{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":273084758,"defaultBranch":"main","name":"detection-rules","ownerLogin":"elastic","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2020-06-17T21:48:18.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/6764390?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1725997495.0","currentOid":""},"activityList":{"items":[{"before":null,"after":"dc9c58527f702e4442f27c1823930caf3f022283","ref":"refs/heads/posh_defender","pushedAt":"2024-09-10T19:44:55.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"w0rk3r","name":"Jonhnathan","path":"/w0rk3r","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/26856693?s=80&v=4"},"commit":{"message":"[Tuning] Unusual Network Activity from a Windows System Binary (#4065)\n\n* Update defense_evasion_network_connection_from_windows_binary.toml\r\n\r\n* Update defense_evasion_network_connection_from_windows_binary.toml\r\n\r\n---------\r\n\r\nCo-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>","shortMessageHtmlLink":"[Tuning] Unusual Network Activity from a Windows System Binary (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2516742203\" data-permission-text=\"Title is private\" data-url=\"https://github.com/elastic/detection-rules/issues/4065\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/elastic/detection-rules/pull/4065/hovercard\" href=\"https://github.com/elastic/detection-rules/pull/4065\">#4065</a>)"}},{"before":"0a08f5e677413517c7e1905fed42e098cafb73e0","after":"82bf0901668b5414313efc4d490b7f774e38e76c","ref":"refs/heads/rt_0","pushedAt":"2024-09-10T19:41:14.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"w0rk3r","name":"Jonhnathan","path":"/w0rk3r","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/26856693?s=80&v=4"},"commit":{"message":"[Rule Tuning] Remote Execution via File Shares","shortMessageHtmlLink":"[Rule Tuning] Remote Execution via File Shares"}},{"before":"c45ccb1f10abf484b5912d9b38892527934dd53d","after":"a83439a6522d464d1715843ba07ccfd17d0eef43","ref":"refs/heads/issue-4033","pushedAt":"2024-09-10T17:33:18.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"shashank-elastic","name":null,"path":"/shashank-elastic","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/91139415?s=80&v=4"},"commit":{"message":"Add transform fileds to test_toml.json","shortMessageHtmlLink":"Add transform fileds to test_toml.json"}},{"before":"78fbcb178a4137e50a14788958e9f2ab55bd0301","after":"c45ccb1f10abf484b5912d9b38892527934dd53d","ref":"refs/heads/issue-4033","pushedAt":"2024-09-10T16:54:20.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"shashank-elastic","name":null,"path":"/shashank-elastic","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/91139415?s=80&v=4"},"commit":{"message":"Merge branch 'main' into issue-4033","shortMessageHtmlLink":"Merge branch 'main' into issue-4033"}},{"before":"a23ad950874e63462b6e229a92f83f7357ed0b35","after":"78fbcb178a4137e50a14788958e9f2ab55bd0301","ref":"refs/heads/issue-4033","pushedAt":"2024-09-10T16:45:33.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"shashank-elastic","name":null,"path":"/shashank-elastic","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/91139415?s=80&v=4"},"commit":{"message":"Fix lint errors","shortMessageHtmlLink":"Fix lint errors"}},{"before":"b32b5839056fd40c2e69cb48a8d4713ec1ec4902","after":"4be91b33398fc16df1621cc6d500fa1e567474c4","ref":"refs/heads/8.15","pushedAt":"2024-09-10T16:36:12.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"protectionsmachine","name":"protections machine","path":"/protectionsmachine","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72879786?s=80&v=4"},"commit":{"message":"[Tuning] Unusual Network Activity from a Windows System Binary (#4065)\n\n* Update defense_evasion_network_connection_from_windows_binary.toml\n\n* Update defense_evasion_network_connection_from_windows_binary.toml\n\n---------\n\nCo-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>\n\n(cherry picked from commit dc9c58527f702e4442f27c1823930caf3f022283)","shortMessageHtmlLink":"[Tuning] Unusual Network Activity from a Windows System Binary (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2516742203\" data-permission-text=\"Title is private\" data-url=\"https://github.com/elastic/detection-rules/issues/4065\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/elastic/detection-rules/pull/4065/hovercard\" href=\"https://github.com/elastic/detection-rules/pull/4065\">#4065</a>)"}},{"before":"915b2b0ffbda959b638f8dd0c94ac9c9f65fae52","after":"cf77542ec4218f78fe6e4078356d2722781e9913","ref":"refs/heads/8.14","pushedAt":"2024-09-10T16:35:29.