Skip to content

Commit

Permalink
removes extra "the"s (#5015)
Browse files Browse the repository at this point in the history
(cherry picked from commit f93f1dd)

# Conflicts:
#	docs/release-notes/8.13.asciidoc
  • Loading branch information
benironside authored and mergify[bot] committed Mar 29, 2024
1 parent 1283c6e commit 75578c3
Show file tree
Hide file tree
Showing 13 changed files with 64 additions and 16 deletions.
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
[[prebuilt-rule-8-4-3-host-files-system-changes-via-windows-subsystem-for-linux]]
=== Host Files System Changes via Windows Subsystem for Linux

Detects files creation and modification on the host system from the the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection.
Detects files creation and modification on the host system from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection.

*Rule type*: eql

Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
[[prebuilt-rule-8-4-3-suspicious-execution-via-windows-subsystem-for-linux]]
=== Suspicious Execution via Windows Subsystem for Linux

Detects Linux Bash commands from the the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection.
Detects Linux Bash commands from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection.

*Rule type*: eql

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -41,13 +41,13 @@ This section lists all updates associated with version 8.4.3 of the Fleet integr

|<<prebuilt-rule-8-4-3-untrusted-driver-loaded, Untrusted Driver Loaded>> | Identifies attempt to load an untrusted driver. Adversaries may modify code signing policies to enable execution of unsigned or self-signed code. | new | 1

|<<prebuilt-rule-8-4-3-suspicious-execution-via-windows-subsystem-for-linux, Suspicious Execution via Windows Subsystem for Linux>> | Detects Linux Bash commands from the the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1
|<<prebuilt-rule-8-4-3-suspicious-execution-via-windows-subsystem-for-linux, Suspicious Execution via Windows Subsystem for Linux>> | Detects Linux Bash commands from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1

|<<prebuilt-rule-8-4-3-execution-via-windows-subsystem-for-linux, Execution via Windows Subsystem for Linux>> | Detects attempts to execute a program on the host from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1

|<<prebuilt-rule-8-4-3-windows-subsystem-for-linux-enabled-via-dism-utility, Windows Subsystem for Linux Enabled via Dism Utility>> | Detects attempts to enable the Windows Subsystem for Linux using Microsoft Dism utility. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1

|<<prebuilt-rule-8-4-3-host-files-system-changes-via-windows-subsystem-for-linux, Host Files System Changes via Windows Subsystem for Linux>> | Detects files creation and modification on the host system from the the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1
|<<prebuilt-rule-8-4-3-host-files-system-changes-via-windows-subsystem-for-linux, Host Files System Changes via Windows Subsystem for Linux>> | Detects files creation and modification on the host system from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1

|<<prebuilt-rule-8-4-3-attempt-to-install-kali-linux-via-wsl, Attempt to Install Kali Linux via WSL>> | Detects attempts to install or use Kali Linux via Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1

Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
[[prebuilt-rule-8-5-1-host-files-system-changes-via-windows-subsystem-for-linux]]
=== Host Files System Changes via Windows Subsystem for Linux

Detects files creation and modification on the host system from the the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection.
Detects files creation and modification on the host system from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection.

*Rule type*: eql

Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
[[prebuilt-rule-8-5-1-suspicious-execution-via-windows-subsystem-for-linux]]
=== Suspicious Execution via Windows Subsystem for Linux

Detects Linux Bash commands from the the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection.
Detects Linux Bash commands from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection.

*Rule type*: eql

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -41,13 +41,13 @@ This section lists all updates associated with version 8.5.1 of the Fleet integr

|<<prebuilt-rule-8-5-1-untrusted-driver-loaded, Untrusted Driver Loaded>> | Identifies attempt to load an untrusted driver. Adversaries may modify code signing policies to enable execution of unsigned or self-signed code. | new | 1

|<<prebuilt-rule-8-5-1-suspicious-execution-via-windows-subsystem-for-linux, Suspicious Execution via Windows Subsystem for Linux>> | Detects Linux Bash commands from the the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1
|<<prebuilt-rule-8-5-1-suspicious-execution-via-windows-subsystem-for-linux, Suspicious Execution via Windows Subsystem for Linux>> | Detects Linux Bash commands from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1

|<<prebuilt-rule-8-5-1-execution-via-windows-subsystem-for-linux, Execution via Windows Subsystem for Linux>> | Detects attempts to execute a program on the host from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1

|<<prebuilt-rule-8-5-1-windows-subsystem-for-linux-enabled-via-dism-utility, Windows Subsystem for Linux Enabled via Dism Utility>> | Detects attempts to enable the Windows Subsystem for Linux using Microsoft Dism utility. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1

|<<prebuilt-rule-8-5-1-host-files-system-changes-via-windows-subsystem-for-linux, Host Files System Changes via Windows Subsystem for Linux>> | Detects files creation and modification on the host system from the the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1
|<<prebuilt-rule-8-5-1-host-files-system-changes-via-windows-subsystem-for-linux, Host Files System Changes via Windows Subsystem for Linux>> | Detects files creation and modification on the host system from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1

|<<prebuilt-rule-8-5-1-attempt-to-install-kali-linux-via-wsl, Attempt to Install Kali Linux via WSL>> | Detects attempts to install or use Kali Linux via Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1

Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
[[prebuilt-rule-8-6-1-host-files-system-changes-via-windows-subsystem-for-linux]]
=== Host Files System Changes via Windows Subsystem for Linux

Detects files creation and modification on the host system from the the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection.
Detects files creation and modification on the host system from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection.

*Rule type*: eql

Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
[[prebuilt-rule-8-6-1-suspicious-execution-via-windows-subsystem-for-linux]]
=== Suspicious Execution via Windows Subsystem for Linux

Detects Linux Bash commands from the the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection.
Detects Linux Bash commands from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection.

*Rule type*: eql

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -41,13 +41,13 @@ This section lists all updates associated with version 8.6.1 of the Fleet integr

|<<prebuilt-rule-8-6-1-untrusted-driver-loaded, Untrusted Driver Loaded>> | Identifies attempt to load an untrusted driver. Adversaries may modify code signing policies to enable execution of unsigned or self-signed code. | new | 1

|<<prebuilt-rule-8-6-1-suspicious-execution-via-windows-subsystem-for-linux, Suspicious Execution via Windows Subsystem for Linux>> | Detects Linux Bash commands from the the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1
|<<prebuilt-rule-8-6-1-suspicious-execution-via-windows-subsystem-for-linux, Suspicious Execution via Windows Subsystem for Linux>> | Detects Linux Bash commands from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1

|<<prebuilt-rule-8-6-1-execution-via-windows-subsystem-for-linux, Execution via Windows Subsystem for Linux>> | Detects attempts to execute a program on the host from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1

|<<prebuilt-rule-8-6-1-windows-subsystem-for-linux-enabled-via-dism-utility, Windows Subsystem for Linux Enabled via Dism Utility>> | Detects attempts to enable the Windows Subsystem for Linux using Microsoft Dism utility. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1

|<<prebuilt-rule-8-6-1-host-files-system-changes-via-windows-subsystem-for-linux, Host Files System Changes via Windows Subsystem for Linux>> | Detects files creation and modification on the host system from the the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1
|<<prebuilt-rule-8-6-1-host-files-system-changes-via-windows-subsystem-for-linux, Host Files System Changes via Windows Subsystem for Linux>> | Detects files creation and modification on the host system from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1

|<<prebuilt-rule-8-6-1-attempt-to-install-kali-linux-via-wsl, Attempt to Install Kali Linux via WSL>> | Detects attempts to install or use Kali Linux via Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1

Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
[[prebuilt-rule-8-7-1-host-files-system-changes-via-windows-subsystem-for-linux]]
=== Host Files System Changes via Windows Subsystem for Linux

Detects files creation and modification on the host system from the the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection.
Detects files creation and modification on the host system from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection.

*Rule type*: eql

Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
[[prebuilt-rule-8-7-1-suspicious-execution-via-windows-subsystem-for-linux]]
=== Suspicious Execution via Windows Subsystem for Linux

Detects Linux Bash commands from the the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection.
Detects Linux Bash commands from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection.

*Rule type*: eql

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -43,13 +43,13 @@ This section lists all updates associated with version 8.7.1 of the Fleet integr

|<<prebuilt-rule-8-7-1-untrusted-driver-loaded, Untrusted Driver Loaded>> | Identifies attempt to load an untrusted driver. Adversaries may modify code signing policies to enable execution of unsigned or self-signed code. | new | 1

|<<prebuilt-rule-8-7-1-suspicious-execution-via-windows-subsystem-for-linux, Suspicious Execution via Windows Subsystem for Linux>> | Detects Linux Bash commands from the the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1
|<<prebuilt-rule-8-7-1-suspicious-execution-via-windows-subsystem-for-linux, Suspicious Execution via Windows Subsystem for Linux>> | Detects Linux Bash commands from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1

|<<prebuilt-rule-8-7-1-execution-via-windows-subsystem-for-linux, Execution via Windows Subsystem for Linux>> | Detects attempts to execute a program on the host from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1

|<<prebuilt-rule-8-7-1-windows-subsystem-for-linux-enabled-via-dism-utility, Windows Subsystem for Linux Enabled via Dism Utility>> | Detects attempts to enable the Windows Subsystem for Linux using Microsoft Dism utility. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1

|<<prebuilt-rule-8-7-1-host-files-system-changes-via-windows-subsystem-for-linux, Host Files System Changes via Windows Subsystem for Linux>> | Detects files creation and modification on the host system from the the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1
|<<prebuilt-rule-8-7-1-host-files-system-changes-via-windows-subsystem-for-linux, Host Files System Changes via Windows Subsystem for Linux>> | Detects files creation and modification on the host system from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1

|<<prebuilt-rule-8-7-1-attempt-to-install-kali-linux-via-wsl, Attempt to Install Kali Linux via WSL>> | Detects attempts to install or use Kali Linux via Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1

