Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

8.17.0 Release notes #6224

Merged
merged 39 commits into from
Dec 12, 2024
Merged

8.17.0 Release notes #6224

merged 39 commits into from
Dec 12, 2024
+132 −0

Conversation

nastasha-solomon
Copy link
Contributor

@nastasha-solomon nastasha-solomon commented Nov 21, 2024
edited by approksiu
Loading

@nastasha-solomon nastasha-solomon added Priority: High Issues that are time-sensitive and/or are of high customer importance Effort: Large Issues that require significant planning, research, writing, and testing v8.17.0 v8.18.0 labels Nov 21, 2024
@github-actions GitHub Actions
Copy link

A documentation preview will be available soon.

Request a new doc build by commenting
  • Rebuild this PR: run docs-build
  • Rebuild this PR and all Elastic docs: run docs-build rebuild

run docs-build is much faster than run docs-build rebuild. A rebuild should only be needed in rare situations.

If your PR continues to fail for an unknown reason, the doc build pipeline may be broken. Elastic employees can check the pipeline status here.

@mergify Mergify
Copy link
Contributor

mergify bot commented Nov 22, 2024

This pull request is now in conflicts. Could you fix it @nastasha-solomon? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b rn-8.17.0 upstream/rn-8.17.0
git merge upstream/8.x
git push upstream rn-8.17.0

@nastasha-solomon nastasha-solomon marked this pull request as ready for review December 6, 2024 18:13
@nastasha-solomon nastasha-solomon requested a review from a team as a code owner December 6, 2024 18:13
ebeahan
ebeahan approved these changes Dec 10, 2024
View reviewed changes
Copy link
Member

@ebeahan ebeahan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automatic Import RNs LGTM.

jmikell821
jmikell821 reviewed Dec 12, 2024
View reviewed changes
Copy link
Contributor

@jmikell821 jmikell821 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a few slight fixes for consistency/word choice, thanks!

docs/release-notes/8.17.asciidoc Show resolved Hide resolved
docs/release-notes/8.17.asciidoc Show resolved Hide resolved
docs/release-notes/8.17.asciidoc Outdated Show resolved Hide resolved
docs/release-notes/8.17.asciidoc Outdated Show resolved Hide resolved
docs/release-notes/8.17.asciidoc Outdated Show resolved Hide resolved
docs/release-notes/8.17.asciidoc Outdated Show resolved Hide resolved
docs/release-notes/8.17.asciidoc Outdated Show resolved Hide resolved
docs/release-notes/8.17.asciidoc Outdated Show resolved Hide resolved
docs/release-notes/8.17.asciidoc Outdated Show resolved Hide resolved
approksiu
approksiu approved these changes Dec 12, 2024
View reviewed changes
docs/release-notes/8.17.asciidoc Show resolved Hide resolved
nastasha-solomon and others added 7 commits December 12, 2024 10:10
@nastasha-solomon @jmikell821
Update docs/release-notes/8.17.asciidoc
a3c5996 
Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>
@nastasha-solomon @jmikell821
Update docs/release-notes/8.17.asciidoc
3e93175 
Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>
@nastasha-solomon @jmikell821
Update docs/release-notes/8.17.asciidoc
ef12742 
Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>
@nastasha-solomon @jmikell821
Update docs/release-notes/8.17.asciidoc
fa798a5 
Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>
@nastasha-solomon @jmikell821
Update docs/release-notes/8.17.asciidoc
55ef508 
Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>
@nastasha-solomon @jmikell821
Update docs/release-notes/8.17.asciidoc
a6574ee 
Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>
@nastasha-solomon @jmikell821
Update docs/release-notes/8.17.asciidoc
9f25bc1 
Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>
yctercero
yctercero approved these changes Dec 12, 2024
View reviewed changes
Copy link
Contributor

@yctercero yctercero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@benironside benironside merged commit 7c79a64 into 8.x Dec 12, 2024
4 checks passed
@nastasha-solomon
Copy link
Contributor Author

@Mergifyio backport 8.17

@mergify Mergify
Copy link
Contributor

mergify bot commented Dec 12, 2024
edited
Loading

backport 8.17

✅ Backports have been created

mergify bot pushed a commit that referenced this pull request Dec 12, 2024
@nastasha-solomon @mergify
8.17.0 Release notes (#6224)
5bbf2b4 
* First draft

* Adds ver header

* Adds latest info

* Updates my areas

* Edits

* Minor adjustments

* small tweaks

* known issue for exceptions

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com>

* Applies same changes

* ryland's input

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Steph Milovic <stephanie.milovic@elastic.co>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Mark Hopkin <mark.hopkin@elastic.co>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Steph Milovic <stephanie.milovic@elastic.co>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Steph Milovic <stephanie.milovic@elastic.co>

* Moar bugs

* Adds two new features

* revised ki summary

* Update docs/release-notes/8.17.asciidoc

* Update docs/release-notes/8.17.asciidoc

* Update docs/release-notes/8.17.asciidoc

* Update docs/release-notes/8.17.asciidoc

* editorial fixes

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>

---------

Co-authored-by: Benjamin Ironside Goldstein <benjamin.ironside@elastic.co>
Co-authored-by: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com>
Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>
Co-authored-by: Steph Milovic <stephanie.milovic@elastic.co>
Co-authored-by: Mark Hopkin <mark.hopkin@elastic.co>
Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>
(cherry picked from commit 7c79a644a2b477aad2ef43ee9b589c320594df92)