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"protectionsmachine","name":"protections machine","path":"/protectionsmachine","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72879786?s=80&v=4"},"commit":{"message":"[Tuning] Unusual Network Activity from a Windows System Binary (#4065)\n\n* Update defense_evasion_network_connection_from_windows_binary.toml\n\n* Update defense_evasion_network_connection_from_windows_binary.toml\n\n---------\n\nCo-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>\n\n(cherry picked from commit dc9c58527f702e4442f27c1823930caf3f022283)","shortMessageHtmlLink":"[Tuning] Unusual Network Activity from a Windows System Binary (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2516742203\" data-permission-text=\"Title is private\" data-url=\"https://github.com/elastic/detection-rules/issues/4065\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/elastic/detection-rules/pull/4065/hovercard\" href=\"https://github.com/elastic/detection-rules/pull/4065\">#4065</a>)"}},{"before":"6a2bf78d545ee9420e15404f5f34ab18808c1129","after":"9a0427c804048cc2997cc64888eaaa73e53ae2b0","ref":"refs/heads/8.13","pushedAt":"2024-09-10T16:34:39.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"protectionsmachine","name":"protections machine","path":"/protectionsmachine","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72879786?s=80&v=4"},"commit":{"message":"[Tuning] Unusual Network Activity from a Windows System Binary (#4065)\n\n* Update defense_evasion_network_connection_from_windows_binary.toml\n\n* Update defense_evasion_network_connection_from_windows_binary.toml\n\n---------\n\nCo-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>\n\n(cherry picked from commit dc9c58527f702e4442f27c1823930caf3f022283)","shortMessageHtmlLink":"[Tuning] Unusual Network Activity from a Windows System Binary (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2516742203\" data-permission-text=\"Title is private\" data-url=\"https://github.com/elastic/detection-rules/issues/4065\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/elastic/detection-rules/pull/4065/hovercard\" href=\"https://github.com/elastic/detection-rules/pull/4065\">#4065</a>)"}},{"before":"9f02519e6974b1320fa52cf42295984075d1a8e3","after":"a23ad950874e63462b6e229a92f83f7357ed0b35","ref":"refs/heads/issue-4033","pushedAt":"2024-09-10T16:34:34.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"shashank-elastic","name":null,"path":"/shashank-elastic","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/91139415?s=80&v=4"},"commit":{"message":"Add toml-lint to the test_cli.bash script","shortMessageHtmlLink":"Add toml-lint to the test_cli.bash script"}},{"before":"e70845fabb7ab469715887a7713f6b6084b1a28a","after":"7f39462d7cd8553ea4d8f3884b1c3dcdebe60609","ref":"refs/heads/8.12","pushedAt":"2024-09-10T16:33:56.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"protectionsmachine","name":"protections machine","path":"/protectionsmachine","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72879786?s=80&v=4"},"commit":{"message":"[Tuning] Unusual Network Activity from a Windows System Binary (#4065)\n\n* Update defense_evasion_network_connection_from_windows_binary.toml\n\n* Update defense_evasion_network_connection_from_windows_binary.toml\n\n---------\n\nCo-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>\n\n(cherry picked from commit dc9c58527f702e4442f27c1823930caf3f022283)","shortMessageHtmlLink":"[Tuning] Unusual Network Activity from a Windows System Binary (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2516742203\" data-permission-text=\"Title is private\" data-url=\"https://github.com/elastic/detection-rules/issues/4065\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/elastic/detection-rules/pull/4065/hovercard\" href=\"https://github.com/elastic/detection-rules/pull/4065\">#4065</a>)"}},{"before":"474b63146aac85c7d60c7570c395fe961f13efe2","after":"ddcda17e76ad1775fe714e8097b43afeb00cd446","ref":"refs/heads/new-rule-aws-ssm-sendcommand-with-command-parameters","pushedAt":"2024-09-10T16:33:42.