Commit Graph

Select branches

Hide Pull Requests

main

7.11

ML-Beaconing-20211130-1

ML-Beaconing-20211216-1

ML-DGA-20201111-1

ML-DGA-20201111-2

ML-DGA-20201111-3

ML-DGA-20201118-1

ML-DGA-20201216-1

ML-DGA-20210421-2

ML-DGA-20210421-3

ML-DGA-20210601-3

ML-DGA-20210602-3

ML-DGA-20210604-4

ML-DGA-20210629-5

ML-DGA-20210706-5

ML-HostRiskScore-20210728-1

ML-HostRiskScore-20210803-1

ML-HostRiskScore-20210826-2

ML-HostRiskScore-20211007-3

ML-HostRiskScore-20220210-4

ML-HostRiskScore-20220215-4

ML-HostRiskScore-20220228-5

ML-HostRiskScore-20220404-5

ML-ProblemChild-20210519-1

ML-ProblemChild-20210520-1

ML-ProblemChild-20210526-1

ML-ProblemChild-20210602-1

ML-URLSpoof-20210804-1

ML-URLSpoof-20210805-1

ML-UserRiskScore-20220628-1

ML-UserRiskScore-20220812-2

ML-experimental-detections-20200506-3

ML-experimental-detections-20201028-1

ML-experimental-detections-20201029-1

ML-experimental-detections-20201118-1

ML-experimental-detections-20201209-1

ML-experimental-detections-20201221-2

ML-experimental-detections-20210527-4

ML-experimental-detections-20210602-4

ML-experimental-detections-20210603-5

ML-experimental-detections-20210804-6

ML-experimental-detections-20210805-6

ML-experimental-detections-20211130-7

apr_2025_updates

aug_2025_updates

august_updates

dev-v0.1.0

dev-v0.1.2

dev-v0.1.3

dev-v0.1.4

dev-v0.1.5

dev-v0.1.6

dev-v0.1.7

dev-v0.2.0

dev-v0.2.1

dev-v0.3.0

dev-v0.3.1

dev-v0.3.10

dev-v0.3.11

dev-v0.3.12

dev-v0.3.13

dev-v0.3.14

dev-v0.3.15

dev-v0.3.16

dev-v0.3.17

dev-v0.3.18

dev-v0.3.19

dev-v0.3.2

dev-v0.3.3

dev-v0.3.4

dev-v0.3.5

dev-v0.3.6

dev-v0.3.7

dev-v0.3.8

dev-v0.3.9

dev-v0.4.0

dev-v0.4.1

dev-v0.4.10

dev-v0.4.11

dev-v0.4.12

dev-v0.4.13

dev-v0.4.14

dev-v0.4.15

dev-v0.4.16

dev-v0.4.17

dev-v0.4.18

dev-v0.4.19

dev-v0.4.2

dev-v0.4.20

dev-v0.4.21

dev-v0.4.22

dev-v0.4.23

dev-v0.4.24

dev-v0.4.25

dev-v0.4.26

dev-v0.4.3

dev-v0.4.4

dev-v0.4.5

dev-v0.4.6

dev-v0.4.7

dev-v0.4.8

dev-v0.4.9

dev-v1.0.0

dev-v1.0.1

dev-v1.0.10

dev-v1.0.13

dev-v1.0.14

dev-v1.0.15

dev-v1.0.16

dev-v1.0.17

dev-v1.0.18

dev-v1.0.2

dev-v1.0.3

dev-v1.0.4

dev-v1.0.5

dev-v1.0.6

dev-v1.0.7

dev-v1.0.8

dev-v1.0.9

dev-v1.1.0

dev-v1.1.1

dev-v1.1.2

dev-v1.1.3

dev-v1.1.4

dev-v1.1.5

dev-v1.1.6

dev-v1.1.7

dev-v1.2.0

dev-v1.2.1

dev-v1.2.10

dev-v1.2.11

dev-v1.2.12

dev-v1.2.13

dev-v1.2.14

dev-v1.2.15

dev-v1.2.16

dev-v1.2.17

dev-v1.2.18

dev-v1.2.19

dev-v1.2.2

dev-v1.2.20

dev-v1.2.21

dev-v1.2.22

dev-v1.2.23

dev-v1.2.24

dev-v1.2.25

dev-v1.2.26

dev-v1.2.3

dev-v1.2.4

dev-v1.2.5

dev-v1.2.7

dev-v1.2.8

dev-v1.2.9

dev-v1.3.0

dev-v1.3.1

