Downloadable rule updatesedit
This section lists all updates to prebuilt detection rules, made available with the Prebuilt Security Detection Rules integration in Fleet.
To update your installed rules to the latest versions, follow the instructions in Update Elastic prebuilt rules.
For previous rule updates, please navigate to the last version.
| Update version | Date | New rules | Updated rules | Notes |
|---|---|---|---|---|
06 May 2024 |
6 |
0 |
This release includes new ES |
|
QL rules for AWS. New rules for AWS include detection for AWS S3 Bucket enumeration or brute force attempts. Additionally, this release includes new rules to detect threats against LLMs. |
30 Apr 2024 |
2 |
2 |
|
This release includes new rules for Linux and Windows and tuned rules for Linux. New rules for Linux include detection for persistence. New rules for Windows include detection for privilege escalation. Additionally, significant rule tuning for Linux rules has been added for better rule efficacy and performance. |
23 Apr 2024 |
11 |
110 |
|
This release includes new rules and tuned rules for Windows. New rules for Windows include detection for potential windows session hijacking via CcmExec. Additionally, significant rule tuning for Windows rules has been added for better rule efficacy and performance. |
03 Apr 2024 |
8 |
238 |
|
This release includes new rules for Linux and Windows and tuned rules for Windows.
Deprecated rules include |
25 Mar 2024 |
5 |
549 |
|
This release includes new rules for Linux and Windows and tuned rules for Linux, Windows and macOS. New rules for Linux include detection for execution. New rules for Windows include detection for credential access. Additionally, significant rule tuning for Windows, Linux and macOS rules has been added for better rule efficacy and performance. |
07 Mar 2024 |
9 |
7 |