IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
Elastic Docs SIEM Guide [7.6] Detections (Beta)
« Tuning prebuilt detection rules

Prebuilt rules version historyedit

This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.

This section lists all changes to prebuilt rules:

Adobe Hijack Persistence
Version Release Change

2

7.6.2

Fixed typo in rule query (from not process.name:msiexeec.exe to not process.name:msiexec.exe).
DNS Activity to the Internet
Version Release Change

2

7.6.1

Removed auditbeat-*, packetbeat-*, and winlogbeat-* from the rule indices.
FTP (File Transfer Protocol) Activity to the Internet
Version Release Change

2

7.6.1

Removed auditbeat-*, packetbeat-*, and winlogbeat-* from the rule indices.
IPSEC NAT Traversal Port Activity
Version Release Change

2

7.6.1

Removed auditbeat-*, packetbeat-*, and winlogbeat-* from the rule indices.
IRC (Internet Relay Chat) Protocol Activity to the Internet
Version Release Change

2

7.6.1

Removed auditbeat-*, packetbeat-*, and winlogbeat-* from the rule indices.
PPTP (Point to Point Tunneling Protocol) Activity
Version Release Change

2

7.6.1

Removed auditbeat-*, packetbeat-*, and winlogbeat-* from the rule indices.
Potential Shell via Web Server
Version Release Change

2

7.6.1

Fixed typo in rule query (from (apache or www or "wwww-data") to (apache or www or "www-data")).
Proxy Port Activity to the Internet
Version Release Change

2

7.6.1

Removed auditbeat-*, packetbeat-*, and winlogbeat-* from the rule indices.
RDP (Remote Desktop Protocol) from the Internet
Version Release Change

2

7.6.1

Removed auditbeat-*, packetbeat-*, and winlogbeat-* from the rule indices.
RDP (Remote Desktop Protocol) to the Internet
Version Release Change

2

7.6.1

Removed auditbeat-*, packetbeat-*, and winlogbeat-* from the rule indices.
RPC (Remote Procedure Call) from the Internet
Version Release Change

2

7.6.1

Removed auditbeat-*, packetbeat-*, and winlogbeat-* from the rule indices.
RPC (Remote Procedure Call) to the Internet
Version Release Change

2

7.6.1

Removed auditbeat-*, packetbeat-*, and winlogbeat-* from the rule indices.
SMB (Windows File Sharing) Activity to the Internet
Version Release Change

2

7.6.1

Removed auditbeat-*, packetbeat-*, and winlogbeat-* from the rule indices.
SMTP on Port 26/TCP
Version Release Change

2

7.6.1

Removed auditbeat-*, packetbeat-*, and winlogbeat-* from the rule indices.
SMTP to the Internet
Version Release Change

2

7.6.1

Removed auditbeat-*, packetbeat-*, and winlogbeat-* from the rule indices.
SQL Traffic to the Internet
Version Release Change

2

7.6.1

Removed auditbeat-*, packetbeat-*, and winlogbeat-* from the rule indices.
SSH (Secure Shell) from the Internet
Version Release Change

2

7.6.1

Removed auditbeat-*, packetbeat-*, and winlogbeat-* from the rule indices.
SSH (Secure Shell) to the Internet
Version Release Change

2

7.6.1

Removed auditbeat-*, packetbeat-*, and winlogbeat-* from the rule indices.
TCP Port 8000 Activity to the Internet
Version Release Change

2

7.6.1

Removed auditbeat-*, packetbeat-*, and winlogbeat-* from the rule indices.
Telnet Port Activity
Version Release Change

2

7.6.1

Removed auditbeat-*, packetbeat-*, and winlogbeat-* from the rule indices.
Tor Activity to the Internet
Version Release Change

2

7.6.1

Removed auditbeat-*, packetbeat-*, and winlogbeat-* from the rule indices.
VNC (Virtual Network Computing) from the Internet
Version Release Change

2

7.6.1

Removed auditbeat-*, packetbeat-*, and winlogbeat-* from the rule indices.
VNC (Virtual Network Computing) to the Internet
Version Release Change

2

7.6.1

Removed auditbeat-*, packetbeat-*, and winlogbeat-* from the rule indices.
« Tuning prebuilt detection rules