IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Update v8.5.5 Update v8.5.7 »
Elastic Docs Elastic Security Solution [8.5] Detections and alerts Downloadable rule updates

Update v8.5.6

edit

Update v8.5.6

edit

This section lists all updates associated with version 8.5.6 of the Fleet integration Prebuilt Security Detection Rules.

Rule Description Status Version

Unusual File Creation - Alternate Data Stream

Identifies suspicious creation of Alternate Data Streams on highly targeted files. This is uncommon for legitimate files and sometimes done by adversaries to hide malware.

update

107

Remote System Discovery Commands

Discovery of remote system information using built-in commands, which may be used to move laterally.

update

106

Suspicious PowerShell Engine ImageLoad

Identifies the PowerShell engine being invoked by unexpected processes. Rather than executing PowerShell functionality with powershell.exe, some attackers do this to operate more stealthily.

update

105

WMI Incoming Lateral Movement

Identifies processes executed via Windows Management Instrumentation (WMI) on a remote host. This could be indicative of adversary lateral movement, but could be noisy if administrators use WMI to remotely manage hosts.

update

104
« Update v8.5.5 Update v8.5.7 »