A newer version is available. Check out the latest documentation.

Downloadable rule updates

edit

This section lists all updates to prebuilt detection rules, made available with the Prebuilt Security Detection Rules integration in Fleet.

To update your installed rules to the latest versions, follow the instructions in Update Elastic prebuilt rules.

For previous rule updates, please navigate to the last version.

Update version Date New rules Updated rules Notes

8.18.7

18 Jun 2025

13

26

This release includes new rules for Windows, Linux, Azure and AWS. New rules for Windows include detection for initial access and credential access. New rules for Linux include detection for discovery, lateral movement and credential access. New rules for Azure include detection for initial access, credential access and discovery. New rules for AWS include detection for impact and defense evasion. Additionally, significant rule tuning for Windows, Linux, AWS, Azure and Kubernetes rules has been added for better rule efficacy and performance.

8.18.6

03 Jun 2025

6

11

This release includes new rules for Windows, Azure and Microsoft 365. New rules for Windows include detection for privilege escalation and defense evasion. New rules for Azure include detection for initial access and privilege escalation. New rules for Microsoft 365 include detection for defense evasion. Additionally, significant rule tuning for Windows, AWS, Azure and Microsoft 365 rules has been added for better rule efficacy and performance.

8.18.5

20 May 2025

3

9

This release includes new rules for Azure and Microsoft 365. New rules for Azure include detection for initial access and collection. New rules for Microsoft 365 include detection for credential access. Additionally, significant rule tuning for Windows, Azure and Microsoft 365 rules has been added for better rule efficacy and performance.

8.18.4

07 May 2025

39

41

This release includes new rules for Windows, Linux, Azure, AWS and Microsoft 365. New rules for Windows include detection for defense evasion and credential access. New rules for Linux include detection for command and control, defense evasion, exfiltration, discovery, persistence, execution, privilege escalation and credential access. New rules for Azure include detection for initial access, credential access, collection, defense evasion and command and control. New rules for AWS include detection for impact. New rules for Microsoft 365 include defense evasion, initial access and credential access. Additionally, significant rule tuning for Windows, Linux and Azure rules has been added for better rule efficacy and performance.

8.18.3

30 Apr 2025

0

55

Version parity to ensure future updates are more meaningful and informative

8.18.2

28 Apr 2025

21

11

This release includes new rules for Windows, Linux, Azure and AWS. New rules for Windows include detection for defense evasion and execution New rules for Linux include detection for credential access, execution, privilege escalation, credential access, lateral movement and discovery. New rules for Azure include detection for initial access. New rules for AWS include detection for initial access and persistence. Additionally, significant rule tuning for MacOS, Windows, Microsoft 365, Linux and Azure rules has been added for better rule efficacy and performance.

8.18.1

08 Apr 2025

5

75

This release includes new rules for MacOS, Microsoft 365, AWS and PAD. New rules for MacOS include detection for command and control. New rules for Microsoft 365 include detection for initial access. New rules for AWS include detection for exfiltration. New rules for PAD include detection for privilege escalation. Elastic Defend for Container rules are deprecated. Additionally, significant rule tuning for Linux, Windows, Microsoft 365 and Azure rules has been added for better rule efficacy and performance.