nldcsc_elastic_rules/__init__.py,sha256=pWI5YKtdCWQBKraQpnsDj18cZNkqmsMauiYg_-FM-2k,26
nldcsc_elastic_rules/utils.py,sha256=sxGwPsOgrJbAYWOes85I0FXabGIRwI5e68yhRowl2dE,415
nldcsc_elastic_rules/rules/README.md,sha256=FsDrLRbMS1GiLtJxKEeB2etL1U0JZ053xE3T28iDNIY,2862
nldcsc_elastic_rules/rules/_deprecated/apm_null_user_agent.toml,sha256=P1Ob5RxPCMFTR8Z_fRaFpfLNgZmJekBbg1ihzeuHpeY,1466
nldcsc_elastic_rules/rules/_deprecated/command_and_control_connection_attempt_by_non_ssh_root_session.toml,sha256=L9n522sl79myzYEWozsyKhrtM9oD9n7xlHhsOq_-D-4,3405
nldcsc_elastic_rules/rules/_deprecated/command_and_control_dns_directly_to_the_internet.toml,sha256=qlYl28lEc69nJXQRHz0Z-nstI8SKLXttlll_4N_rnio,2841
nldcsc_elastic_rules/rules/_deprecated/command_and_control_ftp_file_transfer_protocol_activity_to_the_internet.toml,sha256=Ch4I743iqDRnHQBDzBJKPMvGxfD9cscKyWkNHkjChEc,2559
nldcsc_elastic_rules/rules/_deprecated/command_and_control_irc_internet_relay_chat_protocol_activity_to_the_internet.toml,sha256=Owf2oKiHH5RMdHs16mdW5NGlZfqacps7HCUB3NE2WJc,2506
nldcsc_elastic_rules/rules/_deprecated/command_and_control_linux_chisel_server_activity.toml,sha256=BaEtM6vHm5lT-Q6LjfAGz3Ke-TH3rShJ_0OO8mmYtG8,10398
nldcsc_elastic_rules/rules/_deprecated/command_and_control_linux_iodine_activity.toml,sha256=ik7mymIg2c2SRv5OG5UqT-rSRKzJmrcwxRTwLAo8tkc,1841
nldcsc_elastic_rules/rules/_deprecated/command_and_control_linux_port_knocking_reverse_connection.toml,sha256=17PowWGKOMFk8t2VMfTD5IBbPKYYAtAp4RVMyVJnlQY,5148
nldcsc_elastic_rules/rules/_deprecated/command_and_control_non_standard_http_port.toml,sha256=AI74O9bJme8VnypTjmfu4QQMiZIHPfre2Tk4f5z75u8,7807
nldcsc_elastic_rules/rules/_deprecated/command_and_control_non_standard_ssh_port.toml,sha256=SlMBF29t6TwpyGCMKrK3WLKnj7Pny0swdvaS46ufHw8,6704
nldcsc_elastic_rules/rules/_deprecated/command_and_control_port_8000_activity_to_the_internet.toml,sha256=jgENNsuzg4kMtoUEaeBlpqG5F-3eCtwUVBUU4du7cXQ,2010
nldcsc_elastic_rules/rules/_deprecated/command_and_control_pptp_point_to_point_tunneling_protocol_activity.toml,sha256=uzqvyL_JvKsDojc_TCpVZW_4qUhuJ38kwUbsJwUkn4k,1568
nldcsc_elastic_rules/rules/_deprecated/command_and_control_proxy_port_activity_to_the_internet.toml,sha256=N123c9tBYL3PqNd2xMKyRTZpkWdX9gQ4p8b2G7Q3N1Y,2443
nldcsc_elastic_rules/rules/_deprecated/command_and_control_smtp_to_the_internet.toml,sha256=OmyIkHqqO3OdQJLBLARCht0UsqkRlUjOkXUX7lXOHE8,2119
nldcsc_elastic_rules/rules/_deprecated/command_and_control_sql_server_port_activity_to_the_internet.toml,sha256=KDNeLrIR2fb2FNdMzS4mH_Mw6Ky7EhIttMD57ccXiCI,1916
nldcsc_elastic_rules/rules/_deprecated/command_and_control_ssh_secure_shell_from_the_internet.toml,sha256=dT3rK50ocmiI9aTi2AO9kK7SgczzjsAxOFswYRynrjk,2757
nldcsc_elastic_rules/rules/_deprecated/command_and_control_ssh_secure_shell_to_the_internet.toml,sha256=EfQzNOi7HQFnTMZT5QrVj50Sgr6iY6GOYrhLumicXcE,2151
nldcsc_elastic_rules/rules/_deprecated/command_and_control_tor_activity_to_the_internet.toml,sha256=NF4Fl59KsJLdABK6K5FwmXr1tdu7NXaedQfVnuhTaDw,2329
nldcsc_elastic_rules/rules/_deprecated/credential_access_entra_signin_brute_force_microsoft_365_repeat_source.toml,sha256=0gn1XEwiyKKC2FAt2-86ONDaxDYB2Hue50-8xstoxd0,6831
nldcsc_elastic_rules/rules/_deprecated/credential_access_microsoft_365_potential_password_spraying_attack.toml,sha256=ieBRSQIw3hk673O5dGw1hx8_JAklxKCYcicpjYjlTHc,1815
nldcsc_elastic_rules/rules/_deprecated/credential_access_potential_linux_ssh_bruteforce_root.toml,sha256=t_1U00NJarwzYBhpUkhLxdhiV2ZoPaNUOZWbY3Wq6Dk,3966
nldcsc_elastic_rules/rules/_deprecated/credential_access_potential_successful_linux_ftp_bruteforce.toml,sha256=5KZIG83OEzbv7XQlFPM2k9HvSTRuO1DK_BPxK52mGn0,9451
nldcsc_elastic_rules/rules/_deprecated/credential_access_potential_successful_linux_rdp_bruteforce.toml,sha256=IIOsk4fCYS3c7XspD_Cw85mb2TnW8cgftuQYHfDV5r4,9703
nldcsc_elastic_rules/rules/_deprecated/credential_access_tcpdump_activity.toml,sha256=HjMr6vfU4ptYXikdukMUug9Um8DBKHXRbBwns9RriJw,1662
nldcsc_elastic_rules/rules/_deprecated/defense_evasion_agent_spoofing_mismatched_id.toml,sha256=lp9561MSJeqCyFJCbkvnqGJrOooZ6wbbnPvGwEHBRqU,5723
nldcsc_elastic_rules/rules/_deprecated/defense_evasion_attempt_to_disable_iptables_or_firewall.toml,sha256=xmyL9oBeFgVTsQiHxVhe6hGmu1nYihiHP_kb8Rz3j_o,1530
nldcsc_elastic_rules/rules/_deprecated/defense_evasion_base64_encoding_or_decoding_activity.toml,sha256=sZ_95szs8hOpomQmmlSUVgG96KgfH9C0YRBS5icSmMw,1477
nldcsc_elastic_rules/rules/_deprecated/defense_evasion_code_injection_conhost.toml,sha256=G6Yz_j7i3ly8I_QxT64BDHoVSIi2aeeVRaZjfIotC68,5188
nldcsc_elastic_rules/rules/_deprecated/defense_evasion_elasticache_security_group_creation.toml,sha256=Jbig4QsukegVaLhlQJPVk_3YiZ2mC16Z-cA6tFGP8TM,6876
nldcsc_elastic_rules/rules/_deprecated/defense_evasion_elasticache_security_group_modified_or_deleted.toml,sha256=oCwORGOoEJ5FEtpeejX5ws89GGYnOiBEtBScxq0rW2U,6681
nldcsc_elastic_rules/rules/_deprecated/defense_evasion_execution_via_trusted_developer_utilities.toml,sha256=0DIN1D3-hRuLx57AlgtkBAOFDQUAEZ_BNMf1TG7rX9Y,1342
nldcsc_elastic_rules/rules/_deprecated/defense_evasion_hex_encoding_or_decoding_activity.toml,sha256=JtVxnHzgZ_O9fPb5DxmRoiFW-Gxqw7ihShvbv4zorMM,1431
nldcsc_elastic_rules/rules/_deprecated/defense_evasion_ld_preload_env_variable_process_injection.toml,sha256=N12tqet7lSXN0_AL0_CZAc9bbJlZBSyBZ2YMcjXm_Po,6018
nldcsc_elastic_rules/rules/_deprecated/defense_evasion_mshta_making_network_connections.toml,sha256=-beMtzmAlThKxAhtC1QrgL6AQt76_S0sCHtgg1NeNJY,1491
nldcsc_elastic_rules/rules/_deprecated/defense_evasion_potential_processherpaderping.toml,sha256=CrMLt3Zcji5ydCGpt-_p17w8NGWvdpC4i1uQ2vh-Vs4,1842
nldcsc_elastic_rules/rules/_deprecated/defense_evasion_process_termination_followed_by_deletion.toml,sha256=kjpsgmi8BzvNoQCRJJLy0oW61hhZ26cFzxYazPapoxw,8481
nldcsc_elastic_rules/rules/_deprecated/defense_evasion_rename_esxi_index_file.toml,sha256=lkVvaepEX8VSY-h1Z5_VDEXeYcpWSE-oTTopcVCKjGo,7730
nldcsc_elastic_rules/rules/_deprecated/defense_evasion_whitespace_padding_in_command_line.toml,sha256=y1xyhawly-MX1X7wU8r7H33s61qjifj3O7MPD_9qHdg,5213
nldcsc_elastic_rules/rules/_deprecated/discovery_file_dir_discovery.toml,sha256=x3H7E_TjCpMrByzKuW5gFWFiSy46etE8-wfW2wy8tNU,4102
nldcsc_elastic_rules/rules/_deprecated/discovery_process_discovery_via_tasklist_command.toml,sha256=xsfztpMiMrhlVsKSJs8jpbpIr-ifl5-kWmYHjXgniSk,1357
nldcsc_elastic_rules/rules/_deprecated/discovery_pspy_process_monitoring_detected.toml,sha256=aYcip-UzP4DUeQcyKKjuy6P1Nxt5AaocUmbFDnuc9XM,7457
nldcsc_elastic_rules/rules/_deprecated/discovery_query_registry_via_reg.toml,sha256=yaFFIcpM9z2Z_xFL3zvhHcLyV9RU8BFtJtE_uhVhZko,1134
nldcsc_elastic_rules/rules/_deprecated/discovery_whoami_commmand.toml,sha256=NEUGhhng629IInRexo-_TVOgkNCVoLvO4uaXJ4tlsqk,1256
nldcsc_elastic_rules/rules/_deprecated/execution_apt_binary.toml,sha256=FGsJSS6bii45TNR3PfSXcSXmUqRRW4g0Y01xBzzDpEw,1831
nldcsc_elastic_rules/rules/_deprecated/execution_awk_binary_shell.toml,sha256=jEchJX9Jf9-VQeV1-vssqVRqdQPza-Pcanw-556MCBE,1729
nldcsc_elastic_rules/rules/_deprecated/execution_busybox_binary.toml,sha256=IITvx4ReXM1up2gjvYa8Aec7QUgeDfILHFHeXC58zrM,1665
nldcsc_elastic_rules/rules/_deprecated/execution_c89_c99_binary.toml,sha256=5VLXlYDqDHGC7A9hJDtKHai7WMhCzUzF1-lB1MfyY9M,1791
nldcsc_elastic_rules/rules/_deprecated/execution_command_shell_started_by_powershell.toml,sha256=0SGoxLXFNej0Ffb8VvVq3PCqyvE4Jbay4eC1PifB8FY,1228
nldcsc_elastic_rules/rules/_deprecated/execution_cpulimit_binary.toml,sha256=Za3MQfcjwp3en5LUJsVZEPZxkv-Em2qjubwTLF5G5as,1792
nldcsc_elastic_rules/rules/_deprecated/execution_crash_binary.toml,sha256=-wz6LJVZUeuLHLm6ZPEpavzyPZWbX2IQWyhpSg609i4,1606
nldcsc_elastic_rules/rules/_deprecated/execution_curl_cve_2023_38545_heap_overflow.toml,sha256=zrasn_JYmeB7KA3xDBiFzipxcRYoVJN_L-8TDqosg38,9360
nldcsc_elastic_rules/rules/_deprecated/execution_env_binary.toml,sha256=2qq_ndk9zYy2_D3bli2eyWzNhSgJw7glh1Zq7r5wTJ0,1666
nldcsc_elastic_rules/rules/_deprecated/execution_expect_binary.toml,sha256=BIU_NjT5DFy7XrtG7MJJ_zfkL1YkoKIN9bhbmraY7Zo,1856
nldcsc_elastic_rules/rules/_deprecated/execution_find_binary.toml,sha256=PKvMdNYz4AEJ0ZfZxkwPLbCmQs1OVsBQ5QSZKLD3l8c,1719
nldcsc_elastic_rules/rules/_deprecated/execution_flock_binary.toml,sha256=cePqGZZf4f9-0GobaxgxMcEByc9I7pTOju6KyakcOq0,1769
nldcsc_elastic_rules/rules/_deprecated/execution_gcc_binary.toml,sha256=hqaGdpJ0pDyfe9Z3mLb9YQwRiSvAgiKyJbL1TtS6QJ8,1760
nldcsc_elastic_rules/rules/_deprecated/execution_linux_process_started_in_temp_directory.toml,sha256=Of0Ynl54K-ToNotSxvqmX7ZjEOpHOA4jPJwiTYAWvNs,1495
nldcsc_elastic_rules/rules/_deprecated/execution_mysql_binary.toml,sha256=DhCMP0edAa6Z22WuHQxlg31aDSFfUWOVvG38eMr85m0,1728
nldcsc_elastic_rules/rules/_deprecated/execution_pdf_written_file.toml,sha256=y_Z5_xAnD0GP7W-DNFS_GRhkMxjQ8yg44F-SrLqW6WM,6119
nldcsc_elastic_rules/rules/_deprecated/execution_reverse_shell_via_named_pipe.toml,sha256=ho8lidMGBTNyv3f5AT29uMlDs5PmO_UEhW0EPNLW9QI,2876
nldcsc_elastic_rules/rules/_deprecated/execution_shell_suspicious_parent_child_revshell_linux.toml,sha256=M6bJXbB1RxvG7sNJifxwfKe8rn2WqRU2LOO1apmj17s,5431
nldcsc_elastic_rules/rules/_deprecated/execution_ssh_binary.toml,sha256=wRBTyH4Z06Qgf7uSefoQzWzR_yZLZRXrTAqdu00kkcg,1915
nldcsc_elastic_rules/rules/_deprecated/execution_suspicious_jar_child_process.toml,sha256=g7Y6xvGgfo0MTj6EGYxdDRUtE8VHgTVLnHEU8NSW_w0,5143
nldcsc_elastic_rules/rules/_deprecated/execution_vi_binary.toml,sha256=rVx9fC5neqddpDzHI3cauhBO0O8eHaW1yeO0GqmPzm8,1693
nldcsc_elastic_rules/rules/_deprecated/execution_via_net_com_assemblies.toml,sha256=WoQfkdoC-v0pHjs5Z1CSF9JdwbEV-N3yiKzIfcZ05Yg,1517
nldcsc_elastic_rules/rules/_deprecated/exfiltration_ec2_snapshot_change_activity.toml,sha256=1G5HDecNxC7OnjHHAmJgTABviAJu6m5l8hrd94MErLQ,5984
nldcsc_elastic_rules/rules/_deprecated/exfiltration_ec2_vm_export_failure.toml,sha256=KGk9FAieIO1d6lNH3b6fBTeWvRrabD22uyL__lW5Tqk,5943
nldcsc_elastic_rules/rules/_deprecated/exfiltration_rds_snapshot_export.toml,sha256=sWun5b-ABOXGlkaBRRU4D7IAhq0oxcSzRiARSbzyVrs,1587
nldcsc_elastic_rules/rules/_deprecated/impact_potential_linux_ransomware_file_encryption.toml,sha256=lOEgZWwU381xlheYMvcJFy9gO17FYaWP720PAL9IlUk,4275
nldcsc_elastic_rules/rules/_deprecated/impact_rds_group_deletion.toml,sha256=mD95apuRrUSCvGO7SUZ8e64qLhoOmAiKB_R_qdV9gtM,6128
nldcsc_elastic_rules/rules/_deprecated/impact_rds_instance_cluster_stoppage.toml,sha256=7qRnEu_TD9VlHR6kud8vFX5BD2D8I1zOulZCX0zd2Lw,6067
nldcsc_elastic_rules/rules/_deprecated/impact_virtual_network_device_modified.toml,sha256=C1-KzN13Hafw3A9-Fg-37R4Bd9STq0xPe7i-vBfo69M,6954
nldcsc_elastic_rules/rules/_deprecated/initial_access_cross_site_scripting.toml,sha256=QzRJdE2DmDPRpcI1GD05Zmv8ouf4zjpWvZFFtp57Nts,1617
nldcsc_elastic_rules/rules/_deprecated/initial_access_login_failures.toml,sha256=_kOXSQ4PleBgeG68TjvkHXKMUomjZlIqBcP01JwEkPM,1382
nldcsc_elastic_rules/rules/_deprecated/initial_access_login_location.toml,sha256=tz_uUjcVOnqB1UK96KKBXIbDjYBNfzaWgbis3_6XeSs,1370
nldcsc_elastic_rules/rules/_deprecated/initial_access_login_sessions.toml,sha256=ANcZlbHYI9rAPIpTOVoBornOTDsvfhgikW-299X-CqY,1358
nldcsc_elastic_rules/rules/_deprecated/initial_access_login_time.toml,sha256=_kljdiUN-qkj6Cl_sl-1JkYo3pxrfmPDQLWq8v9ndWU,1361
nldcsc_elastic_rules/rules/_deprecated/initial_access_rdp_remote_desktop_protocol_to_the_internet.toml,sha256=Qwqv0Iuf1XK8f5-qP2KftZBIVXzV7Rwha_8MtLLG3uE,2587
nldcsc_elastic_rules/rules/_deprecated/initial_access_ssh_connection_established_inside_a_container.toml,sha256=8IRjm-KURyYajs2vbpg_vlAUEQRwlXN5gpA0DlzcVO0,6893
nldcsc_elastic_rules/rules/_deprecated/lateral_movement_malicious_remote_file_creation.toml,sha256=9psQ-KiT-Mi4cB1RCSHQ-Iy9adDa1vbLqdmG0N3nqh4,1489
nldcsc_elastic_rules/rules/_deprecated/lateral_movement_remote_file_creation_in_sensitive_directory.toml,sha256=cIF5BJVeQFXhcmk-oKcfIu5re0tjf_klOdBctLEIWXA,1956
nldcsc_elastic_rules/rules/_deprecated/lateral_movement_ssh_process_launched_inside_a_container.toml,sha256=tMNkzlHomJ5txCvbGqU1ee9DtSyhLJM2Nsf3rKkEJaA,7081
nldcsc_elastic_rules/rules/_deprecated/lateral_movement_ssh_process_launched_inside_container.toml,sha256=GvLLvGW_QVueYL4Ykj8OkA4_KNUhUXtzEuyF3YiK5Jc,8813
nldcsc_elastic_rules/rules/_deprecated/linux_mknod_activity.toml,sha256=AtOAcnSD1gRdU8oeF1nL7vR-8st7W6Cx_FM9ZqYU5fU,1252
nldcsc_elastic_rules/rules/_deprecated/linux_nmap_activity.toml,sha256=4krPC1MpI7NrhqLNP_CvUd_WpeI7V4Wb_IFbB8xH7Co,1250
nldcsc_elastic_rules/rules/_deprecated/linux_socat_activity.toml,sha256=fpPixypMYwHucgfqOZtKJesiqM45VL5AJ3tm3djHPJE,1283
nldcsc_elastic_rules/rules/_deprecated/persistence_cap_sys_admin_added_to_new_binary.toml,sha256=elaLLLJeNPPC2ysluHFsPWClEWUpkkDu4J84UzJ8SnM,4004
nldcsc_elastic_rules/rules/_deprecated/persistence_creation_modif_launch_deamon_sequence.toml,sha256=nl0Jd4DRJzV8ZcFDsu1iaFLsQTpK_EXo5281JPx4jnI,7985
nldcsc_elastic_rules/rules/_deprecated/persistence_creation_of_kernel_module.toml,sha256=28DM-mMhCvG3RwE4aBN9tFNeFebjnkHlxwpCl1fkCgU,1562
nldcsc_elastic_rules/rules/_deprecated/persistence_credential_access_modify_auth_module_or_config.toml,sha256=8qPbbDdQ3xZLMDVVha2djk1F9qEVnN9jLkTvBtwSOSY,7618
nldcsc_elastic_rules/rules/_deprecated/persistence_cron_jobs_creation_and_runtime.toml,sha256=9NuZqZnlMzwYsrsHmFaCufJDQ_EvyjmFm1F0pV020zA,1948
nldcsc_elastic_rules/rules/_deprecated/persistence_etc_file_creation.toml,sha256=aJuHvXlPf_fsjj4kyttJnRq8-7JJgBiZvnDU182TjCI,13625
nldcsc_elastic_rules/rules/_deprecated/persistence_google_workspace_user_group_access_modified_to_allow_external_access.toml,sha256=YHdUhvXuabDtrsacccM1Js8ZjkslHGFALmVMHwNc56A,3682
nldcsc_elastic_rules/rules/_deprecated/persistence_kernel_module_activity.toml,sha256=NAumTSTdPVKKxNj_eawEiJj1O7NBc1BWsK95DlnIuuo,1570
nldcsc_elastic_rules/rules/_deprecated/persistence_rds_cluster_creation.toml,sha256=qSHGYAesdQea2dCWfeBRM4xHwl-b-POpjWht64aO2no,6748
nldcsc_elastic_rules/rules/_deprecated/persistence_rds_group_creation.toml,sha256=c2M-d7tBZpTZHitlXsObzTNhRlp3WuG2YQ0ojGNOvy0,6138
nldcsc_elastic_rules/rules/_deprecated/persistence_rds_instance_creation.toml,sha256=V3Pf2qnZ4_JVdgIowqXUhcs39hZ5OxWuIhfDagZDdJ0,5917
nldcsc_elastic_rules/rules/_deprecated/persistence_redshift_instance_creation.toml,sha256=F89f3HXUsjlkYCYx56zhlCgjybt78tEe28LKeNHAcoU,6164
nldcsc_elastic_rules/rules/_deprecated/persistence_shell_activity_by_web_server.toml,sha256=1XiZc6_XUztm5qrZuHU01sEh6QAS9TGJ4-SDVR1Vkmo,4985
nldcsc_elastic_rules/rules/_deprecated/privilege_escalation_gcp_kubernetes_rolebindings_created_or_patched.toml,sha256=FPINRz6iSlfk2sHVKA30AmwBavmIuhKHmxFxms6kFh0,1903
nldcsc_elastic_rules/rules/_deprecated/privilege_escalation_krbrelayup_suspicious_logon.toml,sha256=z0OxMwyBUuyP95zI2UFyJTJbPG-DgFxGjLpRP6HWKro,2361
nldcsc_elastic_rules/rules/_deprecated/privilege_escalation_linux_strace_activity.toml,sha256=jFqD1L6vukg2SZmd_9Dl7BOlyvneLEp73MLrn8sPjKQ,1505
nldcsc_elastic_rules/rules/_deprecated/privilege_escalation_linux_uid_int_max_bug.toml,sha256=GhGncqe62MCvlD_he-9coa5ZC7Rk_IPmXMHw9bkTsFc,8113
nldcsc_elastic_rules/rules/_deprecated/privilege_escalation_netcon_via_sudo_binary.toml,sha256=S4Wp681190UbtXAZRfuSVLtZeO9hz2HsdP_rdes23vU,8775
nldcsc_elastic_rules/rules/_deprecated/privilege_escalation_printspooler_malicious_driver_file_changes.toml,sha256=lpOfEQ3OwDo_dF1nPSHEf8PZOfLsszfNrnDDIRoajHs,1608
nldcsc_elastic_rules/rules/_deprecated/privilege_escalation_printspooler_malicious_registry_modification.toml,sha256=AlNF4rCdfNWp4xVMpUYEYHtYq1vGiWwb5-9VqY54qKI,1709
nldcsc_elastic_rules/rules/_deprecated/privilege_escalation_root_login_without_mfa.toml,sha256=6kHzxusnxxfrjOoAVzHg0ar3eiQfLdnoc35nbxqQFjc,5377
nldcsc_elastic_rules/rules/_deprecated/privilege_escalation_setgid_bit_set_via_chmod.toml,sha256=ByHDIGHwpb4ynYkU_6ZBQKW4Sn5nyPB6yLdtmPcojaE,1779
nldcsc_elastic_rules/rules/_deprecated/threat_intel_filebeat7x.toml,sha256=PgkZ1AHtQPmjxdB3aoq29HBkSf9Z3hesx-_1S2ptQas,6963
nldcsc_elastic_rules/rules/_deprecated/threat_intel_filebeat8x.toml,sha256=P2To_aycPXS9uQVquiZWjQpl-XZGY4DUggWiyuwf3qQ,7564
nldcsc_elastic_rules/rules/_deprecated/threat_intel_fleet_integrations.toml,sha256=apK4wtHuBhL5vRGdIiG5rYIVKca4gYicu3yPdEA9HdU,7588
nldcsc_elastic_rules/rules/apm/apm_403_response_to_a_post.toml,sha256=ZIpSHsNs0SlFDVlHmZPQIPMXnPPCeMzrN7-o-a5k5r4,5258
nldcsc_elastic_rules/rules/apm/apm_405_response_method_not_allowed.toml,sha256=2g1rszIMgvs0Zaf0WBQxJbW_yoqr2putP8tDyC7ZJV4,5248
nldcsc_elastic_rules/rules/apm/apm_sqlmap_user_agent.toml,sha256=jmZAnk7gHPZLC8ZxxDhtE3pRhAszY5Oy3_RvgewE5xI,4897
nldcsc_elastic_rules/rules/cross-platform/command_and_control_common_llm_endpoint.toml,sha256=CCyjB5GdrWH5X2S2WypalvFTECuKCFsuK2Q3l4wQL3c,9193
nldcsc_elastic_rules/rules/cross-platform/command_and_control_curl_wget_spawn_via_nodejs_parent.toml,sha256=5gGQcKxS_Jd__KgzdrboUWuAboUpFAhJkH-nOlIzeBA,8533
nldcsc_elastic_rules/rules/cross-platform/command_and_control_genai_process_suspicious_tld_connection.toml,sha256=BJkGwmylXCaOE_IajW-hC_V5XydIpibj2OeSjFvqsy4,6143
nldcsc_elastic_rules/rules/cross-platform/command_and_control_genai_process_unusual_domain.toml,sha256=0HbJnwKiOwSrg1d03_2fw8UbAFZB_Mo635sUqbVQIR0,7166
nldcsc_elastic_rules/rules/cross-platform/command_and_control_google_drive_malicious_file_download.toml,sha256=fO7ABbWRe3Kq56hmNosflTgu9lzSZkdDM_1YxzLuXas,6610
nldcsc_elastic_rules/rules/cross-platform/command_and_control_kubectl_networking_modification.toml,sha256=r_FE38DjCNuwgqFSU30dOVhy1i60MlMVmrxZ20x7Nx8,8686
nldcsc_elastic_rules/rules/cross-platform/command_and_control_pan_elastic_defend_c2.toml,sha256=aWOgkadcvJ8oiy19J5xTHvF_viiAq5hK_664x5fYark,3202
nldcsc_elastic_rules/rules/cross-platform/command_and_control_socks_fortigate_endpoint.toml,sha256=sSQ8Zl9ExQKpxFL_ALPmWr_EaUrbL3HXin7hgvoJH-c,3518
nldcsc_elastic_rules/rules/cross-platform/command_and_control_suricata_elastic_defend_c2.toml,sha256=m96DOWEJoTciQ7aPCmuwz5eoMoMKlCt9b8ZAvvkfI9s,4133
nldcsc_elastic_rules/rules/cross-platform/command_and_control_tunnel_qemu.toml,sha256=Z1GHUTsUdvED2HPytSJhye2R7tzi3S8pKv23bGCur44,4829
nldcsc_elastic_rules/rules/cross-platform/command_and_control_uncommon_dns_request_via_bun_or_nodejs.toml,sha256=kYNqzsbxX5b_GMyO7_kpQvYwoR09_sPxUBiqPR10WMI,6507
nldcsc_elastic_rules/rules/cross-platform/credential_access_cookies_chromium_browsers_debugging.toml,sha256=wo0aI10tqeIBUOhqFjh0pIfjx21t41haiEXlt6BheZ0,6875
nldcsc_elastic_rules/rules/cross-platform/credential_access_forced_authentication_pipes.toml,sha256=IHaB480daLcQF6SdhYVjgnUlD_j1oYeY4WhBg9htTRw,6553
nldcsc_elastic_rules/rules/cross-platform/credential_access_genai_process_sensitive_file_access.toml,sha256=y-BRGxcUF3MGoU45uG-IGJ9P8gze22lYpR_e7lLX_3E,7312
nldcsc_elastic_rules/rules/cross-platform/credential_access_gitleaks_execution.toml,sha256=NPQ8oLQwInRoz2Uu5wM7MDZ23PCRnoCGZy6dF5yZvV0,7367
nldcsc_elastic_rules/rules/cross-platform/credential_access_grep_recursive_credential_discovery.toml,sha256=YCiY0BN7YUGH5uK6-Ftj8ys2XtKSP0sncEjVPPYjM7U,5582
nldcsc_elastic_rules/rules/cross-platform/credential_access_multi_cloud_cli_token_harvesting.toml,sha256=ig9fUsgpNGKQgfL0A6CHrMWQNuLe191GRUrBCpPlReU,7024
nldcsc_elastic_rules/rules/cross-platform/credential_access_multi_could_secrets_via_api.toml,sha256=-Mhgdtoct3L-fCg62SNH65HnSH0IOdexZfSnqSPx3v4,10004
nldcsc_elastic_rules/rules/cross-platform/credential_access_suspicious_instance_metadata_service_api_cli.toml,sha256=voBeeXxmzh0ochwKie5w10Os8cRMW3gRVSXz4c8KrEI,8407
nldcsc_elastic_rules/rules/cross-platform/credential_access_suspicious_instance_metadata_service_api_request.toml,sha256=hT8xHU0yYZ4qmsOmSqFfs5TMnbdmMHdfWsNP7RMwgCk,8863
nldcsc_elastic_rules/rules/cross-platform/credential_access_trufflehog_execution.toml,sha256=tTYEuQ0-6EDv6OGkW3xdwd-d6ye8uajbzJwuIRZ4d94,7353
nldcsc_elastic_rules/rules/cross-platform/defense_evasion_agent_spoofing_multiple_hosts.toml,sha256=SVOT6TSzWrzGmRksFyBM2kuJl59AoxhfLFIxCgpHyGQ,5898
nldcsc_elastic_rules/rules/cross-platform/defense_evasion_data_encrypted_via_openssl.toml,sha256=AFlm1h544HMOhRS363gso7rL_oG9AmXtTTQVzmpnbHE,7004
nldcsc_elastic_rules/rules/cross-platform/defense_evasion_deleting_websvr_access_logs.toml,sha256=8Wi7CAR7gPQQcLwZUfPtbVg4Q4Px2DrwvQTXfgtp4s8,5866
nldcsc_elastic_rules/rules/cross-platform/defense_evasion_deletion_of_bash_command_line_history.toml,sha256=De4DUjB7zTVkWe5h4cYK07CS6aToewInfpocrv-VGMc,7277
nldcsc_elastic_rules/rules/cross-platform/defense_evasion_elastic_agent_service_terminated.toml,sha256=J7taEqnfwlCloFVvnQA18UW1d0XRT4_19c9cNEOeqoo,8095
nldcsc_elastic_rules/rules/cross-platform/defense_evasion_encoding_rot13_python_script.toml,sha256=ZCaQIe93HwSuFJdxYzM7yzvGrCw-mq5sJYX-Lj6PcLc,6367
nldcsc_elastic_rules/rules/cross-platform/defense_evasion_genai_config_modification.toml,sha256=uEyvDPnxyu0F2UhvZS7Pt_LkWbJyp-m7BryAM9z0Qus,6637
nldcsc_elastic_rules/rules/cross-platform/defense_evasion_genai_process_compiling_executables.toml,sha256=kFDrJp2SfDPwTg4rKDkC6K_OOjF3clRRDJN-t5HOCRM,6789
nldcsc_elastic_rules/rules/cross-platform/defense_evasion_genai_process_encoding_prior_to_network_activity.toml,sha256=wfO0kUK8J-2Kv9Lpr3BH-2iZwXsZ24c_TcZGaNBh6kQ,8224
nldcsc_elastic_rules/rules/cross-platform/defense_evasion_long_base64_encoded_interpreter_command_line.toml,sha256=5bdLvyJY4sJh3DSLS7VemyvoS-g7Knk-NEnCwXWVi64,5909
nldcsc_elastic_rules/rules/cross-platform/defense_evasion_masquerading_space_after_filename.toml,sha256=4fqv38mtk0GER1JNqEHwxTpoV3kD7OOmQDTlSvSJGzw,6993
nldcsc_elastic_rules/rules/cross-platform/defense_evasion_missing_events_after_alert.toml,sha256=59JIs2qtvKoLsjsbQIeeKqGK2Ihr2aULXAN1vRauT5A,4065
nldcsc_elastic_rules/rules/cross-platform/defense_evasion_potential_http_downgrade_attack.toml,sha256=2gIFddg1wIsXwkFbjRMziwA6GpuD0mJf7upxFI-dBHQ,5785
nldcsc_elastic_rules/rules/cross-platform/defense_evasion_potential_kubectl_impersonation.toml,sha256=R_6RjkUvXflYawfUD3S-L_WiVHRR7Lbf7HmsvvlxKlQ,10303
nldcsc_elastic_rules/rules/cross-platform/defense_evasion_potential_kubectl_masquerading.toml,sha256=dLBh2gpIlaUaTZb7b40SKsv_E8fvEBNAXSQRnEBRuPA,10620
nldcsc_elastic_rules/rules/cross-platform/defense_evasion_processes_with_trailing_spaces.toml,sha256=F9yoWyZ4WkYWK3LpUlzcPeuVurt1zkJp-Dus2S9ph2Y,5556
nldcsc_elastic_rules/rules/cross-platform/defense_evasion_timestomp_touch.toml,sha256=bGrH6kwXC0lrRh-ciWAxTWgc_iu9QDnwqvGnLGFFo9U,8128
nldcsc_elastic_rules/rules/cross-platform/defense_evasion_whitespace_padding_command_line.toml,sha256=GkGoUYHXsuaMC5hAe0nrRY2CSsJ9P44eQV06EHjrm00,5841
nldcsc_elastic_rules/rules/cross-platform/discovery_kubectl_permission_discovery.toml,sha256=__-aAN9yUT0thn5cj20hVPhs-7xhormKaZmtN3tfd8s,8233
nldcsc_elastic_rules/rules/cross-platform/discovery_kubectl_secrets_all_namespaces.toml,sha256=EuDfCgNMmyYdV_imuX_cNkH14TDTibCjNT6-1k1kHMY,8223
nldcsc_elastic_rules/rules/cross-platform/discovery_security_software_grep.toml,sha256=nq6x0zUvg2hJJzuV1u9YQDc6TNvS-uWAzOjpztXOIeU,6373
nldcsc_elastic_rules/rules/cross-platform/discovery_virtual_machine_fingerprinting_grep.toml,sha256=b0YO0wh5V2h5zeCCC1Omt329ll9L_1q9CzLXjQ0wAxQ,6643
nldcsc_elastic_rules/rules/cross-platform/discovery_web_server_local_file_inclusion_activity.toml,sha256=AsVv7FnW0YZxNwH9RLwjqDnaipmmAb-o6VNOT0GwXUQ,11568
nldcsc_elastic_rules/rules/cross-platform/discovery_web_server_remote_file_inclusion_activity.toml,sha256=Qq_uJx9duL9fLgLpfF-wTQ-nVxQbQ1c-YhZNS2efQ1Y,8020
nldcsc_elastic_rules/rules/cross-platform/execution_aws_ec2_lolbin_via_ssm.toml,sha256=py6wxOU9ZC1x5XS_woHU-v24g3vgfLbieUYUBHP2was,12409
nldcsc_elastic_rules/rules/cross-platform/execution_aws_ssm_sendcommand_with_command_parameters.toml,sha256=iYKEqcUgBDg9Q7Oo2wdHTj1ttSDUjy5UMYNlxXDw8ME,9834
nldcsc_elastic_rules/rules/cross-platform/execution_aws_ssm_session_manager_child_process.toml,sha256=H_-T0Ill_kQvFeLGe2owXEtVd2ucZxpvHxADc2Gj-Fk,6437
nldcsc_elastic_rules/rules/cross-platform/execution_azure_run_command_script_child_process.toml,sha256=-3K9vuIc76EjhZYZF0yxWiEKnshW6_hQOjhokDas93w,4147
nldcsc_elastic_rules/rules/cross-platform/execution_azure_vm_run_command_powershell_unrestricted_script.toml,sha256=kmSTCMN2gW95_xuhnTicSCDgddIGO0TBRgYbJ4WUXK8,5893
nldcsc_elastic_rules/rules/cross-platform/execution_d4c_k8s_mda_direct_interactive_kubernetes_api_request_by_usual_utilities.toml,sha256=3o8gstJR-L3JR20XH55kmaGKh86ThwfGtFJ4vGU5uxg,8492
nldcsc_elastic_rules/rules/cross-platform/execution_d4c_k8s_mda_forbidden_direct_interactive_kubernetes_api_request.toml,sha256=SwIm9SB11N0UFFYAhbZe2jrJqas6BNSgCvA4wtgJUrw,9199
nldcsc_elastic_rules/rules/cross-platform/execution_d4c_k8s_mda_kubernetes_api_activity_by_unusual_utilities.toml,sha256=Oia7NMzfF0fc0oS9SEol5obwsutsu8S3ZOhG-ceH17E,10410
nldcsc_elastic_rules/rules/cross-platform/execution_d4c_k8s_mda_service_account_token_access_followed_by_kubernetes_api_request.toml,sha256=kHZgVcfL_p6iHMR0N4h_lnHWUXtvFKcUi85joNIqh0k,8395
nldcsc_elastic_rules/rules/cross-platform/execution_git_exploit_cve_2025_48384.toml,sha256=q71hZzIqWKCuK0QdK5ZqXcnbDHfLOraJ_p2J2KW8Q4o,7200
nldcsc_elastic_rules/rules/cross-platform/execution_kubernetes_direct_api_request_via_curl_or_wget.toml,sha256=1jgyz72XWXw3EtgaHz7LcVV2-n2yauQWhfJGp3Bfi0Q,10225
nldcsc_elastic_rules/rules/cross-platform/execution_nodejs_pre_or_post_install_script_execution.toml,sha256=OvTso0f0O8wNbE1oFoen_oQ-I7UMGtMrvdrdphyayv0,5864
nldcsc_elastic_rules/rules/cross-platform/execution_openclaw_agent_child_process.toml,sha256=k_dlfSBndEUgFU612_1jpFMxf-CGWd5_ELc6U7Z7aBg,6205
nldcsc_elastic_rules/rules/cross-platform/execution_pentest_eggshell_remote_admin_tool.toml,sha256=KSq5EvYOMSK02w7hbL3v6LJf7xaYTYRXtcY9ZQrJsGo,5202
nldcsc_elastic_rules/rules/cross-platform/execution_potential_widespread_malware_infection.toml,sha256=oi_7e1y0axyH7TUHobRHu4Xnfr-n4yuyM_dxx98vOqE,6100
nldcsc_elastic_rules/rules/cross-platform/execution_privileged_container_creation_with_host_reference.toml,sha256=k67Kv7QJc0lAZ7I6uKGIOn0u8qTe3Y1b_Yi70wjU4ro,9264
nldcsc_elastic_rules/rules/cross-platform/execution_register_github_actions_runner.toml,sha256=lHDCgd7gZa2KU8NUFR5urSz-mkLlmooqK3gavKsdjls,4950
nldcsc_elastic_rules/rules/cross-platform/execution_revershell_via_shell_cmd.toml,sha256=YjXwIctk_ccFZElwYzHrzTNs9tdHbqGADJpli_G0RsI,5350
nldcsc_elastic_rules/rules/cross-platform/execution_sap_netweaver_jsp_webshell.toml,sha256=QimJtaWk7lhSUzDK-EH2OxLDz8Sp4ElZvzhb_e593IQ,4329
nldcsc_elastic_rules/rules/cross-platform/execution_sap_netweaver_webshell_exec.toml,sha256=DoxGudZI7-8_Fov9TBc_PGtXkqCBtnwrj_UuPZ_EHt0,5617
nldcsc_elastic_rules/rules/cross-platform/execution_suspicious_java_netcon_childproc.toml,sha256=4hFTs0A7vzXhSMpp6JufvvtKJizsWVBYhWToTONpqCc,7607
nldcsc_elastic_rules/rules/cross-platform/execution_suspicious_python_command_execution.toml,sha256=AWKVS2E5j2lQvhwfpb0lzUKJ9HypsECJdyk7883fEOI,8034
nldcsc_elastic_rules/rules/cross-platform/execution_via_github_actions_runner.toml,sha256=2Ddrgwc-Up4gzXl1rFy1GNMjEcJH3lEiLst0fVR0HWk,10593
nldcsc_elastic_rules/rules/cross-platform/execution_via_github_runner_with_runner_tracking_id_tampering_via_env_vars.toml,sha256=qBL20aXAloUb4p3f9o1PdPyoOG_8O5oM_1ZFq94_byE,10259
nldcsc_elastic_rules/rules/cross-platform/exfiltration_potential_curl_data_exfiltration.toml,sha256=feNKaOrfdc9F8D3CdSdfPeGTdUk9TQtKJsggwT0DxUY,10233
nldcsc_elastic_rules/rules/cross-platform/guided_onboarding_sample_rule.toml,sha256=p1GJtIMLs7uK8ueRMlMk5OP-sjUstczOGzDeo-nXdpU,4364
nldcsc_elastic_rules/rules/cross-platform/impact_alert_from_a_process_with_cpu_spike.toml,sha256=ng0oo3xzNtfl18ORZOHnbIdaksiGnm6vhDQMbO_C0DM,6738
nldcsc_elastic_rules/rules/cross-platform/impact_alerts_on_host_with_cpu_spike.toml,sha256=L0WrE7ikdEPcg5T2tSxZf-FfBlEKEgCjRNSE8ZKqPPg,6511
nldcsc_elastic_rules/rules/cross-platform/impact_hosts_file_modified.toml,sha256=8xy0zjoIViN181WV8r50mVgWQx61MpdUjdFPt5PCq0k,7990
nldcsc_elastic_rules/rules/cross-platform/impact_newly_observed_process_with_high_cpu.toml,sha256=nbySkMW6xnEvG9Ra8NrmNyjDxI_81mBfBpShADoaEHk,6120
nldcsc_elastic_rules/rules/cross-platform/initial_access_azure_o365_with_network_alert.toml,sha256=BUEvaOERar9QgrOBY4LCTJ-rYWmkxJ9MhrHe6GRZJ0Y,6790
nldcsc_elastic_rules/rules/cross-platform/initial_access_elastic_defend_alert_genai_utility_descendant.toml,sha256=UUENe1JrdcnKJ3SY9O0ldpJcukz-dyXiu8MJHdyB_9o,5528
nldcsc_elastic_rules/rules/cross-platform/initial_access_elastic_defend_alert_package_manager_ancestor.toml,sha256=si3dtP88nKqqtTus7wrr5P9ma9q-3FGbzQKMkMvwv9E,5769
nldcsc_elastic_rules/rules/cross-platform/initial_access_execution_susp_react_serv_child.toml,sha256=TwfVY-cHWzNVx6P-cpc3Dk_r0ennmITJ7DPX0lapT58,10645
nldcsc_elastic_rules/rules/cross-platform/initial_access_exfiltration_new_usb_device_mounted.toml,sha256=pDpUcoB-Twuqi5PdWXuS5NU7fqPnAWnUpKIJ-qwWaH4,6395
nldcsc_elastic_rules/rules/cross-platform/initial_access_file_upload_followed_by_get_request.toml,sha256=k_bcRIKWdp7-BZFR9LdG-RKaA9iFr4d6yUlbwUxQTho,9168
nldcsc_elastic_rules/rules/cross-platform/initial_access_fortigate_ssl_vpn_login_followed_by_siem_alert.toml,sha256=NLfPi6QLeFPetZ12eL2KDvvRDDt7z4cwQwMi3O6LzJU,3209
nldcsc_elastic_rules/rules/cross-platform/initial_access_ollama_api_external_access.toml,sha256=DVvTm4caDbMMAWVkT20gnkoOXc3i9uL5jn2PEChocx8,3656
nldcsc_elastic_rules/rules/cross-platform/initial_access_zoom_meeting_with_no_passcode.toml,sha256=XggllsAQMMxql-j5I92rfE9HtWl4HlFTs5AKbI0U0kI,6029
nldcsc_elastic_rules/rules/cross-platform/lateral_movement_multi_alerts_new_srcip.toml,sha256=zU4YTDc1gqCLJo_xJQmmPkYE9Dihdh2skt3N1g2PS14,5123
nldcsc_elastic_rules/rules/cross-platform/lateral_movement_multi_alerts_new_userid.toml,sha256=TbE0C4ciAfbSRLOvFC1pIBJMbH494kwxZ8kewcWQ3Lg,4391
nldcsc_elastic_rules/rules/cross-platform/multiple_alerts_by_host_ip_and_source_ip.toml,sha256=H1RCi6kSmmKAgkh4A-9_UH4Mv_ugTetTFIWajD3Iw_o,6378
nldcsc_elastic_rules/rules/cross-platform/multiple_alerts_different_tactics_host.toml,sha256=YLMtF4Cn35gxcDuWZwXylLQ0a9qvAr2bkdKXFVqotQA,4899
nldcsc_elastic_rules/rules/cross-platform/multiple_alerts_edr_elastic_defend_by_host.toml,sha256=st7y6zZTVom0_tbTjVFe6RCYc8Vw9DTuUWVfwAHkzuI,6452
nldcsc_elastic_rules/rules/cross-platform/multiple_alerts_edr_elastic_same_process_tree.toml,sha256=Xxc3Uib6dFHdjzDtPmTvbQ_hw70wFmCXtAxD4Hbw1AE,6086
nldcsc_elastic_rules/rules/cross-platform/multiple_alerts_elastic_defend_netsecurity_by_host.toml,sha256=-AwCunV1kdFigGHU4HrdAwG5-sTc18QlbZ8cccSX0As,7576
nldcsc_elastic_rules/rules/cross-platform/multiple_alerts_email_elastic_defend_correlation.toml,sha256=hMSCy2YaDUOaPDPJF8Jx7U56fA9dgDI3qx5hVP4oUvU,4357
nldcsc_elastic_rules/rules/cross-platform/multiple_alerts_from_different_modules_by_dstip.toml,sha256=g1ZXbL3FMYMFbEOR3FhpvdDnhpkjS7VtA7rOsm-at24,5978
nldcsc_elastic_rules/rules/cross-platform/multiple_alerts_from_different_modules_by_srcip.toml,sha256=fF5HCLsDBJnXP-VOW8YkL-ZN3ACZi_SnCY5zgLfhwmc,5893
nldcsc_elastic_rules/rules/cross-platform/multiple_alerts_from_different_modules_by_user.toml,sha256=KxWshFpT9S65iBjtEI4f8oe-Rmf3DpuxWK9lZCIshfs,6748
nldcsc_elastic_rules/rules/cross-platform/multiple_alerts_involving_user.toml,sha256=B7TTQQha0y1zlehzZ8xoN9UBawb2vnFlOKkufK6BVpU,6521
nldcsc_elastic_rules/rules/cross-platform/multiple_alerts_llm_attack_chain_triage_by_host.toml,sha256=Vk2BA8peNKKWo5V5xhDXMRIdrHnM9URS8tLNCzk1xW4,10142
nldcsc_elastic_rules/rules/cross-platform/multiple_alerts_llm_by_user_entity.toml,sha256=aRhs5KbD52i0Qwdb7KLv-dtZ4GnMA2EBQQcUcpC_tJ4,7034
nldcsc_elastic_rules/rules/cross-platform/multiple_alerts_llm_compromised_user_triage.toml,sha256=VbMxgxgQ2jI7092qAhy5gxCP9ETovMgWPEfU3h6ysXw,9937
nldcsc_elastic_rules/rules/cross-platform/multiple_alerts_risky_host_esql.toml,sha256=kImJRQhepfDXQPWucL4OmhtdZUkPPOYKnE-kFRm6-4Y,7148
nldcsc_elastic_rules/rules/cross-platform/multiple_alerts_same_tactic_by_host.toml,sha256=IAxWOaGfjDCxfMWk_E_R4lEC0_XyabtI9uKzUhDE-PM,6661
nldcsc_elastic_rules/rules/cross-platform/multiple_elastic_defend_behavior_rules_same_host_prevalence.toml,sha256=liG45DXuiDCGkJeul-wjPNjvphsXDw-NIWKn6KAyhDE,4860
nldcsc_elastic_rules/rules/cross-platform/multiple_external_edr_alerts_by_host.toml,sha256=B67h9RoXz5t_d4ELr_O99PoWWRYPRoo3jsC0GpMeWjA,6796
nldcsc_elastic_rules/rules/cross-platform/multiple_machine_learning_jobs_by_entity.toml,sha256=Lq1XD6rHIiTp97UE2DFmPPPsZTTOQpQBm_H1m_tXFu4,5409
nldcsc_elastic_rules/rules/cross-platform/multiple_vulnerabilities_wiz_by_container.toml,sha256=F2id3uMv47oBI5gQnfksT91HbagRggIDbKjs_rJhx88,5030
nldcsc_elastic_rules/rules/cross-platform/newly_observed_elastic_defend_alert.toml,sha256=68sekizJQ8awiD7-dppr3u9tR4SUiQok7si0pjLvzdI,5114
nldcsc_elastic_rules/rules/cross-platform/newly_observed_elastic_detection_rule.toml,sha256=WAPiu7GFcQC_IeDCzJ2SxlDuy2mvrm6sNlra5-F44tI,4688
nldcsc_elastic_rules/rules/cross-platform/newly_observed_fortigate_alert.toml,sha256=Seay10XExqKDj1RadkB6vKbvAHj9VxfMaIMlPhrM7dM,4167
nldcsc_elastic_rules/rules/cross-platform/newly_observed_panos_alert.toml,sha256=6VQxAHS5M4nMtcFzGRc7EsCJ3ploUUvKHtHZqZgW6vk,3711
nldcsc_elastic_rules/rules/cross-platform/newly_observed_suricata_alert.toml,sha256=H1frY0PejGIxsADaSShjoE3cHKGGupZLPf8cPx1SG20,3747
nldcsc_elastic_rules/rules/cross-platform/persistence_shell_profile_modification.toml,sha256=uuE36YDPmpzwIJJNK_SpWik8iyVW2uEZhpng03HqRxM,6274
nldcsc_elastic_rules/rules/cross-platform/persistence_ssh_authorized_keys_modification.toml,sha256=FJhP1g6eo2-jIGFJ0Zc-JzAAAKnUjMRe4w-2l37A6dM,6945
nldcsc_elastic_rules/rules/cross-platform/persistence_web_server_potential_command_injection.toml,sha256=pKQ0LoKEqyvjvSmwGG1_rdxcebeMnX0TOOXHU34ET0c,15152
nldcsc_elastic_rules/rules/cross-platform/privilege_escalation_echo_nopasswd_sudoers.toml,sha256=l621B13BoUyxdsfPptRYzlt-IgF4Cc-bSkVVp784zAQ,6243
nldcsc_elastic_rules/rules/cross-platform/privilege_escalation_setuid_setgid_bit_set_via_chmod.toml,sha256=oGx2rpzOQ73GE_eH3p6y-6glWHKmrwhzAyW0GENYgqE,7227
nldcsc_elastic_rules/rules/cross-platform/privilege_escalation_sudo_buffer_overflow.toml,sha256=8E0VVPijH1PPSEw58VpvUFkDD5KqD8Am2tdwat13Hck,6606
nldcsc_elastic_rules/rules/cross-platform/privilege_escalation_sudoers_file_mod.toml,sha256=XeggWnPIGsG28Wm2cF9DgMuhM75yblP4w4R6OGvRm84,6476
nldcsc_elastic_rules/rules/cross-platform/privilege_escalation_trap_execution.toml,sha256=u2hccCDDPhCx35bQBQxtSGS379vi6kDd-KCLnbdAhZA,5875
nldcsc_elastic_rules/rules/cross-platform/reconnaissance_web_server_discovery_or_fuzzing_activity.toml,sha256=DcmcruQNJ1I7z-jdZ5m-TKZ5qpdnJrwjWs1QAXM4GRk,6812
nldcsc_elastic_rules/rules/cross-platform/reconnaissance_web_server_unusual_spike_in_error_logs.toml,sha256=nZwRbzKU4I0C90xsfJ8CmUavo_QOMQ9Mp8vwxzngVaM,6339
nldcsc_elastic_rules/rules/cross-platform/reconnaissance_web_server_unusual_spike_in_error_response_codes.toml,sha256=VaLX5bsp9Gn6Jt3K9Cj69z68bTxNsGfylAuGkObmR8s,6958
nldcsc_elastic_rules/rules/cross-platform/reconnaissance_web_server_unusual_user_agents.toml,sha256=lIrK-hi6qPS7_dxShECvVHOs3_qe7I7M-bJq9OCAGPY,9369
nldcsc_elastic_rules/rules/integrations/aws/NOTICE.txt,sha256=J_TLlzy-3FynutCsreov6dyNdxzN0cayBHv4dv9HzbU,1307
nldcsc_elastic_rules/rules/integrations/aws/collection_cloudtrail_logging_created.toml,sha256=j_wLY65KiHsCuxH0dZzwaRT8QV0TqYjZ4Zz7i7sWFzw,5446
nldcsc_elastic_rules/rules/integrations/aws/collection_s3_unauthenticated_bucket_access_by_rare_source.toml,sha256=ivikeNaXaQF8rUH0OXZXDJ32qMULpDgqvowVid3k-zw,7865
nldcsc_elastic_rules/rules/integrations/aws/credential_access_aws_getpassword_for_ec2_instance.toml,sha256=tS2qv8pOMxDGjFgVbmlKfR4Os7YWndLjpSYeMcpmDeA,6419
nldcsc_elastic_rules/rules/integrations/aws/credential_access_credentials_in_s3_bucket.toml,sha256=wD3EgdmXer1C430N0RYfoEfIdzroUidf-keOvuBLcmo,6114
nldcsc_elastic_rules/rules/integrations/aws/credential_access_iam_compromisedkeyquarantine_policy_attached_to_user.toml,sha256=YS0EWGdbq8QikcirJdgqN040uhB_qdrXOt5ubpjVDRU,5293
nldcsc_elastic_rules/rules/integrations/aws/credential_access_iam_long_term_access_key_correlated_with_elevated_detection_alerts.toml,sha256=CmWTGrks2_Jo6rS0cHtIHU0WhrJ-7HfbyOlBgpxkJrg,7329
nldcsc_elastic_rules/rules/integrations/aws/credential_access_iam_long_term_access_key_first_seen_from_source_ip.toml,sha256=EPeLx5N6Rc3ph6QQYqhcMRJ0U9673ET5YoDSqlpWqFE,5495
nldcsc_elastic_rules/rules/integrations/aws/credential_access_iam_user_addition_to_group.toml,sha256=b8lRv0QrBJFSc4cPEwoFpSNiK2VxvIQXcCRtGQW9si0,5934
nldcsc_elastic_rules/rules/integrations/aws/credential_access_new_terms_secretsmanager_getsecretvalue.toml,sha256=wfXpKJP-BqF7HxBQxeQPjnPfHwu_3hUSOcakbUq3_iM,7733
nldcsc_elastic_rules/rules/integrations/aws/credential_access_rapid_secret_retrieval_attempts_from_secretsmanager.toml,sha256=0xha3CXAvaHabsBL71h9mFnNwUBU2El740AM7Hktlys,7265
nldcsc_elastic_rules/rules/integrations/aws/credential_access_retrieve_secure_string_parameters_via_ssm.toml,sha256=fuZsXN7_dImMkMfYrieVDe2es--u-OurXEecKyDZrwM,7595
nldcsc_elastic_rules/rules/integrations/aws/credential_access_root_console_failure_brute_force.toml,sha256=7HmaupMyDs4KIJLNdcLlrpwp_4-qrzKjkPD0OGhI9tQ,8130
nldcsc_elastic_rules/rules/integrations/aws/defense_evasion_bedrock_automated_reasoning_safety_policy_tampering.toml,sha256=GwR-7B9oE9lbJvS812IkwYVMdf16xjUF_goiykgHe-c,6125
nldcsc_elastic_rules/rules/integrations/aws/defense_evasion_bedrock_guardrail_deleted_or_weakened.toml,sha256=MilEdfeASZULJsTM92ZVBHYZ2U1BQUQCyj6EcoWWrPo,5456
nldcsc_elastic_rules/rules/integrations/aws/defense_evasion_bedrock_model_invocation_logging_disabled_or_modified.toml,sha256=em1_qvIijXHZ56fCeOGAn8AU2e7crFsWbzSok7AwsGk,6173
