adds APM data stream 'traces-apm*' to apm rules (#105334) (#1335) Oliver Gupte 2021-07-13 09:04:58 -04:00
• 7ec97e622f [APM] Adds APM data stream 'traces-apm*' to apm rules (#105334) (#1335) Oliver Gupte 2021-07-13 09:04:58 -04:00
• c94b70413e [CI] Update backport job to filter out incompatible rules (#1332) Ross Wolf 2021-07-12 14:41:48 -06:00
• 1e6e5ef0a0 [CI] Update backport job to filter out incompatible rules (#1332) Ross Wolf 2021-07-12 14:41:48 -06:00
• 4e2a141145 [CI/CD] Create on-demand job to release from Kibana (#1334) Ross Wolf 2021-07-12 14:34:54 -06:00
• 5b0f72ffc3 [CI/CD] Create on-demand job to release from Kibana (#1334) Ross Wolf 2021-07-12 14:34:54 -06:00
• 6c15c3c0e7 Add command to unstage incompatible rules from git (#1317) Ross Wolf 2021-07-08 13:44:04 -06:00
• cf736046f1 Add command to unstage incompatible rules from git (#1317) Ross Wolf 2021-07-08 13:44:04 -06:00
• 7b9bed72be Bump the Fleet package version integration-v0.13.2 Ross Wolf 2021-07-07 21:19:06 -06:00
• 2f03035342 Lock versions for Fleet package 0.13.2 (#1330) Ross Wolf 2021-07-07 15:43:40 -06:00
• 42957129ad Lock versions for Fleet package 0.13.2 (#1330) Ross Wolf 2021-07-07 15:43:40 -06:00
• 43dd58d11d [New Rule] Potential PrintNightmare Exploitation rules (#1326) Samirbous 2021-07-07 18:56:39 +02:00
• 89420ae976 [New Rule] Potential PrintNightmare Exploitation rules (#1326) Samirbous 2021-07-07 18:56:39 +02:00
• dd24dabb0d [New Rule] Complementary Rules for Recent REvil TTPs (#1329) Samirbous 2021-07-07 17:02:40 +02:00
• 9fadc4c1dc [New Rule] Complementary Rules for Recent REvil TTPs (#1329) Samirbous 2021-07-07 17:02:40 +02:00
• 68e7b6bbe3 Make "config" in note field consistent (#1310) Justin Ibarra 2021-07-06 15:54:01 -08:00
• 63a39665e3 Make "config" in note field consistent (#1310) Justin Ibarra 2021-07-06 15:54:01 -08:00
• c82e89ad34 Add min_stack_version to 7.14+ only rules (#1321) ML-DGA-20210706-5 Ross Wolf 2021-07-06 13:42:09 -06:00
• 77eaa64bf9 Update the pythonpackage.yml job to only upload artifacts for 'push' (#1322) Ross Wolf 2021-07-06 13:40:39 -06:00
• 3120252982 Update the pythonpackage.yml job to only upload artifacts for 'push' (#1322) Ross Wolf 2021-07-06 13:40:39 -06:00