toml-lint

Author: Mikaayenson

rules/cross-platform/collection_genai_process_sensitive_file_access.toml

@@ -8,9 +8,9 @@ updated_date = "2025/12/04"
 author = ["Elastic"]
 description = """
 Detects when GenAI tools access sensitive files such as cloud credentials, SSH keys, browser password databases, or
-shell configurations. Attackers leverage GenAI agents to systematically locate and exfiltrate credentials, API keys,
-and tokens. Access to credential stores (.aws/credentials, .ssh/id_*) suggests harvesting, while writes to shell
-configs (.bashrc, .zshrc) indicate persistence attempts.
+shell configurations. Attackers leverage GenAI agents to systematically locate and exfiltrate credentials, API keys, and
+tokens. Access to credential stores (.aws/credentials, .ssh/id_*) suggests harvesting, while writes to shell configs
+(.bashrc, .zshrc) indicate persistence attempts.
 """
 from = "now-9m"
 index = ["logs-endpoint.events.file*"]
@@ -47,12 +47,12 @@ This rule detects GenAI tools accessing credential files, SSH keys, browser data
 - Update security policies to restrict or monitor GenAI tool usage in the environment, especially for access to sensitive files.
 """
 references = [
-  "https://atlas.mitre.org/techniques/AML.T0085",
-  "https://atlas.mitre.org/techniques/AML.T0085.001",
-  "https://atlas.mitre.org/techniques/AML.T0055",
-  "https://glama.ai/blog/2025-11-11-the-lethal-trifecta-securing-model-context-protocol-against-data-flow-attacks",
-  "https://www.elastic.co/security-labs/elastic-advances-llm-security",
-  "https://specterops.io/blog/2025/11/21/an-evening-with-claude-code"
+    "https://atlas.mitre.org/techniques/AML.T0085",
+    "https://atlas.mitre.org/techniques/AML.T0085.001",
+    "https://atlas.mitre.org/techniques/AML.T0055",
+    "https://glama.ai/blog/2025-11-11-the-lethal-trifecta-securing-model-context-protocol-against-data-flow-attacks",
+    "https://www.elastic.co/security-labs/elastic-advances-llm-security",
+    "https://specterops.io/blog/2025/11/21/an-evening-with-claude-code",
 ]
 risk_score = 73
 rule_id = "c0136397-f82a-45e5-9b9f-a3651d77e21a"
@@ -74,6 +74,7 @@ tags = [
 ]
 timestamp_override = "event.ingested"
 type = "eql"
+
 query = '''
 file where event.action in ("open", "creation", "modification") and event.outcome == "success" and
 
@@ -123,36 +124,36 @@ file where event.action in ("open", "creation", "modification") and event.outcom
                   "KeePass.config.xml", 
                   "Unattended.xml")
   )
-
 '''
 
+
 [[rule.threat]]
 framework = "MITRE ATLAS"
+[[rule.threat.technique]]
+id = "AML.T0085"
+name = "Data from AI Services"
+reference = "https://atlas.mitre.org/techniques/AML.T0085/"
+[[rule.threat.technique.subtechnique]]
+id = "AML.T0085.001"
+name = "AI Agent Tools"
+reference = "https://atlas.mitre.org/techniques/AML.T0085.001/"
 
-  [rule.threat.tactic]
-  name = "Collection"
-  id = "AML.TA0009"
-  reference = "https://atlas.mitre.org/tactics/AML.TA0009/"
 
-  [[rule.threat.technique]]
-  name = "Data from AI Services"
-  id = "AML.T0085"
-  reference = "https://atlas.mitre.org/techniques/AML.T0085/"
-
-    [[rule.threat.technique.subtechnique]]
-    name = "AI Agent Tools"
-    id = "AML.T0085.001"
-    reference = "https://atlas.mitre.org/techniques/AML.T0085.001"
 
+[rule.threat.tactic]
+id = "AML.TA0009"
+name = "Collection"
+reference = "https://atlas.mitre.org/tactics/AML.TA0009/"
 [[rule.threat]]
 framework = "MITRE ATLAS"
+[[rule.threat.technique]]
+id = "AML.T0055"
+name = "Unsecured Credentials"
+reference = "https://atlas.mitre.org/techniques/AML.T0055/"
+
 
-  [rule.threat.tactic]
-  name = "Credential Access"
-  id = "AML.TA0013"
-  reference = "https://atlas.mitre.org/tactics/AML.TA0013/"
+[rule.threat.tactic]
+id = "AML.TA0013"
+name = "Credential Access"
+reference = "https://atlas.mitre.org/tactics/AML.TA0013/"
 