dev-v1.3.10

dev-v1.3.11

dev-v1.3.12

dev-v1.3.13

dev-v1.3.14

dev-v1.3.15

dev-v1.3.16

dev-v1.3.17

dev-v1.3.18

dev-v1.3.19

dev-v1.3.2

dev-v1.3.20

dev-v1.3.21

dev-v1.3.22

dev-v1.3.23

dev-v1.3.24

dev-v1.3.25

dev-v1.3.26

dev-v1.3.27

dev-v1.3.28

dev-v1.3.29

dev-v1.3.3

dev-v1.3.30

dev-v1.3.31

dev-v1.3.32

dev-v1.3.33

dev-v1.3.4

dev-v1.3.5

dev-v1.3.6

dev-v1.3.7

dev-v1.3.9

dev-v1.4.0

dev-v1.4.1

dev-v1.4.10

dev-v1.4.11

dev-v1.4.12

dev-v1.4.2

dev-v1.4.3

dev-v1.4.4

dev-v1.4.5

dev-v1.4.6

dev-v1.4.7

dev-v1.4.8

dev-v1.4.9

dev-v1.5.0

dev-v1.5.1

dev-v1.5.10

dev-v1.5.11

dev-v1.5.12

dev-v1.5.13

dev-v1.5.14

dev-v1.5.15

dev-v1.5.16

dev-v1.5.17

dev-v1.5.18

dev-v1.5.19

dev-v1.5.2

dev-v1.5.20

dev-v1.5.21

dev-v1.5.22

dev-v1.5.23

dev-v1.5.24

dev-v1.5.25

dev-v1.5.26

dev-v1.5.27

dev-v1.5.28

dev-v1.5.29

dev-v1.5.3

dev-v1.5.31

dev-v1.5.32

dev-v1.5.33

dev-v1.5.34

dev-v1.5.35

dev-v1.5.36

dev-v1.5.37

dev-v1.5.38

dev-v1.5.39

dev-v1.5.4

dev-v1.5.40

dev-v1.5.41

dev-v1.5.42

dev-v1.5.43

dev-v1.5.44

dev-v1.5.45

dev-v1.5.46

dev-v1.5.47

dev-v1.5.48

dev-v1.5.49

dev-v1.5.5

dev-v1.5.50

dev-v1.5.51

dev-v1.5.52

dev-v1.5.53

dev-v1.5.54

dev-v1.5.56

dev-v1.5.6

dev-v1.5.7

dev-v1.5.8

dev-v1.5.9

dev-v1.6.0

dev-v1.6.1

dev-v1.6.10

dev-v1.6.11

dev-v1.6.12

dev-v1.6.13

dev-v1.6.14

dev-v1.6.15

dev-v1.6.16

dev-v1.6.17

dev-v1.6.18

dev-v1.6.19

dev-v1.6.2

dev-v1.6.20

dev-v1.6.21

dev-v1.6.22

dev-v1.6.23

dev-v1.6.24

dev-v1.6.25

dev-v1.6.26

dev-v1.6.28

dev-v1.6.29

dev-v1.6.3

dev-v1.6.30

dev-v1.6.31

dev-v1.6.32

dev-v1.6.4

dev-v1.6.5

dev-v1.6.6

dev-v1.6.7

dev-v1.6.8

dev-v1.6.9

dev7.10-ML-DGA-v0.1.0

dev7.10-ML-DGA-v0.1.0.zip

dev7.10-abc-v0.1.0

feb_2025_updates

integration-v0.13.1

integration-v0.13.2

integration-v0.13.3

integration-v0.14.1

integration-v0.14.2

integration-v0.14.3

integration-v0.16.1

integration-v0.16.2

integration-v1.0.1

integration-v1.0.2

integration-v7.16.3

integration-v7.16.4

integration-v7.16.5

integration-v8.1.1

integration-v8.10.1

integration-v8.10.10

integration-v8.10.11

integration-v8.10.12

integration-v8.10.13

integration-v8.10.14

integration-v8.10.15

integration-v8.10.16

integration-v8.10.17

integration-v8.10.18

integration-v8.10.2

integration-v8.10.3

integration-v8.10.4

integration-v8.10.5

integration-v8.10.6

integration-v8.10.7

integration-v8.10.8

integration-v8.10.9

integration-v8.11.1

integration-v8.11.10

integration-v8.11.11

integration-v8.11.12

integration-v8.11.13

integration-v8.11.14

integration-v8.11.15

integration-v8.11.16

integration-v8.11.17

integration-v8.11.18

integration-v8.11.19

