-
Notifications
You must be signed in to change notification settings - Fork 191
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
4b17293
commit 016b745
Showing
1,043 changed files
with
55,683 additions
and
48,005 deletions.
There are no files selected for viewing
6 changes: 6 additions & 0 deletions
6
...uilt-rules/downloadable-packages/8-12-1/prebuilt-rules-8-12-1-appendix.asciidoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| ["appendix",role="exclude",id="prebuilt-rule-8-12-1-prebuilt-rules-8-12-1-appendix"] | ||
| = Downloadable rule update v8.12.1 | ||
|
|
||
| This section lists all updates associated with version 8.12.1 of the Fleet integration *Prebuilt Security Detection Rules*. | ||
|
|
||
|
|
12 changes: 12 additions & 0 deletions
12
...built-rules/downloadable-packages/8-12-1/prebuilt-rules-8-12-1-summary.asciidoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| [[prebuilt-rule-8-12-1-prebuilt-rules-8-12-1-summary]] | ||
| [role="xpack"] | ||
| == Update v8.12.1 | ||
|
|
||
| This section lists all updates associated with version 8.12.1 of the Fleet integration *Prebuilt Security Detection Rules*. | ||
|
|
||
|
|
||
| [width="100%",options="header"] | ||
| |============================================== | ||
| |Rule |Description |Status |Version | ||
|
|
||
| |============================================== |
140 changes: 1 addition & 139 deletions
140
docs/detections/prebuilt-rules/prebuilt-rules-downloadable-updates.asciidoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,139 +1 @@ | ||
| [[prebuilt-rules-downloadable-updates]] | ||
| [role="xpack"] | ||
| == Downloadable rule updates | ||
|
|
||
| This section lists all updates to prebuilt detection rules, made available with the *Prebuilt Security Detection Rules* integration in Fleet. | ||
|
|
||
| To update your installed rules to the latest versions, follow the instructions in <<update-prebuilt-rules>>. | ||
|
|
||
|
|
||
| [width="100%",options="header"] | ||
| |============================================== | ||
| |Update version |Date | New rules | Updated rules | Notes | ||
|
|
||
| |<<prebuilt-rule-8-7-1-prebuilt-rules-8-7-1-summary, 8.7.1>> | 15 Feb 2023 | 29 | 110 | | ||
| This release includes new rules for Windows and Linux endpoints. | ||
| Additionally, significant rule tuning for Windows and Linux rules has been added for better rule efficacy. | ||
| A Google Workspace promotional rule was added to promote security alerts from the Alert Center. | ||
| Machine learning rules related to failed logins have been adjusted for better scoring results. | ||
| Additional investigation guides have been added for Windows and Linux rules. | ||
| A https://www.elastic.co/guide/en/security/current/rules-ui-create.html[New Terms] rule has been created to identify loaded Windows drivers not seen in the last 30 days. | ||
| A guided onboarding rule has been created to assist new SIEM users with getting started. | ||
|
|
||
| |<<prebuilt-rule-8-6-1-prebuilt-rules-8-6-1-summary, 8.6.1>> | 15 Feb 2023 | 28 | 110 | | ||
| This release includes new rules for Windows and Linux endpoints. | ||
| Additionally, significant rule tuning for Windows and Linux rules has been added for better rule efficacy. | ||
| A Google Workspace promotional rule was added to promote security alerts from the Alert Center. | ||
| Machine learning rules related to failed logins have been adjusted for better scoring results. | ||
| Additional investigation guides have been added for Windows and Linux rules. | ||
| A https://www.elastic.co/guide/en/security/current/rules-ui-create.html[New Terms] rule has been created to identify loaded Windows drivers not seen in the last 30 days. | ||
|
|
||
| |<<prebuilt-rule-8-5-1-prebuilt-rules-8-5-1-summary, 8.5.1>> | 14 Feb 2023 | 27 | 110 | | ||
| This release includes new rules for Windows and Linux endpoints. | ||
| Additionally, significant rule tuning for Windows and Linux rules has been added for better rule efficacy. | ||
| A Google Workspace promotional rule was added to promote security alerts from the Alert Center. | ||
| Machine learning rules related to failed logins have been adjusted for better scoring results. | ||
| Additional investigation guides have been added for Windows and Linux rules. | ||
|
|
||