-  [[rule.threat.technique]]
-  name = "Unsecured Credentials"
-  id = "AML.T0055"
-  reference = "https://atlas.mitre.org/techniques/AML.T0055/"

rules/cross-platform/command_and_control_genai_process_suspicious_tld_connection.toml

@@ -7,10 +7,10 @@ updated_date = "2025/12/04"
 [rule]
 author = ["Elastic"]
 description = """
-Detects when GenAI tools connect to domains using suspicious TLDs commonly abused for malware C2 infrastructure.
-TLDs like .top, .xyz, .ml, .cf, .onion are frequently used in phishing and malware campaigns. Legitimate GenAI
-services use well-established domains (.com, .ai, .io), so connections to suspicious TLDs may indicate compromised
-tools, malicious plugins, or AI-generated code connecting to attacker infrastructure.
+Detects when GenAI tools connect to domains using suspicious TLDs commonly abused for malware C2 infrastructure. TLDs
+like .top, .xyz, .ml, .cf, .onion are frequently used in phishing and malware campaigns. Legitimate GenAI services use
+well-established domains (.com, .ai, .io), so connections to suspicious TLDs may indicate compromised tools, malicious
+plugins, or AI-generated code connecting to attacker infrastructure.
 """
 from = "now-9m"
 index = ["logs-endpoint.events.network*", "winlogbeat-*", "logs-windows.sysmon_operational-*"]
@@ -52,9 +52,9 @@ This rule detects GenAI tools connecting to domains with TLDs commonly abused by
 - Add detection for secondary indicators (reverse shells, encoded C2 traffic, odd user-agent strings).
 """
 references = [
-  "https://www.cybercrimeinfocenter.org/top-20-tlds-by-malicious-phishing-domains",
-  "https://atlas.mitre.org/techniques/AML.T0086",
-  "https://www.elastic.co/security-labs/elastic-advances-llm-security"
+    "https://www.cybercrimeinfocenter.org/top-20-tlds-by-malicious-phishing-domains",
+    "https://atlas.mitre.org/techniques/AML.T0086",
+    "https://www.elastic.co/security-labs/elastic-advances-llm-security",
 ]
 risk_score = 73
 rule_id = "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
@@ -73,6 +73,7 @@ tags = [
 ]
 timestamp_override = "event.ingested"
 type = "eql"
+
 query = '''
 network where host.os.type in ("macos", "windows") and
 
@@ -109,34 +110,34 @@ network where host.os.type in ("macos", "windows") and
   )
 '''
 
+
 [[rule.threat]]
 framework = "MITRE ATT&CK"
+[[rule.threat.technique]]
+id = "T1071"
+name = "Application Layer Protocol"
+reference = "https://attack.mitre.org/techniques/T1071/"
+[[rule.threat.technique.subtechnique]]
+id = "T1071.004"
+name = "DNS"
+reference = "https://attack.mitre.org/techniques/T1071/004/"
 
-  [rule.threat.tactic]
-  name = "Command and Control"
-  id = "TA0011"
-  reference = "https://attack.mitre.org/tactics/TA0011/"
-
-  [[rule.threat.technique]]
-  name = "Application Layer Protocol"
-  id = "T1071"
-  reference = "https://attack.mitre.org/techniques/T1071/"
 
-    [[rule.threat.technique.subtechnique]]
-    name = "DNS"
-    id = "T1071.004"
-    reference = "https://attack.mitre.org/techniques/T1071/004/"
 
+[rule.threat.tactic]
+id = "TA0011"
+name = "Command and Control"
+reference = "https://attack.mitre.org/tactics/TA0011/"
 [[rule.threat]]
 framework = "MITRE ATLAS"
+[[rule.threat.technique]]
+id = "AML.T0086"
+name = "Exfiltration via AI Agent Tool Invocation"
+reference = "https://atlas.mitre.org/techniques/AML.T0086/"
 
-  [rule.threat.tactic]
-  name = "Exfiltration"
-  id = "AML.TA0010"
-  reference = "https://atlas.mitre.org/tactics/AML.TA0010/"
 