integration-v8.11.2

integration-v8.11.20

integration-v8.11.21

Mono Color

• d6cc14d889 [DOCS] Update branching steps (#1290) Ross Wolf 2021-07-02 09:48:25 -06:00
• b677264876 [DOCS] Update branching steps (#1290) Ross Wolf 2021-07-02 09:48:25 -06:00
• df8f4af3fc Add min_stack_version to rule metadata (#1173) Justin Ibarra 2021-06-30 13:26:27 -08:00
• 781953a0a0 Add min_stack_version to rule metadata (#1173) Justin Ibarra 2021-06-30 13:26:27 -08:00
• 4d54a87f3c Extend metadata with [metadata.extended] section (#1306) Ross Wolf 2021-06-25 17:02:11 -06:00
• f1476b1637 Extend metadata with [metadata.extended] section (#1306) Ross Wolf 2021-06-25 17:02:11 -06:00
• fd0eee4cc0 Add new ECS and beats schemas (#1303) Justin Ibarra 2021-06-23 14:08:23 -08:00
• 1099f181f9 Add new ECS and beats schemas (#1303) Justin Ibarra 2021-06-23 14:08:23 -08:00
• 102b9ff7d5 [New Rule] AWS RDS Security Group Created (#1260) Austin Songer 2021-06-22 19:14:56 -05:00
• 8e451f2318 [New Rule] AWS RDS Security Group Created (#1260) Austin Songer 2021-06-22 19:14:56 -05:00
• 6fd6bb1712 [New Rule] AWS RDS Security Group Deleted (#1261) Austin Songer 2021-06-22 19:09:15 -05:00
• fe14cd23ed [New Rule] AWS RDS Security Group Deleted (#1261) Austin Songer 2021-06-22 19:09:15 -05:00
• 7749086f3b [New Rule] AWS RDS Instance Creation (#1269) Austin Songer 2021-06-22 19:02:48 -05:00
• 9d4574b267 [New Rule] AWS RDS Instance Creation (#1269) Austin Songer 2021-06-22 19:02:48 -05:00
• 78c75d71b0 [New Rule] AWS RDS Snapshot Export (#1270) Austin Songer 2021-06-22 18:58:13 -05:00
• ccae1dc841 [New Rule] AWS RDS Snapshot Export (#1270) Austin Songer 2021-06-22 18:58:13 -05:00
• 4823a40d19 [Rule Tuning] Potential password spraying of microsoft 365 user accounts (#1164) Austin Songer 2021-06-22 12:36:13 -05:00
• c215c44809 [Rule Tuning] Potential password spraying of microsoft 365 user accounts (#1164) Austin Songer 2021-06-22 12:36:13 -05:00
• ba5f3eed82 Switch from process.ppid to process.parent.pid (#1255) Ross Wolf 2021-06-22 09:10:28 -06:00
• 31f63e728e Switch from process.ppid to process.parent.pid (#1255) Ross Wolf 2021-06-22 09:10:28 -06:00
• 549cc9992d [Rule Tuning] Attempts to Brute Force a Microsoft 365 User Account (#1251) Brent Murphy 2021-06-22 10:38:49 -04:00
• d8ef9a81ef [Rule Tuning] Attempts to Brute Force a Microsoft 365 User Account (#1251) Brent Murphy 2021-06-22 10:38:49 -04:00
• c493c5df67 Update initial_access_smb_windows_file_sharing_activity_to_the_internet.toml (#1225) Brent Murphy 2021-06-22 10:22:01 -04:00
• a8c9d7174f Update initial_access_smb_windows_file_sharing_activity_to_the_internet.toml (#1225) Brent Murphy 2021-06-22 10:22:01 -04:00