| |<<prebuilt-rule-8-4-3-prebuilt-rules-8-4-3-summary, 8.4.3>> | 14 Feb 2023 | 27 | 110 | | ||
| This release includes new rules for Windows and Linux endpoints. | ||
| Additionally, significant rule tuning for Windows and Linux rules has been added for better rule efficacy. | ||
| A Google Workspace promotional rule was added to promote security alerts from the Alert Center. | ||
| Machine learning rules related to failed logins have been adjusted for better scoring results. | ||
| Additional investigation guides have been added for Windows and Linux rules. | ||
|
|
||
| |<<prebuilt-rule-8-4-2-prebuilt-rules-8-4-2-summary, 8.4.2>> | 24 Jan 2023 | 5 | 494 | | ||
| This release includes new rules for Windows regarding Microsoft Exchange interaction via Powershell. | ||
| Additionally, significant rule tuning for Windows rules has been added for better rule efficacy. | ||
| A new rule for multiple alerts with different ATT&CK tactics on a single host has also been included. | ||
| A new rule for multiple alerts involving a single user has been added. | ||
| Related integration tags and recommended versions have been added to endpoint rules. | ||
| Bug fixes for OSQuery execution in rule investigation guides has been added. | ||
|
|
||
| |<<prebuilt-rule-8-3-4-prebuilt-rules-8-3-4-summary, 8.3.4>> | 24 Jan 2023 | 1 | 4 | | ||
| This release includes new rules for Windows regarding Microsoft Exchange interaction via PowerShell. | ||
| A new rule for multiple alerts with different ATT&CK tactics on a single host has also been included. | ||
| Additionally, a new rule for multiple alerts involving a single user has been added. | ||
| This release also includes rule tuning for suspicious Windows Error Reporting child processes. | ||
|
|
||
| |<<prebuilt-rule-8-3-3-prebuilt-rules-8-3-3-summary, 8.3.3>> | 19 Jan 2023 | 17 | 500 | | ||
| This release includes new rules for Windows regarding Microsoft Exchange interaction via PowerShell. | ||
| Additionally, significant rule tuning for Windows rules has been added for better rule efficacy. | ||
| Related integration tags and recommended versions have been added to endpoint rules. | ||
| Bug fixes for OSQuery execution in rule investigation guides has been added. | ||
|
|
||
| |<<prebuilt-rule-8-4-1-prebuilt-rules-8-4-1-summary, 8.4.1>> | 05 Dec 2022 | 20 | 298 | | ||
| This release includes new rules for Linux regarding reverse shells. | ||
| Additionally, new windows rules have been added to supply coverage for credential access and access token manipulation. | ||
| Specific Windows and Linux rules have been tuned to reduce false-positive signals. | ||
|
|
||
| |<<prebuilt-rule-8-3-2-prebuilt-rules-8-3-2-summary, 8.3.2>> | 06 Oct 2022 | 25 | 232 | | ||
| This release includes new rules for Linux, Windows, Google Workspace and Kubernetes. | ||
| Also included are expanded investigation guides for Linux, Windows and macOS rules. | ||
|
|
||
| |<<prebuilt-rule-8-3-1-prebuilt-rules-8-3-1-summary, 8.3.1>> | 26 Aug 2022 | 0 | 113 | | ||
| This release includes new rules for Linux, Windows, Google Workspace and Kubernetes. | ||
| Also included are expanded investigation and setup guides for Linux, Windows and macOS rules. | ||
| Rule compatability for required event fields and related Fleet integrations has also been included. | ||
|
|
||
| |<<prebuilt-rule-8-2-1-prebuilt-rules-8-2-1-summary, 8.2.1>> | 24 Aug 2022 | 442 | 96 | | ||
| This release includes new rules for Windows, MacOS, Linux, Kubernetes, and considerable tuning efforts. | ||
| Also included are expanded investion guides for Windows, Azure and AWS rules. | ||
|
|
||
| |<<prebuilt-rule-8-1-1-prebuilt-rules-8-1-1-summary, 8.1.1>> | 24 Jun 2022 | 14 | 159 | | ||
| This release includes new rules for Windows, MacOS, Linux and Kubernetes. | ||
| Also included are expanded investigation guides for Windows rules. | ||
| Additionally, this update includes new rules to help detect emerging threat https://www.elastic.co/blog/a-peek-behind-the-bpfdoor[BPFDoor]. | ||
| Updates to existing Windows rules were made to help detect exploitation attempts against https://www.elastic.co/blog/vulnerability-summary-follina[CVE-2022-30190]. | ||
|
|
||
| |<<prebuilt-rule-1-0-2-prebuilt-rules-1-0-2-summary, 1.0.2>> | 03 May 2022 | 42 | 341 | | ||