-  [[rule.threat.technique]]
-  name = "Exfiltration via AI Agent Tool Invocation"
-  id = "AML.T0086"
-  reference = "https://atlas.mitre.org/techniques/AML.T0086/"
+[rule.threat.tactic]
+id = "AML.TA0010"
+name = "Exfiltration"
+reference = "https://atlas.mitre.org/tactics/AML.TA0010/"
 

rules/cross-platform/command_and_control_genai_process_unusual_domain.toml

@@ -50,10 +50,10 @@ GenAI tools with network access can be weaponized to contact attacker infrastruc
 - Update detection rules to monitor the identified domain across all hosts in the environment.
 """
 references = [
-  "https://atlas.mitre.org/techniques/AML.T0086",
-  "https://glama.ai/blog/2025-11-11-the-lethal-trifecta-securing-model-context-protocol-against-data-flow-attacks",
-  "https://www.elastic.co/security-labs/elastic-advances-llm-security",
-  "https://specterops.io/blog/2025/11/21/an-evening-with-claude-code"
+    "https://atlas.mitre.org/techniques/AML.T0086",
+    "https://glama.ai/blog/2025-11-11-the-lethal-trifecta-securing-model-context-protocol-against-data-flow-attacks",
+    "https://www.elastic.co/security-labs/elastic-advances-llm-security",
+    "https://specterops.io/blog/2025/11/21/an-evening-with-claude-code",
 ]
 risk_score = 47
 rule_id = "9050506c-df6d-4bdf-bc82-fcad0ef1e8c1"
@@ -74,109 +74,86 @@ timestamp_override = "event.ingested"
 type = "new_terms"
 
