New

The executive guide to generative AI

Read more
About usPartnersSupport|Login
« How Container Workload Protection Works Security Posture Management »
Elastic Docs Elastic integrations Elastic Security

Prebuilt Security Detection Rules

edit

Prebuilt Security Detection Rules

edit

Version

8.17.7 (View all)

Compatible Kibana version(s)

8.17.0 or higher
9.0.0 or higher

Supported Serverless project types
What’s this?

Security

Subscription level
What’s this?

Basic

Level of support
What’s this?

Elastic

The detection rules package stores the prebuilt security rules for the Elastic Security detection engine.

To download or update the rules, click Settings > Install Prebuilt Security Detection Rules assets. Then import the rules into the Detection engine.

License Notice

edit

Changelog

edit
Changelog
Version Details Kibana version(s)

8.17.7

Enhancement (View pull request)
Release security rules update

8.17.0 or higher
9.0.0 or higher

8.17.7-beta.1

Enhancement (View pull request)
Release security rules update

8.17.6

Enhancement (View pull request)
Release security rules update

8.17.0 or higher

8.17.6-beta.1

Enhancement (View pull request)
Release security rules update

8.17.5

Enhancement (View pull request)
Release security rules update

8.17.0 or higher

8.17.5-beta.1

Enhancement (View pull request)
Release security rules update

8.17.4

Enhancement (View pull request)
Release security rules update

8.17.0 or higher

8.17.4-beta.1

Enhancement (View pull request)
Release security rules update

8.17.3

Enhancement (View pull request)
Release security rules update

8.17.0 or higher

8.17.3-beta.1

Enhancement (View pull request)
Release security rules update

8.17.2

Enhancement (View pull request)
Release security rules update

8.17.0 or higher

8.17.2-beta.2

Enhancement (View pull request)
Release security rules update

8.17.2-beta.1

Bug fix (View pull request)
Fix broken link for Prebuilt Security Detection Rules

8.17.1

Enhancement (View pull request)
Release security rules update

8.17.0 or higher

8.17.1-beta.2

Enhancement (View pull request)
Release security rules update

8.17.1-beta.1

Enhancement (View pull request)
Release security rules update

8.16.2

Enhancement (View pull request)
Release security rules update

8.16.0 or higher

8.16.2-beta.2

Enhancement (View pull request)
Release security rules update

8.16.2-beta.1

Enhancement (View pull request)
Release security rules update for testing smart limits