nldcsc_elastic_rules/rules/integrations/aws/defense_evasion_cloudtrail_logging_deleted.toml,sha256=d0cn56m_aEtkqnfxZtawpNX24FlPXYl7cCXltp5OvrE,4829
nldcsc_elastic_rules/rules/integrations/aws/defense_evasion_cloudtrail_logging_evasion.toml,sha256=WLit7CU1UizxIRcIMxxkTIeDj1g1DXzf28tc5Tx5BlE,7459
nldcsc_elastic_rules/rules/integrations/aws/defense_evasion_cloudtrail_logging_suspended.toml,sha256=75yAnqmTFFvInXI8MRWbYgv2yiuXGxA89PCSTGCUCgw,4772
nldcsc_elastic_rules/rules/integrations/aws/defense_evasion_cloudwatch_alarm_deletion.toml,sha256=SjxDY1nhVvBSNTEhi5hgdWcXrj7TTTleKnnN_DxSl8Q,8373
nldcsc_elastic_rules/rules/integrations/aws/defense_evasion_config_service_rule_deletion.toml,sha256=tDeBPsRvfmIDKwbkZ3PFOvhHDPqvEn222n1d38xhwOo,7672
nldcsc_elastic_rules/rules/integrations/aws/defense_evasion_configuration_recorder_stopped.toml,sha256=rouwDL2w3iRuYUXnU9z1UIQ9rRYHNjxPivDkxZlygCY,6592
nldcsc_elastic_rules/rules/integrations/aws/defense_evasion_ec2_flow_log_deletion.toml,sha256=P-LLl0NdyvwLolPzfKeJDFp077vqN2m2FSYhtF3NEmE,6279
nldcsc_elastic_rules/rules/integrations/aws/defense_evasion_ec2_network_acl_deletion.toml,sha256=geqvNgy-0-yMcihY8AAkVbReg7JZgwE1NSXKZNvVlVY,6539
nldcsc_elastic_rules/rules/integrations/aws/defense_evasion_ec2_serial_console_access_enabled.toml,sha256=1BWYbGlCi8NfK9BWh5ZIC-iTFWOdNZXCqbRuVZ9ghDA,7236
nldcsc_elastic_rules/rules/integrations/aws/defense_evasion_eks_control_plane_logging_disabled.toml,sha256=J9szyHhYLhlqo-57SWx6sKQ2B088vD4Yflis-z1ROd8,3644
nldcsc_elastic_rules/rules/integrations/aws/defense_evasion_guardduty_detector_deletion.toml,sha256=9_gD06UG_dSTbHyID4mY4PTIzEpOUT5AVm52CbkrB14,7011
nldcsc_elastic_rules/rules/integrations/aws/defense_evasion_guardduty_member_manipulation.toml,sha256=AJznoiaQygFU1e4NiLl8tw4pGXWMixFXsbPzof03Koc,7530
nldcsc_elastic_rules/rules/integrations/aws/defense_evasion_rds_instance_restored.toml,sha256=AHNgveBT4_QWXdwekRTj-2G5HjwcOzkxx4g7RyzDVTQ,9413
nldcsc_elastic_rules/rules/integrations/aws/defense_evasion_route53_dns_query_resolver_config_deletion.toml,sha256=tdV06e18f9xMBjvWuN-5RxLLU3f8QmU2bWh0DMsGKT4,7331
nldcsc_elastic_rules/rules/integrations/aws/defense_evasion_s3_bucket_configuration_deletion.toml,sha256=6DhOiPSOG6D0gDfxnkQjqRdWwPVt8x_GfMO-Q-M6y6I,9126
nldcsc_elastic_rules/rules/integrations/aws/defense_evasion_s3_bucket_lifecycle_expiration_added.toml,sha256=-W_y6OJ4M1YpWRQbV9NNEJvSmbEhcPdIC5kArYuqdwI,9125
nldcsc_elastic_rules/rules/integrations/aws/defense_evasion_s3_bucket_server_access_logging_disabled.toml,sha256=d6lg2e_SP7TkhAOMyXIXWWjXpmG-8tX5aDVZLLzg81g,7372
nldcsc_elastic_rules/rules/integrations/aws/defense_evasion_sqs_purge_queue.toml,sha256=QNS4mCDvwijLIoMd71S0ZTllQL-yjbz2OW9NKVQ1YFw,6209
nldcsc_elastic_rules/rules/integrations/aws/defense_evasion_sts_get_federation_token.toml,sha256=eV7Hr8McC38lH7J04x8VMD5sGIaCwcZnxUAe6B7oVxs,7030
nldcsc_elastic_rules/rules/integrations/aws/defense_evasion_vpc_security_group_ingress_rule_added_for_remote_connections.toml,sha256=gHzcjsS9O9k14iIYGy6kCvmtlnGkTviQ5dKw-kA__H0,6750
nldcsc_elastic_rules/rules/integrations/aws/defense_evasion_waf_acl_deletion.toml,sha256=3BPT8BJAlb-fPnO6gwiNdANv34iv08GLb0naY9ZMX_w,8592
nldcsc_elastic_rules/rules/integrations/aws/defense_evasion_waf_rule_or_rule_group_deletion.toml,sha256=V2ztYdPjr-lImcjaSSCSAc7GqyIQgeB_-uG-1pvA1s0,7779
nldcsc_elastic_rules/rules/integrations/aws/discovery_bedrock_model_recon_and_invocation_via_long_term_key.toml,sha256=ggZiabj5rFIAnpGYiQdxy_OtmUL8l0-5hUuyWbDtPx8,6422
nldcsc_elastic_rules/rules/integrations/aws/discovery_ec2_deprecated_ami_discovery.toml,sha256=Dk2HNuspzCD_Uv2EtjAdG6JMTnGUimP2CcsoLV7L_L0,6078
nldcsc_elastic_rules/rules/integrations/aws/discovery_ec2_userdata_request_for_ec2_instance.toml,sha256=qaSWa1zolFE4WO4x7fq55YVzZ9JXGS9Arj9lqiOafuo,7137
nldcsc_elastic_rules/rules/integrations/aws/discovery_iam_principal_enumeration_via_update_assume_role_policy.toml,sha256=KFHKrajg8AtM7o8xauYfdBmgjrJDqA64s2hNwKgtnow,8328
nldcsc_elastic_rules/rules/integrations/aws/discovery_multiple_discovery_api_calls_via_cli.toml,sha256=6Q4dfuUyYSvGPHWtlUuLKebJe9Mne0OMvRlhIfMnwzQ,12796
nldcsc_elastic_rules/rules/integrations/aws/discovery_new_terms_sts_getcalleridentity.toml,sha256=b7yIHFHjTftXtJ2758SzQxksBVeEmryJixS6mgbRO8k,7286
nldcsc_elastic_rules/rules/integrations/aws/discovery_new_terms_sts_getcalleridentity_ec2_role_new_source_as.toml,sha256=uBy8sL76NxZJ0WlJ8wKGN9eugTj-g5YYiqVJx4eCBYU,5514
nldcsc_elastic_rules/rules/integrations/aws/discovery_new_terms_vpn_asn_discovery_api_calls.toml,sha256=j3Nw2KarzT5c4345_JZ0CgN0OkokDgeINIUmYazstdo,9076
nldcsc_elastic_rules/rules/integrations/aws/discovery_organization_discovery_by_rare_user.toml,sha256=GiHxaXbppNWdLQYB1JwNsgLlgbCTWeXVZymkuV_0B6I,5639
nldcsc_elastic_rules/rules/integrations/aws/discovery_s3_rapid_bucket_posture_api_calls.toml,sha256=YafQAKJvWzh5_jeSOx7-ZpByLlZ6Cm8C71KW1seXTDY,10454
nldcsc_elastic_rules/rules/integrations/aws/discovery_servicequotas_multi_region_service_quota_requests.toml,sha256=sLo_OovZJGHq5y5ICOifjj5YM3tMNE0fLBaMpqodVck,9462
nldcsc_elastic_rules/rules/integrations/aws/discovery_ssm_inventory_reconnaissance.toml,sha256=qAn1dKDyD2-xnMNnPDU_Ran6a7y8mRRDZ1ySstVt6TI,7107
nldcsc_elastic_rules/rules/integrations/aws/execution_cloudshell_environment_created.toml,sha256=hboodL4vmLQIptNAA3dT_xEsQJz6rElsKmbs_wVHRpQ,6438
nldcsc_elastic_rules/rules/integrations/aws/execution_ec2_stop_start_with_user_data_modification.toml,sha256=vJRu3R645_DWOgVkDa1xqgvt-RU1mgYbaEa4u65e7WU,7670
nldcsc_elastic_rules/rules/integrations/aws/execution_lambda_external_layer_added_to_function.toml,sha256=efomy-ZHuOFpBJWEqqle5wQRaNbFTEUXRmEgljSg9PI,6685
nldcsc_elastic_rules/rules/integrations/aws/execution_lambda_layer_shared_externally.toml,sha256=dCX3AWttmruEUnaUBsBNrYxPM-0Kqp7Lbuk10CuCwy0,5809
nldcsc_elastic_rules/rules/integrations/aws/execution_new_terms_cloudformation_createstack.toml,sha256=fzJn6DKaO3BYHC1k02A0U-ST0niph_U5B5e25wcRChI,6438
nldcsc_elastic_rules/rules/integrations/aws/execution_ssm_command_document_created_by_rare_user.toml,sha256=6FD7MM2gm7OhDnsA-6Hjv2zO39An0qOlOAlXVN5Nh-g,6218
nldcsc_elastic_rules/rules/integrations/aws/execution_ssm_sendcommand_by_rare_user.toml,sha256=jOmxL0_rhf0Ylh_mUz0izxrpnFWysyNUFNJqhs94CP8,7467
nldcsc_elastic_rules/rules/integrations/aws/exfiltration_bedrock_high_frequency_inference_api_probing.toml,sha256=0Y2gCjEpClSy3PMYkPG1NVb_Sp30NN7E_s_NkNQtt8o,7551
nldcsc_elastic_rules/rules/integrations/aws/exfiltration_dynamodb_scan_by_unusual_user.toml,sha256=QSwcWS02y3mmOHAbzDR8s1hpk23d0M81R_QRto2U90s,6712
nldcsc_elastic_rules/rules/integrations/aws/exfiltration_dynamodb_table_exported_to_s3.toml,sha256=d8ZdRsV6TFBPEcD1gffiCHx8VNtGpViyhIRIAvir5Dc,6397
nldcsc_elastic_rules/rules/integrations/aws/exfiltration_ec2_ami_shared_with_separate_account.toml,sha256=Ene8Q-ARv5wvtFmbCbFRmk4EFKjkpHREihkMBMmyE7E,6554
nldcsc_elastic_rules/rules/integrations/aws/exfiltration_ec2_ebs_snapshot_shared_with_another_account.toml,sha256=wlp-4vcbSWlfChoApLvY6X5-PWa4rod5eSxglyxRHvI,8877
nldcsc_elastic_rules/rules/integrations/aws/exfiltration_ec2_export_task.toml,sha256=isARDP538JnkP1OzcktJdrwaOEWH-P1BGwtbcnrW3nQ,7167
nldcsc_elastic_rules/rules/integrations/aws/exfiltration_ec2_full_network_packet_capture_detected.toml,sha256=cbBAOti6CuUGp5f_gTF7qDJ9eideF0w3lto5Fi1asow,8330
nldcsc_elastic_rules/rules/integrations/aws/exfiltration_rds_snapshot_export.toml,sha256=9hSGeXxic_k2wynFIwMVmo7LZLtzZ07gEXMIl_vEUFI,8323
nldcsc_elastic_rules/rules/integrations/aws/exfiltration_rds_snapshot_shared_with_another_account.toml,sha256=PGR4uulgzOjB2OZu2S0JtHCRQUwMePAm6moHPdx9h40,7993
nldcsc_elastic_rules/rules/integrations/aws/exfiltration_s3_bucket_policy_added_for_external_account_access.toml,sha256=25k7ur2Ltrws3oA2yVRxgcawGjKmWfl5QpQGzkUiWME,9953
nldcsc_elastic_rules/rules/integrations/aws/exfiltration_s3_bucket_policy_added_for_public_access.toml,sha256=vzKB5ezvrey4RstnmJq7Anqv3QYgyoQLl9njCtyWXB8,8667
nldcsc_elastic_rules/rules/integrations/aws/exfiltration_s3_bucket_replicated_to_external_account.toml,sha256=jzNj0f8qWLTK9eNoFCaeqZi-CeO4l-50pYo2hxjBw4Y,8432
nldcsc_elastic_rules/rules/integrations/aws/exfiltration_s3_uncommon_client_user_agent.toml,sha256=AMOgUkscaRS44r14n8pDwJIEDOqCEIS5Y4MXrxyBBrE,7310
nldcsc_elastic_rules/rules/integrations/aws/exfiltration_sns_rare_protocol_subscription_by_user.toml,sha256=WwO3G0f4-lUm0QtHL3E9qwmlvWOf_YBEc-_E7E4huaA,7730
nldcsc_elastic_rules/rules/integrations/aws/impact_aws_eventbridge_rule_disabled_or_deleted.toml,sha256=IAWpdsA7HhfXT9_t0Hvaf2bk9sw6jTQiNaK6S89TY5Y,7977
nldcsc_elastic_rules/rules/integrations/aws/impact_aws_s3_bucket_enumeration_or_brute_force.toml,sha256=sjdmI7x8K9qW1XkwkboUpGv7AkrgZOnEDUfH1PUV3e4,7959
nldcsc_elastic_rules/rules/integrations/aws/impact_bedrock_knowledge_base_or_rag_data_source_poisoning.toml,sha256=k9UiGpdPkuySnJ80_l1Uc98wUqWdKT50VXJzVVP5AFc,7177
nldcsc_elastic_rules/rules/integrations/aws/impact_bedrock_provisioned_model_throughput_tampering.toml,sha256=_tn0SzbrwQfnd6Qa-sV7eowRJKPz2hll8ygosyDJ3Wo,6662
nldcsc_elastic_rules/rules/integrations/aws/impact_cloudtrail_logging_updated.toml,sha256=uI8rn7ueVCzpBnakyeSG_Sg4HBovSJTZ6dHbah1Zeeo,5456
nldcsc_elastic_rules/rules/integrations/aws/impact_cloudwatch_log_group_deletion.toml,sha256=ls9w3_N_oO1IsRwCi0aBmlOLOouf6ao9o0IU0yG9CuU,8177
nldcsc_elastic_rules/rules/integrations/aws/impact_cloudwatch_log_stream_deletion.toml,sha256=Yrkh2vaQM-p8l4jJCUGCVIxAVVnBqYgnGZ5aj-9d4VQ,7969
nldcsc_elastic_rules/rules/integrations/aws/impact_ec2_disable_ebs_encryption.toml,sha256=xdiWiY69P6P68tIeqM8sLjFp4qVUdgExlSKAyy6Iexc,9516
nldcsc_elastic_rules/rules/integrations/aws/impact_ec2_ebs_snapshot_access_removed.toml,sha256=cDLsgmwvUvCtSMAhBnXBU_Eam02U1kK7Olj1mVa8SJE,9560
nldcsc_elastic_rules/rules/integrations/aws/impact_efs_filesystem_deleted.toml,sha256=lfL5ZUYNRP68qOJYIs8d8NtQy50XmgXjrgXZtzFyauM,7761
nldcsc_elastic_rules/rules/integrations/aws/impact_iam_deactivate_mfa_device.toml,sha256=RGIsUxWuVud2GGqnZv84WRt-hc_f6rdCi0Y35cVnSc4,7824
nldcsc_elastic_rules/rules/integrations/aws/impact_iam_group_deletion.toml,sha256=PW2gS_lbte7bwIGvxDZSDaDWDPBXXbD0FZ4c3e-SwP0,4898
nldcsc_elastic_rules/rules/integrations/aws/impact_kms_cmk_disabled_or_scheduled_for_deletion.toml,sha256=ybJH9axmcIW9ZG9X5JtEip6SypjZ-6-IDhbW-J_BaKk,8043
nldcsc_elastic_rules/rules/integrations/aws/impact_lambda_function_deleted.toml,sha256=2NTToovULPF6Q6CEpQQ6qXVCBi7KkbWLiwEJJ5uqYLM,5436
nldcsc_elastic_rules/rules/integrations/aws/impact_rds_instance_cluster_deletion.toml,sha256=9XNCPE9oiP3OU1g6djZ7oXzePlPZie2OHg1OkAxqFFI,7269
nldcsc_elastic_rules/rules/integrations/aws/impact_rds_instance_cluster_deletion_protection_disabled.toml,sha256=yUKt4eNkFW0oD8RRUlMD_rieTVfOtOBQnfSvqdowPmE,6953
nldcsc_elastic_rules/rules/integrations/aws/impact_rds_snapshot_deleted.toml,sha256=9vUBhPJcVWrkvlz0SBDm2sLmrmaflcJ5WM1PKXsrvsU,9212
nldcsc_elastic_rules/rules/integrations/aws/impact_s3_bucket_object_uploaded_with_ransom_keyword.toml,sha256=zuOCIj8gre2Mt1CZ7PmzqdG-yCz-Enf6ziV_O3-jLdA,9804
nldcsc_elastic_rules/rules/integrations/aws/impact_s3_excessive_object_encryption_with_sse_c.toml,sha256=JRSbiVeTxOktSYwbA8G3NELm5LhOnyP3qrdAg8B1-lI,5714
nldcsc_elastic_rules/rules/integrations/aws/impact_s3_object_encryption_with_external_key.toml,sha256=Rbaex9NRUQ6yCJTZUnKJE-aWTPOqa4xNV7sKlFPyo0U,10443
nldcsc_elastic_rules/rules/integrations/aws/impact_s3_object_versioning_disabled.toml,sha256=8uGb-DiCPCkhYypT_usa7Ql6IlP8s6fTo_OPtebZWPE,8194
nldcsc_elastic_rules/rules/integrations/aws/impact_s3_static_site_js_file_uploaded.toml,sha256=r3Ze6IMzv049PB7xBZtSdJ_QX_e-84jIs9xj-QUc9Sw,6046
nldcsc_elastic_rules/rules/integrations/aws/impact_s3_unusual_object_encryption_with_sse_c.toml,sha256=WBo2Fe-9fgzCVoEY7b2ZbwmFjJgDjvng2tUmLzJt26A,6251
nldcsc_elastic_rules/rules/integrations/aws/initial_access_assume_role_with_web_identity_kubernetes_sa_from_external_asn.toml,sha256=AqKooL14eRoaPXNzlMW143xsnIDsJbpD8xCuU9T5wTQ,5098
nldcsc_elastic_rules/rules/integrations/aws/initial_access_aws_api_unusual_asn.toml,sha256=J_HEmDrauiut_AbcElkBzQLXZVwUi5ZyPwjfa8hwEf8,7480
nldcsc_elastic_rules/rules/integrations/aws/initial_access_console_login_root.toml,sha256=EK0OLGRV8s7sgVpc2xSynUl-3oqSSZBZ6KrK-zuzTcM,7814
nldcsc_elastic_rules/rules/integrations/aws/initial_access_github_actions_oidc_credentials_used_from_suspicious_network.toml,sha256=mHOn1aKoFXn8mUkUwq5KN8FLm6p6ofARc1k2gJQh4Z0,6671
nldcsc_elastic_rules/rules/integrations/aws/initial_access_iam_session_token_used_from_multiple_addresses.toml,sha256=gNALV9nPwXkSf1DMv2LyUaAEHrawawkp8rhiNsDIkSU,12652
nldcsc_elastic_rules/rules/integrations/aws/initial_access_password_recovery.toml,sha256=QnHZV79ekiUZ7K3zKdQW9E6GqM3VW8r418aCSUnR7mQ,6919
nldcsc_elastic_rules/rules/integrations/aws/initial_access_signin_console_login_federated_user.toml,sha256=SWyj1x17cPIOILAawiqNi8ixveAxOZRoczGYvy_iU-c,6626
nldcsc_elastic_rules/rules/integrations/aws/initial_access_suspicious_user_agent_detected_in_cloudtrail.toml,sha256=fFukD6m2cXyGhnIgXzjRrcbJ1t7WcLlB9uciLuR-Wy4,8187
nldcsc_elastic_rules/rules/integrations/aws/lateral_movement_aws_ssm_start_session_to_ec2_instance.toml,sha256=qF9brivsFQMt41VVxiQJV4qqOHqZC-C6RarggorIFKM,5720
nldcsc_elastic_rules/rules/integrations/aws/lateral_movement_ec2_instance_connect_ssh_public_key_uploaded.toml,sha256=Lo4MqSFXTrI_ctpZjCus_zDn2wowhmga5Qlius7mRHQ,8430
nldcsc_elastic_rules/rules/integrations/aws/lateral_movement_ec2_instance_console_login.toml,sha256=Tr5FcQpOUeBnFLdzqmivVnEmSXLWnzx-dvo6Hfaz7kI,9864
nldcsc_elastic_rules/rules/integrations/aws/lateral_movement_k8_assumed_web_identity_session_with_multi_phase_api_use.toml,sha256=5lw3LOjAAsBDH7CuQYBwtVxeFbDmmj_lgdHT66mYf8k,9322
nldcsc_elastic_rules/rules/integrations/aws/lateral_movement_sns_topic_message_publish_by_rare_user.toml,sha256=ZtWqQCTGeDAYQ2mYDxYPRj9DDwfqFIWpz8A9GZ9hBLc,8701
nldcsc_elastic_rules/rules/integrations/aws/ml_cloudtrail_error_message_spike.toml,sha256=fTOuAENlAYC3QS0aetQS7Ej1WsTibUrpKCZ-f_YZHe0,8304
nldcsc_elastic_rules/rules/integrations/aws/ml_cloudtrail_rare_error_code.toml,sha256=Lx_9GiGGaOA2vn4lcfpdi48EhQ5KbbGCG8v5gH9poMA,8949
nldcsc_elastic_rules/rules/integrations/aws/ml_cloudtrail_rare_method_by_city.toml,sha256=4ZjfJJuQyqsKlKN36dART-qzWJtjZ1866t_QsD0WZGo,8862
nldcsc_elastic_rules/rules/integrations/aws/ml_cloudtrail_rare_method_by_country.toml,sha256=-Fc88tgeUHq2qgNMJrf3-G4mRDJWF8Yshlvr5pf-dAI,8455
nldcsc_elastic_rules/rules/integrations/aws/ml_cloudtrail_rare_method_by_user.toml,sha256=XtRfS2BZxpUUn4uKKSymFEnD6ekke0gNItkoxMRS990,9863
nldcsc_elastic_rules/rules/integrations/aws/persistence_aws_attempt_to_register_virtual_mfa_device.toml,sha256=4wz2MOskC-K9JEAD0T87XcvWf5Ibn3quQzlnLMS0G_Q,7812
nldcsc_elastic_rules/rules/integrations/aws/persistence_bedrock_agent_created.toml,sha256=ewl_G-pM8pS2gmLXoWMw8wTrSscBcUA742vIH8u0qsU,5057
nldcsc_elastic_rules/rules/integrations/aws/persistence_bedrock_agent_or_action_group_manipulation.toml,sha256=qVBEjIutTve0NPqEjtF7qfRqqK-XDZ82VZlSFvozW8I,7017
nldcsc_elastic_rules/rules/integrations/aws/persistence_bedrock_foundation_model_access_denied_attempt.toml,sha256=MRc9_c-LeQ0vDvswYczNTJLpJCASIfVLn9t8a-QyT2I,6977
nldcsc_elastic_rules/rules/integrations/aws/persistence_bedrock_foundation_model_access_enabled_or_entitlement_granted.toml,sha256=AgDLozS8I0krDC1y6qIAOMroSbT4V4t7iA598o7nEJU,7093
nldcsc_elastic_rules/rules/integrations/aws/persistence_bedrock_resource_based_policy_denied_attempt.toml,sha256=dr7YPM6AuJN3Y3GKoMOA_WvHkHXJnWPLj2N86fUYaZs,6334
nldcsc_elastic_rules/rules/integrations/aws/persistence_bedrock_resource_based_policy_modified_or_deleted.toml,sha256=01neOTmZP4I0QYXz9vS2yk1ni3NsSP7FCjSn6GukZ-4,5667
nldcsc_elastic_rules/rules/integrations/aws/persistence_bedrock_third_party_or_external_knowledge_base_associated_to_agent.toml,sha256=ueE6OYupwvQ4rdIapreylPwPK-IPv1a8fpY19mw8Ywc,6018
nldcsc_elastic_rules/rules/integrations/aws/persistence_bedrock_untrusted_model_imported_or_marketplace_endpoint_registered.toml,sha256=eEKlsclD4wvqGt9assRAfaipZj0A48bZW6M4Me_T5dQ,6411
nldcsc_elastic_rules/rules/integrations/aws/persistence_ec2_network_acl_creation.toml,sha256=MuBwcYAzIOSqjLdEAB6Dut11Z0dxcBa6f-LG_d1JbN8,7370
nldcsc_elastic_rules/rules/integrations/aws/persistence_ec2_route_table_modified_or_deleted.toml,sha256=g6NLkIBDC8FImkV8L7fD2wSU3wpOjkQiTqDKh7iuwzs,8699
nldcsc_elastic_rules/rules/integrations/aws/persistence_ec2_security_group_configuration_change_detection.toml,sha256=evIxghGvRR2oaMS7enWH_-V8Cl8jBzP4n3pTSHi3MDc,8153
nldcsc_elastic_rules/rules/integrations/aws/persistence_eks_access_entry_modified.toml,sha256=P8-RBJa40Jm_PEvg9B3YCQsQAcl7L8YQgkoaC-oWIow,4577
nldcsc_elastic_rules/rules/integrations/aws/persistence_iam_api_calls_via_user_session_token.toml,sha256=RdHL0XnP3annVbJey6wkfTEygaZ7cCAiaQ2sjW88A_c,8431
nldcsc_elastic_rules/rules/integrations/aws/persistence_iam_create_login_profile_for_root.toml,sha256=BeD6IIRkQza8G2o0LTVaF8iHn3ox0K54GH7d4OMqQvE,9544
nldcsc_elastic_rules/rules/integrations/aws/persistence_iam_create_user_via_assumed_role_on_ec2_instance.toml,sha256=2Ehhu5ODSkZqJC6hdWcgGWP4-HYy5OFAqHCjhuIUL24,6984
nldcsc_elastic_rules/rules/integrations/aws/persistence_iam_group_creation.toml,sha256=LTyOTky1F2occ6TmsgrOUrr5c-GnmopbQJjfzIi9pQ4,5564
nldcsc_elastic_rules/rules/integrations/aws/persistence_iam_oidc_provider_created.toml,sha256=uXspNgdNuQQ6HuExn6qq7WGyZVXN45R80kPwbZXDjPw,7465
nldcsc_elastic_rules/rules/integrations/aws/persistence_iam_roles_anywhere_profile_created.toml,sha256=Hq5uMYtaz24_1QEQRULy-J-WXphR0rh3iriyQFtFbVc,8187
nldcsc_elastic_rules/rules/integrations/aws/persistence_iam_roles_anywhere_trusted_anchor_created_with_external_ca.toml,sha256=egfVWRkWqTVuPSd0oy0aNprZJayrHLKwaJjskwZ8EQM,7891
nldcsc_elastic_rules/rules/integrations/aws/persistence_iam_saml_provider_created.toml,sha256=akm6NXAtWMx9N5uubT87XExjoBKCyP9AkkOpBs9Jz6s,7034
nldcsc_elastic_rules/rules/integrations/aws/persistence_iam_user_created_access_keys_for_another_user.toml,sha256=HJ9-se4wUzOb5PBXFC3MPWtOs3JH7LDKysKirodGBCs,9884
nldcsc_elastic_rules/rules/integrations/aws/persistence_lambda_backdoor_invoke_function_for_any_principal.toml,sha256=ZZeHCdIGHKkpMDFfr65B0LZ4kHUJQe9gRvJMMeqpPjM,7526
nldcsc_elastic_rules/rules/integrations/aws/persistence_lambda_cross_account_invocation_backdoor.toml,sha256=PMJ0drKFgHPGmjrArxEkmE4DwJVubHa5dTw18hRFb6E,6288
nldcsc_elastic_rules/rules/integrations/aws/persistence_lambda_event_source_mapping_created.toml,sha256=tDvxjbq6p-EFOl_rQgwyaBLi4e6tetEkuHyiZCDa_mI,6564
nldcsc_elastic_rules/rules/integrations/aws/persistence_lambda_function_url_public_access.toml,sha256=azcz_4yRpURBb8_vh8Rs2VQvk6gZXpSIWTNGwnve_1s,5890
nldcsc_elastic_rules/rules/integrations/aws/persistence_new_terms_ec2_create_keypair_unusual_source_as.toml,sha256=illlQV02qqyK5hExWA4yOHmBWIHRKG5jIk-TT216i3U,5472
nldcsc_elastic_rules/rules/integrations/aws/persistence_rds_db_instance_password_modified.toml,sha256=jjkiCNG2BjvP1v-c5TKjO9D3roEZ4mZH3NeXvNND99o,8907
nldcsc_elastic_rules/rules/integrations/aws/persistence_rds_instance_made_public.toml,sha256=S5DLeGKt8z9VWonwQVVeWYLREfo7SSWBY2IEPQG-qyE,7688
nldcsc_elastic_rules/rules/integrations/aws/persistence_route_53_domain_transfer_lock_disabled.toml,sha256=wCO698Cg02-MTL-CRd0XoTWrT_KBGvNv8DB0EOzw_00,7367
nldcsc_elastic_rules/rules/integrations/aws/persistence_route_53_domain_transferred_to_another_account.toml,sha256=jAAyTl38LeRVszkDBMYOncwVLLEm8VOaPbAsywFJYjA,8096
nldcsc_elastic_rules/rules/integrations/aws/persistence_route_53_hosted_zone_associated_with_a_vpc.toml,sha256=KWOMAWAlrmN9bT9dE2wTKKWsthOJCbD1tQZPhRVjaKA,7512
nldcsc_elastic_rules/rules/integrations/aws/persistence_route_table_created.toml,sha256=wlrzZPaxP3ykvlPzZZse8SkkxbBIN-GeAMHh6ofrTDM,6829
nldcsc_elastic_rules/rules/integrations/aws/persistence_sensitive_operations_via_cloudshell.toml,sha256=r0ceUdFQo0MqA5P9GIVxuujHJejzGaFmfSC4_8qz8LE,7533
nldcsc_elastic_rules/rules/integrations/aws/persistence_sts_assume_role_with_new_mfa.toml,sha256=FL43IEESqUrYWhR3WqVZY2HVPVj6Y5F9S0rczqwU4pY,8231
nldcsc_elastic_rules/rules/integrations/aws/privilege_escalation_ec2_instance_profile_associated_with_running_instance.toml,sha256=XlS7L25DQuCM0z84gpbrMIOpzXqgjWrOjZ-g7slXnVg,4824
nldcsc_elastic_rules/rules/integrations/aws/privilege_escalation_eks_access_entry_granted_cluster_admin_policy.toml,sha256=8BoIud-IpWR1KsB_H5d-PZCBAUduD21DYIt4w3jOyhk,4814
nldcsc_elastic_rules/rules/integrations/aws/privilege_escalation_iam_administratoraccess_policy_attached_to_group.toml,sha256=92wBS_g1TXLHGYFZnmc0QXNLDY5DQdZFRVykkG1rICM,7045
nldcsc_elastic_rules/rules/integrations/aws/privilege_escalation_iam_administratoraccess_policy_attached_to_role.toml,sha256=mug4uvHx3PFIpEuCSwSvBZa9W36tZRi63Tj0st_-jfs,6973
nldcsc_elastic_rules/rules/integrations/aws/privilege_escalation_iam_administratoraccess_policy_attached_to_user.toml,sha256=zGYwmJTDk54B_ZfmAX_NqekhxWaYJVWMkpPwicp1c3o,7717
nldcsc_elastic_rules/rules/integrations/aws/privilege_escalation_iam_customer_managed_policy_attached_to_role.toml,sha256=6asvvT4dD7uzO7UFBFUdpBMQM-pjLhrR5c38os5pJxQ,8282
nldcsc_elastic_rules/rules/integrations/aws/privilege_escalation_iam_customer_managed_policy_version_created_or_set_default.toml,sha256=NE2DyuQ1pVRBuIugv8u-f5gJgWi4X5TWfhLvbQJ728s,4971
nldcsc_elastic_rules/rules/integrations/aws/privilege_escalation_iam_privilege_operations_via_lambda_execution_role.toml,sha256=ep3K5kEuDNGRiYXYrMpMbGbxoIYyhOLwPQZkbikUFOg,6104
nldcsc_elastic_rules/rules/integrations/aws/privilege_escalation_iam_saml_provider_updated.toml,sha256=ZltaEtYlnRuhfDR39gkP4KwzsVd-OhaZwopyRyztO28,8157
nldcsc_elastic_rules/rules/integrations/aws/privilege_escalation_iam_update_assume_role_policy.toml,sha256=52dVkB2NYzY2DD5IGPgKArQJv6enPRPdsbcx2bjSaic,8054
nldcsc_elastic_rules/rules/integrations/aws/privilege_escalation_kms_key_policy_put.toml,sha256=3-d_8Wf6Fco1C2ZSlykK0MIVHXPtZ4NdKu2DrzfJohQ,4509
nldcsc_elastic_rules/rules/integrations/aws/privilege_escalation_role_assumption_by_service.toml,sha256=WR6ZMsAjHOXxE88KDCzOeK01fEWSPBZy2wQipOhfaCM,7769
nldcsc_elastic_rules/rules/integrations/aws/privilege_escalation_role_assumption_by_user.toml,sha256=_C49lYR2uYkWEJrcpJE5zZ2ZUvsEn3A2APEJxxpNsBs,7630
nldcsc_elastic_rules/rules/integrations/aws/privilege_escalation_sts_assume_root_from_rare_user_and_member_account.toml,sha256=wLUxXlOIENOvJ1LJBUqaW5UxrlIPqFBvK2IHAre12nc,12720
nldcsc_elastic_rules/rules/integrations/aws/privilege_escalation_sts_get_federation_token_administrator_access.toml,sha256=jzt_62KeipseE8aQCr8RF1L2_eZAkzY-9zpAlNba_cM,5272
nldcsc_elastic_rules/rules/integrations/aws/privilege_escalation_sts_role_chaining.toml,sha256=Iw0V3Bs1r-FQ3HiE1LxYdn4qcOKQiX4hrnF2ldb6Fhg,9106
nldcsc_elastic_rules/rules/integrations/aws/resource_development_sns_topic_created_by_rare_user.toml,sha256=rS9E9xx_vQc3vk0qLo536KUDTkaAsjEn66oE6OapDt8,6402
nldcsc_elastic_rules/rules/integrations/aws_bedrock/aws_bedrock_execution_without_guardrails.toml,sha256=c0cevT1mzWoFBX3gWSkDPj8yS7-hrq20C32I5yVCM-0,4847
nldcsc_elastic_rules/rules/integrations/aws_bedrock/aws_bedrock_guardrails_multiple_violations_by_single_user.toml,sha256=PqwbgjDSYma97wSBCrHkLxWG-TXDQY4FxI6cX7Yks1c,4857
nldcsc_elastic_rules/rules/integrations/aws_bedrock/aws_bedrock_guardrails_multiple_violations_in_single_request.toml,sha256=25G1pGkA_Pm9YsvEGJWJUzPADbmoepeGrWBn16IC4vw,5269
nldcsc_elastic_rules/rules/integrations/aws_bedrock/aws_bedrock_high_confidence_misconduct_blocks_detected.toml,sha256=sdLX9ZiabRdEBxm1GHsEQpd3C5gQKgyL013aOEcXmOM,5314
nldcsc_elastic_rules/rules/integrations/aws_bedrock/aws_bedrock_high_resource_consumption_detection.toml,sha256=T4DmttjFKaD-rI7yuuB6r_ahvOoJFRbW7HY1BujplYw,5036
nldcsc_elastic_rules/rules/integrations/aws_bedrock/aws_bedrock_multiple_attempts_to_use_denied_models_by_user.toml,sha256=u2c1QgxZcO68JmBCn_r7Ofd20lERSpnWi-QnGbepXDw,4568
nldcsc_elastic_rules/rules/integrations/aws_bedrock/aws_bedrock_multiple_sensitive_information_policy_blocks_detected.toml,sha256=7AXcjkalDO0nyTjJV3Hdmab9dqpFUN6z-O9QDvillHQ,4748
nldcsc_elastic_rules/rules/integrations/aws_bedrock/aws_bedrock_multiple_topic_policy_blocks_detected.toml,sha256=3Quejfd2m3jCBtrnbtnf1nQp6PvuUPX1Ol7JezXROUI,4638
nldcsc_elastic_rules/rules/integrations/aws_bedrock/aws_bedrock_multiple_validation_exception_errors_by_single_user.toml,sha256=tfMEkbWtIQ-hePLJTUuWB_9q1D6Uirbc2JSbzFumlvE,5019
nldcsc_elastic_rules/rules/integrations/aws_bedrock/aws_bedrock_multiple_word_policy_blocks_detected.toml,sha256=YCDnc0Ztis4S7XDXsLcPROoVqWtBpaznHl3mLesDxM0,4652
nldcsc_elastic_rules/rules/integrations/azure/collection_azure_storage_account_blob_public_access_enabled.toml,sha256=U81kxC6Kv8Lfr0fQ1Y-NKMipmuEtwOsz2Tx9ggkJ_Qs,6098
nldcsc_elastic_rules/rules/integrations/azure/collection_entra_id_sharepoint_access_from_unusual_application.toml,sha256=daZU1qiZv0wdUOf3oAn_yKCE9fDgoZRuv5r2DkH7KOo,9565
nldcsc_elastic_rules/rules/integrations/azure/collection_graph_email_access_by_unusual_public_client_via_graph.toml,sha256=wqO9WSb4j43SlPMOQClqhazrtaNJmC0Qbz7O8zyeFcs,7539
nldcsc_elastic_rules/rules/integrations/azure/credential_access_azure_entra_susp_device_code_signin.toml,sha256=ZmZgVrauEoG30lEXF1lxsIoTHMwwkoW8PtPl3-53v9k,7733
nldcsc_elastic_rules/rules/integrations/azure/credential_access_azure_service_principal_signin_then_arc_credential_listing.toml,sha256=wJcdoImpcNEwFSc1a5x9pGEFDyEDG9Y_0inIx2E1ci8,6475
nldcsc_elastic_rules/rules/integrations/azure/credential_access_azure_storage_account_keys_accessed.toml,sha256=v63qOvAZ09KAooXNUTwR8E9aPVACsiwMuE38_kfBMWQ,7273
nldcsc_elastic_rules/rules/integrations/azure/credential_access_azure_vm_boot_diagnostics_retrieved_unusual_principal.toml,sha256=NhBB13JBh1lqapgwDzBZ_RIDG7clprw3iSCICLQGVCg,5106
nldcsc_elastic_rules/rules/integrations/azure/credential_access_device_code_signin_aad_graph_enum.toml,sha256=abQ297bpnhDwg-g2NqoCp8SCg3KdL1q8sLz04GGj2ew,9945
nldcsc_elastic_rules/rules/integrations/azure/credential_access_entra_id_brute_force_activity.toml,sha256=5rWOasudoM0UTTzm6jQhVbXnFLoJr-vpz_e0HKaUd4E,14218
nldcsc_elastic_rules/rules/integrations/azure/credential_access_entra_id_excessive_account_lockouts.toml,sha256=bGLKFx8RuGF9fOKG71vZUPGkLNwZSDDGNYLIvih9INA,8955
nldcsc_elastic_rules/rules/integrations/azure/credential_access_entra_id_signin_brute_force_microsoft_365.toml,sha256=J-IczCAeNxOfCa0v08uLKjhcUcu9m6necXvw6id3NvQ,14630
nldcsc_elastic_rules/rules/integrations/azure/credential_access_entra_id_suspicious_signin.toml,sha256=uDE99nM3IQteOOlNyjYvSG-ECwkb3YB6P_05gvXW6Iw,8415
nldcsc_elastic_rules/rules/integrations/azure/credential_access_entra_id_totp_brute_force_attempts.toml,sha256=STtypDkSkFoBK-_ZQxe6S8asFYTO1u4WbEE1HIivZ2E,10319
nldcsc_elastic_rules/rules/integrations/azure/credential_access_key_vault_excessive_retrieval.toml,sha256=WWNURtGIZQ1TYNOph9gZ9AvxrKNWlDpnKBUG57iyMPs,11257
nldcsc_elastic_rules/rules/integrations/azure/credential_access_key_vault_retrieval_from_rare_identity.toml,sha256=pyI_FSEamTJQggDWfnuGQbXwXRdVzVbLfdXDgB-1VVg,8472
nldcsc_elastic_rules/rules/integrations/azure/credential_access_network_full_network_packet_capture_detected.toml,sha256=AtG0mm8NMzpNKzYwJ1Ju2vbOMONBv0Sa-CauBRCIWEw,6269
nldcsc_elastic_rules/rules/integrations/azure/credential_access_storage_account_key_regenerated.toml,sha256=8Vz5u-yZWkmbSreP8Htv_MkDpNR_rPv2-MdWlM-B9ec,6642
nldcsc_elastic_rules/rules/integrations/azure/defense_evasion_automation_runbook_deleted.toml,sha256=ATwuL35UYxx2azp9fdDNN2rxeswggov_84mtZ8hQZ_Q,5737
nldcsc_elastic_rules/rules/integrations/azure/defense_evasion_event_hub_deletion.toml,sha256=ZbT3Wd7egfUUiqfCiLjvKBKbV3CcjtIq2hw2w-Xbe8A,6613
nldcsc_elastic_rules/rules/integrations/azure/defense_evasion_insights_diagnostic_settings_deletion.toml,sha256=TGDUS7zx05VTIOjt_0D_AiGHUwovC6DulNMofLif46M,6958
nldcsc_elastic_rules/rules/integrations/azure/defense_evasion_kubernetes_events_deleted.toml,sha256=JvgCTYgONIn68Ere0_qrCGI5oQW6APKa-XjQBX62Law,6418
nldcsc_elastic_rules/rules/integrations/azure/defense_evasion_network_firewall_policy_deletion.toml,sha256=vvTkbf4if_fwzTbXztUqi5rpTE5D2ERx8uvKGr2WS5M,6267
nldcsc_elastic_rules/rules/integrations/azure/defense_evasion_network_frontdoor_firewall_policy_deletion.toml,sha256=nlC_ARs-A8X_88OndZsZl-ob15bR---mKSlmf0EgFmA,5997
nldcsc_elastic_rules/rules/integrations/azure/defense_evasion_network_watcher_deletion.toml,sha256=_UN2QLItbaRJ3O0QB_chMtaZ_kwaPnHNPV6Yv_mH2ZI,6140
nldcsc_elastic_rules/rules/integrations/azure/defense_evasion_security_alert_suppression_rule_created.toml,sha256=YFR_2LcsSOsaQalDSBg79zP8T-xfIg6HW36Lk4D_fvc,6679
nldcsc_elastic_rules/rules/integrations/azure/defense_evasion_storage_blob_permissions_modified.toml,sha256=vH1VR93jFmt3GL6SdKK5d-vRFSF40V_ubRor5r0WRAo,6217
nldcsc_elastic_rules/rules/integrations/azure/discovery_aad_graph_high_4xx_ratio_by_user.toml,sha256=BmJiZK4zAhSWq50GXp_igaQ8lRTVyXNR7H7PmjmWsmY,6063
nldcsc_elastic_rules/rules/integrations/azure/discovery_aad_graph_roadrecon_aiohttp_enumeration.toml,sha256=Ghxv8BFxMUD1YDKIg3dzXqhGOJINu78ZAGzQmHG7Z1M,10304
nldcsc_elastic_rules/rules/integrations/azure/discovery_aad_graph_suspicious_user_agent.toml,sha256=U2mtNwIif7gFGeIAJREuP-t2PH095U47aPH4-P3Je1w,7548
nldcsc_elastic_rules/rules/integrations/azure/discovery_aad_graph_unusual_client_for_user.toml,sha256=zFtYWQSFMsW4-6v3oARz5U_g2pT0VXLgqkI1syfKv1w,6929
nldcsc_elastic_rules/rules/integrations/azure/discovery_bloodhound_user_agents_detected.toml,sha256=pqYbjQauR8t0qtkTpVujTs3m1hE7BT-USCkEABlzhqc,7392
nldcsc_elastic_rules/rules/integrations/azure/discovery_entra_id_teamfiltration_user_agents_detected.toml,sha256=n-TfzIUgtTiPbjr9ELOmI2rPpn9Ix9m8K4PD9yOROLc,7877
nldcsc_elastic_rules/rules/integrations/azure/discovery_graph_activity_delegated_user_multi_category_recon.toml,sha256=Wgggtu1BmqHFOjGUGrVdt7ZUWfEzpy5nrcKgOyQYdbw,6825
nldcsc_elastic_rules/rules/integrations/azure/discovery_storage_blob_container_access_modification.toml,sha256=WbvNeNTldC43XgxQX8ywv1a8tV2HIRzh8IxznfcoqhQ,6523
nldcsc_elastic_rules/rules/integrations/azure/execution_automation_runbook_created_or_modified.toml,sha256=7z25MQn30CCI495TdUW2kyawLLnpLKXt6iZ7wESsk70,6578
nldcsc_elastic_rules/rules/integrations/azure/execution_azure_vm_extension_crud_unusual_source.toml,sha256=2SfL9pRVgmlFINErU87gZThpaXxlJ-45WZDvYu3IKLE,7137
nldcsc_elastic_rules/rules/integrations/azure/execution_azure_vm_managed_run_command_unusual_identity.toml,sha256=qIgfBtAWDlcVM55Gi3H-HIzhU_zTR9CKFuM6YzKwFzM,5918
nldcsc_elastic_rules/rules/integrations/azure/execution_compute_vm_command_executed.toml,sha256=JU0J7BroGsDqDHt5VVpIS6svQJ9hAP-kEiBKviyK1gw,7179
nldcsc_elastic_rules/rules/integrations/azure/exfiltration_azure_storage_blob_download_azcopy_sas_token.toml,sha256=m3uM2iJD4kCKlyaME7frIkMz2_2TU8MmKo38aUGhICE,7643
nldcsc_elastic_rules/rules/integrations/azure/impact_azure_compute_restore_point_collection_deleted.toml,sha256=Hwx7acpEI7YPhgJIIlYJoDvCz-2i5zdX6EdN5SiyUks,6124
nldcsc_elastic_rules/rules/integrations/azure/impact_azure_compute_restore_point_collections_deleted.toml,sha256=U21yeJACV3kokSKFGGxA4ls6SUXirquyU8XlPTee8gI,7895
nldcsc_elastic_rules/rules/integrations/azure/impact_azure_compute_vm_snapshot_deletion.toml,sha256=rMcgohICZjL11rR7_QmMdzJtTHUoxXj_3QP5MKAMzlM,7389
nldcsc_elastic_rules/rules/integrations/azure/impact_azure_compute_vm_snapshot_deletions.toml,sha256=FIMf7ttB3qvbDkUTA0OziLQvMfwKBwHO7d9viVIigBA,8386
nldcsc_elastic_rules/rules/integrations/azure/impact_azure_storage_account_deletion.toml,sha256=XFbwhG5A6UFUcVQ9Z4WbdFcBWJm8dghT3Ahl0i99b0g,6170
nldcsc_elastic_rules/rules/integrations/azure/impact_azure_storage_account_deletion_multiple.toml,sha256=ofCfqjq89RGA9JiR4GuNw0t3XhLBk3zcq30F90qVJnQ,7016
nldcsc_elastic_rules/rules/integrations/azure/impact_key_vault_modified_by_unusual_user.toml,sha256=3jckr-EiFhKDkBMdYLvyf9ofnEwAj3uOddb2OnXEToQ,6253
nldcsc_elastic_rules/rules/integrations/azure/impact_kubernetes_pod_deleted.toml,sha256=TaIeh8DA5F5TYezlrNRfXflc3LpywmhiRpzGOevk0kg,5989
nldcsc_elastic_rules/rules/integrations/azure/impact_resources_resource_group_deletion.toml,sha256=_aop4uIF6gKdrj-T0BPuZrjMsa7z1JRlcV6nEsPPIEo,7060
nldcsc_elastic_rules/rules/integrations/azure/initial_access_azure_arc_cluster_credential_access_unusual_source.toml,sha256=OLBZ2q_IIQNn9vW1J5zhQhOZLe1inoUGY-cfOmKHwbs,6079
nldcsc_elastic_rules/rules/integrations/azure/initial_access_entra_id_actor_token_user_impersonation_abuse.toml,sha256=JeChhk96ZVamrQEz354MDvd1DRd_21vSGYRrrJqW7LM,6526
nldcsc_elastic_rules/rules/integrations/azure/initial_access_entra_id_device_code_auth_with_broker_client.toml,sha256=9f9UbhIYBtGULiUujpo5IqE-N42waB25c3uZRtrPArI,7782
nldcsc_elastic_rules/rules/integrations/azure/initial_access_entra_id_external_guest_user_invite.toml,sha256=jJKRY61IrkbvbIHqx9g7Fdlqf8pIna5flwC8S97Vfug,6661
nldcsc_elastic_rules/rules/integrations/azure/initial_access_entra_id_federated_login_by_unusual_client.toml,sha256=YzOQF_gGOauezyFyfknxvgWHfQ4iy_7MrGNEDix-dm4,8010
nldcsc_elastic_rules/rules/integrations/azure/initial_access_entra_id_first_time_seen_device_code_auth.toml,sha256=8B9RarekRPsH6YqpGYJXN2l2Pdu0n0IuxfYx0xoWgkk,7665
nldcsc_elastic_rules/rules/integrations/azure/initial_access_entra_id_graph_single_session_from_multiple_addresses.toml,sha256=iSD_hrHfG-WDAaVtybiURd1amtXiZWG9uXJx3nYeB4c,13000
nldcsc_elastic_rules/rules/integrations/azure/initial_access_entra_id_high_risk_signin.toml,sha256=lhZNo-pD7bnGPNt8ZOEqPSM0k2t415zTFF26F5xR-5Y,5111
nldcsc_elastic_rules/rules/integrations/azure/initial_access_entra_id_illicit_consent_grant_via_registered_application.toml,sha256=Pkas5-gEHMbg4of7LYpzx10eAb2Muvgq3uxr8mOboXk,8468
nldcsc_elastic_rules/rules/integrations/azure/initial_access_entra_id_kali365_user_agent.toml,sha256=1Zi035DXFm5Vp_KaZt9ONTB_kjT4SZKaThWEECE0qCI,7604
nldcsc_elastic_rules/rules/integrations/azure/initial_access_entra_id_microsoft_auth_broker_nonstandard_user_agent.toml,sha256=egEF4KZkBu9PgbvNk7jB0CTuIcbLOxAsQQYwxjFl1KY,5883
nldcsc_elastic_rules/rules/integrations/azure/initial_access_entra_id_microsoft_auth_broker_unusual_resource.toml,sha256=YzidNEy35YytT7EVSUVaZCEx27uzNhQthpkGFXRwQEo,5487
nldcsc_elastic_rules/rules/integrations/azure/initial_access_entra_id_oauth_auth_code_grant_unusual_app_resource_user.toml,sha256=Ws2CdX0ORSjrxb736ExQ8SJbl97q1-ghIJE_cVap73w,10066
nldcsc_elastic_rules/rules/integrations/azure/initial_access_entra_id_oauth_device_code_phishing_tycoon_aitm.toml,sha256=uEaORVlLjqsyQY474E4NvFhQgVp3EcyqoGS4_sD_fAU,5234
nldcsc_elastic_rules/rules/integrations/azure/initial_access_entra_id_oauth_phishing_via_first_party_microsoft_application.toml,sha256=h3EglDJS_BRf5WWWf6qxHbJfzXY5y6FweKPt3aOXLLI,9302
nldcsc_elastic_rules/rules/integrations/azure/initial_access_entra_id_oauth_user_impersonation_scope.toml,sha256=rJuMiEmOEiTnd9Nnb3lDb40ArsSDWHWxZODlOSGxBrk,10377
nldcsc_elastic_rules/rules/integrations/azure/initial_access_entra_id_powershell_signin.toml,sha256=cSuHTKagL8TZO2iL4vAMk5OXMpj0hLS-DK9d9o5JfPY,6025
nldcsc_elastic_rules/rules/integrations/azure/initial_access_entra_id_protection_alerts_for_user.toml,sha256=2BctxPB6ZmL0LU8Tq6TqUFScLkcrbJ9FR_0oANemH3w,6239
nldcsc_elastic_rules/rules/integrations/azure/initial_access_entra_id_protection_confirmed_compromise.toml,sha256=48JvdrMY9JxKDnzOFZOFj3oEujtfNpgZ8vmXZHWP8sQ,8144
nldcsc_elastic_rules/rules/integrations/azure/initial_access_entra_id_protection_sign_in_risk_detected.toml,sha256=nPXwgtFPUc_HNjr0NcSnxcaolMr81YBVFVfYIqbLJRM,8850
nldcsc_elastic_rules/rules/integrations/azure/initial_access_entra_id_protection_user_risk_detected.toml,sha256=LZ9Nht8AfpDcX7GOyrefafHPjaLxOjTmpBMtPsslmrA,8607
nldcsc_elastic_rules/rules/integrations/azure/initial_access_entra_id_rare_app_id_for_principal_auth.toml,sha256=AoF7tRj5jj7dX4il6YJOw3NkDIeViAGw1fM6iNIS0l4,11073
nldcsc_elastic_rules/rules/integrations/azure/initial_access_entra_id_rare_authentication_requirement_for_principal_user.toml,sha256=yesleFscU-n92kj0NJu7YEhSgh2ewznwikEMC5WpTOE,9114
nldcsc_elastic_rules/rules/integrations/azure/initial_access_entra_id_risky_user_or_compromised_sign_in.toml,sha256=RpZVylwRDFfs34Je8aoI0ZSeLIDrgxYPvvHhIPR-bXs,5206
nldcsc_elastic_rules/rules/integrations/azure/initial_access_entra_id_service_principal_signin_unusual_source_asn.toml,sha256=hcrcKHV5_Hk-TWCroyd3mfO1HJ0TDfSAnzxqfcJyGW8,8171
nldcsc_elastic_rules/rules/integrations/azure/initial_access_entra_id_suspicious_oauth_flow_via_auth_broker_to_drs.toml,sha256=pEgTWoia91s5j730xPLLRCy88k6sK4Jk0Fgjdfu-wjI,13701
nldcsc_elastic_rules/rules/integrations/azure/initial_access_entra_id_temporary_access_pass_created.toml,sha256=wQXPAi18h1M5frr_K3xyh9fenb28yblRbsVUynYMF-Q,5040
nldcsc_elastic_rules/rules/integrations/azure/initial_access_entra_id_unusual_ropc_login_attempt.toml,sha256=t-UcXeZHS8uAc7ogOzoMgHTGMSs0SVtH-4JIqJdqx0A,6959
nldcsc_elastic_rules/rules/integrations/azure/initial_access_entra_id_user_reported_risk.toml,sha256=SfmxIm6LMBq9Yq_itw8qQNFROxfVefol7Ot_ZI7ZVyE,5133
nldcsc_elastic_rules/rules/integrations/azure/initial_access_graph_first_occurrence_of_client_request.toml,sha256=iKTWEPKC-1bmH1bCTR_Pqq20la32WCBYD2F58JG2OFQ,7462
nldcsc_elastic_rules/rules/integrations/azure/initial_access_tycoon_entra_id.toml,sha256=VRm0Tb9BkywUbFddgQLs7j7PU_KgdJ9vDwMMZ1o5R84,4591
nldcsc_elastic_rules/rules/integrations/azure/lateral_movement_azure_vm_serial_console_connect.toml,sha256=4rC1JS_LuEZynytqz3CcntPV3iS0WmBUtroJCO5tk_8,6591
nldcsc_elastic_rules/rules/integrations/azure/ml_azure_event_failures.toml,sha256=Qjrctylek8x8NHXwjdR84HvvvZ3C2OHCyu7Ajn9q0qE,7732