 query = '''
-event.category : ("network" or "dns") and
-process.name : (
-    "ollama" or "ollama.exe" or "Ollama" or
-    "textgen" or "textgen.exe" or "text-generation-webui.exe" or "oobabooga.exe" or
-    "lmstudio" or "lmstudio.exe" or "LM Studio" or
-    "claude" or "claude.exe" or "Claude" or
-    "cursor" or "cursor.exe" or "Cursor" or
-    "Cursor Helper" or "Cursor Helper (Plugin)" or
-    "Claude Helper" or "Claude Helper (Plugin)" or
-    "copilot" or "copilot.exe" or "Copilot" or
-    "codex" or "codex.exe" or
-    "Jan" or "jan" or "jan.exe" or "Jan Helper" or
-    "gpt4all" or "gpt4all.exe" or "GPT4All" or
-    "gemini-cli" or "gemini-cli.exe" or
-    "genaiscript" or "genaiscript.exe" or
-    "grok" or "grok.exe" or
-    "qwen" or "qwen.exe" or
-    "koboldcpp" or "koboldcpp.exe" or "KoboldCpp" or
-    "llama-server" or "llama-cli" or
-    "Windsurf" or "windsurf" or "windsurf.exe" or
-    "Windsurf Helper" or "Windsurf Helper (Plugin)" or
-    "deno" or "deno.exe" or
-    "npx" or "pnpm" or "yarn" or "bunx"
-) and
-(
-    (host.os.type : "macos" and destination.domain : * and not destination.domain : (
-        *.openai.com or "openai.com" or *.anthropic.com or "anthropic.com" or
-        *.cursor.sh or "cursor.sh" or *.cursor.com or "cursor.com" or
-        *.ollama.com or "ollama.com" or *.ollama.ai or "ollama.ai" or
-        *.github.com or "github.com" or *.githubusercontent.com or
-        *.lmstudio.ai or "lmstudio.ai" or *.gpt4all.io or "gpt4all.io" or
-        *.huggingface.co or "huggingface.co" or *.hf.co or "hf.co" or
-        *.cloudflare.com or *.cloudflare-dns.com or *.cdn.cloudflare.net or
-        *.cloudflarestorage.com or *.r2.cloudflarestorage.com or *.akamaized.net or
-        *.googleapis.com or *.google.com or *.microsoft.com or *.azure.com or
-        *.msedge.net or "aka.ms" or *.aka.ms or
-        *.npmjs.org or *.npmjs.com or *.yarnpkg.com or *.pypi.org or
-        *.elastic.co or *.elastic-cloud.com or "localhost" or
-        *.sentry.io or *.segment.io or *.amplitude.com or *.mixpanel.com or
-        *.codeium.com or *.windsurf.ai or *.x.ai or *.grok.x.ai or
-        *.gemini.google.com or *.generativelanguage.googleapis.com or
-        *.jan.ai or *.aws.amazon.com or *.amazonaws.com or
-        *.exp-tas.com or *.gitkraken.com or *.gitkraken.dev or *.datadoghq.com or
-        *.visualstudio.com or *.launchdarkly.com or *.githubcopilot.com or
-        *.vsassets.io or *.vscode-cdn.net or
-        *.intercom.io or *.honeycomb.io or *.atlassian.com or "atlassian.com"
-    ))
-    or
-    (host.os.type : "windows" and dns.question.name : * and not dns.question.name : (
-        *.openai.com or "openai.com" or *.anthropic.com or "anthropic.com" or
-        *.cursor.sh or "cursor.sh" or *.cursor.com or "cursor.com" or
-        *.ollama.com or "ollama.com" or *.ollama.ai or "ollama.ai" or
-        *.github.com or "github.com" or *.githubusercontent.com or
-        *.lmstudio.ai or "lmstudio.ai" or *.gpt4all.io or "gpt4all.io" or
-        *.huggingface.co or "huggingface.co" or *.hf.co or "hf.co" or
-        *.cloudflare.com or *.cloudflare-dns.com or *.cdn.cloudflare.net or
-        *.cloudflarestorage.com or *.r2.cloudflarestorage.com or *.akamaized.net or
-        *.googleapis.com or *.google.com or *.microsoft.com or *.azure.com or
-        *.msedge.net or "aka.ms" or *.aka.ms or
-        *.npmjs.org or *.npmjs.com or *.yarnpkg.com or *.pypi.org or
-        *.elastic.co or *.elastic-cloud.com or "localhost" or
-        *.sentry.io or *.segment.io or *.amplitude.com or *.mixpanel.com or
-        *.codeium.com or *.windsurf.ai or *.x.ai or *.grok.x.ai or
-        *.gemini.google.com or *.generativelanguage.googleapis.com or
-        *.jan.ai or *.aws.amazon.com or *.amazonaws.com or
-        *.exp-tas.com or *.gitkraken.com or *.gitkraken.dev or *.datadoghq.com or
-        *.visualstudio.com or *.launchdarkly.com or *.githubcopilot.com or
-        *.vsassets.io or *.vscode-cdn.net or
-        *.intercom.io or *.honeycomb.io or *.atlassian.com or "atlassian.com"
+event.category:(dns or network) and
+process.name:(
+    Claude or "Claude Helper" or "Claude Helper (Plugin)" or Copilot or Cursor or
+    "Cursor Helper" or "Cursor Helper (Plugin)" or GPT4All or Jan or "Jan Helper" or
+    KoboldCpp or "LM Studio" or Ollama or Windsurf or "Windsurf Helper" or
+    "Windsurf Helper (Plugin)" or bunx or claude or claude.exe or codex or codex.exe or
+    copilot or copilot.exe or cursor or cursor.exe or deno or deno.exe or gemini-cli or
+    gemini-cli.exe or genaiscript or genaiscript.exe or gpt4all or gpt4all.exe or grok or
+    grok.exe or jan or jan.exe or koboldcpp or koboldcpp.exe or llama-cli or llama-server or
+    lmstudio or lmstudio.exe or npx or ollama or ollama.exe or oobabooga.exe or pnpm or
+    qwen or qwen.exe or text-generation-webui.exe or textgen or textgen.exe or windsurf or
+    windsurf.exe or yarn
+) and (
+    host.os.type:macos and destination.domain:(* and not (
+        aka.ms or anthropic.com or atlassian.com or cursor.com or cursor.sh or github.com or
+        gpt4all.io or hf.co or huggingface.co or lmstudio.ai or localhost or ollama.ai or
+        ollama.com or openai.com or *.aka.ms or *.akamaized.net or *.amazonaws.com or
+        *.amplitude.com or *.anthropic.com or *.atlassian.com or *.aws.amazon.com or
+        *.azure.com or *.cdn.cloudflare.net or *.cloudflare-dns.com or *.cloudflare.com or
+        *.cloudflarestorage.com or *.codeium.com or *.cursor.com or *.cursor.sh or
+        *.datadoghq.com or *.elastic-cloud.com or *.elastic.co or *.exp-tas.com or
+        *.gemini.google.com or *.generativelanguage.googleapis.com or *.github.com or
+        *.githubcopilot.com or *.githubusercontent.com or *.gitkraken.com or *.gitkraken.dev or
+        *.google.com or *.googleapis.com or *.gpt4all.io or *.grok.x.ai or *.hf.co or
+        *.honeycomb.io or *.huggingface.co or *.intercom.io or *.jan.ai or *.launchdarkly.com or
+        *.lmstudio.ai or *.microsoft.com or *.mixpanel.com or *.msedge.net or *.npmjs.com or
+        *.npmjs.org or *.ollama.ai or *.ollama.com or *.openai.com or *.pypi.org or
+        *.r2.cloudflarestorage.com or *.segment.io or *.sentry.io or *.visualstudio.com or
+        *.vsassets.io or *.vscode-cdn.net or *.windsurf.ai or *.x.ai or *.yarnpkg.com
+    )) or
+    host.os.type:windows and dns.question.name:(* and not (
+        aka.ms or anthropic.com or atlassian.com or cursor.com or cursor.sh or github.com or
+        gpt4all.io or hf.co or huggingface.co or lmstudio.ai or localhost or ollama.ai or
+        ollama.com or openai.com or *.aka.ms or *.akamaized.net or *.amazonaws.com or
+        *.amplitude.com or *.anthropic.com or *.atlassian.com or *.aws.amazon.com or
+        *.azure.com or *.cdn.cloudflare.net or *.cloudflare-dns.com or *.cloudflare.com or
+        *.cloudflarestorage.com or *.codeium.com or *.cursor.com or *.cursor.sh or
+        *.datadoghq.com or *.elastic-cloud.com or *.elastic.co or *.exp-tas.com or
+        *.gemini.google.com or *.generativelanguage.googleapis.com or *.github.com or
+        *.githubcopilot.com or *.githubusercontent.com or *.gitkraken.com or *.gitkraken.dev or
+        *.google.com or *.googleapis.com or *.gpt4all.io or *.grok.x.ai or *.hf.co or
+        *.honeycomb.io or *.huggingface.co or *.intercom.io or *.jan.ai or *.launchdarkly.com or
+        *.lmstudio.ai or *.microsoft.com or *.mixpanel.com or *.msedge.net or *.npmjs.com or
+        *.npmjs.org or *.ollama.ai or *.ollama.com or *.openai.com or *.pypi.org or
+        *.r2.cloudflarestorage.com or *.segment.io or *.sentry.io or *.visualstudio.com or
+        *.vsassets.io or *.vscode-cdn.net or *.windsurf.ai or *.x.ai or *.yarnpkg.com
     ))
 )
 '''
 
