search

elastic / detection-rules

https://www.elastic.co/guide/en/security/current/detection-engine-overview.html
Other
1.85k stars 462 forks source link

[Rule Tuning] Unusual File Creation - Alternate Data Stream #3848

Closed w0rk3r closed 1 day ago

w0rk3r commented 4 days ago

Issues

Resolves https://github.com/elastic/detection-rules/issues/1965

Summary

Excludes a few noisy FP patterns.