[SIEM] version 7.7 rule import #61903

randomuserid · 2020-03-30T22:50:53Z

Summary

This PR does not contain new Kibana features. It adds 38 new SIEM rules and makes syntax modifications to existing rules. The rules execute in the existing (siem) detection engine.

Checklist

Documentation was added for features that require explanation or tutorials
Unit or functional tests were updated or added to match the most common scenarios

For maintainers

This was checked for breaking API changes and was labeled appropriately

elasticmachine · 2020-03-30T23:01:17Z

Pinging @elastic/siem (Team:SIEM)

...ion_engine/rules/prepackaged_rules/elastic_endpoint_security_process_injection_detected.json

.../server/lib/detection_engine/rules/prepackaged_rules/windows_credential_dumping_msbuild.json

…repackaged_rules/windows_credential_dumping_msbuild.json Co-Authored-By: Garrett Spong <[email protected]>

…o 77-siem-rules

...gacy/plugins/siem/server/lib/detection_engine/routes/schemas/add_prepackaged_rules_schema.ts

spong · 2020-03-31T01:32:30Z

@elasticmachine merge upstream

spong

This rules @randomuserid! LGTM 👍

brokensound77

LGTM 👍

We will bump versions of modified rules and incorporate the changes for BC3 as discussed. I also updated the schema in siem-rules to reflect index being forbidden for machine_learning rules

…o 77-siem-rules

spong · 2020-03-31T03:38:07Z

x-pack/legacy/plugins/siem/cypress/objects/rule.ts

@@ -4,7 +4,7 @@
 * you may not use this file except in compliance with the Elastic License.
 */

-export const totalNumberOfPrebuiltRules = 92;
+export const totalNumberOfPrebuiltRules = 130;


kibanamachine · 2020-03-31T16:22:55Z

💚 Build Succeeded

continuous-integration/kibana-ci/pull-request
Commit: e85848c

History

💔 Build #37400 failed 7858cce
💔 Build #37380 failed 99d4c06
💔 Build #37357 failed b2fd78d
💔 Build #37339 failed 33a9d97

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

* rule import * Update x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_credential_dumping_msbuild.json Co-Authored-By: Garrett Spong <[email protected]> * Update add_prepackaged_rules_schema.ts * Update rule.ts * updates 'prebuilt_rules_loaded' data (elastic#61940) Co-authored-by: Garrett Spong <[email protected]> Co-authored-by: Elastic Machine <[email protected]> Co-authored-by: MadameSheema <[email protected]>

* upstream/master: (69 commits) Adding PagerDuty icon to connectors cards (elastic#60805) Fix drag and drop flakiness (elastic#61993) Grok debugger migration (elastic#60658) Endpoint: Fix resolver SVG position issue (elastic#61886) [SIEM] version 7.7 rule import (elastic#61903) Added styles to make combobox list items wider for alerting flyout (elastic#61894) [UA] Tight worker loop can cause high CPU usage (elastic#60950) [ML] DF Analytics results table: use index pattern field format if one exists (elastic#61709) [ML] Catching unknown index pattern errors (elastic#61935) [Discover] Deangularize and euificate sidebar (elastic#47559) Endpoint: Add ts-node dev dependency (elastic#61884) Add an onBlur handler for the kuery bar. Only resubmit when input changes. (elastic#61901) [ML] Handle Empty Partition Field Values in Single Metric Viewer (elastic#61649) Auto interval on date histogram is getting displayed as timestamp per… (elastic#59171) [Maps] Explicitly pass fetch function to ems-client (elastic#61846) [SIEM][CASE] Fix aria-labels and translations (elastic#61670) [ML] Settings: Increase number of items that can be paged in calendars and filters lists (elastic#61842) [EPM] update epm filepath route (elastic#61910) APM] Set ignore_above to 1024 for telemetry saved object (elastic#61732) [Logs UI] Log stream row rendering (elastic#60773) ...

* rule import * Update x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/windows_credential_dumping_msbuild.json Co-Authored-By: Garrett Spong <[email protected]> * Update add_prepackaged_rules_schema.ts * Update rule.ts * updates 'prebuilt_rules_loaded' data (#61940) Co-authored-by: Garrett Spong <[email protected]> Co-authored-by: Elastic Machine <[email protected]> Co-authored-by: MadameSheema <[email protected]> Co-authored-by: The SpaceCake Project <[email protected]> Co-authored-by: Elastic Machine <[email protected]> Co-authored-by: MadameSheema <[email protected]>