+
 [[rule.threat]]
 framework = "MITRE ATT&CK"
+[[rule.threat.technique]]
+id = "T1071"
+name = "Application Layer Protocol"
+reference = "https://attack.mitre.org/techniques/T1071/"
+[[rule.threat.technique.subtechnique]]
+id = "T1071.001"
+name = "Web Protocols"
+reference = "https://attack.mitre.org/techniques/T1071/001/"
 
-  [rule.threat.tactic]
-  name = "Command and Control"
-  id = "TA0011"
-  reference = "https://attack.mitre.org/tactics/TA0011/"
 
-  [[rule.threat.technique]]
-  name = "Application Layer Protocol"
-  id = "T1071"
-  reference = "https://attack.mitre.org/techniques/T1071/"
-
-    [[rule.threat.technique.subtechnique]]
-    name = "Web Protocols"
-    id = "T1071.001"
-    reference = "https://attack.mitre.org/techniques/T1071/001/"
 
+[rule.threat.tactic]
+id = "TA0011"
+name = "Command and Control"
+reference = "https://attack.mitre.org/tactics/TA0011/"
 [[rule.threat]]
 framework = "MITRE ATLAS"
+[[rule.threat.technique]]
+id = "AML.T0086"
+name = "Exfiltration via AI Agent Tool Invocation"
+reference = "https://atlas.mitre.org/techniques/AML.T0086/"
 
-  [rule.threat.tactic]
-  name = "Exfiltration"
-  id = "AML.TA0010"
-  reference = "https://atlas.mitre.org/tactics/AML.TA0010/"
 
-  [[rule.threat.technique]]
-  name = "Exfiltration via AI Agent Tool Invocation"
-  id = "AML.T0086"
-  reference = "https://atlas.mitre.org/techniques/AML.T0086/"
+[rule.threat.tactic]
+id = "AML.TA0010"
+name = "Exfiltration"
+reference = "https://atlas.mitre.org/tactics/AML.TA0010/"
 
 [rule.new_terms]
 field = "new_terms_fields"
@@ -185,3 +162,4 @@ value = ["process.name", "destination.domain", "dns.question.name"]
 field = "history_window_start"
 value = "now-7d"
 
+