nldcsc_elastic_rules/rules/integrations/azure/ml_azure_rare_event_failures.toml,sha256=23SZmNQLcbnuc2aW0onjMSvVIoGc66ksPd7HQx8s2SE,7960
nldcsc_elastic_rules/rules/integrations/azure/ml_azure_rare_method_by_city.toml,sha256=ioD6yD56SxCeDwXi-t1m-tkZ5F1UPrzwbu54Or04_ws,7868
nldcsc_elastic_rules/rules/integrations/azure/ml_azure_rare_method_by_country.toml,sha256=32aOLxMAiuDo3zVZxkoZL64gWWsiSvGjZHTdkYRPec0,7455
nldcsc_elastic_rules/rules/integrations/azure/ml_azure_rare_method_by_user.toml,sha256=riNd4AqyEJrr64JJtijmYB3v_N7VLqMRMubf2C35k00,8558
nldcsc_elastic_rules/rules/integrations/azure/persistence_automation_account_created.toml,sha256=-4mPbAYQZeneeEFUj_xrtcTfPNaKeuUP6HSUgz5NvaM,6078
nldcsc_elastic_rules/rules/integrations/azure/persistence_automation_webhook_created.toml,sha256=hD0vAXQ0JR-Hw8Wds62Bj1dc6-s6xLyF_f_Hhj-I7EA,5920
nldcsc_elastic_rules/rules/integrations/azure/persistence_azure_vm_extension_deployment_by_interactive_user.toml,sha256=3DYuDMFuJdiqzCgvta1RDi0hU21sH8DuP7OLMSl485E,5188
nldcsc_elastic_rules/rules/integrations/azure/persistence_entra_id_application_credential_modification.toml,sha256=cYlU0dkCKmQuJwc52Nlr0jOffM_m5Dvd63L3IQVx_go,6858
nldcsc_elastic_rules/rules/integrations/azure/persistence_entra_id_conditional_access_policy_modified.toml,sha256=LfQE3sXkEO8QJTUGRCt96-HfUbdI2l1v5GMHiJv7k80,5606
nldcsc_elastic_rules/rules/integrations/azure/persistence_entra_id_global_administrator_role_assigned.toml,sha256=jJPI_MYjCPcZEbZK0f7tyq8wiv50BUZY9P1ysSm2dDk,7028
nldcsc_elastic_rules/rules/integrations/azure/persistence_entra_id_guest_account_promoted_to_member.toml,sha256=0QYLg9edqVZJ4zlJ1dpSfxMbxgTlbwOHFmq65R49QbU,3690
nldcsc_elastic_rules/rules/integrations/azure/persistence_entra_id_mfa_disabled_for_user.toml,sha256=8BaSs3HtWXK4rrTyZspPbkvdlHYT4ljaGOLNdIOxL2s,6470
nldcsc_elastic_rules/rules/integrations/azure/persistence_entra_id_microsoft_auth_broker_drs_signin_from_suspicious_asn.toml,sha256=Tfkzzze9QczB2-lelZPud1kq3_LkaDaqilV4_J-at88,6065
nldcsc_elastic_rules/rules/integrations/azure/persistence_entra_id_oauth_app_redirect_uri_modified.toml,sha256=dSUPrLhBnS1jmj5rKkVkouu1CmYRyFv-qPwwTiWWv-I,4514
nldcsc_elastic_rules/rules/integrations/azure/persistence_entra_id_pim_user_added_global_admin.toml,sha256=rN_vnWwo494KSECSXiLKQhELHwiGyUUYNk2vP2LXDt4,6839
nldcsc_elastic_rules/rules/integrations/azure/persistence_entra_id_privileged_identity_management_role_modified.toml,sha256=yon5059T6Fk97UYE1Mf_LhU6Xt00KIGriM5XwSY1CQg,6145
nldcsc_elastic_rules/rules/integrations/azure/persistence_entra_id_register_device_unusual_user_agent.toml,sha256=7rAUO-36AAkZ5UlFYwHiH9RQwGeXW03EfcvdJfjBaVU,4139
nldcsc_elastic_rules/rules/integrations/azure/persistence_entra_id_roadtools_default_device_registration.toml,sha256=t7TZ2qqn-RbM5NXCWHBW841Tmquru1Q50GyboUeFd1k,6930
nldcsc_elastic_rules/rules/integrations/azure/persistence_entra_id_rt_to_prt_transition_from_user_device.toml,sha256=lBzjF5d5bBoV_uZqnqlxWLDR6XLDwC2wf5E-SZO0myI,7504
nldcsc_elastic_rules/rules/integrations/azure/persistence_entra_id_service_principal_created.toml,sha256=vZEB30iRA6kpqA3CLFtLc-fuVhy8W0AzEHAEfDGwfmQ,6342
nldcsc_elastic_rules/rules/integrations/azure/persistence_entra_id_service_principal_credentials_added.toml,sha256=wZLi21pz3WBepZOLcTNKLzE69gZ3rBbaxp97Vr3vGy0,6432
nldcsc_elastic_rules/rules/integrations/azure/persistence_entra_id_service_principal_federated_issuer_modified.toml,sha256=U_m3fb7MDymfA_Jsg1vZuybYm2lbTDGl3QiqG2prL88,6721
nldcsc_elastic_rules/rules/integrations/azure/persistence_entra_id_suspicious_adrs_token_request.toml,sha256=YIbufdwscrwCMyjVV1woZKdl5Koh3RX_wpj8Ok2HPys,6433
nldcsc_elastic_rules/rules/integrations/azure/persistence_entra_id_suspicious_cloud_device_registration.toml,sha256=cgkqgpmjSNy3v84Q7a1nRi327NjW2Y2-iNV5LqJ-4tA,7051
nldcsc_elastic_rules/rules/integrations/azure/persistence_entra_id_user_added_as_owner_for_azure_application.toml,sha256=XTJbPMOll5nh-ydn9V4brYcEb0HubpXHK5yeSrHaiGY,5889
nldcsc_elastic_rules/rules/integrations/azure/persistence_entra_id_user_added_as_owner_for_azure_service_principal.toml,sha256=zNilGQCSQmYXxTcIvtwT0OkNXGR7ws4VOEKprfCd8k4,6096
nldcsc_elastic_rules/rules/integrations/azure/persistence_entra_id_user_signed_in_from_unusual_device.toml,sha256=rFwwm9JqzI0f2PPMCA7cPWVD45mbzRjfOELDz6LLHSA,7389
nldcsc_elastic_rules/rules/integrations/azure/persistence_event_hub_created_or_updated.toml,sha256=sBHS0l1zt-YXvq4PzsNzGyWG5Mueuacgwl_dlTioyTE,6793
nldcsc_elastic_rules/rules/integrations/azure/persistence_graph_eam_addition_or_modification.toml,sha256=YqI3-f3cX2bO1OkLjFhyT7cmIhgucLHJNhqMBIrd5To,5820
nldcsc_elastic_rules/rules/integrations/azure/persistence_identity_protect_alert_followed_by_device_reg.toml,sha256=5yv7tb6-ssdtXooKs3C-Bh8-FGNS0pW7NMgNJT4qvK8,6079
nldcsc_elastic_rules/rules/integrations/azure/privilege_escalation_azure_rbac_administrator_roles_assigned.toml,sha256=KPqCfMEouJ-W-06HAEgGJAEXxlLeGcrfXRBfXejtsjQ,6145
nldcsc_elastic_rules/rules/integrations/azure/privilege_escalation_entra_id_elevate_to_user_administrator_access.toml,sha256=NAxyzMInz9jaUjVjplitxr9EmxkIVnusBZj-CFmNvpk,5859
nldcsc_elastic_rules/rules/integrations/azure/privilege_escalation_entra_id_tenant_domain_federation_via_audit_logs.toml,sha256=3rwWvP-QuOoxyFwxVpDomqfrjqTWud66FPTEnO6Iex0,7774
nldcsc_elastic_rules/rules/integrations/azure/privilege_escalation_kubernetes_aks_rolebinding_created.toml,sha256=NEr_nHuDT9vgpOVnsrNUhVanV2maaKUDP34lP4gLc50,7222
nldcsc_elastic_rules/rules/integrations/azure/resource_development_entra_id_custom_domain_added_and_verified.toml,sha256=_4xlYVGABX5QYnLfZi5uZBZyh4Tl3CJb6WfqtHJcSkk,5786
nldcsc_elastic_rules/rules/integrations/azure_openai/azure_openai_denial_of_ml_service_detection.toml,sha256=k7TmTJjP6U4hoMWtkHZpeml2xar7ddOs03uiXjsIZEQ,5996
nldcsc_elastic_rules/rules/integrations/azure_openai/azure_openai_insecure_output_handling_detection.toml,sha256=VOiDNib8m07nXzBHp1CdpkkhZKPAL79HtetheJ23OZ0,5792
nldcsc_elastic_rules/rules/integrations/azure_openai/azure_openai_model_theft_detection.toml,sha256=vvjnYVCilaJqtKtgE-vmX-yNqO46CEZD96uE2c8LUXM,5754
nldcsc_elastic_rules/rules/integrations/beaconing/command_and_control_beaconing.toml,sha256=nXWdAZwxJsBvDpwy-ccyJvsn4f4jlxSvwhAZwy11asI,8022
nldcsc_elastic_rules/rules/integrations/beaconing/command_and_control_beaconing_high_confidence.toml,sha256=SD0ejJgT395orNRkG2VvyuL42Zyphj8KkAY4HqtVLJw,7402
nldcsc_elastic_rules/rules/integrations/cloud_defend/command_and_control_curl_socks_proxy_detected_inside_container.toml,sha256=BSlZfN-YTYJCNW9UYfRBF1VvV2-KyM9wjktCMiQyiM0,4738
nldcsc_elastic_rules/rules/integrations/cloud_defend/command_and_control_interactive_file_download_from_internet.toml,sha256=cN1NvUEBNbdu3bx4x0-8GD7ANEplFE-9Ou0Z25sW7SE,7537
nldcsc_elastic_rules/rules/integrations/cloud_defend/command_and_control_tunneling_and_port_forwarding.toml,sha256=5NqIVRq3R_1uzrMgNlB8I-4tO2_JIZJorF6iaZ6HFm8,7163
nldcsc_elastic_rules/rules/integrations/cloud_defend/container_workload_protection.toml,sha256=9Q1DAgjwjSYh57cnwCa12zHGybKbxEfNmzk6YfDdDbA,5003
nldcsc_elastic_rules/rules/integrations/cloud_defend/credential_access_cloud_creds_search_inside_a_container.toml,sha256=rPNRPXikpQGk6XO0_lF7PZXxH48wsbg9C0qGbFzjsBI,4168
nldcsc_elastic_rules/rules/integrations/cloud_defend/credential_access_collection_sensitive_files_compression_inside_a_container.toml,sha256=gj_Nw_xVNYMp0ILbFwboIY6cZXij_QfL4lwbacgh8ZY,8500
nldcsc_elastic_rules/rules/integrations/cloud_defend/credential_access_sensitive_keys_or_passwords_search_inside_a_container.toml,sha256=uktXvDhA_o4m02xLh6BKZ0u0AjZYphHfBarJSeHIxhs,8540
nldcsc_elastic_rules/rules/integrations/cloud_defend/credential_access_service_account_token_or_cert_read.toml,sha256=mYYSHSqPf18ePYDbnhyadaVg81kKCNiCi9UYbQb2dIo,7501
nldcsc_elastic_rules/rules/integrations/cloud_defend/defense_evasion_decoded_payload_piped_to_interpreter.toml,sha256=kw4LVBK7MCQVViKem_YY1v0lGPONJxFyIcUITO2ZXQw,9288
nldcsc_elastic_rules/rules/integrations/cloud_defend/defense_evasion_deletion_of_shell_cmdline_history.toml,sha256=4H1u6bRINtkALN3KNqmhKPXyqne9F870ALoSVhXrwnA,6855
nldcsc_elastic_rules/rules/integrations/cloud_defend/defense_evasion_file_creation_execution_deletion_cradle.toml,sha256=ftyqQj531ojr4-KtMijMF-CVTeipQOMh1zgSmVK65QI,8773
nldcsc_elastic_rules/rules/integrations/cloud_defend/defense_evasion_interactive_process_execution_from_suspicious_directory.toml,sha256=iv8MAB7b3Su41Axa4eTm23ZDamj8BGIUuWrZozGGAGc,6336
nldcsc_elastic_rules/rules/integrations/cloud_defend/defense_evasion_ld_preload_shared_object_modified_inside_a_container.toml,sha256=O54vU-rDBPz8K5P0juLWZeMiu9OqJBPNFRkawsRtTGw,7557
nldcsc_elastic_rules/rules/integrations/cloud_defend/defense_evasion_potential_evasion_via_encoded_payload.toml,sha256=rPwNDmfE4GfF0gmRob0b8WuE-WUnk6YyYWIpdu_6orM,7414
nldcsc_elastic_rules/rules/integrations/cloud_defend/discovery_dns_enumeration.toml,sha256=qxZR7clEmxxtehReAkeX0z3JMPTBGAW40dFt4bPZXns,7613
nldcsc_elastic_rules/rules/integrations/cloud_defend/discovery_environment_enumeration.toml,sha256=olnSzBpfVCnSzsCfCPWCKobpLAqCvJyElheuN8Ym5Dw,7028
nldcsc_elastic_rules/rules/integrations/cloud_defend/discovery_kubelet_certificate_file_access.toml,sha256=TcnCQ7tFr9UA-Nhoui1uL9nGL7qOWf7q9cPeLhrlfdY,7763
nldcsc_elastic_rules/rules/integrations/cloud_defend/discovery_kubelet_pod_discovery_via_builtin_utilities.toml,sha256=3kG1F1o7bamtaDiTBge_QU5RZKRWcfNYm-FNJybAk-M,7064
nldcsc_elastic_rules/rules/integrations/cloud_defend/discovery_potential_cluster_enumeration_via_jq.toml,sha256=vlVXJ4-KFsKVN4BUdrx0emQfu6ij4tzdVN37Kbg5jz0,2105
nldcsc_elastic_rules/rules/integrations/cloud_defend/discovery_privilege_boundary_enumeration_from_interactive_process.toml,sha256=n4L6xKOvYzfI-deIH1eEYUyOH0dj2Cno8Wdfz98R_T4,7596
nldcsc_elastic_rules/rules/integrations/cloud_defend/discovery_service_account_namespace_read.toml,sha256=7jIZtgSsAP2Swe81odK59JkiTvcHiGpy6jkmPb5fD_o,7069
nldcsc_elastic_rules/rules/integrations/cloud_defend/discovery_suspicious_network_tool_launched_inside_a_container.toml,sha256=P-YGyzjDYvDtlOYe-XXhrgIJLHRb6SnJmjm0d4D4er4,8989
nldcsc_elastic_rules/rules/integrations/cloud_defend/discovery_tool_enumeration.toml,sha256=kBKMMe_cjmtuSup8ehO4vyVZ6aQ3YIQ_gHlqS8YuSPM,7186
nldcsc_elastic_rules/rules/integrations/cloud_defend/execution_container_management_binary_launched_inside_a_container.toml,sha256=sBilvbvJmTMpX2pxNtS9YivUbOkaiq3XM1q3VBMUkNc,8084
nldcsc_elastic_rules/rules/integrations/cloud_defend/execution_container_runtime_cli_suspicious_args.toml,sha256=-2A6ewKhEBPA067Y3pgvVd5HUhI8guCTr8XNB3e8jfw,4144
nldcsc_elastic_rules/rules/integrations/cloud_defend/execution_direct_interactive_kubernetes_api_request.toml,sha256=0K9n_iISNvM6nYB1J6ebicgEAMm99fSB-NQBw9NfrLk,8995
nldcsc_elastic_rules/rules/integrations/cloud_defend/execution_interactive_exec_to_container.toml,sha256=9KHzgpG89CSV66oZT6Vs-SKmJfX-YvT7BXh3M2lwzuU,7787
nldcsc_elastic_rules/rules/integrations/cloud_defend/execution_interactive_file_creation_followed_by_execution.toml,sha256=MHfYiqrXaxlt8-szkbPcZA4snCSl8j2w3Bht5kS2p4k,6293
nldcsc_elastic_rules/rules/integrations/cloud_defend/execution_interactive_file_creation_in_system_binary_locations.toml,sha256=2Cf0lpiCrmFmh_uSA-mf3Tj6CBxG0IqfEdMKT0-_aWw,6831
nldcsc_elastic_rules/rules/integrations/cloud_defend/execution_interactive_shell_spawned_from_inside_a_container.toml,sha256=VAxxtEM167qoZ2GksqG0NpU7_CZmPPizlYPt9QYIdc0,6668
nldcsc_elastic_rules/rules/integrations/cloud_defend/execution_kubeletctl_execution.toml,sha256=FbY-Gg3q9mcVN7iZPZtWIQXhqE_FYeXc6z2WNw5KkSo,7310
nldcsc_elastic_rules/rules/integrations/cloud_defend/execution_netcat_listener_established_inside_a_container.toml,sha256=TRPiKCF0914qXthf7UJ09__vwZ3Wd0xdNu_RzfxkoOM,8688
nldcsc_elastic_rules/rules/integrations/cloud_defend/execution_payload_downloaded_and_piped_to_shell.toml,sha256=QxMjYdqPeIlgB2R3LLI4vW5cKsBj-WS01XwHjwbWW3Y,7802
nldcsc_elastic_rules/rules/integrations/cloud_defend/execution_potential_direct_kubelet_access_via_process_args.toml,sha256=jhjjrOTC6yDYopnK1sMZbNeh-tKMxoD8ccqAdPV7jMM,7156
nldcsc_elastic_rules/rules/integrations/cloud_defend/execution_suspicious_file_made_executable_via_chmod_inside_a_container.toml,sha256=B00MxfrJLr9dP6l5e_wbDXSA8z-KozznV4CIAme1XQM,7859
nldcsc_elastic_rules/rules/integrations/cloud_defend/execution_suspicious_interactive_interpreter_command_execution.toml,sha256=nN0qc2on6v4nk-0WmaMuvXbAW0zc3myGjOrb2mfy5wc,10232
nldcsc_elastic_rules/rules/integrations/cloud_defend/execution_tool_installation.toml,sha256=VV4kztfXmjAUrlQkonv_4wPRcZF75G6ApJDKmYjN4sQ,6961
nldcsc_elastic_rules/rules/integrations/cloud_defend/impact_process_killing.toml,sha256=DBOVgVXsvaaty71sZj0xe-BhuQsW3Xj_QUke3XX3Bk8,6702
nldcsc_elastic_rules/rules/integrations/cloud_defend/persistence_modification_of_persistence_relevant_files.toml,sha256=UdEpjY45ETHB3zAaFu3R_hTHI9OYDfBJNBU8UToDPmU,10876
nldcsc_elastic_rules/rules/integrations/cloud_defend/persistence_ssh_authorized_keys_modification_inside_a_container.toml,sha256=nQrvZThpxUpLZsbzfq_B6prW4VBMPnsw9uZuueY7JiA,6890
nldcsc_elastic_rules/rules/integrations/cloud_defend/persistence_suspicious_echo_or_printf_execution.toml,sha256=leAR56gLHzeReLORaS0xw_FYkZh3jrK8b19XZd9v4Y4,10910
nldcsc_elastic_rules/rules/integrations/cloud_defend/persistence_suspicious_webserver_child_process_execution.toml,sha256=X28WpPQx4tWud-jsf2kf5QQQ6KM8gyd1-KcnZYwbxlc,14067
nldcsc_elastic_rules/rules/integrations/cloud_defend/privilege_escalation_chroot_execution_detected_inside_container.toml,sha256=haBiwvEi1wzQ3EA5LlUsCafdXAacTJlNpvqaVX0RQ-M,6305
nldcsc_elastic_rules/rules/integrations/cloud_defend/privilege_escalation_debugfs_launched_inside_a_privileged_container.toml,sha256=40Ezp0y0AG6NTEIuoXoznr7WDzKsI4eR1-p3PXAhJZk,7236
nldcsc_elastic_rules/rules/integrations/cloud_defend/privilege_escalation_mount_launched_inside_a_privileged_container.toml,sha256=Wq4ZsY5VVE8B42cFf1e_0rCriAJorEFLrgX8NmAyiis,6957
nldcsc_elastic_rules/rules/integrations/cloud_defend/privilege_escalation_nsenter_execution_inside_container.toml,sha256=d8wQRH4Yqjgep-yhkD7Oll1N27fChYjea9gaUI9riMA,3837
nldcsc_elastic_rules/rules/integrations/cloud_defend/privilege_escalation_potential_container_escape_via_modified_notify_on_release_file.toml,sha256=5fbR5wXspPD3RZclrNGGXu0VWFJiFFumpLPux9ZNSYk,6305
nldcsc_elastic_rules/rules/integrations/cloud_defend/privilege_escalation_potential_container_escape_via_modified_release_agent_file.toml,sha256=UR2aMwt93RrvpRSjjq_Tpa0Fq9g4HspweU3vq837rQw,6426
nldcsc_elastic_rules/rules/integrations/cloud_defend/privilege_escalation_unshare_namespace_manip.toml,sha256=Wwzq4mPdnhHzTUgvH5Je1l4BlsMxnsgpFYLSJH2QEys,6079
nldcsc_elastic_rules/rules/integrations/cyberarkpas/privilege_escalation_cyberarkpas_error_audit_event_promotion.toml,sha256=Wuo7dY9NgaJ-mrUkhkGOrPh-RtpnnyV1fJFPqFj79Os,2061
nldcsc_elastic_rules/rules/integrations/cyberarkpas/privilege_escalation_cyberarkpas_recommended_events_to_monitor_promotion.toml,sha256=ZOL4skl9YqWjNq3ShK-1cZxu5TCd_EAE5LrERc6FagM,2917
nldcsc_elastic_rules/rules/integrations/ded/exfiltration_ml_high_bytes_destination_geo_country_iso_code.toml,sha256=vmfNPkUdYC9b2BM_C4hOPa9tmBt8dcwOa0vUbvFNTP4,7122
nldcsc_elastic_rules/rules/integrations/ded/exfiltration_ml_high_bytes_destination_ip.toml,sha256=4kqWPhPEOl0fiF-lZFToRLr9a863UQF73UNyk8dUB78,7233
nldcsc_elastic_rules/rules/integrations/ded/exfiltration_ml_high_bytes_destination_port.toml,sha256=4BhxVxJWsdMDRtUgbjCFaClLsRgJryap_NKR6XipUL8,7346
nldcsc_elastic_rules/rules/integrations/ded/exfiltration_ml_high_bytes_destination_region_name.toml,sha256=RjA7L8hoc6vv2UR-rhti3lGjjRM6-oCsczFjVMmHDxs,7160
nldcsc_elastic_rules/rules/integrations/ded/exfiltration_ml_high_bytes_written_to_external_device.toml,sha256=2bCBhYJ5cF2xv1q8jef9LOhN9Un645_9eFyj0lDHdpc,6987
nldcsc_elastic_rules/rules/integrations/ded/exfiltration_ml_high_bytes_written_to_external_device_airdrop.toml,sha256=u9ZAdypPvmlFMe5cAeAv7mfZoYtKlI64_QT7XgDlvvU,7191
nldcsc_elastic_rules/rules/integrations/ded/exfiltration_ml_rare_process_writing_to_external_device.toml,sha256=jwZMHt3bYonL--BS-F9pd7KnwuR1TXk7COZnfk7vIH0,6857
nldcsc_elastic_rules/rules/integrations/dga/command_and_control_ml_dga_activity_using_sunburst_domain.toml,sha256=aoxOxRz075vLp8nXiyX2xMjenl6eHxwJ395wGgWjVWc,8107
nldcsc_elastic_rules/rules/integrations/dga/command_and_control_ml_dga_high_sum_probability.toml,sha256=mUReR3rjLR8FH1u5avQJdaC_xZGuxDtJ2EMl_FOfrRg,8666
nldcsc_elastic_rules/rules/integrations/dga/command_and_control_ml_dns_request_high_dga_probability.toml,sha256=WbLlALgpz1JsytBGnVGqTG7yrObiViFvf7Izvym8Y14,7849
nldcsc_elastic_rules/rules/integrations/dga/command_and_control_ml_dns_request_predicted_to_be_a_dga_domain.toml,sha256=fSKeieG4oSLtPUFqNYs5ebA3x7P8V3CrH8L_PD_AiXE,7864
nldcsc_elastic_rules/rules/integrations/endpoint/defense_evasion_elastic_memory_threat_detected.toml,sha256=6aYCF6vJq9jFoeHmEQlHki90_jomKfVU1xiuXmejeZc,8837
nldcsc_elastic_rules/rules/integrations/endpoint/defense_evasion_elastic_memory_threat_prevented.toml,sha256=K_i3j0ZsXFiJruD8AFPfkTWSsTnrwlxGUYxFjyVrnaY,8814
nldcsc_elastic_rules/rules/integrations/endpoint/elastic_endpoint_security.toml,sha256=7JuxGnkWghYWeJrQTlNC_QP-4ErFwhZUw_9TWnPhCR8,6892
nldcsc_elastic_rules/rules/integrations/endpoint/elastic_endpoint_security_behavior_detected.toml,sha256=oINVbk8RAmb4vcg7D_kzJ-eNr6ZvN4jjo38bz4UpU8E,6928
nldcsc_elastic_rules/rules/integrations/endpoint/elastic_endpoint_security_behavior_prevented.toml,sha256=HqxuwMpWU0DdAPsca_DN7_huN0C-UD4StK9ePoxSRxo,6907
nldcsc_elastic_rules/rules/integrations/endpoint/execution_elastic_malicious_file_detected.toml,sha256=j0CdnaijJeAt9XYH333dOfAzwNQHyPQuGY4ylgwRoE4,8719
nldcsc_elastic_rules/rules/integrations/endpoint/execution_elastic_malicious_file_prevented.toml,sha256=-ZPqaZmP2z-Su3cEmdqW4knt99pjQm2JQtU7eTBXHY0,8697
nldcsc_elastic_rules/rules/integrations/endpoint/impact_elastic_ransomware_detected.toml,sha256=i0euPpVIU9ybfJMJd_KLq6vgW0eYJAXZ5AuzkKx-RKk,8674
nldcsc_elastic_rules/rules/integrations/endpoint/impact_elastic_ransomware_prevented.toml,sha256=hWJgYtCQYC05-sA4f2dzwKiHOK8nylNPT8AizyzDBLo,8659
nldcsc_elastic_rules/rules/integrations/entityanalytics_entra_id/persistence_entra_id_device_roadtools_default_os_build.toml,sha256=nbSjAAeSGVevaxzEQ0wW0PB3DnxtXheI3wkKFkRvMio,6718
nldcsc_elastic_rules/rules/integrations/fim/persistence_suspicious_file_modifications.toml,sha256=xHG2oOZaAl-yOXeqkFU0tLIxMijxVPZSd-pIVZ_wk7M,16172
nldcsc_elastic_rules/rules/integrations/gcp/collection_gcp_pub_sub_subscription_creation.toml,sha256=9Lc33Kvv84JFLngqTGCvsM3Ixk9IOq-UvTukCw6xk_g,5752
nldcsc_elastic_rules/rules/integrations/gcp/collection_gcp_pub_sub_topic_creation.toml,sha256=bIQGZTB2-FtuGR1iXYGGLiGzT1CuNwWNP_lt_AO-OJs,6070
nldcsc_elastic_rules/rules/integrations/gcp/defense_evasion_gcp_firewall_rule_created.toml,sha256=afxs9n5FUzIoz1dlsvMQrbKtO3AzDpoNZyk3l_rc_aQ,6596
nldcsc_elastic_rules/rules/integrations/gcp/defense_evasion_gcp_firewall_rule_deleted.toml,sha256=OVReg2SxCqmnuSaMRbUAlSVJdbUeM8PTAKZUhKQi80I,6057
nldcsc_elastic_rules/rules/integrations/gcp/defense_evasion_gcp_firewall_rule_modified.toml,sha256=uCZxb9WgwaDfrPQUrGOnKE825Yz1Yr-lyL6To25Mm8I,6207
nldcsc_elastic_rules/rules/integrations/gcp/defense_evasion_gcp_logging_bucket_deletion.toml,sha256=Qm303FokKJ5hf6JMFpmMz3LbgoH804VeLKYFwxWQwT0,6312
nldcsc_elastic_rules/rules/integrations/gcp/defense_evasion_gcp_logging_sink_deletion.toml,sha256=6Ymp0LfwJQIf2QjfEevPAQKVKFfxpGL8DaAjI31n-Ik,6047
nldcsc_elastic_rules/rules/integrations/gcp/defense_evasion_gcp_pub_sub_subscription_deletion.toml,sha256=rxzprvXNAEprwypEkOXGJOyn0worcG98f2w0q1wG2AM,5995
nldcsc_elastic_rules/rules/integrations/gcp/defense_evasion_gcp_pub_sub_topic_deletion.toml,sha256=NX5KZZ1OjQfAZLOucJxQdWXBHb9BlgoGJyZ0b7pChFU,6173
nldcsc_elastic_rules/rules/integrations/gcp/defense_evasion_gcp_storage_bucket_configuration_modified.toml,sha256=Cedwz1Lc3rVFA0B5-hP9VR-dy2ip6hYI5aJv3mdB1bA,6241
nldcsc_elastic_rules/rules/integrations/gcp/defense_evasion_gcp_storage_bucket_permissions_modified.toml,sha256=0MMkTdfPAetdYJ7ssYyFPW6QlgrTOQBNo4YQdV8U2Ds,6773
nldcsc_elastic_rules/rules/integrations/gcp/defense_evasion_gcp_virtual_private_cloud_network_deleted.toml,sha256=73hxp0dMaatbWeQin357EkzIFGc-HibzQ7CvByVIOjI,6150
nldcsc_elastic_rules/rules/integrations/gcp/defense_evasion_gcp_virtual_private_cloud_route_created.toml,sha256=gXr7zDwfOw-Gl3RChvJzWKlrqk8N1eqGxPL3SAvPBec,6567
nldcsc_elastic_rules/rules/integrations/gcp/defense_evasion_gcp_virtual_private_cloud_route_deleted.toml,sha256=MWLqkrtlXPSGbnZ3D3P2D_LxdppNRMZvoj0NkouimmM,6475
nldcsc_elastic_rules/rules/integrations/gcp/exfiltration_gcp_logging_sink_modification.toml,sha256=LnDqwRTPDdHGBKF9kAsXunfPH9nT8nPaFqyI8yeZmwM,6565
nldcsc_elastic_rules/rules/integrations/gcp/impact_gcp_iam_role_deletion.toml,sha256=0fYFVaGh6Bmss32ABbXi_XZ7ZtHt9ukaEZEiJU1UcKE,5738
nldcsc_elastic_rules/rules/integrations/gcp/impact_gcp_service_account_deleted.toml,sha256=0yq1M0XWPuXlv_aud_ahHFNqh9-LySj9-XG2yGWq2-8,5727
nldcsc_elastic_rules/rules/integrations/gcp/impact_gcp_service_account_disabled.toml,sha256=3ZX5Wn-wUW6toQXkHNILWyIehb0JtXA7LiH_2BZ-7mE,5651
nldcsc_elastic_rules/rules/integrations/gcp/impact_gcp_storage_bucket_deleted.toml,sha256=zL2jYyqBwHM6S11Ffi9Bv0DTkxITSvJReusWYTslRDE,5495
nldcsc_elastic_rules/rules/integrations/gcp/initial_access_gcp_iam_custom_role_creation.toml,sha256=dqlJ8daZs7cOTOI9YPNAHdQ5r6NmpI7Vb5wlu6Zhg-U,6702
nldcsc_elastic_rules/rules/integrations/gcp/ml_gcp_error_message_spike.toml,sha256=ichY4bA5mcVRBRn16Fx3M7CqqjodEn2seFXsH6U7CKI,3522
nldcsc_elastic_rules/rules/integrations/gcp/ml_gcp_rare_error_code.toml,sha256=GJN2AE-K0m0AKJCLC8KM8j_qpgBVW9bSGN87yaXGmvo,4035
nldcsc_elastic_rules/rules/integrations/gcp/ml_gcp_rare_method_by_city.toml,sha256=1la3dvf5oGhZU0LFBIExXtSxHmCSQCdmSb0gedurGW4,3742
nldcsc_elastic_rules/rules/integrations/gcp/ml_gcp_rare_method_by_country.toml,sha256=kunqvsQd8oS6EQvxEk6TEYlRJkJzNQZGZZr81EAjFSo,4170
nldcsc_elastic_rules/rules/integrations/gcp/ml_gcp_rare_method_by_user.toml,sha256=aMg82WXN_TvSdH6ZVbcB-VvaWkrnqv79oaVIZ6_0gG8,4790
nldcsc_elastic_rules/rules/integrations/gcp/persistence_gcp_iam_service_account_key_deletion.toml,sha256=HFALypNIRmi-xihbMEgDBgsdSAksvMm9roSS4keXQ3E,5996
nldcsc_elastic_rules/rules/integrations/gcp/persistence_gcp_key_created_for_service_account.toml,sha256=0gs14UCwYPyz_EoTj17hatrHp_xT2JPgMP6JhvU-dk8,6289
nldcsc_elastic_rules/rules/integrations/gcp/persistence_gcp_service_account_created.toml,sha256=wlymr2GeoNtVClWHN1DudK9q59aGjl9QMtBGtOE_oNw,5750
nldcsc_elastic_rules/rules/integrations/github/defense_evasion_github_protected_branch_settings_changed.toml,sha256=MXPwfnf0K6Om2XuwJa_212NQUsdArWu5sCjfAPKUivI,5381
nldcsc_elastic_rules/rules/integrations/github/defense_evasion_secret_scanning_disabled.toml,sha256=WdSye75b9D_Fu2bpi5YeGJowbKQEukTy_j-OkilvYKE,5403
nldcsc_elastic_rules/rules/integrations/github/execution_github_app_deleted.toml,sha256=pAJtHJW1B_5mLPc8QEseGASWAs1rwkM5YJZ96nuSFS8,5231
nldcsc_elastic_rules/rules/integrations/github/execution_github_high_number_of_cloned_repos_from_pat.toml,sha256=wIH2F_BdeIxTHKttxVAn9foeQjIZQ97RswRKp1Bpq6o,5525
nldcsc_elastic_rules/rules/integrations/github/execution_github_ueba_multiple_behavior_alerts_from_account.toml,sha256=6q-SntMIphiYXYTB1_Th2IH790UQp_-7pI2uqtWrzi8,5139
nldcsc_elastic_rules/rules/integrations/github/execution_new_github_app_installed.toml,sha256=ZyVUOYZ86GdNa_ERaTBuJlvPYT8PaUi0pfhpMipipxo,5604
nldcsc_elastic_rules/rules/integrations/github/exfiltration_github_private_repository_turned_public.toml,sha256=PQeDbxY988Knete7tII0SeaTph4u_1q3iXvp5d9qvUw,5510
nldcsc_elastic_rules/rules/integrations/github/exfiltration_high_number_of_cloning_by_user.toml,sha256=fAeUaE_8wV5ndHrEY1S2MURzAQWs_Od1DPpZ9vH9haw,6468
nldcsc_elastic_rules/rules/integrations/github/impact_github_repository_activity_from_unusual_ip.toml,sha256=tQc_f7MttZQf3IbLKs31w2JzcZ1ufmJlbzJs8l727co,3048
nldcsc_elastic_rules/rules/integrations/github/impact_github_repository_deleted.toml,sha256=SveZRqG4GBOoE4A1ih1ZUXXeGhcjgEoqKCl1guhejQg,5254
nldcsc_elastic_rules/rules/integrations/github/impact_high_number_of_closed_pull_requests_by_user.toml,sha256=DqlwRprDVOR-fdR9soWZr9Vx7utFNU8h3sqWkmYIX9I,6802
nldcsc_elastic_rules/rules/integrations/github/impact_high_number_of_failed_protected_branch_force_pushes_by_user.toml,sha256=K85HbnQJPtE_1X-xmZdicEapfA14ggDno6m2QBUg32Q,6778
nldcsc_elastic_rules/rules/integrations/github/impact_high_number_of_protected_branch_force_pushes_by_user.toml,sha256=iVpnMta8rwwk0mas5kUcs6qtjnL2zqdMR3T2tCfQFxg,7334
nldcsc_elastic_rules/rules/integrations/github/initial_access_github_actions_bot_first_push_to_repo.toml,sha256=0l2_n6EYwbtfcv6TXjB5vnQF9EyGD1zfgYGkY4NuxXY,5009
nldcsc_elastic_rules/rules/integrations/github/initial_access_github_actions_workflow_injection_blocked.toml,sha256=ov2q5jfRXf219uiIlkzqANOC6OmBZo0qgFQ1zvF8unw,5239
nldcsc_elastic_rules/rules/integrations/github/initial_access_github_register_self_hosted_runner.toml,sha256=oE094JO-jZEfyVXP04wIqUC1VRABwkTNc5Fhc_IWtsE,3642
nldcsc_elastic_rules/rules/integrations/github/persistence_github_org_owner_added.toml,sha256=qvwuKeOCYSQLiqUkDYVmklzzu3rPZvueebdP8Gx-kXs,6060
nldcsc_elastic_rules/rules/integrations/github/persistence_new_pat_created.toml,sha256=LK7YeOWGCQGUzLQiDvNrfJbxTwzJJfS4NrF2MZIqhk4,5732
nldcsc_elastic_rules/rules/integrations/github/persistence_organization_owner_role_granted.toml,sha256=G2AR9sp20GaMEhRk96ECeocmS_BotJRB3GUHdM6TZaA,5573
nldcsc_elastic_rules/rules/integrations/google_workspace/collection_google_drive_ownership_transferred_via_google_workspace.toml,sha256=LE0_q7M7PdNNEqMyS5X3yCh2is9vHX6SoWFfnY7JpyY,8189
nldcsc_elastic_rules/rules/integrations/google_workspace/collection_google_workspace_custom_gmail_route_created_or_modified.toml,sha256=umNRCLJP5EuqlMgr0cy1jsAcI76XPGPwndzj0-rHYTQ,7506
nldcsc_elastic_rules/rules/integrations/google_workspace/credential_access_google_workspace_drive_encryption_key_accessed_by_anonymous_user.toml,sha256=WgODFb1j054TZVqlLDKqe2OzeXvpUXx_NY-yIeIW_CQ,7134
nldcsc_elastic_rules/rules/integrations/google_workspace/defense_evasion_application_removed_from_blocklist_in_google_workspace.toml,sha256=AoAaa_EfLvPgXKYJFMnYWUNfMxlk_DtJTkHlOldjFxM,8197
nldcsc_elastic_rules/rules/integrations/google_workspace/defense_evasion_domain_added_to_google_workspace_trusted_domains.toml,sha256=t6OkWHmbmapHcwUb8NmZv7Ph6c7RJgHYsQmQ1OD4lmA,7922
nldcsc_elastic_rules/rules/integrations/google_workspace/defense_evasion_google_workspace_bitlocker_setting_disabled.toml,sha256=lCQxsh7lYUx9b2czWoNjvXJfVhmEmVTahDmiWveLs4U,6863
nldcsc_elastic_rules/rules/integrations/google_workspace/defense_evasion_google_workspace_new_oauth_login_from_third_party_application.toml,sha256=wA5xvxBOhGLj_3Mwfxtq1id1hw-_vMplFg-B3vSEyxE,8585
nldcsc_elastic_rules/rules/integrations/google_workspace/defense_evasion_restrictions_for_marketplace_modified_to_allow_any_app.toml,sha256=FZhfoBbRN9nfcoPSOxyNuavd5gx0flymY4An6slUVao,8148
nldcsc_elastic_rules/rules/integrations/google_workspace/google_workspace_alert_center_promotion.toml,sha256=7aQKKAG88hmXw-lEXwqxSfQxff8hzz0uoUMiffW_rQc,2230
nldcsc_elastic_rules/rules/integrations/google_workspace/impact_google_workspace_admin_role_deletion.toml,sha256=BkznDpD44N2htZcytBQg0nXHG2FTNYnm4-EwyTXWIgU,8236
nldcsc_elastic_rules/rules/integrations/google_workspace/impact_google_workspace_mfa_enforcement_disabled.toml,sha256=ObkcMcAHinxWMB_xxsiAdjY5DUBeCbmDjPUvmj5nMrU,9501
nldcsc_elastic_rules/rules/integrations/google_workspace/initial_access_external_user_added_to_google_workspace_group.toml,sha256=xsAMUfx2Np-xza6i25_sYZE5CABtbkAT-AC5muLW7vg,7586
nldcsc_elastic_rules/rules/integrations/google_workspace/initial_access_google_workspace_login_from_atypical_asn.toml,sha256=nGR7UCxUX-hvOpjQCqeN9ZBeRbr22JGHbQDAjBoUYj8,6638
nldcsc_elastic_rules/rules/integrations/google_workspace/initial_access_google_workspace_login_impossible_travel.toml,sha256=VFiXFhj4BKovsn6dvc08aa6ocYuZOUojwDDKn2NPTwY,12263
nldcsc_elastic_rules/rules/integrations/google_workspace/initial_access_google_workspace_suspended_user_renewed.toml,sha256=WhV5O8GlCgROuRATaVURErnrJPVSMwt1wa_BdMtj7sE,7657
nldcsc_elastic_rules/rules/integrations/google_workspace/initial_access_object_copied_to_external_drive_with_app_consent.toml,sha256=5bstdqOUkzLMdgmo5kM8Q0WBk-3qjcfTGTrFceY5olk,10999
nldcsc_elastic_rules/rules/integrations/google_workspace/persistence_application_added_to_google_workspace_domain.toml,sha256=67YX9Thuw4jQFBrfPhU-anZ7lSjbbX-Fi7_7Vwh5caQ,7619
nldcsc_elastic_rules/rules/integrations/google_workspace/persistence_google_workspace_2sv_policy_disabled.toml,sha256=b_4ex7x-gVIMzxpilK3C81pPVUGM2nsrPp3A6ae5eBo,8056
nldcsc_elastic_rules/rules/integrations/google_workspace/persistence_google_workspace_admin_role_assigned_to_user.toml,sha256=CM4_nBHZTk8K12Q1rU-xLNxLwhBzJAnr6Ytf2K1reec,8286
nldcsc_elastic_rules/rules/integrations/google_workspace/persistence_google_workspace_api_access_granted_via_dwd.toml,sha256=hknZEMOXQYz14Zys-Infot8PpErvA-RNmNLqLtjNuNQ,8889
nldcsc_elastic_rules/rules/integrations/google_workspace/persistence_google_workspace_custom_admin_role_created.toml,sha256=xcxzzavQ-gcSPxKiS5xMBcCluFhjWmqFPe3V_YLYpw4,8422
nldcsc_elastic_rules/rules/integrations/google_workspace/persistence_google_workspace_device_registered_after_oauth_from_suspicious_asn.toml,sha256=4CtKvx9S2DDESouhj5CqF55z_vB8JkyMQekbjhw3l_I,4449
nldcsc_elastic_rules/rules/integrations/google_workspace/persistence_google_workspace_device_registration_atypical_device.toml,sha256=lR8LeKMqstnmQXi9BbonDf18WOYH6Y5VtMA9cLUG97E,8620
nldcsc_elastic_rules/rules/integrations/google_workspace/persistence_google_workspace_device_registration_burst.toml,sha256=VGHCDe2VYPWES8ja3ph-BaOcG41X2Rx_2shovddewUQ,9963
nldcsc_elastic_rules/rules/integrations/google_workspace/persistence_google_workspace_password_policy_modified.toml,sha256=E52hn_Ok4DzBm3kcX8AXFPJmqkB8zxcL09RdvJqCSLo,9345
nldcsc_elastic_rules/rules/integrations/google_workspace/persistence_google_workspace_role_modified.toml,sha256=U3cNu4RaTxwhfcjtAQzgl0fnVPLGZjcwmdQnqZE_RPQ,9261
nldcsc_elastic_rules/rules/integrations/google_workspace/persistence_google_workspace_user_organizational_unit_changed.toml,sha256=DEXC7DeFodqr-KrvbipANbzgskK-KYGrpECLWjm9Clc,8052
nldcsc_elastic_rules/rules/integrations/google_workspace/persistence_mfa_disabled_for_google_workspace_organization.toml,sha256=Go6HeOkY8UN2q6sDClyCqdflL9eSRHoeeAv31IpUxus,6599
nldcsc_elastic_rules/rules/integrations/kubernetes/credential_access_azure_arc_proxy_secret_configmap_access.toml,sha256=_O52AflHQqhv4vu0ifM-W3UcPYAos-Dy3sMSZ6TaeJI,6878
nldcsc_elastic_rules/rules/integrations/kubernetes/credential_access_get_secrets_access.toml,sha256=gy_fqs0K5PTE5d3TRtkH2UHHvRx6gArHO2So6iDbFhA,6048
nldcsc_elastic_rules/rules/integrations/kubernetes/credential_access_kubernetes_multiple_secret_retrieval_burst.toml,sha256=LwQOYXzm7TFemMACJE56t9anEL0Fi244oZkHwFZj3rc,4316
nldcsc_elastic_rules/rules/integrations/kubernetes/credential_access_kubernetes_pod_exec_cloud_instance_metadata.toml,sha256=y3G5uGuVUCp7YBLxOTGhapYgPiebWjtMLaad0wndtyY,5329
nldcsc_elastic_rules/rules/integrations/kubernetes/credential_access_kubernetes_pod_exec_sensitive_file_access.toml,sha256=FW0pRQkTFbN6TtgKaaIZlbMgbMLF96TDArBPBkRtN2A,6407
nldcsc_elastic_rules/rules/integrations/kubernetes/credential_access_kubernetes_secret_access_scripting_http_clients.toml,sha256=7XPl1myYVKLuvpfX_l2uGD91K5G_k2C45-5Hnh_K6zs,4301
nldcsc_elastic_rules/rules/integrations/kubernetes/credential_access_kubernetes_secret_read_by_node_or_pod_service_account.toml,sha256=1LvBzQEpyN7Ux9oPYasbXGyhWzu1kZIiWGkJPIS_OUQ,4895
nldcsc_elastic_rules/rules/integrations/kubernetes/credential_access_kubernetes_secrets_list_cluster_and_sensitive_namespaces.toml,sha256=E79eTF5cAo0nKeY6tXpHPB3KQmA3TyUpcgcK-Lcb25Y,3177
nldcsc_elastic_rules/rules/integrations/kubernetes/credential_access_kubernetes_service_account_token_created_via_tokenrequest.toml,sha256=V1_mexmwOgKpyEdZtb95Vkv_Urf80y13WGFLNgAVFlM,5017
nldcsc_elastic_rules/rules/integrations/kubernetes/defense_evasion_events_deleted.toml,sha256=RsIQoj20y8a2AbMyLpfaW65fo72OnL0CJ62CYFX417U,5673
nldcsc_elastic_rules/rules/integrations/kubernetes/discovery_denied_service_account_request.toml,sha256=YiXnBMtCJHKaxokcP7SKvyfrUqjyQdC8mAun2ge729g,6798
nldcsc_elastic_rules/rules/integrations/kubernetes/discovery_endpoint_permission_enumeration_by_anonymous_user.toml,sha256=U_iSnu41PVXZUUk0qYcpjLX7RF6ua357OGOZ8QshR54,9556
nldcsc_elastic_rules/rules/integrations/kubernetes/discovery_endpoint_permission_enumeration_by_user_and_srcip.toml,sha256=t5fgtZ67zsnEzcLjmGmYK1vDLb2hSXU5arIQrWwdwAU,7410
nldcsc_elastic_rules/rules/integrations/kubernetes/discovery_kubernetes_multi_resource_setup_recon.toml,sha256=3d_t-fEZ4CISQie4YH_AdGEStxiM_lVKJP9E9UX7038,5286
nldcsc_elastic_rules/rules/integrations/kubernetes/discovery_suspicious_self_subject_review.toml,sha256=Wjd7d2yNJ4NMJNl7Y8uXC-0lvOmCkNhdpeI0TcO3MA8,7338
nldcsc_elastic_rules/rules/integrations/kubernetes/execution_anonymous_create_update_patch_pod_request.toml,sha256=kQlSKA_fqlecF0FBLr8RIacw-8fFu0OKpN8c5AacDvQ,1670
nldcsc_elastic_rules/rules/integrations/kubernetes/execution_forbidden_creation_request.toml,sha256=3e2A3HPL9KUClWjzMuukWYuZIqXK9iJdI9dfOFR89zg,6450
nldcsc_elastic_rules/rules/integrations/kubernetes/execution_forbidden_request_from_unsual_user_agent.toml,sha256=UaoFrnwiwYZlk9wLa2CUbqICl3g-0c67V2KD5_IYSxU,5995
nldcsc_elastic_rules/rules/integrations/kubernetes/execution_kubernetes_pod_exec_curl_wget_https.toml,sha256=dRu172MhUk9RYHAFdOFdVI9ePP-xMCSnVzKW9Trl9Y0,4520
nldcsc_elastic_rules/rules/integrations/kubernetes/execution_kubernetes_pod_exec_potential_reverse_shell.toml,sha256=zfjEhbCqN2RYfBFLTPH_li2ynO8SwdOP7v-1mpgdLjE,4047
nldcsc_elastic_rules/rules/integrations/kubernetes/execution_unusual_request_response_by_user_agent.toml,sha256=WruhGORAvxfDwoSeWxhPSoqlurGaLIidp6rEjSyjuJQ,6358
nldcsc_elastic_rules/rules/integrations/kubernetes/execution_user_exec_to_pod.toml,sha256=CJcyQyC1gfzC46fX0oMilNN4OmjZyBmbQHCwxoN6DWc,9280
nldcsc_elastic_rules/rules/integrations/kubernetes/impact_kubernetes_coredns_or_kube_dns_configuration_modified.toml,sha256=84gRyc2k62gmcbtzm1ezI22l_tgxgdDd1_rLY_CKDPA,4181
nldcsc_elastic_rules/rules/integrations/kubernetes/initial_access_anonymous_request_authorized.toml,sha256=S3Orh5H9FJT9IRlsNhgB4JopSxqbrlVmqmz6THLkZdg,6311
nldcsc_elastic_rules/rules/integrations/kubernetes/persistence_cluster_admin_rolebinding_created.toml,sha256=_n-g0tKqu7DmY0m0LkUFVBaBcRjtS_ZOb64i4heH2bM,6472
nldcsc_elastic_rules/rules/integrations/kubernetes/persistence_exposed_service_created_with_type_nodeport.toml,sha256=5PFFO0nSBPevlGoabrfwg4XDqTmS8xQ-q1pt89LEKf8,7686
nldcsc_elastic_rules/rules/integrations/kubernetes/persistence_kubernetes_admission_webhook_created_or_modified.toml,sha256=Ll4ikRauWd2dUutSbn_nFc1yhizWdb6_31MQa7Hkl7k,5999
nldcsc_elastic_rules/rules/integrations/kubernetes/persistence_kubernetes_client_certificate_signing_request_created_or_approved.toml,sha256=FF1hVuHCfOiV-u-nyY6cF6u0dWGmpsQbzorlEI0hrkw,5624
nldcsc_elastic_rules/rules/integrations/kubernetes/persistence_kubernetes_eks_aws_auth_configmap_modified.toml,sha256=eW9JjF8KLpPKO0fGk11dosRyUppFhwv8GoEuQ__x6gA,4454
nldcsc_elastic_rules/rules/integrations/kubernetes/persistence_sensitive_role_creation_or_modification.toml,sha256=uAX5ebxUJG-sRpiEYOPRu4XXkVjTw62G1Ak58MjesOs,8742
nldcsc_elastic_rules/rules/integrations/kubernetes/persistence_service_account_bound_to_clusterrole.toml,sha256=1ffmSGIpvH5HYwuv4FlMz-KLEdDBGzoP3UTrXicwEpM,6719
nldcsc_elastic_rules/rules/integrations/kubernetes/privilege_escalation_api_proxy_to_node.toml,sha256=nmTZ-j-qBUrVNOxmn-pzwbzrBQJ4OvJ5I330RWgQtGk,5685
nldcsc_elastic_rules/rules/integrations/kubernetes/privilege_escalation_container_created_with_excessive_linux_capabilities.toml,sha256=DwUynBOGuzJepsCIHpK0V6qkcVv5eMw51bKXbtgEHvM,5750
nldcsc_elastic_rules/rules/integrations/kubernetes/privilege_escalation_kubernetes_api_request_impersonating_privileged_identity.toml,sha256=rbyaKSq6avZoXVdXBwtkqvc9f5A9G3CCjeF6mxkYyqY,4808
nldcsc_elastic_rules/rules/integrations/kubernetes/privilege_escalation_kubernetes_ephemeral_container_added_to_pod.toml,sha256=_CoYr8UoiKzNoM9l7k1-pTYlYJAO9gR2i_hk4qVCV04,3841
nldcsc_elastic_rules/rules/integrations/kubernetes/privilege_escalation_pod_created_with_hostipc.toml,sha256=7r7kNrMtfzoP14yWnVGfWbTTKAlyd49CySJj_QXvKFU,7313
nldcsc_elastic_rules/rules/integrations/kubernetes/privilege_escalation_pod_created_with_hostnetwork.toml,sha256=2kTogM0-lI2uLZcVWQAj4O988RUuaOZ_FUwXGfy92OQ,7412
nldcsc_elastic_rules/rules/integrations/kubernetes/privilege_escalation_pod_created_with_hostpid.toml,sha256=KTQxS8P4Yf_6wh8RbHXAvt7jW4xudtIELNpUAlhcDnQ,8086
nldcsc_elastic_rules/rules/integrations/kubernetes/privilege_escalation_pod_created_with_sensitive_hostpath_volume.toml,sha256=FwNAYI8X8OEU0TpnWNBvyMEpC6uKrz3ng1B2dh5hPNc,8854
nldcsc_elastic_rules/rules/integrations/kubernetes/privilege_escalation_privileged_pod_created.toml,sha256=SDjlvwH6u3VbRzEhqhTD973RXCT09TzyleKKVGCfIEg,8376
nldcsc_elastic_rules/rules/integrations/kubernetes/privilege_escalation_role_patch_wildcard_verbs_resources_response.toml,sha256=oOUf67If6gmxZRL4Wi7AhtKvfIYrj-eW0FLJpPwPl8Q,3844
