8.17.0 Release notes #6224

nastasha-solomon · 2024-11-21T20:33:09Z

Fixes #6222

Preview: Elastic Security 8.17 RNs

github-actions · 2024-11-21T20:33:23Z

A documentation preview will be available soon.

🔨 Buildkite builds
📚 HTML diff
📙 Preview page

Request a new doc build by commenting

Rebuild this PR: run docs-build
Rebuild this PR and all Elastic docs: run docs-build rebuild

_{run docs-build is much faster than run docs-build rebuild. A rebuild should only be needed in rare situations.}

_{If your PR continues to fail for an unknown reason, the doc build pipeline may be broken. Elastic employees can check the pipeline status here.}

mergify · 2024-11-22T12:20:51Z

This pull request is now in conflicts. Could you fix it @nastasha-solomon? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b rn-8.17.0 upstream/rn-8.17.0
git merge upstream/8.x
git push upstream rn-8.17.0

ebeahan

Automatic Import RNs LGTM.

jmikell821

Just a few slight fixes for consistency/word choice, thanks!

docs/release-notes/8.17.asciidoc

Co-authored-by: Janeen Mikell Roberts <[email protected]>

yctercero

Thank you!

nastasha-solomon · 2024-12-12T18:51:42Z

@Mergifyio backport 8.17

mergify · 2024-12-12T18:51:50Z

backport 8.17

✅ Backports have been created

#6306 8.17.0 Release notes (backport #6224) has been created for branch 8.17 but encountered conflicts