* master: (64 commits) Adding PagerDuty icon to connectors cards (elastic#60805) Fix drag and drop flakiness (elastic#61993) Grok debugger migration (elastic#60658) Endpoint: Fix resolver SVG position issue (elastic#61886) [SIEM] version 7.7 rule import (elastic#61903) Added styles to make combobox list items wider for alerting flyout (elastic#61894) [UA] Tight worker loop can cause high CPU usage (elastic#60950) [ML] DF Analytics results table: use index pattern field format if one exists (elastic#61709) [ML] Catching unknown index pattern errors (elastic#61935) [Discover] Deangularize and euificate sidebar (elastic#47559) Endpoint: Add ts-node dev dependency (elastic#61884) Add an onBlur handler for the kuery bar. Only resubmit when input changes. (elastic#61901) [ML] Handle Empty Partition Field Values in Single Metric Viewer (elastic#61649) Auto interval on date histogram is getting displayed as timestamp per… (elastic#59171) [Maps] Explicitly pass fetch function to ems-client (elastic#61846) [SIEM][CASE] Fix aria-labels and translations (elastic#61670) [ML] Settings: Increase number of items that can be paged in calendars and filters lists (elastic#61842) [EPM] update epm filepath route (elastic#61910) APM] Set ignore_above to 1024 for telemetry saved object (elastic#61732) [Logs UI] Log stream row rendering (elastic#60773) ...

elasticmachine · 2021-09-23T14:37:30Z

Pinging @elastic/security-solution (Team: SecuritySolution)

rule import

33a9d97

randomuserid requested a review from a team as a code owner March 30, 2020 22:50

randomuserid added v7.7.0 v7.8.0 v8.0.0 labels Mar 30, 2020

randomuserid requested a review from FrankHassanabad March 30, 2020 22:57

randomuserid added the release_note:enhancement label Mar 30, 2020

randomuserid changed the title ~~77 Siem rule import~~ [SIEM] version 7.7 rule import Mar 30, 2020

randomuserid requested a review from spong March 30, 2020 23:01

randomuserid added the Team:SIEM label Mar 30, 2020

rw-access reviewed Mar 30, 2020

View reviewed changes

...ion_engine/rules/prepackaged_rules/elastic_endpoint_security_process_injection_detected.json Show resolved Hide resolved

spong reviewed Mar 30, 2020

View reviewed changes

.../server/lib/detection_engine/rules/prepackaged_rules/windows_credential_dumping_msbuild.json Outdated Show resolved Hide resolved

randomuserid and others added 3 commits March 30, 2020 19:36

Update x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/p…

2b77bb3

…repackaged_rules/windows_credential_dumping_msbuild.json Co-Authored-By: Garrett Spong <[email protected]>

Update add_prepackaged_rules_schema.ts

3c11936

Merge branch '77-siem-rules' of https://github.com/elastic/kibana int…

b2fd78d

…o 77-siem-rules

spong reviewed Mar 30, 2020

View reviewed changes

...gacy/plugins/siem/server/lib/detection_engine/routes/schemas/add_prepackaged_rules_schema.ts Show resolved Hide resolved

randomuserid removed the request for review from FrankHassanabad March 31, 2020 00:57

Merge branch 'master' into 77-siem-rules

99d4c06

elasticmachine requested a review from a team as a code owner March 31, 2020 01:32

spong approved these changes Mar 31, 2020

View reviewed changes

randomuserid requested review from rw-access and removed request for rw-access March 31, 2020 02:09

brokensound77 approved these changes Mar 31, 2020

View reviewed changes

Craig added 2 commits March 30, 2020 23:33

Update rule.ts

4c06c1c

Merge branch '77-siem-rules' of https://github.com/elastic/kibana int…

7858cce

…o 77-siem-rules

spong reviewed Mar 31, 2020

View reviewed changes

updates 'prebuilt_rules_loaded' data (#61940)

e85848c

spong merged commit 341c787 into master Mar 31, 2020

spong mentioned this pull request Mar 31, 2020

[7.x] [SIEM] version 7.7 rule import (#61903) #62012

Merged

spong mentioned this pull request Mar 31, 2020

[7.7] [SIEM] version 7.7 rule import (#61903) #62013

Merged

spong deleted the 77-siem-rules branch March 31, 2020 18:26

rw-access mentioned this pull request Jul 8, 2020

[FR] Automatically create Kibana branch/PR elastic/detection-rules#36

Closed

MindyRS added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Sep 23, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[SIEM] version 7.7 rule import #61903

[SIEM] version 7.7 rule import #61903

randomuserid commented Mar 30, 2020 •

edited

Loading

elasticmachine commented Mar 30, 2020

spong commented Mar 31, 2020

spong left a comment

brokensound77 left a comment

spong Mar 31, 2020

kibanamachine commented Mar 31, 2020

elasticmachine commented Sep 23, 2021

[SIEM] version 7.7 rule import #61903

[SIEM] version 7.7 rule import #61903

Conversation

randomuserid commented Mar 30, 2020 • edited Loading

Summary

Checklist

For maintainers

elasticmachine commented Mar 30, 2020

spong commented Mar 31, 2020

spong left a comment

Choose a reason for hiding this comment

brokensound77 left a comment

Choose a reason for hiding this comment

spong Mar 31, 2020

Choose a reason for hiding this comment

kibanamachine commented Mar 31, 2020

💚 Build Succeeded

History

elasticmachine commented Sep 23, 2021

randomuserid commented Mar 30, 2020 •

edited

Loading