Expand Down
48 changes: 48 additions & 0 deletions docs/release-notes/8.13.asciidoc
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
[[release-notes-header-8.13.0]]
== 8.13

[discrete]
[[release-notes-8.13.0]]
=== 8.13.0

[discrete]
[[features-8.13.0]]
==== Features

* Allows you to define an entity's (such as a host's or user's) `Asset criticality`, which can affect risk scores ({kibana-pull}176815[#176815], {kibana-pull}176294[#176294], {kibana-pull}172417[#172417], {kibana-pull}176056[#176056]).
* Allows information on the Data Quality dashboard to now persist in {elastic-sec} rather than disappearing after each session ({kibana-pull}175673[#175673], {kibana-pull}173185[#173185]).
* Adds field-by-field diffs to the rules upgrade flyout so you can see what's changed between versions ({kibana-pull}174564[#174564]).
* Adds alert suppression to the Indicator Match rule type ({kibana-pull}174241[#174241]).
* You can add Elastic Defend’s `kill-process` or `suspend-process` response actions to detection rules to automatically terminate or suspend a process on an affected host ({kibana-pull}161645[#161645]).
* Allows you to isolate and release a SentinelOne-protected host from detection alerts and the response console, and view third-party actions in the response actions history log ({kibana-pull}173927[#173927], {kibana-pull}175810[#175810]).
* Allows you to enable and disable cloud security Benchmark rules ({kibana-pull}174575[#174575]).


[discrete]
[[enhancements-8.13.0]]
==== Enhancements

* Enables advanced sorting and customization options for the Findings page's **Vulnerabilities** table ({kibana-pull}174413[#174413]).
* Adds the ability to analyze an event within a specific time range and data view ({kibana-pull}176364[#176364]).
* Enables the newly expanded host and user details flyouts, which allow you to view host or user details, risk data and inputs, and asset criticality ({kibana-pull}175899[#175899]).
* Improves the header layout in the alert details flyout so basic alert details are better organized ({kibana-pull}175075[#175075]).
* Adds inline actions and a search bar to the left panel in the event analyzer UI and improves formatting issues ({kibana-pull}172397[#172397]).

[discrete]
[[bug-fixes-8.13.0]]
==== Bug fixes

* Fixes a bug that prevented the event analyzer preview from loading properly for {esql} rules ({kibana-pull}178389[#178389]).
* Fixes a bug that prevented you from editing, adding, or removing query filters when creating or editing a custom query, indicator match, or new terms rule ({kibana-pull}178207[#178207]).
* Fixes a bug that caused unnecessary error messages to appear in {kib} server logs when using the MITRE ATT&CK® Coverage page ({kibana-pull}178126[#178126]).
* Prevents an infinite loading state on the Add Rules page for users with limited permissions ({kibana-pull}178005[#178005]).
* Fixes a bug that prevented the **Reset Fields** action on the Alerts table from resetting the table's columns ({kibana-pull}177986[#177986]).
* Fixes a bug that interfered with the rule filtering interface when you opened it from specific parts of {elastic-sec} ({kibana-pull}177946[#177946]).
* Ensures that text within the risk score preview table translates correctly ({kibana-pull}177680[#177680]).
* Fixes a bug that could prevent the correct `kibana.alert.threshold_result.terms.value` field value from appearing in the alert details flyout ({kibana-pull}177472[#177472]).
* Fixes multiple bugs affecting the rule filters on the rule details page ({kibana-pull}177081[#177081]).
* Updates the alert assignment UI to make its data model and intended usage clearer ({kibana-pull}176442[#176442]).
* Fixes rule overwrite behavior when importing new rules. Now, when a new rule overwrites an existing rule, the new rule completely replaces all the fields of the old one, and the old rule's fields are never included in the new rule ({kibana-pull}176166[#176166]).
* Fixes a bug that allowed you to add a Timeline as a favorite before it was saved ({kibana-pull}175161[#175161]).
* Fixes a bug that could result in an unnecessary negative sign in the risk score table within the expandable user and host flyouts ({kibana-pull}177015[#177015]).
* Adds file and size constraints to value lists ({kibana-pull}176074[#176074]).

0 comments on commit 75578c3

Please sign in to comment.