* First draft * Adds ver header * Adds latest info * Updates my areas * Edits * Minor adjustments * small tweaks * known issue for exceptions * Update docs/release-notes/8.17.asciidoc Co-authored-by: Gabriel Landau <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Gabriel Landau <[email protected]> * Applies same changes * ryland's input * Update docs/release-notes/8.17.asciidoc Co-authored-by: natasha-moore-elastic <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: natasha-moore-elastic <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: natasha-moore-elastic <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: natasha-moore-elastic <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: natasha-moore-elastic <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: natasha-moore-elastic <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Steph Milovic <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Mark Hopkin <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Steph Milovic <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Steph Milovic <[email protected]> * Moar bugs * Adds two new features * revised ki summary * Update docs/release-notes/8.17.asciidoc * Update docs/release-notes/8.17.asciidoc * Update docs/release-notes/8.17.asciidoc * Update docs/release-notes/8.17.asciidoc * editorial fixes * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> --------- Co-authored-by: Benjamin Ironside Goldstein <[email protected]> Co-authored-by: Gabriel Landau <[email protected]> Co-authored-by: natasha-moore-elastic <[email protected]> Co-authored-by: Steph Milovic <[email protected]> Co-authored-by: Mark Hopkin <[email protected]> Co-authored-by: Janeen Mikell Roberts <[email protected]> (cherry picked from commit 7c79a644a2b477aad2ef43ee9b589c320594df92) # Conflicts: # .backportrc.json # .mergify.yml # docs/detections/detection-engine-intro.asciidoc # docs/detections/detections-index.asciidoc # docs/detections/prebuilt-rules/prebuilt-rules-downloadable-updates.asciidoc # docs/detections/prebuilt-rules/prebuilt-rules-reference.asciidoc # docs/detections/prebuilt-rules/rule-desc-index.asciidoc # docs/detections/prebuilt-rules/rule-details/a-scheduled-task-was-created.asciidoc # docs/detections/prebuilt-rules/rule-details/a-scheduled-task-was-updated.asciidoc # docs/detections/prebuilt-rules/rule-details/abnormal-process-id-or-lock-file-created.asciidoc # docs/detections/prebuilt-rules/rule-details/abnormally-large-dns-response.asciidoc # docs/detections/prebuilt-rules/rule-details/accepted-default-telnet-port-connection.asciidoc # docs/detections/prebuilt-rules/rule-details/access-to-a-sensitive-ldap-attribute.asciidoc # docs/detections/prebuilt-rules/rule-details/access-to-keychain-credentials-directories.asciidoc # docs/detections/prebuilt-rules/rule-details/account-configured-with-never-expiring-password.asciidoc # docs/detections/prebuilt-rules/rule-details/account-discovery-command-via-system-account.asciidoc # docs/detections/prebuilt-rules/rule-details/account-password-reset-remotely.asciidoc # docs/detections/prebuilt-rules/rule-details/adding-hidden-file-attribute-via-attrib.asciidoc # docs/detections/prebuilt-rules/rule-details/adfind-command-activity.asciidoc # docs/detections/prebuilt-rules/rule-details/administrator-privileges-assigned-to-an-okta-group.asciidoc # docs/detections/prebuilt-rules/rule-details/administrator-role-assigned-to-an-okta-user.asciidoc # docs/detections/prebuilt-rules/rule-details/adminsdholder-backdoor.asciidoc # docs/detections/prebuilt-rules/rule-details/adminsdholder-sdprop-exclusion-added.asciidoc # docs/detections/prebuilt-rules/rule-details/adobe-hijack-persistence.asciidoc # docs/detections/prebuilt-rules/rule-details/adversary-behavior-detected-elastic-endgame.asciidoc # docs/detections/prebuilt-rules/rule-details/agent-spoofing-mismatched-agent-id.asciidoc # docs/detections/prebuilt-rules/rule-details/agent-spoofing-multiple-hosts-using-same-agent.asciidoc # docs/detections/prebuilt-rules/rule-details/anomalous-linux-compiler-activity.asciidoc # docs/detections/prebuilt-rules/rule-details/anomalous-process-for-a-linux-population.asciidoc # docs/detections/prebuilt-rules/rule-details/anomalous-process-for-a-windows-population.asciidoc # docs/detections/prebuilt-rules/rule-details/anomalous-windows-process-creation.asciidoc # docs/detections/prebuilt-rules/rule-details/apple-script-execution-followed-by-network-connection.asciidoc # docs/detections/prebuilt-rules/rule-details/apple-scripting-execution-with-administrator-privileges.asciidoc # docs/detections/prebuilt-rules/rule-details/application-added-to-google-workspace-domain.asciidoc # docs/detections/prebuilt-rules/rule-details/application-removed-from-blocklist-in-google-workspace.asciidoc # docs/detections/prebuilt-rules/rule-details/attempt-to-create-okta-api-token.asciidoc # docs/detections/prebuilt-rules/rule-details/attempt-to-deactivate-an-okta-application.asciidoc # docs/detections/prebuilt-rules/rule-details/attempt-to-deactivate-an-okta-network-zone.asciidoc # docs/detections/prebuilt-rules/rule-details/attempt-to-deactivate-an-okta-policy-rule.asciidoc # docs/detections/prebuilt-rules/rule-details/attempt-to-deactivate-an-okta-policy.asciidoc # docs/detections/prebuilt-rules/rule-details/attempt-to-delete-an-okta-application.asciidoc # docs/detections/prebuilt-rules/rule-details/attempt-to-delete-an-okta-network-zone.asciidoc # docs/detections/prebuilt-rules/rule-details/attempt-to-delete-an-okta-policy-rule.asciidoc # docs/detections/prebuilt-rules/rule-details/attempt-to-delete-an-okta-policy.asciidoc # docs/detections/prebuilt-rules/rule-details/attempt-to-disable-gatekeeper.asciidoc # docs/detections/prebuilt-rules/rule-details/attempt-to-disable-syslog-service.asciidoc # docs/detections/prebuilt-rules/rule-details/attempt-to-enable-the-root-account.asciidoc # docs/detections/prebuilt-rules/rule-details/attempt-to-install-root-certificate.asciidoc # docs/detections/prebuilt-rules/rule-details/attempt-to-modify-an-okta-application.asciidoc # docs/detections/prebuilt-rules/rule-details/attempt-to-modify-an-okta-network-zone.asciidoc # docs/detections/prebuilt-rules/rule-details/attempt-to-modify-an-okta-policy-rule.asciidoc # docs/detections/prebuilt-rules/rule-details/attempt-to-modify-an-okta-policy.asciidoc # docs/detections/prebuilt-rules/rule-details/attempt-to-mount-smb-share-via-command-line.asciidoc # docs/detections/prebuilt-rules/rule-details/attempt-to-reset-mfa-factors-for-an-okta-user-account.asciidoc # docs/detections/prebuilt-rules/rule-details/attempt-to-revoke-okta-api-token.asciidoc # docs/detections/prebuilt-rules/rule-details/attempt-to-unload-elastic-endpoint-security-kernel-extension.asciidoc # docs/detections/prebuilt-rules/rule-details/attempted-bypass-of-okta-mfa.asciidoc # docs/detections/prebuilt-rules/rule-details/attempts-to-brute-force-a-microsoft-365-user-account.asciidoc # docs/detections/prebuilt-rules/rule-details/attempts-to-brute-force-an-okta-user-account.asciidoc # docs/detections/prebuilt-rules/rule-details/authorization-plugin-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-cloudtrail-log-created.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-cloudtrail-log-deleted.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-cloudtrail-log-suspended.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-cloudtrail-log-updated.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-cloudwatch-alarm-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-cloudwatch-log-group-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-cloudwatch-log-stream-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-config-resource-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-configuration-recorder-stopped.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-deletion-of-rds-instance-or-cluster.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-ec2-encryption-disabled.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-ec2-full-network-packet-capture-detected.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-ec2-network-access-control-list-creation.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-ec2-network-access-control-list-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-ec2-snapshot-activity.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-ec2-vm-export-failure.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-efs-file-system-or-mount-deleted.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-elasticache-security-group-created.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-elasticache-security-group-modified-or-deleted.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-eventbridge-rule-disabled-or-deleted.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-guardduty-detector-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-iam-assume-role-policy-update.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-iam-brute-force-of-assume-role-policy.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-iam-deactivation-of-mfa-device.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-iam-group-creation.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-iam-group-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-iam-password-recovery-requested.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-iam-user-addition-to-group.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-kms-customer-managed-key-disabled-or-scheduled-for-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-management-console-brute-force-of-root-user-identity.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-management-console-root-login.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-rds-cluster-creation.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-rds-instance-cluster-stoppage.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-rds-instance-creation.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-rds-security-group-creation.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-rds-security-group-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-rds-snapshot-export.