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"terrancedejesus","name":"Terrance DeJesus","path":"/terrancedejesus","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/99630311?s=80&v=4"},"commit":{"message":"Merge branch 'main' into new-rule-aws-ssm-sendcommand-with-command-parameters","shortMessageHtmlLink":"Merge branch 'main' into new-rule-aws-ssm-sendcommand-with-command-pa…"}},{"before":"993ee220ce2f788f51f81661463317fdff6c4568","after":"5512ccf0c4fb49e3a6cf693d030593bf87ec3205","ref":"refs/heads/8.11","pushedAt":"2024-09-10T16:33:14.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"protectionsmachine","name":"protections machine","path":"/protectionsmachine","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72879786?s=80&v=4"},"commit":{"message":"[Tuning] Unusual Network Activity from a Windows System Binary (#4065)\n\n* Update defense_evasion_network_connection_from_windows_binary.toml\n\n* Update defense_evasion_network_connection_from_windows_binary.toml\n\n---------\n\nCo-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>\n\n(cherry picked from commit dc9c58527f702e4442f27c1823930caf3f022283)","shortMessageHtmlLink":"[Tuning] Unusual Network Activity from a Windows System Binary (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2516742203\" data-permission-text=\"Title is private\" data-url=\"https://github.com/elastic/detection-rules/issues/4065\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/elastic/detection-rules/pull/4065/hovercard\" href=\"https://github.com/elastic/detection-rules/pull/4065\">#4065</a>)"}},{"before":"364c898e07901218576dc0917bb54ac844dcc4b4","after":"1a09088ef3d45df700d3ef6a62de1b41967426d1","ref":"refs/heads/8.10","pushedAt":"2024-09-10T16:32:32.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"protectionsmachine","name":"protections machine","path":"/protectionsmachine","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72879786?s=80&v=4"},"commit":{"message":"[Tuning] Unusual Network Activity from a Windows System Binary (#4065)\n\n* Update defense_evasion_network_connection_from_windows_binary.toml\n\n* Update defense_evasion_network_connection_from_windows_binary.toml\n\n---------\n\nCo-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>\n\n(cherry picked from commit dc9c58527f702e4442f27c1823930caf3f022283)","shortMessageHtmlLink":"[Tuning] Unusual Network Activity from a Windows System Binary (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2516742203\" data-permission-text=\"Title is private\" data-url=\"https://github.com/elastic/detection-rules/issues/4065\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/elastic/detection-rules/pull/4065/hovercard\" href=\"https://github.com/elastic/detection-rules/pull/4065\">#4065</a>)"}},{"before":"b54c94d5400fa142968b6dd3dddb408b01a33ef4","after":null,"ref":"refs/heads/Samirbous-patch-1","pushedAt":"2024-09-10T16:30:58.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"w0rk3r","name":"Jonhnathan","path":"/w0rk3r","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/26856693?s=80&v=4"}},{"before":"8d27b6069b890d3f4229684f479f4ab400f36ecb","after":"dc9c58527f702e4442f27c1823930caf3f022283","ref":"refs/heads/main","pushedAt":"2024-09-10T16:30:56.