Downloadable rule updates

edit

This section lists all updates to prebuilt detection rules, made available with the Prebuilt Security Detection Rules integration in Fleet.

To update your installed rules to the latest versions, follow the instructions in Update Elastic prebuilt rules.

For previous rule updates, please navigate to the last version.

Update version Date New rules Updated rules Notes

8.15.10

11 Nov 2024

21

116

This release includes new rules for Windows, Linux, AWS, and Azure integration. New rules for Windows include detection for initial access. New rules for Linux include detection for defense evasion, command and control, impact, discovery, execution and exfiltration. New rules for AWS include detection for privilege escalation, exfiltration, execution, discovery and persistence. New rules for Azure include detection for credential access. Additionally, significant rule tuning for Windows and AWS rules has been added for better rule efficacy and performance.

8.15.9

28 Oct 2024

6

95

This release includes significant rule tuning for Linux, Amazon Bedrock and Okta rules for better rule efficacy and performance.

8.15.8

16 Oct 2024

1

185

This release includes a new rule for Windows credential access detection. Additionally, significant rule tuning for Windows, Sysmon, Microsoft Defender for Endpoint and SentinelOne rules has been added for better rule efficacy and performance.

8.15.7

10 Oct 2024

27

0

This release includes a new rule for Okta integration initial access detection. Additionally, significant rule tuning for ESQL queries has been added to include required metadata and achieve best practices for performance.

8.15.6

01 Oct 2024

6

184

This release includes new rules for Windows and Linux. New rules for Windows include detection for defense evasion. New rules for Linux include detection for CUPS Vulnerability exploitation including coverage for CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177 vulnerabilities. Additionally, significant rule tuning for Windows, AWS, AWS Bedrock and Microsoft 365 rules has been added for better rule efficacy and performance.

8.15.5

17 Sep 2024

22

6

This release includes new rules for Windows,Linux, MacOS, AWS Bedrock, Azure, Okta and Microsoft 365 integration. New rules for Windows include detection for privilege escalation, command and control, persistence, defense evasion and execution. New rules for Linux include detection for defense evasion, execution and credential access. New rules for MacOS include detection for privilege escalation. New rules for AWS Bedrock include detection for impact. New rules for Azure include detection for credential access. New Rules for Okta include detection for defense evasion. New Rules for Microsoft 365 include detection for initial access. Additionally, significant rule tuning for Windows , Linux and Microsoft 365 rules has been added for better rule efficacy and performance.

8.15.4

03 Sep 2024

10

5

This release includes new rules for Linux and AWS integration. New rules for Linux include detection for defense evasion and execution. New rules for AWS include detection for discovery, initial access, execution, and defense evasion. Additionally, significant rule tuning for Windows and MacOS rules has been added for better rule efficacy and performance.

8.15.3

21 Aug 2024

1

195

This release includes a new rule for Linux defense evasion detection. Additionally, significant rule tuning for Windows, Linux and AWS integration rules has been added for better rule efficacy and performance.

8.15.2

06 Aug 2024

7

44

This release includes new rules for Windows and AWS integration. New rules for Windows include detection for credential access and command and control. New rules for AWS include detection for execution, credential access, persistence and lateral movement. Additionally, significant rule tuning for Windows and Linux rules has been added for better rule efficacy and performance.

8.15.1

25 Jul 2024

14

72

This release includes new rules for Windows, Linux , and AWS integration. Deprecated rules include Suspicious File Changes Activity Detected. New rules for Windows include detection for lateral movement, credential access and defense evasion. New rules for Linux include detection for privilege escalation, execution, and persistence. New rules for AWS include detection for exfiltration, defense evasion and impact. Additionally, significant rule tuning for Windows, Linux, AWS, Google Workplace and Okta integration rules has been added for better rule efficacy and performance.