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-redshift-cluster-creation.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-root-login-without-mfa.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-route-53-domain-transfer-lock-disabled.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-route-53-domain-transferred-to-another-account.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-route-table-created.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-route-table-modified-or-deleted.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-route53-private-hosted-zone-associated-with-a-vpc.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-s3-bucket-configuration-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-sts-getsessiontoken-abuse.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-vpc-flow-logs-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-waf-access-control-list-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/aws-waf-rule-or-rule-group-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-active-directory-high-risk-sign-in.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-active-directory-high-risk-user-sign-in-heuristic.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-active-directory-powershell-sign-in.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-ad-global-administrator-role-assigned.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-alert-suppression-rule-created-or-modified.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-application-credential-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-automation-account-created.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-automation-runbook-created-or-modified.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-automation-runbook-deleted.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-automation-webhook-created.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-blob-container-access-level-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-blob-permissions-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-command-execution-on-virtual-machine.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-conditional-access-policy-modified.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-diagnostic-settings-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-event-hub-authorization-rule-created-or-updated.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-event-hub-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-external-guest-user-invitation.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-firewall-policy-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-frontdoor-web-application-firewall-waf-policy-deleted.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-full-network-packet-capture-detected.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-global-administrator-role-addition-to-pim-user.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-key-vault-modified.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-kubernetes-events-deleted.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-kubernetes-pods-deleted.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-kubernetes-rolebindings-created.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-network-watcher-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-privilege-identity-management-role-modified.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-resource-group-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-service-principal-addition.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-service-principal-credentials-added.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-storage-account-key-regenerated.asciidoc # docs/detections/prebuilt-rules/rule-details/azure-virtual-network-device-modified-or-deleted.asciidoc # docs/detections/prebuilt-rules/rule-details/base16-or-base32-encoding-decoding-activity.asciidoc # docs/detections/prebuilt-rules/rule-details/bash-shell-profile-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/binary-executed-from-shared-memory-directory.asciidoc # docs/detections/prebuilt-rules/rule-details/bpf-filter-applied-using-tc.asciidoc # docs/detections/prebuilt-rules/rule-details/bypass-uac-via-event-viewer.asciidoc # docs/detections/prebuilt-rules/rule-details/chkconfig-service-add.asciidoc # docs/detections/prebuilt-rules/rule-details/clearing-windows-console-history.asciidoc # docs/detections/prebuilt-rules/rule-details/clearing-windows-event-logs.asciidoc # docs/detections/prebuilt-rules/rule-details/cobalt-strike-command-and-control-beacon.asciidoc # docs/detections/prebuilt-rules/rule-details/command-execution-via-solarwinds-process.asciidoc # docs/detections/prebuilt-rules/rule-details/command-prompt-network-connection.asciidoc # docs/detections/prebuilt-rules/rule-details/command-shell-activity-started-via-rundll32.asciidoc # docs/detections/prebuilt-rules/rule-details/component-object-model-hijacking.asciidoc # docs/detections/prebuilt-rules/rule-details/conhost-spawned-by-suspicious-parent-process.asciidoc # docs/detections/prebuilt-rules/rule-details/connection-to-commonly-abused-free-ssl-certificate-providers.asciidoc # docs/detections/prebuilt-rules/rule-details/connection-to-commonly-abused-web-services.asciidoc # docs/detections/prebuilt-rules/rule-details/connection-to-external-network-via-telnet.asciidoc # docs/detections/prebuilt-rules/rule-details/connection-to-internal-network-via-telnet.asciidoc # docs/detections/prebuilt-rules/rule-details/control-panel-process-with-unusual-arguments.asciidoc # docs/detections/prebuilt-rules/rule-details/creation-of-a-hidden-local-user-account.asciidoc # docs/detections/prebuilt-rules/rule-details/creation-of-hidden-files-and-directories-via-commandline.asciidoc # docs/detections/prebuilt-rules/rule-details/creation-of-hidden-launch-agent-or-daemon.asciidoc # docs/detections/prebuilt-rules/rule-details/creation-of-hidden-login-item-via-apple-script.asciidoc # docs/detections/prebuilt-rules/rule-details/creation-of-hidden-shared-object-file.asciidoc # docs/detections/prebuilt-rules/rule-details/creation-or-modification-of-a-new-gpo-scheduled-task-or-service.asciidoc # docs/detections/prebuilt-rules/rule-details/creation-or-modification-of-domain-backup-dpapi-private-key.asciidoc # docs/detections/prebuilt-rules/rule-details/creation-or-modification-of-root-certificate.asciidoc # docs/detections/prebuilt-rules/rule-details/credential-acquisition-via-registry-hive-dumping.asciidoc # docs/detections/prebuilt-rules/rule-details/credential-dumping-detected-elastic-endgame.asciidoc # docs/detections/prebuilt-rules/rule-details/credential-dumping-prevented-elastic-endgame.asciidoc # docs/detections/prebuilt-rules/rule-details/credential-manipulation-detected-elastic-endgame.asciidoc # docs/detections/prebuilt-rules/rule-details/credential-manipulation-prevented-elastic-endgame.asciidoc # docs/detections/prebuilt-rules/rule-details/cyberark-privileged-access-security-error.asciidoc # docs/detections/prebuilt-rules/rule-details/cyberark-privileged-access-security-recommended-monitor.asciidoc # docs/detections/prebuilt-rules/rule-details/default-cobalt-strike-team-server-certificate.asciidoc # docs/detections/prebuilt-rules/rule-details/delete-volume-usn-journal-with-fsutil.asciidoc # docs/detections/prebuilt-rules/rule-details/deleting-backup-catalogs-with-wbadmin.asciidoc # docs/detections/prebuilt-rules/rule-details/disable-windows-event-and-security-logs-using-built-in-tools.asciidoc # docs/detections/prebuilt-rules/rule-details/disable-windows-firewall-rules-via-netsh.asciidoc # docs/detections/prebuilt-rules/rule-details/disabling-user-account-control-via-registry-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/disabling-windows-defender-security-settings-via-powershell.asciidoc # docs/detections/prebuilt-rules/rule-details/dns-over-https-enabled-via-registry.asciidoc # docs/detections/prebuilt-rules/rule-details/dns-tunneling.asciidoc # docs/detections/prebuilt-rules/rule-details/domain-added-to-google-workspace-trusted-domains.asciidoc # docs/detections/prebuilt-rules/rule-details/dumping-account-hashes-via-built-in-commands.asciidoc # docs/detections/prebuilt-rules/rule-details/dumping-of-keychain-content-via-security-command.asciidoc # docs/detections/prebuilt-rules/rule-details/dynamic-linker-copy.asciidoc # docs/detections/prebuilt-rules/rule-details/eggshell-backdoor-execution.asciidoc # docs/detections/prebuilt-rules/rule-details/elastic-agent-service-terminated.asciidoc # docs/detections/prebuilt-rules/rule-details/emond-rules-creation-or-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/enable-host-network-discovery-via-netsh.asciidoc # docs/detections/prebuilt-rules/rule-details/encoded-executable-stored-in-the-registry.asciidoc # docs/detections/prebuilt-rules/rule-details/encrypting-files-with-winrar-or-7z.asciidoc # docs/detections/prebuilt-rules/rule-details/endpoint-security.asciidoc # docs/detections/prebuilt-rules/rule-details/enumeration-command-spawned-via-wmiprvse.asciidoc # docs/detections/prebuilt-rules/rule-details/enumeration-of-administrator-accounts.asciidoc # docs/detections/prebuilt-rules/rule-details/enumeration-of-kernel-modules.asciidoc # docs/detections/prebuilt-rules/rule-details/enumeration-of-privileged-local-groups-membership.asciidoc # docs/detections/prebuilt-rules/rule-details/enumeration-of-users-or-groups-via-built-in-commands.asciidoc # docs/detections/prebuilt-rules/rule-details/executable-file-creation-with-multiple-extensions.asciidoc # docs/detections/prebuilt-rules/rule-details/execution-from-unusual-directory-command-line.asciidoc # docs/detections/prebuilt-rules/rule-details/execution-of-com-object-via-xwizard.asciidoc # docs/detections/prebuilt-rules/rule-details/execution-of-file-written-or-modified-by-microsoft-office.asciidoc # docs/detections/prebuilt-rules/rule-details/execution-of-file-written-or-modified-by-pdf-reader.asciidoc # docs/detections/prebuilt-rules/rule-details/execution-of-persistent-suspicious-program.asciidoc # docs/detections/prebuilt-rules/rule-details/execution-via-local-sxs-shared-module.asciidoc # docs/detections/prebuilt-rules/rule-details/execution-via-tsclient-mountpoint.asciidoc # docs/detections/prebuilt-rules/rule-details/execution-with-explicit-credentials-via-scripting.asciidoc # docs/detections/prebuilt-rules/rule-details/exploit-detected-elastic-endgame.asciidoc # docs/detections/prebuilt-rules/rule-details/exploit-prevented-elastic-endgame.asciidoc # docs/detections/prebuilt-rules/rule-details/exporting-exchange-mailbox-via-powershell.asciidoc # docs/detections/prebuilt-rules/rule-details/external-alerts.asciidoc # docs/detections/prebuilt-rules/rule-details/external-ip-lookup-from-non-browser-process.asciidoc # docs/detections/prebuilt-rules/rule-details/file-deletion-via-shred.asciidoc # docs/detections/prebuilt-rules/rule-details/file-made-immutable-by-chattr.asciidoc # docs/detections/prebuilt-rules/rule-details/file-permission-modification-in-writable-directory.asciidoc # docs/detections/prebuilt-rules/rule-details/file-transfer-or-listener-established-via-netcat.asciidoc # docs/detections/prebuilt-rules/rule-details/finder-sync-plugin-registered-and-enabled.asciidoc # docs/detections/prebuilt-rules/rule-details/full-user-mode-dumps-enabled-system-wide.asciidoc # docs/detections/prebuilt-rules/rule-details/gcp-firewall-rule-creation.asciidoc # docs/detections/prebuilt-rules/rule-details/gcp-firewall-rule-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/gcp-firewall-rule-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/gcp-iam-custom-role-creation.asciidoc # docs/detections/prebuilt-rules/rule-details/gcp-iam-role-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/gcp-iam-service-account-key-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/gcp-logging-bucket-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/gcp-logging-sink-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/gcp-logging-sink-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/gcp-pub-sub-subscription-creation.asciidoc # docs/detections/prebuilt-rules/rule-details/gcp-pub-sub-subscription-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/gcp-pub-sub-topic-creation.asciidoc # docs/detections/prebuilt-rules/rule-details/gcp-pub-sub-topic-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/gcp-service-account-creation.asciidoc # docs/detections/prebuilt-rules/rule-details/gcp-service-account-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/gcp-service-account-disabled.asciidoc # docs/detections/prebuilt-rules/rule-details/gcp-service-account-key-creation.asciidoc # docs/detections/prebuilt-rules/rule-details/gcp-storage-bucket-configuration-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/gcp-storage-bucket-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/gcp-storage-bucket-permissions-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/gcp-virtual-private-cloud-network-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/gcp-virtual-private-cloud-route-creation.asciidoc # docs/detections/prebuilt-rules/rule-details/gcp-virtual-private-cloud-route-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/google-drive-ownership-transferred-via-google-workspace.asciidoc # docs/detections/prebuilt-rules/rule-details/google-workspace-2sv-policy-disabled.asciidoc # docs/detections/prebuilt-rules/rule-details/google-workspace-admin-role-assigned-to-a-user.asciidoc # docs/detections/prebuilt-rules/rule-details/google-workspace-admin-role-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/google-workspace-bitlocker-setting-disabled.asciidoc # docs/detections/prebuilt-rules/rule-details/google-workspace-custom-admin-role-created.asciidoc # docs/detections/prebuilt-rules/rule-details/google-workspace-custom-gmail-route-created-or-modified.asciidoc # docs/detections/prebuilt-rules/rule-details/google-workspace-mfa-enforcement-disabled.asciidoc # docs/detections/prebuilt-rules/rule-details/google-workspace-password-policy-modified.asciidoc # docs/detections/prebuilt-rules/rule-details/google-workspace-role-modified.asciidoc # docs/detections/prebuilt-rules/rule-details/google-workspace-user-organizational-unit-changed.asciidoc # docs/detections/prebuilt-rules/rule-details/group-policy-abuse-for-privilege-addition.asciidoc # docs/detections/prebuilt-rules/rule-details/halfbaked-command-and-control-beacon.asciidoc # docs/detections/prebuilt-rules/rule-details/high-number-of-okta-user-password-reset-or-unlock-attempts.asciidoc # docs/detections/prebuilt-rules/rule-details/high-number-of-process-and-or-service-terminations.asciidoc # docs/detections/prebuilt-rules/rule-details/high-number-of-process-terminations.asciidoc # docs/detections/prebuilt-rules/rule-details/hosts-file-modified.asciidoc # docs/detections/prebuilt-rules/rule-details/hping-process-activity.asciidoc # docs/detections/prebuilt-rules/rule-details/iis-http-logging-disabled.asciidoc # docs/detections/prebuilt-rules/rule-details/image-file-execution-options-injection.asciidoc # docs/detections/prebuilt-rules/rule-details/imageload-via-windows-update-auto-update-client.asciidoc # docs/detections/prebuilt-rules/rule-details/inbound-connection-to-an-unsecure-elasticsearch-node.asciidoc # docs/detections/prebuilt-rules/rule-details/incoming-dcom-lateral-movement-via-mshta.asciidoc # docs/detections/prebuilt-rules/rule-details/incoming-dcom-lateral-movement-with-mmc.asciidoc # docs/detections/prebuilt-rules/rule-details/incoming-dcom-lateral-movement-with-shellbrowserwindow-or-shellwindows.asciidoc # docs/detections/prebuilt-rules/rule-details/incoming-execution-via-powershell-remoting.asciidoc # docs/detections/prebuilt-rules/rule-details/incoming-execution-via-winrm-remote-shell.asciidoc # docs/detections/prebuilt-rules/rule-details/installation-of-custom-shim-databases.asciidoc # docs/detections/prebuilt-rules/rule-details/installation-of-security-support-provider.asciidoc # docs/detections/prebuilt-rules/rule-details/installutil-process-making-network-connections.asciidoc # docs/detections/prebuilt-rules/rule-details/interactive-terminal-spawned-via-perl.asciidoc # docs/detections/prebuilt-rules/rule-details/interactive-terminal-spawned-via-python.asciidoc # docs/detections/prebuilt-rules/rule-details/ipsec-nat-traversal-port-activity.asciidoc # docs/detections/prebuilt-rules/rule-details/kerberos-cached-credentials-dumping.asciidoc # docs/detections/prebuilt-rules/rule-details/kerberos-pre-authentication-disabled-for-user.asciidoc # docs/detections/prebuilt-rules/rule-details/kerberos-traffic-from-unusual-process.asciidoc # docs/detections/prebuilt-rules/rule-details/kernel-module-load-via-insmod.asciidoc # docs/detections/prebuilt-rules/rule-details/kernel-module-removal.asciidoc # docs/detections/prebuilt-rules/rule-details/keychain-password-retrieval-via-command-line.asciidoc # docs/detections/prebuilt-rules/rule-details/krbtgt-delegation-backdoor.asciidoc # docs/detections/prebuilt-rules/rule-details/kubernetes-anonymous-request-authorized.asciidoc # docs/detections/prebuilt-rules/rule-details/kubernetes-container-created-with-excessive-linux-capabilities.asciidoc # docs/detections/prebuilt-rules/rule-details/kubernetes-denied-service-account-request.asciidoc # docs/detections/prebuilt-rules/rule-details/kubernetes-exposed-service-created-with-type-nodeport.asciidoc # docs/detections/prebuilt-rules/rule-details/kubernetes-pod-created-with-a-sensitive-hostpath-volume.asciidoc # docs/detections/prebuilt-rules/rule-details/kubernetes-pod-created-with-hostipc.asciidoc # docs/detections/prebuilt-rules/rule-details/kubernetes-pod-created-with-hostnetwork.asciidoc # docs/detections/prebuilt-rules/rule-details/kubernetes-pod-created-with-hostpid.asciidoc # docs/detections/prebuilt-rules/rule-details/kubernetes-privileged-pod-created.asciidoc # docs/detections/prebuilt-rules/rule-details/kubernetes-suspicious-assignment-of-controller-service-account.asciidoc # docs/detections/prebuilt-rules/rule-details/kubernetes-suspicious-self-subject-review.asciidoc # docs/detections/prebuilt-rules/rule-details/kubernetes-user-exec-into-pod.asciidoc # docs/detections/prebuilt-rules/rule-details/lateral-movement-via-startup-folder.asciidoc # docs/detections/prebuilt-rules/rule-details/launch-agent-creation-or-modification-and-immediate-loading.asciidoc # docs/detections/prebuilt-rules/rule-details/launchdaemon-creation-or-modification-and-immediate-loading.asciidoc # docs/detections/prebuilt-rules/rule-details/local-account-tokenfilter-policy-disabled.asciidoc # docs/detections/prebuilt-rules/rule-details/local-scheduled-task-creation.asciidoc # docs/detections/prebuilt-rules/rule-details/lsass-memory-dump-creation.asciidoc # docs/detections/prebuilt-rules/rule-details/lsass-memory-dump-handle-access.asciidoc # docs/detections/prebuilt-rules/rule-details/macos-installer-package-spawns-network-event.asciidoc # docs/detections/prebuilt-rules/rule-details/malware-detected-elastic-endgame.asciidoc # docs/detections/prebuilt-rules/rule-details/malware-prevented-elastic-endgame.asciidoc # docs/detections/prebuilt-rules/rule-details/masquerading-space-after-filename.asciidoc # docs/detections/prebuilt-rules/rule-details/mfa-disabled-for-google-workspace-organization.asciidoc # docs/detections/prebuilt-rules/rule-details/microsoft-365-exchange-anti-phish-policy-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/microsoft-365-exchange-anti-phish-rule-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/microsoft-365-exchange-dkim-signing-configuration-disabled.asciidoc # docs/detections/prebuilt-rules/rule-details/microsoft-365-exchange-dlp-policy-removed.asciidoc # docs/detections/prebuilt-rules/rule-details/microsoft-365-exchange-malware-filter-policy-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/microsoft-365-exchange-malware-filter-rule-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/microsoft-365-exchange-management-group-role-assignment.asciidoc # docs/detections/prebuilt-rules/rule-details/microsoft-365-exchange-safe-attachment-rule-disabled.asciidoc # docs/detections/prebuilt-rules/rule-details/microsoft-365-exchange-safe-link-policy-disabled.asciidoc # docs/detections/prebuilt-rules/rule-details/microsoft-365-exchange-transport-rule-creation.asciidoc # docs/detections/prebuilt-rules/rule-details/microsoft-365-exchange-transport-rule-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/microsoft-365-global-administrator-role-assigned.asciidoc # docs/detections/prebuilt-rules/rule-details/microsoft-365-inbox-forwarding-rule-created.asciidoc # docs/detections/prebuilt-rules/rule-details/microsoft-365-potential-ransomware-activity.asciidoc # docs/detections/prebuilt-rules/rule-details/microsoft-365-teams-custom-application-interaction-allowed.asciidoc # docs/detections/prebuilt-rules/rule-details/microsoft-365-teams-external-access-enabled.asciidoc # docs/detections/prebuilt-rules/rule-details/microsoft-365-teams-guest-access-enabled.asciidoc # docs/detections/prebuilt-rules/rule-details/microsoft-365-unusual-volume-of-file-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/microsoft-365-user-restricted-from-sending-email.asciidoc # docs/detections/prebuilt-rules/rule-details/microsoft-build-engine-started-an-unusual-process.asciidoc # docs/detections/prebuilt-rules/rule-details/microsoft-build-engine-started-by-a-script-process.asciidoc # docs/detections/prebuilt-rules/rule-details/microsoft-build-engine-started-by-a-system-process.asciidoc # docs/detections/prebuilt-rules/rule-details/microsoft-build-engine-started-by-an-office-application.asciidoc # docs/detections/prebuilt-rules/rule-details/microsoft-build-engine-using-an-alternate-name.asciidoc # docs/detections/prebuilt-rules/rule-details/microsoft-exchange-server-um-spawning-suspicious-processes.asciidoc # docs/detections/prebuilt-rules/rule-details/microsoft-exchange-server-um-writing-suspicious-files.asciidoc # docs/detections/prebuilt-rules/rule-details/microsoft-exchange-worker-spawning-suspicious-processes.asciidoc # docs/detections/prebuilt-rules/rule-details/microsoft-iis-connection-strings-decryption.asciidoc # docs/detections/prebuilt-rules/rule-details/microsoft-iis-service-account-password-dumped.asciidoc # docs/detections/prebuilt-rules/rule-details/microsoft-windows-defender-tampering.asciidoc # docs/detections/prebuilt-rules/rule-details/mimikatz-memssp-log-file-detected.asciidoc # docs/detections/prebuilt-rules/rule-details/modification-of-amsienable-registry-key.asciidoc # docs/detections/prebuilt-rules/rule-details/modification-of-boot-configuration.asciidoc # docs/detections/prebuilt-rules/rule-details/modification-of-dynamic-linker-preload-shared-object.asciidoc # docs/detections/prebuilt-rules/rule-details/modification-of-openssh-binaries.asciidoc # docs/detections/prebuilt-rules/rule-details/modification-of-safari-settings-via-defaults-command.asciidoc # docs/detections/prebuilt-rules/rule-details/modification-of-standard-authentication-module-or-configuration.asciidoc # docs/detections/prebuilt-rules/rule-details/modification-of-the-mspkiaccountcredentials.asciidoc # docs/detections/prebuilt-rules/rule-details/modification-of-wdigest-security-provider.asciidoc # docs/detections/prebuilt-rules/rule-details/modification-or-removal-of-an-okta-application-sign-on-policy.asciidoc # docs/detections/prebuilt-rules/rule-details/mounting-hidden-or-webdav-remote-shares.asciidoc # docs/detections/prebuilt-rules/rule-details/ms-office-macro-security-registry-modifications.asciidoc # docs/detections/prebuilt-rules/rule-details/msbuild-making-network-connections.asciidoc # docs/detections/prebuilt-rules/rule-details/mshta-making-network-connections.asciidoc # docs/detections/prebuilt-rules/rule-details/multi-factor-authentication-disabled-for-an-azure-user.asciidoc # docs/detections/prebuilt-rules/rule-details/multiple-alerts-in-different-att-ck-tactics-on-a-single-host.asciidoc # docs/detections/prebuilt-rules/rule-details/multiple-logon-failure-followed-by-logon-success.asciidoc # docs/detections/prebuilt-rules/rule-details/multiple-logon-failure-from-the-same-source-address.asciidoc # docs/detections/prebuilt-rules/rule-details/multiple-vault-web-credentials-read.asciidoc # docs/detections/prebuilt-rules/rule-details/namespace-manipulation-using-unshare.asciidoc # docs/detections/prebuilt-rules/rule-details/network-connection-via-certutil.asciidoc # docs/detections/prebuilt-rules/rule-details/network-connection-via-compiled-html-file.asciidoc # docs/detections/prebuilt-rules/rule-details/network-connection-via-msxsl.asciidoc # docs/detections/prebuilt-rules/rule-details/network-connection-via-registration-utility.asciidoc # docs/detections/prebuilt-rules/rule-details/network-connection-via-signed-binary.asciidoc # docs/detections/prebuilt-rules/rule-details/network-logon-provider-registry-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/network-traffic-to-rare-destination-country.asciidoc # docs/detections/prebuilt-rules/rule-details/new-activesyncalloweddeviceid-added-via-powershell.asciidoc # docs/detections/prebuilt-rules/rule-details/new-or-modified-federation-domain.asciidoc # docs/detections/prebuilt-rules/rule-details/nping-process-activity.asciidoc # docs/detections/prebuilt-rules/rule-details/ntds-or-sam-database-file-copied.asciidoc # docs/detections/prebuilt-rules/rule-details/nullsessionpipe-registry-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/o365-email-reported-by-user-as-malware-or-phish.asciidoc # docs/detections/prebuilt-rules/rule-details/o365-excessive-single-sign-on-logon-errors.asciidoc # docs/detections/prebuilt-rules/rule-details/o365-exchange-suspicious-mailbox-right-delegation.asciidoc # docs/detections/prebuilt-rules/rule-details/o365-mailbox-audit-logging-bypass.asciidoc # docs/detections/prebuilt-rules/rule-details/okta-brute-force-or-password-spraying-attack.asciidoc # docs/detections/prebuilt-rules/rule-details/okta-user-session-impersonation.asciidoc # docs/detections/prebuilt-rules/rule-details/onedrive-malware-file-upload.asciidoc # docs/detections/prebuilt-rules/rule-details/outbound-scheduled-task-activity-via-powershell.asciidoc # docs/detections/prebuilt-rules/rule-details/parent-process-pid-spoofing.asciidoc # docs/detections/prebuilt-rules/rule-details/peripheral-device-discovery.asciidoc # docs/detections/prebuilt-rules/rule-details/permission-theft-detected-elastic-endgame.asciidoc # docs/detections/prebuilt-rules/rule-details/permission-theft-prevented-elastic-endgame.asciidoc # docs/detections/prebuilt-rules/rule-details/persistence-via-bits-job-notify-cmdline.asciidoc # docs/detections/prebuilt-rules/rule-details/persistence-via-directoryservice-plugin-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/persistence-via-docker-shortcut-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/persistence-via-folder-action-script.asciidoc # docs/detections/prebuilt-rules/rule-details/persistence-via-hidden-run-key-detected.asciidoc # docs/detections/prebuilt-rules/rule-details/persistence-via-kde-autostart-script-or-desktop-file-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/persistence-via-login-or-logout-hook.asciidoc # docs/detections/prebuilt-rules/rule-details/persistence-via-microsoft-office-addins.asciidoc # docs/detections/prebuilt-rules/rule-details/persistence-via-microsoft-outlook-vba.asciidoc # docs/detections/prebuilt-rules/rule-details/persistence-via-powershell-profile.asciidoc # docs/detections/prebuilt-rules/rule-details/persistence-via-scheduled-job-creation.asciidoc # docs/detections/prebuilt-rules/rule-details/persistence-via-telemetrycontroller-scheduled-task-hijack.asciidoc # docs/detections/prebuilt-rules/rule-details/persistence-via-update-orchestrator-service-hijack.asciidoc # docs/detections/prebuilt-rules/rule-details/persistence-via-wmi-event-subscription.asciidoc # docs/detections/prebuilt-rules/rule-details/persistence-via-wmi-standard-registry-provider.asciidoc # docs/detections/prebuilt-rules/rule-details/persistent-scripts-in-the-startup-directory.asciidoc # docs/detections/prebuilt-rules/rule-details/port-forwarding-rule-addition.asciidoc # docs/detections/prebuilt-rules/rule-details/possible-consent-grant-attack-via-azure-registered-application.asciidoc # docs/detections/prebuilt-rules/rule-details/possible-fin7-dga-command-and-control-behavior.asciidoc # docs/detections/prebuilt-rules/rule-details/possible-okta-dos-attack.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-admin-group-account-addition.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-application-shimming-via-sdbinst.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-command-and-control-via-internet-explorer.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-cookies-theft-via-browser-debugging.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-credential-access-via-dcsync.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-credential-access-via-duplicatehandle-in-lsass.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-credential-access-via-lsass-memory-dump.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-credential-access-via-renamed-com-services-dll.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-credential-access-via-trusted-developer-utility.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-credential-access-via-windows-utilities.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-disabling-of-selinux.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-dll-side-loading-via-microsoft-antimalware-service-executable.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-dns-tunneling-via-nslookup.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-evasion-via-filter-manager.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-hidden-local-user-account-creation.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-invoke-mimikatz-powershell-script.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-java-jndi-exploitation-attempt.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-kerberos-attack-via-bifrost.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-lateral-tool-transfer-via-smb-share.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-local-ntlm-relay-via-http.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-lsa-authentication-package-abuse.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-lsass-clone-creation-via-psscapturesnapshot.