# Conflicts:
#	.backportrc.json
#	.mergify.yml
#	docs/detections/detection-engine-intro.asciidoc
#	docs/detections/detections-index.asciidoc
#	docs/detections/prebuilt-rules/prebuilt-rules-downloadable-updates.asciidoc
#	docs/detections/prebuilt-rules/prebuilt-rules-reference.asciidoc
#	docs/detections/prebuilt-rules/rule-desc-index.asciidoc
#	docs/detections/prebuilt-rules/rule-details/a-scheduled-task-was-created.asciidoc
#	docs/detections/prebuilt-rules/rule-details/a-scheduled-task-was-updated.asciidoc
#	docs/detections/prebuilt-rules/rule-details/abnormal-process-id-or-lock-file-created.asciidoc
#	docs/detections/prebuilt-rules/rule-details/abnormally-large-dns-response.asciidoc
#	docs/detections/prebuilt-rules/rule-details/accepted-default-telnet-port-connection.asciidoc
#	docs/detections/prebuilt-rules/rule-details/access-to-a-sensitive-ldap-attribute.asciidoc
#	docs/detections/prebuilt-rules/rule-details/access-to-keychain-credentials-directories.asciidoc
#	docs/detections/prebuilt-rules/rule-details/account-configured-with-never-expiring-password.asciidoc
#	docs/detections/prebuilt-rules/rule-details/account-discovery-command-via-system-account.asciidoc
#	docs/detections/prebuilt-rules/rule-details/account-password-reset-remotely.asciidoc
#	docs/detections/prebuilt-rules/rule-details/adding-hidden-file-attribute-via-attrib.asciidoc
#	docs/detections/prebuilt-rules/rule-details/adfind-command-activity.asciidoc
#	docs/detections/prebuilt-rules/rule-details/administrator-privileges-assigned-to-an-okta-group.asciidoc
#	docs/detections/prebuilt-rules/rule-details/administrator-role-assigned-to-an-okta-user.asciidoc
#	docs/detections/prebuilt-rules/rule-details/adminsdholder-backdoor.asciidoc
#	docs/detections/prebuilt-rules/rule-details/adminsdholder-sdprop-exclusion-added.asciidoc
#	docs/detections/prebuilt-rules/rule-details/adobe-hijack-persistence.asciidoc
#	docs/detections/prebuilt-rules/rule-details/adversary-behavior-detected-elastic-endgame.asciidoc
#	docs/detections/prebuilt-rules/rule-details/agent-spoofing-mismatched-agent-id.asciidoc
#	docs/detections/prebuilt-rules/rule-details/agent-spoofing-multiple-hosts-using-same-agent.asciidoc
#	docs/detections/prebuilt-rules/rule-details/anomalous-linux-compiler-activity.asciidoc
#	docs/detections/prebuilt-rules/rule-details/anomalous-process-for-a-linux-population.asciidoc
#	docs/detections/prebuilt-rules/rule-details/anomalous-process-for-a-windows-population.asciidoc
#	docs/detections/prebuilt-rules/rule-details/anomalous-windows-process-creation.asciidoc
#	docs/detections/prebuilt-rules/rule-details/apple-script-execution-followed-by-network-connection.asciidoc
#	docs/detections/prebuilt-rules/rule-details/apple-scripting-execution-with-administrator-privileges.asciidoc
#	docs/detections/prebuilt-rules/rule-details/application-added-to-google-workspace-domain.asciidoc
#	docs/detections/prebuilt-rules/rule-details/application-removed-from-blocklist-in-google-workspace.asciidoc
#	docs/detections/prebuilt-rules/rule-details/attempt-to-create-okta-api-token.asciidoc
#	docs/detections/prebuilt-rules/rule-details/attempt-to-deactivate-an-okta-application.asciidoc
#	docs/detections/prebuilt-rules/rule-details/attempt-to-deactivate-an-okta-network-zone.asciidoc
#	docs/detections/prebuilt-rules/rule-details/attempt-to-deactivate-an-okta-policy-rule.asciidoc
#	docs/detections/prebuilt-rules/rule-details/attempt-to-deactivate-an-okta-policy.asciidoc
#	docs/detections/prebuilt-rules/rule-details/attempt-to-delete-an-okta-application.asciidoc
#	docs/detections/prebuilt-rules/rule-details/attempt-to-delete-an-okta-network-zone.asciidoc
#	docs/detections/prebuilt-rules/rule-details/attempt-to-delete-an-okta-policy-rule.asciidoc
#	docs/detections/prebuilt-rules/rule-details/attempt-to-delete-an-okta-policy.asciidoc
#	docs/detections/prebuilt-rules/rule-details/attempt-to-disable-gatekeeper.asciidoc
#	docs/detections/prebuilt-rules/rule-details/attempt-to-disable-syslog-service.asciidoc
#	docs/detections/prebuilt-rules/rule-details/attempt-to-enable-the-root-account.asciidoc
#	docs/detections/prebuilt-rules/rule-details/attempt-to-install-root-certificate.asciidoc
#	docs/detections/prebuilt-rules/rule-details/attempt-to-modify-an-okta-application.asciidoc
#	docs/detections/prebuilt-rules/rule-details/attempt-to-modify-an-okta-network-zone.asciidoc
#	docs/detections/prebuilt-rules/rule-details/attempt-to-modify-an-okta-policy-rule.asciidoc
#	docs/detections/prebuilt-rules/rule-details/attempt-to-modify-an-okta-policy.asciidoc
#	docs/detections/prebuilt-rules/rule-details/attempt-to-mount-smb-share-via-command-line.asciidoc
#	docs/detections/prebuilt-rules/rule-details/attempt-to-reset-mfa-factors-for-an-okta-user-account.asciidoc
#	docs/detections/prebuilt-rules/rule-details/attempt-to-revoke-okta-api-token.asciidoc
#	docs/detections/prebuilt-rules/rule-details/attempt-to-unload-elastic-endpoint-security-kernel-extension.asciidoc
#	docs/detections/prebuilt-rules/rule-details/attempted-bypass-of-okta-mfa.asciidoc
#	docs/detections/prebuilt-rules/rule-details/attempts-to-brute-force-a-microsoft-365-user-account.asciidoc
#	docs/detections/prebuilt-rules/rule-details/attempts-to-brute-force-an-okta-user-account.asciidoc
#	docs/detections/prebuilt-rules/rule-details/authorization-plugin-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-cloudtrail-log-created.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-cloudtrail-log-deleted.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-cloudtrail-log-suspended.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-cloudtrail-log-updated.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-cloudwatch-alarm-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-cloudwatch-log-group-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-cloudwatch-log-stream-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-config-resource-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-configuration-recorder-stopped.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-deletion-of-rds-instance-or-cluster.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-ec2-encryption-disabled.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-ec2-full-network-packet-capture-detected.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-ec2-network-access-control-list-creation.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-ec2-network-access-control-list-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-ec2-snapshot-activity.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-ec2-vm-export-failure.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-efs-file-system-or-mount-deleted.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-elasticache-security-group-created.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-elasticache-security-group-modified-or-deleted.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-eventbridge-rule-disabled-or-deleted.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-guardduty-detector-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-iam-assume-role-policy-update.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-iam-brute-force-of-assume-role-policy.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-iam-deactivation-of-mfa-device.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-iam-group-creation.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-iam-group-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-iam-password-recovery-requested.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-iam-user-addition-to-group.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-kms-customer-managed-key-disabled-or-scheduled-for-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-management-console-brute-force-of-root-user-identity.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-management-console-root-login.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-rds-cluster-creation.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-rds-instance-cluster-stoppage.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-rds-instance-creation.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-rds-security-group-creation.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-rds-security-group-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-rds-snapshot-export.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-redshift-cluster-creation.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-root-login-without-mfa.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-route-53-domain-transfer-lock-disabled.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-route-53-domain-transferred-to-another-account.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-route-table-created.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-route-table-modified-or-deleted.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-route53-private-hosted-zone-associated-with-a-vpc.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-s3-bucket-configuration-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-sts-getsessiontoken-abuse.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-vpc-flow-logs-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-waf-access-control-list-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/aws-waf-rule-or-rule-group-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-active-directory-high-risk-sign-in.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-active-directory-high-risk-user-sign-in-heuristic.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-active-directory-powershell-sign-in.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-ad-global-administrator-role-assigned.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-alert-suppression-rule-created-or-modified.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-application-credential-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-automation-account-created.