Isai 37f28be816 [Rule Tuning] AWS IAM CompromisedKeyQuarantine Policy Attached to User (#5281) ...

This rule is working as expected, only instances of this alert in telemetry is for testing environments.
- uses `iam` instead of `any` for eql query
- added highlighted fields

2025-11-17 16:25:38 -05:00

..

aws

[Rule Tuning] AWS IAM CompromisedKeyQuarantine Policy Attached to User (#5281)

2025-11-17 16:25:38 -05:00

aws_bedrock

[Tuning] Add mv_expand for gen_ai.policy.action field (#5296)

2025-11-11 07:37:40 +05:30

azure

[New Rule] Azure Compute Snapshot Deletion(s) (#5211)

2025-11-15 08:36:03 -05:00

azure_openai

[Rule Tuning] Updated ESQL Rules Based on Validation Results (#5151)

2025-09-30 00:36:29 -04:00

beaconing

[FR] Generate investigation guides (#4358)

2025-01-22 11:17:38 -06:00

cyberarkpas

[FR] Generate investigation guides (#4358)

2025-01-22 11:17:38 -06:00

ded

[FR] Generate investigation guides (#4358)

2025-01-22 11:17:38 -06:00

dga

[Rule Tuning] Reduce Severity from Critical to High (#4637)

2025-05-06 21:37:47 +05:30

endpoint

Prep 8.19/9.1 (#4869)

2025-07-07 11:27:48 -04:00

fim

[FR] Generate investigation guides (#4358)

2025-01-22 11:17:38 -06:00

gcp

[FR] Generate investigation guides (#4358)

2025-01-22 11:17:38 -06:00

github

Prep for Release 9.0 (#4550)

2025-03-20 20:32:07 +05:30

google_workspace

Fix spacing in Setup information (#4470)

2025-02-20 10:04:13 +05:30

kubernetes

Investigation guides Update (#4920)

2025-07-22 07:52:48 +05:30

lmd

[FR] Generate investigation guides (#4358)

2025-01-22 11:17:38 -06:00

o365

[Rule Tuning] Microsoft 365 Global Administrator Role Assigned (#5293)

2025-11-11 13:13:07 -05:00

okta

[Rule Tuning] Updated ESQL Rules Based on Validation Results (#5151)

2025-09-30 00:36:29 -04:00

pad

Prep 8.19/9.1 (#4869)

2025-07-07 11:27:48 -04:00

problemchild

[Rule Tuning] Beats & Endgame Indices (#5072)

2025-09-09 13:19:13 -05:00