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-lsass-memory-dump-via-psscapturesnapshot.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-macos-ssh-brute-force-detected.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-microsoft-office-sandbox-evasion.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-modification-of-accessibility-binaries.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-non-standard-port-ssh-connection.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-openssh-backdoor-logging-activity.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-persistence-via-atom-init-script-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-persistence-via-login-hook.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-persistence-via-periodic-tasks.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-persistence-via-time-provider-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-port-monitor-or-print-processor-registration-abuse.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-privacy-control-bypass-via-localhost-secure-copy.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-privacy-control-bypass-via-tccdb-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-privilege-escalation-via-installerfiletakeover.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-privilege-escalation-via-pkexec.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-privilege-escalation-via-sudoers-file-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-privileged-escalation-via-samaccountname-spoofing.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-process-injection-via-powershell.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-protocol-tunneling-via-earthworm.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-remote-credential-access-via-registry.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-remote-desktop-shadowing-activity.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-remote-desktop-tunneling-detected.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-reverse-shell-activity-via-terminal.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-secure-file-deletion-via-sdelete-utility.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-shadow-credentials-added-to-ad-object.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-shadow-file-read-via-command-line-utilities.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-sharprdp-behavior.asciidoc # docs/detections/prebuilt-rules/rule-details/potential-windows-error-manager-masquerading.asciidoc # docs/detections/prebuilt-rules/rule-details/powershell-kerberos-ticket-request.asciidoc # docs/detections/prebuilt-rules/rule-details/powershell-keylogging-script.asciidoc # docs/detections/prebuilt-rules/rule-details/powershell-minidump-script.asciidoc # docs/detections/prebuilt-rules/rule-details/powershell-psreflect-script.asciidoc # docs/detections/prebuilt-rules/rule-details/powershell-script-block-logging-disabled.asciidoc # docs/detections/prebuilt-rules/rule-details/powershell-script-with-token-impersonation-capabilities.asciidoc # docs/detections/prebuilt-rules/rule-details/powershell-share-enumeration-script.asciidoc # docs/detections/prebuilt-rules/rule-details/powershell-suspicious-discovery-related-windows-api-functions.asciidoc # docs/detections/prebuilt-rules/rule-details/powershell-suspicious-payload-encoded-and-compressed.asciidoc # docs/detections/prebuilt-rules/rule-details/powershell-suspicious-script-with-audio-capture-capabilities.asciidoc # docs/detections/prebuilt-rules/rule-details/powershell-suspicious-script-with-screenshot-capabilities.asciidoc # docs/detections/prebuilt-rules/rule-details/privilege-escalation-via-named-pipe-impersonation.asciidoc # docs/detections/prebuilt-rules/rule-details/privilege-escalation-via-rogue-named-pipe-impersonation.asciidoc # docs/detections/prebuilt-rules/rule-details/privilege-escalation-via-root-crontab-file-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/privilege-escalation-via-windir-environment-variable.asciidoc # docs/detections/prebuilt-rules/rule-details/privileged-account-brute-force.asciidoc # docs/detections/prebuilt-rules/rule-details/privileges-elevation-via-parent-process-pid-spoofing.asciidoc # docs/detections/prebuilt-rules/rule-details/process-activity-via-compiled-html-file.asciidoc # docs/detections/prebuilt-rules/rule-details/process-created-with-an-elevated-token.asciidoc # docs/detections/prebuilt-rules/rule-details/process-creation-via-secondary-logon.asciidoc # docs/detections/prebuilt-rules/rule-details/process-execution-from-an-unusual-directory.asciidoc # docs/detections/prebuilt-rules/rule-details/process-injection-by-the-microsoft-build-engine.asciidoc # docs/detections/prebuilt-rules/rule-details/process-injection-detected-elastic-endgame.asciidoc # docs/detections/prebuilt-rules/rule-details/process-injection-prevented-elastic-endgame.asciidoc # docs/detections/prebuilt-rules/rule-details/process-started-from-process-id-pid-file.asciidoc # docs/detections/prebuilt-rules/rule-details/process-termination-followed-by-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/program-files-directory-masquerading.asciidoc # docs/detections/prebuilt-rules/rule-details/prompt-for-credentials-with-osascript.asciidoc # docs/detections/prebuilt-rules/rule-details/psexec-network-connection.asciidoc # docs/detections/prebuilt-rules/rule-details/ransomware-detected-elastic-endgame.asciidoc # docs/detections/prebuilt-rules/rule-details/ransomware-prevented-elastic-endgame.asciidoc # docs/detections/prebuilt-rules/rule-details/rare-aws-error-code.asciidoc # docs/detections/prebuilt-rules/rule-details/rare-user-logon.asciidoc # docs/detections/prebuilt-rules/rule-details/rdp-enabled-via-registry.asciidoc # docs/detections/prebuilt-rules/rule-details/rdp-remote-desktop-protocol-from-the-internet.asciidoc # docs/detections/prebuilt-rules/rule-details/registry-persistence-via-appcert-dll.asciidoc # docs/detections/prebuilt-rules/rule-details/registry-persistence-via-appinit-dll.asciidoc # docs/detections/prebuilt-rules/rule-details/remote-computer-account-dnshostname-update.asciidoc # docs/detections/prebuilt-rules/rule-details/remote-desktop-enabled-in-windows-firewall-by-netsh.asciidoc # docs/detections/prebuilt-rules/rule-details/remote-execution-via-file-shares.asciidoc # docs/detections/prebuilt-rules/rule-details/remote-file-copy-to-a-hidden-share.asciidoc # docs/detections/prebuilt-rules/rule-details/remote-file-copy-via-teamviewer.asciidoc # docs/detections/prebuilt-rules/rule-details/remote-file-download-via-desktopimgdownldr-utility.asciidoc # docs/detections/prebuilt-rules/rule-details/remote-file-download-via-mpcmdrun.asciidoc # docs/detections/prebuilt-rules/rule-details/remote-file-download-via-powershell.asciidoc # docs/detections/prebuilt-rules/rule-details/remote-file-download-via-script-interpreter.asciidoc # docs/detections/prebuilt-rules/rule-details/remote-scheduled-task-creation.asciidoc # docs/detections/prebuilt-rules/rule-details/remote-ssh-login-enabled-via-systemsetup-command.asciidoc # docs/detections/prebuilt-rules/rule-details/remote-system-discovery-commands.asciidoc # docs/detections/prebuilt-rules/rule-details/remote-windows-service-installed.asciidoc # docs/detections/prebuilt-rules/rule-details/remotely-started-services-via-rpc.asciidoc # docs/detections/prebuilt-rules/rule-details/renamed-autoit-scripts-interpreter.asciidoc # docs/detections/prebuilt-rules/rule-details/roshal-archive-rar-or-powershell-file-downloaded-from-the-internet.asciidoc # docs/detections/prebuilt-rules/rule-details/rpc-remote-procedure-call-from-the-internet.asciidoc # docs/detections/prebuilt-rules/rule-details/rpc-remote-procedure-call-to-the-internet.asciidoc # docs/detections/prebuilt-rules/rule-details/scheduled-task-created-by-a-windows-script.asciidoc # docs/detections/prebuilt-rules/rule-details/scheduled-task-execution-at-scale-via-gpo.asciidoc # docs/detections/prebuilt-rules/rule-details/scheduled-tasks-at-command-enabled.asciidoc # docs/detections/prebuilt-rules/rule-details/screensaver-plist-file-modified-by-unexpected-process.asciidoc # docs/detections/prebuilt-rules/rule-details/searching-for-saved-credentials-via-vaultcmd.asciidoc # docs/detections/prebuilt-rules/rule-details/security-software-discovery-using-wmic.asciidoc # docs/detections/prebuilt-rules/rule-details/security-software-discovery-via-grep.asciidoc # docs/detections/prebuilt-rules/rule-details/sedebugprivilege-enabled-by-a-suspicious-process.asciidoc # docs/detections/prebuilt-rules/rule-details/sensitive-files-compression.asciidoc # docs/detections/prebuilt-rules/rule-details/sensitive-privilege-seenabledelegationprivilege-assigned-to-a-user.asciidoc # docs/detections/prebuilt-rules/rule-details/service-command-lateral-movement.asciidoc # docs/detections/prebuilt-rules/rule-details/service-control-spawned-via-script-interpreter.asciidoc # docs/detections/prebuilt-rules/rule-details/service-creation-via-local-kerberos-authentication.asciidoc # docs/detections/prebuilt-rules/rule-details/sharepoint-malware-file-upload.asciidoc # docs/detections/prebuilt-rules/rule-details/shell-execution-via-apple-scripting.asciidoc # docs/detections/prebuilt-rules/rule-details/signed-proxy-execution-via-ms-work-folders.asciidoc # docs/detections/prebuilt-rules/rule-details/sip-provider-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/smb-windows-file-sharing-activity-to-the-internet.asciidoc # docs/detections/prebuilt-rules/rule-details/smtp-on-port-26-tcp.asciidoc # docs/detections/prebuilt-rules/rule-details/softwareupdate-preferences-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/solarwinds-process-disabling-services-via-registry.asciidoc # docs/detections/prebuilt-rules/rule-details/spike-in-aws-error-messages.asciidoc # docs/detections/prebuilt-rules/rule-details/spike-in-failed-logon-events.asciidoc # docs/detections/prebuilt-rules/rule-details/spike-in-firewall-denies.asciidoc # docs/detections/prebuilt-rules/rule-details/spike-in-logon-events.asciidoc # docs/detections/prebuilt-rules/rule-details/spike-in-network-traffic-to-a-country.asciidoc # docs/detections/prebuilt-rules/rule-details/spike-in-network-traffic.asciidoc # docs/detections/prebuilt-rules/rule-details/ssh-authorized-keys-file-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/startup-folder-persistence-via-unsigned-process.asciidoc # docs/detections/prebuilt-rules/rule-details/startup-logon-script-added-to-group-policy-object.asciidoc # docs/detections/prebuilt-rules/rule-details/startup-or-run-key-registry-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/startup-persistence-by-a-suspicious-process.asciidoc # docs/detections/prebuilt-rules/rule-details/sublime-plugin-or-application-script-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/sudo-heap-based-buffer-overflow-attempt.asciidoc # docs/detections/prebuilt-rules/rule-details/sudoers-file-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/sunburst-command-and-control-activity.