Prebuilt rules version history

IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.

Prebuilt rules version history

This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.

This section lists all changes to prebuilt rules:

Adobe Hijack Persistence

Version	Release	Change
2	7.6.2	Fixed typo in rule query (from `not process.name:msiexeec.exe` to `not process.name:msiexec.exe`).

DNS Activity to the Internet

Version	Release	Change
2	7.6.1	Removed auditbeat-, packetbeat-, and winlogbeat-* from the rule indices.

FTP (File Transfer Protocol) Activity to the Internet

Version	Release	Change
2	7.6.1	Removed auditbeat-, packetbeat-, and winlogbeat-* from the rule indices.

IPSEC NAT Traversal Port Activity

Version	Release	Change
2	7.6.1	Removed auditbeat-, packetbeat-, and winlogbeat-* from the rule indices.

IRC (Internet Relay Chat) Protocol Activity to the Internet

Version	Release	Change
2	7.6.1	Removed auditbeat-, packetbeat-, and winlogbeat-* from the rule indices.

PPTP (Point to Point Tunneling Protocol) Activity

Version	Release	Change
2	7.6.1	Removed auditbeat-, packetbeat-, and winlogbeat-* from the rule indices.

Potential Shell via Web Server

Version	Release	Change
2	7.6.1	Fixed typo in rule query (from `(apache or www or "wwww-data")` to `(apache or www or "www-data")`).

Proxy Port Activity to the Internet

Version	Release	Change
2	7.6.1	Removed auditbeat-, packetbeat-, and winlogbeat-* from the rule indices.

RDP (Remote Desktop Protocol) from the Internet

Version	Release	Change
2	7.6.1	Removed auditbeat-, packetbeat-, and winlogbeat-* from the rule indices.

RDP (Remote Desktop Protocol) to the Internet

Version	Release	Change
2	7.6.1	Removed auditbeat-, packetbeat-, and winlogbeat-* from the rule indices.

RPC (Remote Procedure Call) from the Internet

Version	Release	Change
2	7.6.1	Removed auditbeat-, packetbeat-, and winlogbeat-* from the rule indices.

RPC (Remote Procedure Call) to the Internet

Version	Release	Change
2	7.6.1	Removed auditbeat-, packetbeat-, and winlogbeat-* from the rule indices.

SMTP on Port 26/TCP

Version	Release	Change
2	7.6.1	Removed auditbeat-, packetbeat-, and winlogbeat-* from the rule indices.

SMTP to the Internet

Version	Release	Change
2	7.6.1	Removed auditbeat-, packetbeat-, and winlogbeat-* from the rule indices.

SQL Traffic to the Internet

Version	Release	Change
2	7.6.1	Removed auditbeat-, packetbeat-, and winlogbeat-* from the rule indices.

SSH (Secure Shell) from the Internet

Version	Release	Change
2	7.6.1	Removed auditbeat-, packetbeat-, and winlogbeat-* from the rule indices.

SSH (Secure Shell) to the Internet

Version	Release	Change
2	7.6.1	Removed auditbeat-, packetbeat-, and winlogbeat-* from the rule indices.

TCP Port 8000 Activity to the Internet

Version	Release	Change
2	7.6.1	Removed auditbeat-, packetbeat-, and winlogbeat-* from the rule indices.

Telnet Port Activity

Version	Release	Change
2	7.6.1	Removed auditbeat-, packetbeat-, and winlogbeat-* from the rule indices.

Tor Activity to the Internet

Version	Release	Change
2	7.6.1	Removed auditbeat-, packetbeat-, and winlogbeat-* from the rule indices.

VNC (Virtual Network Computing) from the Internet

Version	Release	Change
2	7.6.1	Removed auditbeat-, packetbeat-, and winlogbeat-* from the rule indices.

VNC (Virtual Network Computing) to the Internet

Version	Release	Change
2	7.6.1	Removed auditbeat-, packetbeat-, and winlogbeat-* from the rule indices.

« Tuning prebuilt detection rules