• 74132fbbe9 [New Rule] AWS Route 53 Domain Transferred to Another Account (#1198) Austin Songer 2021-06-22 01:08:59 -05:00
• ea9a23af8d [New Rule] AWS Route 53 Domain Transferred to Another Account (#1198) Austin Songer 2021-06-22 01:08:59 -05:00
• 10d22d9477 [New Rule] AWS Route 53 Domain Transfer Lock Disabled (#1197) Austin Songer 2021-06-22 01:05:53 -05:00
• 2cadee1718 [New Rule] AWS Route 53 Domain Transfer Lock Disabled (#1197) Austin Songer 2021-06-22 01:05:53 -05:00
• b8a3f43b99 [New Rule] EC2 Full Network Packet Capture Detected (#1175) Austin Songer 2021-06-22 01:00:48 -05:00
• d7e0e37e54 [New Rule] EC2 Full Network Packet Capture Detected (#1175) Austin Songer 2021-06-22 01:00:48 -05:00
• 3996e94bfd [New Rule] Azure Service Principal Credentials Added (#1169) Austin Songer 2021-06-22 00:49:45 -05:00
• 6986f28af6 [New Rule] Azure Service Principal Credentials Added (#1169) Austin Songer 2021-06-22 00:49:45 -05:00
• 119cd60f4e Lock versions for 0.13.1 package Ross Wolf 2021-06-17 12:38:27 -06:00
• 045d928daf Lock versions for 0.13.1 package integration-v0.13.1 Ross Wolf 2021-06-17 12:38:27 -06:00
• 1ff659a634 Update the package version to 0.14.0-dev.0 Ross Wolf 2021-06-17 07:25:41 -06:00
• 1f5820be76 Bump package version to 0.13.1 Ross Wolf 2021-06-17 07:23:50 -06:00
• 6fca31c5de Fix fleet package generation (#1296) Ross Wolf 2021-06-17 06:16:09 -06:00
• e897a67604 Fix fleet package generation (#1296) Ross Wolf 2021-06-17 06:16:09 -06:00
• 98cb7b00cc Simplify version locking code and fix 7.13.0 lock (#1295) Ross Wolf 2021-06-16 18:02:47 -06:00
• f6839e98d1 Simplify version locking code and fix 7.13.0 lock (#1295) Ross Wolf 2021-06-16 18:02:47 -06:00
• e41fe620e6 [New Rule] Add detection rules for auth ML jobs (#1283) Apoorva Joshi 2021-06-16 16:00:17 -07:00
• 18765631fb Fix rules which were note using v2 license (#1291) Justin Ibarra 2021-06-16 06:21:30 -08:00
• e0fa25ae8e Fix rules which were note using v2 license (#1291) Justin Ibarra 2021-06-16 06:21:30 -08:00
• 915c2dea2a [Bug] Fix ML job IDs that used hyphens (#1287) Ross Wolf 2021-06-15 11:40:47 -06:00
• 49cb2e8dbf [Bug] Fix ML job IDs that used hyphens (#1287) Ross Wolf 2021-06-15 11:40:47 -06:00
• fb93735c0f [Rule Tuning] Attempts to Brute Force an Okta User Account (#1216) David French 2021-06-15 09:07:51 -07:00
• 177cfc85bf [Rule Tuning] Attempts to Brute Force an Okta User Account (#1216) David French 2021-06-15 09:07:51 -07:00
• cce7c126b6 Updating rules to query v2 (#1254) Apoorva Joshi 2021-06-15 07:20:50 -07:00
• 1f7c88c6f4 Updating rules to query v2 (#1254) Apoorva Joshi 2021-06-15 07:20:50 -07:00
