Update v8.5.6
editUpdate v8.5.6
editThis section lists all updates associated with version 8.5.6 of the Fleet integration Prebuilt Security Detection Rules.
Rule | Description | Status | Version |
---|---|---|---|
Identifies suspicious creation of Alternate Data Streams on highly targeted files. This is uncommon for legitimate files and sometimes done by adversaries to hide malware. |
update |
107 |
|
Discovery of remote system information using built-in commands, which may be used to move laterally. |
update |
106 |
|
Identifies the PowerShell engine being invoked by unexpected processes. Rather than executing PowerShell functionality with powershell.exe, some attackers do this to operate more stealthily. |
update |
105 |
|
Identifies processes executed via Windows Management Instrumentation (WMI) on a remote host. This could be indicative of adversary lateral movement, but could be noisy if administrators use WMI to remotely manage hosts. |
update |
104 |