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-activity-reported-by-okta-user.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-automator-workflows-execution.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-browser-child-process.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-calendar-file-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-certutil-commands.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-child-process-of-adobe-acrobat-reader-update-service.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-cmd-execution-via-wmi.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-crontab-creation-or-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-dll-loaded-for-persistence-or-privilege-escalation.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-emond-child-process.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-endpoint-security-parent-process.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-execution-from-a-mounted-device.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-execution-via-scheduled-task.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-explorer-child-process.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-file-creation-in-etc-for-persistence.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-hidden-child-process-of-launchd.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-html-file-creation.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-imagepath-service-creation.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-lsass-access-via-malseclogon.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-macos-ms-office-child-process.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-managed-code-hosting-process.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-microsoft-diagnostics-wizard-execution.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-ms-office-child-process.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-ms-outlook-child-process.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-pdf-reader-child-process.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-portable-executable-encoded-in-powershell-script.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-powershell-engine-imageload.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-powershell-script.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-print-spooler-file-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-print-spooler-point-and-print-dll.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-print-spooler-spl-file-created.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-printspooler-service-executable-file-creation.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-process-access-via-direct-system-call.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-process-creation-calltrace.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-process-execution-via-renamed-psexec-executable.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-rdp-activex-client-loaded.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-remote-registry-access-via-sebackupprivilege.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-script-object-execution.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-service-was-installed-in-the-system.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-solarwinds-child-process.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-startup-shell-folder-modification.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-werfault-child-process.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-wmi-image-load-from-ms-office.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-wmic-xsl-script-execution.asciidoc # docs/detections/prebuilt-rules/rule-details/suspicious-zoom-child-process.asciidoc # docs/detections/prebuilt-rules/rule-details/svchost-spawning-cmd.asciidoc # docs/detections/prebuilt-rules/rule-details/symbolic-link-to-shadow-copy-created.asciidoc # docs/detections/prebuilt-rules/rule-details/system-information-discovery-via-windows-command-shell.asciidoc # docs/detections/prebuilt-rules/rule-details/system-log-file-deletion.asciidoc # docs/detections/prebuilt-rules/rule-details/system-shells-via-services.asciidoc # docs/detections/prebuilt-rules/rule-details/systemkey-access-via-command-line.asciidoc # docs/detections/prebuilt-rules/rule-details/tcc-bypass-via-mounted-apfs-snapshot-access.asciidoc # docs/detections/prebuilt-rules/rule-details/temporarily-scheduled-task-creation.asciidoc # docs/detections/prebuilt-rules/rule-details/third-party-backup-files-deleted-via-unexpected-process.asciidoc # docs/detections/prebuilt-rules/rule-details/timestomping-using-touch-command.asciidoc # docs/detections/prebuilt-rules/rule-details/uac-bypass-attempt-via-elevated-com-internet-explorer-add-on-installer.asciidoc # docs/detections/prebuilt-rules/rule-details/uac-bypass-attempt-via-privileged-ifileoperation-com-interface.asciidoc # docs/detections/prebuilt-rules/rule-details/uac-bypass-attempt-via-windows-directory-masquerading.asciidoc # docs/detections/prebuilt-rules/rule-details/uac-bypass-attempt-with-ieditionupgrademanager-elevated-com-interface.asciidoc # docs/detections/prebuilt-rules/rule-details/uac-bypass-via-diskcleanup-scheduled-task-hijack.asciidoc # docs/detections/prebuilt-rules/rule-details/uac-bypass-via-icmluautil-elevated-com-interface.asciidoc # docs/detections/prebuilt-rules/rule-details/uac-bypass-via-windows-firewall-snap-in-hijack.asciidoc # docs/detections/prebuilt-rules/rule-details/unauthorized-access-to-an-okta-application.asciidoc # docs/detections/prebuilt-rules/rule-details/uncommon-registry-persistence-change.asciidoc # docs/detections/prebuilt-rules/rule-details/unexpected-child-process-of-macos-screensaver-engine.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-aws-command-for-a-user.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-child-process-from-a-system-virtual-process.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-child-processes-of-rundll32.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-city-for-an-aws-command.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-country-for-an-aws-command.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-dns-activity.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-executable-file-creation-by-a-system-critical-process.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-file-creation-alternate-data-stream.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-hour-for-a-user-to-logon.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-linux-network-activity.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-linux-network-connection-discovery.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-linux-network-port-activity.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-linux-process-calling-the-metadata-service.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-linux-process-discovery-activity.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-linux-system-information-discovery-activity.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-linux-user-calling-the-metadata-service.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-linux-username.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-login-activity.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-network-activity-from-a-windows-system-binary.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-network-connection-via-dllhost.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-network-connection-via-rundll32.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-network-destination-domain-name.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-parent-child-relationship.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-persistence-via-services-registry.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-print-spooler-child-process.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-process-execution-path-alternate-data-stream.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-process-for-a-linux-host.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-process-for-a-windows-host.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-process-network-connection.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-service-host-child-process-childless-service.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-source-ip-for-a-user-to-logon-from.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-sudo-activity.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-web-request.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-web-user-agent.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-windows-network-activity.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-windows-path-activity.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-windows-process-calling-the-metadata-service.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-windows-remote-user.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-windows-service.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-windows-user-calling-the-metadata-service.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-windows-user-privilege-elevation-activity.asciidoc # docs/detections/prebuilt-rules/rule-details/unusual-windows-username.asciidoc # docs/detections/prebuilt-rules/rule-det…