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-automation-runbook-created-or-modified.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-automation-runbook-deleted.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-automation-webhook-created.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-blob-container-access-level-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-blob-permissions-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-command-execution-on-virtual-machine.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-conditional-access-policy-modified.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-diagnostic-settings-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-event-hub-authorization-rule-created-or-updated.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-event-hub-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-external-guest-user-invitation.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-firewall-policy-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-frontdoor-web-application-firewall-waf-policy-deleted.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-full-network-packet-capture-detected.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-global-administrator-role-addition-to-pim-user.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-key-vault-modified.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-kubernetes-events-deleted.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-kubernetes-pods-deleted.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-kubernetes-rolebindings-created.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-network-watcher-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-privilege-identity-management-role-modified.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-resource-group-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-service-principal-addition.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-service-principal-credentials-added.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-storage-account-key-regenerated.asciidoc
#	docs/detections/prebuilt-rules/rule-details/azure-virtual-network-device-modified-or-deleted.asciidoc
#	docs/detections/prebuilt-rules/rule-details/base16-or-base32-encoding-decoding-activity.asciidoc
#	docs/detections/prebuilt-rules/rule-details/bash-shell-profile-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/binary-executed-from-shared-memory-directory.asciidoc
#	docs/detections/prebuilt-rules/rule-details/bpf-filter-applied-using-tc.asciidoc
#	docs/detections/prebuilt-rules/rule-details/bypass-uac-via-event-viewer.asciidoc
#	docs/detections/prebuilt-rules/rule-details/chkconfig-service-add.asciidoc
#	docs/detections/prebuilt-rules/rule-details/clearing-windows-console-history.asciidoc
#	docs/detections/prebuilt-rules/rule-details/clearing-windows-event-logs.asciidoc
#	docs/detections/prebuilt-rules/rule-details/cobalt-strike-command-and-control-beacon.asciidoc
#	docs/detections/prebuilt-rules/rule-details/command-execution-via-solarwinds-process.asciidoc
#	docs/detections/prebuilt-rules/rule-details/command-prompt-network-connection.asciidoc
#	docs/detections/prebuilt-rules/rule-details/command-shell-activity-started-via-rundll32.asciidoc
#	docs/detections/prebuilt-rules/rule-details/component-object-model-hijacking.asciidoc
#	docs/detections/prebuilt-rules/rule-details/conhost-spawned-by-suspicious-parent-process.asciidoc
#	docs/detections/prebuilt-rules/rule-details/connection-to-commonly-abused-free-ssl-certificate-providers.asciidoc
#	docs/detections/prebuilt-rules/rule-details/connection-to-commonly-abused-web-services.asciidoc
#	docs/detections/prebuilt-rules/rule-details/connection-to-external-network-via-telnet.asciidoc
#	docs/detections/prebuilt-rules/rule-details/connection-to-internal-network-via-telnet.asciidoc
#	docs/detections/prebuilt-rules/rule-details/control-panel-process-with-unusual-arguments.asciidoc
#	docs/detections/prebuilt-rules/rule-details/creation-of-a-hidden-local-user-account.asciidoc
#	docs/detections/prebuilt-rules/rule-details/creation-of-hidden-files-and-directories-via-commandline.asciidoc
#	docs/detections/prebuilt-rules/rule-details/creation-of-hidden-launch-agent-or-daemon.asciidoc
#	docs/detections/prebuilt-rules/rule-details/creation-of-hidden-login-item-via-apple-script.asciidoc
#	docs/detections/prebuilt-rules/rule-details/creation-of-hidden-shared-object-file.asciidoc
#	docs/detections/prebuilt-rules/rule-details/creation-or-modification-of-a-new-gpo-scheduled-task-or-service.asciidoc
#	docs/detections/prebuilt-rules/rule-details/creation-or-modification-of-domain-backup-dpapi-private-key.asciidoc
#	docs/detections/prebuilt-rules/rule-details/creation-or-modification-of-root-certificate.asciidoc
#	docs/detections/prebuilt-rules/rule-details/credential-acquisition-via-registry-hive-dumping.asciidoc
#	docs/detections/prebuilt-rules/rule-details/credential-dumping-detected-elastic-endgame.asciidoc
#	docs/detections/prebuilt-rules/rule-details/credential-dumping-prevented-elastic-endgame.asciidoc
#	docs/detections/prebuilt-rules/rule-details/credential-manipulation-detected-elastic-endgame.asciidoc
#	docs/detections/prebuilt-rules/rule-details/credential-manipulation-prevented-elastic-endgame.asciidoc
#	docs/detections/prebuilt-rules/rule-details/cyberark-privileged-access-security-error.asciidoc
#	docs/detections/prebuilt-rules/rule-details/cyberark-privileged-access-security-recommended-monitor.asciidoc
#	docs/detections/prebuilt-rules/rule-details/default-cobalt-strike-team-server-certificate.asciidoc
#	docs/detections/prebuilt-rules/rule-details/delete-volume-usn-journal-with-fsutil.asciidoc
#	docs/detections/prebuilt-rules/rule-details/deleting-backup-catalogs-with-wbadmin.asciidoc
#	docs/detections/prebuilt-rules/rule-details/disable-windows-event-and-security-logs-using-built-in-tools.asciidoc
#	docs/detections/prebuilt-rules/rule-details/disable-windows-firewall-rules-via-netsh.asciidoc
#	docs/detections/prebuilt-rules/rule-details/disabling-user-account-control-via-registry-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/disabling-windows-defender-security-settings-via-powershell.asciidoc
#	docs/detections/prebuilt-rules/rule-details/dns-over-https-enabled-via-registry.asciidoc
#	docs/detections/prebuilt-rules/rule-details/dns-tunneling.asciidoc
#	docs/detections/prebuilt-rules/rule-details/domain-added-to-google-workspace-trusted-domains.asciidoc
#	docs/detections/prebuilt-rules/rule-details/dumping-account-hashes-via-built-in-commands.asciidoc
#	docs/detections/prebuilt-rules/rule-details/dumping-of-keychain-content-via-security-command.asciidoc
#	docs/detections/prebuilt-rules/rule-details/dynamic-linker-copy.asciidoc
#	docs/detections/prebuilt-rules/rule-details/eggshell-backdoor-execution.asciidoc
#	docs/detections/prebuilt-rules/rule-details/elastic-agent-service-terminated.asciidoc
#	docs/detections/prebuilt-rules/rule-details/emond-rules-creation-or-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/enable-host-network-discovery-via-netsh.asciidoc
#	docs/detections/prebuilt-rules/rule-details/encoded-executable-stored-in-the-registry.asciidoc
#	docs/detections/prebuilt-rules/rule-details/encrypting-files-with-winrar-or-7z.asciidoc
#	docs/detections/prebuilt-rules/rule-details/endpoint-security.asciidoc
#	docs/detections/prebuilt-rules/rule-details/enumeration-command-spawned-via-wmiprvse.asciidoc
#	docs/detections/prebuilt-rules/rule-details/enumeration-of-administrator-accounts.asciidoc
#	docs/detections/prebuilt-rules/rule-details/enumeration-of-kernel-modules.asciidoc
#	docs/detections/prebuilt-rules/rule-details/enumeration-of-privileged-local-groups-membership.asciidoc
#	docs/detections/prebuilt-rules/rule-details/enumeration-of-users-or-groups-via-built-in-commands.asciidoc
#	docs/detections/prebuilt-rules/rule-details/executable-file-creation-with-multiple-extensions.asciidoc
#	docs/detections/prebuilt-rules/rule-details/execution-from-unusual-directory-command-line.asciidoc
#	docs/detections/prebuilt-rules/rule-details/execution-of-com-object-via-xwizard.asciidoc
#	docs/detections/prebuilt-rules/rule-details/execution-of-file-written-or-modified-by-microsoft-office.asciidoc
#	docs/detections/prebuilt-rules/rule-details/execution-of-file-written-or-modified-by-pdf-reader.asciidoc
#	docs/detections/prebuilt-rules/rule-details/execution-of-persistent-suspicious-program.asciidoc
#	docs/detections/prebuilt-rules/rule-details/execution-via-local-sxs-shared-module.asciidoc
#	docs/detections/prebuilt-rules/rule-details/execution-via-tsclient-mountpoint.asciidoc
#	docs/detections/prebuilt-rules/rule-details/execution-with-explicit-credentials-via-scripting.asciidoc
#	docs/detections/prebuilt-rules/rule-details/exploit-detected-elastic-endgame.asciidoc
#	docs/detections/prebuilt-rules/rule-details/exploit-prevented-elastic-endgame.asciidoc
#	docs/detections/prebuilt-rules/rule-details/exporting-exchange-mailbox-via-powershell.asciidoc
#	docs/detections/prebuilt-rules/rule-details/external-alerts.asciidoc
#	docs/detections/prebuilt-rules/rule-details/external-ip-lookup-from-non-browser-process.asciidoc
#	docs/detections/prebuilt-rules/rule-details/file-deletion-via-shred.asciidoc
#	docs/detections/prebuilt-rules/rule-details/file-made-immutable-by-chattr.asciidoc
#	docs/detections/prebuilt-rules/rule-details/file-permission-modification-in-writable-directory.asciidoc
#	docs/detections/prebuilt-rules/rule-details/file-transfer-or-listener-established-via-netcat.asciidoc
#	docs/detections/prebuilt-rules/rule-details/finder-sync-plugin-registered-and-enabled.asciidoc
#	docs/detections/prebuilt-rules/rule-details/full-user-mode-dumps-enabled-system-wide.asciidoc
#	docs/detections/prebuilt-rules/rule-details/gcp-firewall-rule-creation.asciidoc