nldcsc_elastic_rules/rules/integrations/kubernetes/privilege_escalation_sensitive_rbac_change_followed_by_workload_modification.toml,sha256=v_MUPTJ5-ZVeCosdQXjREyvCDloduiYvG7-7C42xRSo,6772
nldcsc_elastic_rules/rules/integrations/kubernetes/privilege_escalation_sensitive_workload_modification_by_user_agent.toml,sha256=IOtHQihZTmF_TCuCSdL4wIz18IemvgaaKCCm4Ejjoww,6910
nldcsc_elastic_rules/rules/integrations/kubernetes/privilege_escalation_service_account_rbac_write_operation.toml,sha256=fbiMJtm3qlBSQeDWsqBUcEdumEMgqHREWkoeqw9A-f4,6411
nldcsc_elastic_rules/rules/integrations/kubernetes/privilege_escalation_suspicious_assignment_of_controller_service_account.toml,sha256=3lfW7UGX2L3_5KXmR-k7rU6txdERENOWSgrYBn9XIkQ,7284
nldcsc_elastic_rules/rules/integrations/lmd/lateral_movement_ml_high_mean_rdp_process_args.toml,sha256=EF_XiTdaYKxGJUbw7tC7zORdGTM8A-QLyUXtPnb6d_0,7613
nldcsc_elastic_rules/rules/integrations/lmd/lateral_movement_ml_high_mean_rdp_session_duration.toml,sha256=EFZ3P3Fy0jQ1hjfiRLMVkG4cN7quXLpxdsRGL5P4AvE,7466
nldcsc_elastic_rules/rules/integrations/lmd/lateral_movement_ml_high_remote_file_size.toml,sha256=mwOsjscR21t7Niyadu15dM04tnb5Ys2YiLIw1wXg3Wk,7787
nldcsc_elastic_rules/rules/integrations/lmd/lateral_movement_ml_high_variance_rdp_session_duration.toml,sha256=SA3__JCagR6KVJqjrpylFEQUW8hYhAv5-jfcMoyWN0M,7550
nldcsc_elastic_rules/rules/integrations/lmd/lateral_movement_ml_rare_remote_file_directory.toml,sha256=SJirZ965EfnfbtCln_B8j_OenzNXtVFqvIsWaS44zFg,7627
nldcsc_elastic_rules/rules/integrations/lmd/lateral_movement_ml_rare_remote_file_extension.toml,sha256=J0JUqDd2gP3CeTlvmdPCoXIxs7CfMksB1wiYZoOT5BU,7131
nldcsc_elastic_rules/rules/integrations/lmd/lateral_movement_ml_spike_in_connections_from_a_source_ip.toml,sha256=k7BpevQ9cYiqbZ2FSgmhr4onnU_WreVv6hUHPKEiDi4,7581
nldcsc_elastic_rules/rules/integrations/lmd/lateral_movement_ml_spike_in_connections_to_a_destination_ip.toml,sha256=CFlcOfGDTY1OTWxUAxsjZXi6fAmyTXG29hzejnt-AxY,7386
nldcsc_elastic_rules/rules/integrations/lmd/lateral_movement_ml_spike_in_rdp_processes.toml,sha256=Ek9BlGGzbTjxXcyWYyi-qYMY7KKdRDJMb3kfKPuxSig,7468
nldcsc_elastic_rules/rules/integrations/lmd/lateral_movement_ml_spike_in_remote_file_transfers.toml,sha256=lWkbm6v5tBX5knEFlO7VymtMsD1ogQYIOb0YwJBEni0,7543
nldcsc_elastic_rules/rules/integrations/lmd/lateral_movement_ml_unusual_time_for_an_rdp_session.toml,sha256=YhOO9CzWX6peFkpmRZupAm4F9I2nxYzziYRcFXQb1_A,7537
nldcsc_elastic_rules/rules/integrations/microsoft_exchange_online_message_trace/initial_access_azure_monitor_callback_phishing_email.toml,sha256=nqBK2w2tRRz4j2AjrgfwarNQPsyHHItqvCNXUqKC0Vw,6370
nldcsc_elastic_rules/rules/integrations/o365/collection_exchange_excessive_mail_items_accessed.toml,sha256=oul5m4II_sf2sYZcEMvEHduj0bgWEvXQNDPrKcWb9sM,7497
nldcsc_elastic_rules/rules/integrations/o365/collection_exchange_mailbox_access_by_unusual_client_app_id.toml,sha256=KBxdDHf1srLfnVCI7bQD5ExBQtn5mW3qWubNqTMiGZw,13130
nldcsc_elastic_rules/rules/integrations/o365/collection_exchange_new_inbox_rule.toml,sha256=dLFJYb2T-M1OPAhxQDF7_4MZrBpyyIVsjocAJfe3hj0,8134
nldcsc_elastic_rules/rules/integrations/o365/collection_onedrive_excessive_file_downloads.toml,sha256=-QjSBX6uM2bLcsEyM_oytaJgPjqDEhqQbStVmw1OGeQ,8505
nldcsc_elastic_rules/rules/integrations/o365/collection_sharepoint_file_download_via_powershell.toml,sha256=Em1GDqlrpM5BhhEXAkoGj8sdfX7LwKU-KyJIrjuIKMA,6014
nldcsc_elastic_rules/rules/integrations/o365/credential_access_entra_id_device_reg_via_oauth_redirection.toml,sha256=pb4Ck4fn4Q3ioO1J0KpLjliJ0rFNQlwI5raKtF72330,5758
nldcsc_elastic_rules/rules/integrations/o365/credential_access_entra_id_potential_user_account_brute_force.toml,sha256=eA7fN3Uan9O8xcY_G--97YY8zxBZPAmkPOPLM_7K5Hw,8759
nldcsc_elastic_rules/rules/integrations/o365/credential_access_identity_user_account_lockouts.toml,sha256=Cf8xtU8cy22uoZwK3eAWbGu_4CCplTIsDMk5pfLhiPY,6985
nldcsc_elastic_rules/rules/integrations/o365/defense_evasion_entra_id_susp_oauth2_authorization.toml,sha256=sdfULSVHMIb4Mc2uhJFgJ1KXqfXp7M-VnMWoCpMwiyk,10866
nldcsc_elastic_rules/rules/integrations/o365/defense_evasion_exchange_anti_phish_policy_deletion.toml,sha256=ketn8MxuVqiPDBF-pckonFaX3MQACzrEuq_zrrk7-5o,6072
nldcsc_elastic_rules/rules/integrations/o365/defense_evasion_exchange_anti_phish_rule_modification.toml,sha256=dPBqjYn6cm7uNw1aaxIQKGiGJwQfxrwtfvbhnfOzV-s,6070
nldcsc_elastic_rules/rules/integrations/o365/defense_evasion_exchange_dkim_signing_config_disabled.toml,sha256=b_ATbEeTHS5hHUpil08_2W5frMYTIyxjgqd0ZvEyWh8,6718
nldcsc_elastic_rules/rules/integrations/o365/defense_evasion_exchange_dlp_policy_removed.toml,sha256=2c_wcUqHnhLptoH4wJnCLrkLpE6Hn0CJW4LS807WwU8,5375
nldcsc_elastic_rules/rules/integrations/o365/defense_evasion_exchange_exchange_safelinks_disabled.toml,sha256=lzEPmQUy-daHBR3DEr-SzU2GmTVIcw3gwTeQZFDzdNE,6141
nldcsc_elastic_rules/rules/integrations/o365/defense_evasion_exchange_inbox_rule_obfuscated_name.toml,sha256=hcLHkKBaEVYhTcRVvoVaudEdIchzJfpij-I1zW2ql4Q,5492
nldcsc_elastic_rules/rules/integrations/o365/defense_evasion_exchange_mailbox_audit_bypass_association.toml,sha256=p31lKw9O5DttgPdAnSJ7yd3JQy0Mp9wDITv1yRrIIkY,6438
nldcsc_elastic_rules/rules/integrations/o365/defense_evasion_exchange_malware_filter_policy_deletion.toml,sha256=5IghON0BKlzmgUZKOoqksN3nPR_bi33iqmzvu_YzQxY,6023
nldcsc_elastic_rules/rules/integrations/o365/defense_evasion_exchange_malware_filter_rule_mod.toml,sha256=jQJ0kuXMOhYxU8lPoEJEQxWksCV9TYjqJim-NcQmuFw,6162
nldcsc_elastic_rules/rules/integrations/o365/defense_evasion_exchange_new_inbox_rule_delete_or_move.toml,sha256=TdPEh1Kf0Eb5HuchYAW4zR1MXquMRWbWGDBKAoy3aMg,6424
nldcsc_elastic_rules/rules/integrations/o365/defense_evasion_exchange_safe_attach_rule_disabled.toml,sha256=ACwtvrRO36wMDmlbFkokAkub1XnOBhdNhfAK5HrPFbo,6071
nldcsc_elastic_rules/rules/integrations/o365/defense_evasion_mfa_notification_email_deleted.toml,sha256=3HgJqBUbRpf3HepEZW4UaAqO16AThuYMLMJ_64055to,6308
nldcsc_elastic_rules/rules/integrations/o365/defense_evasion_sharepoint_sharing_policy_weakened.toml,sha256=t2RK1U_qeFCzJi_rpkaDZ1CEDwOzx1hLTZvTaviuVCw,7565
nldcsc_elastic_rules/rules/integrations/o365/defense_evasion_teams_custom_app_interaction_allowed.toml,sha256=lvy9t7GrIGRahe0aX1qIOgonRCdPLC-zeQuovHiECe0,6702
nldcsc_elastic_rules/rules/integrations/o365/defense_evasion_teams_external_access_enabled.toml,sha256=hU-F6bHMeDsPXLA9I1IJy3dh0-D-Wa_TjQ_IZ801mVw,5751
nldcsc_elastic_rules/rules/integrations/o365/discovery_sharepoint_sensitive_term_search.toml,sha256=01jW_gDIZvJrJtgAfLhE4oYpDMuPX4RKwYC_uSibTIQ,6088
nldcsc_elastic_rules/rules/integrations/o365/exfiltration_exchange_transport_rule_creation.toml,sha256=SmG_G_DRMWcmSm0UAkHKCvoTrukkk30nRKH8eHomVVQ,5980
nldcsc_elastic_rules/rules/integrations/o365/exfiltration_exchange_transport_rule_modification.toml,sha256=hcvrY6jTRN5TJ-9GymqwTaJ8r99FcpDzAJSVqCGM6pY,6593
nldcsc_elastic_rules/rules/integrations/o365/impact_security_compliance_potential_ransomware_activity.toml,sha256=huGBN6Vz_m6qyjToUpIBvIjtEk7xzzimSs2RTVisM2c,5907
nldcsc_elastic_rules/rules/integrations/o365/impact_security_compliance_unusual_volume_of_file_deletion.toml,sha256=JD0YUceNznPhmqqP8ZoKT7tri_0Zk3H2XaQKgSS7bEs,5900
nldcsc_elastic_rules/rules/integrations/o365/initial_access_entra_id_portal_login_atypical_travel.toml,sha256=7c2jLpYhjwYO5E7FVLPvERSVPZqsGotUid_zr0TCKdA,6133
nldcsc_elastic_rules/rules/integrations/o365/initial_access_entra_id_portal_login_impossible_travel.toml,sha256=h4qeNOFLIDnOZP3PSCRsE-5kf63DkdP8NiyhbuG6G-c,5593
nldcsc_elastic_rules/rules/integrations/o365/initial_access_identity_illicit_consent_grant_via_registered_application.toml,sha256=ZE4d6UQbmfRAS2_VGbT3scg2_UliSwe-lJuAfIeIU2c,6854
nldcsc_elastic_rules/rules/integrations/o365/initial_access_identity_oauth_device_code_grant_unusual_source_asn.toml,sha256=920p6mQxpaNQMHlLVazJ50xme1JXaIQnWeSdL_wCZmI,7945
nldcsc_elastic_rules/rules/integrations/o365/initial_access_identity_oauth_device_code_grant_unusual_user_noncompliant_device.toml,sha256=dCZ7Rez2rUg8KS4Ou0jpqXB7u-d8ZODMshBDKg9nxRg,7973
nldcsc_elastic_rules/rules/integrations/o365/initial_access_identity_oauth_phishing_via_first_party_microsoft_application.toml,sha256=Ib0Xz6salApLj0c2k-fx3fyPlgu6AcC0pcsncFoOdIE,9063
nldcsc_elastic_rules/rules/integrations/o365/initial_access_identity_unusual_sso_errors_for_user.toml,sha256=mX2dJB5yShZHEuYcgRkTD3aQ0sP7SOOK-kVQnKTEXgA,7183
nldcsc_elastic_rules/rules/integrations/o365/initial_access_security_compliance_user_reported_phish_malware.toml,sha256=yuUs6E8_tF7_Jg9I4St54zHr6FCFVigswRzBOkx9xH4,6400
nldcsc_elastic_rules/rules/integrations/o365/initial_access_security_compliance_user_restricted_from_sending_email.toml,sha256=VkBjAq4PMIOqXDdWdVLzbrdMZdlp2ef-V4zp6O81784,5667
nldcsc_elastic_rules/rules/integrations/o365/initial_access_teams_rogue_helpdesk_chat.toml,sha256=_XNxquh4p675f475PBusdo91ncCPMBsKSkj2CMFKqEA,5970
nldcsc_elastic_rules/rules/integrations/o365/initial_access_tycoon_o365.toml,sha256=qgWKsYRquMCdW_6QiarEtjVdQaEx08kkwfrZmqxS-pE,4345
nldcsc_elastic_rules/rules/integrations/o365/lateral_movement_onedrive_malware_uploaded.toml,sha256=dm5TIr2c2oGG8yD55UjhpJ1Hh5v9Zl03g02mmj_KGDg,6617
nldcsc_elastic_rules/rules/integrations/o365/lateral_movement_sharepoint_malware_uploaded.toml,sha256=nayHq0wfCDFR-GwQicPz6x1CBfEARQ5RM3ev3Ln3k-E,6622
nldcsc_elastic_rules/rules/integrations/o365/persistence_entra_id_global_administrator_role_assign.toml,sha256=4V31GUYAej7n-MBvsaiL6r80atKGNZQnaZ0KYorC0t8,5981
nldcsc_elastic_rules/rules/integrations/o365/persistence_exchange_management_role_assignment.toml,sha256=PZScQtyvACzBT8Io_1IkfNhpM8tlOGvoD8thSlGmGVg,6149
nldcsc_elastic_rules/rules/integrations/o365/persistence_exchange_suspicious_mailbox_permission_delegation.toml,sha256=Id6sKAfO7ADSqhT8-rdb_xPQjSf-aUtVhen8k-92i3Q,6445
nldcsc_elastic_rules/rules/integrations/o365/persistence_teams_guest_access_enabled.toml,sha256=CFTDWaVEdTaSlACKmHKTLH70R03garWHjOR7HPPMW1o,6000
nldcsc_elastic_rules/rules/integrations/o365/privilege_escalation_exchange_new_or_modified_federation_domain.toml,sha256=TT_foxi4J_0qNvxvA4ZOTqh_9QrpPoF8OTn9fUIfnD4,6952
nldcsc_elastic_rules/rules/integrations/o365/privilege_escalation_sharepoint_site_collection_admin_added.toml,sha256=lNCweMMK9FVmLcnIfHN6rJU213YYZmHVMVgipYLO4u8,5772
nldcsc_elastic_rules/rules/integrations/okta/credential_access_attempted_bypass_of_okta_mfa.toml,sha256=jioGrrUFnIT0_jb-EdcNm3b3sv1OJ8HFnk9M6KkSlvs,4608
nldcsc_elastic_rules/rules/integrations/okta/credential_access_attempts_to_brute_force_okta_user_account.toml,sha256=zNWU-cJ3vXQC2yjXyPqlc4XyRDPVzPO1lUfg8gh7JF8,4762
nldcsc_elastic_rules/rules/integrations/okta/credential_access_multiple_auth_events_from_single_device_behind_proxy.toml,sha256=9ZN81NdY5F7ZpsYWdnPNYBi6kQOpRxfB0bmAf5IxT1g,6960
nldcsc_elastic_rules/rules/integrations/okta/credential_access_multiple_device_token_hashes_for_single_okta_session.toml,sha256=Sqxyn7-NUo7MxOQM9PDC9dNbv7NoKUFhr7ELeZsh2Es,8656
nldcsc_elastic_rules/rules/integrations/okta/credential_access_multiple_user_agent_os_authentication.toml,sha256=E-lsrZWowOD-ss6GsI6g88y6zaJTQyB0iHcCvUaczh0,4746
nldcsc_elastic_rules/rules/integrations/okta/credential_access_okta_aitm_session_cookie_replay.toml,sha256=wQTIFnDyGdBpKfvjJZlqOZobpO9o3gYzZ4Bf-y0OuDY,9499
nldcsc_elastic_rules/rules/integrations/okta/credential_access_okta_authentication_for_multiple_users_with_the_same_device_token_hash.toml,sha256=KPBGRkqiU3Hj6byqkRI623md9EnUlpbS_7KZrMfSIVE,7707
nldcsc_elastic_rules/rules/integrations/okta/credential_access_okta_brute_force_device_token_rotation.toml,sha256=MnqBjtspEQq-Oitn7VViyP-2lIBpei3quF0wFr-qsg8,6747
nldcsc_elastic_rules/rules/integrations/okta/credential_access_okta_brute_force_multi_source.toml,sha256=9uk5Z7bVsnyGzzCq3bBLc8DrlWniDWrrCmjviEVKWcw,6328
nldcsc_elastic_rules/rules/integrations/okta/credential_access_okta_credential_stuffing_single_source.toml,sha256=fwHfTaTlwhcItMo_H5YH4bntW1YxyU9qwSxI3Ubkqt8,7773
nldcsc_elastic_rules/rules/integrations/okta/credential_access_okta_mfa_bombing_via_push_notifications.toml,sha256=8Q_4YUOGi0-1KxvgWSdzF5-W36_nOV71kPX3RDe1wc4,5367
nldcsc_elastic_rules/rules/integrations/okta/credential_access_okta_password_spray_multi_source.toml,sha256=f68GM4elxdbzvp2hOoewiMjVch-1q8ioZVD6FyloGx0,6652
nldcsc_elastic_rules/rules/integrations/okta/credential_access_okta_password_spray_single_source.toml,sha256=dC8zxYkQ6WIB9JkhZmjES-2jLt_M2g9NmPonygBmPiU,7991
nldcsc_elastic_rules/rules/integrations/okta/credential_access_okta_potentially_successful_okta_bombing_via_push_notifications.toml,sha256=TLdD_whzn9VkNdNTk8BuGcFfjAEqgx3yLmY8kjHtYxg,5514
nldcsc_elastic_rules/rules/integrations/okta/credential_access_okta_successful_login_after_credential_attack.toml,sha256=wAey0k3nz3ihAgZMgvWMjOR49JmxEaILBcStr4HIZmE,10001
nldcsc_elastic_rules/rules/integrations/okta/credential_access_user_impersonation_access.toml,sha256=M7PZrOD9yHJ_PSCnbqaLeus4gFCxqnhuAYC6ZkxD6Yo,4336
nldcsc_elastic_rules/rules/integrations/okta/defense_evasion_attempt_to_deactivate_okta_network_zone.toml,sha256=spo6a-soj7CuMuWNiDZ5NaDOXKb2VAbCP40_xHXXnR0,4659
nldcsc_elastic_rules/rules/integrations/okta/defense_evasion_attempt_to_delete_okta_network_zone.toml,sha256=wbfHSZJy__hL8PmQgpOr__YMHbFfkAFpZ1bmERyYl20,4393
nldcsc_elastic_rules/rules/integrations/okta/defense_evasion_first_occurence_public_app_client_credential_token_exchange.toml,sha256=9ifwRqsHUZSy98VTCshJAG6nHDu7YV55RL-QcFnAhu8,7088
nldcsc_elastic_rules/rules/integrations/okta/defense_evasion_okta_attempt_to_deactivate_okta_policy.toml,sha256=x8CIx2Lsbag6E7bBg79Ot-eOLXGxei7TOsTtj9SSCYg,5553
nldcsc_elastic_rules/rules/integrations/okta/defense_evasion_okta_attempt_to_deactivate_okta_policy_rule.toml,sha256=_4G9e-Axq72uvqf7-mfXMv9lZfUpl3DGg2iugXSbADU,5375
nldcsc_elastic_rules/rules/integrations/okta/defense_evasion_okta_attempt_to_delete_okta_policy.toml,sha256=xK7eNrXTM9TFX2b4aYx2v6mTOqo0YqY-OsWOTumPxdc,5881
nldcsc_elastic_rules/rules/integrations/okta/defense_evasion_okta_attempt_to_delete_okta_policy_rule.toml,sha256=cfBf-k9v5s7qw1pUEYiMraaFC7XOxO2lsLwF-WPpmhI,5201
nldcsc_elastic_rules/rules/integrations/okta/defense_evasion_okta_attempt_to_modify_okta_network_zone.toml,sha256=Gda579zM-SdymD74zD8fQgfhtZtglQswaJvl61mzinY,5218
nldcsc_elastic_rules/rules/integrations/okta/defense_evasion_okta_attempt_to_modify_okta_policy.toml,sha256=Xsc_1wQ_t-FufdTBLQhx06UGYt3Gzdww5hlYjP6vxZ0,4492
nldcsc_elastic_rules/rules/integrations/okta/defense_evasion_okta_attempt_to_modify_okta_policy_rule.toml,sha256=E0WHqIAPkrQ2QkQoUCM9Gd75FuPwmPHuOcT2qsx2dGs,4778
nldcsc_elastic_rules/rules/integrations/okta/defense_evasion_suspicious_okta_user_password_reset_or_unlock_attempts.toml,sha256=-DlPaFj6Zzq4vEkRK7x1iE8m6tEFQ4IjNgSU8nthhRA,5798
nldcsc_elastic_rules/rules/integrations/okta/impact_attempt_to_revoke_okta_api_token.toml,sha256=TmQZJto6uqCx6jzxuAl6wH-AJW7YWpDGqnAwGZuFU9Y,3637
nldcsc_elastic_rules/rules/integrations/okta/impact_okta_attempt_to_deactivate_okta_application.toml,sha256=8x_qSLOcF2lZhmWOGpWyjG_g5Z3UauYVQTcTY-T9mEw,4377
nldcsc_elastic_rules/rules/integrations/okta/impact_okta_attempt_to_delete_okta_application.toml,sha256=9qfEYjrSfvf-lOhoUjZdK4TyLXmZuCwKWgwuz_wIQm4,5768
nldcsc_elastic_rules/rules/integrations/okta/impact_okta_attempt_to_modify_okta_application.toml,sha256=ppd3mIncq17UZKrC9WkJU53PzLpVkNtrrvH71iPcJ4Q,5676
nldcsc_elastic_rules/rules/integrations/okta/impact_possible_okta_dos_attack.toml,sha256=VuB2k6y4g1dU4e67_-uk5go3pRHo4bh82VrHO8poSN0,6358
nldcsc_elastic_rules/rules/integrations/okta/initial_access_first_occurrence_user_session_started_via_proxy.toml,sha256=ADfGe4cY56HUSLp0YlhdNLhHVlZyqMhP210K1yRM4Ks,4665
nldcsc_elastic_rules/rules/integrations/okta/initial_access_okta_fastpass_phishing.toml,sha256=kgfa23YB-z47ZWHfFoB-XVL5WMKhecN8DORrxI9VHMA,6188
nldcsc_elastic_rules/rules/integrations/okta/initial_access_okta_suspicious_activity_after_proxy_authentication.toml,sha256=j8TY9jWqJBxsc9IPaX_B19jibNncB8yPomw7rpzcci4,4840
nldcsc_elastic_rules/rules/integrations/okta/initial_access_okta_user_attempted_unauthorized_access.toml,sha256=d38fo_5JMXDEam9P1Qf6zkAYFHRrFTKABwQYC2iWGG0,5798
nldcsc_elastic_rules/rules/integrations/okta/initial_access_okta_user_sessions_started_from_different_geolocations.toml,sha256=F-W4nv-OjL7hEBGkt0W4wbFhCtihWikhIHHlM0nhDfc,6373
nldcsc_elastic_rules/rules/integrations/okta/initial_access_sign_in_events_via_third_party_idp.toml,sha256=QUxnK0Nq4sDMSpVVzJoH5uGyigr1zTozXekLClr7qZ0,6531
nldcsc_elastic_rules/rules/integrations/okta/initial_access_successful_application_sso_from_unknown_client_device.toml,sha256=P0-xc5piOBlItmv6daMmOmsLpHimBnCO7IyKzeiq6XI,5936
nldcsc_elastic_rules/rules/integrations/okta/initial_access_suspicious_activity_reported_by_okta_user.toml,sha256=UkeYIH1f0lY-7J1HJ4GweiY8kHUKnaZP7hWyERm8srM,6619
nldcsc_elastic_rules/rules/integrations/okta/lateral_movement_multiple_sessions_for_single_user.toml,sha256=T-Hro2DhyaNExp5x5lThLWNNMkiTuYQ8FHoT7oeXMRI,6411
nldcsc_elastic_rules/rules/integrations/okta/okta_threatinsight_threat_suspected_promotion.toml,sha256=-KsOHxmz6Cx0-dRYcywlX5T4fOLXy6k4C8Hp2bQDksA,2402
nldcsc_elastic_rules/rules/integrations/okta/persistence_administrator_privileges_assigned_to_okta_group.toml,sha256=Sh2tFDlSPAZBUqro2Td2MnfEEYtd3RUObNiSAtlMm0s,6478
nldcsc_elastic_rules/rules/integrations/okta/persistence_administrator_role_assigned_to_okta_user.toml,sha256=Gi5keUTLCkK7fQWL_TgeXZTmMOPycYKeH0OHam6PJTc,6633
nldcsc_elastic_rules/rules/integrations/okta/persistence_attempt_to_create_okta_api_token.toml,sha256=rwvtv1K8vUXHJ8zXQDAQb9sMZrMZxKp1H7JMr2rquzM,5908
nldcsc_elastic_rules/rules/integrations/okta/persistence_attempt_to_reset_mfa_factors_for_okta_user_account.toml,sha256=qlZcmhDUXRmISzzMQl0Ah9Y7y-Q5paso-v1j6ObXKfU,6137
nldcsc_elastic_rules/rules/integrations/okta/persistence_mfa_deactivation_with_no_reactivation.toml,sha256=vdL33y6j-K2BZcdSHlAANN6J40PYbL3K44rnPDyont8,5348
nldcsc_elastic_rules/rules/integrations/okta/persistence_new_idp_successfully_added_by_admin.toml,sha256=fL4gSOvxh1WfsnOQj9YgEaSZ_-YBRkLkVwFnl0fzZMI,5099
nldcsc_elastic_rules/rules/integrations/okta/persistence_okta_attempt_to_modify_or_delete_application_sign_on_policy.toml,sha256=LDE_cX7mCAgTYkre_g3wEsVoqJsYtL2ktR3OKO8Zj5Q,6588
nldcsc_elastic_rules/rules/integrations/okta/persistence_stolen_credentials_used_to_login_to_okta_account_after_mfa_reset.toml,sha256=YrO4Ua4WIc4-5cjGnospelkq_iJ7z33H1zE6TogCpi4,5866
nldcsc_elastic_rules/rules/integrations/pad/privileged_access_ml_linux_high_count_privileged_process_events_by_user.toml,sha256=6hZm96tYj0DGZY2jVzBhg6pRWSFPa4BzS6IuJGQb6dw,7428
nldcsc_elastic_rules/rules/integrations/pad/privileged_access_ml_linux_high_median_process_command_line_entropy_by_user.toml,sha256=KPO_VMyYhHm_hmk3Iyn2MDEXU0-7HxFtDM5ol2ARtrs,7083
nldcsc_elastic_rules/rules/integrations/pad/privileged_access_ml_linux_rare_process_executed_by_user.toml,sha256=QKF88s7tpixyyAVB5ztkX7NZrs3eBlZDoad3U9Lxnec,6903
nldcsc_elastic_rules/rules/integrations/pad/privileged_access_ml_okta_high_sum_concurrent_sessions_by_user.toml,sha256=zDZIwnvcUdjvcr1QMU5ROBAG1D6wZcP8aI4FXr4hlX4,7557
nldcsc_elastic_rules/rules/integrations/pad/privileged_access_ml_okta_rare_host_name_by_user.toml,sha256=B1jWWOGLRRGmw7kGdQkaTh4znWWGw2EwBIjZqek6vgY,7512
nldcsc_elastic_rules/rules/integrations/pad/privileged_access_ml_okta_rare_region_name_by_user.toml,sha256=Uh79L15z3aLZ9FsbaxTwt3U_b1JPRYpc8zOaoEgCxak,7419
nldcsc_elastic_rules/rules/integrations/pad/privileged_access_ml_okta_rare_source_ip_by_user.toml,sha256=BTOwTqwxvNSo9BF-ph2_dNOh1Jeo4oCqZJulA-MNT94,7064
nldcsc_elastic_rules/rules/integrations/pad/privileged_access_ml_okta_spike_in_group_application_assignment_changes.toml,sha256=Y_aH9SbQYOnwPu6jsrz6P1XtKyIV-D4AVxS4MWYVEqY,7124
nldcsc_elastic_rules/rules/integrations/pad/privileged_access_ml_okta_spike_in_group_lifecycle_changes.toml,sha256=SmMwJEAU-f_38taifcShSAfuaCQzxRh7741PXQQnDUg,7755
nldcsc_elastic_rules/rules/integrations/pad/privileged_access_ml_okta_spike_in_group_membership_changes.toml,sha256=TRU44-rzBuRVjh4BauHJefZwAlGCN_5vCr9iwceomOE,7241
nldcsc_elastic_rules/rules/integrations/pad/privileged_access_ml_okta_spike_in_group_privilege_changes.toml,sha256=BWy-4x7jcL9mqNBCZf4yH7ttkScMU6kbRnjwoheahG8,7104
nldcsc_elastic_rules/rules/integrations/pad/privileged_access_ml_okta_spike_in_user_lifecycle_management_changes.toml,sha256=htZ70IqvbsjSjk4hBBrhGTSTJAFbHbALFeGQLenCXHQ,7323
nldcsc_elastic_rules/rules/integrations/pad/privileged_access_ml_windows_high_count_group_management_events.toml,sha256=NAZs9M_W7iMBtdy9Ruwoy83f62W0B7kIxv1V6qrbCuE,7560
nldcsc_elastic_rules/rules/integrations/pad/privileged_access_ml_windows_high_count_special_logon_events.toml,sha256=8p8xSM_1x1sXoR0LXnr7Rwqd7HtZxdQttnUTzB5qocE,7122
nldcsc_elastic_rules/rules/integrations/pad/privileged_access_ml_windows_high_count_special_privilege_use_events.toml,sha256=EXpuOWKY95Qk7wziyF1GA6UBxn3Rxnh4kdWRrsGPr8o,7526
nldcsc_elastic_rules/rules/integrations/pad/privileged_access_ml_windows_high_count_user_account_management_events.toml,sha256=0Xueh4ZRYV5sDXElOrCnP2PJDTj2DFyQsZPy9siLxHE,7983
nldcsc_elastic_rules/rules/integrations/pad/privileged_access_ml_windows_rare_device_by_user.toml,sha256=6fnLnAbfjk6ScUtzlJRoO5KKbKTRnCD3ymLnmp-ewso,7113
nldcsc_elastic_rules/rules/integrations/pad/privileged_access_ml_windows_rare_group_name_by_user.toml,sha256=1JI1TGRdggcaNwSx8YUfZkhoSVUvZeOxvDJ91nyIt3I,8546
nldcsc_elastic_rules/rules/integrations/pad/privileged_access_ml_windows_rare_privilege_assigned_to_user.toml,sha256=dPTUIjpZky_6XPqlPZKAZzPQd2uzAKq_wvZfUYiPEcc,7630
nldcsc_elastic_rules/rules/integrations/pad/privileged_access_ml_windows_rare_region_name_by_user.toml,sha256=oiUWTLtjKqC6-KK3hJ3kGAvyUOuWxZDi9pkU9Q7NjRw,7087
nldcsc_elastic_rules/rules/integrations/pad/privileged_access_ml_windows_rare_source_ip_by_user.toml,sha256=A9GhabGkJ2Aol5769EiZIorelfy7DLezJvRBBV2GYN0,7365
nldcsc_elastic_rules/rules/integrations/problemchild/defense_evasion_ml_rare_process_for_a_host.toml,sha256=sjA1pq7Yie7ToQAnYQHchfsam0WHwcHSJjcvqriC2MI,7192
nldcsc_elastic_rules/rules/integrations/problemchild/defense_evasion_ml_rare_process_for_a_parent_process.toml,sha256=WC7z0D_en1CcOnsFpidKATBC0raZY7lKXoA6qI2b1T0,7295
nldcsc_elastic_rules/rules/integrations/problemchild/defense_evasion_ml_rare_process_for_a_user.toml,sha256=KxCCA1gtWaTSgXPrchvjcQQoM2ithUMgcPeeSV5EOzI,7462
nldcsc_elastic_rules/rules/integrations/problemchild/defense_evasion_ml_suspicious_windows_event_high_probability.toml,sha256=rOdtOoLCvQ8TUwvKtPE48QQ8Bj4H4CYqBcD6kEA2X6c,9115
nldcsc_elastic_rules/rules/integrations/problemchild/defense_evasion_ml_suspicious_windows_event_low_probability.toml,sha256=rHhQJBcQcNUJY51FPOG9eBb7FiPbde1ZqyjkeYcppKY,8993
nldcsc_elastic_rules/rules/integrations/problemchild/defense_evasion_ml_suspicious_windows_process_cluster_from_host.toml,sha256=p8iYuArVNYoBfD1JAhDq0Gsg5pvFwNPkbLiDE2mHV20,7634
nldcsc_elastic_rules/rules/integrations/problemchild/defense_evasion_ml_suspicious_windows_process_cluster_from_parent_process.toml,sha256=iP2EvZ93uWkJNr-SekiqZZ2o7RUwknx7M1mupv5u4kM,7868
nldcsc_elastic_rules/rules/integrations/problemchild/defense_evasion_ml_suspicious_windows_process_cluster_from_user.toml,sha256=T-vYW7wy3z7ZgfEZcOqmfa4uJ3TGmQx4YqLij9wzGP0,7612
nldcsc_elastic_rules/rules/linux/collection_linux_clipboard_activity.toml,sha256=_OkgdYKcU3vE87fXOAF2AADGr0wUpZ6zNOGh69izDaE,5801
nldcsc_elastic_rules/rules/linux/collection_potential_audio_recording_activity.toml,sha256=2H7x-URs5inD9pvEe8fdtqlNJAeStLBpgC-d3hdk-W8,6120
nldcsc_elastic_rules/rules/linux/collection_potential_video_recording_or_screenshot_activity.toml,sha256=_B9UD4KmLfBXC6Z5EgmwSHW9QeFdmFe4Me90lxTMaA4,6079
nldcsc_elastic_rules/rules/linux/command_and_control_auditd_curl_wget_from_container.toml,sha256=XNdCCc-k6WNCyOyYC3lUiH6UQKOlVzCXSD-lVSLUzhs,5348
nldcsc_elastic_rules/rules/linux/command_and_control_aws_cli_endpoint_url_used.toml,sha256=HbcwQ88zqre2AtA88DsOfcSzaO_SIbTyBUMVGhwfpVQ,6237
nldcsc_elastic_rules/rules/linux/command_and_control_cat_network_activity.toml,sha256=8fJdmSK2M1nQemSP-8hPeuah9Fj_sg9_-vp1xyFYurw,10351
nldcsc_elastic_rules/rules/linux/command_and_control_cupsd_foomatic_rip_netcon.toml,sha256=O-SdrxvtzaBogES41K4ADVH4DKHNkvK0B47NN-aQlTQ,8419
nldcsc_elastic_rules/rules/linux/command_and_control_curl_socks_proxy_detected.toml,sha256=m58TXhlddbBpR_vV37GrInymqtjL8bjMRTX137kIWpo,9582
nldcsc_elastic_rules/rules/linux/command_and_control_frequent_egress_netcon_from_sus_executable.toml,sha256=LgN345o16roaWGbqAxIjrzrrfJawOOD1-Rk5xtqNwCg,10133
nldcsc_elastic_rules/rules/linux/command_and_control_git_repo_or_file_download_to_sus_dir.toml,sha256=w6KlG2h-mzVsgBrn1sfZx7gFKGc53qfCi5phwhHUl3M,9202
nldcsc_elastic_rules/rules/linux/command_and_control_ip_forwarding_activity.toml,sha256=JkpmHnbROYZdNHsMCKr9aG6amsVVyOYr9NS7thL02iQ,6822
nldcsc_elastic_rules/rules/linux/command_and_control_linux_chisel_client_activity.toml,sha256=c4frGPIRa09Fg9hsO2Cv2DwS6ieLVhIKnHV7Sqh8hCk,10492
nldcsc_elastic_rules/rules/linux/command_and_control_linux_kworker_netcon.toml,sha256=52hjQsC271unTwnlMxsGo59BWMJzVcuI9a2pbxjzSgE,8640
nldcsc_elastic_rules/rules/linux/command_and_control_linux_proxychains_activity.toml,sha256=DKQ2_eMLFrx_iruQqAECLcJw220LuQpe5tILDE3rr4c,8086
nldcsc_elastic_rules/rules/linux/command_and_control_linux_ssh_x11_forwarding.toml,sha256=jHpc2UY18ioj2LJbCKrQRKMviWiR6Pvy7cruF8YOMmg,7962
nldcsc_elastic_rules/rules/linux/command_and_control_linux_suspicious_proxychains_activity.toml,sha256=sousGkMY8yDufa3Fez1IuMo4te1z65ZHTzTtedH0Bd4,10576
nldcsc_elastic_rules/rules/linux/command_and_control_linux_tunneling_and_port_forwarding.toml,sha256=n9cwH9K1UGEnKWoFTCN1wM8AbB2gxLi6MTZalB5JCVY,11684
nldcsc_elastic_rules/rules/linux/command_and_control_linux_tunneling_via_ssh_option.toml,sha256=vre38rbY3ECf1L7RGs7doW28Ktz6UW1fXjZi6wdgpy8,8418
nldcsc_elastic_rules/rules/linux/command_and_control_potential_tunneling_command_line.toml,sha256=GTmAy-0STaG3ES69PPm0Qmm5Cu-QL7g6_E3jUpvwdHs,10589
nldcsc_elastic_rules/rules/linux/command_and_control_suspicious_network_activity_from_unknown_executable.toml,sha256=bmYg0m0BU7wtyAXpu0ia464AAOzmEV9WZJ28EODdezo,15668
nldcsc_elastic_rules/rules/linux/command_and_control_telegram_api_request.toml,sha256=JRgK7mgoUy4djUO1h2D2r4B5rg4C4fhEZeSbFwGqWLE,8919
nldcsc_elastic_rules/rules/linux/command_and_control_tunneling_via_earthworm.toml,sha256=xSIEKMCtmthBDvoq2KKkPQwj9K_HGoCP9cvbfaqOjAo,11537
nldcsc_elastic_rules/rules/linux/credential_access_auditd_sensitive_cloud_and_host_identity_file_open.toml,sha256=PDI7wEu9IL1fORmgZOqfLZoRc0wLzlAl5-tPAMh9-_4,9749
nldcsc_elastic_rules/rules/linux/credential_access_aws_creds_search_inside_container.toml,sha256=Fa8NusczicYjW6jVjh1EgwhSJgJ9E8qEtQiisLg4ur4,8916
nldcsc_elastic_rules/rules/linux/credential_access_collection_sensitive_files.toml,sha256=e45OKmF0yZizW1DD7wyOSiwx3Y46BnPV6S5RC9QbX4M,11138
nldcsc_elastic_rules/rules/linux/credential_access_collection_sensitive_files_compression_inside_container.toml,sha256=cfgk7fGdm8E5Dsu3UNrOW8eefgSSxfy9OTNjsm3t6Mw,8561
nldcsc_elastic_rules/rules/linux/credential_access_credential_dumping.toml,sha256=3ePtCX_AaWM_iF7EospCh2dHRp_MFpvqd2JmxiKcftw,8459
nldcsc_elastic_rules/rules/linux/credential_access_gdb_init_process_hooking.toml,sha256=yerHkvxknFHKV6Ge6839BRyly09qxdbCmYnWL_gVzLA,8279
nldcsc_elastic_rules/rules/linux/credential_access_gdb_process_hooking.toml,sha256=zeBWFcOuYsSdZQPfmZRIF6RJKYrFCzV0Kq0hPz33uXs,6403
nldcsc_elastic_rules/rules/linux/credential_access_gh_auth_via_nodejs.toml,sha256=OpwBgglMIWLwnzBQRO-IkbyjEDuTARyM0XfXT70sNcU,5032
nldcsc_elastic_rules/rules/linux/credential_access_kubernetes_and_cloud_credential_paths_via_process_args.toml,sha256=9Oahn64XYwmV0pMfuwMNvTokGXwZ9gRSyf_ENUjS9q4,5349
nldcsc_elastic_rules/rules/linux/credential_access_kubernetes_service_account_secret_access.toml,sha256=ixpfMSiQGtBjfX5nXsjUtEu8q2PIW5ZGo319aQzEGPw,9971
nldcsc_elastic_rules/rules/linux/credential_access_manual_memory_dumping.toml,sha256=u_ltI-7f_UbCkzkO98Qc9Ie-N62hNXdObwbw9QapO_w,9010
nldcsc_elastic_rules/rules/linux/credential_access_potential_linux_local_account_bruteforce.toml,sha256=XI9BQlkXR4xrwaMokgaaQ1_GJtEHNKI0I0rOeTkscH4,8888
nldcsc_elastic_rules/rules/linux/credential_access_potential_linux_ssh_bruteforce_external.toml,sha256=8ipFIiZE7dCgBXpJVPSkbc66PgwHXZAtA_gdSkIaBXE,6300
nldcsc_elastic_rules/rules/linux/credential_access_potential_linux_ssh_bruteforce_internal.toml,sha256=sZnGNC3OIKVVIAj1pL1jB2KiP0V7tJGG-_clv1w7N1M,6276
nldcsc_elastic_rules/rules/linux/credential_access_potential_password_spraying_attack.toml,sha256=fxqjBX5I2nL-S-eXuXppOuwGdfD_Gcx77AqaISOj1YQ,6443
nldcsc_elastic_rules/rules/linux/credential_access_potential_successful_linux_ssh_bruteforce.toml,sha256=o0gT1jL_3dI1DTrg7bvg0wehp1peKhqXlBxmpEAUPH8,7144
nldcsc_elastic_rules/rules/linux/credential_access_proc_credential_dumping.toml,sha256=Q250-AmHoDDDI-7-mJH-Lw6On-3MHFds93WVAokuyjM,9124
nldcsc_elastic_rules/rules/linux/credential_access_segfault_from_sensitive_process.toml,sha256=3D8T2HZ47exsIRnCNrhIch28LdAVnd3qLl4dhAb0nc8,7011
nldcsc_elastic_rules/rules/linux/credential_access_sensitive_keys_or_passwords_search_inside_container.toml,sha256=uTO9c62N79xZtIDlzmdekMt9fSdbvXtMKBxORydU-vY,8537
nldcsc_elastic_rules/rules/linux/credential_access_ssh_backdoor_log.toml,sha256=BiZfbtgXb4h7kXrcapOPbyreIUTjuSxjQg46K_vuA3s,11504
nldcsc_elastic_rules/rules/linux/credential_access_ssh_password_grabbing_via_strace.toml,sha256=bF-PdFOORfeu1UWu8hUmcYO2siA87bhwHo1MXejKRLA,5728
nldcsc_elastic_rules/rules/linux/defense_evasion_acl_modification_via_setfacl.toml,sha256=WhGAdJaa58E0HAySHkOoXgRd9N9A_Y0nyVMKeFW0Nvc,6139
nldcsc_elastic_rules/rules/linux/defense_evasion_apparmor_exploitation_via_sys_fs.toml,sha256=m2DVAFXJci7hHvwuzQHyKOVrQxk7JcZbYS_BpYxPBXQ,9274
nldcsc_elastic_rules/rules/linux/defense_evasion_apparmor_policy_access.toml,sha256=-4uhgId39nTCzJyoH9GDYnyngQt7zcSJXny610ud7pU,8371
nldcsc_elastic_rules/rules/linux/defense_evasion_apparmor_policy_violation.toml,sha256=urYIugMMdENIE_ACsftQs_yJfg_paMHVYK4Y8HtS-EQ,7739
nldcsc_elastic_rules/rules/linux/defense_evasion_apparmor_profile_compilation.toml,sha256=MVw1-5D3nSuf3JcOJoJuasK_ffCr5_s_GMH2GCtHgt4,8947
nldcsc_elastic_rules/rules/linux/defense_evasion_attempt_to_disable_auditd_service.toml,sha256=wlxsv_daWwLwOdge99xuqQarSoWuAA1l5Z0PNGQ1d8c,8166
nldcsc_elastic_rules/rules/linux/defense_evasion_attempt_to_disable_iptables_or_firewall.toml,sha256=ewjSE9KwByNpN3eIObUTipqvzUmxgI_WFXW8wWyqYeY,9163
nldcsc_elastic_rules/rules/linux/defense_evasion_attempt_to_disable_syslog_service.toml,sha256=rbvQP2aGptIIHkSc7tBSxLArlQvjm3C4qxN2AfH1kCE,10241
nldcsc_elastic_rules/rules/linux/defense_evasion_authorized_keys_file_deletion.toml,sha256=hWnPbBRXGbQNaR5wLQ5KodXFd6L_n9HXqg0cR3PzBq4,8133
nldcsc_elastic_rules/rules/linux/defense_evasion_base16_or_base32_encoding_or_decoding_activity.toml,sha256=UUsR_2bO2-pWQX2w_LnygcYrzdFVCEGpfCEhrFvtTt0,10191
nldcsc_elastic_rules/rules/linux/defense_evasion_base64_decoding_activity.toml,sha256=MI4thrBxvVTr7HDb7JBJq6VSiDEFpTTGrsga4-jgodc,11156
nldcsc_elastic_rules/rules/linux/defense_evasion_binary_copied_to_suspicious_directory.toml,sha256=PJwrfjeTFrIDPU4Z05CwxCAWFHZ1OwM5GS--mIWNg5s,8423
nldcsc_elastic_rules/rules/linux/defense_evasion_bpf_program_tampering.toml,sha256=P0hNULY4rWRasED_KbQzRwNqlRBHFXkMPjI1Se_TCHY,6701
nldcsc_elastic_rules/rules/linux/defense_evasion_busybox_indirect_shell_spawn.toml,sha256=jfzhhJJOkWjPvGILtaEwcqJeydqi5QM8Eio8tnWh7Rs,8851
nldcsc_elastic_rules/rules/linux/defense_evasion_chattr_immutable_file.toml,sha256=KMfaOCSonrVniQOfgVNQrTe1oz42paQkB9bleA0iqsY,10425
nldcsc_elastic_rules/rules/linux/defense_evasion_clear_kernel_ring_buffer.toml,sha256=jlKYPKbs_lBF6mgYI1ClSiIgg0sFXjr-rRsIz4NURBI,8054
nldcsc_elastic_rules/rules/linux/defense_evasion_creation_of_hidden_files_directories.toml,sha256=MJP2WYfkRMThDmSrxCTN-KSGy78gPTC8j6uLuHD1Hr8,5554
nldcsc_elastic_rules/rules/linux/defense_evasion_curl_or_wget_executed_via_lolbin.toml,sha256=RZZdAcatLYTX_OkYfJJn6IjpZZ8ws7C37XiZgIkoO60,12587
nldcsc_elastic_rules/rules/linux/defense_evasion_directory_creation_in_bin.toml,sha256=6o51n9bAq3yeZruwADXsT8n14j86j0-EFpRLnpD3eyw,8663
nldcsc_elastic_rules/rules/linux/defense_evasion_disable_apparmor_attempt.toml,sha256=5Mqq4JhNl3KWypBNlZ3PRap9e7juVTO1sx7h3mtUl4U,8699
nldcsc_elastic_rules/rules/linux/defense_evasion_disable_selinux_attempt.toml,sha256=cXzdqBucVnJylkAsTEBdB4dWVg40j8ID0i5Gd6hVEyU,9270
nldcsc_elastic_rules/rules/linux/defense_evasion_doas_configuration_creation_or_rename.toml,sha256=PYFMiHiku-0MLa2pyiVX0T7765xTWznd14Nu41Ei5kw,8033
nldcsc_elastic_rules/rules/linux/defense_evasion_dynamic_linker_file_creation.toml,sha256=cyhAyNMvcNyBth1LxSe1L6Lr0SJeoqsG5sqzdQi0Jpk,10715
nldcsc_elastic_rules/rules/linux/defense_evasion_esxi_suspicious_timestomp_touch.toml,sha256=LR7nv5kcnab8M6Zy11Nj1eCYG9cTJjlbwCE1S4iGGZI,8400
nldcsc_elastic_rules/rules/linux/defense_evasion_file_creation_world_writeable_dir_by_unusual_process.toml,sha256=9d65rUiwb9Vwm0Pf9Lmt4AjlnQbbsHrULHZaBGGvXxI,8848
nldcsc_elastic_rules/rules/linux/defense_evasion_file_deletion_via_shred.toml,sha256=DAWj-zYr-SaElMec6yyx6PMenBN55ctOmpyTBopbHMM,8084
nldcsc_elastic_rules/rules/linux/defense_evasion_file_mod_writable_dir.toml,sha256=IfsHMIjP0FWn5yYXhJm4Qg3tb-QOoRJJ_N67LCKL5yA,9847
nldcsc_elastic_rules/rules/linux/defense_evasion_hex_payload_execution_via_commandline.toml,sha256=1rc3sUp5VsmXgSpVUG0x0bI3b3n_7O4mx6hLvvE22ao,8692
nldcsc_elastic_rules/rules/linux/defense_evasion_hex_payload_execution_via_utility.toml,sha256=PBj7Bq0gI9_EGIk8D3wLGK0JWn7SD74n8iY0_NQQylM,9660
nldcsc_elastic_rules/rules/linux/defense_evasion_hidden_directory_creation.toml,sha256=KDo5Yziw7zmWcYLF-kbQB2iQi1Gb19ZHs5TueyaB5G8,8734
nldcsc_elastic_rules/rules/linux/defense_evasion_hidden_file_dir_tmp.toml,sha256=jDBiezk8YZmghhUupwgx4Y2oLjALq3B1JpyrM-cVQgw,10236
nldcsc_elastic_rules/rules/linux/defense_evasion_hidden_shared_object.toml,sha256=Xer440a3Vsv4I0i7TZOUWtUPxSzs-3233RzMGABFOH0,9437
nldcsc_elastic_rules/rules/linux/defense_evasion_interactive_shell_from_system_user.toml,sha256=AP4w2luCS6S8sz94_SrR75HDcN3kdAOXL-SM80Ye9Wg,10198
nldcsc_elastic_rules/rules/linux/defense_evasion_interpreter_launched_from_decoded_payload.toml,sha256=sX2uWbjL_S3RFsPmkabAl6JbZmFv-jYVVpftE77iYU8,10751
nldcsc_elastic_rules/rules/linux/defense_evasion_journalctl_clear_logs.toml,sha256=49ezxY359A0LAkqgZ6glhU1gxFGc_npbfZ8EeLMqNfc,8526
nldcsc_elastic_rules/rules/linux/defense_evasion_kernel_module_removal.toml,sha256=2VsHHvaN6B10OOEA3OSfSpr7PXVhybpYsbFwUOLUSqc,9074
nldcsc_elastic_rules/rules/linux/defense_evasion_kill_command_executed.toml,sha256=-8ll3-I3PfOGybBtk16JTHc5Xf-47fu8eDiFIlO7PIA,9582
nldcsc_elastic_rules/rules/linux/defense_evasion_kthreadd_masquerading.toml,sha256=Xj91yLuFc6UVaiWtJ3mFYWChDSNKHhJW6ld0Jk1HKl8,8454
nldcsc_elastic_rules/rules/linux/defense_evasion_ld_preload_cmdline.toml,sha256=k2e2qrgshCquC5N3XlEIjvTanp7Xtn_ui5c3CltOT20,9861
nldcsc_elastic_rules/rules/linux/defense_evasion_ld_so_creation.toml,sha256=pPAScDUW8L-jqKNyMvQjfTDalheUQb52dnOHf2qmTJY,10334
nldcsc_elastic_rules/rules/linux/defense_evasion_log_files_deleted.toml,sha256=VpYYnLkBuVx_w-Tc4hnvSyeqOUAvCHS5R1elYQardYc,10161
nldcsc_elastic_rules/rules/linux/defense_evasion_mount_execution.toml,sha256=5MmcP5rFEem4_czeUbxF-8UtFU3L5KkYlIVHtiGrs0o,8466
nldcsc_elastic_rules/rules/linux/defense_evasion_multi_base64_decoding_attempt.toml,sha256=avSVqCXVmfBUe5ScSPVfZkAk_H--gSHM_UUGYkoefzE,10002
nldcsc_elastic_rules/rules/linux/defense_evasion_potential_proot_exploits.toml,sha256=h4-5_XOaXut6geW6YtR5vQcxmM8hOtDxa_LNXvh3zaU,8411
nldcsc_elastic_rules/rules/linux/defense_evasion_prctl_process_name_tampering.toml,sha256=E4ZxSxDwf318o7KXE79b57zIzAnzAWFKX8D07gR2wk4,7888
nldcsc_elastic_rules/rules/linux/defense_evasion_rename_esxi_files.toml,sha256=jbFm_hpN15VqGdV2UTaIh0QmWJSXygX_Gz72ECnJC_A,8569
nldcsc_elastic_rules/rules/linux/defense_evasion_root_certificate_installation.toml,sha256=2xLu4cgO4BWYiMB-Yl6q7JlYBYH9QXRoxu4QJnmALjo,9184
nldcsc_elastic_rules/rules/linux/defense_evasion_selinux_configuration_creation_or_renaming.toml,sha256=fyt155f04_AnYrrfpTABXkJZA3m2LLxTky89uf1V9wk,8406
nldcsc_elastic_rules/rules/linux/defense_evasion_shell_history_clearing_via_environment_variables.toml,sha256=8buP87XulTCAjSOqBUk6x-30kljCfdBAIV0jQcKtNKI,9279
nldcsc_elastic_rules/rules/linux/defense_evasion_ssl_certificate_deletion.toml,sha256=QRakqzMhU1oEPcIWpuXBJjLavNsFiMZvu2Q_IU05RgM,8122
nldcsc_elastic_rules/rules/linux/defense_evasion_sus_utility_executed_via_tmux_or_screen.toml,sha256=cvhmwTxyYVUcwQNbb800Aol5-rGhXtHauwZgHQGt4zo,6856
nldcsc_elastic_rules/rules/linux/defense_evasion_suspicious_path_mounted.toml,sha256=mw1Nf7Kid4nc7dV7-39WkyR8G-kZ_lPxsTf_a__kas0,7822
nldcsc_elastic_rules/rules/linux/defense_evasion_symlink_binary_to_writable_dir.toml,sha256=PqUcp-iugI-qb6adZpaE3th2lb91ii5Ah-62xrdNG68,6767
nldcsc_elastic_rules/rules/linux/defense_evasion_sysctl_kernel_feature_activity.toml,sha256=pl1ZLehQadskSIaoxiBcaHR6NZIea1ja3xk2HYCG9wE,8550
nldcsc_elastic_rules/rules/linux/defense_evasion_unsual_kill_signal.toml,sha256=vn04YcJAec8CQWl1hEkYjfMfB7VyIon7UHlGgu6B3KQ,7077
nldcsc_elastic_rules/rules/linux/defense_evasion_unusual_preload_env_vars.toml,sha256=ChTAlO3YtS0tU5FEB-eQaMh5YqzdP2y6HlXk1N8QIX4,9648
nldcsc_elastic_rules/rules/linux/defense_evasion_user_or_group_deletion.toml,sha256=ZJbaq8XUpCvuieITyNYkyeOMTpMJXWipkXr0ASD4EuA,7253
nldcsc_elastic_rules/rules/linux/defense_evasion_var_log_file_creation_by_unsual_process.toml,sha256=zP8R97Ueaa_AlKr241i-fm8qugi1C25px0f0-0CObMA,9171