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"w0rk3r","name":"Jonhnathan","path":"/w0rk3r","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/26856693?s=80&v=4"},"commit":{"message":"[Tuning] Unusual Network Activity from a Windows System Binary (#4065)\n\n* Update defense_evasion_network_connection_from_windows_binary.toml\r\n\r\n* Update defense_evasion_network_connection_from_windows_binary.toml\r\n\r\n---------\r\n\r\nCo-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>","shortMessageHtmlLink":"[Tuning] Unusual Network Activity from a Windows System Binary (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2516742203\" data-permission-text=\"Title is private\" data-url=\"https://github.com/elastic/detection-rules/issues/4065\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/elastic/detection-rules/pull/4065/hovercard\" href=\"https://github.com/elastic/detection-rules/pull/4065\">#4065</a>)"}},{"before":null,"after":"9f02519e6974b1320fa52cf42295984075d1a8e3","ref":"refs/heads/issue-4033","pushedAt":"2024-09-10T16:27:55.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"shashank-elastic","name":null,"path":"/shashank-elastic","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/91139415?s=80&v=4"},"commit":{"message":"Support toml lint for investigate transforms","shortMessageHtmlLink":"Support toml lint for investigate transforms"}},{"before":"3711d20e496208f690fed4748f42ac1ea9392f0f","after":"b54c94d5400fa142968b6dd3dddb408b01a33ef4","ref":"refs/heads/Samirbous-patch-1","pushedAt":"2024-09-10T16:23:09.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"w0rk3r","name":"Jonhnathan","path":"/w0rk3r","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/26856693?s=80&v=4"},"commit":{"message":"Merge branch 'main' into Samirbous-patch-1","shortMessageHtmlLink":"Merge branch 'main' into Samirbous-patch-1"}},{"before":"2185ec624e3626aa1ea6a9ea9a8d52584ccde17d","after":"474b63146aac85c7d60c7570c395fe961f13efe2","ref":"refs/heads/new-rule-aws-ssm-sendcommand-with-command-parameters","pushedAt":"2024-09-10T16:13:23.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"terrancedejesus","name":"Terrance DeJesus","path":"/terrancedejesus","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/99630311?s=80&v=4"},"commit":{"message":"Merge branch 'main' into new-rule-aws-ssm-sendcommand-with-command-parameters","shortMessageHtmlLink":"Merge branch 'main' into new-rule-aws-ssm-sendcommand-with-command-pa…"}},{"before":"c5993073dbac7a0771a1ad0e8d0393d551c65713","after":"b32b5839056fd40c2e69cb48a8d4713ec1ec4902","ref":"refs/heads/8.15","pushedAt":"2024-09-10T15:32:18.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"protectionsmachine","name":"protections machine","path":"/protectionsmachine","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72879786?s=80&v=4"},"commit":{"message":"[Rule Tuning] M365/Azure Brute-Forcing New Rule and Tuning; Deprecate Similar Rule (#4057)\n\n* deprecated rule; tuned for single source inclusion\n\n* adjusted query comments\n\n* added min-stack\n\n* updated date\n\n* added Azure-based rule for brute forcing\n\n* added reference to o365spray\n\n* fixed tag\n\n* adjusted query comment\n\n* added rule for repeat source\n\n* adjusted query to use count distinct\n\n* added intervals; adjusted lookback window according to time truncation\n\n(cherry picked from commit 8d27b6069b890d3f4229684f479f4ab400f36ecb)","shortMessageHtmlLink":"[Rule Tuning] M365/Azure Brute-Forcing New Rule and Tuning; Deprecate…"}},{"before":"c106232eb9d052cedc3434ebfef691b604618362","after":"915b2b0ffbda959b638f8dd0c94ac9c9f65fae52","ref":"refs/heads/8.14","pushedAt":"2024-09-10T15:31:25.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"protectionsmachine","name":"protections machine","path":"/protectionsmachine","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72879786?s=80&v=4"},"commit":{"message":"[Rule Tuning] M365/Azure Brute-Forcing New Rule and Tuning; Deprecate Similar Rule (#4057)\n\n* deprecated rule; tuned for single source inclusion\n\n* adjusted query comments\n\n* added min-stack\n\n* updated date\n\n* added Azure-based rule for brute forcing\n\n* added reference to o365spray\n\n* fixed tag\n\n* adjusted query comment\n\n* added rule for repeat source\n\n* adjusted query to use count distinct\n\n* added intervals; adjusted lookback window according to time truncation\n\n(cherry picked from commit 8d27b6069b890d3f4229684f479f4ab400f36ecb)","shortMessageHtmlLink":"[Rule Tuning] M365/Azure Brute-Forcing New Rule and Tuning; Deprecate…"}},{"before":"65e7c9286bf5b94d7367e255a66c69f7a71140b8","after":"6a2bf78d545ee9420e15404f5f34ab18808c1129","ref":"refs/heads/8.13","pushedAt":"2024-09-10T15:30:34.