#	docs/detections/prebuilt-rules/rule-details/gcp-firewall-rule-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/gcp-firewall-rule-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/gcp-iam-custom-role-creation.asciidoc
#	docs/detections/prebuilt-rules/rule-details/gcp-iam-role-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/gcp-iam-service-account-key-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/gcp-logging-bucket-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/gcp-logging-sink-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/gcp-logging-sink-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/gcp-pub-sub-subscription-creation.asciidoc
#	docs/detections/prebuilt-rules/rule-details/gcp-pub-sub-subscription-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/gcp-pub-sub-topic-creation.asciidoc
#	docs/detections/prebuilt-rules/rule-details/gcp-pub-sub-topic-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/gcp-service-account-creation.asciidoc
#	docs/detections/prebuilt-rules/rule-details/gcp-service-account-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/gcp-service-account-disabled.asciidoc
#	docs/detections/prebuilt-rules/rule-details/gcp-service-account-key-creation.asciidoc
#	docs/detections/prebuilt-rules/rule-details/gcp-storage-bucket-configuration-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/gcp-storage-bucket-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/gcp-storage-bucket-permissions-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/gcp-virtual-private-cloud-network-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/gcp-virtual-private-cloud-route-creation.asciidoc
#	docs/detections/prebuilt-rules/rule-details/gcp-virtual-private-cloud-route-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/google-drive-ownership-transferred-via-google-workspace.asciidoc
#	docs/detections/prebuilt-rules/rule-details/google-workspace-2sv-policy-disabled.asciidoc
#	docs/detections/prebuilt-rules/rule-details/google-workspace-admin-role-assigned-to-a-user.asciidoc
#	docs/detections/prebuilt-rules/rule-details/google-workspace-admin-role-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/google-workspace-bitlocker-setting-disabled.asciidoc
#	docs/detections/prebuilt-rules/rule-details/google-workspace-custom-admin-role-created.asciidoc
#	docs/detections/prebuilt-rules/rule-details/google-workspace-custom-gmail-route-created-or-modified.asciidoc
#	docs/detections/prebuilt-rules/rule-details/google-workspace-mfa-enforcement-disabled.asciidoc
#	docs/detections/prebuilt-rules/rule-details/google-workspace-password-policy-modified.asciidoc
#	docs/detections/prebuilt-rules/rule-details/google-workspace-role-modified.asciidoc
#	docs/detections/prebuilt-rules/rule-details/google-workspace-user-organizational-unit-changed.asciidoc
#	docs/detections/prebuilt-rules/rule-details/group-policy-abuse-for-privilege-addition.asciidoc
#	docs/detections/prebuilt-rules/rule-details/halfbaked-command-and-control-beacon.asciidoc
#	docs/detections/prebuilt-rules/rule-details/high-number-of-okta-user-password-reset-or-unlock-attempts.asciidoc
#	docs/detections/prebuilt-rules/rule-details/high-number-of-process-and-or-service-terminations.asciidoc
#	docs/detections/prebuilt-rules/rule-details/high-number-of-process-terminations.asciidoc
#	docs/detections/prebuilt-rules/rule-details/hosts-file-modified.asciidoc
#	docs/detections/prebuilt-rules/rule-details/hping-process-activity.asciidoc
#	docs/detections/prebuilt-rules/rule-details/iis-http-logging-disabled.asciidoc
#	docs/detections/prebuilt-rules/rule-details/image-file-execution-options-injection.asciidoc
#	docs/detections/prebuilt-rules/rule-details/imageload-via-windows-update-auto-update-client.asciidoc
#	docs/detections/prebuilt-rules/rule-details/inbound-connection-to-an-unsecure-elasticsearch-node.asciidoc
#	docs/detections/prebuilt-rules/rule-details/incoming-dcom-lateral-movement-via-mshta.asciidoc
#	docs/detections/prebuilt-rules/rule-details/incoming-dcom-lateral-movement-with-mmc.asciidoc
#	docs/detections/prebuilt-rules/rule-details/incoming-dcom-lateral-movement-with-shellbrowserwindow-or-shellwindows.asciidoc
#	docs/detections/prebuilt-rules/rule-details/incoming-execution-via-powershell-remoting.asciidoc
#	docs/detections/prebuilt-rules/rule-details/incoming-execution-via-winrm-remote-shell.asciidoc
#	docs/detections/prebuilt-rules/rule-details/installation-of-custom-shim-databases.asciidoc
#	docs/detections/prebuilt-rules/rule-details/installation-of-security-support-provider.asciidoc
#	docs/detections/prebuilt-rules/rule-details/installutil-process-making-network-connections.asciidoc
#	docs/detections/prebuilt-rules/rule-details/interactive-terminal-spawned-via-perl.asciidoc
#	docs/detections/prebuilt-rules/rule-details/interactive-terminal-spawned-via-python.asciidoc
#	docs/detections/prebuilt-rules/rule-details/ipsec-nat-traversal-port-activity.asciidoc
#	docs/detections/prebuilt-rules/rule-details/kerberos-cached-credentials-dumping.asciidoc
#	docs/detections/prebuilt-rules/rule-details/kerberos-pre-authentication-disabled-for-user.asciidoc
#	docs/detections/prebuilt-rules/rule-details/kerberos-traffic-from-unusual-process.asciidoc
#	docs/detections/prebuilt-rules/rule-details/kernel-module-load-via-insmod.asciidoc
#	docs/detections/prebuilt-rules/rule-details/kernel-module-removal.asciidoc
#	docs/detections/prebuilt-rules/rule-details/keychain-password-retrieval-via-command-line.asciidoc
#	docs/detections/prebuilt-rules/rule-details/krbtgt-delegation-backdoor.asciidoc
#	docs/detections/prebuilt-rules/rule-details/kubernetes-anonymous-request-authorized.asciidoc
#	docs/detections/prebuilt-rules/rule-details/kubernetes-container-created-with-excessive-linux-capabilities.asciidoc
#	docs/detections/prebuilt-rules/rule-details/kubernetes-denied-service-account-request.asciidoc
#	docs/detections/prebuilt-rules/rule-details/kubernetes-exposed-service-created-with-type-nodeport.asciidoc
#	docs/detections/prebuilt-rules/rule-details/kubernetes-pod-created-with-a-sensitive-hostpath-volume.asciidoc
#	docs/detections/prebuilt-rules/rule-details/kubernetes-pod-created-with-hostipc.asciidoc
#	docs/detections/prebuilt-rules/rule-details/kubernetes-pod-created-with-hostnetwork.asciidoc
#	docs/detections/prebuilt-rules/rule-details/kubernetes-pod-created-with-hostpid.asciidoc
#	docs/detections/prebuilt-rules/rule-details/kubernetes-privileged-pod-created.asciidoc
#	docs/detections/prebuilt-rules/rule-details/kubernetes-suspicious-assignment-of-controller-service-account.asciidoc
#	docs/detections/prebuilt-rules/rule-details/kubernetes-suspicious-self-subject-review.asciidoc
#	docs/detections/prebuilt-rules/rule-details/kubernetes-user-exec-into-pod.asciidoc
#	docs/detections/prebuilt-rules/rule-details/lateral-movement-via-startup-folder.asciidoc
#	docs/detections/prebuilt-rules/rule-details/launch-agent-creation-or-modification-and-immediate-loading.asciidoc
#	docs/detections/prebuilt-rules/rule-details/launchdaemon-creation-or-modification-and-immediate-loading.asciidoc
#	docs/detections/prebuilt-rules/rule-details/local-account-tokenfilter-policy-disabled.asciidoc
#	docs/detections/prebuilt-rules/rule-details/local-scheduled-task-creation.asciidoc
#	docs/detections/prebuilt-rules/rule-details/lsass-memory-dump-creation.asciidoc
#	docs/detections/prebuilt-rules/rule-details/lsass-memory-dump-handle-access.asciidoc
#	docs/detections/prebuilt-rules/rule-details/macos-installer-package-spawns-network-event.asciidoc
#	docs/detections/prebuilt-rules/rule-details/malware-detected-elastic-endgame.asciidoc
#	docs/detections/prebuilt-rules/rule-details/malware-prevented-elastic-endgame.asciidoc
#	docs/detections/prebuilt-rules/rule-details/masquerading-space-after-filename.asciidoc
#	docs/detections/prebuilt-rules/rule-details/mfa-disabled-for-google-workspace-organization.asciidoc
#	docs/detections/prebuilt-rules/rule-details/microsoft-365-exchange-anti-phish-policy-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/microsoft-365-exchange-anti-phish-rule-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/microsoft-365-exchange-dkim-signing-configuration-disabled.asciidoc
#	docs/detections/prebuilt-rules/rule-details/microsoft-365-exchange-dlp-policy-removed.asciidoc
#	docs/detections/prebuilt-rules/rule-details/microsoft-365-exchange-malware-filter-policy-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/microsoft-365-exchange-malware-filter-rule-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/microsoft-365-exchange-management-group-role-assignment.asciidoc
#	docs/detections/prebuilt-rules/rule-details/microsoft-365-exchange-safe-attachment-rule-disabled.asciidoc
#	docs/detections/prebuilt-rules/rule-details/microsoft-365-exchange-safe-link-policy-disabled.asciidoc
#	docs/detections/prebuilt-rules/rule-details/microsoft-365-exchange-transport-rule-creation.asciidoc
#	docs/detections/prebuilt-rules/rule-details/microsoft-365-exchange-transport-rule-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/microsoft-365-global-administrator-role-assigned.asciidoc
#	docs/detections/prebuilt-rules/rule-details/microsoft-365-inbox-forwarding-rule-created.asciidoc
#	docs/detections/prebuilt-rules/rule-details/microsoft-365-potential-ransomware-activity.asciidoc
#	docs/detections/prebuilt-rules/rule-details/microsoft-365-teams-custom-application-interaction-allowed.asciidoc
#	docs/detections/prebuilt-rules/rule-details/microsoft-365-teams-external-access-enabled.asciidoc
#	docs/detections/prebuilt-rules/rule-details/microsoft-365-teams-guest-access-enabled.asciidoc
#	docs/detections/prebuilt-rules/rule-details/microsoft-365-unusual-volume-of-file-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/microsoft-365-user-restricted-from-sending-email.asciidoc
#	docs/detections/prebuilt-rules/rule-details/microsoft-build-engine-started-an-unusual-process.asciidoc