nldcsc_elastic_rules/rules/linux/discovery_dmidecode_system_discovery.toml,sha256=O9YzLPPrBIX4dEYVccNZHTmUpIAbaH5VR6jFvAb2sNs,9579
nldcsc_elastic_rules/rules/linux/discovery_docker_socket_discovery.toml,sha256=feemXXdp9OrwRNPIgHbv2o9Upwjpa5aVy8dv8RxoxdE,9000
nldcsc_elastic_rules/rules/linux/discovery_dynamic_linker_via_od.toml,sha256=tBZHwhYUQw__7h8JGlR05Q6VmRXi5jgH0alO3rvEA1Y,8626
nldcsc_elastic_rules/rules/linux/discovery_esxi_software_via_find.toml,sha256=YDiTH7dXZ0_J12kw3K5V7pKLfTVtJDtVAyOrNhArZIA,8104
nldcsc_elastic_rules/rules/linux/discovery_esxi_software_via_grep.toml,sha256=yiSUkLyMYWZZjIHiIj2ezEQ9pSkUJhSEgMBUDCdb36U,8201
nldcsc_elastic_rules/rules/linux/discovery_kernel_instrumentation_discovery_via_kprobes_and_tracefs.toml,sha256=A9pgCm053Nx5y0oayNH0zidi8w7_w6mZwq64gLZR6vU,6654
nldcsc_elastic_rules/rules/linux/discovery_kernel_module_enumeration.toml,sha256=9-qvjA660MLjMXfh5TfvjQxZl8i2rRqrLHzMVIBUREY,8918
nldcsc_elastic_rules/rules/linux/discovery_kernel_seeking.toml,sha256=ulAuayyFit5Do3USSGCxZZX7tidxqTzkIHCnCEP92hQ,8685
nldcsc_elastic_rules/rules/linux/discovery_kernel_unpacking.toml,sha256=3jWcCdby8cNOWJssOuQCvGgRdNZfjbTa0kIIFfYwYyE,8354
nldcsc_elastic_rules/rules/linux/discovery_kubeconfig_file_discovery.toml,sha256=oHTjOupYSYZiS_iWzqclq11nk0HMPQ3yPM5Nq2sYIN0,9898
nldcsc_elastic_rules/rules/linux/discovery_linux_hping_activity.toml,sha256=9QfUMLfl0UU57vhTkG27vc470WEwSygQqbcC3BSnhQM,9625
nldcsc_elastic_rules/rules/linux/discovery_linux_nping_activity.toml,sha256=gdp4TMjnNlyAxQ9icHP7WQ4pDvjHLTSHL3l9vHM-hbA,9641
nldcsc_elastic_rules/rules/linux/discovery_manual_mount_discovery_via_exports_or_fstab.toml,sha256=iLjkvTvrtOKzTmMfB5Cif0WYK1NuYDS8Yq79krcmcm4,8159
nldcsc_elastic_rules/rules/linux/discovery_pam_version_discovery.toml,sha256=DBSo7Wf1pUAvri-zx0PT2tVOx5-nnBFj13nLK0RRqPI,9436
nldcsc_elastic_rules/rules/linux/discovery_passwordless_sudo_probing.toml,sha256=wMWMOEtDk1X0y_OJbdvsvu6zY-U-VLOJ9K6tFoiQPt4,7891
nldcsc_elastic_rules/rules/linux/discovery_ping_sweep_detected.toml,sha256=YBXayOZ-_1WsgWivvcU2CD-HwiSRkTOMC6ZdUxTRGuw,8363
nldcsc_elastic_rules/rules/linux/discovery_polkit_version_discovery.toml,sha256=huXezHDz5rrhVA8xTphlzDkQXvrfmHdlgybbKx8tGiU,8276
nldcsc_elastic_rules/rules/linux/discovery_port_scanning_activity_from_compromised_host.toml,sha256=R_p9ATJoHppADflNjSCsRwqoMiaBcj6e7aRAgEEfHZo,10041
nldcsc_elastic_rules/rules/linux/discovery_potential_kubeletctl_execution.toml,sha256=z7B5x033754nmIAKulsyUJlkpCj4Ox_FwziAk4Aj2B0,4437
nldcsc_elastic_rules/rules/linux/discovery_private_key_password_searching_activity.toml,sha256=k7auwzoEL9Ezwuo-hXD4wJyWdjZjaOE3l7w5UlCQC9c,8571
nldcsc_elastic_rules/rules/linux/discovery_proc_maps_read.toml,sha256=59-HGnakH6C7SiSRh67I8fNRVuflOVluXC7lgCQpv18,9008
nldcsc_elastic_rules/rules/linux/discovery_process_capabilities.toml,sha256=bMAS9eYp8GaXcp5wUf8rsT6_QqFXKnL1hDuf1k-3WJE,7371
nldcsc_elastic_rules/rules/linux/discovery_security_file_access_via_common_utility.toml,sha256=41WbBKBjknRapN5RRV22V-YcYfDMTvx3_ZzfpyCowGQ,9667
nldcsc_elastic_rules/rules/linux/discovery_subnet_scanning_activity_from_compromised_host.toml,sha256=d2ufTeaA4s3kOoDoeHOvPJKavJR-oYMnAnxmuc5lVYE,9450
nldcsc_elastic_rules/rules/linux/discovery_sudo_allowed_command_enumeration.toml,sha256=7rWyaNvoIWt9RV2WAXm-Ror0weF5-T2KQ0k54ekP4gs,8151
nldcsc_elastic_rules/rules/linux/discovery_suid_sguid_enumeration.toml,sha256=qoZnKDQyXtdW_t4b5GireMB5hDTrWR5gr2pVkA0eY94,8694
nldcsc_elastic_rules/rules/linux/discovery_suspicious_memory_grep_activity.toml,sha256=ePh9nzY-wFkNqfDYjizqB7tJy_-j2znz2VLWVufDvNA,6026
nldcsc_elastic_rules/rules/linux/discovery_suspicious_network_tool_launched_inside_container.toml,sha256=RXPRX6wra6wJBTHuPhRPrA2VzmXHVaFWfyQxNBLu4VA,9112
nldcsc_elastic_rules/rules/linux/discovery_suspicious_which_command_execution.toml,sha256=mGMaYHBopBIn4tROHzZoIr3VS5lZBsicaN1hnmoIH3o,6074
nldcsc_elastic_rules/rules/linux/discovery_unusual_process_connection_to_container_runtime_socket.toml,sha256=bilnl-kURJWJVCnfyeHkgecu5MF7jN9GIDG4YhNmRuE,5284
nldcsc_elastic_rules/rules/linux/discovery_unusual_user_enumeration_via_id.toml,sha256=e0q9aZvbYbO8X6BnDkUf4vHFwzA6_HYlXUKW4zlp1So,8295
nldcsc_elastic_rules/rules/linux/discovery_virtual_machine_fingerprinting.toml,sha256=s9mOwbqwS7J1tl2RURXGoziBJVEoFKoSlmzCKSVJdwk,10620
nldcsc_elastic_rules/rules/linux/discovery_yum_dnf_plugin_detection.toml,sha256=ohzIvspZ82Umj_bY1qoRClqBfr6yvVIkfnmsZoV16Ik,8529
nldcsc_elastic_rules/rules/linux/execution_abnormal_process_id_file_created.toml,sha256=2aPd5XsE_iyjuZUA2NIwpmEFExA2H2_iMGNrCsndQfs,9646
nldcsc_elastic_rules/rules/linux/execution_container_management_binary_launched_inside_container.toml,sha256=Ve0_SUKX3XCkAac-VR5E6tuiv5pZGX2IYKVjjcpNu2w,8627
nldcsc_elastic_rules/rules/linux/execution_container_runtime_cli_suspicious_arguments.toml,sha256=2u8D2tiH232U0gXxgp9dCykpnS2u3n08q5v8834T9ZE,4545
nldcsc_elastic_rules/rules/linux/execution_cupsd_foomatic_rip_file_creation.toml,sha256=Ko7Qb4G2IorHWlYS4WOq5nhW1r_HnKM4YtvlDbkBIzs,8165
nldcsc_elastic_rules/rules/linux/execution_cupsd_foomatic_rip_lp_user_execution.toml,sha256=r8pemkjH0x-0N78yRNTlsjBfjMyqwmSSiHcAa_C4fWg,8372
nldcsc_elastic_rules/rules/linux/execution_cupsd_foomatic_rip_shell_execution.toml,sha256=f8lxpFyrZfqkeWi5MC2zGxgyvJQIu2z7DddLFnLShF8,8198
nldcsc_elastic_rules/rules/linux/execution_cupsd_foomatic_rip_suspicious_child_execution.toml,sha256=lIRnj85-5g4652snm3Ql7zlHGaDrZLex-KO2HuyotnY,10199
nldcsc_elastic_rules/rules/linux/execution_egress_connection_from_entrypoint_in_container.toml,sha256=qWR7hPDazlhMUYoNu8xg7etoQCCvzrdM6a8NBA-IaWA,7503
nldcsc_elastic_rules/rules/linux/execution_executable_stack_execution.toml,sha256=i94Eswz_YX9Q-Qgn-Imyj3S4RAXSTAiUnoSN7C-nvsQ,7237
nldcsc_elastic_rules/rules/linux/execution_file_execution_followed_by_deletion.toml,sha256=u7ACb1lIVXliFfEKqIjGJ6MM8Mfj03oHHs2QLbClynE,9318
nldcsc_elastic_rules/rules/linux/execution_file_made_executable_via_chmod_inside_container.toml,sha256=mz0AipwLo21YdjKjZW1Xbpk7SVZ_QczPGvNpLdIVx6I,9340
nldcsc_elastic_rules/rules/linux/execution_file_transfer_or_listener_established_via_netcat.toml,sha256=2ZLx4AthlbpKNkBXjDIktj8sS1zX-0dQ1iejoFcVMjo,10269
nldcsc_elastic_rules/rules/linux/execution_interpreter_tty_upgrade.toml,sha256=du3SJvHQ-y5rNfWUPH80h2QlRIsyde69ejqkvF-eiNo,8025
nldcsc_elastic_rules/rules/linux/execution_kubectl_apply_pod_from_url.toml,sha256=V0JvsJrQJweRYQJW8mI7Mn52dt4rKyF0mdLt7hyS2HA,8521
nldcsc_elastic_rules/rules/linux/execution_nc_listener_via_rlwrap.toml,sha256=fVyOkiFFqhgIPWM3JSzo_-OU7hTMdyolfV-FXoQqLeg,8318
nldcsc_elastic_rules/rules/linux/execution_netcon_from_rwx_mem_region_binary.toml,sha256=C1Usux26ytuhH7KVe9Ocj5UDuSI3EFMstFtcoXBpf-o,8701
nldcsc_elastic_rules/rules/linux/execution_network_event_post_compilation.toml,sha256=VM_y1s1k6AftLMebA6vhpCnIqBIuSw7fEdfXH3b3gQI,9076
nldcsc_elastic_rules/rules/linux/execution_perl_tty_shell.toml,sha256=6bTXdPdLA-rsutMHpSixjyIAxLA5JNiOkamHcsioOjw,9466
nldcsc_elastic_rules/rules/linux/execution_potential_hack_tool_executed.toml,sha256=Wu60yR7ZVxk3yMiWev_uDoQCEBcmckOPfjehpaqZDIk,10301
nldcsc_elastic_rules/rules/linux/execution_potentially_overly_permissive_container_creation.toml,sha256=DEAvjL1hQrW8M7wfna8EDKCBwET2qNZ3jC61x7AUQ4I,8700
nldcsc_elastic_rules/rules/linux/execution_process_backgrounded_by_unusual_parent.toml,sha256=xL6H48M-LLA4gYzT0CNPaAQKdrjva47Xx7_ZJzV90E8,9946
nldcsc_elastic_rules/rules/linux/execution_process_started_from_process_id_file.toml,sha256=a9rU1eJuYPuPPpAK5Ww0tOOmdz9RDELca2CKNsToGo4,5805
nldcsc_elastic_rules/rules/linux/execution_process_started_in_shared_memory_directory.toml,sha256=T2eNjzSQ_jsWoVeSBa0vErXL7bhe0UoSfdkBRM4ctDc,8783
nldcsc_elastic_rules/rules/linux/execution_python_tty_shell.toml,sha256=Cgvt2_082fbBiR6gdXuxIU-6kYJ4XmUj0ED-URgCdEM,8485
nldcsc_elastic_rules/rules/linux/execution_python_webserver_spawned.toml,sha256=pQuhuJdrMc87uuflERFCEKlmRxhfqPemAxl2o4jCmT0,8319
nldcsc_elastic_rules/rules/linux/execution_remote_code_execution_via_postgresql.toml,sha256=N5hejaQG5V4to9eD7_zINgHSeReWI96Np2SBEkffkNI,8653
nldcsc_elastic_rules/rules/linux/execution_shell_evasion_linux_binary.toml,sha256=G3hVcZmOf4Ltbc4mEVDYmOc0IJYWBHMvRKf-mCfBkto,12427
nldcsc_elastic_rules/rules/linux/execution_shell_openssl_client_or_server.toml,sha256=czRJGK6zdaUN9CbrR-dPVa3BufE0eZutsMpSwDSEq60,9123
nldcsc_elastic_rules/rules/linux/execution_shell_via_background_process.toml,sha256=7VsIE4cPn6pMFU7dm5d09XwJ3RuYzcmTokN57e8qMk8,8391
nldcsc_elastic_rules/rules/linux/execution_shell_via_child_tcp_utility_linux.toml,sha256=BYJBcoZvAPvtlHNUUXrGhtqlIpgBAYJML4s-y9Gg_Rc,9235
nldcsc_elastic_rules/rules/linux/execution_shell_via_java_revshell_linux.toml,sha256=F6HOp6yIny4lUiyVjM2lhoUz4VVAQFxG_wAfIwFvU8k,9587
nldcsc_elastic_rules/rules/linux/execution_shell_via_lolbin_interpreter_linux.toml,sha256=jpgyC2X9oP6RMnBHsZGzY45Rb-G5Cohc5jB4b_AWVbM,10164
nldcsc_elastic_rules/rules/linux/execution_shell_via_meterpreter_linux.toml,sha256=QbOALCsJ2C-qaujLfVk3G0rCgyoxVwKMaKsoCRAZ6lM,10674
nldcsc_elastic_rules/rules/linux/execution_shell_via_suspicious_binary.toml,sha256=vf5QBlvv_sg9bqKdJh1ZNcmbJyEx09zDMs9s7-7Nx48,9485
nldcsc_elastic_rules/rules/linux/execution_shell_via_tcp_cli_utility_linux.toml,sha256=AIMRjhIq0G-ZitAMHPrmUA2LqLA6wboKxr-oZn0V1Rw,8882
nldcsc_elastic_rules/rules/linux/execution_shell_via_udp_cli_utility_linux.toml,sha256=3u0yvOGx1hmSLmowceuO6RhoMmlQHcNicgBh8y-siKY,11180
nldcsc_elastic_rules/rules/linux/execution_sus_extraction_or_decrompression_via_funzip.toml,sha256=pojGR1tvT2bUzhRijK_BX_rxyzPaOsf1qfFzv-zoQdo,8974
nldcsc_elastic_rules/rules/linux/execution_suspicious_executable_running_system_commands.toml,sha256=yRfPACZGy8OTFUMUqd9hunvcwapTb6QXL9CgX_STnBM,10994
nldcsc_elastic_rules/rules/linux/execution_suspicious_mining_process_creation_events.toml,sha256=OQYIAcPmICIcazQzQ58DSuwc5YXYJ3Apw8xs0f7dEyE,8557
nldcsc_elastic_rules/rules/linux/execution_suspicious_mkfifo_execution.toml,sha256=lzg5gJTjZQOdfJn8j5y3rd20fUCZpQJF_iAR-Rry7Dg,8601
nldcsc_elastic_rules/rules/linux/execution_suspicious_pod_or_container_creation_command_execution.toml,sha256=GWO_bd_e2rXtyWQBZgy2PWY5jlJNFpJ2hZDE9y-GvPY,10187
nldcsc_elastic_rules/rules/linux/execution_system_binary_file_permission_change.toml,sha256=dAkfOjm2cfLTYpr_UO12jale_d3Y_f3IGrdN5QqdpDU,9732
nldcsc_elastic_rules/rules/linux/execution_tc_bpf_filter.toml,sha256=NazedvEPUvM60ymzCfX60iI88dioqPbvCfHCIdG_tXc,8755
nldcsc_elastic_rules/rules/linux/execution_unix_socket_communication.toml,sha256=ZFRsY5lv70ZXLuuBUj_ed_hVpMvYZpD1n0Ncu-yBEDs,6487
nldcsc_elastic_rules/rules/linux/execution_unknown_rwx_mem_region_binary_executed.toml,sha256=Wcui6hinJlGJtnmlfaFpbuxvynDRDoP6FqR70JAAJwQ,7909
nldcsc_elastic_rules/rules/linux/execution_unusual_interactive_process_inside_container.toml,sha256=6jVZ24rin2FGoAMfo-_h6iTJqKEjaeFcNoZMNJ5Dcos,4213
nldcsc_elastic_rules/rules/linux/execution_unusual_kthreadd_execution.toml,sha256=8OKfGztdubVIXgbt_NfJLOg_RVaslNJyG2RWvpnDpEI,9880
nldcsc_elastic_rules/rules/linux/execution_unusual_path_invocation_from_command_line.toml,sha256=p7wG4Rc9S20cdjGZmypvXBHfn_D3eu2rwIBSu9i2FRc,9431
nldcsc_elastic_rules/rules/linux/execution_unusual_pkexec_execution.toml,sha256=yl_QKW5Jo61Ol5Az-s7YLhqAKvEh4iTL5eMEzoOEXWE,10795
nldcsc_elastic_rules/rules/linux/exfiltration_potential_data_splitting_for_exfiltration.toml,sha256=ovoH4yhYTPMtnTyXpL6GFjhQM3T4a9ALkU0-wwZ297Q,8420
nldcsc_elastic_rules/rules/linux/exfiltration_potential_database_dumping.toml,sha256=2AUYCXnoFRa-tZtJkDSRbcknca9EjDMqdmTCV3D0f-Y,8479
nldcsc_elastic_rules/rules/linux/exfiltration_potential_wget_data_exfiltration.toml,sha256=gNvD_4upLGGzPCCDJ-YuDms_1Fp6SNREhsVR3EZamq4,8626
nldcsc_elastic_rules/rules/linux/exfiltration_unusual_file_transfer_utility_launched.toml,sha256=Nhtw2jPNenSnoYx1vmn799wMkOJr7qc5IGxH9vmcm1U,10477
nldcsc_elastic_rules/rules/linux/impact_data_encrypted_via_openssl.toml,sha256=w-BKJwnGvu5piXKScg_W5daWpa6R9VJDGM2I4_eENoQ,8509
nldcsc_elastic_rules/rules/linux/impact_esxi_process_kill.toml,sha256=KA0IvGN2_bKOD6WfLOAcmSS7raOGjYp46xXnlrbmua0,7725
nldcsc_elastic_rules/rules/linux/impact_memory_swap_modification.toml,sha256=o9WnU8id6bF7EtHiYeA7CoCTxKLxf2wzSJhrdNpKrqs,8764
nldcsc_elastic_rules/rules/linux/impact_potential_bruteforce_malware_infection.toml,sha256=CTjCvK_R0fK9X5_v_6yElaYZqijnkgTXHTJyJs0Wxx8,11078
nldcsc_elastic_rules/rules/linux/impact_potential_linux_ransomware_note_detected.toml,sha256=VQcAxOTYwOgi9N3NfXVNGYbAQGjRNQJre9H9MhaK-5E,9038
nldcsc_elastic_rules/rules/linux/impact_process_kill_threshold.toml,sha256=SSoMpOLOZ-az3pHBSVUli-aI9_Hsbf0gdj-5RwRNQgs,6387
nldcsc_elastic_rules/rules/linux/initial_access_apache_struts_cve_2023_50164_exploitation_to_webshell.toml,sha256=Tam6WK8Qiy9sw055lwx6eFVVuJ9nodrx8rdJ5XFZ3PI,9856
nldcsc_elastic_rules/rules/linux/initial_access_first_time_public_key_authentication.toml,sha256=NuOcCkSGfYXZVG3XDsmiajV_K7nT6WCDxLxfQsvo0_c,8194
nldcsc_elastic_rules/rules/linux/initial_access_successful_ssh_authentication_by_unusual_ip.toml,sha256=EtySlRcJGw7olNpLgXCwpfikfIFSj290qks3XegM0iI,7450
nldcsc_elastic_rules/rules/linux/initial_access_successful_ssh_authentication_by_unusual_user.toml,sha256=9Ub7g8AqGv6AAbOVtn47t6mVStN6EwJ4ghPKRDvZadQ,5730
nldcsc_elastic_rules/rules/linux/initial_access_telnet_auth_bypass_envar_auditd.toml,sha256=NDRLYvFakSRqC9c_jeEP--kWAe9mill1EYZGk6QsPRg,5604
nldcsc_elastic_rules/rules/linux/initial_access_telnet_auth_bypass_via_user_envar.toml,sha256=sX2g-hduHdQ_fglty8GdY2jcXH-yA_wEcgB-hiHuLew,5664
nldcsc_elastic_rules/rules/linux/lateral_movement_direct_kubelet_access_via_process_args.toml,sha256=nu5qwGCvwIeC0EXPMNMdrDIOtiXJN_nWSwdc4IHiUzU,5494
nldcsc_elastic_rules/rules/linux/lateral_movement_kubeconfig_file_activity.toml,sha256=ypVsw7gMGYBzUiEjeNTv1-_Vk6dutN4B6HxmpmeioP4,9755
nldcsc_elastic_rules/rules/linux/lateral_movement_kubelet_api_connection_attempt_internal_ip.toml,sha256=F9kznxTgQ-LZiI8vn9gdSii25_ieXhTkZPJ5ykeOYqU,5873
nldcsc_elastic_rules/rules/linux/lateral_movement_remote_file_creation_world_writeable_dir.toml,sha256=f3-36_t1vaeQukdncsWSLs9hXTP2KMAXfh0rOweyvDU,9854
nldcsc_elastic_rules/rules/linux/lateral_movement_ssh_it_worm_download.toml,sha256=GyfeXKHKqEftHY-c_MC9-8agsuLOZZHEuGTH52LyXS0,9114
nldcsc_elastic_rules/rules/linux/lateral_movement_telnet_network_activity_external.toml,sha256=m8tXy9Fv_1_It9wzC2X58S9blKOqfEGIE6MQbM_3ENE,10086
nldcsc_elastic_rules/rules/linux/lateral_movement_telnet_network_activity_internal.toml,sha256=f4wE7rZ0EpspUIiKRLqUWsthmtAPAq4FYk9hw5EINbE,9772
nldcsc_elastic_rules/rules/linux/lateral_movement_unusual_remote_file_creation.toml,sha256=TRS0V6ufmLSUU-W_rUWMlw6tF8_cS0yBWkbJlw_uXAQ,10262
nldcsc_elastic_rules/rules/linux/persistence_apt_package_manager_execution.toml,sha256=vdZNsuxdEDw_NN4nUj62E-VBhOVxRrIKMSv4-hKExqk,11760
nldcsc_elastic_rules/rules/linux/persistence_apt_package_manager_file_creation.toml,sha256=KrqgDY_lGZ1sXfFFZi2bUR4Zgwu0AiVCjxLzUhzJ5lE,11379
nldcsc_elastic_rules/rules/linux/persistence_apt_package_manager_netcon.toml,sha256=Wz83NVcRLvdBBpV9rD9TMgBeGyx0ABImMkw7vwFyfzk,10275
nldcsc_elastic_rules/rules/linux/persistence_at_job_creation.toml,sha256=xeMNrk6WBcacX_HBaRnQDZ98o9DPupM2KqlWJLtRoUg,10030
nldcsc_elastic_rules/rules/linux/persistence_boot_file_copy.toml,sha256=syTz59FJrPPC1RpO3TwEDbrPw4FSnQdYuWikNC_ywL4,10632
nldcsc_elastic_rules/rules/linux/persistence_bpf_probe_write_user.toml,sha256=raScZTNYCeuZHG28YOXViLwKAkslL8gItPqLDeoHQOQ,7511
nldcsc_elastic_rules/rules/linux/persistence_bpf_program_or_map_load.toml,sha256=GxpamolqwiwlVwTLStgq9KzGi_lEAe7JU2Uxy6iKBHk,7469
nldcsc_elastic_rules/rules/linux/persistence_chkconfig_service_add.toml,sha256=y7pxp7Zrg3dhLT49gGTFWktpigJNSDNc2L8f3lOiAQo,12457
nldcsc_elastic_rules/rules/linux/persistence_credential_access_modify_ssh_binaries.toml,sha256=deIdF4Hvz5mnlllBqjGUqM_b6JJX4irXmxBGl6bOy1Q,12929
nldcsc_elastic_rules/rules/linux/persistence_cron_job_creation.toml,sha256=KibhbKhtUfzVXWpAOnmCEGRRHL2qwXJwmh-B18RrZSY,14648
nldcsc_elastic_rules/rules/linux/persistence_dbus_service_creation.toml,sha256=njNJ-9pPZCOpDjdtcMEAg4jP8fTSrdt6y_Cpi6lOIIU,10700
nldcsc_elastic_rules/rules/linux/persistence_dbus_unsual_daemon_parent_execution.toml,sha256=c1wrHWSptxBJAZ4f7lR-mn5CJ6XBTKtL7OAHQT9Ry1w,9734
nldcsc_elastic_rules/rules/linux/persistence_dnf_package_manager_plugin_file_creation.toml,sha256=8g75xfHKCvUw4uE_LBdOtDLgdVSZaeb-GUwU2qMw-Oc,10946
nldcsc_elastic_rules/rules/linux/persistence_dpkg_package_installation_from_unusual_parent.toml,sha256=EvDoqf3ffWEne7nrB8lx7h0-6GWCVMurj1pWB01StOA,9010
nldcsc_elastic_rules/rules/linux/persistence_dpkg_unusual_execution.toml,sha256=Skr2DDgqDBI9NGNUtXhtyzaHOhdw-TBLPKt7ICzXeTI,9293
nldcsc_elastic_rules/rules/linux/persistence_dracut_module_creation.toml,sha256=sC4uKaZRvHxrCfzzv6T-tqpeZts9RmxxpAjfImYyjOU,10798
nldcsc_elastic_rules/rules/linux/persistence_dynamic_linker_backup.toml,sha256=Mkv-PyjVZGIZS5a1aPOzuoscOug10pTXTHTkso_fVks,12369
nldcsc_elastic_rules/rules/linux/persistence_extract_initramfs_via_cpio.toml,sha256=ccaQT5jKSI2NFtngD6sShgaBbCldybwogJfn_3jc7gk,8619
nldcsc_elastic_rules/rules/linux/persistence_git_hook_execution.toml,sha256=h9-FSFUS41cH1P1A35VmYCuBfh-bE6OogxjOYe6tXuA,8893
nldcsc_elastic_rules/rules/linux/persistence_git_hook_file_creation.toml,sha256=pdojuQjZKh8TfmZI18ssed4biT5ippDqwJ5In3cNOZ0,10043
nldcsc_elastic_rules/rules/linux/persistence_git_hook_netcon.toml,sha256=nsYwOTUugW6Pot7IblkMlfND5kMI7_CxsBqnJxyyzwQ,10118
nldcsc_elastic_rules/rules/linux/persistence_git_hook_process_execution.toml,sha256=vuY7jED58TIGn-Pix6Bnh4p5qlH93KmNrMrSnXWjw2U,9633
nldcsc_elastic_rules/rules/linux/persistence_grub_configuration_creation.toml,sha256=AUmngRk7_KoQHQLehAaKywxgTugLjhJEf93dSZMcRiM,10365
nldcsc_elastic_rules/rules/linux/persistence_grub_makeconfig.toml,sha256=66QMolXsNP5zKTY-73uG3xOgItPEpfp941mh2-2lZ6Q,9137
nldcsc_elastic_rules/rules/linux/persistence_init_d_file_creation.toml,sha256=dVBJOh9LPGAISz2iouzH7ek-bBNhww6zdLda_9z5WaE,13302
nldcsc_elastic_rules/rules/linux/persistence_insmod_kernel_module_load.toml,sha256=60XprkmgAGnNt_jqMSO5rK0I3TUnIBpPybfWZtHz_8k,12920
nldcsc_elastic_rules/rules/linux/persistence_kde_autostart_modification.toml,sha256=nByu5PqWCYYM_zKuHcXFsJJZ1usDJEQd0qEG4-WE_Ts,16929
nldcsc_elastic_rules/rules/linux/persistence_kernel_driver_load.toml,sha256=-lE6wiX62ax-g0rDh162WHYc91Mtln196HLt64kDQfQ,8187
nldcsc_elastic_rules/rules/linux/persistence_kernel_driver_load_by_non_root.toml,sha256=3i4eeUbo303YW_KB7Fbx7iC2A3WOJOCFQrox8GoQYGQ,8434
nldcsc_elastic_rules/rules/linux/persistence_kernel_module_load_from_unusual_location.toml,sha256=5OQU8P_xRrPttZ5aIA924LAujDH1anaveTOiUcIRd9I,9665
nldcsc_elastic_rules/rules/linux/persistence_kernel_object_file_creation.toml,sha256=H2icdWWzax7q_uxr4w5b-4Rvk2Eye9_r1oPEk8Uwa_0,9102
nldcsc_elastic_rules/rules/linux/persistence_kubernetes_sensitive_file_activity.toml,sha256=FVna2_PesECgo34oo25kBMaHjYBTZl-b-pzg082wO7s,9502
nldcsc_elastic_rules/rules/linux/persistence_kubernetes_static_pod_manifest_path_process_execution.toml,sha256=6pPq4THrtFLTHa5I964jb6hdJXZKTn2hontrbaEOD48,4921
nldcsc_elastic_rules/rules/linux/persistence_kworker_file_creation.toml,sha256=lZ8SKMWZYrpkcHeWDzeIwCxhKMeTs-3Y-2vuHwg0nA0,11549
nldcsc_elastic_rules/rules/linux/persistence_linux_backdoor_user_creation.toml,sha256=VEb1CrNzy8b1i92mgr2GSokg0Aoytao2GcPBcC6Fkoo,8832
nldcsc_elastic_rules/rules/linux/persistence_linux_group_creation.toml,sha256=Gg5PSiD75MUJpwW6yTxNDUW44PZ7Ph3dMnz1u6ftVFQ,7518
nldcsc_elastic_rules/rules/linux/persistence_linux_user_account_creation.toml,sha256=HKezADEGZZSulbYr1rclnqagD9B24Mv7I8l12Rwtrvw,7106
nldcsc_elastic_rules/rules/linux/persistence_linux_user_added_to_privileged_group.toml,sha256=ET_PUILB4X1RsXrKY2TuCFbpR9L1HRowSsEv70TtqQ8,9398
nldcsc_elastic_rules/rules/linux/persistence_lkm_configuration_file_creation.toml,sha256=2J8asdiJ5TPeXXFgvLxh3g4rNJPFtFhp10VOvEDvo3I,8350
nldcsc_elastic_rules/rules/linux/persistence_manual_dracut_execution.toml,sha256=wIM-gg4GseXWXK6tDBUN2Nrfry4XLmcrzidWMa4WRPo,8697
nldcsc_elastic_rules/rules/linux/persistence_message_of_the_day_creation.toml,sha256=J2iw9jnONXl36Sb7PSZlJzFV-AbzayiFwHLvOF8gt8g,11107
nldcsc_elastic_rules/rules/linux/persistence_message_of_the_day_execution.toml,sha256=A43dOtdFhmZsLottIv53fkWAp1vqc7_7Qm2vKKB7PzM,12208
nldcsc_elastic_rules/rules/linux/persistence_network_manager_dispatcher_persistence.toml,sha256=MAu1nE5VJ2AuZOOg82DwXkWs09xU-zIte-Ra1Xks22o,10637
nldcsc_elastic_rules/rules/linux/persistence_openssl_passwd_hash_generation.toml,sha256=o-nQ0rWkZrqJWXHrWw8tXykLISk2VdSi-UIGzwT4z8s,8512
nldcsc_elastic_rules/rules/linux/persistence_pluggable_authentication_module_creation.toml,sha256=A7Fj_D5DqPOAuAz0CkHaqaoPAuDuI0C0AEZ1mfDQsZw,9463
nldcsc_elastic_rules/rules/linux/persistence_pluggable_authentication_module_creation_in_unusual_dir.toml,sha256=oHhPI3TR2vtImKFJUi4a41o6Ip7QxeS5OuU8TeFZQY4,7841
nldcsc_elastic_rules/rules/linux/persistence_pluggable_authentication_module_pam_exec_backdoor_exec.toml,sha256=GmNGVb9TqMC9ALUd0j-d_hIlIHadkCvCYno_29ALN4w,8404
nldcsc_elastic_rules/rules/linux/persistence_pluggable_authentication_module_source_download.toml,sha256=PepMkZ_1PPRb3b3q7SsvGVT3NcRwXnZHg7yYV8raEDs,6705
nldcsc_elastic_rules/rules/linux/persistence_polkit_policy_creation.toml,sha256=37nUvqcG3lZYTbJqSooy6P6IuD0drWZSsvpQBS3mC2I,8740
nldcsc_elastic_rules/rules/linux/persistence_potential_persistence_script_executable_bit_set.toml,sha256=S5rQlHhYUHX6VVDXecFCSLc0HKimQMoz11-v-h84Wog,10534
nldcsc_elastic_rules/rules/linux/persistence_process_capability_set_via_setcap.toml,sha256=hItZ2QhDscxSzJ8KhEh9GhyZGzNSSSR1lql_45kZ0GU,8461
nldcsc_elastic_rules/rules/linux/persistence_pth_file_creation.toml,sha256=bYUdnOxm3ncsWkVvb33kJgVxZ4gFHv_jj2EuSIPqUMQ,10041
nldcsc_elastic_rules/rules/linux/persistence_rc_local_error_via_syslog.toml,sha256=yri4omnDx7vZvpldUbrV9_S3PxMYMdT6h6-WogEB1gg,8108
nldcsc_elastic_rules/rules/linux/persistence_rc_local_service_already_running.toml,sha256=1hQQgrMPvdPIBz8oiiFyu8VNJaqIW32qr7T6EbGWBl8,8915
nldcsc_elastic_rules/rules/linux/persistence_rc_script_creation.toml,sha256=ZOViue-MGDSsAC_0tlwE8NTYG3LQCcMh50_T5LQUxzc,12289
nldcsc_elastic_rules/rules/linux/persistence_rpm_package_installation_from_unusual_parent.toml,sha256=jDCDZJyIzl-PVvNuZpuTjVC5n7qrhb9eT4YKQ_MPKvM,8419
nldcsc_elastic_rules/rules/linux/persistence_setuid_setgid_capability_set.toml,sha256=ETNbDYGshGv3QTJFeqNfQ_l2Lr6UzrrweNwwSwjedo8,10592
nldcsc_elastic_rules/rules/linux/persistence_shadow_file_modification.toml,sha256=mwHk7lI4bSGMb0XcjHv7GHy7gwb9Qp4sC4uWrtYmTiI,8309
nldcsc_elastic_rules/rules/linux/persistence_shared_object_creation.toml,sha256=ZJGnX7Rrqxo5m9WkTdxsHlExdAoprePz_rnUo1PsKcc,13673
nldcsc_elastic_rules/rules/linux/persistence_shell_configuration_modification.toml,sha256=1j8-2M7y6t8G6_k_XcRxEeeSoSpTltNObpHXgIVhoDA,11243
nldcsc_elastic_rules/rules/linux/persistence_simple_web_server_connection_accepted.toml,sha256=_Axah_zgEWS8b1g0ewQ6CSvxqPyCZimUbBgeWD4uBKE,9254
nldcsc_elastic_rules/rules/linux/persistence_simple_web_server_creation.toml,sha256=xElzl5zz_TpPlqN0JeTOp7dcI1m8ubvw-AeLAWXf1f4,9517
nldcsc_elastic_rules/rules/linux/persistence_site_and_user_customize_file_creation.toml,sha256=FMedOQWLw9qBAQj1kcBq0WumwQAK_0E3WQa70a31fps,9876
nldcsc_elastic_rules/rules/linux/persistence_ssh_key_generation.toml,sha256=SOV5QSz_Wl-r1KYd6r98AFMMwfj4-VatQKtlPzPUDHE,6638
nldcsc_elastic_rules/rules/linux/persistence_ssh_netcon.toml,sha256=LTsjfJqwsMUOdUXZk7q19yNcvLDg4xG5xWImUeZ3PNs,8438
nldcsc_elastic_rules/rules/linux/persistence_ssh_via_backdoored_system_user.toml,sha256=2woSqdmAww_GNs9bohvXSZFOJz8JgQewbZCPAGBN81Y,9055
nldcsc_elastic_rules/rules/linux/persistence_suspicious_file_opened_through_editor.toml,sha256=Ai9eXbRfsr9B0-sTMoUD9ZrX8fdUg-VQOTMnL2FAN_4,9081
nldcsc_elastic_rules/rules/linux/persistence_suspicious_ssh_execution_xzbackdoor.toml,sha256=xr5g_mpZLO_ElEWbZ7-y5JzT55_isiqBhImVGJwS5zA,8190
nldcsc_elastic_rules/rules/linux/persistence_systemd_generator_creation.toml,sha256=P6Pz-MhvJQSR27tSFd6dGE54gYKMkevsldZUiLtF5eQ,10666
nldcsc_elastic_rules/rules/linux/persistence_systemd_netcon.toml,sha256=0Jxl8hQ0Tjm55CA7dModpALwEK-whXL3oAZ6ytVassw,10732
nldcsc_elastic_rules/rules/linux/persistence_systemd_scheduled_timer_created.toml,sha256=B1uNOGXnyQy6WOdbIq6O29mOWmYTiPVfhXIMSnSU9Eg,13493
nldcsc_elastic_rules/rules/linux/persistence_systemd_service_creation.toml,sha256=z98LcwvtMC8LzrL38njje59CVCNwUc1sgMDDdgzgSjo,15824
nldcsc_elastic_rules/rules/linux/persistence_systemd_service_started.toml,sha256=KtUM445pz2rwRSmf1CiPhj9ygrL5sZpIZka6YtsKsHE,13849
nldcsc_elastic_rules/rules/linux/persistence_systemd_shell_execution.toml,sha256=aNfrGhWPzxkLdIhMfYmhOqxWmrY8cUXrcNgG_PGCfv8,8396
nldcsc_elastic_rules/rules/linux/persistence_tainted_kernel_module_load.toml,sha256=r4DLzJJbsgbMDkEsgZkv23pjxaockJhU_dQhCXRvhYI,8295
nldcsc_elastic_rules/rules/linux/persistence_tainted_kernel_module_out_of_tree_load.toml,sha256=b3Gg61Sqpd1-Gxbn_riBjvgjj6mGqG7pJA5fAMIzVJM,8257
nldcsc_elastic_rules/rules/linux/persistence_udev_rule_creation.toml,sha256=IGeD1FvIiLo1sFox30lxFMVNVmxSXHv24RtbyQP-qWU,10132
nldcsc_elastic_rules/rules/linux/persistence_unpack_initramfs_via_unmkinitramfs.toml,sha256=-j9HCX1qfrVRL2jufE1gC06zQARaKXiouqS3jYxIhtY,8992
nldcsc_elastic_rules/rules/linux/persistence_unusual_exim4_child_process.toml,sha256=HnFzkdu4aivB4ao7SeVyN0m0Qf7OD3oWfHm4M18bESE,6644
nldcsc_elastic_rules/rules/linux/persistence_unusual_pam_grantor.toml,sha256=z3xbXysAYgFl-AvB8bmueVbr7BCrb9HFhMTdw-fbSds,7419
nldcsc_elastic_rules/rules/linux/persistence_unusual_sshd_child_process.toml,sha256=RjaX6E_y-FRk1G09vT0uQYkgo_UMTAqiq9sNCxqdB3U,7139
nldcsc_elastic_rules/rules/linux/persistence_user_credential_modification_via_echo.toml,sha256=F0nQnl3FTEF0ahex4O_dhstWf5NKSSX56pODlKY_W-s,7682
nldcsc_elastic_rules/rules/linux/persistence_user_or_group_creation_or_modification.toml,sha256=517fIU6PU9Jaa79Fmznz5w5XvgeLo1nL64_XuNHquLQ,8740
nldcsc_elastic_rules/rules/linux/persistence_web_server_sus_child_spawned.toml,sha256=jizvT4A1o0n_JkclMpLsG_I6oQovOKiNDUzyyw9_JOY,12952
nldcsc_elastic_rules/rules/linux/persistence_web_server_sus_command_execution.toml,sha256=R_m8UggNKhDzrFgDmgZS8PmB9PB8-2ah3BOZiXZqYq8,12201
nldcsc_elastic_rules/rules/linux/persistence_web_server_sus_destination_port.toml,sha256=vusP8UKmrQ-1gju8jtMjqFdPQ9Wk8j51GD_HRLjHONs,9854
nldcsc_elastic_rules/rules/linux/persistence_webserver_suspicious_child_execution.toml,sha256=AASpmzJTsWQjbrNV_OXv2MIcdf4vaRBtykBke0OHm24,13815
nldcsc_elastic_rules/rules/linux/persistence_webserver_suspicious_command_execution.toml,sha256=yeN7MzFJA5JsYm5SzC08h8Mhv_7EjJ2t_JsDfFr1uzw,19062
nldcsc_elastic_rules/rules/linux/persistence_webserver_unusual_child_execution.toml,sha256=_Z66xxPWRI9FsSv1ovbfmxGI_WreyGx4sSnu8_VE6zM,10439
nldcsc_elastic_rules/rules/linux/persistence_webserver_unusual_command_execution.toml,sha256=Y_3cfA3hXNEizPuVK1QKxGlKGkC46W24eACLa2IqoR0,9507
nldcsc_elastic_rules/rules/linux/persistence_xdg_autostart_netcon.toml,sha256=vTL1DPqs0X7h9mlxdW23zv7oDrOiP9PcNWAx12rLW_4,11528
nldcsc_elastic_rules/rules/linux/persistence_yum_package_manager_plugin_file_creation.toml,sha256=dnU9kXsHR_L7otTRCVjI_UqX7aH0oWqz0QsEORMTx9o,10032
nldcsc_elastic_rules/rules/linux/privilege_escalation_auditd_euid_root_shell_from_non_standard_path.toml,sha256=QrGDniwoLosk1lrPV8InA-_wfwKexTsF-h8Z9uiQNJM,4652
nldcsc_elastic_rules/rules/linux/privilege_escalation_auditd_nsenter_target_host_pid.toml,sha256=sobidgeuLtKSUxdd8KAQ2prjSfVcsJVKz-0baH6lf8E,3091
nldcsc_elastic_rules/rules/linux/privilege_escalation_chown_chmod_unauthorized_file_read.toml,sha256=lXxtEpf6mUrh_pIw1vMroKigvBCr1akN8PKFdbbmAw0,9371
nldcsc_elastic_rules/rules/linux/privilege_escalation_chroot_execution_container_context.toml,sha256=1azDfLgXZ0UMLLqcTHMQo9BOIgh6GvuOnSU6ENMVUok,7282
nldcsc_elastic_rules/rules/linux/privilege_escalation_container_runc_init_effective_root_auditd.toml,sha256=5wFM9vlG3ylA9N8BJlhYOcNyabWCs81Zf94AA4D7G_I,3923
nldcsc_elastic_rules/rules/linux/privilege_escalation_container_util_misconfiguration.toml,sha256=Mli4Yqyoqbv_fHulvkOV1fN992kdMAo0hKDCJPEvhfw,9701
nldcsc_elastic_rules/rules/linux/privilege_escalation_cve_2025_32463_nsswitch_file_creation.toml,sha256=_kvWGzWA2JfWEjkkSmOEVzQWgZDk7IbHKZ7NY9k9PL8,8322
nldcsc_elastic_rules/rules/linux/privilege_escalation_cve_2025_32463_sudo_chroot_execution.toml,sha256=uMUubsgpC1W1mPQYgJipFJetvI4QSxE3suEW5TA-tTU,8974
nldcsc_elastic_rules/rules/linux/privilege_escalation_cve_2025_41244_vmtoolsd_lpe.toml,sha256=o_fmj8_YuyxUq1bpqS_9SMeIcP-3L6MQrseN4Z11L28,10106
nldcsc_elastic_rules/rules/linux/privilege_escalation_dac_permissions.toml,sha256=3bYMHI4lIhjHvTcN8GmYpt-2lNpxbcJR1KyBRCJ_vog,9677
nldcsc_elastic_rules/rules/linux/privilege_escalation_debugfs_launched_inside_container.toml,sha256=ZCOEQVFXU0BJEDEPdy9qRiMseK4fN28gdWSJWndQyLQ,8354
nldcsc_elastic_rules/rules/linux/privilege_escalation_docker_escape_via_nsenter.toml,sha256=ELm_kKA_a6ogrvDSNBXoTn8iWa_ktWEBxHPRsX3hVy8,6062
nldcsc_elastic_rules/rules/linux/privilege_escalation_docker_mount_chroot_container_escape.toml,sha256=qMcWp3s1qW5JHfPPgyVyTO92xWJwhtBT7qlpNBZbxB4,9402
nldcsc_elastic_rules/rules/linux/privilege_escalation_docker_release_file_creation.toml,sha256=ZEwpFk_HvFiPtIKP9SArRPsRKAsvxxmUdZ-VhqxbicY,6177
nldcsc_elastic_rules/rules/linux/privilege_escalation_enlightenment_window_manager.toml,sha256=wVjv2dmu6kaYFivxiB-KJZB-lRD8wuJKvu-2OckSBg8,8192
nldcsc_elastic_rules/rules/linux/privilege_escalation_gdb_sys_ptrace_elevation.toml,sha256=_ucWmMGtfDc7h2DdqsrckqvPvOEfdKc4rDnQTmRD5uc,8393
nldcsc_elastic_rules/rules/linux/privilege_escalation_gdb_sys_ptrace_netcon.toml,sha256=Ny_di117g0UuFP8o9iDTW5LOAsMCQnin1NhkGIL-rk0,9594
nldcsc_elastic_rules/rules/linux/privilege_escalation_kworker_uid_elevation.toml,sha256=YQB90V2KJr4n-iIZgbtTij95e6fs_1VhD6BPmPPCQHY,8202
nldcsc_elastic_rules/rules/linux/privilege_escalation_ld_preload_shared_object_modif.toml,sha256=vuoW-VDRQ3HXm4IVfU4wUl91QHOTSN-gsQNzsIFTHG4,10349
nldcsc_elastic_rules/rules/linux/privilege_escalation_linux_suspicious_symbolic_link.toml,sha256=7XvuWDX68AqJSl4x4M9AvLqlXfrzhLU5VORtSaV3mD4,10205
nldcsc_elastic_rules/rules/linux/privilege_escalation_load_and_unload_of_kernel_via_kexec.toml,sha256=V4AnOYE6ND91hxBYPVjmx6wyctI6jGgzrNGpIuuyNJ0,9602
nldcsc_elastic_rules/rules/linux/privilege_escalation_looney_tunables_cve_2023_4911.toml,sha256=KAdXCOJPfwaBbPmxBBusALQT3mGuXDSV7CLQqFZSnq4,8973
nldcsc_elastic_rules/rules/linux/privilege_escalation_mount_launched_inside_container.toml,sha256=PAGyHLDFkHFw3Vaq1bNOkos91OE2w9H79rapyouZ14Q,8538
nldcsc_elastic_rules/rules/linux/privilege_escalation_overlayfs_local_privesc.toml,sha256=-g9FkzaXVBtkCgrI32Gsmbqt05PET-g6UpfPiK5wKgs,6453
nldcsc_elastic_rules/rules/linux/privilege_escalation_pkexec_envar_hijack.toml,sha256=LCQ2yzPV8Y9eGCMRvNjim5z89AZIQQT4ckvzJBimjcE,8675
nldcsc_elastic_rules/rules/linux/privilege_escalation_potential_bufferoverflow_attack.toml,sha256=nHc1pS4i9zFdfc2iJtT_P0qtPYQ_-q8QWJY3fF4xopk,6527
nldcsc_elastic_rules/rules/linux/privilege_escalation_potential_copy_fail_cve_2026_31431_exploitation_via_af_alg_socket.toml,sha256=MT169lIFWvFeD38dZtNctoS9_x4QPqve7mHdcPrAtHg,10481
nldcsc_elastic_rules/rules/linux/privilege_escalation_potential_suid_lpe_via_process_args.toml,sha256=VCjbHEJpiuIUtOB9TdjIeMYp-L3iVPRl3479UWKtrmk,3426
nldcsc_elastic_rules/rules/linux/privilege_escalation_potential_suid_sgid_exploitation.toml,sha256=cIAQClXReIMd6_uStvIk3J0nmt1OIHmMStkLOH2nijQ,11721
nldcsc_elastic_rules/rules/linux/privilege_escalation_potential_suid_sgid_proxy_execution.toml,sha256=aWTsqLdOLDLXOC5Cb0a60O-p3HkMby10RuSFMIEgcSA,10165
nldcsc_elastic_rules/rules/linux/privilege_escalation_potential_wildcard_shell_spawn.toml,sha256=3UXaY2MwmjpNNGPeHCK4pD9aqb_kLbgfyq0U0Ee1fQg,9340
nldcsc_elastic_rules/rules/linux/privilege_escalation_sda_disk_mount_non_root.toml,sha256=DqQ5bPhD1f0sYpoaAw5ylhOHVxRWsInvECH_Lut3nuA,8400
nldcsc_elastic_rules/rules/linux/privilege_escalation_shadow_file_read.toml,sha256=KHhFPJFE_Sz2Y2K2tG0uJnVf7LkdmXeJC-vC02o4j4c,8939
nldcsc_elastic_rules/rules/linux/privilege_escalation_snap_confine_lpe_via_cve_2026_3888.toml,sha256=_HBIr6Prw3ykM9dpt_denu78oqYVoXFodS_iG2bi3Jg,8855
nldcsc_elastic_rules/rules/linux/privilege_escalation_sudo_cve_2019_14287.toml,sha256=7Rs4y5RFRbS3Gctpse5QE5xwza0BpiCWG8XMRQgU40Y,8533
nldcsc_elastic_rules/rules/linux/privilege_escalation_sudo_hijacking.toml,sha256=3wTGIr5ScHEGwfw07R_eOTn-DCtARJIU1h_oDTkJOUc,10003
nldcsc_elastic_rules/rules/linux/privilege_escalation_sudo_token_via_process_injection.toml,sha256=I3rrDVPUaMv479E2B8tmFUuG6wpivxOOBP9lH6CUuuI,9138
nldcsc_elastic_rules/rules/linux/privilege_escalation_suspicious_cap_setuid_python_execution.toml,sha256=r-sm5yP0U8hrZu2oAguL3Y5bVGBJqWD_G5CBps7dCFs,8525
nldcsc_elastic_rules/rules/linux/privilege_escalation_suspicious_chown_fowner_elevation.toml,sha256=9sYi_7KSO6IkMdhWz1tzOh0oMeU7nF5pmZE9I6Tl5Ko,8696
nldcsc_elastic_rules/rules/linux/privilege_escalation_suspicious_passwd_file_write.toml,sha256=CEnq8qlkV6rYNdd4LapYdqHuknCBjI82uHHT7KPyQPk,10421
nldcsc_elastic_rules/rules/linux/privilege_escalation_suspicious_suid_binary_execution.toml,sha256=Dj2qz4HUyP8RmJrcV7mJb7owNZUkRaVisgvQpli2tt0,3972
nldcsc_elastic_rules/rules/linux/privilege_escalation_suspicious_suid_binary_execution_auditd_sequence.toml,sha256=l3K9WE8rmD8suE1EhqwgYaZZ2QP2yL89vtFb7VzX7Kc,4226
nldcsc_elastic_rules/rules/linux/privilege_escalation_suspicious_uid_guid_elevation.toml,sha256=WtnmNxzgnMiNTVI5X0xCiRw_yU6dmLqkVD3gG3V6TaA,10251
nldcsc_elastic_rules/rules/linux/privilege_escalation_uid_change_post_compilation.toml,sha256=GrTI3JyVJfIukuAKmOGrQslN0x8OjCt7KHsvQG54QtE,8866
nldcsc_elastic_rules/rules/linux/privilege_escalation_uid_elevation_from_unknown_executable.toml,sha256=8l05oYqaYU49ce64gd2n_lZsF689JeVJ7zAKYNyFUP8,9944
nldcsc_elastic_rules/rules/linux/privilege_escalation_unshare_namespace_manipulation.toml,sha256=mLkyu3JeiTd-vlAbvgbVaBP-0GpYQSEnJ76gxW0jhQ8,9459
nldcsc_elastic_rules/rules/linux/privilege_escalation_unshare_to_root_process_auditd_sequence.toml,sha256=Dujr7ZWL7bGxHtaseqzzFL3_DDwmKDGNtnBoABcsXTo,5223
nldcsc_elastic_rules/rules/linux/privilege_escalation_writable_docker_socket.toml,sha256=P-ZaMYgTS4x44XEID60L6l7Vibd9Ac3p60ieQsUPrwY,8444
nldcsc_elastic_rules/rules/macos/collection_discovery_output_written_to_suspicious_file.toml,sha256=xwDahuEnvInzQNl-YSQDj6apA2DuzJtg6DoVn3PiYEQ,6585
nldcsc_elastic_rules/rules/macos/collection_pbpaste_execution_via_unusual_parent.toml,sha256=MOuIwF0QUZdKLrEgeF4kgzk_LsjtTW6sNmAUTWPVd2o,5296
nldcsc_elastic_rules/rules/macos/collection_sensitive_file_access_followed_by_compression.toml,sha256=wqUH5zCiqC3t5TfHw4J322zEEriSEpvZX__yco1zQXg,6115
nldcsc_elastic_rules/rules/macos/command_and_control_aws_s3_connection_via_script.toml,sha256=j5RvTdRmL8EeUycr7wLuaQ8S1iKzfm8tLA6tWOUo6Nw,7251
nldcsc_elastic_rules/rules/macos/command_and_control_executable_download_via_wget.toml,sha256=L9a2W_0xlldlGc5k3KsT_707Vy2ham61BC14Gz88l6M,5736
nldcsc_elastic_rules/rules/macos/command_and_control_google_calendar_c2_via_script.toml,sha256=6TisMYV64z7_RfrG4kk6XinQGb1CVRAxEWe3HrrLKHs,6672
nldcsc_elastic_rules/rules/macos/command_and_control_network_connection_to_oast_domain.toml,sha256=yMBLf8adcU90udEUS37t4_BNWCe5r6v1rz4hU9bRv4s,6315
nldcsc_elastic_rules/rules/macos/command_and_control_perl_outbound_network_connection.toml,sha256=JbyGgGKWtd369aLqVsVSbyG8rnCDIQSGbr5VbeK5lp8,6356
nldcsc_elastic_rules/rules/macos/command_and_control_potential_etherhiding_c2.toml,sha256=HUnosSemPtKXtf_0J0XFRzVb0AFyTX-Pg8q-kw3GQmA,6867
nldcsc_elastic_rules/rules/macos/command_and_control_script_interpreter_connection_to_non_standard_port.toml,sha256=Rdvm4HyT6ElB8sDd6_mF4S0F3rJed_CCUgtutbdmNA4,7308
nldcsc_elastic_rules/rules/macos/command_and_control_suspicious_curl_from_macos_application.toml,sha256=Uif-uZTrxwKkylsZXEGlRR04THbshYVEuUiAah1LgY8,6557
nldcsc_elastic_rules/rules/macos/command_and_control_suspicious_curl_to_google_app_script.toml,sha256=zXkuPyvH0gtre-yotayhTeRg3x0hWQ7B-jWDLRfvegE,5836
nldcsc_elastic_rules/rules/macos/command_and_control_suspicious_outbound_network_via_unsigned_binary.toml,sha256=2s8CD4kXobynzeODmrWIwRMXbxlb7deFMkJ0zJ_zim8,6275
nldcsc_elastic_rules/rules/macos/command_and_control_unusual_connection_to_suspicious_top_level_domain.toml,sha256=LN8dHmYMcoYkttyNBU4NqsUQfgPZLaENnkcHjVuFu6E,5965
nldcsc_elastic_rules/rules/macos/command_and_control_unusual_network_connection_to_suspicious_web_service.toml,sha256=WphYKDvn9nqOyVuTxCMbSJvygAupm3d29bC3Qso7IzY,9578
nldcsc_elastic_rules/rules/macos/credential_access_credentials_keychains.toml,sha256=dy_0jIupjutCU81DgrEwQ7BEQ3A6r1zv2R41NMtbLOY,8142
nldcsc_elastic_rules/rules/macos/credential_access_dumping_hashes_bi_cmds.toml,sha256=qepAstJGgNLsbGiD73CXNceyg_7brgJd_aB4ay653a8,7909
nldcsc_elastic_rules/rules/macos/credential_access_dumping_keychain_security.toml,sha256=s9_J0Ulfo1eTvKajhrw8iYXxsEpqsVAgnq56EOSXq5k,7610
nldcsc_elastic_rules/rules/macos/credential_access_high_volume_of_pbpaste.toml,sha256=SisKEgfQT4DzJ_2UImkdyoRcKTMKMlI5aLRobiuARLk,6003
nldcsc_elastic_rules/rules/macos/credential_access_kerberosdump_kcc.toml,sha256=-q3h-0Beeutv-XlsW4UY8lp8RD7aCFvlUo2_3DZNG8w,7840
nldcsc_elastic_rules/rules/macos/credential_access_keychain_pwd_retrieval_security_cmd.toml,sha256=0piy0-RiarUCUyfIU9cnJJGDWAvPcb8-t1rlli9Ftdk,8706
nldcsc_elastic_rules/rules/macos/credential_access_mitm_localhost_webproxy.toml,sha256=l3u2tcycx7XUBfCng29HkI1twXENMmUGdfaaTi-JnHw,8384
