IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
Elastic Docs Elastic Security Solution [7.16] Detections and alerts
« macOS Installer Spawns Network Event Update v0.13.1 »

Downloadable rule updatesedit

This section lists all updates to prebuilt detection rules, made available with the Prebuilt Security Detection Rules integration in Fleet.

To download the latest updates, follow the instructions in Download latest prebuilt Elastic rules.

Update version Date New rules Updated rules Notes

7.16.4

24 Aug 2022

434

69

This release includes new rules for Windows, macOS, Linux, and Kubernetes, as well as additional tuning efforts. Also included are expanded investigation guides for Windows, Azure, and GCP.

7.16.3

24 Jun 2022

12

121

This release includes new rules for Windows, MacOS, Linux and Kubernetes. Also included are expanded investigation guides for Windows rules. Additionally, this update includes new rules to help detect emerging threat BPFDoor. Updates to existing Windows rules were made to help detect exploitation attempts against CVE-2022-30190.

0.16.2

28 Apr 2022

23

271

This release includes new rules for MacOS regarding initial access and persistence coverage. New rules to detect shell evasion in Linux have also been added. Also included are expanded investigation guides for Windows rules as well as new rules for credential theft and Active Directory (AD). Additionally, this update includes new rules to help detect the emerging threat CVE-2022-0847 (Dirty Pipe)

0.16.1

16 Feb 2022

33

160

This update includes several new rules expanding coverage on Windows and other platforms, spanning multiple tactics.

0.14.3

13 Dec 2021

35

45

This release includes an update to an existing rule and adds a new rule to help detect CVE-2021-44228 (log4j2). Also included are updates and new rules for cloud integrations, windows, PowerShell, and others.

0.14.2

15 Oct 2021

18

89

This release includes rules covering Windows endpoints, as well as several third-party integrations — including rules contributed by the community.

0.14.1

08 Sep 2021

3

71

Included in this release is a rule to detect web shells, including ProxyShell activity.

0.13.3

22 Jul 2021

4

36

Included in this release is a rule for Windows Defender Exclusions, which has been used in recent campaigns, as well as a rule to resiliently detect parent PID spoofing.

0.13.2

07 Jul 2021

15

6

Included in this release are 3 new rules for the recently observed REvil activity as well as 4 new rules covering the recent PrintNightmare vulnerability.

0.13.1

21 Jun 2021

4

41

« macOS Installer Spawns Network Event Update v0.13.1 »