• 1fd625d650 [Fleet] Update template and packaging code for fleet packages (#1280) Ross Wolf 2021-06-15 07:54:50 -06:00
• 61e5b44c44 [Fleet] Update template and packaging code for fleet packages (#1280) Ross Wolf 2021-06-15 07:54:50 -06:00
• 683621fe62 [Rule Tuning] Update network rule address blocks (#1227) Brent Murphy 2021-06-15 09:22:59 -04:00
• 12577f7380 [Rule Tuning] Update network rule address blocks (#1227) Brent Murphy 2021-06-15 09:22:59 -04:00
• 3d6cefb296 [Rule Tuning] Attempts to brute force a microsoft 365 user account (#1163) Austin Songer 2021-06-15 08:20:20 -05:00
• 546e43071c [Rule Tuning] Attempts to brute force a microsoft 365 user account (#1163) Austin Songer 2021-06-15 08:20:20 -05:00
• 8b3d085f73 Update persistence_suspicious_com_hijack_registry.toml (#1244) Brent Murphy 2021-06-14 09:00:22 -04:00
• 13bf55480a Update persistence_suspicious_com_hijack_registry.toml (#1244) Brent Murphy 2021-06-14 09:00:22 -04:00
• ecbfb8b572 Add KQL support for additional ES field types (#1247) Ross Wolf 2021-06-10 22:30:11 -06:00
• c98398f1ef Add KQL support for additional ES field types (#1247) Ross Wolf 2021-06-10 22:30:11 -06:00
• 5d41f2719a [New Rule] AWS EC2 VM Export Failure (#1142) Austin Songer 2021-06-09 14:03:37 -05:00
• 6b45186827 [New Rule] AWS EC2 VM Export Failure (#1142) Austin Songer 2021-06-09 14:03:37 -05:00
• 1eb36b1a9e [New Rule] Modification of AmsiEnable Registry Key (#1248) Brent Murphy 2021-06-07 13:21:18 -04:00
• fce022c275 [New Rule] Modification of AmsiEnable Registry Key (#1248) Brent Murphy 2021-06-07 13:21:18 -04:00
• cc6cc6bd3e Lock the versions from 7.13.0 (#1256) Ross Wolf 2021-06-04 16:15:33 -06:00
• 90c6f24e8f Lock the versions from 7.13.0 (#1256) Ross Wolf 2021-06-04 16:15:33 -06:00
• 30644d0d6a Update problem-child.md (#1253) Apoorva Joshi 2021-06-03 12:47:00 -07:00
• 8bb7218e38 Update problem-child.md (#1253) ML-DGA-20210604-4 Apoorva Joshi 2021-06-03 12:47:00 -07:00
• 14349b342d Refactor experimental ML CLI and code (#1218) Justin Ibarra 2021-06-02 20:37:12 -08:00
• 0ec8d67e78 Refactor experimental ML CLI and code (#1218) ML-experimental-detections-20210603-5 ML-experimental-detections-20210602-4 ML-ProblemChild-20210602-1 ML-DGA-20210602-3 Justin Ibarra 2021-06-02 20:37:12 -08:00
• 057d29a8d2 Fix create-rule bug (#1246) Justin Ibarra 2021-06-01 08:31:36 -08:00
• e46f5e96d3 Fix create-rule bug (#1246) Justin Ibarra 2021-06-01 08:31:36 -08:00
• f91e0facea Update privilege_escalation_persistence_phantom_dll.toml (#1228) Brent Murphy 2021-06-01 09:29:09 -04:00
• 6626cbb943 Update privilege_escalation_persistence_phantom_dll.toml (#1228) Brent Murphy 2021-06-01 09:29:09 -04:00