#	docs/detections/prebuilt-rules/rule-details/microsoft-build-engine-started-by-a-script-process.asciidoc
#	docs/detections/prebuilt-rules/rule-details/microsoft-build-engine-started-by-a-system-process.asciidoc
#	docs/detections/prebuilt-rules/rule-details/microsoft-build-engine-started-by-an-office-application.asciidoc
#	docs/detections/prebuilt-rules/rule-details/microsoft-build-engine-using-an-alternate-name.asciidoc
#	docs/detections/prebuilt-rules/rule-details/microsoft-exchange-server-um-spawning-suspicious-processes.asciidoc
#	docs/detections/prebuilt-rules/rule-details/microsoft-exchange-server-um-writing-suspicious-files.asciidoc
#	docs/detections/prebuilt-rules/rule-details/microsoft-exchange-worker-spawning-suspicious-processes.asciidoc
#	docs/detections/prebuilt-rules/rule-details/microsoft-iis-connection-strings-decryption.asciidoc
#	docs/detections/prebuilt-rules/rule-details/microsoft-iis-service-account-password-dumped.asciidoc
#	docs/detections/prebuilt-rules/rule-details/microsoft-windows-defender-tampering.asciidoc
#	docs/detections/prebuilt-rules/rule-details/mimikatz-memssp-log-file-detected.asciidoc
#	docs/detections/prebuilt-rules/rule-details/modification-of-amsienable-registry-key.asciidoc
#	docs/detections/prebuilt-rules/rule-details/modification-of-boot-configuration.asciidoc
#	docs/detections/prebuilt-rules/rule-details/modification-of-dynamic-linker-preload-shared-object.asciidoc
#	docs/detections/prebuilt-rules/rule-details/modification-of-openssh-binaries.asciidoc
#	docs/detections/prebuilt-rules/rule-details/modification-of-safari-settings-via-defaults-command.asciidoc
#	docs/detections/prebuilt-rules/rule-details/modification-of-standard-authentication-module-or-configuration.asciidoc
#	docs/detections/prebuilt-rules/rule-details/modification-of-the-mspkiaccountcredentials.asciidoc
#	docs/detections/prebuilt-rules/rule-details/modification-of-wdigest-security-provider.asciidoc
#	docs/detections/prebuilt-rules/rule-details/modification-or-removal-of-an-okta-application-sign-on-policy.asciidoc
#	docs/detections/prebuilt-rules/rule-details/mounting-hidden-or-webdav-remote-shares.asciidoc
#	docs/detections/prebuilt-rules/rule-details/ms-office-macro-security-registry-modifications.asciidoc
#	docs/detections/prebuilt-rules/rule-details/msbuild-making-network-connections.asciidoc
#	docs/detections/prebuilt-rules/rule-details/mshta-making-network-connections.asciidoc
#	docs/detections/prebuilt-rules/rule-details/multi-factor-authentication-disabled-for-an-azure-user.asciidoc
#	docs/detections/prebuilt-rules/rule-details/multiple-alerts-in-different-att-ck-tactics-on-a-single-host.asciidoc
#	docs/detections/prebuilt-rules/rule-details/multiple-logon-failure-followed-by-logon-success.asciidoc
#	docs/detections/prebuilt-rules/rule-details/multiple-logon-failure-from-the-same-source-address.asciidoc
#	docs/detections/prebuilt-rules/rule-details/multiple-vault-web-credentials-read.asciidoc
#	docs/detections/prebuilt-rules/rule-details/namespace-manipulation-using-unshare.asciidoc
#	docs/detections/prebuilt-rules/rule-details/network-connection-via-certutil.asciidoc
#	docs/detections/prebuilt-rules/rule-details/network-connection-via-compiled-html-file.asciidoc
#	docs/detections/prebuilt-rules/rule-details/network-connection-via-msxsl.asciidoc
#	docs/detections/prebuilt-rules/rule-details/network-connection-via-registration-utility.asciidoc
#	docs/detections/prebuilt-rules/rule-details/network-connection-via-signed-binary.asciidoc
#	docs/detections/prebuilt-rules/rule-details/network-logon-provider-registry-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/network-traffic-to-rare-destination-country.asciidoc
#	docs/detections/prebuilt-rules/rule-details/new-activesyncalloweddeviceid-added-via-powershell.asciidoc
#	docs/detections/prebuilt-rules/rule-details/new-or-modified-federation-domain.asciidoc
#	docs/detections/prebuilt-rules/rule-details/nping-process-activity.asciidoc
#	docs/detections/prebuilt-rules/rule-details/ntds-or-sam-database-file-copied.asciidoc
#	docs/detections/prebuilt-rules/rule-details/nullsessionpipe-registry-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/o365-email-reported-by-user-as-malware-or-phish.asciidoc
#	docs/detections/prebuilt-rules/rule-details/o365-excessive-single-sign-on-logon-errors.asciidoc
#	docs/detections/prebuilt-rules/rule-details/o365-exchange-suspicious-mailbox-right-delegation.asciidoc
#	docs/detections/prebuilt-rules/rule-details/o365-mailbox-audit-logging-bypass.asciidoc
#	docs/detections/prebuilt-rules/rule-details/okta-brute-force-or-password-spraying-attack.asciidoc
#	docs/detections/prebuilt-rules/rule-details/okta-user-session-impersonation.asciidoc
#	docs/detections/prebuilt-rules/rule-details/onedrive-malware-file-upload.asciidoc
#	docs/detections/prebuilt-rules/rule-details/outbound-scheduled-task-activity-via-powershell.asciidoc
#	docs/detections/prebuilt-rules/rule-details/parent-process-pid-spoofing.asciidoc
#	docs/detections/prebuilt-rules/rule-details/peripheral-device-discovery.asciidoc
#	docs/detections/prebuilt-rules/rule-details/permission-theft-detected-elastic-endgame.asciidoc
#	docs/detections/prebuilt-rules/rule-details/permission-theft-prevented-elastic-endgame.asciidoc
#	docs/detections/prebuilt-rules/rule-details/persistence-via-bits-job-notify-cmdline.asciidoc
#	docs/detections/prebuilt-rules/rule-details/persistence-via-directoryservice-plugin-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/persistence-via-docker-shortcut-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/persistence-via-folder-action-script.asciidoc
#	docs/detections/prebuilt-rules/rule-details/persistence-via-hidden-run-key-detected.asciidoc
#	docs/detections/prebuilt-rules/rule-details/persistence-via-kde-autostart-script-or-desktop-file-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/persistence-via-login-or-logout-hook.asciidoc
#	docs/detections/prebuilt-rules/rule-details/persistence-via-microsoft-office-addins.asciidoc
#	docs/detections/prebuilt-rules/rule-details/persistence-via-microsoft-outlook-vba.asciidoc
#	docs/detections/prebuilt-rules/rule-details/persistence-via-powershell-profile.asciidoc
#	docs/detections/prebuilt-rules/rule-details/persistence-via-scheduled-job-creation.asciidoc
#	docs/detections/prebuilt-rules/rule-details/persistence-via-telemetrycontroller-scheduled-task-hijack.asciidoc
#	docs/detections/prebuilt-rules/rule-details/persistence-via-update-orchestrator-service-hijack.asciidoc
#	docs/detections/prebuilt-rules/rule-details/persistence-via-wmi-event-subscription.asciidoc
#	docs/detections/prebuilt-rules/rule-details/persistence-via-wmi-standard-registry-provider.asciidoc
#	docs/detections/prebuilt-rules/rule-details/persistent-scripts-in-the-startup-directory.asciidoc
#	docs/detections/prebuilt-rules/rule-details/port-forwarding-rule-addition.asciidoc
#	docs/detections/prebuilt-rules/rule-details/possible-consent-grant-attack-via-azure-registered-application.asciidoc
#	docs/detections/prebuilt-rules/rule-details/possible-fin7-dga-command-and-control-behavior.asciidoc
#	docs/detections/prebuilt-rules/rule-details/possible-okta-dos-attack.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-admin-group-account-addition.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-application-shimming-via-sdbinst.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-command-and-control-via-internet-explorer.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-cookies-theft-via-browser-debugging.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-credential-access-via-dcsync.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-credential-access-via-duplicatehandle-in-lsass.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-credential-access-via-lsass-memory-dump.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-credential-access-via-renamed-com-services-dll.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-credential-access-via-trusted-developer-utility.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-credential-access-via-windows-utilities.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-disabling-of-selinux.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-dll-side-loading-via-microsoft-antimalware-service-executable.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-dns-tunneling-via-nslookup.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-evasion-via-filter-manager.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-hidden-local-user-account-creation.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-invoke-mimikatz-powershell-script.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-java-jndi-exploitation-attempt.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-kerberos-attack-via-bifrost.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-lateral-tool-transfer-via-smb-share.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-local-ntlm-relay-via-http.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-lsa-authentication-package-abuse.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-lsass-clone-creation-via-psscapturesnapshot.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-lsass-memory-dump-via-psscapturesnapshot.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-macos-ssh-brute-force-detected.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-microsoft-office-sandbox-evasion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-modification-of-accessibility-binaries.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-non-standard-port-ssh-connection.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-openssh-backdoor-logging-activity.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-persistence-via-atom-init-script-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-persistence-via-login-hook.