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"protectionsmachine","name":"protections machine","path":"/protectionsmachine","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72879786?s=80&v=4"},"commit":{"message":"[Rule Tuning] M365/Azure Brute-Forcing New Rule and Tuning; Deprecate Similar Rule (#4057)\n\n* deprecated rule; tuned for single source inclusion\n\n* adjusted query comments\n\n* added min-stack\n\n* updated date\n\n* added Azure-based rule for brute forcing\n\n* added reference to o365spray\n\n* fixed tag\n\n* adjusted query comment\n\n* added rule for repeat source\n\n* adjusted query to use count distinct\n\n* added intervals; adjusted lookback window according to time truncation\n\n(cherry picked from commit 8d27b6069b890d3f4229684f479f4ab400f36ecb)","shortMessageHtmlLink":"[Rule Tuning] M365/Azure Brute-Forcing New Rule and Tuning; Deprecate…"}},{"before":"86ad653a5a03509cb339b76bd8f4f9a08a4e22f7","after":"e70845fabb7ab469715887a7713f6b6084b1a28a","ref":"refs/heads/8.12","pushedAt":"2024-09-10T15:29:47.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"protectionsmachine","name":"protections machine","path":"/protectionsmachine","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72879786?s=80&v=4"},"commit":{"message":"[Rule Tuning] M365/Azure Brute-Forcing New Rule and Tuning; Deprecate Similar Rule (#4057)\n\n* deprecated rule; tuned for single source inclusion\n\n* adjusted query comments\n\n* added min-stack\n\n* updated date\n\n* added Azure-based rule for brute forcing\n\n* added reference to o365spray\n\n* fixed tag\n\n* adjusted query comment\n\n* added rule for repeat source\n\n* adjusted query to use count distinct\n\n* added intervals; adjusted lookback window according to time truncation\n\nRemoved changes from:\n- rules/integrations/o365/credential_access_microsoft_365_brute_force_user_account_attempt.toml\n\n(selectively cherry picked from commit 8d27b6069b890d3f4229684f479f4ab400f36ecb)","shortMessageHtmlLink":"[Rule Tuning] M365/Azure Brute-Forcing New Rule and Tuning; Deprecate…"}},{"before":"bd30e6cbe9954190a74480774ec2f78312b59099","after":"993ee220ce2f788f51f81661463317fdff6c4568","ref":"refs/heads/8.11","pushedAt":"2024-09-10T15:29:01.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"protectionsmachine","name":"protections machine","path":"/protectionsmachine","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72879786?s=80&v=4"},"commit":{"message":"[Rule Tuning] M365/Azure Brute-Forcing New Rule and Tuning; Deprecate Similar Rule (#4057)\n\n* deprecated rule; tuned for single source inclusion\n\n* adjusted query comments\n\n* added min-stack\n\n* updated date\n\n* added Azure-based rule for brute forcing\n\n* added reference to o365spray\n\n* fixed tag\n\n* adjusted query comment\n\n* added rule for repeat source\n\n* adjusted query to use count distinct\n\n* added intervals; adjusted lookback window according to time truncation\n\nRemoved changes from:\n- rules/integrations/o365/credential_access_microsoft_365_brute_force_user_account_attempt.toml\n\n(selectively cherry picked from commit 8d27b6069b890d3f4229684f479f4ab400f36ecb)","shortMessageHtmlLink":"[Rule Tuning] M365/Azure Brute-Forcing New Rule and Tuning; Deprecate…"}},{"before":"b40151f8f645165c6db4045914900adedcd18fb5","after":"364c898e07901218576dc0917bb54ac844dcc4b4","ref":"refs/heads/8.10","pushedAt":"2024-09-10T15:28:12.