Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[SIEM] Detection Fix typo in Adobe Hijack Persistence rule #58804

Merged
merged 8 commits into from
Mar 1, 2020
Merged

[SIEM] Detection Fix typo in Adobe Hijack Persistence rule #58804

merged 8 commits into from
Mar 1, 2020

Conversation

nicpenning
Copy link

@nicpenning nicpenning commented Feb 28, 2020

Fixes #58803

Summary

Summarize your PR. If it involves visual changes include a screenshot or gif.

Checklist

Delete any items that are not applicable to this PR.

For maintainers

@kibanamachine
Copy link
Contributor

Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually?

@cla-checker-service
Copy link

cla-checker-service bot commented Feb 28, 2020

💚 CLA has been signed

@nicpenning nicpenning changed the title Remove an extra e in msiexec.exe [SIEM] Detection Fix typo in Adobe Hijack Persistence rule Feb 28, 2020
@TinaHeiligers
Copy link
Contributor

❌ Author of the following commits did not sign a Contributor Agreement:
7333864

Please, read and sign the above mentioned agreement if you want to contribute to this project

@nicpenning please read and sign the contributor agreement. Thanks!

@TinaHeiligers TinaHeiligers requested a review from a team February 28, 2020 00:35
@kobelb kobelb requested review from FrankHassanabad and removed request for a team February 28, 2020 04:24
@elasticmachine
Copy link
Contributor

Pinging @elastic/siem (Team:SIEM)

Copy link
Contributor

@FrankHassanabad FrankHassanabad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change the version number and you will be good to go here.

Copy link
Author

@nicpenning nicpenning left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I updated the version from 1 to 2.

@FrankHassanabad
Copy link
Contributor

Gave this a test run:

I see this now with the version bump on the UI:
Screen Shot 2020-02-28 at 9 25 01 AM

And then I see this after I install it:
Screen Shot 2020-02-28 at 9 25 47 AM

So I think we are good here. 👍 , thank you for the fix

Copy link
Contributor

@brokensound77 brokensound77 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice find!

LGTM 👍

Copy link
Contributor

@FrankHassanabad FrankHassanabad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checked out the code, test ran it in a local development environment and it looks like the rule updates as expected.

@FrankHassanabad

This comment has been minimized.

@FrankHassanabad

This comment has been minimized.

@FrankHassanabad

This comment has been minimized.

@FrankHassanabad

This comment has been minimized.

@FrankHassanabad

This comment has been minimized.

@FrankHassanabad

This comment has been minimized.

@FrankHassanabad

This comment has been minimized.

@FrankHassanabad

This comment has been minimized.

@FrankHassanabad

This comment has been minimized.

@FrankHassanabad

This comment has been minimized.

@FrankHassanabad

This comment has been minimized.

@FrankHassanabad

This comment has been minimized.

@FrankHassanabad

This comment has been minimized.

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@FrankHassanabad FrankHassanabad merged commit 45f804c into elastic:master Mar 1, 2020
FrankHassanabad pushed a commit to FrankHassanabad/kibana that referenced this pull request Mar 1, 2020
FrankHassanabad pushed a commit to FrankHassanabad/kibana that referenced this pull request Mar 1, 2020
gmmorris added a commit to gmmorris/kibana that referenced this pull request Mar 1, 2020
* upstream/master:
  [SIEM] Detection Fix typo in Adobe Hijack Persistence rule (elastic#58804)
jloleysens added a commit to jloleysens/kibana that referenced this pull request Mar 2, 2020
…dex-server-side

* 'master' of github.com:elastic/kibana: (34 commits)
  [Upgrade Assistant] Remove "boom" from reindex service (elastic#58715)
  [data] Clean up QueryStringInput unit tests (elastic#58704)
  [SIEM] Detection Fix typo in Adobe Hijack Persistence rule (elastic#58804)
  Restores [SIEM][CASE] Init Configure Case Page (elastic#58121) (elastic#58924)
  Skips additional failing Ingest Manager integration tests
  Skips failing Ingest Manager integration tests
  Move dev tools styles to NP (elastic#58855)
  change to have kibana --ssl cli option use more recent certs (elastic#57933)
  disable failing suite (elastic#58942)
  Don't start pollEsNodesVersion unless someone subscribes (elastic#56923)
  Do not write UUID file during optimize process (elastic#58899)
  [Endpoint] Task/add nav bar (elastic#58604)
  [Metric Alerts] Add backend support for multiple expressions per alert  (elastic#58672)
  [Metrics Alerts] Fix alerting on a rate aggregation (elastic#58789)
  disable flaky suite (elastic#55953)
  Revert "[SIEM] apollo@3 (elastic#51926)" and "[SIEM][CASE] Init Confi… (elastic#58806)
  [resubmit] Prep agg types for new platform (elastic#58893)
  [Lens] Allow number formatting within Lens (elastic#56253)
  [Autocomplete] Use settings from config rather than UI settings (elastic#58784)
  Improve action and trigger types (elastic#58657)
  ...

# Conflicts:
#	x-pack/plugins/upgrade_assistant/server/routes/reindex_indices/reindex_indices.ts
FrankHassanabad added a commit that referenced this pull request Mar 2, 2020
FrankHassanabad added a commit that referenced this pull request Mar 2, 2020
@KOTungseth KOTungseth mentioned this pull request Mar 19, 2020
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[SIEM] Detection - Adobe Hijack Persistence Query Typo in msiexec.exe
7 participants