nldcsc_elastic_rules/rules/macos/credential_access_potential_macos_ssh_bruteforce.toml,sha256=DUHP0jiMICAPZbUEv5cN7BpiomoMrKYzk4woelzzPlk,6863
nldcsc_elastic_rules/rules/macos/credential_access_promt_for_pwd_via_osascript.toml,sha256=LNUHFvYwnxcS0m6cwxLKZCiYeDmrgYPXapN2RPAZjbs,9360
nldcsc_elastic_rules/rules/macos/credential_access_python_sensitive_file_access_first_occurrence.toml,sha256=6udJ1Zv0RpvsYyr0oCPMNMc7iqLjweF_NhS4RBMUTNc,5443
nldcsc_elastic_rules/rules/macos/credential_access_suspicious_web_browser_sensitive_file_access.toml,sha256=rkZznN7WcPIffgCzTuo2cjAnrSH8g2A84zZvWh2vnfw,8371
nldcsc_elastic_rules/rules/macos/credential_access_systemkey_dumping.toml,sha256=3ARfBxKV2v53aXRpZwdgYP_tBheKEz1T0iFUohYI_No,7972
nldcsc_elastic_rules/rules/macos/defense_evasion_apple_softupdates_modification.toml,sha256=yFV-BoqtU5DTjVn8c3ScavwAT0dFLs2klFWKV7S6YV4,7933
nldcsc_elastic_rules/rules/macos/defense_evasion_attempt_del_quarantine_attrib.toml,sha256=kRhZn-xbNzI1XlZRlBRLHEWIdizNcBNaP9ND3XxoFqw,8685
nldcsc_elastic_rules/rules/macos/defense_evasion_attempt_to_disable_gatekeeper.toml,sha256=ehfkbrxCsyGASpi1wu9cTAz_uiHJY44_wXW-DFugs8o,7734
nldcsc_elastic_rules/rules/macos/defense_evasion_dylib_injection_via_env_vars.toml,sha256=lJP_D2P8N7ZECDCu2K9yP_FPMNh6w5Lp3yZQkXJ0abw,7241
nldcsc_elastic_rules/rules/macos/defense_evasion_gatekeeper_override_and_execution.toml,sha256=JotZlue8arnAqFmjPGpUa5DtAM_ZZ2Z-PxIKOnl0uc0,5912
nldcsc_elastic_rules/rules/macos/defense_evasion_install_root_certificate.toml,sha256=xvgo9kKY1acPOjih3Xe3a_Q2HDwhvqdbad1D6xHQXdw,8341
nldcsc_elastic_rules/rules/macos/defense_evasion_modify_environment_launchctl.toml,sha256=a5DE9lZ9HPP1i1S75urFIjg6d_C7asBgo_-VIZmId_w,8209
nldcsc_elastic_rules/rules/macos/defense_evasion_privacy_controls_tcc_database_modification.toml,sha256=63GudLMN52jCOLQ2_-tGopNtci6v5sbYRgbRYfEVxrY,8464
nldcsc_elastic_rules/rules/macos/defense_evasion_privilege_escalation_privacy_pref_sshd_fulldiskaccess.toml,sha256=9rJeflU2x0XvKinbXMqi9gjBvALgVPUm-Er0_oEDlgc,8413
nldcsc_elastic_rules/rules/macos/defense_evasion_safari_config_change.toml,sha256=PS9Quc5Hm2oKpSPkiFmHhQAQLz7pfYdvJtlnvEIZt_k,8050
nldcsc_elastic_rules/rules/macos/defense_evasion_sandboxed_office_app_suspicious_zip_file.toml,sha256=kQClhIz-iXOlDAZCsYwHgnlFtOqPsVy9MHhj4MSH1PE,7781
nldcsc_elastic_rules/rules/macos/defense_evasion_suspicious_tcc_access_granted.toml,sha256=SrdP7KCJ9W0MG1Qm93Tsic2oguvCPyqAZBokIYnDgrg,6494
nldcsc_elastic_rules/rules/macos/defense_evasion_tcc_bypass_mounted_apfs_access.toml,sha256=ilfSTQWE4z4NRlWyql4U-bE8qq-9-j_0uYHBwf0f7O0,7682
nldcsc_elastic_rules/rules/macos/defense_evasion_unload_endpointsecurity_kext.toml,sha256=dPnT7UmAw6QDOSGOEn8ESLPrix3c2KcAjLgsVI-e13E,8115
nldcsc_elastic_rules/rules/macos/discovery_dns_request_for_ip_lookup_service.toml,sha256=NuZGT6z61S1lojntwKEbqdELDeXNDa3w38sB8usRKJQ,6609
nldcsc_elastic_rules/rules/macos/discovery_external_ip_address_discovery_via_curl.toml,sha256=umZGY6wimNB9vaSo79VKGFwGgsfIHnz01fZl6GKFl4I,6492
nldcsc_elastic_rules/rules/macos/discovery_full_disk_access_check.toml,sha256=BcZypjOs0QtoEIL6CJ5odY9l_7iIv2xhSzUOMSCskzU,6514
nldcsc_elastic_rules/rules/macos/discovery_suspicious_sip_check.toml,sha256=lspk--PJ0yFwsmutmBwySBLzbrwZnQFzX7NH3113GQU,6774
nldcsc_elastic_rules/rules/macos/discovery_system_and_network_configuration_check.toml,sha256=y1ugnHC8mfxK6wKnBn4oLXCSdxLyuJ55INrH8RlFNLw,5933
nldcsc_elastic_rules/rules/macos/discovery_users_domain_built_in_commands.toml,sha256=s8tFpAEoNnVzmBiNJb6XMVdZxVuycoFHXXZY5V1OLQw,8880
nldcsc_elastic_rules/rules/macos/execution_defense_evasion_electron_app_childproc_node_js.toml,sha256=gQxwltDO2bNgiKVyGroFtUid3F36ZcN_Xn2-2wsGwpE,8230
nldcsc_elastic_rules/rules/macos/execution_initial_access_suspicious_browser_childproc.toml,sha256=QmfN2Mne8_eRNspKv_hqYtJdRskLbk10V1wEYLBmELU,9517
nldcsc_elastic_rules/rules/macos/execution_installer_package_spawned_network_event.toml,sha256=nWtzbSoynTus9KkYnHJQ49ocYpqfFCIlr7SF-mFf420,9755
nldcsc_elastic_rules/rules/macos/execution_python_shell_spawn_first_occurrence.toml,sha256=eA5zI-gJFTlvfpXZC9Nu8lQ9O-Ymm-gNIuOYMlLShyE,5030
nldcsc_elastic_rules/rules/macos/execution_script_via_automator_workflows.toml,sha256=5y3Qae-BhuwA6vtpIjtQx575-b1XizDY28Wt9F8GqVU,7636
nldcsc_elastic_rules/rules/macos/execution_scripting_osascript_exec_followed_by_netcon.toml,sha256=aBH9o_UxMOgDaek1EP_xfh6YOV2_lo74uYEpmRJPjzY,8665
nldcsc_elastic_rules/rules/macos/execution_shell_execution_via_apple_scripting.toml,sha256=fB8WatbAZwjIuCozGWpM8Io-FYAx0HhbO_sKIKAlePU,8256
nldcsc_elastic_rules/rules/macos/execution_unusual_library_load_via_python.toml,sha256=mAzuYR87L_l5VTq4InVSegibQlpNEAuRmDARIoF9490,5619
nldcsc_elastic_rules/rules/macos/initial_access_suspicious_mac_ms_office_child_process.toml,sha256=npaM1sesRTrm3sGRwbuq9q3J6cXQgH6ybNbFw5xKMjM,10834
nldcsc_elastic_rules/rules/macos/lateral_movement_credential_access_kerberos_bifrostconsole.toml,sha256=Zt5wKTU7tKZsit8CJdJlGuxWrq7hSKmiBUCxxWp5KaI,9311
nldcsc_elastic_rules/rules/macos/lateral_movement_mounting_smb_share.toml,sha256=c1-KZz_e9CoLb-TOTopEwi2QNcJjcGoA9EQp40zG8IM,7912
nldcsc_elastic_rules/rules/macos/lateral_movement_remote_ssh_login_enabled.toml,sha256=FWVZvpqqPMtUB9LpmszinxhaDGlf2I-7F5njoukHkNs,7933
nldcsc_elastic_rules/rules/macos/lateral_movement_suspicious_curl_to_jamf_endpoint.toml,sha256=ThmVN7pBYiX_HxFvDGcj1L8YLF8au0Qr6xjBIrYmo2k,6043
nldcsc_elastic_rules/rules/macos/lateral_movement_vpn_connection_attempt.toml,sha256=7WRi1shjT2Z6I9xbLSkEfTg9RT-uzVigptH8Lp0_UzM,7775
nldcsc_elastic_rules/rules/macos/persistence_account_creation_hide_at_logon.toml,sha256=aBK3EWXSEsoDYJjs6MK7p-yVPAqRh9gGHZSaK4u34yk,8361
nldcsc_elastic_rules/rules/macos/persistence_apple_mail_rule_modification.toml,sha256=7CyzXwvQiPDBeb_L3dtgyIHQpL9U_XzQK8MnBJYMRwc,6656
nldcsc_elastic_rules/rules/macos/persistence_creation_change_launch_agents_file.toml,sha256=optB9gXms9PVgG_qyGkx4FhFdeHiedDVFRihc6kGxrc,8714
nldcsc_elastic_rules/rules/macos/persistence_creation_hidden_login_item_osascript.toml,sha256=oDX_k5dgN_2VdUNpa-xp0JB8vWzITpOGa1MD0cYp3PE,7917
nldcsc_elastic_rules/rules/macos/persistence_credential_access_authorization_plugin_creation.toml,sha256=jqf1OnmtwiUtE9OHOtFv3P6m_n0L9JhglnaiX8QmSeE,8504
nldcsc_elastic_rules/rules/macos/persistence_crontab_creation.toml,sha256=DsNu_8dufOcZApPCdBR49MO56v0tdd6P9zSJ-0eLSWs,7954
nldcsc_elastic_rules/rules/macos/persistence_curl_execution_via_shell_profile.toml,sha256=tljKoyDVSLeoahmEz-eicSnGNkY7uboG-hQ5IzIhXM0,6090
nldcsc_elastic_rules/rules/macos/persistence_defense_evasion_hidden_launch_agent_deamon_logonitem_process.toml,sha256=wnynnVG-s35wHcBNL98fctXIk33RA-KsqNvOg6CTVYk,8360
nldcsc_elastic_rules/rules/macos/persistence_directory_services_plugins_modification.toml,sha256=mlJ2aANdykX4qyueKaW0nkM4CObJEzxDEFMBWb3r3c0,7864
nldcsc_elastic_rules/rules/macos/persistence_docker_shortcuts_plist_modification.toml,sha256=lpwx2Fk_8eRRi1J96CLxxmouR_HVRRkqVb45MyDFTCg,8005
nldcsc_elastic_rules/rules/macos/persistence_emond_rules_file_creation.toml,sha256=JYS16uMIxV-nVhaf7z3pgWglU8pB8k1uLITem8ubZ9o,8086
nldcsc_elastic_rules/rules/macos/persistence_emond_rules_process_execution.toml,sha256=1POPnK7n1EB5yuz3dZRXCJYAnU7z7iHMR6X7HNkS6hQ,9106
nldcsc_elastic_rules/rules/macos/persistence_enable_root_account.toml,sha256=j6uPvGUmetQzi7FcMSCkjI-TuP9XGzfjJi8yrw7vAKM,7266
nldcsc_elastic_rules/rules/macos/persistence_evasion_hidden_launch_agent_deamon_creation.toml,sha256=zcfHQ8YJo1jJ_uSxhDIvmOrW6EkDK3c7UW44YVk1c6U,8309
nldcsc_elastic_rules/rules/macos/persistence_finder_sync_plugin_pluginkit.toml,sha256=wQNnN10W1sdLOag8Lqakra2HMw4Y9SqGlPz2bETo2f8,7836
nldcsc_elastic_rules/rules/macos/persistence_folder_action_scripts_runtime.toml,sha256=ge_tMIkAVP1hF3w89Z-evMJXWRMBK7tZJz9ts-BZt04,8229
nldcsc_elastic_rules/rules/macos/persistence_hidden_plist_filename.toml,sha256=5PQ1eIdfDATzG34UnIq5QTfO0Icl_bqAEmdHiuHI6jI,6323
nldcsc_elastic_rules/rules/macos/persistence_login_logout_hooks_defaults.toml,sha256=JZZoBxHqVOBok1KEPNcU0xE3V6UOFkPOtZ85Dd2TXUk,7377
nldcsc_elastic_rules/rules/macos/persistence_loginwindow_plist_modification.toml,sha256=D97wpif7WF8xtflP85iDYGmR2cTupgiE1sKHOsxFPnA,4491
nldcsc_elastic_rules/rules/macos/persistence_manual_chromium_extension_loading.toml,sha256=mHTjaL04wEQzhhytyOHXhiku72CjOh52UJkcjiv5-9c,6302
nldcsc_elastic_rules/rules/macos/persistence_modification_sublime_app_plugin_or_script.toml,sha256=EuOo_KJ_BadsO4mpfnWiharCGoEnmsfZDmp0gNUWvew,8273
nldcsc_elastic_rules/rules/macos/persistence_periodic_tasks_file_modify.toml,sha256=acbzspvAYZ-pRmwWM0xWTnAJS69fl5tsddhGpgDALuU,7859
nldcsc_elastic_rules/rules/macos/persistence_python_launch_agent_or_daemon_creation_first_occurrence.toml,sha256=rqSMPrOsNIUbMMm3L5TtnZ87Y1jNpfOoiSUdZe3Zbno,4739
nldcsc_elastic_rules/rules/macos/persistence_screensaver_engine_unexpected_child_process.toml,sha256=gPR2OV-QlPwZvEiqGP8HY80yr4nfBg8ynKGQ9rlU8Pc,4217
nldcsc_elastic_rules/rules/macos/persistence_screensaver_plist_file_modification.toml,sha256=s5lUQ780NeFtA6b33xrrIGPZ7mlyzf50queKHKIFi9E,4904
nldcsc_elastic_rules/rules/macos/persistence_startup_item_plist_creation.toml,sha256=NKDSf-jeYjkAev1U9odr8gJ222nUaSwDoz4Fz6kY5xw,5047
nldcsc_elastic_rules/rules/macos/persistence_suspicious_calendar_modification.toml,sha256=ZnYLMS2ZhEqTX1kGBRFsttUsBXFJ1nVc6p4mpo8DCmk,7595
nldcsc_elastic_rules/rules/macos/persistence_suspicious_file_creation_via_pkg_install_script.toml,sha256=vlR2bowla5b1GLX1H-LsJlCasC_Lkl9Xn_QH-PcYHmI,6570
nldcsc_elastic_rules/rules/macos/persistence_suspicious_launch_agent_or_launch_daemon.toml,sha256=mt59iKhzbqu4Yuw6q38KWyavjO3cRK9toSOqJTZhC9c,6834
nldcsc_elastic_rules/rules/macos/persistence_via_atom_init_file_modification.toml,sha256=TOt93DHMwUEmgS2mzzSGqq6Q-Z9g3qYRHvVlJFQX8nM,7673
nldcsc_elastic_rules/rules/macos/privilege_escalation_applescript_with_admin_privs.toml,sha256=wuR-mywgSgRmgiQ1BIRhWj8LGpaYmgqDNKILPvW8qkA,7949
nldcsc_elastic_rules/rules/macos/privilege_escalation_explicit_creds_via_scripting.toml,sha256=EVIsstmTnAg3sjkJ_cN4qYIqfiG2Xce-X8apIYxF0i4,9057
nldcsc_elastic_rules/rules/macos/privilege_escalation_exploit_adobe_acrobat_updater.toml,sha256=-99EFGyt0XZ_iUpbaBmg0jC6x9-tVTKFGsuNlLu3d8A,8647
nldcsc_elastic_rules/rules/macos/privilege_escalation_local_user_added_to_admin.toml,sha256=FXjhhqkOnfC7U4nBNBiVrHip-DLBuf4yqo4Da8hKIyQ,8344
nldcsc_elastic_rules/rules/macos/privilege_escalation_root_crontab_filemod.toml,sha256=Es9pov7nRqsJ5ZsSFFYuDed5FewpCWYNH5Xv2HDsXC8,7371
nldcsc_elastic_rules/rules/macos/privilege_escalation_user_added_to_admin_group.toml,sha256=uVJ86E5-SpzdmEzm1aidb3ncseNRRTlxc1fvvkKwEvM,4104
nldcsc_elastic_rules/rules/ml/command_and_control_ml_packetbeat_dns_tunneling.toml,sha256=mZtTxCyaU_Zjw5Croj03zeQa_GrgdtIoRwrAEecD_P8,9874
nldcsc_elastic_rules/rules/ml/command_and_control_ml_packetbeat_rare_dns_question.toml,sha256=P0l6ztGojlBqavpvBZitE-VcWFSsZeyoqZOiONAqbfU,10709
nldcsc_elastic_rules/rules/ml/command_and_control_ml_packetbeat_rare_urls.toml,sha256=Q9ltv6ZWA_AE8C2NsXFE8AzJO9Nxi3Db24CPCSFNBGA,10836
nldcsc_elastic_rules/rules/ml/command_and_control_ml_packetbeat_rare_user_agent.toml,sha256=W4TrmMSSAloPaUOihWm3EsX6PewswYkj53VoEkCDunM,10032
nldcsc_elastic_rules/rules/ml/credential_access_ml_auth_spike_in_failed_logon_events.toml,sha256=DaMKXXbj2kmtJGtmuUevuti8grmKfCJBaf9h29n0h2s,9659
nldcsc_elastic_rules/rules/ml/credential_access_ml_auth_spike_in_logon_events.toml,sha256=CNsQx-cfyh_wH-cW2wc60PjIsPZ8RBeZTz7zAwLlYTc,10849
nldcsc_elastic_rules/rules/ml/credential_access_ml_auth_spike_in_logon_events_from_a_source_ip.toml,sha256=9tFZy90h9G_vHQgihtoXcq3PfsRyw_Q3Qdk96CJIEKs,9417
nldcsc_elastic_rules/rules/ml/credential_access_ml_linux_anomalous_metadata_process.toml,sha256=BkT3jGV6kl4a-S3mI0DpKpYsmBbNHcu_sQ3EgJGG54s,9976
nldcsc_elastic_rules/rules/ml/credential_access_ml_linux_anomalous_metadata_user.toml,sha256=WtTqiGUunsnWYfE5JQEM6ZU4pMStX8bn5hhfXbTUcTU,10139
nldcsc_elastic_rules/rules/ml/credential_access_ml_suspicious_login_activity.toml,sha256=hhM8eRvz4uBnyrCX6fL_VuWaMt0ThJcomJDFyFmL7YA,10374
nldcsc_elastic_rules/rules/ml/credential_access_ml_windows_anomalous_metadata_process.toml,sha256=KTdWZ98SFnUQw-03XptlRtKUEngVbZXYIU3kzxYv71w,9127
nldcsc_elastic_rules/rules/ml/credential_access_ml_windows_anomalous_metadata_user.toml,sha256=-FQYxq29howmgJnuY7xwa2N_j1wzDgBPkj_sIfo2a6A,9025
nldcsc_elastic_rules/rules/ml/discovery_ml_linux_system_information_discovery.toml,sha256=wgu-STwrO_VUgAZwM_ezR8LmM_FOsLtj23uDMQQO2pM,9947
nldcsc_elastic_rules/rules/ml/discovery_ml_linux_system_network_configuration_discovery.toml,sha256=UUOQgpBtx7-kjiW6En5GUod261l1OIhdVTPzazBkkSg,10327
nldcsc_elastic_rules/rules/ml/discovery_ml_linux_system_network_connection_discovery.toml,sha256=rb-yuYUGQ7e3kiQe6ev-_rFeHjleDD_kwBuS21M52_E,9699
nldcsc_elastic_rules/rules/ml/discovery_ml_linux_system_process_discovery.toml,sha256=5-nmMdEziQjj-VcFjC71Ok_JeqJhfwJAbtAMI4Ee1qM,10093
nldcsc_elastic_rules/rules/ml/discovery_ml_linux_system_user_discovery.toml,sha256=xFI6RzxYaUf80AAcRu8Qy-ZLJ80DHx768GPUjWGM1Xg,9712
nldcsc_elastic_rules/rules/ml/execution_ml_windows_anomalous_script.toml,sha256=Jc6ZJtSCvDbieGbLVK0M1VDuIO0DpKVrc2-UpGYtQzg,9567
nldcsc_elastic_rules/rules/ml/execution_ml_windows_rare_script.toml,sha256=MGn7aNXMxPhii1VDuN9oTYaILEnsEARf-GZeLg1ukLA,9354
nldcsc_elastic_rules/rules/ml/initial_access_ml_auth_rare_hour_for_a_user_to_logon.toml,sha256=JlICb1cnsjnoahoRPBprnq9fdyxKAriRxuNtZQaQPK8,8523
nldcsc_elastic_rules/rules/ml/initial_access_ml_auth_rare_source_ip_for_a_user.toml,sha256=vgFI6yaVcpjaQGO6GmXoTTyipZGjHCFHnzKnUb1fNeE,10789
nldcsc_elastic_rules/rules/ml/initial_access_ml_auth_rare_user_logon.toml,sha256=v0yg8giuFwq0rjbfgFFuq1BYqHUf8KcnGJAiTyP7weU,8836
nldcsc_elastic_rules/rules/ml/initial_access_ml_linux_anomalous_user_name.toml,sha256=GxgKAN6ux75R3aEsqemEFusXk09M5MMj8h-VeEgWyXs,7543
nldcsc_elastic_rules/rules/ml/initial_access_ml_windows_anomalous_user_name.toml,sha256=tItrKb5eueyt5ubj5ou-f4QFs-5QhqcZt2KEfAcE4Sw,7239
nldcsc_elastic_rules/rules/ml/initial_access_ml_windows_rare_user_type10_remote_login.toml,sha256=VbpB7nU8m5ukGp77O1Q0ghosRyIiH2JQfWWQZZ0u2lA,6205
nldcsc_elastic_rules/rules/ml/ml_high_count_events_for_a_host_name.toml,sha256=sakXBIZBKlUTEGu1m720amyZ7_C5UvtfFE0swKOeWh4,9432
nldcsc_elastic_rules/rules/ml/ml_high_count_network_denies.toml,sha256=1ZA863ngdA2zzlVetsUxcEFYZb5SYoMl4TlMAgeUbmI,11074
nldcsc_elastic_rules/rules/ml/ml_high_count_network_events.toml,sha256=Opp883aStXYGCLFyt7t9Krm1aCGH26IzqFHkWQYIc9I,10376
nldcsc_elastic_rules/rules/ml/ml_linux_anomalous_network_activity.toml,sha256=rqCWhpGRwV43zvSRl0W9rV1vEgDVgBsnZ9KCYvobpPM,8136
nldcsc_elastic_rules/rules/ml/ml_linux_anomalous_network_port_activity.toml,sha256=HmM4uNk3c_FsfhCifFb6Lf2Tr9JqsCngsylMNDUG2zI,10673
nldcsc_elastic_rules/rules/ml/ml_low_count_events_for_a_host_name.toml,sha256=lT5cZixzosLlsY6tdWIdU9k2G9k0ATnLHAZHLK4D-WA,7886
nldcsc_elastic_rules/rules/ml/ml_packetbeat_rare_server_domain.toml,sha256=WEkaIJyF42Bh5mL-MBX_ZeXF53LjdDsTgN842XUie7g,11563
nldcsc_elastic_rules/rules/ml/ml_rare_destination_country.toml,sha256=EsiFAAl8-f6JXxRQibGpvqxT1jEXthoZzhRbm4TGmDM,11895
nldcsc_elastic_rules/rules/ml/ml_spike_in_traffic_to_a_country.toml,sha256=dQszVvTUHbONhECJfrdZqdqf47T4Birjkr4pRDSW4e0,10371
nldcsc_elastic_rules/rules/ml/ml_windows_anomalous_network_activity.toml,sha256=vb9YMwPUM8fM8BsjpRIJFMAT4xXFKgzxWX-yXwlzMds,8108
nldcsc_elastic_rules/rules/ml/persistence_ml_linux_anomalous_process_all_hosts.toml,sha256=rmBuY8kF9ng9GJK39fIebrII13Hwu296zZlQhilDNUM,9438
nldcsc_elastic_rules/rules/ml/persistence_ml_rare_process_by_host_linux.toml,sha256=YZLNJBo2CUr4ZeOPf-0RDO0MUNHUWAHkzcJSa2HE_rg,9417
nldcsc_elastic_rules/rules/ml/persistence_ml_rare_process_by_host_windows.toml,sha256=P2F3m_Ym-riUQD99CRtaRJm2VQd7pJtfHT6XYQuNyy8,12168
nldcsc_elastic_rules/rules/ml/persistence_ml_windows_anomalous_path_activity.toml,sha256=EqGtudNBO4GJy4uLb_fWYlOl1tZ_TwX62CwOqvWG_W0,9864
nldcsc_elastic_rules/rules/ml/persistence_ml_windows_anomalous_process_all_hosts.toml,sha256=hitO0X3wJodJ9gVeNHZJqQ2DdSqJAcgzKjirMpdeaQ4,12065
nldcsc_elastic_rules/rules/ml/persistence_ml_windows_anomalous_process_creation.toml,sha256=xfshT4xOz0_EbYbqHXG2_TSPGItgImVwNwJ-16h9dSk,12897
nldcsc_elastic_rules/rules/ml/persistence_ml_windows_anomalous_service.toml,sha256=sEf5s4_H5BjNxUdut8B7qku0Vvz6dsg_yqM5ZwCdCrw,9560
nldcsc_elastic_rules/rules/ml/privilege_escalation_ml_linux_anomalous_sudo_activity.toml,sha256=0tRdDATJtgTFpoW1qPaeR9IQ_twWsUcuOTPtdr-DUQY,9982
nldcsc_elastic_rules/rules/ml/privilege_escalation_ml_windows_rare_user_runas_event.toml,sha256=lBT4_R1yw9u_2X9RupEaNzlCTWJxu5_8xxOAYAkyFNw,9238
nldcsc_elastic_rules/rules/ml/resource_development_ml_linux_anomalous_compiler_activity.toml,sha256=zk4g-3dX4KPEBHCyW5eR2oyFMwYJeVijk43gL_WZioQ,10578
nldcsc_elastic_rules/rules/network/collection_fortigate_config_download.toml,sha256=kD5Fn2lUaNgreIyL7VQn65yqGAQDpMNI9CXHDrWIY9A,5108
nldcsc_elastic_rules/rules/network/command_and_control_accepted_default_telnet_port_connection.toml,sha256=pSI0jekNi9xNTnVKl0EB3CoaIpTtQDQQONTuiQUdFus,7627
nldcsc_elastic_rules/rules/network/command_and_control_cobalt_strike_beacon.toml,sha256=DS85JPqoNunBwJSNyHfKN15QLK1VcO3mchN2qMfQ4-4,6460
nldcsc_elastic_rules/rules/network/command_and_control_cobalt_strike_default_teamserver_cert.toml,sha256=8klbMtIO80F__AgQ30MJDUOSGqM7WcJrsRowKmZ_1Ug,6731
nldcsc_elastic_rules/rules/network/command_and_control_download_rar_powershell_from_internet.toml,sha256=IFTPp1CFPy8L_NlfnyCqk7rJyLGkJKh9OWaB6MyUjjU,6864
nldcsc_elastic_rules/rules/network/command_and_control_fin7_c2_behavior.toml,sha256=nVRmmw8UP7F8zGjooHU9ag4UdC9efWSO9JLbIMwKCUc,2602
nldcsc_elastic_rules/rules/network/command_and_control_halfbaked_beacon.toml,sha256=YEkPBNalEzVheow3xoIkoPkVlGyaVqoYTCizhkIEyV0,6215
nldcsc_elastic_rules/rules/network/command_and_control_nat_traversal_port_activity.toml,sha256=X36FhG-nvZgD4CS5IPw83awQdQMuXhKxEPZ08xFPZy0,6471
nldcsc_elastic_rules/rules/network/command_and_control_port_26_activity.toml,sha256=gYHg9rQ2XutpGBT8aMgWM1RMrR7TY0tKNGbTuYCVOAA,6263
nldcsc_elastic_rules/rules/network/command_and_control_rdp_remote_desktop_protocol_from_the_internet.toml,sha256=ueinbz1xRrDWf_nYpr5TyOEGPt8642m0xBCrXl8LaSY,7864
nldcsc_elastic_rules/rules/network/command_and_control_vnc_virtual_network_computing_from_the_internet.toml,sha256=myYUsQhq81ZW_BTEYO0OzmncjpiJ8er-CSnvzJI-3bk,7105
nldcsc_elastic_rules/rules/network/command_and_control_vnc_virtual_network_computing_to_the_internet.toml,sha256=nf0DznFejKGF3k42nL8DuRe2tuIbVxsxtOtlHk66rMM,7069
nldcsc_elastic_rules/rules/network/credential_access_cloud_imds_credential_http_request.toml,sha256=S71dcK6sQlD37v5tAOolBBcRzOgqAEpP2kK4eS4STK4,5064
nldcsc_elastic_rules/rules/network/credential_access_dhcp_multiple_servers_same_transaction.toml,sha256=QtF8pF3p--oOZUiSRNFdniXbTi1TbT7-K9WQDs5ZANU,7157
nldcsc_elastic_rules/rules/network/defense_evasion_fortigate_overly_permissive_firewall_policy.toml,sha256=qCZPbShuhdKANsOaRAXQt6gP3ex0bgMwjCWzlmYmiV0,4602
nldcsc_elastic_rules/rules/network/discovery_potential_network_sweep_detected.toml,sha256=FpyNDnyW6-Vst3rWC2XbdaPRZMbYrQKth7cGF2t77Hw,6752
nldcsc_elastic_rules/rules/network/discovery_potential_port_scan_detected.toml,sha256=xZNbZ5lWHlpukA5CL3H5WDWUkQP2I9sbuEdEHkJAOfs,7523
nldcsc_elastic_rules/rules/network/discovery_potential_syn_port_scan_detected.toml,sha256=t4LkcTUWOthb1Ja8IouDptcHGPPLj3nt73PWnTqXYGk,6635
nldcsc_elastic_rules/rules/network/initial_access_fortigate_admin_login_multi_srcip.toml,sha256=tmFdEyR1b_hQSdeLQvfAVg17h-KmVq0IajfiuddCOog,5434
nldcsc_elastic_rules/rules/network/initial_access_fortigate_sso_login_from_unusual_source.toml,sha256=AlPHHpyOxU3gnxiuKSWZBAkbQAZ0owOXFLafS8SzRIA,6325
nldcsc_elastic_rules/rules/network/initial_access_newly_observed_fortigate_admin_logon.toml,sha256=wZwXt0UITOj5s2WlH2c7DPtJFuBrFhDibRH0cbRmHTQ,4981
nldcsc_elastic_rules/rules/network/initial_access_potential_cpanel_whm_crlf_authentication_bypass.toml,sha256=Vqr7NPdktpjQFPrc69gr1CDH58E1m338zJFSq7Fqr3Q,12404
nldcsc_elastic_rules/rules/network/initial_access_potential_redis_lua_use_after_free_rce_cve_2025_49844.toml,sha256=o9UAU3JA4P97QS6ORaKHmUOcVHNh7uJNdpqbqoWnKXs,6652
nldcsc_elastic_rules/rules/network/initial_access_react_server_components_rce_attempt.toml,sha256=5Z70AlUVQJJkLqtvCJKCbXUZxTdlO3lYb2Dl1hIbUu4,5131
nldcsc_elastic_rules/rules/network/initial_access_react_server_rce_network_alerts.toml,sha256=lyq06xjzcpSvGI7f4mJNjQ5PgSm5zBaJh9hKwmy3uxI,5017
nldcsc_elastic_rules/rules/network/initial_access_rpc_remote_procedure_call_from_the_internet.toml,sha256=naepGfE5TtVLtXtfCIS0J1wvC-HjG7cupTj9tTRth2U,6331
nldcsc_elastic_rules/rules/network/initial_access_rpc_remote_procedure_call_to_the_internet.toml,sha256=eyBtm9dKqEpjVLtc1peKt_yotppAtXCafkiurI7IYuw,6820
nldcsc_elastic_rules/rules/network/initial_access_smb_windows_file_sharing_activity_to_the_internet.toml,sha256=n0Ivv2ohzrk7uof3Zdn9oGmAB5RWOtnMgGQPJre1-ns,6983
nldcsc_elastic_rules/rules/network/initial_access_unsecure_elasticsearch_node.toml,sha256=rIVKbWx_616f--KgFR6nAYklW3x32SDEYBV595riV8I,6522
nldcsc_elastic_rules/rules/network/lateral_movement_dns_server_overflow.toml,sha256=P2tGwfB1iXveHr9gs9O1mjqSFnpuqXkISmn99Uoyxzw,6327
nldcsc_elastic_rules/rules/network/persistence_fortigate_admin_creation_unusual_source.toml,sha256=cqyLDlC27d-ndfXKYlMucx7FS3CIAORrK7raJtIhOUU,4497
nldcsc_elastic_rules/rules/network/persistence_fortigate_sso_login_followed_by_admin_creation.toml,sha256=lf7O7phwOlv_8mc5eyiU7ZIBTadbAnoPD359mV9_3GI,4916
nldcsc_elastic_rules/rules/network/persistence_fortigate_super_admin_account_creation.toml,sha256=JKBdgZoVaZX1L78OB1TBOx5lhu48SJCD1_eyRbBG__c,4259
nldcsc_elastic_rules/rules/network/persistence_potential_redis_config_set_cron_persistence.toml,sha256=nePQ3fXc9HT2ZyA8cwYIFoCilgeTKElvu_z4qIgwTV0,6450
nldcsc_elastic_rules/rules/network/persistence_potential_redis_config_set_ssh_key_injection.toml,sha256=BmyVEGoR0m07KSorXG-8JUE9BpFaHEHgoHg_92FWcjw,6265
nldcsc_elastic_rules/rules/promotions/credential_access_endgame_cred_dumping_detected.toml,sha256=z6nBuhaCnYaL-UJtn66PpMIIy0PE8gdaN-Fo6371PlM,5472
nldcsc_elastic_rules/rules/promotions/credential_access_endgame_cred_dumping_prevented.toml,sha256=fTMgE5OaSeG1ttIY3vNhZcTX9mqmUh0U1z3n9ZliTZ0,5336
nldcsc_elastic_rules/rules/promotions/crowdstrike_external_alerts.toml,sha256=Fhq7sied6-0CVpFcYL5zGr-X-wpllOFfwJIwCZXdLAY,4625
nldcsc_elastic_rules/rules/promotions/elastic_security_external_alerts.toml,sha256=lBiECEOwduNwMfnsVOWDea5YUNq4Ptj6_BQus8kn1ig,5417
nldcsc_elastic_rules/rules/promotions/endgame_adversary_behavior_detected.toml,sha256=kHUD1yWpJ9M5XWnjJTM-obM9xAP4vrXi5xTrv16EHJU,4943
nldcsc_elastic_rules/rules/promotions/endgame_malware_detected.toml,sha256=qxk6GJYxP4z3A6di71nq5JjKnTzGddjsGIORg52MD-w,4957
nldcsc_elastic_rules/rules/promotions/endgame_malware_prevented.toml,sha256=yxtTGq6NKFsA0ZmIr5UcToQ0GGv_jQ4hDuX8sKDQlNg,5248
nldcsc_elastic_rules/rules/promotions/endgame_ransomware_detected.toml,sha256=jzHzaCMGEFRZHaY-vx-qjEvxWP0HTEu-W3JbUPJV1tk,5038
nldcsc_elastic_rules/rules/promotions/endgame_ransomware_prevented.toml,sha256=NbkC3mYaZo-9BNdCHkIIDou6qtaGjERlIsRVqx1UgHQ,5205
nldcsc_elastic_rules/rules/promotions/execution_endgame_exploit_detected.toml,sha256=-m18h0GJuJAXgPfZiwrRALgnmTJTAWLoWTTH19KXuC4,5359
nldcsc_elastic_rules/rules/promotions/execution_endgame_exploit_prevented.toml,sha256=y47pQHii-N72d_R9ZOuBy5o115elT56nnkCgfSuuV80,5925
nldcsc_elastic_rules/rules/promotions/external_alerts.toml,sha256=ENogaulAUMTAsCPCbT_GghuWhylEyqu4w3f1FmO3V2Q,5437
nldcsc_elastic_rules/rules/promotions/google_secops_external_alerts.toml,sha256=N-RqHMdp-ShOWRbdjRWAlgpRul7D3HwAMBbTw2_NCtE,5408
nldcsc_elastic_rules/rules/promotions/ibm_qradar_external_alerts.toml,sha256=u4T2mk0OrqDZY8OIN4_GrcELnLF3swv7C4qSL_pmejU,4599
nldcsc_elastic_rules/rules/promotions/microsoft_sentinel_external_alerts.toml,sha256=579FABDjrD2Bx-HtjVbt9Xx_FbGxLZ6V8lwExUnbUjE,5192
nldcsc_elastic_rules/rules/promotions/privilege_escalation_endgame_cred_manipulation_detected.toml,sha256=OsC42xvAWZ73ucgomaH2F3Hz-qH2WgRXmhFvZ4UPFkg,5352
nldcsc_elastic_rules/rules/promotions/privilege_escalation_endgame_cred_manipulation_prevented.toml,sha256=L9F0p1bAIyFqqhvhAh6SrVwXO6sStpEj0RQDpDGyOl0,5404
nldcsc_elastic_rules/rules/promotions/privilege_escalation_endgame_permission_theft_detected.toml,sha256=s1pE0yK3616W1TZ6fmC09oKNNxOv61YAz60iej1VlUs,5475
nldcsc_elastic_rules/rules/promotions/privilege_escalation_endgame_permission_theft_prevented.toml,sha256=czsqKGAlh3ZVrjIgnvaKar28U6vz1iQFRS1xCVHpUDE,5726
nldcsc_elastic_rules/rules/promotions/privilege_escalation_endgame_process_injection_detected.toml,sha256=e6RvjlBLkLA_CSeRnPkMUd7d6nWs6gEVIP3kckyXNBo,5922
nldcsc_elastic_rules/rules/promotions/privilege_escalation_endgame_process_injection_prevented.toml,sha256=g2LXoq92JyjLDT6xuq3EVmdnmOwezNba2mdaLGQTArM,5447
nldcsc_elastic_rules/rules/promotions/sentinelone_alert_external_alerts.toml,sha256=ub8zDEBUmVyUF-DwD2Z0WH4hNjZ4-03lLfPSnzwIJzc,5420
nldcsc_elastic_rules/rules/promotions/sentinelone_threat_external_alerts.toml,sha256=ceyGbQk6Pny24PcURQfR5l-LPMP7CYIP5B5-rcw5vFI,5345
nldcsc_elastic_rules/rules/promotions/splunk_external_alerts.toml,sha256=FTrly6HfH8b2f0Ev3pzEr94aADkPL2aogz9B13BQj-U,5217
nldcsc_elastic_rules/rules/threat_intel/threat_intel_indicator_match_address.toml,sha256=sABfe4Vd_YB_dN7k0TwfcEFz7ForztJQfsK24dBdXPU,9398
nldcsc_elastic_rules/rules/threat_intel/threat_intel_indicator_match_email.toml,sha256=cuh4R_J-fUder7rRHeCDAckV5mC3Tjcw52o0WyyWAko,8113
nldcsc_elastic_rules/rules/threat_intel/threat_intel_indicator_match_hash.toml,sha256=FSffKHLWay2Jyy5_EVHjg33cbS4iVct4BPH9otI20co,10081
nldcsc_elastic_rules/rules/threat_intel/threat_intel_indicator_match_registry.toml,sha256=-8NPSRm082kvQpB-gFdnthoCa_1-5eODRRSlnZbfyCY,8355
nldcsc_elastic_rules/rules/threat_intel/threat_intel_indicator_match_url.toml,sha256=JOmYkXME8BgYPNjCLRJA1mCi-gYEuu9yAemfKHyXWBU,9291
nldcsc_elastic_rules/rules/threat_intel/threat_intel_rapid7_threat_command.toml,sha256=CG1NG4QEb28hBxQIeBqdugJO2bQWs0Xd14mg4uLF81s,4454
nldcsc_elastic_rules/rules/windows/collection_email_outlook_mailbox_via_com.toml,sha256=KNbB-x95Y81554YlMpU3aZuPnRndKI-AiQvxdL97ri0,7289
nldcsc_elastic_rules/rules/windows/collection_email_powershell_exchange_mailbox.toml,sha256=08w3wNiiJIsV90VCiQKjWSleo7jUE7_lINsjKtVIKDo,7606
nldcsc_elastic_rules/rules/windows/collection_mailbox_export_winlog.toml,sha256=GwAUI4zC5io2SqfRwC0nE7j_t-9eyIdf8sclWxwu1ZE,11166
nldcsc_elastic_rules/rules/windows/collection_posh_audio_capture.toml,sha256=xDV_uvryl5N_snMCvnmJp2jg4xKgXlwyfGWB6-HABiw,12002
nldcsc_elastic_rules/rules/windows/collection_posh_clipboard_capture.toml,sha256=kbZmJmKwcMQaHRac7_hav_WSlG-ctH1KbcGgcowVcQI,10651
nldcsc_elastic_rules/rules/windows/collection_posh_keylogger.toml,sha256=Ya3BjK-uDU9JM7ZAsLJGdFDQiSXh_pgTBh-aqe6OUsg,13096
nldcsc_elastic_rules/rules/windows/collection_posh_mailbox.toml,sha256=vENDLH3XAX71HbtTLj82gpxi9u3jmFdFsE2tl87Km6o,10744
nldcsc_elastic_rules/rules/windows/collection_posh_screen_grabber.toml,sha256=oIxSyTOh2hEL3IZZuOqkz-ZEgqSafkmzLQh8qG_8H-k,11911
nldcsc_elastic_rules/rules/windows/collection_posh_webcam_video_capture.toml,sha256=x-i9ZYYwUZSOyuC-j0dEs76Kdzt5ZpN-Zk_tri1XHKU,9368
nldcsc_elastic_rules/rules/windows/collection_winrar_encryption.toml,sha256=nxRwFQymTGTnCfhueS2OUUNe8xaT46bBYDrWKoV3YQo,6764
nldcsc_elastic_rules/rules/windows/command_and_control_certreq_postdata.toml,sha256=fwJu0bdBBokhchp9M3yO6D_4o_61QaaufX3W3l9YIXY,9029
nldcsc_elastic_rules/rules/windows/command_and_control_common_webservices.toml,sha256=ZXvApwfjPzZmprC-JX78JggW7a3-KBkWWUUrnFGL-HA,17822
nldcsc_elastic_rules/rules/windows/command_and_control_dns_rmm_domains_non_browser.toml,sha256=gHiYW5fcf9hrSdNaPhXGaV1FdVUWyusUCkUO5VHCL3s,7135
nldcsc_elastic_rules/rules/windows/command_and_control_dns_susp_tld.toml,sha256=Ov1lo1LkVTX2IrbpA_1ME1uIgC495RIJzaWeNhmv3qE,13769
nldcsc_elastic_rules/rules/windows/command_and_control_dns_tunneling_nslookup.toml,sha256=_oZYFFZWn7RavHLEk3zfI7_ACEbItfa0HpgpkewLXxQ,5556
nldcsc_elastic_rules/rules/windows/command_and_control_encrypted_channel_freesslcert.toml,sha256=Zybz_gK-5K_k5egAB-9jnzDWyrePPz8XQZw6EPcpxJ8,6331
nldcsc_elastic_rules/rules/windows/command_and_control_headless_browser.toml,sha256=yvLZiWtx6csFouEbJvFkL9_ytZOBzxyAR8u-kMK7Wls,12474
nldcsc_elastic_rules/rules/windows/command_and_control_iexplore_via_com.toml,sha256=5YZQwDv9JGYVxuzRGdz8kNzrDIkZ_ZYNMqDFoIK-p8o,8055
nldcsc_elastic_rules/rules/windows/command_and_control_ingress_transfer_bits.toml,sha256=rwogFlG5zMsbzmfwJi9I84BOd3Iqpz0HCFMRIwqyFNY,9343
nldcsc_elastic_rules/rules/windows/command_and_control_multiple_rmm_vendors_same_host.toml,sha256=OyUp85GghEWDBEtTLn1ADbvfOWTbdNUJ6MvRomI12sI,10620
nldcsc_elastic_rules/rules/windows/command_and_control_new_terms_commonly_abused_rmm.toml,sha256=yXr2IohlLj2_6GF2BEYSP0juZ66j8b4VUSeznXhM_z8,19772
nldcsc_elastic_rules/rules/windows/command_and_control_newly_observed_screenconnect_host_server.toml,sha256=KA9QQEUge2-Wsdc_g4JHdVqNMKRwD_DbEcz7qRWtPJ8,12268
nldcsc_elastic_rules/rules/windows/command_and_control_outlook_home_page.toml,sha256=ie9C1J4AY5nxxGrHwZSPfpPT4dl5uIC9riusCBiKusU,12563
nldcsc_elastic_rules/rules/windows/command_and_control_port_forwarding_added_registry.toml,sha256=xW7UwgPB2jYeUEgvPpS2M9ZLU4ev56bLy2-AEBzdstM,6397
nldcsc_elastic_rules/rules/windows/command_and_control_quick_assist_fullcontrol_sharing.toml,sha256=My8sbcU_7ouC2IvOP_3-IO-yOLs7J0vWRnn8-JZxoCY,5155
nldcsc_elastic_rules/rules/windows/command_and_control_rdp_tunnel_plink.toml,sha256=tCVq5v9pNYmc_J0GiQSK3EUlQyfJ1ItqGfJ6RZsFnTI,12198
nldcsc_elastic_rules/rules/windows/command_and_control_remcos_rat_iocs.toml,sha256=AZIuYx-fyWB1dATIBI_jAr_yJ9zc1vUna9aie3Hpl_M,11136
nldcsc_elastic_rules/rules/windows/command_and_control_remote_file_copy_desktopimgdownldr.toml,sha256=-Kod5yf5IcJRHjEz8lJ4G9GcPbwXkRCTGPId4eoPm60,9798
nldcsc_elastic_rules/rules/windows/command_and_control_remote_file_copy_mpcmdrun.toml,sha256=4DnFG6CyGWaAYaMclUVRaU-CWXmpAMxQnKQyHZH_WLg,9705
nldcsc_elastic_rules/rules/windows/command_and_control_remote_file_copy_powershell.toml,sha256=mix1Ua9jbafKK05EEUttLE0Qu3rtPcqR8Z5_89KocO4,10263
nldcsc_elastic_rules/rules/windows/command_and_control_remote_file_copy_scripts.toml,sha256=MoWj-cWEbFyFEN9RJ_8zpxBOfNQAlBSv_nEo8PQI8_w,7971
nldcsc_elastic_rules/rules/windows/command_and_control_rmm_after_msi_install.toml,sha256=2zTjufoeaQ2Ebw-COZr-yWM1Lbb9gcBkO46pXnyNJlQ,4388
nldcsc_elastic_rules/rules/windows/command_and_control_rmm_netsupport_susp_path.toml,sha256=i9MrLsVrTGlQHMq0XmtKo8jDQTPiUj0dGnBEObcDN24,12187
nldcsc_elastic_rules/rules/windows/command_and_control_screenconnect_childproc.toml,sha256=vrgDRX-od8ffFI7hWytUiLeptDqibxuOFCOxUSGGAfk,10553
nldcsc_elastic_rules/rules/windows/command_and_control_sunburst_c2_activity_detected.toml,sha256=zX6nrjA7Zno1-_ECHEo8prLqBuuXeuZcIgxnfVViGsY,8285
nldcsc_elastic_rules/rules/windows/command_and_control_teamviewer_remote_file_copy.toml,sha256=B0FySvI9_XfLHDIyGmoRrbRSfWZJ4ka8Zmi-jp2quXw,7958
nldcsc_elastic_rules/rules/windows/command_and_control_tool_transfer_via_curl.toml,sha256=jJp013jpBJ4l7rXXBrX8mT_gZMYG3Hee7kGXh0Q8UoY,6646
nldcsc_elastic_rules/rules/windows/command_and_control_tunnel_cloudflared.toml,sha256=VYeTOhRHzYojCVS4ellBcLfZlLMy7Y_iYTJw9CrF4rI,4813
nldcsc_elastic_rules/rules/windows/command_and_control_tunnel_vscode.toml,sha256=5K5JBf6PACS0x7tUMR_0EEjXhvszNpomGzx1MbLHEN4,7282
nldcsc_elastic_rules/rules/windows/command_and_control_tunnel_yuze.toml,sha256=Oeze7Zo9-9i_awGd2XdmpSljYItcXAkMrguXtxsQXw8,5027
nldcsc_elastic_rules/rules/windows/command_and_control_velociraptor_shell_execution.toml,sha256=ZzhXTgZvaGh5bBgs0y4EKVYorHddxdD73GM9tEXtdyg,6985
nldcsc_elastic_rules/rules/windows/credential_access_adidns_wildcard.toml,sha256=h8Sazu2Bvo-g4CG2disN3KRGiDDrb_txCWkBE66oqxE,12685
nldcsc_elastic_rules/rules/windows/credential_access_adidns_wpad_record.toml,sha256=pk_dlog2aQ2OifQidBFlVVwu0Wktkk3vVadRcDlhEMY,5721
nldcsc_elastic_rules/rules/windows/credential_access_browsers_unusual_parent.toml,sha256=39ZqsvaX-9x7uopx2qTI0QjAeK7gp9rx_PxbgfQ7Rls,16207
nldcsc_elastic_rules/rules/windows/credential_access_bruteforce_admin_account.toml,sha256=EH-z9g23qZu5WFZ3k0_LdPq39IOiEYRx8PfQmnWSBiE,8441
nldcsc_elastic_rules/rules/windows/credential_access_bruteforce_multiple_logon_failure_followed_by_success.toml,sha256=QNMAzyBZRk2TXTXe6IWRfXxk9HooNjp85-PmJ84vDGg,7687
nldcsc_elastic_rules/rules/windows/credential_access_bruteforce_multiple_logon_failure_same_srcip.toml,sha256=OVGdqpZpf9Un6aWc4AVrq4mlxWq6aIvR3fajrQT8NW0,9134
nldcsc_elastic_rules/rules/windows/credential_access_cmdline_dump_tool.toml,sha256=1kT4jzwEKWUu-er1En_tWauBJwgNinc-8AYtGN7hk60,16195
nldcsc_elastic_rules/rules/windows/credential_access_copy_ntds_sam_volshadowcp_cmdline.toml,sha256=UqhdNgGrvvwlZ-82MHkKkYlfIrtvOYdhcbtVPsVSTPg,15640
nldcsc_elastic_rules/rules/windows/credential_access_credential_dumping_msbuild.toml,sha256=_VoAPHlrripcoYK6LcIx_M91urlw0S_oT3NubW2SSAw,14850
nldcsc_elastic_rules/rules/windows/credential_access_dcsync_newterm_subjectuser.toml,sha256=eGdDadLSKfH7Ix_9MQNj5y89hJp31FqtkUAmjIkRAJE,17282
nldcsc_elastic_rules/rules/windows/credential_access_dcsync_replication_rights.toml,sha256=KRiTUSjGRUcyRvCpSfaDwgBLCsfZ0ZkfHxdNc5H_tUM,8519
nldcsc_elastic_rules/rules/windows/credential_access_dcsync_user_backdoor.toml,sha256=bMi9gOr8jw6kENinSD_q-RJcj1VmQ3eH0OPcwlB2c3Q,6857
nldcsc_elastic_rules/rules/windows/credential_access_disable_kerberos_preauth.toml,sha256=KgqgoynZAzaJNi4DA2o1M-NTCx2j7Cf3hUd-wVKaHCI,5997
nldcsc_elastic_rules/rules/windows/credential_access_dnsnode_creation.toml,sha256=QeeIhP7e58D4DjRUQ7uRaq04nqIRXaMnMrbsPKh5ycY,6414
nldcsc_elastic_rules/rules/windows/credential_access_dollar_account_relay.toml,sha256=XYXjHN32zPn4GwkgOCoE5rqrRvGTG-Cb6ZY3YEta3Ig,6910
nldcsc_elastic_rules/rules/windows/credential_access_dollar_account_relay_kerberos.toml,sha256=UkiDlWsmYxuw_LuVM27uRvyVd-rPuSb4fmWyS12XvMY,16196
nldcsc_elastic_rules/rules/windows/credential_access_dollar_account_relay_ntlm.toml,sha256=89OZQ72SlI3AXMIJdwo08oGF8BFjhzitRQi4J6yYKHc,15400
nldcsc_elastic_rules/rules/windows/credential_access_domain_backup_dpapi_private_keys.toml,sha256=MxndO075Pzx-TNAv4gYV5QYthaZMT2R4SX49BNeVc4w,15024
nldcsc_elastic_rules/rules/windows/credential_access_dump_registry_hives.toml,sha256=LqMBeyT5wL4LAyi9dqXgOFQcS7GkjSYuxtTxwWxz-qY,15157
nldcsc_elastic_rules/rules/windows/credential_access_generic_localdumps.toml,sha256=nERz1qjOCmJ5Vtafwo3OObXYYLw4yiPdCF47wTxM7-g,7792
nldcsc_elastic_rules/rules/windows/credential_access_iis_apppoolsa_pwd_appcmd.toml,sha256=f-gBxqqcdatLReKSPJQug5BMqpprferwt95bOmneIBE,6315
nldcsc_elastic_rules/rules/windows/credential_access_iis_connectionstrings_dumping.toml,sha256=z-m63YlKSb0Z0xFG4mGYm3K4PvLap7edTjmBXZ2R82A,16426
nldcsc_elastic_rules/rules/windows/credential_access_imageload_azureadconnectauthsvc.toml,sha256=RuBUFAcz58KSl54s-XG8fbXWn7Q5CsguJBfSwSah5TA,12813
nldcsc_elastic_rules/rules/windows/credential_access_kerberoasting_unusual_process.toml,sha256=q5j_r-ZYc3o0rKlBE0y2ZacFpWL6gZuqccQeyBM0zLY,11026
nldcsc_elastic_rules/rules/windows/credential_access_kerberos_coerce.toml,sha256=8i19ICsz2ClXLZDSCMC8nc4I60tcAgRTRf3Bvk89aq0,14006
nldcsc_elastic_rules/rules/windows/credential_access_kerberos_coerce_dns.toml,sha256=fljEPgYm9KnpGf29F9-7ZGSZrw4HH5-RVBdmzBKVEnc,13326
nldcsc_elastic_rules/rules/windows/credential_access_kirbi_file.toml,sha256=_MvA1ZIs4ozcE-8tErnlUk7WgXdfhO9gqOrE-UKiLv0,14326
nldcsc_elastic_rules/rules/windows/credential_access_ldap_attributes.toml,sha256=UdUGnD_nQedaESxTsqSVB37i73yyb18wdKyfQc4TZEE,7870
nldcsc_elastic_rules/rules/windows/credential_access_lsass_handle_via_malseclogon.toml,sha256=PKPH6Z9rG9_yRgn1zgs4bnU-54CwVxkPAPAiI3-zwbg,14597
nldcsc_elastic_rules/rules/windows/credential_access_lsass_loaded_susp_dll.toml,sha256=clMrvv9R7LO5rKTSu1cbKIMkaP6TCQ5hAsT04_bG0kY,10210
nldcsc_elastic_rules/rules/windows/credential_access_lsass_memdump_file_created.toml,sha256=kBzlKxAAJsl4lTLjvTwmeiqwZ5tCDbF3IA2mSiBp0tE,14111
nldcsc_elastic_rules/rules/windows/credential_access_lsass_memdump_handle_access.toml,sha256=UqDLp8oRj2gzkhoL8oL0tK9fk2gnbBkV78u5Un0cJGo,9776
nldcsc_elastic_rules/rules/windows/credential_access_lsass_openprocess_api.toml,sha256=4tm6Aj7Mw8RFAF94K3tIG9XZZONeoQGPcnsuhqj-exI,10771
nldcsc_elastic_rules/rules/windows/credential_access_machine_account_smb_relay.toml,sha256=l1k_fgyXoHVWs83iYWcXExYD5IW39wcOkeKYMhEgYP0,12533
nldcsc_elastic_rules/rules/windows/credential_access_mimikatz_memssp_default_logs.toml,sha256=4OZlv0W6gcndiQbO5s6UcZMEIUrCYgILXuaKXD-AArk,13211
nldcsc_elastic_rules/rules/windows/credential_access_mimikatz_powershell_module.toml,sha256=BhMFEq8hVk3riqew9i_NQkJ9i63nwkGypq2e40C3_dg,17488
nldcsc_elastic_rules/rules/windows/credential_access_mod_wdigest_security_provider.toml,sha256=jtAft3d8y5e4TnkN0KfCSGZtVa-L2TPUYAZYVWE8fqI,12824
nldcsc_elastic_rules/rules/windows/credential_access_moving_registry_hive_via_smb.toml,sha256=oc4QgbLtOWDPgc-SQW-vlJqkYqWBOv5RuntGhXssbU4,5635
nldcsc_elastic_rules/rules/windows/credential_access_persistence_network_logon_provider_modification.toml,sha256=ONX4zLh3t6yH-ZNsGpnjsZqoSGWSYq133d8ePU2OhmM,9653
nldcsc_elastic_rules/rules/windows/credential_access_posh_invoke_ninjacopy.toml,sha256=wM8S70LgknxKednRHyqWyuk5MGxpuuqcB06UdNoaoEw,13496