nastasha-solomon · 2024-12-12T19:10:26Z

💚 All backports created successfully

Status	Branch	Result
✅	8.17

Questions ?

Please refer to the Backport tool documentation

* First draft * Adds ver header * Adds latest info * Updates my areas * Edits * Minor adjustments * small tweaks * known issue for exceptions * Update docs/release-notes/8.17.asciidoc Co-authored-by: Gabriel Landau <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Gabriel Landau <[email protected]> * Applies same changes * ryland's input * Update docs/release-notes/8.17.asciidoc Co-authored-by: natasha-moore-elastic <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: natasha-moore-elastic <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: natasha-moore-elastic <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: natasha-moore-elastic <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: natasha-moore-elastic <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: natasha-moore-elastic <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Steph Milovic <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Mark Hopkin <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Steph Milovic <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Steph Milovic <[email protected]> * Moar bugs * Adds two new features * revised ki summary * Update docs/release-notes/8.17.asciidoc * Update docs/release-notes/8.17.asciidoc * Update docs/release-notes/8.17.asciidoc * Update docs/release-notes/8.17.asciidoc * editorial fixes * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> --------- Co-authored-by: Benjamin Ironside Goldstein <[email protected]> Co-authored-by: Gabriel Landau <[email protected]> Co-authored-by: natasha-moore-elastic <[email protected]> Co-authored-by: Steph Milovic <[email protected]> Co-authored-by: Mark Hopkin <[email protected]> Co-authored-by: Janeen Mikell Roberts <[email protected]> (cherry picked from commit 7c79a64)

* First draft * Adds ver header * Adds latest info * Updates my areas * Edits * Minor adjustments * small tweaks * known issue for exceptions * Update docs/release-notes/8.17.asciidoc Co-authored-by: Gabriel Landau <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Gabriel Landau <[email protected]> * Applies same changes * ryland's input * Update docs/release-notes/8.17.asciidoc Co-authored-by: natasha-moore-elastic <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: natasha-moore-elastic <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: natasha-moore-elastic <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: natasha-moore-elastic <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: natasha-moore-elastic <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: natasha-moore-elastic <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Steph Milovic <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Mark Hopkin <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Steph Milovic <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Steph Milovic <[email protected]> * Moar bugs * Adds two new features * revised ki summary * Update docs/release-notes/8.17.asciidoc * Update docs/release-notes/8.17.asciidoc * Update docs/release-notes/8.17.asciidoc * Update docs/release-notes/8.17.asciidoc * editorial fixes * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> --------- Co-authored-by: Benjamin Ironside Goldstein <[email protected]> Co-authored-by: Gabriel Landau <[email protected]> Co-authored-by: natasha-moore-elastic <[email protected]> Co-authored-by: Steph Milovic <[email protected]> Co-authored-by: Mark Hopkin <[email protected]> Co-authored-by: Janeen Mikell Roberts <[email protected]> (cherry picked from commit 7c79a64) # Conflicts: # docs/release-notes.asciidoc

* First draft * Adds ver header * Adds latest info * Updates my areas * Edits * Minor adjustments * small tweaks * known issue for exceptions * Update docs/release-notes/8.17.asciidoc Co-authored-by: Gabriel Landau <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Gabriel Landau <[email protected]> * Applies same changes * ryland's input * Update docs/release-notes/8.17.asciidoc Co-authored-by: natasha-moore-elastic <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: natasha-moore-elastic <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: natasha-moore-elastic <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: natasha-moore-elastic <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: natasha-moore-elastic <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: natasha-moore-elastic <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Steph Milovic <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Mark Hopkin <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Steph Milovic <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Steph Milovic <[email protected]> * Moar bugs * Adds two new features * revised ki summary * Update docs/release-notes/8.17.asciidoc * Update docs/release-notes/8.17.asciidoc * Update docs/release-notes/8.17.asciidoc * Update docs/release-notes/8.17.asciidoc * editorial fixes * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> * Update docs/release-notes/8.17.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> --------- Co-authored-by: Benjamin Ironside Goldstein <[email protected]> Co-authored-by: Gabriel Landau <[email protected]> Co-authored-by: natasha-moore-elastic <[email protected]> Co-authored-by: Steph Milovic <[email protected]> Co-authored-by: Mark Hopkin <[email protected]> Co-authored-by: Janeen Mikell Roberts <[email protected]> (cherry picked from commit 7c79a64) Co-authored-by: Janeen Mikell Roberts <[email protected]>

docs/release-notes/8.17.asciidoc

First draft

65bf05f

nastasha-solomon added Priority: High Issues that are time-sensitive and/or are of high customer importance Effort: Large Issues that require significant planning, research, writing, and testing v8.17.0 v8.18.0 labels Nov 21, 2024

nastasha-solomon assigned nastasha-solomon and benironside Nov 21, 2024

nastasha-solomon added the release-notes label Nov 21, 2024

Adds ver header

e0c4f7b

nastasha-solomon and others added 7 commits December 2, 2024 10:48

Merge branch '8.x' into rn-8.17.0

cb1a21e

Adds latest info

20e930d

Merge branch '8.x' into rn-8.17.0

55bf030

Updates my areas

fe67734

Edits

08f8885

Minor adjustments

5884f7c

small tweaks

5e496eb

nastasha-solomon marked this pull request as ready for review December 6, 2024 18:13

nastasha-solomon requested a review from a team as a code owner December 6, 2024 18:13

nastasha-solomon requested review from PhilippeOberti, angorayc, approksiu, banderror, caitlinbetz, gabriellandau, paulewing, semd, stephmilovic and yctercero December 6, 2024 18:15

ebeahan approved these changes Dec 10, 2024

View reviewed changes

editorial fixes

63fb15b

jmikell821 reviewed Dec 12, 2024

View reviewed changes

approksiu approved these changes Dec 12, 2024

View reviewed changes

docs/release-notes/8.17.asciidoc Show resolved Hide resolved

nastasha-solomon and others added 7 commits December 12, 2024 10:10

Update docs/release-notes/8.17.asciidoc

a3c5996

Co-authored-by: Janeen Mikell Roberts <[email protected]>

Update docs/release-notes/8.17.asciidoc

3e93175

Co-authored-by: Janeen Mikell Roberts <[email protected]>

Update docs/release-notes/8.17.asciidoc

ef12742

Co-authored-by: Janeen Mikell Roberts <[email protected]>

Update docs/release-notes/8.17.asciidoc

fa798a5

Co-authored-by: Janeen Mikell Roberts <[email protected]>

Update docs/release-notes/8.17.asciidoc

55ef508

Co-authored-by: Janeen Mikell Roberts <[email protected]>

Update docs/release-notes/8.17.asciidoc

a6574ee

Co-authored-by: Janeen Mikell Roberts <[email protected]>

Update docs/release-notes/8.17.asciidoc

9f25bc1

Co-authored-by: Janeen Mikell Roberts <[email protected]>

yctercero approved these changes Dec 12, 2024

View reviewed changes

benironside approved these changes Dec 12, 2024

View reviewed changes

benironside merged commit 7c79a64 into 8.x Dec 12, 2024
4 checks passed

mergify bot mentioned this pull request Dec 12, 2024

8.17.0 Release notes (backport #6224) #6306

Closed

nastasha-solomon mentioned this pull request Dec 12, 2024

[8.17] 8.17.0 Release notes (#6224) #6307

Merged

bmorelli25 added backport-main Adds a backport to the main branch. and removed backport-main Adds a backport to the main branch. labels Dec 12, 2024

mergify bot mentioned this pull request Dec 12, 2024

[main] 8.17.0 Release notes (backport #6224) #6309

Closed

approksiu reviewed Dec 13, 2024

View reviewed changes

docs/release-notes/8.17.asciidoc Show resolved Hide resolved

nastasha-solomon deleted the rn-8.17.0 branch December 16, 2024 15:44

8.17.0 Release notes #6224

8.17.0 Release notes #6224

Uh oh!

Conversation

nastasha-solomon commented Nov 21, 2024 • edited by approksiu Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions bot commented Nov 21, 2024

Uh oh!

mergify bot commented Nov 22, 2024

Uh oh!

ebeahan left a comment

Choose a reason for hiding this comment

Uh oh!

jmikell821 left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

yctercero left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

nastasha-solomon commented Dec 12, 2024

Uh oh!

mergify bot commented Dec 12, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

✅ Backports have been created

Uh oh!

nastasha-solomon commented Dec 12, 2024

💚 All backports created successfully

Questions ?

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

14 participants

nastasha-solomon commented Nov 21, 2024 •

edited by approksiu

Loading

mergify bot commented Dec 12, 2024 •

edited

Loading