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"protectionsmachine","name":"protections machine","path":"/protectionsmachine","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72879786?s=80&v=4"},"commit":{"message":"[Rule Tuning] M365/Azure Brute-Forcing New Rule and Tuning; Deprecate Similar Rule (#4057)\n\n* deprecated rule; tuned for single source inclusion\n\n* adjusted query comments\n\n* added min-stack\n\n* updated date\n\n* added Azure-based rule for brute forcing\n\n* added reference to o365spray\n\n* fixed tag\n\n* adjusted query comment\n\n* added rule for repeat source\n\n* adjusted query to use count distinct\n\n* added intervals; adjusted lookback window according to time truncation\n\nRemoved changes from:\n- rules/integrations/o365/credential_access_microsoft_365_brute_force_user_account_attempt.toml\n\n(selectively cherry picked from commit 8d27b6069b890d3f4229684f479f4ab400f36ecb)","shortMessageHtmlLink":"[Rule Tuning] M365/Azure Brute-Forcing New Rule and Tuning; Deprecate…"}},{"before":"7f9f19ce6de6d5f598b3265a4c7ee143187c7262","after":null,"ref":"refs/heads/rule-tuning-microsoft-365-bruteforce-attempts","pushedAt":"2024-09-10T15:26:42.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"terrancedejesus","name":"Terrance DeJesus","path":"/terrancedejesus","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/99630311?s=80&v=4"}},{"before":"0a08f5e677413517c7e1905fed42e098cafb73e0","after":"8d27b6069b890d3f4229684f479f4ab400f36ecb","ref":"refs/heads/main","pushedAt":"2024-09-10T15:26:40.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"terrancedejesus","name":"Terrance DeJesus","path":"/terrancedejesus","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/99630311?s=80&v=4"},"commit":{"message":"[Rule Tuning] M365/Azure Brute-Forcing New Rule and Tuning; Deprecate Similar Rule (#4057)\n\n* deprecated rule; tuned for single source inclusion\r\n\r\n* adjusted query comments\r\n\r\n* added min-stack\r\n\r\n* updated date\r\n\r\n* added Azure-based rule for brute forcing\r\n\r\n* added reference to o365spray\r\n\r\n* fixed tag\r\n\r\n* adjusted query comment\r\n\r\n* added rule for repeat source\r\n\r\n* adjusted query to use count distinct\r\n\r\n* added intervals; adjusted lookback window according to time truncation","shortMessageHtmlLink":"[Rule Tuning] M365/Azure Brute-Forcing New Rule and Tuning; Deprecate…"}},{"before":"c1e2ed7b5a28bf29107dd03ab07f546d6fdd7b2a","after":"3711d20e496208f690fed4748f42ac1ea9392f0f","ref":"refs/heads/Samirbous-patch-1","pushedAt":"2024-09-10T15:16:45.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Samirbous","name":null,"path":"/Samirbous","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/64742097?s=80&v=4"},"commit":{"message":"Update defense_evasion_network_connection_from_windows_binary.toml","shortMessageHtmlLink":"Update defense_evasion_network_connection_from_windows_binary.toml"}},{"before":null,"after":"c1e2ed7b5a28bf29107dd03ab07f546d6fdd7b2a","ref":"refs/heads/Samirbous-patch-1","pushedAt":"2024-09-10T15:07:57.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"Samirbous","name":null,"path":"/Samirbous","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/64742097?s=80&v=4"},"commit":{"message":"Update defense_evasion_network_connection_from_windows_binary.toml","shortMessageHtmlLink":"Update defense_evasion_network_connection_from_windows_binary.toml"}},{"before":"811e4a3f239e6c20c6118bb0870abb72db2ff8d7","after":"2185ec624e3626aa1ea6a9ea9a8d52584ccde17d","ref":"refs/heads/new-rule-aws-ssm-sendcommand-with-command-parameters","pushedAt":"2024-09-10T15:00:00.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"terrancedejesus","name":"Terrance DeJesus","path":"/terrancedejesus","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/99630311?s=80&v=4"},"commit":{"message":"Update rules/cross-platform/execution_aws_ssm_sendcommand_with_command_parameters.toml","shortMessageHtmlLink":"Update rules/cross-platform/execution_aws_ssm_sendcommand_with_comman…"}},{"before":"9f048bb30d345afa8676ff1f7b53639782697c5e","after":"811e4a3f239e6c20c6118bb0870abb72db2ff8d7","ref":"refs/heads/new-rule-aws-ssm-sendcommand-with-command-parameters","pushedAt":"2024-09-10T14:45:22.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"terrancedejesus","name":"Terrance DeJesus","path":"/terrancedejesus","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/99630311?s=80&v=4"},"commit":{"message":"fixed description","shortMessageHtmlLink":"fixed description"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEsnYcpAA","startCursor":null,"endCursor":null}},"title":"Activity · elastic/detection-rules"}