nldcsc_elastic_rules/rules/windows/credential_access_posh_kerb_ticket_dump.toml,sha256=Wb1evsjypBo1aDztOsX1o4BjjZXedzZEHgPmc8ufGbU,14580
nldcsc_elastic_rules/rules/windows/credential_access_posh_minidump.toml,sha256=6NTFH3wkRChnqDULGxVtTtfKtx90B05OuzTeA4bF6_M,13419
nldcsc_elastic_rules/rules/windows/credential_access_posh_relay_tools.toml,sha256=fRj92-G_amTk2Yq3QYmy_Dv3Z_wCiL1813ffx183jOc,14894
nldcsc_elastic_rules/rules/windows/credential_access_posh_request_ticket.toml,sha256=5RqF_TXRacW4ZmpJ6xEoDlTCfYMpt1EqYicgYCcaD0w,13543
nldcsc_elastic_rules/rules/windows/credential_access_posh_veeam_sql.toml,sha256=0dBx8opJHCxnfkBOagNAHnrSWZUzEAjsD1FvN594WTo,11685
nldcsc_elastic_rules/rules/windows/credential_access_potential_lsa_memdump_via_mirrordump.toml,sha256=Z3EwZr-W_mkxKQ7F95UPMh5XqB7godK8Aii_s8Td924,5786
nldcsc_elastic_rules/rules/windows/credential_access_rare_webdav_destination.toml,sha256=wxRBOu_U9XSp3nU3woyXi3rSdSY5KhXiL-8U4GtE3vE,5541
nldcsc_elastic_rules/rules/windows/credential_access_regback_sam_security_hives.toml,sha256=2eSPEpgj3uMVgepuUNqaopG4tLy5feWJuW-ex780POI,13234
nldcsc_elastic_rules/rules/windows/credential_access_relay_ntlm_auth_via_http_spoolss.toml,sha256=D2en8JU9VaRzy0t_yL9t-bEmNdW3zOX_JO-lwk9W85o,15045
nldcsc_elastic_rules/rules/windows/credential_access_remote_sam_secretsdump.toml,sha256=PJK13ayo9zzgLbcZLSqy9FQdp-j7mU6QyViGJCJAnCU,12995
nldcsc_elastic_rules/rules/windows/credential_access_saved_creds_vault_winlog.toml,sha256=b9jBSv-NxFU_eOADIOEk122YzKGZC-cQ34C3tqAK1zs,6488
nldcsc_elastic_rules/rules/windows/credential_access_saved_creds_vaultcmd.toml,sha256=DlVPbZ4VATrvlM5sFuRUVPdpq_9XRcB_8R28o-swwto,7252
nldcsc_elastic_rules/rules/windows/credential_access_seenabledelegationprivilege_assigned_to_user.toml,sha256=5VMIw8Yomy8NdIZZhNheQeebqo0hTr1L-cDjgRdak54,16541
nldcsc_elastic_rules/rules/windows/credential_access_shadow_credentials.toml,sha256=NiXPh0dCQOLHuRaaZC8a-VrbiI1ON9jvD4E15cKlEtc,12155
nldcsc_elastic_rules/rules/windows/credential_access_spn_attribute_modified.toml,sha256=k8sJ5WTE8DzJ5dn25wRk8nHOrtA1RgvqokOc-EQMiMk,5978
nldcsc_elastic_rules/rules/windows/credential_access_suspicious_comsvcs_imageload.toml,sha256=xjYg7z05dTb5B2TWVBJzbrHFjSzAOWOzd5oq8YKELc0,11272
nldcsc_elastic_rules/rules/windows/credential_access_suspicious_lsass_access_generic.toml,sha256=qIRaUL52x0F6zHXcc6Ba0pYZh5PNpv4IhZobCC4nsR8,7420
nldcsc_elastic_rules/rules/windows/credential_access_suspicious_lsass_access_memdump.toml,sha256=AdUaGT4UXjO5_qNvSGg7TAwiZ_In08N43sIHEd7giIg,14181
nldcsc_elastic_rules/rules/windows/credential_access_suspicious_lsass_access_via_snapshot.toml,sha256=ypVkQHSayJ-0Es75c6gtLLLhJwLPzTxvwjhRSCiFebs,11532
nldcsc_elastic_rules/rules/windows/credential_access_suspicious_winreg_access_via_sebackup_priv.toml,sha256=bnBym0bIWy3eWqxD6vtt2XP_ShmhWp3BS250dDvsFh0,5518
nldcsc_elastic_rules/rules/windows/credential_access_symbolic_link_to_shadow_copy_created.toml,sha256=vwL0sRnuCCgkiacf4HqWpAyMcYIuYubtUIMPvcQAJt0,6834
nldcsc_elastic_rules/rules/windows/credential_access_veeam_backup_dll_imageload.toml,sha256=vWTv2e4Zh8U_sId1Zq1MIC9ODzPqUYBMTho2unvCjN4,7090
nldcsc_elastic_rules/rules/windows/credential_access_veeam_commands.toml,sha256=nr7E1Lj0CUJwXerErWcl3Aej6bgc_GGodvAdDw3YyqE,7819
nldcsc_elastic_rules/rules/windows/credential_access_via_snapshot_lsass_clone_creation.toml,sha256=5dQ4NVJm8Kd-5zK3667ee5PFl5awrWu1JD3ZqGeBIu8,10493
nldcsc_elastic_rules/rules/windows/credential_access_wbadmin_ntds.toml,sha256=0zUPi0dhi1WcpK5vYdm1FvhaUVwtVKhCKNu-slb65OQ,7141
nldcsc_elastic_rules/rules/windows/credential_access_web_config_file_access.toml,sha256=F8iKKneK-MMClQomif8rjGOQO39zqh8wIrQt9iz9NPA,12585
nldcsc_elastic_rules/rules/windows/credential_access_wireless_creds_dumping.toml,sha256=ZJjEW_SW0NUurhElhJzKerTt_Hl4TI7Ub0SCOFBG2Ic,12232
nldcsc_elastic_rules/rules/windows/defense_evasion_adding_the_hidden_file_attribute_with_via_attribexe.toml,sha256=dJ9TuJ8pKhp6zygm1zS4AjkJLDxeSjci1pcsJXrM6fo,8686
nldcsc_elastic_rules/rules/windows/defense_evasion_amsi_bypass_dllhijack.toml,sha256=-rfD4YBMw1cfJle4PB6kunP1xmgbZl8asqM3RDNp9Fg,14186
nldcsc_elastic_rules/rules/windows/defense_evasion_amsi_bypass_powershell.toml,sha256=bCImqyHCGQ4KCAAq1hpNdi9aVxS8darrzFNeVlvip8M,12836
nldcsc_elastic_rules/rules/windows/defense_evasion_amsi_bypass_rpc_ndrclientcall.toml,sha256=NdCNDWW5qpUBSVP5Es5sleAqzS1Mx0Wxq9JyWrgNBIw,6175
nldcsc_elastic_rules/rules/windows/defense_evasion_amsienable_key_mod.toml,sha256=-avcMcnHCdTLWqIx4PlszAMBzD2lECbVRzvlC04k6HQ,12762
nldcsc_elastic_rules/rules/windows/defense_evasion_audit_policy_disabled_winlog.toml,sha256=4Fvx9k0tEHfaRVjaecaht7eA9EbSQPGTr6FwWF7sKFk,5593
nldcsc_elastic_rules/rules/windows/defense_evasion_clearing_windows_console_history.toml,sha256=BhBKLCqcXqLMUIz9VzKJDj4A4BgNqfgBk-_kIBUeXBQ,6447
nldcsc_elastic_rules/rules/windows/defense_evasion_clearing_windows_event_logs.toml,sha256=k7uwb8g__t2tR6wz0WMlhDaMBq0DLN4Fu4omUNnL5Ls,6202
nldcsc_elastic_rules/rules/windows/defense_evasion_clearing_windows_security_logs.toml,sha256=3WRHFXeuDvxPHk4GbjCMJ-vv8eyXq7jPi-0GNqmobW8,3850
nldcsc_elastic_rules/rules/windows/defense_evasion_code_signing_policy_modification_builtin_tools.toml,sha256=iRt2x9oDElkxg67xVqivI0FjXT3i36rK0r_8aY5XE8E,7806
nldcsc_elastic_rules/rules/windows/defense_evasion_code_signing_policy_modification_registry.toml,sha256=T8Kih-8dO5gr6legQrfom0adHQ1kkbIto6154EYYnVg,7941
nldcsc_elastic_rules/rules/windows/defense_evasion_communication_apps_suspicious_child_process.toml,sha256=eopSBGPjAySJQ-uxifOZyzARu7GQLEXF-MNQGlJXTUw,12550
nldcsc_elastic_rules/rules/windows/defense_evasion_create_mod_root_certificate.toml,sha256=Y92TViJLt37My1geKXDiUH9fipBe1N64QsisBB8I2Ns,10273
nldcsc_elastic_rules/rules/windows/defense_evasion_cve_2020_0601.toml,sha256=99o5QcoF9MLNQkS6xUrPF0ggt7L3H1qalz5zm8DobCw,5453
nldcsc_elastic_rules/rules/windows/defense_evasion_defender_disabled_via_registry.toml,sha256=v72K6hThukM8rZ-0gnp5oWDRzQGABCgQtGqUX2ebcQ8,6084
nldcsc_elastic_rules/rules/windows/defense_evasion_defender_exclusion_via_powershell.toml,sha256=rpw5ld0TAKn3itAguFKo1mIPiFVa8ph_P7BhLCyXXN4,7682
nldcsc_elastic_rules/rules/windows/defense_evasion_delete_volume_usn_journal_with_fsutil.toml,sha256=jz6rOCwg-Pe9VoYAJqES3HhreBunMYYHB9OZcnZzMp4,5596
nldcsc_elastic_rules/rules/windows/defense_evasion_disable_nla.toml,sha256=CLkJjCbVNY-NJR73Be-VVv15-xF-FRW-_xmMsjOodRw,7911
nldcsc_elastic_rules/rules/windows/defense_evasion_disable_posh_scriptblocklogging.toml,sha256=CNUgSgvA7JWs1INDLBjaI55Kt6zcsDffbias7eCeh5s,10731
nldcsc_elastic_rules/rules/windows/defense_evasion_disable_windows_firewall_rules_with_netsh.toml,sha256=5OvuZpf14NMn-sKRSkjGMgQN4fqgrgG-Agx3bg6JdD4,4872
nldcsc_elastic_rules/rules/windows/defense_evasion_disabling_windows_defender_powershell.toml,sha256=kUjc2uFKp54ksGgPm10hnbEwYgLjOruo3NhHbpFdVhk,9313
nldcsc_elastic_rules/rules/windows/defense_evasion_disabling_windows_logs.toml,sha256=mmPik56a9Gnl5nlx3V-ELkSUxYSLUsQip5d3mxg5Z0g,6272
nldcsc_elastic_rules/rules/windows/defense_evasion_dns_over_https_enabled.toml,sha256=UgTQUmkSBQTTQ7uSOJ32VFo01rOVN75yRPi7BASy9pI,6842
nldcsc_elastic_rules/rules/windows/defense_evasion_dotnet_compiler_parent_process.toml,sha256=2mN0YH0LEEGBBdIiRp5hhTFMw6jlT83JY-Y4xZ8OXQs,8755
nldcsc_elastic_rules/rules/windows/defense_evasion_enable_inbound_rdp_with_netsh.toml,sha256=yrHO4O7uOBNaCJgdXSeYlYA-zNzB2uMwcTL75P61uD0,5801
nldcsc_elastic_rules/rules/windows/defense_evasion_enable_network_discovery_with_netsh.toml,sha256=c46IcpQ2N6ARj3mQeATS0iGIBbgq-2a3B4ITrR3GsD0,5361
nldcsc_elastic_rules/rules/windows/defense_evasion_execution_control_panel_suspicious_args.toml,sha256=SSYXE115Qr_Y3dWX6b1Khly_GkandI24ZXIZMEGcrp4,14089
nldcsc_elastic_rules/rules/windows/defense_evasion_execution_lolbas_wuauclt.toml,sha256=OOo-RN-To8k9nTbXK4IY1FLrZ5pXyiEsiujFgAq8Ti0,8764
nldcsc_elastic_rules/rules/windows/defense_evasion_execution_msbuild_started_by_office_app.toml,sha256=P14Zg2KKG_ef-Jykuj3rKE3eNQZmeR1fUACyZvwxxIY,13356
nldcsc_elastic_rules/rules/windows/defense_evasion_execution_msbuild_started_by_script.toml,sha256=qix_BoyrSxRBz4RYuZpUP96wv12JPSfLL4aXpZFpNZM,8751
nldcsc_elastic_rules/rules/windows/defense_evasion_execution_msbuild_started_by_system_process.toml,sha256=Kp5Y21ahDEA5AAETaeM0OcDpLV7rYNRQN7fTua_1LrQ,7082
nldcsc_elastic_rules/rules/windows/defense_evasion_execution_msbuild_started_renamed.toml,sha256=73SIsqEVf-O_c2Yr9AVJ3I6vo0biS8ZhMA6H_Rcljnw,7932
nldcsc_elastic_rules/rules/windows/defense_evasion_execution_msbuild_started_unusal_process.toml,sha256=LhdY0Ql213XXFmG772NnskX9Qli3RuOXMVvZreEzegw,7500
nldcsc_elastic_rules/rules/windows/defense_evasion_execution_suspicious_explorer_winword.toml,sha256=kmUFN75bP45XrqNUew3oXwDMqLcSpW--u8nBar4qKcA,9164
nldcsc_elastic_rules/rules/windows/defense_evasion_execution_windefend_unusual_path.toml,sha256=kmOEhAtz02QTrFFljBaLdzQmfADANiLc13UcW7L0Lag,15245
nldcsc_elastic_rules/rules/windows/defense_evasion_file_creation_mult_extension.toml,sha256=LomELdW-35aeLOqjks9YafCnxlk6KYg45jjGpkkzRtQ,7771
nldcsc_elastic_rules/rules/windows/defense_evasion_from_unusual_directory.toml,sha256=83126QOKCnF40J5ftaUF4_6VJkRpKA_MAeprtLi2Az4,11072
nldcsc_elastic_rules/rules/windows/defense_evasion_hide_encoded_executable_registry.toml,sha256=GB6H4uXOQVTeqpiVYLE0Zx2ghCQJnSFErZafHjo7gf0,6671
nldcsc_elastic_rules/rules/windows/defense_evasion_iis_httplogging_disabled.toml,sha256=_nzgkTCZmN2bdMSXLZrrXXjR33RcqFSoo3QSYsuimBA,11168
nldcsc_elastic_rules/rules/windows/defense_evasion_indirect_exec_conhost.toml,sha256=oRxGpt4B2FMs1zfRGVF_sRlICtyTlHDMg9z1B2Df16U,14289
nldcsc_elastic_rules/rules/windows/defense_evasion_indirect_exec_forfiles.toml,sha256=b5PY-nEfYd3s3i5AxdwXVvRqd1AMSuOJO28uNcfJYZ4,4578
nldcsc_elastic_rules/rules/windows/defense_evasion_indirect_exec_openssh.toml,sha256=SwzrOt-X8onpVJJqcStCp22jbfxPVXh5qKW37xSXHp4,15257
nldcsc_elastic_rules/rules/windows/defense_evasion_injection_msbuild.toml,sha256=e4337dauaOngqSMozyyUth6Z0KfFzCt8X9Qyv6AiWFw,6506
nldcsc_elastic_rules/rules/windows/defense_evasion_installutil_beacon.toml,sha256=q3Ry-35jp7ZrKb6rQ23QkRhfOtKpZZT6LBOl-wzbU6g,6600
nldcsc_elastic_rules/rules/windows/defense_evasion_lolbas_win_cdb_utility.toml,sha256=wHJ7tEHkSUND4ggh6NXIPoaWki0fJNyt635Rt-sAtWw,7037
nldcsc_elastic_rules/rules/windows/defense_evasion_lsass_ppl_disabled_registry.toml,sha256=yop9Y4aGPYjsR1S9VUnTotSlQKKAVcg8HtTYLay3mXk,13718
nldcsc_elastic_rules/rules/windows/defense_evasion_masquerading_as_elastic_endpoint_process.toml,sha256=b0h-3ejEyDYr9SHbmGPjT0IqAHrMCfE7QyWAtM4SImo,8248
nldcsc_elastic_rules/rules/windows/defense_evasion_masquerading_as_svchost.toml,sha256=jD1t_zxrjqlWdoi3PtJP8k6yunR6wl4xS0zBnuYPnAs,11253
nldcsc_elastic_rules/rules/windows/defense_evasion_masquerading_business_apps_installer.toml,sha256=fX9lVlXmx1TtNEr6ezCWlpooLLj2IVXdavbFSycWLRw,12164
nldcsc_elastic_rules/rules/windows/defense_evasion_masquerading_communication_apps.toml,sha256=B81piCXS-o8aBXcBq1hkn_sDkFTaXJ5E8JP7j6I4mgk,9268
nldcsc_elastic_rules/rules/windows/defense_evasion_masquerading_renamed_autoit.toml,sha256=-MrWsVyfqoJ0SuombqqBs-Au4c9sLDaBfCOHv6jwWx0,13321
nldcsc_elastic_rules/rules/windows/defense_evasion_masquerading_suspicious_werfault_childproc.toml,sha256=KhmutFpOXJUIlceFbWeNpx6LDKK__dBMen5TSdITErA,8050
nldcsc_elastic_rules/rules/windows/defense_evasion_masquerading_trusted_directory.toml,sha256=p6S3XinjHEDiIlfhTIkMXByn7qar5feSnkczlUn3E6E,7755
nldcsc_elastic_rules/rules/windows/defense_evasion_masquerading_werfault.toml,sha256=yQRxfYTabnCrMz9nTLjomJQeiOYJSGQQixlBcou4LYc,8177
nldcsc_elastic_rules/rules/windows/defense_evasion_masquerading_windows_dll.toml,sha256=OZkdGsFrhBVD_xZx2yUinKNi5cjMTNyPtZoNgz1bmNo,53674
nldcsc_elastic_rules/rules/windows/defense_evasion_microsoft_defender_tampering.toml,sha256=3Ny1gLFWr175Lf9eflaPVjLrCQkt8Ba2IY5ZVL5Q_AU,9175
nldcsc_elastic_rules/rules/windows/defense_evasion_misc_lolbin_connecting_to_the_internet.toml,sha256=yusyaH27e-KYjxBe0kXdaFRESedIyYMedGPZye73V3E,8593
nldcsc_elastic_rules/rules/windows/defense_evasion_modify_ownership_os_files.toml,sha256=rGC49LuuqCiDmQ1cwu5vGr1Xod7gFesvT2U-vLiIGOs,5330
nldcsc_elastic_rules/rules/windows/defense_evasion_ms_office_suspicious_regmod.toml,sha256=A6c1vriVX2AnUnhaoykTuU8qySwj4QwwHYm--5zms30,6847
nldcsc_elastic_rules/rules/windows/defense_evasion_msbuild_making_network_connections.toml,sha256=zzm_f6jW2i8b8okvFWtqUeKQ33unaYHXZg4-tEYdU7g,8706
nldcsc_elastic_rules/rules/windows/defense_evasion_mshta_beacon.toml,sha256=-mOFpSVjjM0MJUB8NZUDHa-UXp9ocdvukh0xlMQwmbg,6523
nldcsc_elastic_rules/rules/windows/defense_evasion_mshta_susp_child.toml,sha256=ZogmPKQjxFO04srQi2CVjMCod7-IoLvvbB5zWprr3eg,16436
nldcsc_elastic_rules/rules/windows/defense_evasion_msiexec_child_proc_netcon.toml,sha256=BPOs4_NSSvbtoDFR1bnTIhwSDATYWwqbwvekcZ49-us,8463
nldcsc_elastic_rules/rules/windows/defense_evasion_msiexec_remote_payload.toml,sha256=1r1FBj0iHloBpWF56FYu-D4PfyorCn8s13Y38ndFJTU,12481
nldcsc_elastic_rules/rules/windows/defense_evasion_msxsl_network.toml,sha256=0QwQLlUa6iEopiuptnS6Du_4aER1kWGXsfZ0F4k62vs,7012
nldcsc_elastic_rules/rules/windows/defense_evasion_network_connection_from_windows_binary.toml,sha256=Q8ROGebqEA_30tX5g6VAhAkFm2Z4iu09qePA1tpn5mI,11267
nldcsc_elastic_rules/rules/windows/defense_evasion_ntlm_downgrade.toml,sha256=s65GSrSd4NLWP_-YuP5i4f0rYuvL6w-PbBE8MadhFGw,5726
nldcsc_elastic_rules/rules/windows/defense_evasion_obf_args_unicode_modified_letters.toml,sha256=wntzzSDHBUdLE5kcDji-17cUURw9vjSWBBRGYI_wd5s,14760
nldcsc_elastic_rules/rules/windows/defense_evasion_parent_process_pid_spoofing.toml,sha256=4AP2iZD_Yqz1qtka5fLwj1hsIdyxyr6ZuqPhO62shIQ,14125
nldcsc_elastic_rules/rules/windows/defense_evasion_persistence_account_tokenfilterpolicy.toml,sha256=jEu2nVGF7leivvLmmgkyFYSkXpo66MdUlgQCkQ7ABkY,8633
nldcsc_elastic_rules/rules/windows/defense_evasion_posh_assembly_load.toml,sha256=y7CKUP2W-PVI2fkdPZdhluxyTkayBCjKB8ztst1T3rc,11802
nldcsc_elastic_rules/rules/windows/defense_evasion_posh_compressed.toml,sha256=zpbfhbf33e7A69__vcmwJpYzUsU_eccHHxd8N_GXNBc,14023
nldcsc_elastic_rules/rules/windows/defense_evasion_posh_defender_tampering.toml,sha256=7_I_yI1MFttsvshrfrBBw94XhifkgL59od0Mbz8vVSI,11053
nldcsc_elastic_rules/rules/windows/defense_evasion_posh_encryption.toml,sha256=QEq7LlZsWSJMZAV2lWjhGcRC0aatGXJ-Yx0eWM-STW4,11394
nldcsc_elastic_rules/rules/windows/defense_evasion_posh_high_entropy.toml,sha256=Ny4gYBaViSwBIixE1vB5pY_NYTrA3KueA5ym-_ZrtKU,12548
nldcsc_elastic_rules/rules/windows/defense_evasion_posh_obfuscation.toml,sha256=8yXIqA7KPCRUolTVeUnMtdmFlAKQ1LLQA2N300_QZmk,7856
nldcsc_elastic_rules/rules/windows/defense_evasion_posh_obfuscation_backtick.toml,sha256=twRkpnBw3dmwS-OavaAqlzzY6h1poNdj7kAFTwdcYtk,12924
nldcsc_elastic_rules/rules/windows/defense_evasion_posh_obfuscation_backtick_var.toml,sha256=EfV0QWqlhiE7xbBPPCxQ-eGl3UfVhg2D17YoJHcRwNA,14134
nldcsc_elastic_rules/rules/windows/defense_evasion_posh_obfuscation_char_arrays.toml,sha256=OMiC1lwe9pIQYtVBYm-ps9oiRveVX-po7O5By8jVZBY,15555
nldcsc_elastic_rules/rules/windows/defense_evasion_posh_obfuscation_concat_dynamic.toml,sha256=ivCad9nWbiU3tJCxcdoEa3_XBIRfi4_LnnkmAW_I_1Q,16362
nldcsc_elastic_rules/rules/windows/defense_evasion_posh_obfuscation_high_number_proportion.toml,sha256=aFFzWX4kMgYe2udU57Dq_Rrr52o-c7KZD_NRLBcz_t4,10968
nldcsc_elastic_rules/rules/windows/defense_evasion_posh_obfuscation_iex_env_vars_reconstruction.toml,sha256=L3XyVGAu3AeIGWiIyyRkb8D85Gmxgu71td-5S1fL-YA,12307
nldcsc_elastic_rules/rules/windows/defense_evasion_posh_obfuscation_iex_string_reconstruction.toml,sha256=BcJGpyhUbGV9FzKZFIduoK7Ewf8UkKJyrFY0zPcGevs,12263
nldcsc_elastic_rules/rules/windows/defense_evasion_posh_obfuscation_index_reversal.toml,sha256=qoFcw_USTEt_RNdQH_8za_PGLI7azmHt3k1d2lNZYm4,11092
nldcsc_elastic_rules/rules/windows/defense_evasion_posh_obfuscation_reverse_keyword.toml,sha256=bj7ZI6khHKDeFYfI57bnp9xzp_MlbXUu3y4ySzED5-w,12876
nldcsc_elastic_rules/rules/windows/defense_evasion_posh_obfuscation_string_concat.toml,sha256=CwcMFO_AIts1pf3wn6hMysqlzvrvhj1GUDcIpEdrOYc,16292
nldcsc_elastic_rules/rules/windows/defense_evasion_posh_obfuscation_string_format.toml,sha256=HuuB6gZq2pwZQFYqFRZ60rkFeyl9xz7Z5OthZZZf6nw,12944
nldcsc_elastic_rules/rules/windows/defense_evasion_posh_obfuscation_whitespace_special_proportion.toml,sha256=1QfwDrp6dNG4bxp-y-pyJTCIPqxIzEcQeluxgy5yGLg,12711
nldcsc_elastic_rules/rules/windows/defense_evasion_posh_process_injection.toml,sha256=cxJXWNgsjM5KIEjzFTxS1W7l4LGx2-w75TjRPCcXcSA,16155
nldcsc_elastic_rules/rules/windows/defense_evasion_powershell_windows_firewall_disabled.toml,sha256=pHpuZkUAuEAzpXMNtnhjLt3ghlxq6pFsChhXzkYYlwY,6647
nldcsc_elastic_rules/rules/windows/defense_evasion_proxy_execution_via_msdt.toml,sha256=H7oi7eeu0worj4cDUivbyS41wDVFgn4froRyp9qzWRE,15017
nldcsc_elastic_rules/rules/windows/defense_evasion_reg_disable_enableglobalqueryblocklist.toml,sha256=F03BoPPH2hz6tOooxZo7ehX4b5QesKBeRay7hLsN1fs,7701
nldcsc_elastic_rules/rules/windows/defense_evasion_regmod_remotemonologue.toml,sha256=oPPwAjuri9s9kaA2haXJ9f3mYYkgV5AfyN39oKZsg60,6475
nldcsc_elastic_rules/rules/windows/defense_evasion_right_to_left_override.toml,sha256=NmKitI0ZJ-X2NXw6IxRX0MRazO20XOkVHL2B_fKCNEM,7294
nldcsc_elastic_rules/rules/windows/defense_evasion_root_dir_ads_creation.toml,sha256=kE7WGlS5poaTf6sSmSMWhKZSwVpbgThEj6CNUTyNVSE,6863
nldcsc_elastic_rules/rules/windows/defense_evasion_run_virt_windowssandbox.toml,sha256=sxSzlBZrM7sAJqFOBs6pxE1w37Wycukd5pyjoExOBso,7203
nldcsc_elastic_rules/rules/windows/defense_evasion_rundll32_no_arguments.toml,sha256=ugxHRYOikI0ooAqbwEWw-36qJryAJYnBlvzL4CFdiL4,11526
nldcsc_elastic_rules/rules/windows/defense_evasion_sc_sdset.toml,sha256=WlK21HzxT4jz3whoqQ2SXWi8_V1VIYQZwzO1xJ3qh18,7554
nldcsc_elastic_rules/rules/windows/defense_evasion_sccm_scnotification_dll.toml,sha256=9uY8ZXV6aJiOsQnCoDscY2UUp_LOyje7ahkAD_da4Gk,5639
nldcsc_elastic_rules/rules/windows/defense_evasion_scheduledjobs_at_protocol_enabled.toml,sha256=FuqTmm6WXF8ZPSakys7ZKzxqr0L8usNOSpGmHJf0_8Q,7078
nldcsc_elastic_rules/rules/windows/defense_evasion_script_via_html_app.toml,sha256=Y4ckHrNKK-W4ADEagHT6lUMg73oP8BjtdvvTFhx5yyU,15198
nldcsc_elastic_rules/rules/windows/defense_evasion_sdelete_like_filename_rename.toml,sha256=lZROPVHE3_OtEZhGQi5-DAcHQUjqu2v09nHxD5r7yoI,5551
nldcsc_elastic_rules/rules/windows/defense_evasion_sip_provider_mod.toml,sha256=omboQlPKLkUoWf7Hn9YkyWoqfSTI9nSXvxSMCN_Td2I,7272
nldcsc_elastic_rules/rules/windows/defense_evasion_solarwinds_backdoor_service_disabled_via_registry.toml,sha256=LAfJDUKqANdEOWe1l14Fb9OPV7axooA0IEDCKPcO45Y,7965
nldcsc_elastic_rules/rules/windows/defense_evasion_suspicious_certutil_commands.toml,sha256=7kRHIXpgNiBJ5E2mND1t1N1i21zt8-0O4RT17AG8XQ0,9052
nldcsc_elastic_rules/rules/windows/defense_evasion_suspicious_execution_from_mounted_device.toml,sha256=lYGSw2DBhLiWUAhQHGH-TlgMsDy7HxGb3y6woHmkWtA,8363
nldcsc_elastic_rules/rules/windows/defense_evasion_suspicious_managedcode_host_process.toml,sha256=CtERBk2AG63yf0xq_xG81L7W-refA9PjLom38nHHeHI,15003
nldcsc_elastic_rules/rules/windows/defense_evasion_suspicious_process_access_direct_syscall.toml,sha256=iMtRRrkWtUUGSVTnBXXqscSVTb_cpjp32cGEUM_B2kM,14640
nldcsc_elastic_rules/rules/windows/defense_evasion_suspicious_process_creation_calltrace.toml,sha256=P1RRsRuroBRpHCxSWDmLuCGgwt7GUfthBglXCxKQm4k,5492
nldcsc_elastic_rules/rules/windows/defense_evasion_suspicious_scrobj_load.toml,sha256=wrvByOSqgsa4jbij3qrovmavQT2UIPvfL4Hn7U3zH4c,7051
nldcsc_elastic_rules/rules/windows/defense_evasion_suspicious_short_program_name.toml,sha256=LTBa_4KiylZVNYIIfrmG0zkr37E7qGkH-wa3lQHTCLk,7218
nldcsc_elastic_rules/rules/windows/defense_evasion_suspicious_wmi_script.toml,sha256=MK9HJRYEBOvLjEg13JcX8BqJRpTTFUjZs338_8tjlIs,7088
nldcsc_elastic_rules/rules/windows/defense_evasion_suspicious_zoom_child_process.toml,sha256=BKt5qQTNHp0_MQV69WjFbUGo96CNhdg6LvmxjtKTXtA,8561
nldcsc_elastic_rules/rules/windows/defense_evasion_system_critical_proc_abnormal_file_activity.toml,sha256=yHB8zQbhODHex4J93dFnDkS8FQAQDKTzrR5Gjn-jMsE,14178
nldcsc_elastic_rules/rules/windows/defense_evasion_timestomp_sysmon.toml,sha256=uTsmt2QPSNUwaH9Rxv8yaCoJNjOFQk7imzMXeOTIO54,8224
nldcsc_elastic_rules/rules/windows/defense_evasion_unsigned_dll_loaded_from_suspdir.toml,sha256=9wjmf5tPmn0ihbwBYLPBy2ecRvTdLrluMx-YoKnlAns,10076
nldcsc_elastic_rules/rules/windows/defense_evasion_untrusted_driver_loaded.toml,sha256=hJSYVNuAoELd-6Q1guXQsgeSCiP-L5Fg9b3ojYi7q64,12652
nldcsc_elastic_rules/rules/windows/defense_evasion_unusual_ads_file_creation.toml,sha256=BzqEMK7Ws8FFndHmflsgNrm-x7DgxwYWAnZFjJDKfzs,12751
nldcsc_elastic_rules/rules/windows/defense_evasion_unusual_dir_ads.toml,sha256=6j1qSjuHeYpBUO2H-LoG0k1iDci-jokpf4ih4zoOEM0,6455
nldcsc_elastic_rules/rules/windows/defense_evasion_unusual_network_connection_via_dllhost.toml,sha256=8Zh9IW2cV9dEm440OAHzdUjdO0M85D8HToa_aFEMrUw,7001
nldcsc_elastic_rules/rules/windows/defense_evasion_unusual_network_connection_via_rundll32.toml,sha256=JxIxDWuoMXjsGu-X3EGBS7o3k35trvNZZKnB9qFHRH4,6151
nldcsc_elastic_rules/rules/windows/defense_evasion_unusual_process_network_connection.toml,sha256=NG8qXJBLysJR-bmPtAdz6ds_VhqPKU3qhUZ2BBqWfCI,5751
nldcsc_elastic_rules/rules/windows/defense_evasion_unusual_system_vp_child_program.toml,sha256=Am5O9QmpV922qkpKR-8gRmL-pkfdXwizutnDvroBSmY,11292
nldcsc_elastic_rules/rules/windows/defense_evasion_via_filter_manager.toml,sha256=49bo76mJ2hEbrGxXcsgsSJiWDKBgnnrTBhbxSzQ5n78,8547
nldcsc_elastic_rules/rules/windows/defense_evasion_wdac_policy_by_unusual_process.toml,sha256=VBv5KrSVdSUlrdY6P96pAGDcQimNhR9dIiklXVak39w,13826
nldcsc_elastic_rules/rules/windows/defense_evasion_windows_filtering_platform.toml,sha256=mW-jhE837ZjHFKJehxkrtnjs40TVyTZ_OBAeI47Isww,10825
nldcsc_elastic_rules/rules/windows/defense_evasion_workfolders_control_execution.toml,sha256=KR0anOPeWfPm_xVIofEa7ffShZEP5rjvAiOkbYO6j1A,6040
nldcsc_elastic_rules/rules/windows/defense_evasion_wsl_bash_exec.toml,sha256=RfSu2LHsp2gUooyAhImNLgrSsihJpT7WtiqwZfa-dWc,8182
nldcsc_elastic_rules/rules/windows/defense_evasion_wsl_child_process.toml,sha256=5Ln4-S0EheBwNbTj5Lb7e_OrEnka9JBTd4rA8o1fb2M,8523
nldcsc_elastic_rules/rules/windows/defense_evasion_wsl_enabled_via_dism.toml,sha256=P_Q54_nIZfLaJ4O3vDwwJtgJy1FKq7iWySnoJuLijfw,5586
nldcsc_elastic_rules/rules/windows/defense_evasion_wsl_filesystem.toml,sha256=hHPV4UbA7CeHpxf1HIKqscwzTQdfP4Ll8fzgo2hc0FM,6824
nldcsc_elastic_rules/rules/windows/defense_evasion_wsl_kalilinux.toml,sha256=7tBISEc5GE_qcg0IFgpM7KHTjfPY_bZZaJnIZhEEjj8,14275
nldcsc_elastic_rules/rules/windows/defense_evasion_wsl_registry_modification.toml,sha256=uiL14M2QuNwid_tv1qeWe5bwW3fcbRf9tSas7g-zOko,6122
nldcsc_elastic_rules/rules/windows/discovery_active_directory_webservice.toml,sha256=52WZuo8_gOtzjcOSzTuL8JcZ5tu15p1hmlnqPstBDKE,6995
nldcsc_elastic_rules/rules/windows/discovery_ad_explorer_execution.toml,sha256=NwmnujJWYy1Z9yDwvYROtEgTTM0LgDjkK4gTOLWbacg,5639
nldcsc_elastic_rules/rules/windows/discovery_adfind_command_activity.toml,sha256=_ivYoSFaMH5JTNSi8DPdqZ0eRKnB9ivaHi1h4ED36FA,7669
nldcsc_elastic_rules/rules/windows/discovery_admin_recon.toml,sha256=Ex8tlMm9WxO2vGg_-y-kAF0EtNRjVVux161PXjCiHMo,5942
nldcsc_elastic_rules/rules/windows/discovery_command_system_account.toml,sha256=cLA1wWPZr7iEjfvQEcO0ODEf0_5Tc0-rzWXioEDczu0,6482
nldcsc_elastic_rules/rules/windows/discovery_enumerating_domain_trusts_via_dsquery.toml,sha256=oM2YqbKyNE1X6gfSdq8UZiG2MUoJOjNQD0Iyemlp5Hg,5494
nldcsc_elastic_rules/rules/windows/discovery_enumerating_domain_trusts_via_nltest.toml,sha256=3wYfrV4ExBjI3s6YwfTVzt3p1rcqYCBIKIgnPZtxB-4,5772
nldcsc_elastic_rules/rules/windows/discovery_group_policy_object_discovery.toml,sha256=f82x5lis6gbiFQ4JI2L9bG2lxph-V3VVYivLpoVd8kk,5927
nldcsc_elastic_rules/rules/windows/discovery_high_number_ad_properties.toml,sha256=dwnhQ2hTMWbkBg9OS7A5vjA3cYnJm44B-t2V2pDYMog,6158
nldcsc_elastic_rules/rules/windows/discovery_host_public_ip_address_lookup.toml,sha256=gf_C-5dSGEUcCBz_llir0rMytJcSyibQ_7_tFpwRUYY,15440
nldcsc_elastic_rules/rules/windows/discovery_peripheral_device.toml,sha256=dwz6W2i7AT6LQVA3UI3GtVxcd8nU9KVY162d8KDtxqk,5105
nldcsc_elastic_rules/rules/windows/discovery_posh_invoke_sharefinder.toml,sha256=fJ1OXbastSqnQZPNQY0zOADqOaJ6sLVhRJYVI9RcV8I,13688
nldcsc_elastic_rules/rules/windows/discovery_posh_suspicious_api_functions.toml,sha256=DoOH3Ufb_ve7tFuRo3Yj9IkcOtu3bR076psUPBDLFu4,14556
nldcsc_elastic_rules/rules/windows/discovery_privileged_localgroup_membership.toml,sha256=umrfFtJa3fwCLHW_dmQFPzE0SWj7_8u2jrvliHXZMZo,10143
nldcsc_elastic_rules/rules/windows/discovery_signal_unusual_discovery_signal_proc_cmdline.toml,sha256=Gj1vJ6zUmgL0imGWKEAjmWEabtKqt0KxNrYZ5-DK7JE,5733
nldcsc_elastic_rules/rules/windows/discovery_signal_unusual_discovery_signal_proc_executable.toml,sha256=yDoMV7s3ssw7ZhVoD7uVLBePdWg304HsxwMpzWIFm4M,5341
nldcsc_elastic_rules/rules/windows/discovery_whoami_command_activity.toml,sha256=Ao_OkmvbMr0VZHUKRxuTCCgxAB7AqfGzqA9vfN3XDrs,6280
nldcsc_elastic_rules/rules/windows/execution_apt_solarwinds_backdoor_child_cmd_powershell.toml,sha256=AN3mQn2ytwdGdULyRBURiIGkNZ4MWDiMvLgOe1BjAvg,8222
nldcsc_elastic_rules/rules/windows/execution_apt_solarwinds_backdoor_unusual_child_processes.toml,sha256=u1Jh-tRA_QrLJMS2EjS3hNSidMS0wVJEcu7dLK83CPk,7572
nldcsc_elastic_rules/rules/windows/execution_com_object_xwizard.toml,sha256=NZp1tGuTckTsaooggvJQlAXawMbH9GgFizC9pmC9E2s,7770
nldcsc_elastic_rules/rules/windows/execution_command_prompt_connecting_to_the_internet.toml,sha256=B8wwkaq83eVqLurgYJAiU2x-paDKDuEM9mWSQ7DKQig,10610
nldcsc_elastic_rules/rules/windows/execution_command_shell_started_by_svchost.toml,sha256=oF2yUITKB7SHQSrw1H6YyVFU22DRGfOK7O5SrJ_PYiQ,8541
nldcsc_elastic_rules/rules/windows/execution_command_shell_started_by_unusual_process.toml,sha256=pmTjtcZPgze07LUVs29qi3vEyYYyispZ47ngxVtD6Kk,7292
nldcsc_elastic_rules/rules/windows/execution_command_shell_via_rundll32.toml,sha256=DO_-Q8BSKPOVEsfKNssd6gu3IlORb_kyoW6xzeIZy1U,7274
nldcsc_elastic_rules/rules/windows/execution_delayed_via_ping_lolbas_unsigned.toml,sha256=AalCQg0i7KzEZYq88PuxFi2CpRTn1gNktHhNrH0N4GE,9932
nldcsc_elastic_rules/rules/windows/execution_downloaded_shortcut_files.toml,sha256=yJvHSFSmgzanAiof3tFbGNIoKpTfG5dDXAZF0gVLf2c,5902
nldcsc_elastic_rules/rules/windows/execution_downloaded_url_file.toml,sha256=OGQsG9_nRQDKz5Y43lNuLLgjqJI66tnJ3GeVHEU1WCs,5952
nldcsc_elastic_rules/rules/windows/execution_enumeration_via_wmiprvse.toml,sha256=bOYdtSAaz8WZnXeDdrdoPDQxEi_ppErAGurxCFYdbj4,8970
nldcsc_elastic_rules/rules/windows/execution_from_unusual_path_cmdline.toml,sha256=xmLggCjV6eq5hSJuPW6mRGzXOKr7iWyt5mRs6aF1AlA,14008
nldcsc_elastic_rules/rules/windows/execution_html_help_executable_program_connecting_to_the_internet.toml,sha256=VlC2ClCz87bnn5ygiFihkRc6WNAdi2-TW964vc7OtVA,9848
nldcsc_elastic_rules/rules/windows/execution_initial_access_foxmail_exploit.toml,sha256=0TKPA-0LowkL7bYfrpk42TOs4sz_dRPcghIHGbUxqaM,13779
nldcsc_elastic_rules/rules/windows/execution_initial_access_via_msc_file.toml,sha256=WLhZ8VbkLYpM9gMApZJs8NREzfC2AWeighPGRQzVoaY,14382
nldcsc_elastic_rules/rules/windows/execution_initial_access_wps_dll_exploit.toml,sha256=kTwATvfnMguLoi_ChR6j_YKfkzhqMmBeNlZExwQxMeo,12718
nldcsc_elastic_rules/rules/windows/execution_java_dropped_jar_immediate_dns_lookup.toml,sha256=AP-7KtkvydFGI_Li8Uw34nlOSCAoQE9tMpp7DeSdHT4,5014
nldcsc_elastic_rules/rules/windows/execution_mofcomp.toml,sha256=7GyeMeK0npA1dxxK0uvFq2Z5-7t1hUpePwMP_8Jo0uU,6559
nldcsc_elastic_rules/rules/windows/execution_ms_office_written_file.toml,sha256=5aFx-wkvaadektLlCL60yaOw5_pQP0675yWIrODU6xw,12408
nldcsc_elastic_rules/rules/windows/execution_nodejs_susp_patterns.toml,sha256=UFCXb7_4pOsPKOgqZc9UU7YlOV7Th-_g9v0LwPYqn20,13973
nldcsc_elastic_rules/rules/windows/execution_notepad_markdown_child_process.toml,sha256=L-yMKjjxbBuW1-KMq1O39YJF4jXiLRPMyfKtGVdj7Bw,13718
nldcsc_elastic_rules/rules/windows/execution_posh_hacktool_authors.toml,sha256=bxWQ7I3GPnuPJofUp55qkMX-NzNUt-CqtIJw_3hxF2A,14629
nldcsc_elastic_rules/rules/windows/execution_posh_hacktool_functions.toml,sha256=9DLHiLSGtNL3ObT4QOVJ0geeP9Jikpepaj95_z0nxW0,23701
nldcsc_elastic_rules/rules/windows/execution_posh_malicious_script_agg.toml,sha256=BBO9aOiORqwAxBw7Ld3HEoUpKMqhvv4EKIV268RwXcw,11431
nldcsc_elastic_rules/rules/windows/execution_posh_portable_executable.toml,sha256=e4Q3EgRYX9VzxP2-g5on4M-n7CYTCvIQ8LZUhozw5yk,10224
nldcsc_elastic_rules/rules/windows/execution_posh_psreflect.toml,sha256=EBKyIlGZU0OvZLP3oNSt36iAW3PPoSu_CulV5TD_jk0,14026
nldcsc_elastic_rules/rules/windows/execution_powershell_susp_args_via_winscript.toml,sha256=BnrjmrzeZ6OveOBM6WJtACLzFttIV-7tD_s20YNXGrU,16229
nldcsc_elastic_rules/rules/windows/execution_psexec_lateral_movement_command.toml,sha256=RWSBz6kghrNEn40aWl_tD7UYVaT7f9jehKtBCJjghvo,6463
nldcsc_elastic_rules/rules/windows/execution_register_server_program_connecting_to_the_internet.toml,sha256=9yazugQ_aofYT0oKc2wTA16YpKDFDaIj_bBtbRffN_Q,9161
nldcsc_elastic_rules/rules/windows/execution_revshell_cmd_via_netcat.toml,sha256=nXA8ZUnA7KS_6jSG_2c0Qgj9i9Ao7-gQhy4tOtrGDyI,11544
nldcsc_elastic_rules/rules/windows/execution_scheduled_task_powershell_source.toml,sha256=ckxEheJS7ZwlYFjfyhO5JxZfAkC37iYAnt_IQ6Cmpg8,7434
nldcsc_elastic_rules/rules/windows/execution_scripting_remote_webdav.toml,sha256=AvAtpjPHkU16gIBTOb38IjPFKFauhPM07Oz5oMIh5k8,15185
nldcsc_elastic_rules/rules/windows/execution_scripts_archive_file.toml,sha256=YBzZluEMbZtj_yJeyDIfT6S8A7kqNfpH9SW2u4e2cWU,7797
nldcsc_elastic_rules/rules/windows/execution_shared_modules_local_sxs_dll.toml,sha256=dmv_4_YXxAlxOjcvssUHv87uYOOW-cVw_Wg8eIr1ZmM,3374
nldcsc_elastic_rules/rules/windows/execution_susp_javascript_via_deno.toml,sha256=OdgJ81LcoRck8H2jUA2kce5mRYN8LWyvcJ5Vh3F4mgQ,14296
nldcsc_elastic_rules/rules/windows/execution_suspicious_cmd_wmi.toml,sha256=fMcu359Bc05jcl09bJSwUkE4YK5FBfcOqZku1dGZ6dw,12905
nldcsc_elastic_rules/rules/windows/execution_suspicious_image_load_wmi_ms_office.toml,sha256=CJDWy-AB9alvsAnSrMFEw-UlLU_udZGVXP_EdD2gXiI,6276
nldcsc_elastic_rules/rules/windows/execution_suspicious_pdf_reader.toml,sha256=luDAT0QKmUyw3lL4A1konvOCBGjLsjpCxv1iGuHdR7M,9780
nldcsc_elastic_rules/rules/windows/execution_suspicious_powershell_imgload.toml,sha256=3YZXTOwxT33rOgRvrnZC_qe_Xya7Cfcsi5kP0_ZubYo,7107
nldcsc_elastic_rules/rules/windows/execution_suspicious_psexesvc.toml,sha256=kwxzPXGmLfnXXOc8jB-lLhqWIP7NgIPTBGdjAxKNwb0,5996
nldcsc_elastic_rules/rules/windows/execution_via_compiled_html_file.toml,sha256=hVHr1BMS1-k_ekdF2bjEHEmWPqWGsHHuO4GSdk1-HN0,9879
nldcsc_elastic_rules/rules/windows/execution_via_hidden_shell_conhost.toml,sha256=Wg_blrOmQkFOhrngTbbYQruKQfjX3SdvmVoejD_i3Fs,16259
nldcsc_elastic_rules/rules/windows/execution_via_mmc_console_file_unusual_path.toml,sha256=Ed04mfbFrZubbtMzZMjdva9w1KJ7h7gI-Op8Jt3PIvk,8139
nldcsc_elastic_rules/rules/windows/execution_windows_cmd_shell_susp_args.toml,sha256=xIn7sKGBOxmucpGsDqLlQUxpOYwFMzwt8SrFSRc_sZk,18943
nldcsc_elastic_rules/rules/windows/execution_windows_fakecaptcha_cmd_ps.toml,sha256=85zRdudsn0V39aYUA_jRpX_J5eD-hA_cMJD7qyormOs,15275
nldcsc_elastic_rules/rules/windows/execution_windows_phish_clickfix.toml,sha256=EI_Lta-P7byIHMnY4A9qwj0DgYMj-hdcPUc8Y1Fet1U,15896
nldcsc_elastic_rules/rules/windows/execution_windows_powershell_susp_args.toml,sha256=k_NN6BUL8W1RoopKyoI8axjjdGjHLlhxJM85dDPioKw,10791
nldcsc_elastic_rules/rules/windows/execution_windows_script_from_internet.toml,sha256=rmxaSSTfXsVBpQe2qcMtR6IFENR9Q2sOlfuCxiRJZ9M,8440
nldcsc_elastic_rules/rules/windows/exfiltration_rclone_cloud_upload.toml,sha256=TZ5VHpceFRIfN5cXA41ZcgTKY8XtCaWnW9YV4pKNh-M,5636
nldcsc_elastic_rules/rules/windows/exfiltration_smb_rare_destination.toml,sha256=gjX3TE5dlzTZm_ueLFdszSDvpvzfpLvzDF0Cl0UK_f0,7477
nldcsc_elastic_rules/rules/windows/impact_backup_file_deletion.toml,sha256=hBHBaR2-T27Q0yKoJGx6MkmGgQs0H2CV7M-Y23DD9Ak,6094
nldcsc_elastic_rules/rules/windows/impact_deleting_backup_catalogs_with_wbadmin.toml,sha256=kjtar8R9T3HW_WIggaIf4AsK7AaLu3F5sX7_cPOfbys,5603
nldcsc_elastic_rules/rules/windows/impact_high_freq_file_renames_by_kernel.toml,sha256=qvJBW4qwcNRILSHZprJmUMe0VP1yk2M0J3r7gQ1dLkQ,5667
nldcsc_elastic_rules/rules/windows/impact_mod_critical_os_files.toml,sha256=UPUZAXEj774w2WtKMk_3mm3v8Nu2LivcPdGzJTXtOSA,13736
nldcsc_elastic_rules/rules/windows/impact_modification_of_boot_config.toml,sha256=9I-4kq0WpbvITj9BB40ERaKqDTc_JMjFQSPFrauiCD4,5401
nldcsc_elastic_rules/rules/windows/impact_ransomware_file_rename_smb.toml,sha256=Qs4jrF972oTFTry643hBPrEE7KjVvGQqruGU1oCCfEo,10589
nldcsc_elastic_rules/rules/windows/impact_ransomware_note_file_over_smb.toml,sha256=ZiQe8iVLx_TjLr9D2JnH3s1EXDugRe6p-QJA-FJRmWY,12054
nldcsc_elastic_rules/rules/windows/impact_stop_process_service_threshold.toml,sha256=Fy-NyR_FfTEvrfKk-Puqd-22c5y-onuxoAd89XGGgVc,5304
nldcsc_elastic_rules/rules/windows/impact_volume_shadow_copy_deletion_or_resized_via_vssadmin.toml,sha256=2IyYGbYkQHwrhb32WrfrCOnvUI8QmsaQRoXKJfIMC2k,12012
nldcsc_elastic_rules/rules/windows/impact_volume_shadow_copy_deletion_via_powershell.toml,sha256=jfDr2JH0YKs3_AvzXq20AwWjyk3YufppsMn45ooGrRA,14778
nldcsc_elastic_rules/rules/windows/impact_volume_shadow_copy_deletion_via_wmic.toml,sha256=rIkGIRSrr5ThPrrvyogEYIotYz4KkfkntjtX9VlO2Fs,10640
nldcsc_elastic_rules/rules/windows/initial_access_evasion_suspicious_htm_file_creation.toml,sha256=b-czzo6-TevMWTp1HuoRA-BKWX1FPKVPNTzbEjd9x80,8860
nldcsc_elastic_rules/rules/windows/initial_access_execution_from_inetcache.toml,sha256=YeaNEVEQZPM5j1Fs-MGDEEZ6F3Dl2-Obya6DpOFqAD8,16105
nldcsc_elastic_rules/rules/windows/initial_access_execution_from_removable_media.toml,sha256=swpWH4YYTvl9dB0zVdiVmhN_Z2I13CNg_LHop5qFg2Q,6254
nldcsc_elastic_rules/rules/windows/initial_access_execution_remote_via_msiexec.toml,sha256=ZAjcPLkTA8MH7OzHhFNnbFmoT27CioX-56Zhc5cXH9o,9037
nldcsc_elastic_rules/rules/windows/initial_access_execution_via_office_addins.toml,sha256=3ocUVffGEYmU6p6JcwHcGF8JB8UjDLTx01IwVApF43g,9640
nldcsc_elastic_rules/rules/windows/initial_access_exfiltration_first_time_seen_usb.toml,sha256=owU6ZNRnbpunoD1A0Ke_iQENPRO74djn6j6d9N8pd3Q,6823
nldcsc_elastic_rules/rules/windows/initial_access_exploit_jetbrains_teamcity.toml,sha256=Vz9e3NNFvzO5p2DfHPJImhznHvY0912ToRQmklfrIDc,11375
nldcsc_elastic_rules/rules/windows/initial_access_potential_webhelpdesk_exploit.toml,sha256=r7VIOEsTlTw6CBM48J3oat0QzpuHSqL3vrU9_CMNOQk,13543
nldcsc_elastic_rules/rules/windows/initial_access_rdp_file_mail_attachment.toml,sha256=EaH0KuueCvT1aOZea7h0dkAN-VLADjSsKeShgs-O5BA,7950
nldcsc_elastic_rules/rules/windows/initial_access_script_executing_powershell.toml,sha256=TFukjItA3K4cgIBsiaX32wEPVmgi4B7f4QJe0fooYQg,6978
nldcsc_elastic_rules/rules/windows/initial_access_scripts_process_started_via_wmi.toml,sha256=C9i2-xBpFVh4PAtW9rQNZem_TK1dEq0l0oY-_8BE7kY,8110
nldcsc_elastic_rules/rules/windows/initial_access_suspicious_execution_from_vscode_extension.toml,sha256=btg2-ixw4tAjph5BC78PtLdvfu-A9Bx_rvndTgPvk0M,6894
nldcsc_elastic_rules/rules/windows/initial_access_suspicious_ms_exchange_files.toml,sha256=7K6GImMi9jOfobahvUG-poL3sADzEMbrVLRFdsMeVsY,5040
nldcsc_elastic_rules/rules/windows/initial_access_suspicious_ms_exchange_process.toml,sha256=d7oEXI4JPRgqF34QpQuGeQccyNGzAwi28oMcQ-NJYjU,9027
nldcsc_elastic_rules/rules/windows/initial_access_suspicious_ms_exchange_worker_child_process.toml,sha256=d_HKC46afraALfPCOHth8iNL_QAdyo_BAVTvRGSZ3SI,14698
nldcsc_elastic_rules/rules/windows/initial_access_suspicious_ms_office_child_process.toml,sha256=yqnjc-bWy14TSDgG5LPyhy1CQX3fsoVE_JZIT1hvy60,10915
nldcsc_elastic_rules/rules/windows/initial_access_suspicious_ms_outlook_child_process.toml,sha256=-VcUH5wOa_wP3TlltD67Sxg9uK3hjpPH63e1pMEeGJg,9038
nldcsc_elastic_rules/rules/windows/initial_access_suspicious_windows_server_update_svc.toml,sha256=zozLa6-GOg-vH66stA8TqjTbsycoxH39zIsu9AAL_PU,14316
nldcsc_elastic_rules/rules/windows/initial_access_url_cve_2025_33053.toml,sha256=TDDhjGTfyxEMKD8VBE0JwMmSxrWF9Xn0aUBrpfh5IhQ,16019
nldcsc_elastic_rules/rules/windows/initial_access_via_explorer_suspicious_child_parent_args.toml,sha256=S8Y3F4PaiQRUlUFz_nBkWW72vy0mRXmG1GFVKMM4nG8,9317
nldcsc_elastic_rules/rules/windows/initial_access_webshell_screenconnect_server.toml,sha256=7un05Bo0HpSTKvbRyB_qqnCh819NlSvd1nbpIOdJkoM,14876
nldcsc_elastic_rules/rules/windows/initial_access_xsl_script_execution_via_com.toml,sha256=2L2D47R-9SQIK0fy-Z1cWg22ZjUTqcABergfVir-Fxg,7715
nldcsc_elastic_rules/rules/windows/lateral_movement_alternate_creds_pth.toml,sha256=QwVCRyre6DnP3dUp9uDRvgEYHkX5eJwfjoaa6_SIGdc,6155
nldcsc_elastic_rules/rules/windows/lateral_movement_cmd_service.toml,sha256=wjk0CT1bjnau4d-IT-LCRW_x8Ui8X5Oo9wPxNKwJljI,7281
nldcsc_elastic_rules/rules/windows/lateral_movement_credential_access_kerberos_correlation.toml,sha256=NxK7MxuT3S7M_9reZb0e63NhCcBONcQvcMgrNP4xADg,13323
nldcsc_elastic_rules/rules/windows/lateral_movement_dcom_hta.toml,sha256=vTQJQhUUPY4daQKYLfqZXlvUMQVly3Y-lkKPerQ9sYo,14239
nldcsc_elastic_rules/rules/windows/lateral_movement_dcom_mmc20.toml,sha256=JAmVcO5G8v_KTyXeEUdtG4twvA4dcutREzqVMozmKvw,13140
nldcsc_elastic_rules/rules/windows/lateral_movement_dcom_shellwindow_shellbrowserwindow.toml,sha256=YtFN0XzqeafeLgkheNijsW4GuzSW-f9drm7uZO0JNio,7390
nldcsc_elastic_rules/rules/windows/lateral_movement_defense_evasion_lanman_nullsessionpipe_modification.toml,sha256=8qSxnpBiJc33n7TWH0aK0ZESduc1V2XHEVR_1DpDeYU,7408
nldcsc_elastic_rules/rules/windows/lateral_movement_direct_outbound_smb_connection.toml,sha256=RRynh6z3d36Di85ywVQfDS-8Ut6B7poZPyzdtAOUGus,8714