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-persistence-via-periodic-tasks.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-persistence-via-time-provider-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-port-monitor-or-print-processor-registration-abuse.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-privacy-control-bypass-via-localhost-secure-copy.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-privacy-control-bypass-via-tccdb-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-privilege-escalation-via-installerfiletakeover.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-privilege-escalation-via-pkexec.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-privilege-escalation-via-sudoers-file-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-privileged-escalation-via-samaccountname-spoofing.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-process-injection-via-powershell.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-protocol-tunneling-via-earthworm.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-remote-credential-access-via-registry.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-remote-desktop-shadowing-activity.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-remote-desktop-tunneling-detected.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-reverse-shell-activity-via-terminal.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-secure-file-deletion-via-sdelete-utility.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-shadow-credentials-added-to-ad-object.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-shadow-file-read-via-command-line-utilities.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-sharprdp-behavior.asciidoc
#	docs/detections/prebuilt-rules/rule-details/potential-windows-error-manager-masquerading.asciidoc
#	docs/detections/prebuilt-rules/rule-details/powershell-kerberos-ticket-request.asciidoc
#	docs/detections/prebuilt-rules/rule-details/powershell-keylogging-script.asciidoc
#	docs/detections/prebuilt-rules/rule-details/powershell-minidump-script.asciidoc
#	docs/detections/prebuilt-rules/rule-details/powershell-psreflect-script.asciidoc
#	docs/detections/prebuilt-rules/rule-details/powershell-script-block-logging-disabled.asciidoc
#	docs/detections/prebuilt-rules/rule-details/powershell-script-with-token-impersonation-capabilities.asciidoc
#	docs/detections/prebuilt-rules/rule-details/powershell-share-enumeration-script.asciidoc
#	docs/detections/prebuilt-rules/rule-details/powershell-suspicious-discovery-related-windows-api-functions.asciidoc
#	docs/detections/prebuilt-rules/rule-details/powershell-suspicious-payload-encoded-and-compressed.asciidoc
#	docs/detections/prebuilt-rules/rule-details/powershell-suspicious-script-with-audio-capture-capabilities.asciidoc
#	docs/detections/prebuilt-rules/rule-details/powershell-suspicious-script-with-screenshot-capabilities.asciidoc
#	docs/detections/prebuilt-rules/rule-details/privilege-escalation-via-named-pipe-impersonation.asciidoc
#	docs/detections/prebuilt-rules/rule-details/privilege-escalation-via-rogue-named-pipe-impersonation.asciidoc
#	docs/detections/prebuilt-rules/rule-details/privilege-escalation-via-root-crontab-file-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/privilege-escalation-via-windir-environment-variable.asciidoc
#	docs/detections/prebuilt-rules/rule-details/privileged-account-brute-force.asciidoc
#	docs/detections/prebuilt-rules/rule-details/privileges-elevation-via-parent-process-pid-spoofing.asciidoc
#	docs/detections/prebuilt-rules/rule-details/process-activity-via-compiled-html-file.asciidoc
#	docs/detections/prebuilt-rules/rule-details/process-created-with-an-elevated-token.asciidoc
#	docs/detections/prebuilt-rules/rule-details/process-creation-via-secondary-logon.asciidoc
#	docs/detections/prebuilt-rules/rule-details/process-execution-from-an-unusual-directory.asciidoc
#	docs/detections/prebuilt-rules/rule-details/process-injection-by-the-microsoft-build-engine.asciidoc
#	docs/detections/prebuilt-rules/rule-details/process-injection-detected-elastic-endgame.asciidoc
#	docs/detections/prebuilt-rules/rule-details/process-injection-prevented-elastic-endgame.asciidoc
#	docs/detections/prebuilt-rules/rule-details/process-started-from-process-id-pid-file.asciidoc
#	docs/detections/prebuilt-rules/rule-details/process-termination-followed-by-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/program-files-directory-masquerading.asciidoc
#	docs/detections/prebuilt-rules/rule-details/prompt-for-credentials-with-osascript.asciidoc
#	docs/detections/prebuilt-rules/rule-details/psexec-network-connection.asciidoc
#	docs/detections/prebuilt-rules/rule-details/ransomware-detected-elastic-endgame.asciidoc
#	docs/detections/prebuilt-rules/rule-details/ransomware-prevented-elastic-endgame.asciidoc
#	docs/detections/prebuilt-rules/rule-details/rare-aws-error-code.asciidoc
#	docs/detections/prebuilt-rules/rule-details/rare-user-logon.asciidoc
#	docs/detections/prebuilt-rules/rule-details/rdp-enabled-via-registry.asciidoc
#	docs/detections/prebuilt-rules/rule-details/rdp-remote-desktop-protocol-from-the-internet.asciidoc
#	docs/detections/prebuilt-rules/rule-details/registry-persistence-via-appcert-dll.asciidoc
#	docs/detections/prebuilt-rules/rule-details/registry-persistence-via-appinit-dll.asciidoc
#	docs/detections/prebuilt-rules/rule-details/remote-computer-account-dnshostname-update.asciidoc
#	docs/detections/prebuilt-rules/rule-details/remote-desktop-enabled-in-windows-firewall-by-netsh.asciidoc
#	docs/detections/prebuilt-rules/rule-details/remote-execution-via-file-shares.asciidoc
#	docs/detections/prebuilt-rules/rule-details/remote-file-copy-to-a-hidden-share.asciidoc
#	docs/detections/prebuilt-rules/rule-details/remote-file-copy-via-teamviewer.asciidoc
#	docs/detections/prebuilt-rules/rule-details/remote-file-download-via-desktopimgdownldr-utility.asciidoc
#	docs/detections/prebuilt-rules/rule-details/remote-file-download-via-mpcmdrun.asciidoc
#	docs/detections/prebuilt-rules/rule-details/remote-file-download-via-powershell.asciidoc
#	docs/detections/prebuilt-rules/rule-details/remote-file-download-via-script-interpreter.asciidoc
#	docs/detections/prebuilt-rules/rule-details/remote-scheduled-task-creation.asciidoc
#	docs/detections/prebuilt-rules/rule-details/remote-ssh-login-enabled-via-systemsetup-command.asciidoc
#	docs/detections/prebuilt-rules/rule-details/remote-system-discovery-commands.asciidoc
#	docs/detections/prebuilt-rules/rule-details/remote-windows-service-installed.asciidoc
#	docs/detections/prebuilt-rules/rule-details/remotely-started-services-via-rpc.asciidoc
#	docs/detections/prebuilt-rules/rule-details/renamed-autoit-scripts-interpreter.asciidoc
#	docs/detections/prebuilt-rules/rule-details/roshal-archive-rar-or-powershell-file-downloaded-from-the-internet.asciidoc
#	docs/detections/prebuilt-rules/rule-details/rpc-remote-procedure-call-from-the-internet.asciidoc
#	docs/detections/prebuilt-rules/rule-details/rpc-remote-procedure-call-to-the-internet.asciidoc
#	docs/detections/prebuilt-rules/rule-details/scheduled-task-created-by-a-windows-script.asciidoc
#	docs/detections/prebuilt-rules/rule-details/scheduled-task-execution-at-scale-via-gpo.asciidoc
#	docs/detections/prebuilt-rules/rule-details/scheduled-tasks-at-command-enabled.asciidoc
#	docs/detections/prebuilt-rules/rule-details/screensaver-plist-file-modified-by-unexpected-process.asciidoc
#	docs/detections/prebuilt-rules/rule-details/searching-for-saved-credentials-via-vaultcmd.asciidoc
#	docs/detections/prebuilt-rules/rule-details/security-software-discovery-using-wmic.asciidoc
#	docs/detections/prebuilt-rules/rule-details/security-software-discovery-via-grep.asciidoc
#	docs/detections/prebuilt-rules/rule-details/sedebugprivilege-enabled-by-a-suspicious-process.asciidoc
#	docs/detections/prebuilt-rules/rule-details/sensitive-files-compression.asciidoc
#	docs/detections/prebuilt-rules/rule-details/sensitive-privilege-seenabledelegationprivilege-assigned-to-a-user.asciidoc
#	docs/detections/prebuilt-rules/rule-details/service-command-lateral-movement.asciidoc
#	docs/detections/prebuilt-rules/rule-details/service-control-spawned-via-script-interpreter.asciidoc
#	docs/detections/prebuilt-rules/rule-details/service-creation-via-local-kerberos-authentication.asciidoc
#	docs/detections/prebuilt-rules/rule-details/sharepoint-malware-file-upload.asciidoc
#	docs/detections/prebuilt-rules/rule-details/shell-execution-via-apple-scripting.asciidoc
#	docs/detections/prebuilt-rules/rule-details/signed-proxy-execution-via-ms-work-folders.asciidoc
#	docs/detections/prebuilt-rules/rule-details/sip-provider-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/smb-windows-file-sharing-activity-to-the-internet.asciidoc
#	docs/detections/prebuilt-rules/rule-details/smtp-on-port-26-tcp.asciidoc
#	docs/detections/prebuilt-rules/rule-details/softwareupdate-preferences-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/solarwinds-process-disabling-services-via-registry.asciidoc
#	docs/detections/prebuilt-rules/rule-details/spike-in-aws-error-messages.asciidoc
#	docs/detections/prebuilt-rules/rule-details/spike-in-failed-logon-events.asciidoc
#	docs/detections/prebuilt-rules/rule-details/spike-in-firewall-denies.asciidoc
#	docs/detections/prebuilt-rules/rule-details/spike-in-logon-events.asciidoc
#	docs/detections/prebuilt-rules/rule-details/spike-in-network-traffic-to-a-country.asciidoc
#	docs/detections/prebuilt-rules/rule-details/spike-in-network-traffic.asciidoc
#	docs/detections/prebuilt-rules/rule-details/ssh-authorized-keys-file-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/startup-folder-persistence-via-unsigned-process.asciidoc
#	docs/detections/prebuilt-rules/rule-details/startup-logon-script-added-to-group-policy-object.asciidoc
#	docs/detections/prebuilt-rules/rule-details/startup-or-run-key-registry-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/startup-persistence-by-a-suspicious-process.asciidoc
#	docs/detections/prebuilt-rules/rule-details/sublime-plugin-or-application-script-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/sudo-heap-based-buffer-overflow-attempt.asciidoc
#	docs/detections/prebuilt-rules/rule-details/sudoers-file-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/sunburst-command-and-control-activity.