| This release includes new rules for MacOS regarding initial access and persistence coverage. | ||
| New rules to detect shell evasion in Linux have also been added. | ||
| Also included are expanded investigation guides for Windows rules as well as new rules for credential theft and Active Directory (AD). | ||
| Additionally, this update includes new rules to help detect the emerging threat https://www.elastic.co/blog/detecting-and-responding-to-dirty-pipe-with-elastic[CVE-2022-0847 (Dirty Pipe)] | ||
|
|
||
| |<<prebuilt-rule-0-14-3-prebuilt-rules-0-14-3-summary, 0.14.3>> | 13 Dec 2021 | 35 | 45 | | ||
| This release includes an update to an existing rule and adds a new rule to help detect https://www.elastic.co/blog/detecting-log4j2-with-elastic-security[CVE-2021-44228 (log4j2)]. | ||
| Also included are updates and new rules for cloud integrations, windows, PowerShell, and others. | ||
|
|
||
| |<<prebuilt-rule-0-14-2-prebuilt-rules-0-14-2-summary, 0.14.2>> | 15 Oct 2021 | 18 | 89 | | ||
| This release includes rules covering Windows endpoints, as well as several third-party integrations — including rules contributed by the community. | ||
|
|
||
| |<<prebuilt-rule-0-14-1-prebuilt-rules-0-14-1-summary, 0.14.1>> | 08 Sep 2021 | 3 | 71 | | ||
| Included in this release is a rule to detect web shells, including | ||
| https://discuss.elastic.co/t/detection-and-response-for-proxyshell-activity/282407[ProxyShell] activity. | ||
|
|
||
| |<<prebuilt-rule-0-13-3-prebuilt-rules-0-13-3-summary, 0.13.3>> | 22 Jul 2021 | 4 | 36 | | ||
| Included in this release is a rule for Windows Defender Exclusions, which has been used in recent campaigns, as well as | ||
| a rule to resiliently detect parent PID spoofing. | ||
|
|
||
| |<<prebuilt-rule-0-13-2-prebuilt-rules-0-13-2-summary, 0.13.2>> | 07 Jul 2021 | 15 | 6 | | ||
| Included in this release are 3 new rules for the recently observed | ||
| https://www.elastic.co/blog/elastic-security-prevents-100-percent-of-revil-ransomware-samples[REvil] | ||
| activity as well as 4 new rules covering the recent | ||
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527[PrintNightmare] vulnerability. | ||
|
|
||
| |<<prebuilt-rule-0-13-1-prebuilt-rules-0-13-1-summary, 0.13.1>> | 21 Jun 2021 | 4 | 41 | | ||
|
|
||
| |============================================== | ||
|
|
||
|
|
||
| include::downloadable-packages/0-13-1/prebuilt-rules-0-13-1-summary.asciidoc[leveloffset=+1] | ||
| include::downloadable-packages/0-13-2/prebuilt-rules-0-13-2-summary.asciidoc[leveloffset=+1] | ||
| include::downloadable-packages/0-13-3/prebuilt-rules-0-13-3-summary.asciidoc[leveloffset=+1] | ||
| include::downloadable-packages/0-14-1/prebuilt-rules-0-14-1-summary.asciidoc[leveloffset=+1] | ||
| include::downloadable-packages/0-14-2/prebuilt-rules-0-14-2-summary.asciidoc[leveloffset=+1] | ||
| include::downloadable-packages/0-14-3/prebuilt-rules-0-14-3-summary.asciidoc[leveloffset=+1] | ||
| include::downloadable-packages/1-0-2/prebuilt-rules-1-0-2-summary.asciidoc[leveloffset=+1] | ||
| include::downloadable-packages/8-1-1/prebuilt-rules-8-1-1-summary.asciidoc[leveloffset=+1] | ||
| include::downloadable-packages/8-2-1/prebuilt-rules-8-2-1-summary.asciidoc[leveloffset=+1] | ||
| include::downloadable-packages/8-3-1/prebuilt-rules-8-3-1-summary.asciidoc[leveloffset=+1] | ||
| include::downloadable-packages/8-3-2/prebuilt-rules-8-3-2-summary.asciidoc[leveloffset=+1] | ||
| include::downloadable-packages/8-3-3/prebuilt-rules-8-3-3-summary.asciidoc[leveloffset=+1] | ||
| include::downloadable-packages/8-3-4/prebuilt-rules-8-3-4-summary.asciidoc[leveloffset=+1] | ||
| include::downloadable-packages/8-4-1/prebuilt-rules-8-4-1-summary.asciidoc[leveloffset=+1] | ||
| include::downloadable-packages/8-4-2/prebuilt-rules-8-4-2-summary.asciidoc[leveloffset=+1] | ||
| include::downloadable-packages/8-4-3/prebuilt-rules-8-4-3-summary.asciidoc[leveloffset=+1] | ||
| include::downloadable-packages/8-5-1/prebuilt-rules-8-5-1-summary.asciidoc[leveloffset=+1] | ||
| include::downloadable-packages/8-6-1/prebuilt-rules-8-6-1-summary.asciidoc[leveloffset=+1] | ||
| include::downloadable-packages/8-7-1/prebuilt-rules-8-7-1-summary.asciidoc[leveloffset=+1] | ||
| include::downloadable-packages/8-12-1/prebuilt-rules-8-12-1-summary.asciidoc[leveloffset=+1] |
Oops, something went wrong.