nldcsc_elastic_rules/rules/windows/lateral_movement_evasion_rdp_shadowing.toml,sha256=yCiilTG3gukXctaiHt7cpbz7r9XHNEsGUeI743SOclM,14367
nldcsc_elastic_rules/rules/windows/lateral_movement_executable_tool_transfer_smb.toml,sha256=cBGyOzRTjrJ8-93a1XfMabif_QbPkyzyh3auVRRm6Kw,5686
nldcsc_elastic_rules/rules/windows/lateral_movement_execution_from_tsclient_mup.toml,sha256=CrZoGuFw1Z2znxXqCj1OSHanmLIjlWj4qUSYa6_qU5M,11815
nldcsc_elastic_rules/rules/windows/lateral_movement_execution_via_file_shares_sequence.toml,sha256=zEY-7xoAn6ZnTSuVdUL1fZzABkgjLs0Dc0XC9P8NWJ0,8229
nldcsc_elastic_rules/rules/windows/lateral_movement_incoming_winrm_shell_execution.toml,sha256=o2WnNlReID9dxeAE396c_XLZTdt-VmGUHJNzNDfqfrk,6828
nldcsc_elastic_rules/rules/windows/lateral_movement_incoming_wmi.toml,sha256=oOtlQswkm83ydctaNNTXMdCl5aXeCuXEWFsYOPUEF5Q,7778
nldcsc_elastic_rules/rules/windows/lateral_movement_mount_hidden_or_webdav_share_net.toml,sha256=N16w9PZLU0v28SQ7ObFtErrkmw3fOD7Wr811wOQ_MZE,7830
nldcsc_elastic_rules/rules/windows/lateral_movement_powershell_remoting_target.toml,sha256=QiQE4mDTlaxUMzudo48U3v9HbTZZKtuF28OO1qKpzng,7442
nldcsc_elastic_rules/rules/windows/lateral_movement_rdp_enabled_registry.toml,sha256=WBOKLe1BQbqZTOxygoYV42D6m8P4mNCMyctfC_twP4g,6281
nldcsc_elastic_rules/rules/windows/lateral_movement_rdp_sharprdp_target.toml,sha256=MgcAfpGmjV3mqVDlkFZeEmwDOarkgxBuxbS1GBL0jbc,11303
nldcsc_elastic_rules/rules/windows/lateral_movement_remote_file_copy_hidden_share.toml,sha256=wQhjOgAHpPpAzD-0Mv4JYDQZtbdH8ThFMcb3zUYmiNo,7327
nldcsc_elastic_rules/rules/windows/lateral_movement_remote_service_installed_winlog.toml,sha256=g4ht6f9OxCCMswi1yrEX4MxSMx3kgeVbBg0gn5QYPm4,8518
nldcsc_elastic_rules/rules/windows/lateral_movement_remote_services.toml,sha256=cAVyfgtMZu6s3Z3hZdCNT5L1WLag5EMJmxCk4BAT718,10644
nldcsc_elastic_rules/rules/windows/lateral_movement_remote_task_creation_winlog.toml,sha256=_p4plmmjaMu5pFkrgQ-St0UxhclI0Kdws6U8dMxXmS4,4297
nldcsc_elastic_rules/rules/windows/lateral_movement_scheduled_task_target.toml,sha256=x-y0ruRIc6XoPYEDMNE9CcY2SV3zP0MZar7ryLskOZ4,5477
nldcsc_elastic_rules/rules/windows/lateral_movement_suspicious_rdp_client_imageload.toml,sha256=zopuVc2qMxDs18IX6fVcxhjt9LIWK40n-uFBkgRqxk4,6753
nldcsc_elastic_rules/rules/windows/lateral_movement_unusual_dns_service_children.toml,sha256=txv04Avxj86cpbSVNxTh9rOjIckEGW51k6Z8PqKaaIY,13962
nldcsc_elastic_rules/rules/windows/lateral_movement_unusual_dns_service_file_writes.toml,sha256=TAVTLCsulXtfKiNCnKKRzj7trycI--eWMr9aI9mx6y4,6798
nldcsc_elastic_rules/rules/windows/lateral_movement_via_startup_folder_rdp_smb.toml,sha256=hLPhxfbCnKvCGFIXoLlKxJrchY8f9-9cOEMEvw8xRB0,12641
nldcsc_elastic_rules/rules/windows/lateral_movement_via_wsus_update.toml,sha256=uuGKeS5PCogAFtx6oL0NVwP0m6j0CoIltmDpWp1TYVI,7265
nldcsc_elastic_rules/rules/windows/persistence_ad_adminsdholder.toml,sha256=nHaOXXhe0NdYk5De3mdGvF3MvzFFj7QFXHMgSVLgnuc,13747
nldcsc_elastic_rules/rules/windows/persistence_adobe_hijack_persistence.toml,sha256=1QdhJHUpyZc9vie-MMJBwQPRJFsSGkPGar9UQO3A-Vk,8093
nldcsc_elastic_rules/rules/windows/persistence_app_compat_shim.toml,sha256=iCX8uDze8qPjGb0AVVn-cVPyHfdK-IKoS66Yc-iGnns,7548
nldcsc_elastic_rules/rules/windows/persistence_appcertdlls_registry.toml,sha256=8muuLt2QmkPTj5KmJuLln-Sqbz9S_YVguarrO6Nmnd8,7687
nldcsc_elastic_rules/rules/windows/persistence_appinitdlls_registry.toml,sha256=LT0tL2Am8kfjyGsIk7d9BsfMWEwqXKg1aDi6-ADS9f0,10210
nldcsc_elastic_rules/rules/windows/persistence_browser_extension_install.toml,sha256=nrGrzMOz30bvOI6bhR98_yOI4VJnhI-cIiLb8W6gzA4,7414
nldcsc_elastic_rules/rules/windows/persistence_dontexpirepasswd_account.toml,sha256=ReJ6N8z0vev9wf_RJBE0oU0xCNjUNrkY_0J40H6oIPU,5414
nldcsc_elastic_rules/rules/windows/persistence_evasion_hidden_local_account_creation.toml,sha256=Zoo-fP7XrtoWjCGjbELRYZvPpapXU23A8ws0o6_9_3M,12886
nldcsc_elastic_rules/rules/windows/persistence_evasion_registry_ifeo_injection.toml,sha256=N-pQGESvpDmAwtvEX1zx79V17mdIcXrZ6zRtAsl9rhM,8422
nldcsc_elastic_rules/rules/windows/persistence_evasion_registry_startup_shell_folder_modified.toml,sha256=lLp1zqo7-pW9LnF-Id6umGGVKqxy1TAA8iV2Wxi4KDQ,14292
nldcsc_elastic_rules/rules/windows/persistence_group_modification_by_system.toml,sha256=6LCQqVl-evr0wwtdwocxKXh5p8Gu7WI0x6IWZCydjOU,5888
nldcsc_elastic_rules/rules/windows/persistence_local_scheduled_job_creation.toml,sha256=V4Ym4S0S6neAhe6dev8g53V4XFpivv7XE6kIP_EOujw,7123
nldcsc_elastic_rules/rules/windows/persistence_local_scheduled_task_creation.toml,sha256=WlZIg3pFLBlvCs_-EvfskmLHvpeNxP8lNCUN8ScWqnI,7686
nldcsc_elastic_rules/rules/windows/persistence_local_scheduled_task_scripting.toml,sha256=VjbzlXwoK6aiW-9f4_qFjWaNmGnm7ESg_Rht8I2IcHo,3579
nldcsc_elastic_rules/rules/windows/persistence_ms_office_addins_file.toml,sha256=c5cAoln9TQQ8PAu20QxyutD5k5J_TCliX7fSIXQDzVQ,13726
nldcsc_elastic_rules/rules/windows/persistence_ms_outlook_vba_template.toml,sha256=W5ECZ5G2DDRlNuETPwDc9Z5jgTeV26Ia1AJIgyjtP0E,6900
nldcsc_elastic_rules/rules/windows/persistence_msds_alloweddelegateto_krbtgt.toml,sha256=wu6n0Cq0dc2o6olIPlur8LjjIxCk1PmwpJwbpTyB7H0,13594
nldcsc_elastic_rules/rules/windows/persistence_msi_installer_task_startup.toml,sha256=5PMHpSDVw5r2qeTD2B2GBCgfdxVpmq1rHatN5Cefmio,9871
nldcsc_elastic_rules/rules/windows/persistence_msoffice_startup_registry.toml,sha256=_dHQe9356_vmEzEolB5A2QNit-txF6aVUM3pDqy2piY,6791
nldcsc_elastic_rules/rules/windows/persistence_netsh_helper_dll.toml,sha256=UXOb7Ibl2gKS_uHja-kAIMVNTj0E3hBoOSIeytf3Kx0,6615
nldcsc_elastic_rules/rules/windows/persistence_powershell_exch_mailbox_activesync_add_device.toml,sha256=EZKhJAXCpfnLBs3HmtF3OiKwxwvGy7I9SO2zy8cOHN8,8100
nldcsc_elastic_rules/rules/windows/persistence_powershell_profiles.toml,sha256=qu0_PW2QdmcZTmaOG3tBYWp4e9rrb8Jl-QRgPWgoQzM,9783
nldcsc_elastic_rules/rules/windows/persistence_priv_escalation_via_accessibility_features.toml,sha256=zSMnrFdqV3_X4qSXo7xMBorr02I0dV-b-EeSECZ_xNk,12486
nldcsc_elastic_rules/rules/windows/persistence_registry_uncommon.toml,sha256=u4gzAE-1DyVxwseefxGweGYUhO5qYaJvc1-Zi25b0wQ,13280
nldcsc_elastic_rules/rules/windows/persistence_remote_password_reset.toml,sha256=9LCyqF8Dw4ilyRZxRbE5wlYHVDBMavBhFg_41_ePPE0,6952
nldcsc_elastic_rules/rules/windows/persistence_run_key_and_startup_broad.toml,sha256=8yUDwpkbB7O2s-CbGfGQzV_tuyMy2rzGEMnWUjLdWjM,11442
nldcsc_elastic_rules/rules/windows/persistence_runtime_run_key_startup_susp_procs.toml,sha256=5yFzwc58S4NGoDPUXXY0jiLIMdzGlfbk705C5l4mRys,9019
nldcsc_elastic_rules/rules/windows/persistence_scheduled_task_creation_winlog.toml,sha256=dsbAh9AjwtrsLRquE9AC0w9ZlZ2xVWcuxp-0ZGphmyw,6487
nldcsc_elastic_rules/rules/windows/persistence_scheduled_task_updated.toml,sha256=kd3uuGWgumWdjmRpXYdPP92y_qTzwim6Yk7DlQKO1Os,5674
nldcsc_elastic_rules/rules/windows/persistence_sdprop_exclusion_dsheuristics.toml,sha256=933jG_6Ei8zILXuiqbjcgP7rULpcqCuztysXxdQkf9Y,13731
nldcsc_elastic_rules/rules/windows/persistence_service_dll_unsigned.toml,sha256=AZ4CmjHu6WRXHnLOEYoJHW5KwTQiQeYoJt744BFTHgQ,10876
nldcsc_elastic_rules/rules/windows/persistence_service_windows_service_winlog.toml,sha256=A44D_5QYMJwQIapFiT1kWwLdR4CU9AvgBj-ong9oD8I,8401
nldcsc_elastic_rules/rules/windows/persistence_services_registry.toml,sha256=YKGgCWusw2nl92myYz3qz8ORN76zCEirlkvClfyBM1U,8817
nldcsc_elastic_rules/rules/windows/persistence_startup_folder_file_written_by_suspicious_process.toml,sha256=2Zu73PXLb-SHbGJXSx2021v0OnAAyxlbVJyYNv4vO3g,8760
nldcsc_elastic_rules/rules/windows/persistence_startup_folder_file_written_by_unsigned_process.toml,sha256=ttn7QY-LI55FUpQEjwbymV0_DoSSYtFYketYrwx1Vm4,8392
nldcsc_elastic_rules/rules/windows/persistence_startup_folder_scripts.toml,sha256=Cm9WfWAuzNYLC8Q-y4UNAt0K7TBDlphSBwJHaPa1zyU,8734
nldcsc_elastic_rules/rules/windows/persistence_suspicious_com_hijack_registry.toml,sha256=u4s3C0GVj7RMYnCt2gJCFaJcdFLvvNGeJQ0A9QbnVfo,8777
nldcsc_elastic_rules/rules/windows/persistence_suspicious_image_load_scheduled_task_ms_office.toml,sha256=jMfpk-N_HdlnHkq8bQonl1mxM0ulMP0uGJvBpgB_E6w,9343
nldcsc_elastic_rules/rules/windows/persistence_suspicious_scheduled_task_runtime.toml,sha256=AIoel09lFJ1ybj8MByOa0O5cFbfCvjb2Q9fhGkNsW2M,8811
nldcsc_elastic_rules/rules/windows/persistence_suspicious_service_created_registry.toml,sha256=WBiU35MFf-uk8x4rfKVbRRCpxLHygSTiN2qL7tj_BP0,13042
nldcsc_elastic_rules/rules/windows/persistence_suspicious_user_mandatory_profile_file.toml,sha256=HrQ7tejXUXIrpbNSO5AckgRttp0pm16p28xGLcnRMTc,6205
nldcsc_elastic_rules/rules/windows/persistence_sysmon_wmi_event_subscription.toml,sha256=cd4WRGUXQ6P0XxZ6hMp3RJ12YGLw0fcj7P6nnriLyIo,6772
nldcsc_elastic_rules/rules/windows/persistence_system_shells_via_services.toml,sha256=umcNbAemN2SlSYBqbcX0YpGMPil2Y9wYnVTB3a9ZhTE,7902
nldcsc_elastic_rules/rules/windows/persistence_temp_scheduled_task.toml,sha256=uWrtwNV8AyEyV9J81wcHHec0qRxEpCbW4uVgI_GJQNM,6336
nldcsc_elastic_rules/rules/windows/persistence_time_provider_mod.toml,sha256=NRYGwhx9kTnt8x82BYPOtEAfTVzF2PJ8KpW02Tyzoro,8778
nldcsc_elastic_rules/rules/windows/persistence_user_account_added_to_privileged_group_ad.toml,sha256=nP_0kFxgsV7Na0KS4RTUCVEk69trwt4iQj3zLz1uXoM,4657
nldcsc_elastic_rules/rules/windows/persistence_user_account_creation.toml,sha256=WTSHDNDER59QAFfK6B1Nc5C9GF2K8bwK_7ucYStskBA,4859
nldcsc_elastic_rules/rules/windows/persistence_via_application_shimming.toml,sha256=KMwoNUY-x-qRACoGPHdClJbyf-QeNp__gE_Jt3UWQEo,7981
nldcsc_elastic_rules/rules/windows/persistence_via_bits_job_notify_command.toml,sha256=z3C99QuwXAWawC_O3s9viPlKV0v9i_Uq5TURFPu3TU8,6986
nldcsc_elastic_rules/rules/windows/persistence_via_hidden_run_key_valuename.toml,sha256=9xC0w0MvjseikNpQyR4M2PdJaZcrZfCPZSqfGiSTDyo,14747
nldcsc_elastic_rules/rules/windows/persistence_via_lsa_security_support_provider_registry.toml,sha256=kWwjv6uGn8AZnPYGONBtwPe60dHnkwRFeRD7K0jLjC8,7663
nldcsc_elastic_rules/rules/windows/persistence_via_telemetrycontroller_scheduledtask_hijack.toml,sha256=noV2P0JfGgFukSW2EvMhHbfyUwkk4jXP1CqhES-LQTg,14627
nldcsc_elastic_rules/rules/windows/persistence_via_update_orchestrator_service_hijack.toml,sha256=TbX-5qjKaGL6KXkOZ5UsaWAueGG9VRoqCmPribMGqAE,15984
nldcsc_elastic_rules/rules/windows/persistence_via_windows_management_instrumentation_event_subscription.toml,sha256=bPRgkLwMpze0v0Kbl4ae0oGcnOzC7tPraL4qZP3Yof4,7389
nldcsc_elastic_rules/rules/windows/persistence_via_wmi_stdregprov_run_services.toml,sha256=1iYmktMzjSlqXAdZuKljfOaB8aCl4P6l597QcPZg5Sk,17504
nldcsc_elastic_rules/rules/windows/persistence_via_xp_cmdshell_mssql_stored_procedure.toml,sha256=zyz1J12iIqFH_IixsobfjQAHYINeRDkog-RZG3s6368,7854
nldcsc_elastic_rules/rules/windows/persistence_web_shell_aspx_write.toml,sha256=gblAgtQBv7IxyMqJ-fyODvIZbVfkep1ZTAb2gtKlnrw,7326
nldcsc_elastic_rules/rules/windows/persistence_webshell_detection.toml,sha256=KjiR-DeUKRdKhPrENhynQYUxJNRcsqaWMIcEJglKrhA,18333
nldcsc_elastic_rules/rules/windows/persistence_werfault_reflectdebugger.toml,sha256=0_nVzxHdv-iHBbarorgTeXnhGkIGw6lGsDdTrP-ZevE,7279
nldcsc_elastic_rules/rules/windows/privilege_escalation_account_takeover_mixed_logon_types.toml,sha256=Bl2-Q1olKCi16Sti3xIplj46eL3CIGYfwArRLmrqN70,4446
nldcsc_elastic_rules/rules/windows/privilege_escalation_badsuccessor_dmsa_abuse.toml,sha256=dcplLPD1aIFSza7y694QjppUZHTpX87hsTrRr7nLuLQ,12963
nldcsc_elastic_rules/rules/windows/privilege_escalation_create_process_as_different_user.toml,sha256=iy9morl9ZFTER_cRFxDLy4fOg82YELrENbMgk78Q-GA,6219
nldcsc_elastic_rules/rules/windows/privilege_escalation_create_process_with_token_unpriv.toml,sha256=gZ3bCjHZcfKUK7koM87IA9FGZfC-tpIZJm1mKe0lq8g,8409
nldcsc_elastic_rules/rules/windows/privilege_escalation_credroaming_ldap.toml,sha256=90xcpsuAeL7B_NvmN39CyO45gOMJw3_jaXFnJ-eNFgg,6377
nldcsc_elastic_rules/rules/windows/privilege_escalation_disable_uac_registry.toml,sha256=1BcsdMEdS8MpV3I6jLnFANK3YNBfkS5joXEs9UesgeU,8051
nldcsc_elastic_rules/rules/windows/privilege_escalation_dmsa_creation_by_unusual_user.toml,sha256=4_JkmYZsKoFhjFgx5l9ZuJUgik8qzfi0kiiPuc4bIRs,13275
nldcsc_elastic_rules/rules/windows/privilege_escalation_dns_serverlevelplugindll.toml,sha256=vJ4WBiPZC7eseuuNp5K_WpEA4dlFW6FEeED7-ZA9l4U,7021
nldcsc_elastic_rules/rules/windows/privilege_escalation_driver_newterm_imphash.toml,sha256=wNkS-0AOi14ei8WNbRjksz-iNQNi6pVhxfQFM0TZmsI,9001
nldcsc_elastic_rules/rules/windows/privilege_escalation_expired_driver_loaded.toml,sha256=o1OfhinINpXgnhIpWBF3Y12aIihjS2NvbecipPTLl8k,6262
nldcsc_elastic_rules/rules/windows/privilege_escalation_exploit_cve_202238028.toml,sha256=I6combW2n1dZ3tQeJt9iR3wPglMjfBukNNAgduCI_0E,14433
nldcsc_elastic_rules/rules/windows/privilege_escalation_gpo_schtask_service_creation.toml,sha256=TcUQAuTy9fjTgMlAwhc49RIyyJ9fVr_KppObjvR1Tng,7930
nldcsc_elastic_rules/rules/windows/privilege_escalation_group_policy_iniscript.toml,sha256=Hi_ECVxn2fQIJZ4UliizEhO0mr4AP-b2lhowaOQyIq8,5108
nldcsc_elastic_rules/rules/windows/privilege_escalation_group_policy_privileged_groups.toml,sha256=4EV4NYEcbh8lPDcYYS-jFFDrU6DDtOz0A9fJw5ZXEo8,13263
nldcsc_elastic_rules/rules/windows/privilege_escalation_group_policy_scheduled_task.toml,sha256=QqJ2P9J5b9y5DBMpu2IWAEFbRPedaFOss1PigpDUcsk,5205
nldcsc_elastic_rules/rules/windows/privilege_escalation_installertakeover.toml,sha256=68p_jfVL1fzrfmRt_UylDpNtAJLzvu3vrLIIo5ZFs9I,13552
nldcsc_elastic_rules/rules/windows/privilege_escalation_krbrelayup_service_creation.toml,sha256=XctVfL5rF4TF524pWIU2ZYgka46EMVFa0fhdGFDM73c,13866
nldcsc_elastic_rules/rules/windows/privilege_escalation_lsa_auth_package.toml,sha256=3ZX4cEeFIHSWvcH1bKZuOe2zp0FbxG9fahd8jZuwNSM,6692
nldcsc_elastic_rules/rules/windows/privilege_escalation_make_token_local.toml,sha256=f2U3xCSL_qgvUt91focyTTtGKWUjVBHAt5MGtNUG0T0,13286
nldcsc_elastic_rules/rules/windows/privilege_escalation_msi_repair_via_mshelp_link.toml,sha256=254BRsG8tFskJ-yX3W-Clf2H6v6DPFDuhPLB1kEVHyw,13213
nldcsc_elastic_rules/rules/windows/privilege_escalation_named_pipe_impersonation.toml,sha256=J2UyMHpys76JwA3f6VDoaVv3vuvXokyFMq9436Dc0YI,12207
nldcsc_elastic_rules/rules/windows/privilege_escalation_newcreds_logon_rare_process.toml,sha256=SzZ_2vFd8wl7G262xSzz4G1iIJUxPCWR05iKBqkmA2k,5905
nldcsc_elastic_rules/rules/windows/privilege_escalation_persistence_phantom_dll.toml,sha256=pn1Cc4bNIA-YtITNIJ5GgLLm13R4_iBiVT8bkw1smSo,10080
nldcsc_elastic_rules/rules/windows/privilege_escalation_port_monitor_print_processor_abuse.toml,sha256=RzR24aMUBi3ayuhYEm8dZE4TB0UXtTCQ3DMQx93om-U,7843
nldcsc_elastic_rules/rules/windows/privilege_escalation_posh_token_impersonation.toml,sha256=xSDXgEEl5HiuMPNc1NO5b3v4HIWOe9xJDRZNzCSGoSE,12420
nldcsc_elastic_rules/rules/windows/privilege_escalation_printspooler_registry_copyfiles.toml,sha256=jtzCesFBfceOmXqrwA4tHyTmVizAERT-7hbl-CriEak,11467
nldcsc_elastic_rules/rules/windows/privilege_escalation_printspooler_service_suspicious_file.toml,sha256=p2c9hBa1oSD8R75F-oKYmZgTc0aggJHbsXBhPVH4LEU,8316
nldcsc_elastic_rules/rules/windows/privilege_escalation_printspooler_suspicious_file_deletion.toml,sha256=bvqrsYy75-FQJAEs9XLDBqMi0uo3UKJeZ_u17WZy5lg,6924
nldcsc_elastic_rules/rules/windows/privilege_escalation_printspooler_suspicious_spl_file.toml,sha256=w1B2OZSLVYVkKn2juzMqwy0CUOXsPVfA_SYFdKOx-iA,8486
nldcsc_elastic_rules/rules/windows/privilege_escalation_reg_service_imagepath_mod.toml,sha256=IQL9wy98Ci-134vvBLdP-zq_V0RfBUHV_YOL0oZPDhs,10111
nldcsc_elastic_rules/rules/windows/privilege_escalation_rogue_windir_environment_var.toml,sha256=v9rspi0wbGnLJmtWPBc7YhCQCjLC8MEhhtgyluWua1g,12838
nldcsc_elastic_rules/rules/windows/privilege_escalation_samaccountname_spoofing_attack.toml,sha256=F8xPnspYmdGT36c2It1ND_bcaRiQ4yu7k-b1P4KTJkk,13556
nldcsc_elastic_rules/rules/windows/privilege_escalation_service_control_spawned_script_int.toml,sha256=75QPMRNYEi7VubUMkg_Gwc5KVFka99UiLsWQAy97YLU,9068
nldcsc_elastic_rules/rules/windows/privilege_escalation_suspicious_dnshostname_update.toml,sha256=VY2x_5WL5hGJ-WctZ06OAPdvRdXiqvQRe3hF_oYb41I,11464
nldcsc_elastic_rules/rules/windows/privilege_escalation_takeover_new_source_ip.toml,sha256=K8c3V1drqSJ-v2Y6Uws4fojiwTNK8e4e-GmVjPe94-c,4353
nldcsc_elastic_rules/rules/windows/privilege_escalation_thread_cpu_priority_hijack.toml,sha256=2KLUe9_87Wq5Ds0ulWwdunYXwTc9_xAXkWjxwD-fXXk,13281
nldcsc_elastic_rules/rules/windows/privilege_escalation_tokenmanip_sedebugpriv_enabled.toml,sha256=IxPqf5sUaI-SeSy5suBUSKNehITNSDfYEtr9iZgf2to,7132
nldcsc_elastic_rules/rules/windows/privilege_escalation_uac_bypass_com_clipup.toml,sha256=KHAwAfZ5oTo84IMQRoBEpJE-6x68Zh0hImrxpFE49A8,12652
nldcsc_elastic_rules/rules/windows/privilege_escalation_uac_bypass_com_ieinstal.toml,sha256=96L3uwB6ufRp1X2jPgXtqxLGZ07IqBV_tBiUPjsYdwE,8080
nldcsc_elastic_rules/rules/windows/privilege_escalation_uac_bypass_com_interface_icmluautil.toml,sha256=yVc1mtnVmm0KUMqu4SpJ0SIxQgwulHxNYggzEkd81I0,13134
nldcsc_elastic_rules/rules/windows/privilege_escalation_uac_bypass_diskcleanup_hijack.toml,sha256=c6ZkQFuw6FWUe0x8mUpjVRm8w7LFe-fCXVqH2tLAiGc,8238
nldcsc_elastic_rules/rules/windows/privilege_escalation_uac_bypass_dll_sideloading.toml,sha256=SDin7Z7M5tp27LpvWTBZDN9fKQCIEcFHMNSWZAZJm48,7236
nldcsc_elastic_rules/rules/windows/privilege_escalation_uac_bypass_event_viewer.toml,sha256=pBV58R1eHo-ZWcrn_6OSrK2Tp66q-WqKImI3bCGhjgM,14514
nldcsc_elastic_rules/rules/windows/privilege_escalation_uac_bypass_mock_windir.toml,sha256=Qibv5iktnTTrHlmZsB60_tRkjayQOZqXqbrgjv4TBdc,13976
nldcsc_elastic_rules/rules/windows/privilege_escalation_uac_bypass_winfw_mmc_hijack.toml,sha256=yyR-RS1He52DvmTINBKhnwmzAGpKMQcIuVt3L2LcQlE,8912
nldcsc_elastic_rules/rules/windows/privilege_escalation_unquoted_service_path.toml,sha256=acZj2p0bko6XtMkubQW-jw1pYFwayScKPY4RhmCcqvw,7150
nldcsc_elastic_rules/rules/windows/privilege_escalation_unusual_parentchild_relationship.toml,sha256=oi4Vt--oNxwRBJHBDEnlS4jf42WRy701Mha74T0E9Sk,11342
nldcsc_elastic_rules/rules/windows/privilege_escalation_unusual_printspooler_childprocess.toml,sha256=nOuQInCQJx4GdEvRtbvMATHD576X-trxJI7KHk8lOuU,9387
nldcsc_elastic_rules/rules/windows/privilege_escalation_unusual_svchost_childproc_childless.toml,sha256=gjSW--KV_mSuy8z9UBCCuNN7E0KzBm0zFMul-d058UU,8494
nldcsc_elastic_rules/rules/windows/privilege_escalation_via_ppid_spoofing.toml,sha256=ELMZasnUY9N0ufRgn2bCp-VvoN-CUrAzhHHkhjHp5Sc,14057
nldcsc_elastic_rules/rules/windows/privilege_escalation_via_rogue_named_pipe.toml,sha256=EjW1Rs_RDcAlpXGDJ1kjdDabQYG-5paN8hwQLTySssc,10417
nldcsc_elastic_rules/rules/windows/privilege_escalation_via_token_theft.toml,sha256=_WnClSD0CGMMhq2LabUw6dYc3Frx9DpuL5sxGEecdlY,14368
nldcsc_elastic_rules/rules/windows/privilege_escalation_windows_service_via_unusual_client.toml,sha256=TZEN2qqCjEfjz8NrBbewz-gevLIFXu62u3LjBdGvlG0,13397
nldcsc_elastic_rules/rules_building_block/collection_archive_data_zip_imageload.toml,sha256=UNgcG17EUJdfcq5sVvrd9x4vUlofVFMSjvhEHAz2YUQ,2076
nldcsc_elastic_rules/rules_building_block/collection_common_compressed_archived_file.toml,sha256=gq1QPP37B4QDeMvFHKJfvUG2SHV6Ub7pNtxy112Tuh8,5179
nldcsc_elastic_rules/rules_building_block/collection_files_staged_in_recycle_bin_root.toml,sha256=ODooM_xYOn5HuvfcZ6ycoWc6SrrQApyywTtM7J1YdVs,2086
nldcsc_elastic_rules/rules_building_block/collection_microsoft_purview_dlp_signal.toml,sha256=eGQmrjewXQ2OG3eFLQLnFS1CWlywp7tPRd537qJMyfM,3078
nldcsc_elastic_rules/rules_building_block/collection_microsoft_purview_insider_risk_signal.toml,sha256=EXIyabZlL2UyIyJSuvDUKYZeM7xqiZ5T4FJwaNlVqn8,2561
nldcsc_elastic_rules/rules_building_block/collection_outlook_email_archive.toml,sha256=v76m1hdXoBjTYRzIkbii1d8dUajzdvv7BR-QL-YJ-xY,1903
nldcsc_elastic_rules/rules_building_block/collection_posh_compression.toml,sha256=9P7Bb9Uplr5l_q-HRKB-5RIFJ5aPrV9fVbviMOL-ZNE,14451
nldcsc_elastic_rules/rules_building_block/command_and_control_bitsadmin_activity.toml,sha256=X6o06dg6e8f1iemxx1E0m0Xdy99r8xorCi0LBqqaHRU,2469
nldcsc_elastic_rules/rules_building_block/command_and_control_certutil_network_connection.toml,sha256=UJIWF1lzN8_0BL4HJfD7-SZzFJ5d6p88BP4m0fNaTJs,8946
nldcsc_elastic_rules/rules_building_block/command_and_control_dns_to_commonly_abused_webservices.toml,sha256=FuXcPvvW6pJMx2w4uCD4KFV0o4t3lAI69aZUmhEdpeY,8885
nldcsc_elastic_rules/rules_building_block/command_and_control_ollama_model_download_untrusted_source.toml,sha256=ojNjaQmoeMLR5FhwTSI5bQAxYSzpk2Dg3zogwa9WHo4,2648
nldcsc_elastic_rules/rules_building_block/credential_access_entra_id_risk_detection_signal.toml,sha256=mQjC-YbVZm_i_DWPsxRYULAutfbKkANrM74eI9qYb2s,2835
nldcsc_elastic_rules/rules_building_block/credential_access_mdmp_file_creation.toml,sha256=PZxWYsUXb356ALm6_68mlLb9PW4XLagsPGkznTUOs2k,3186
nldcsc_elastic_rules/rules_building_block/credential_access_mdmp_file_unusual_extension.toml,sha256=Txq9Mom9BE2xwG50tIWi6VUwnXEXgB9yW6rUGQkNZjg,2243
nldcsc_elastic_rules/rules_building_block/credential_access_win_private_key_access.toml,sha256=F2e5un8SjqaKJBdXRqyDIxx8Gkp1HZYvQjh5WGYIOxM,3168
nldcsc_elastic_rules/rules_building_block/defense_evasion_aws_rds_snapshot_created.toml,sha256=bHjEe3FnfFnFytVeScs6DkjUgW6rCNaaze7dHp_4v10,2103
nldcsc_elastic_rules/rules_building_block/defense_evasion_cmd_copy_binary_contents.toml,sha256=Eq_e-jdfZk9aze22253p3Y0lCoWfemxcIfrbMlhw-sI,2162
nldcsc_elastic_rules/rules_building_block/defense_evasion_cmstp_execution.toml,sha256=2hoHXnRz8nkGkXrRXPXWOuL0Yyr4UK9KSeav8DLghRY,1892
nldcsc_elastic_rules/rules_building_block/defense_evasion_collection_masquerading_unusual_archive_file_extension.toml,sha256=HOq6HpyGaiNdOuixntnNjt8v_GYqQ_T0HlgD4aHI-2w,2300
nldcsc_elastic_rules/rules_building_block/defense_evasion_dll_hijack.toml,sha256=e4yYgt85FRI0nUnIHfTuWgLk6RfBaaBxOJIDuuBA0K4,4784
nldcsc_elastic_rules/rules_building_block/defense_evasion_dotnet_clickonce_dfsvc_netcon.toml,sha256=jvQN1zbLSgsvQYTqewuNwREfOBQVdEYXw3gfDmfLblY,1875
nldcsc_elastic_rules/rules_building_block/defense_evasion_download_susp_extension.toml,sha256=nbZoo7zSPSadfV01DDSk_p6bGorFzk5wf3DkSo5lHQE,3153
nldcsc_elastic_rules/rules_building_block/defense_evasion_execution_via_visualstudio_prebuildevent.toml,sha256=YZgB2WZaOAgwyy6XHR6fK-jyjSKfshyO24R8P6QY9Zk,3885
nldcsc_elastic_rules/rules_building_block/defense_evasion_file_permission_modification.toml,sha256=6OMjgIERLItQ8-pGylJ2x1LiihTtKbDtDMf34SN2fmo,2099
nldcsc_elastic_rules/rules_building_block/defense_evasion_generic_deletion.toml,sha256=Z1myJHDSnSIBcuec0btiNugkNaYl-JiHVIJxJXJi7ow,2668
nldcsc_elastic_rules/rules_building_block/defense_evasion_indirect_command_exec_pcalua_forfiles.toml,sha256=VHH30l9YbPgUQht8BmUiT8sSGYmNyag8OsKL4dQ6jrQ,1430
nldcsc_elastic_rules/rules_building_block/defense_evasion_injection_from_msoffice.toml,sha256=bQknsFHKPzSIDTq3PGPLSC5dX75ODNPfZLXA3HM7me4,2655
nldcsc_elastic_rules/rules_building_block/defense_evasion_installutil_command_activity.toml,sha256=J47U6-30gG6FX7HKLRyxzdvtUc3lNxsrxIXgO1CzSrY,1723
nldcsc_elastic_rules/rules_building_block/defense_evasion_invalid_codesign_imageload.toml,sha256=EKbSapo7Q57M_Bemj7KbV907QWMRKIQoFlp1XGRs2ag,1662
nldcsc_elastic_rules/rules_building_block/defense_evasion_masquerading_browsers.toml,sha256=dWmdKjrXeII2qJ5YBfEecFOspEPYAlFUgcH2cbZyrBI,8151
nldcsc_elastic_rules/rules_building_block/defense_evasion_masquerading_unusual_exe_file_extension.toml,sha256=p09uO79zRlgF35TOwKQyH7EinzUvLeYk3JDhZaD-Hdg,2123
nldcsc_elastic_rules/rules_building_block/defense_evasion_masquerading_vlc_dll.toml,sha256=fdeeT22U7oOwvJN-7wfT3LsH23gm4kPH8BG3Yrgpn54,2230
nldcsc_elastic_rules/rules_building_block/defense_evasion_masquerading_windows_system32_exe.toml,sha256=eHvk4Y9VygfIsB9RJrPDLXugKXze6424DwGDJ7UfWJM,15745
nldcsc_elastic_rules/rules_building_block/defense_evasion_microsoft_security_compliance_admin_signal.toml,sha256=t3iUe3Y0tTPRJZvXf1CuD3-y1X__E0HGrK1KZ8A5mDw,3138
nldcsc_elastic_rules/rules_building_block/defense_evasion_msdt_suspicious_diagcab.toml,sha256=pR2kBOg6nIMnTp3lstMc7nyRXhcYZVru7pWphC1AhM4,2545
nldcsc_elastic_rules/rules_building_block/defense_evasion_msiexec_installsource_archive_file.toml,sha256=IX32h9FOwLjqD3Kj74n_dUQ2P4adCbPZN9xSauJBpcw,2151
nldcsc_elastic_rules/rules_building_block/defense_evasion_outlook_suspicious_child.toml,sha256=cVNlQgACbhxwGeJA07Hj9S9w0isVqO81hkkCGWPx-QY,3752
nldcsc_elastic_rules/rules_building_block/defense_evasion_posh_obfuscation_proportion_special_chars.toml,sha256=eXDabpJ3L1JKo_wfRdgMQxnWXsOmjbj8b7ldgHH6l08,13309
nldcsc_elastic_rules/rules_building_block/defense_evasion_powershell_clear_logs_script.toml,sha256=CXOv1XmKw43KvI4KjxfiR9B67iGNaJwUDNzzuzrd-4I,10524
nldcsc_elastic_rules/rules_building_block/defense_evasion_service_disabled_registry.toml,sha256=TY1oPFWrgFh5A3G7DVZ8aecBRAV1TyYlTFbfPeunqL8,2204
nldcsc_elastic_rules/rules_building_block/defense_evasion_service_path_registry.toml,sha256=RGIhvoT_WsHRFQVZ5wue4wUeJdLcmWTDymPuB_GvTvk,2577
nldcsc_elastic_rules/rules_building_block/defense_evasion_services_exe_path.toml,sha256=qR3_iDce9OtVimgDkdKMLjlq6AS1Lnt8F8oXPRJcpvE,2396
nldcsc_elastic_rules/rules_building_block/defense_evasion_suspicious_msiexec_execution.toml,sha256=1VPSwPnrTkcXrgQLgReYla2uDeBAy6zcLG-Qa_jHo_Y,3323
nldcsc_elastic_rules/rules_building_block/defense_evasion_unsigned_bits_client.toml,sha256=Kk0pJWuE4g_qi3hJ2QW3ybI7Jd9VYFNFu9EL5XTYAXI,1856
nldcsc_elastic_rules/rules_building_block/defense_evasion_unusual_process_extension.toml,sha256=CKSR-CVuD2hOyvqbAUlg50E73zL-BO5twa83p2qqxe8,3043
nldcsc_elastic_rules/rules_building_block/defense_evasion_unusual_process_path_wbem.toml,sha256=NsYUV9XwCobdbYFrqNTDAGJrfSJ-qXiULYQEdQzG8iw,1817
nldcsc_elastic_rules/rules_building_block/defense_evasion_write_dac_access.toml,sha256=_PDKBkKEVLO_P_i8yAafPICLoyGJg8Kx8HXFuVa66gU,2834
nldcsc_elastic_rules/rules_building_block/discovery_capnetraw_capability.toml,sha256=I1CMG8HQXFbi4gncTmQFhJYi9Rs1EEMwrna0qE2f9yU,4125
nldcsc_elastic_rules/rules_building_block/discovery_ec2_multi_region_describe_instances.toml,sha256=BA981C1VpwHV2DE-064R6LLcYwHom_GaETKkx8bR1Mg,9774
nldcsc_elastic_rules/rules_building_block/discovery_files_dir_systeminfo_via_cmd.toml,sha256=yy9wc4X4A7MaARNVojUuhBQEadXUSvlG5NIJkTF7eDc,4562
nldcsc_elastic_rules/rules_building_block/discovery_generic_account_groups.toml,sha256=h8PRG4_FtuWIofzguivTEu-G_UfaBmc2A3dH5VbJxqs,3314
nldcsc_elastic_rules/rules_building_block/discovery_generic_process_discovery.toml,sha256=1hQp90pkGdkDyIlZg6T7krn_Kh2J2oxcQu1TWh9glbY,2443
nldcsc_elastic_rules/rules_building_block/discovery_generic_registry_query.toml,sha256=2DEl2_6eNu9nlzpvgGPEbGHbs7LFpGZ4QY2X0-pwEC8,2256
nldcsc_elastic_rules/rules_building_block/discovery_getconf_execution.toml,sha256=dFwtq5fIZnfy_nGVDSibWPoyUIoPEbS2ATLZheZxkGU,2605
nldcsc_elastic_rules/rules_building_block/discovery_hosts_file_access.toml,sha256=AvIuN2Yag5jZfAZLOFvPOWwuK3SMce7XD6QoTaOp2l8,1847
nldcsc_elastic_rules/rules_building_block/discovery_internet_capabilities.toml,sha256=oZjhbz1iJo6oWtgFOLPMAXK2_SSMEoXoA3iA_jnujME,1874
nldcsc_elastic_rules/rules_building_block/discovery_kernel_module_enumeration_via_proc.toml,sha256=_MX8gkB6Wj1IOYW9VVKf30NVpymDa55Ga3niWRxx-lA,3602
nldcsc_elastic_rules/rules_building_block/discovery_kubectl_configuration_discovery.toml,sha256=SlGINZPd0v0JoYMSnmY7vzD3y8Q1hOHZ0ElDpglgJns,2273
nldcsc_elastic_rules/rules_building_block/discovery_kubectl_workload_and_cluster_discovery.toml,sha256=TiqnSWbDrHf9d-9UwPjDtiX0XKGbHP2DRu45pMzdD4A,2634
nldcsc_elastic_rules/rules_building_block/discovery_linux_modprobe_enumeration.toml,sha256=AXox62_0QXgCYcc_jrVNH6sRpbRnzmPsSa1zQmY8-j4,4127
nldcsc_elastic_rules/rules_building_block/discovery_linux_sysctl_enumeration.toml,sha256=RUyYkP8yKKH3facpr31Uywu2m2Z2aHXKHj0beikf_pY,4104
nldcsc_elastic_rules/rules_building_block/discovery_linux_system_information_discovery.toml,sha256=cxsP557V9WVB1EozJLL38f-6yVV7B0dwkRoZ6KeTkmI,2168
nldcsc_elastic_rules/rules_building_block/discovery_linux_system_owner_user_discovery.toml,sha256=Nty2nsrfu8SR_73e66eEFoQdAasRg5iO0m3HVSWHMAU,1760
nldcsc_elastic_rules/rules_building_block/discovery_net_share_discovery_winlog.toml,sha256=_kZ5YyBroKmGt-_qdQv4Ei_nbWJlg6QQ2DETnVFPYl0,2537
nldcsc_elastic_rules/rules_building_block/discovery_net_view.toml,sha256=uugxWprlzqbOOd4ZgQ7-863K-E0o5dgmjej1onBTr0k,5404
nldcsc_elastic_rules/rules_building_block/discovery_of_accounts_or_groups_via_builtin_tools.toml,sha256=t92b-vQMQM7paCEtFg1jHOBGYW_sPAXf9WYnIBvx8Ak,2898
nldcsc_elastic_rules/rules_building_block/discovery_of_domain_groups.toml,sha256=VyKYRqMNxp3hWI36ZAK6LrOv-4tnVQpCUAKkbmkefgI,1769
nldcsc_elastic_rules/rules_building_block/discovery_posh_generic.toml,sha256=26o_SfeOzqgcKVj6IfGZ8aSjSmtrbF9Xka-oBdsn2-Q,10065
nldcsc_elastic_rules/rules_building_block/discovery_posh_password_policy.toml,sha256=uYnwG81HpYT9ystjZ-_7X68E0YDx1mRhnvAcPxyYM08,10504
nldcsc_elastic_rules/rules_building_block/discovery_post_exploitation_external_ip_lookup.toml,sha256=pS-kFwt-Bw-d7dzXFSku1hyua0sPV_0f5XVa1N-wYrI,7436
nldcsc_elastic_rules/rules_building_block/discovery_potential_memory_seeking_activity.toml,sha256=xhAABQ6tMiEikpN-eihkP_o7_hTRIMO81Rewnu9b7h8,3091
nldcsc_elastic_rules/rules_building_block/discovery_process_discovery_via_builtin_tools.toml,sha256=nWzXMOTR3_kir8Nf_bl7a4QLihWkxJHCDg9MK5rxhCI,2143
nldcsc_elastic_rules/rules_building_block/discovery_remote_system_discovery_commands_windows.toml,sha256=1JIqjIgIWpaS-O8BnwK7vBSknS7nQfPIfoVlWW7Pj_o,5417
nldcsc_elastic_rules/rules_building_block/discovery_security_software_wmic.toml,sha256=HmPRw9H4bwFqUq-vCeyhLGhUcM-jWm14nKgM11PtjSQ,4348
nldcsc_elastic_rules/rules_building_block/discovery_signal_unusual_user_host.toml,sha256=nOolhwZ_FACpTo29xWZcGD3b_6Pt2lE4S6E1Oh6mUxw,1607
nldcsc_elastic_rules/rules_building_block/discovery_suspicious_proc_enumeration.toml,sha256=llne21ndqtwLheoHy9_atWlDQNclU2EMQrqdCr60spU,3293
nldcsc_elastic_rules/rules_building_block/discovery_system_network_connections.toml,sha256=2gP4GBuSzk-cvMoSS4ZClTr03MIRW6I3pTe0wO8rF84,2042
nldcsc_elastic_rules/rules_building_block/discovery_system_service_discovery.toml,sha256=TkI3-I4smfyYORsAtPfcZjUU_hOSQOQQv00VEBq1G58,3677
nldcsc_elastic_rules/rules_building_block/discovery_system_time_discovery.toml,sha256=XXhlRpl_gZLaiVg5ySDwRtpb9hEzwAkXs1di2JI-oHQ,1865
nldcsc_elastic_rules/rules_building_block/discovery_win_network_connections.toml,sha256=MbFENcPAur2vKF0ocYFv553kQRBZNTv_hdi6S8qkaNY,2166
nldcsc_elastic_rules/rules_building_block/discovery_windows_system_information_discovery.toml,sha256=F9qw-T0_Ys4LFOMfMvfsNdzowGwzFGXNhTSFm1yBrYg,2512
nldcsc_elastic_rules/rules_building_block/entra_id_identity_protection_risk_detections.toml,sha256=_9h89cRjpbOpDpwJv6y8hBpgjepct3_ZQmEC6UGIoq8,1693
nldcsc_elastic_rules/rules_building_block/execution_aws_lambda_function_updated.toml,sha256=9r6PIQePdl_b8Hnws1Zee6kUaYGZTx2b4PDyAbq6ed0,2291
nldcsc_elastic_rules/rules_building_block/execution_common_debug_or_base_image_pod_creation.toml,sha256=pS-bJkZCq37GKnJTsSlf_eJRcYl7UGPZKw_RntMxGV0,2411
nldcsc_elastic_rules/rules_building_block/execution_github_new_event_action_for_pat.toml,sha256=au3LZ58aYNzKwiJyQnqUdQ6f-KXE2RwBO1sNOvXiN34,2375
nldcsc_elastic_rules/rules_building_block/execution_github_new_repo_interaction_for_pat.toml,sha256=QqweKvc_3ey8ycjghuMUJon71v04rTHe2Sn1MzZM_Yo,1949
nldcsc_elastic_rules/rules_building_block/execution_github_new_repo_interaction_for_user.toml,sha256=aGzFN0RgwO6bwH87cTEfU1Bzo0PTM-sg65c7dO60Z44,1823
nldcsc_elastic_rules/rules_building_block/execution_github_repo_created.toml,sha256=iQ1ikImtGhzay8qkLp4Gezuy2PKmIcPOc4hvvW4uuJA,1497
nldcsc_elastic_rules/rules_building_block/execution_github_repo_interaction_from_new_ip.toml,sha256=Hw_a5gZZ7nDkLMvUozloUDrv2AIg2KuUETqww-qT38U,2274
nldcsc_elastic_rules/rules_building_block/execution_linux_segfault.toml,sha256=g7IfAfdeXXne0_z5yDb4wpz_I3J0k_MxNWxLri_jUkk,3313
nldcsc_elastic_rules/rules_building_block/execution_mcp_server_child_process.toml,sha256=pHZJoyfk_K_FlXe9f5XZ86xr036d_xysMU1HCC5vk9w,6741
nldcsc_elastic_rules/rules_building_block/execution_settingcontent_ms_file_creation.toml,sha256=vFJfMDAxXn1m1um5j3ZG43SNEMLdU2EByGDymrxg-s0,2699
nldcsc_elastic_rules/rules_building_block/execution_unsigned_service_executable.toml,sha256=n9F9TQP8pZPII24cxRn6KTa21ah6sg6NoX45dVDL5CE,2675
nldcsc_elastic_rules/rules_building_block/execution_wmi_wbemtest.toml,sha256=YOeqNj5LCRSTV_8qRECfVvmQ2Y8dH-jr0LvsiNzxipU,1433
nldcsc_elastic_rules/rules_building_block/impact_azure_recovery_services_deletion.toml,sha256=n49_0Tnx6JA2Y9_X74szdNcTduQh_T_BsI1rLGJ6FT8,1782
nldcsc_elastic_rules/rules_building_block/impact_github_member_removed_from_organization.toml,sha256=jXDtkZM7PCXOQYaU4Wo4DRvRZH-YfKUT2U4sTvhrEH4,1138
nldcsc_elastic_rules/rules_building_block/impact_github_pat_access_revoked.toml,sha256=4q8-QrKUp2AnyZPO8zJQANrudyuhdp7n3CFTd_23mRs,1125
nldcsc_elastic_rules/rules_building_block/impact_github_user_blocked_from_organization.toml,sha256=V3wCF4GQFNOuSOp1PARkB_tz0b3-3ukArnyKniYFytU,1102
nldcsc_elastic_rules/rules_building_block/initial_access_anomalous_rsc_flight_data_patterns.toml,sha256=xT0dKknWl3MEBhAYZ6XIQv0lFRB0nv_vFn4nW5xclFs,4220
nldcsc_elastic_rules/rules_building_block/initial_access_aws_signin_token_created.toml,sha256=2HdyTp3DjY37ER0KjOJKS63_vW-SZ82ScD0hQGStjyE,3149
nldcsc_elastic_rules/rules_building_block/initial_access_github_new_ip_address_for_pat.toml,sha256=pc3ryakgV8_dnGyvk_s6qs8AG2tcpk0V-eA72SELkrQ,2084
nldcsc_elastic_rules/rules_building_block/initial_access_github_new_ip_address_for_user.toml,sha256=TivlZzn5s_QqRXVjPMZca70WK2iUaRWIeBz1htxcq8U,1488
nldcsc_elastic_rules/rules_building_block/initial_access_github_new_user_agent_for_pat.toml,sha256=s8DpsinyInmuBhD2jm4NWGIiuG1-a_sepKo4DIzaPEc,2090
nldcsc_elastic_rules/rules_building_block/initial_access_github_new_user_agent_for_user.toml,sha256=CKG9ylSxy7zKRnOQyLjRRJMa6J41R8ORRWWPif55OX4,1494
nldcsc_elastic_rules/rules_building_block/initial_access_google_workspace_login_flagged_suspicious_by_google.toml,sha256=wRtn9hHHQdv9Q-ps90fIxTpKef0Xh0NJJNZVxMTc9eY,6425
nldcsc_elastic_rules/rules_building_block/initial_access_microsoft_air_investigation_signal.toml,sha256=P_xYvoExCVWAm_KIBTvX2wewsXGZ49dPEkybDX4gHtY,2449
nldcsc_elastic_rules/rules_building_block/initial_access_microsoft_defender_alerts_signal.toml,sha256=J0W747YAXC2nCWOwFLaKHNRQK2Y87ogqsTTd4WT2X4M,2705
nldcsc_elastic_rules/rules_building_block/initial_access_microsoft_defender_threat_intelligence_signal.toml,sha256=HqdkHQnGxpFKluAPm0Pqp3ADWaTmI0m9CrpESSAoYUI,7586
nldcsc_elastic_rules/rules_building_block/initial_access_microsoft_purview_security_compliance_signal.toml,sha256=tX_jtWUWV2vJY7V5g_ZIdjNq6Cf9nK2HhwZZ7lOOSx4,2885
nldcsc_elastic_rules/rules_building_block/initial_access_microsoft_quarantine_hygiene_signal.toml,sha256=IoY7zjC-n_Aa2YToGA8ln0Hf52B00qf_LewAE39R7Ac,2502
nldcsc_elastic_rules/rules_building_block/initial_access_new_okta_authentication_behavior.toml,sha256=5WBPhpErvGp520GNp5VpRiMi28zlC_QWRRGuSawxQUA,4268
nldcsc_elastic_rules/rules_building_block/initial_access_okta_admin_console_login_failure.toml,sha256=2WN1cAkhluD_7ngZ6BsWKRrT6L-xvlI67XHRWsbPKGM,4841
nldcsc_elastic_rules/rules_building_block/initial_access_potential_rce_via_toolshell.toml,sha256=3H8vzzRA7DoaCZ2fcHWKTbfzONonwDARtyGs1XrtmOg,2770
nldcsc_elastic_rules/rules_building_block/initial_access_potential_toolshell_exploit_attempt.toml,sha256=pft03tF-wV9lg_MejStYChukzHza1KL_mdR2vBkZAOY,2524
nldcsc_elastic_rules/rules_building_block/lateral_movement_at.toml,sha256=1tEBHrcIYA9C53sSPA_gcaTnv8dp1aPq8cafSHNCpDA,2031
nldcsc_elastic_rules/rules_building_block/lateral_movement_posh_winrm_activity.toml,sha256=dTpnwUdQbeuiTdVqZbAWLS-cU-WwGt7MSgBA0apLr0s,3652
nldcsc_elastic_rules/rules_building_block/lateral_movement_rdp_conn_unusual_process.toml,sha256=bQJi-vON7HvLfCDm6uu6QpwBEvNnLXIYZQJR88Ymdls,2315
nldcsc_elastic_rules/rules_building_block/lateral_movement_unusual_process_sql_accounts.toml,sha256=nJkoeM8EX23sX428DFv0S06ma9AX8oyNUD9XMyDrMXU,3951
nldcsc_elastic_rules/rules_building_block/lateral_movement_wmic_remote.toml,sha256=4pDAEJHSK2bF7EWXjReCBs0xNlctkTJ8XRM0UanYKtI,2278
nldcsc_elastic_rules/rules_building_block/persistence_aws_iam_login_profile_added_to_user.toml,sha256=P3DRA6N1D-0Po7DtjqEz41ToiXLnK7ZSoaMN0i3nj0o,2211
nldcsc_elastic_rules/rules_building_block/persistence_github_new_pat_for_user.toml,sha256=6lDtGhBMBZLrzjIxVqPuMPU6x-OxD5n5GigNQpf6dqU,2043
nldcsc_elastic_rules/rules_building_block/persistence_github_new_user_added_to_organization.toml,sha256=oSBzxSMBsk5pKcBtNYZw4XHmKCzn9VW4bTHHlBbCb8s,1404
nldcsc_elastic_rules/rules_building_block/persistence_iam_instance_request_to_iam_service.toml,sha256=BNSDuyDBN9I6F8xMFS3bQD10l_tGnz33kiy5H7tfTew,3935
nldcsc_elastic_rules/rules_building_block/persistence_startup_folder_lnk.toml,sha256=bomGIg6zvCRbloGkCnJptrM-EhViQv5DscwtDDZsgtA,2241
nldcsc_elastic_rules/rules_building_block/persistence_transport_agent_exchange.toml,sha256=W_QTxTncx5EWucpSm1LAYPgTiZ2HjF41_ztsG_zPlcg,3460
nldcsc_elastic_rules/rules_building_block/persistence_web_server_potential_sql_injection.toml,sha256=2CuY50xYBPlLLMGkfHxxuyzbqvIjyajVGGBk18lBHeI,4571
nldcsc_elastic_rules/rules_building_block/persistence_web_server_sus_file_creation.toml,sha256=guICnUKzpoMRJj80bEaA-HEgYTGXSG9bEyvi4nkVAI8,6190
nldcsc_elastic_rules/rules_building_block/privilege_escalation_sts_getsessiontoken_abuse.toml,sha256=kue8K7tHfmq9qqGYS_FVvCpDQOiFlLCAVfQF3olc6O8,6140
nldcsc_elastic_rules-0.0.121.dist-info/METADATA,sha256=hAJUbOwKogcqm78r0ankIghtP66nMMTx-F6Frei2tqA,66
nldcsc_elastic_rules-0.0.121.dist-info/WHEEL,sha256=aeYiig01lYGDzBgS8HxWXOg3uV61G9ijOsup-k9o1sk,91
nldcsc_elastic_rules-0.0.121.dist-info/top_level.txt,sha256=2ua0gPWflzV4D32kz6ZXXok1H-0wJVI2Scdm_qmNsrM,21
nldcsc_elastic_rules-0.0.121.dist-info/RECORD,,