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-activity-reported-by-okta-user.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-automator-workflows-execution.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-browser-child-process.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-calendar-file-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-certutil-commands.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-child-process-of-adobe-acrobat-reader-update-service.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-cmd-execution-via-wmi.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-crontab-creation-or-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-dll-loaded-for-persistence-or-privilege-escalation.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-emond-child-process.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-endpoint-security-parent-process.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-execution-from-a-mounted-device.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-execution-via-scheduled-task.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-explorer-child-process.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-file-creation-in-etc-for-persistence.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-hidden-child-process-of-launchd.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-html-file-creation.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-imagepath-service-creation.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-lsass-access-via-malseclogon.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-macos-ms-office-child-process.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-managed-code-hosting-process.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-microsoft-diagnostics-wizard-execution.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-ms-office-child-process.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-ms-outlook-child-process.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-pdf-reader-child-process.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-portable-executable-encoded-in-powershell-script.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-powershell-engine-imageload.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-powershell-script.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-print-spooler-file-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-print-spooler-point-and-print-dll.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-print-spooler-spl-file-created.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-printspooler-service-executable-file-creation.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-process-access-via-direct-system-call.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-process-creation-calltrace.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-process-execution-via-renamed-psexec-executable.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-rdp-activex-client-loaded.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-remote-registry-access-via-sebackupprivilege.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-script-object-execution.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-service-was-installed-in-the-system.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-solarwinds-child-process.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-startup-shell-folder-modification.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-werfault-child-process.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-wmi-image-load-from-ms-office.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-wmic-xsl-script-execution.asciidoc
#	docs/detections/prebuilt-rules/rule-details/suspicious-zoom-child-process.asciidoc
#	docs/detections/prebuilt-rules/rule-details/svchost-spawning-cmd.asciidoc
#	docs/detections/prebuilt-rules/rule-details/symbolic-link-to-shadow-copy-created.asciidoc
#	docs/detections/prebuilt-rules/rule-details/system-information-discovery-via-windows-command-shell.asciidoc
#	docs/detections/prebuilt-rules/rule-details/system-log-file-deletion.asciidoc
#	docs/detections/prebuilt-rules/rule-details/system-shells-via-services.asciidoc
#	docs/detections/prebuilt-rules/rule-details/systemkey-access-via-command-line.asciidoc
#	docs/detections/prebuilt-rules/rule-details/tcc-bypass-via-mounted-apfs-snapshot-access.asciidoc
#	docs/detections/prebuilt-rules/rule-details/temporarily-scheduled-task-creation.asciidoc
#	docs/detections/prebuilt-rules/rule-details/third-party-backup-files-deleted-via-unexpected-process.asciidoc
#	docs/detections/prebuilt-rules/rule-details/timestomping-using-touch-command.asciidoc
#	docs/detections/prebuilt-rules/rule-details/uac-bypass-attempt-via-elevated-com-internet-explorer-add-on-installer.asciidoc
#	docs/detections/prebuilt-rules/rule-details/uac-bypass-attempt-via-privileged-ifileoperation-com-interface.asciidoc
#	docs/detections/prebuilt-rules/rule-details/uac-bypass-attempt-via-windows-directory-masquerading.asciidoc
#	docs/detections/prebuilt-rules/rule-details/uac-bypass-attempt-with-ieditionupgrademanager-elevated-com-interface.asciidoc
#	docs/detections/prebuilt-rules/rule-details/uac-bypass-via-diskcleanup-scheduled-task-hijack.asciidoc
#	docs/detections/prebuilt-rules/rule-details/uac-bypass-via-icmluautil-elevated-com-interface.asciidoc
#	docs/detections/prebuilt-rules/rule-details/uac-bypass-via-windows-firewall-snap-in-hijack.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unauthorized-access-to-an-okta-application.asciidoc
#	docs/detections/prebuilt-rules/rule-details/uncommon-registry-persistence-change.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unexpected-child-process-of-macos-screensaver-engine.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-aws-command-for-a-user.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-child-process-from-a-system-virtual-process.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-child-processes-of-rundll32.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-city-for-an-aws-command.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-country-for-an-aws-command.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-dns-activity.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-executable-file-creation-by-a-system-critical-process.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-file-creation-alternate-data-stream.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-hour-for-a-user-to-logon.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-linux-network-activity.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-linux-network-connection-discovery.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-linux-network-port-activity.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-linux-process-calling-the-metadata-service.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-linux-process-discovery-activity.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-linux-system-information-discovery-activity.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-linux-user-calling-the-metadata-service.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-linux-username.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-login-activity.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-network-activity-from-a-windows-system-binary.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-network-connection-via-dllhost.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-network-connection-via-rundll32.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-network-destination-domain-name.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-parent-child-relationship.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-persistence-via-services-registry.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-print-spooler-child-process.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-process-execution-path-alternate-data-stream.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-process-for-a-linux-host.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-process-for-a-windows-host.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-process-network-connection.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-service-host-child-process-childless-service.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-source-ip-for-a-user-to-logon-from.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-sudo-activity.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-web-request.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-web-user-agent.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-windows-network-activity.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-windows-path-activity.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-windows-process-calling-the-metadata-service.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-windows-remote-user.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-windows-service.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-windows-user-calling-the-metadata-service.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-windows-user-privilege-elevation-activity.asciidoc
#	docs/detections/prebuilt-rules/rule-details/unusual-windows-username.asciidoc
#	docs/detections/prebuilt-rules/rule-det…
@mergify mergify bot mentioned this pull request Dec 12, 2024
Closed
@nastasha-solomon
Copy link
Contributor Author