• f9805954ee [New Rule] Unusual Network Connection via DllHost (#1232) Brent Murphy 2021-05-28 15:09:09 -04:00
• c457614e37 [New Rule] Unusual Network Connection via DllHost (#1232) Brent Murphy 2021-05-28 15:09:09 -04:00
• acfca54f73 [New Rule] Suspicious Execution from a Mounted Device (#1230) Brent Murphy 2021-05-28 14:44:07 -04:00
• 31e8d03438 [New Rule] Suspicious Execution from a Mounted Device (#1230) Brent Murphy 2021-05-28 14:44:07 -04:00
• 4088f6b544 Add a command to create a Kibana PR (#1208) Ross Wolf 2021-05-17 14:57:21 -06:00
• b0270d059f Add a command to create a Kibana PR (#1208) Ross Wolf 2021-05-17 14:57:21 -06:00
• fcd29373d5 [Rule Tuning] High Number of Okta User Password Reset or Unlock Attempts (#1200) Austin Songer 2021-05-14 19:52:02 +00:00
• 58ea49b092 [Rule Tuning] High Number of Okta User Password Reset or Unlock Attempts (#1200) Austin Songer 2021-05-14 19:52:02 +00:00
• afa6f1b541 Update backport.yml (#1205) Ross Wolf 2021-05-13 16:54:52 -06:00
• a940c10ead Update backport.yml (#1205) Ross Wolf 2021-05-13 16:54:52 -06:00
• 79cd81288a Port historical schemas to jsonschema (#1084) Ross Wolf 2021-05-13 14:27:32 -06:00
• eb40c52c7c Port historical schemas to jsonschema (#1084) Ross Wolf 2021-05-13 14:27:32 -06:00
• 88fda20b78 [Bug] Update main.py to fix toml-lint (#1202) Brent Murphy 2021-05-13 11:43:13 -04:00
• e40276c12b [Bug] Update main.py to fix toml-lint (#1202) Brent Murphy 2021-05-13 11:43:13 -04:00
• 138e410a06 Cleanup note field in rules (#1194) Justin Ibarra 2021-05-10 13:40:56 -08:00
• 6ef5c53b0c Cleanup note field in rules (#1194) Justin Ibarra 2021-05-10 13:40:56 -08:00
• 9ac3de7c82 Retrieve branch history of main in backport job Ross Wolf 2021-05-06 23:12:57 -06:00
• c11a07316c Disable persist-credentials from checkout job (#1187) Ross Wolf 2021-05-06 22:58:31 -06:00
• 342c35766d Use @protectionsmachine to push backports (#1186) Ross Wolf 2021-05-06 22:26:30 -06:00
• 60f5168f07 Retrieve branch history of main in backport job Ross Wolf 2021-05-06 23:12:57 -06:00
• 700c63d7d5 Disable persist-credentials from checkout job (#1187) Ross Wolf 2021-05-06 22:58:31 -06:00
• a33e943591 Use @protectionsmachine to push backports (#1186) Ross Wolf 2021-05-06 22:26:30 -06:00
• 00b479cb33 Fix backport job webhook + push (#1185) Ross Wolf 2021-05-06 21:32:40 -06:00
• 67febf3b45 Add job for 'backport: auto' labeled PRs (#1174) Ross Wolf 2021-05-06 20:03:05 -06:00
• f3f344018b Fix backport job webhook + push (#1185) Ross Wolf 2021-05-06 21:32:40 -06:00
• 2ceb5b52c9 Add job for 'backport: auto' labeled PRs (#1174) Ross Wolf 2021-05-06 20:03:05 -06:00
• a623e34a9e Fix rule filenames during packaging (#1158) Justin Ibarra 2021-05-05 11:27:04 -08:00