[Detection Rules] Add 7.15 rules #111464
Merged
[Detection Rules] Add 7.15 rules #111464
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
brokensound77
added
v8.0.0
release_note:skip
rw-access
approved these changes
Sep 7, 2021
rw-access
reviewed
Sep 7, 2021
| @@ -64,5 +64,5 @@ | |||
| ], | |||
| "timestamp_override": "event.ingested", | |||
| "type": "query", | |||
| "version": 4 | |||
| "version": 3 | |||
There was a problem hiding this comment.
this is okay, because this v4 of the rule has never made it in a released stack
rw-access
reviewed
Sep 7, 2021
| "license": "Elastic License v2", | ||
| "max_signals": 10000, | ||
| "name": "Endpoint Security Behavior Protection", | ||
| "query": "event.kind:alert and event.module:(endpoint and not endgame) and event.code: behavior\n", |
There was a problem hiding this comment.
we removed this rule from the detection-rules repository, same reason as the other
💚 Build SucceededMetrics [docs]
History
To update your PR or re-run it, just comment with: |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Sep 8, 2021
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Sep 8, 2021
kibanamachine
added a commit
that referenced
this pull request
Sep 8, 2021
Co-authored-by: Justin Ibarra <[email protected]>
kibanamachine
added a commit
that referenced
this pull request
Sep 8, 2021
Co-authored-by: Justin Ibarra <[email protected]>
jloleysens
added a commit
to jloleysens/kibana
that referenced
this pull request
Sep 8, 2021
…-link-to-kibana-app * 'master' of github.com:elastic/kibana: (61 commits) [Logs UI] Fix alert previews for thresholds of `0` (elastic#111150) [Archive Migration][Partial] discover apps-discover (elastic#110437) [APM] Set start date of APM ML job to -4 weeks (elastic#111375) [ML] APM Latency Correlations: Code consolidation. (elastic#110790) [Discover] Fix indices permission for multiline test (elastic#111284) [Detection Rules] Add 7.15 rules (elastic#111464) [Security Solution][Endpoint][Host Isolation] Hide isolate host option in alert details rather than disabling (elastic#111064) React version of angular license view (elastic#111317) [APM] Fix link in readme (elastic#111362) [Security Solution] add agent field to generator (elastic#111428) [Dashboard] Retain Tags on Quicksave (elastic#111015) Reorder App Search ingestion methods (elastic#111361) Port performance docs to new docs system. (elastic#111063) [Security Solution][RAC] Fixes updatedAt loading bug (elastic#111010) [sample data] update web log geo.src field to match country code of geo.coordinates (elastic#110885) [Security solution] [Endpoint] Fix bad artifact migration (elastic#111294) Fix copy typo. (elastic#111203) [build] Remove empty optimize directory (elastic#111393) [Maps] fix term join not updating when editing right field (elastic#111030) [Fleet] Set default settings in component template instead of the index template (elastic#111197) ... # Conflicts: # x-pack/plugins/reporting/public/management/__snapshots__/report_listing.test.tsx.snap # x-pack/plugins/reporting/public/management/report_listing.test.tsx
chrisronline
pushed a commit
to chrisronline/kibana
that referenced
this pull request
Sep 8, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Pull updates to detection rules from https://github.com/elastic/detection-rules/tree/v7.15.0.
Checklist
Delete any items that are not applicable to this PR.
uses sentence case text and includes i18n support