💚 All backports created successfully

Status Branch Result
8.17

Questions ?

Please refer to the Backport tool documentation

@nastasha-solomon nastasha-solomon mentioned this pull request Dec 12, 2024
Merged
nastasha-solomon added a commit to nastasha-solomon/security-docs that referenced this pull request Dec 12, 2024
@nastasha-solomon
8.17.0 Release notes (elastic#6224)
d10c44a 
* First draft

* Adds ver header

* Adds latest info

* Updates my areas

* Edits

* Minor adjustments

* small tweaks

* known issue for exceptions

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com>

* Applies same changes

* ryland's input

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Steph Milovic <stephanie.milovic@elastic.co>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Mark Hopkin <mark.hopkin@elastic.co>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Steph Milovic <stephanie.milovic@elastic.co>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Steph Milovic <stephanie.milovic@elastic.co>

* Moar bugs

* Adds two new features

* revised ki summary

* Update docs/release-notes/8.17.asciidoc

* Update docs/release-notes/8.17.asciidoc

* Update docs/release-notes/8.17.asciidoc

* Update docs/release-notes/8.17.asciidoc

* editorial fixes

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>

---------

Co-authored-by: Benjamin Ironside Goldstein <benjamin.ironside@elastic.co>
Co-authored-by: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com>
Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>
Co-authored-by: Steph Milovic <stephanie.milovic@elastic.co>
Co-authored-by: Mark Hopkin <mark.hopkin@elastic.co>
Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>
(cherry picked from commit 7c79a64)
@bmorelli25 bmorelli25 added backport-main Adds a backport to the main branch. and removed backport-main Adds a backport to the main branch. labels Dec 12, 2024
mergify bot pushed a commit that referenced this pull request Dec 12, 2024
@nastasha-solomon @mergify
8.17.0 Release notes (#6224)
48cef26 
* First draft

* Adds ver header

* Adds latest info

* Updates my areas

* Edits

* Minor adjustments

* small tweaks

* known issue for exceptions

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com>

* Applies same changes

* ryland's input

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Steph Milovic <stephanie.milovic@elastic.co>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Mark Hopkin <mark.hopkin@elastic.co>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Steph Milovic <stephanie.milovic@elastic.co>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Steph Milovic <stephanie.milovic@elastic.co>

* Moar bugs

* Adds two new features

* revised ki summary

* Update docs/release-notes/8.17.asciidoc

* Update docs/release-notes/8.17.asciidoc

* Update docs/release-notes/8.17.asciidoc

* Update docs/release-notes/8.17.asciidoc

* editorial fixes

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>

---------

Co-authored-by: Benjamin Ironside Goldstein <benjamin.ironside@elastic.co>
Co-authored-by: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com>
Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>
Co-authored-by: Steph Milovic <stephanie.milovic@elastic.co>
Co-authored-by: Mark Hopkin <mark.hopkin@elastic.co>
Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>
(cherry picked from commit 7c79a64)

# Conflicts:
#	docs/release-notes.asciidoc
@mergify mergify bot mentioned this pull request Dec 12, 2024
Closed
benironside pushed a commit that referenced this pull request Dec 12, 2024
@nastasha-solomon @jmikell821
8.17.0 Release notes (#6224) (#6307)
d8d2bce 
* First draft

* Adds ver header

* Adds latest info

* Updates my areas

* Edits

* Minor adjustments

* small tweaks

* known issue for exceptions

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com>

* Applies same changes

* ryland's input

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Steph Milovic <stephanie.milovic@elastic.co>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Mark Hopkin <mark.hopkin@elastic.co>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Steph Milovic <stephanie.milovic@elastic.co>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Steph Milovic <stephanie.milovic@elastic.co>

* Moar bugs

* Adds two new features

* revised ki summary

* Update docs/release-notes/8.17.asciidoc

* Update docs/release-notes/8.17.asciidoc

* Update docs/release-notes/8.17.asciidoc

* Update docs/release-notes/8.17.asciidoc

* editorial fixes

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>

---------

Co-authored-by: Benjamin Ironside Goldstein <benjamin.ironside@elastic.co>
Co-authored-by: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com>
Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>
Co-authored-by: Steph Milovic <stephanie.milovic@elastic.co>
Co-authored-by: Mark Hopkin <mark.hopkin@elastic.co>
Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>
(cherry picked from commit 7c79a64)

Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>
This was referenced Dec 12, 2024
Merged
Merged
@nastasha-solomon nastasha-solomon deleted the rn-8.17.0 branch December 16, 2024 15:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stephmilovic stephmilovic stephmilovic left review comments

@nkhristinin nkhristinin nkhristinin left review comments

@approksiu approksiu approksiu approved these changes

@jmikell821 jmikell821 jmikell821 left review comments

@natasha-moore-elastic natasha-moore-elastic natasha-moore-elastic left review comments

@hop-dev hop-dev hop-dev approved these changes

@ebeahan ebeahan ebeahan approved these changes

@yctercero yctercero yctercero approved these changes

@caitlinbetz caitlinbetz caitlinbetz approved these changes

@gabriellandau gabriellandau gabriellandau approved these changes

@benironside benironside benironside approved these changes

@banderror banderror Awaiting requested review from banderror

@PhilippeOberti PhilippeOberti Awaiting requested review from PhilippeOberti

@paulewing paulewing Awaiting requested review from paulewing

@angorayc angorayc Awaiting requested review from angorayc

@semd semd Awaiting requested review from semd

@jaredburgettelastic jaredburgettelastic Awaiting requested review from jaredburgettelastic

@smriti-elastic smriti-elastic Awaiting requested review from smriti-elastic

@jamesspi jamesspi Awaiting requested review from jamesspi

@Charelzard Charelzard Awaiting requested review from Charelzard

Assignees

@nastasha-solomon nastasha-solomon

@benironside benironside

Labels
Effort: Large Issues that require significant planning, research, writing, and testing Priority: High Issues that are time-sensitive and/or are of high customer importance release-notes v8.17.0 v8.18.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.