Terrance DeJesus
9fb2dea7aa
* new endpoint security rules for specific alerts * updated risk scores * fixed rule names and UUIDs * changed logic to use message field for detection vs prevention * reverting changes * reverting changes * reverting to old commit * reverting to old commit * reverting to old commit * reverting to old commit * changed naming to Elastic Defend * updated rule dates and min-stacks * linted; adjusted queries * updated ransomware, memory sig or shellcode risk * Update rules/integrations/endpoint/elastic_endpoint_security.toml * updated promotion rule * fixed typos in naming * updated setup guides * added intervals * added MITRE * added investigation guide for Memory Threat * ++ * ++ * Update rules/integrations/endpoint/elastic_endpoint_security_behavior_detected.toml Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> * Update rules/integrations/endpoint/elastic_endpoint_security_memory_signature_prevented.toml Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com> * Update rules/integrations/endpoint/elastic_endpoint_security_memory_signature_detected.toml Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com> * Update rules/integrations/endpoint/elastic_endpoint_security_malicious_file_prevented.toml Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com> * Update rules/integrations/endpoint/elastic_endpoint_security_memory_signature_detected.toml Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com> * Update rules/integrations/endpoint/elastic_endpoint_security_memory_signature_prevented.toml Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com> * Update rules/integrations/endpoint/elastic_endpoint_security_ransomware_detected.toml Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com> * Update rules/integrations/endpoint/elastic_endpoint_security_ransomware_prevented.toml Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com> * ++ * ++ * ++ * ++ * Update rules/integrations/endpoint/elastic_endpoint_security.toml * Update rules/integrations/endpoint/elastic_endpoint_security_behavior_detected.toml * Update rules/integrations/endpoint/elastic_endpoint_security_behavior_prevented.toml * Update rules/integrations/endpoint/elastic_endpoint_security_malicious_file_detected.toml * Update rules/integrations/endpoint/elastic_endpoint_security_memory_signature_prevented.toml * ++ * ++ * ++ * Update rules/integrations/endpoint/elastic_endpoint_security_behavior_detected.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update rules/integrations/endpoint/execution_elastic_malicious_file_detected.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update rules/integrations/endpoint/impact_elastic_ransomware_detected.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update rules/integrations/endpoint/elastic_endpoint_security_behavior_prevented.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update rules/integrations/endpoint/execution_elastic_malicious_file_prevented.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update rules/integrations/endpoint/impact_elastic_ransomware_prevented.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update rules/integrations/endpoint/defense_evasion_elastic_memory_threat_prevented.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update rules/integrations/endpoint/defense_evasion_elastic_memory_threat_prevented.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update rules/integrations/endpoint/elastic_endpoint_security_behavior_prevented.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update rules/integrations/endpoint/elastic_endpoint_security_behavior_detected.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update rules/integrations/endpoint/elastic_endpoint_security_behavior_prevented.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update rules/integrations/endpoint/execution_elastic_malicious_file_detected.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update rules/integrations/endpoint/execution_elastic_malicious_file_detected.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update rules/integrations/endpoint/execution_elastic_malicious_file_prevented.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update rules/integrations/endpoint/execution_elastic_malicious_file_prevented.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update rules/integrations/endpoint/execution_elastic_malicious_file_prevented.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update rules/integrations/endpoint/impact_elastic_ransomware_detected.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update rules/integrations/endpoint/impact_elastic_ransomware_detected.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update rules/integrations/endpoint/impact_elastic_ransomware_detected.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update rules/integrations/endpoint/impact_elastic_ransomware_prevented.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update rules/integrations/endpoint/impact_elastic_ransomware_prevented.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update rules/integrations/endpoint/defense_evasion_elastic_memory_threat_detected.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update rules/integrations/endpoint/impact_elastic_ransomware_prevented.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update rules/integrations/endpoint/defense_evasion_elastic_memory_threat_detected.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update rules/integrations/endpoint/defense_evasion_elastic_memory_threat_detected.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update rules/integrations/endpoint/defense_evasion_elastic_memory_threat_prevented.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update defense_evasion_elastic_memory_threat_prevented.toml * toml-lint * Update rules/integrations/endpoint/execution_elastic_malicious_file_detected.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * ++ --------- Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com> Co-authored-by: Samirbous <Samir.Bousseaden@elastic.co> Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>