8.16.1

Enhancement (View pull request)
Release security rules update

8.16.0 or higher

8.16.1-beta.1

Enhancement (View pull request)
Release security rules update

8.15.9

Enhancement (View pull request)
Release security rules update

8.15.0 or higher

8.15.9-beta.1

Enhancement (View pull request)
Release security rules update

8.15.8

Enhancement (View pull request)
Release security rules update

8.15.0 or higher

8.15.8-beta.1

Enhancement (View pull request)
Release security rules update

8.15.7

Enhancement (View pull request)
Release security rules update

8.15.0 or higher

8.15.7-beta.1

Enhancement (View pull request)
Release security rules update

8.15.6

Enhancement (View pull request)
Release security rules update

8.15.0 or higher

8.15.6-beta.1

Enhancement (View pull request)
Release security rules update

8.15.5

Enhancement (View pull request)
Release security rules update

8.15.0 or higher

8.15.5-beta.1

Enhancement (View pull request)
Release security rules update

8.15.4

Enhancement (View pull request)
Release security rules update

8.15.0 or higher

8.15.4-beta.1

Enhancement (View pull request)
Release security rules update

8.15.3

Enhancement (View pull request)
Release security rules update

8.15.0 or higher

8.15.3-beta.1

Enhancement (View pull request)
Release security rules update

8.15.2

Enhancement (View pull request)
Release security rules update

8.15.0 or higher

8.15.2-beta.1

Enhancement (View pull request)
Release security rules update

8.15.1

Enhancement (View pull request)
Release security rules update

8.15.0 or higher

8.15.1-beta.1

Enhancement (View pull request)
Release security rules update

8.14.6

Enhancement (View pull request)
Release security rules update

8.14.0 or higher

8.14.6-beta.1

Enhancement (View pull request)
Release security rules update

8.14.5

Enhancement (View pull request)
Release security rules update

8.14.0 or higher

8.14.5-beta.1

Enhancement (View pull request)
Release security rules update

8.14.4

Enhancement (View pull request)
Release security rules update

8.14.0 or higher

8.14.4-beta.1

Enhancement (View pull request)
Release security rules update

8.14.3

Enhancement (View pull request)
Release security rules update

8.14.0 or higher

8.14.3-beta.1

Enhancement (View pull request)
Release security rules update

8.14.2

Enhancement (View pull request)
Release security rules update

8.14.0 or higher

8.14.2-beta.1

Enhancement (View pull request)
Release security rules update

Enhancement (View pull request)
Add security capability

8.14.1

Enhancement (View pull request)
Release security rules update

8.14.0 or higher

8.14.1-beta.1

Enhancement (View pull request)
Release security rules update

8.13.6

Enhancement (View pull request)
Release security rules update

8.13.0 or higher

8.13.6-beta.1

Enhancement (View pull request)
Release security rules update

8.13.5

Enhancement (View pull request)
Release security rules update

8.13.0 or higher

8.13.5-beta.1

Enhancement (View pull request)
Release security rules update

8.13.4

Enhancement (View pull request)
Release security rules update

8.13.0 or higher

8.13.4-beta.1

Enhancement (View pull request)
Release security rules update

8.13.3

Enhancement (View pull request)
Release security rules update

8.13.0 or higher

8.13.3-beta.1

Enhancement (View pull request)
Release security rules update

8.13.2

Enhancement (View pull request)
Release security rules update

8.13.0 or higher

8.13.2-beta.1

Enhancement (View pull request)
Release security rules update

8.13.1

Enhancement (View pull request)
Release security rules update

8.13.0 or higher

8.13.1-beta.1

Enhancement (View pull request)
Release security rules update

8.12.5

Enhancement (View pull request)
Release security rules update

8.12.0 or higher

8.12.5-beta.1

Enhancement (View pull request)
Release security rules update

8.12.4

Enhancement (View pull request)
Release security rules update

8.12.0 or higher

8.12.4-beta.1

Enhancement (View pull request)
Release security rules update

8.12.3

Enhancement (View pull request)
Release security rules update

8.12.0 or higher

8.12.3-beta.1

Enhancement (View pull request)
Release security rules update

8.12.2

Enhancement (View pull request)
Release security rules update

8.12.0 or higher

8.12.2-beta.1

Enhancement (View pull request)
Release security rules update

8.12.1

Enhancement (View pull request)
Release security rules update

8.12.0 or higher

8.12.1-beta.1

Enhancement (View pull request)
Release security rules update

8.11.4

Enhancement (View pull request)
Release security rules update

8.11.0 or higher

8.11.4-beta.1

Enhancement (View pull request)
Release security rules update

8.11.3

Enhancement (View pull request)
Release security rules update

8.11.0 or higher

8.11.3-beta.1

Enhancement (View pull request)
Release security rules update

8.11.2

Enhancement (View pull request)
Release security rules update

8.11.0 or higher

8.11.2-beta.1

Enhancement (View pull request)
Release security rules update

8.11.1

Enhancement (View pull request)
Release security rules update

8.11.0 or higher

8.11.1-beta.1

Enhancement (View pull request)
Release security rules update

8.10.4-beta.1

Enhancement (View pull request)
Release security rules update

8.10.3

Enhancement (View pull request)
Release security rules update

8.10.1 or higher

8.10.3-beta.1

Enhancement (View pull request)
Release security rules update

8.10.2

Enhancement (View pull request)
Release security rules update

8.10.0 or higher

8.10.2-beta.1

Enhancement (View pull request)
Release security rules update

8.10.1

Enhancement (View pull request)
Release security rules update

8.10.0 or higher

8.10.1-beta.1

Enhancement (View pull request)
Release security rules update

8.9.3

Enhancement (View pull request)
Release security rules update

8.9.0 or higher

8.9.3-beta.1

Enhancement (View pull request)
Release security rules update

8.9.2

Enhancement (View pull request)
Release security rules update

8.9.0 or higher

8.9.2-beta.1

Enhancement (View pull request)
Release security rules update

8.8.7

Enhancement (View pull request)
Release security rules update

8.8.0 or higher

8.8.7-beta.1

Enhancement (View pull request)
Release security rules update

8.7.9

Enhancement (View pull request)
Release security rules update

8.7.0 or higher

8.7.9-beta.1

Enhancement (View pull request)
Release security rules update

8.6.9

Enhancement (View pull request)
Release security rules update

8.6.0 or higher

8.9.1

Enhancement (View pull request)
Release security rules update

8.9.0 or higher

8.8.6

Enhancement (View pull request)
Release security rules update

8.8.0 or higher

8.7.8

Enhancement (View pull request)
Release security rules update

8.7.0 or higher

8.6.8

Enhancement (View pull request)
Release security rules update

8.6.0 or higher

8.5.8

Enhancement (View pull request)
Release security rules update

8.5.0 or higher

8.8.5

Enhancement (View pull request)
Release security rules update

8.8.0 or higher

8.8.5-beta.1

Enhancement (View pull request)
Release security rules update

8.7.7

Enhancement (View pull request)
Release security rules update

8.7.0 or higher

8.7.7-beta.1

Enhancement (View pull request)
Release security rules update

8.6.7

Enhancement (View pull request)
Release security rules update

8.6.0 or higher

8.6.7-beta.1

Enhancement (View pull request)
Release security rules update

8.5.7

Enhancement (View pull request)
Release security rules update

8.5.0 or higher

8.5.7-beta.1

Enhancement (View pull request)
Release security rules update

8.8.4

Enhancement (View pull request)
Release security rules update

8.8.0 or higher

8.8.4-beta.1

Enhancement (View pull request)
Release security rules update

8.7.6

Enhancement (View pull request)
Release security rules update

8.7.0 or higher

8.7.6-beta.1

Enhancement (View pull request)
Release security rules update

8.6.6

Enhancement (View pull request)
Release security rules update

8.6.0 or higher

8.6.6-beta.1

Enhancement (View pull request)
Release security rules update

8.5.6

Enhancement (View pull request)
Release security rules update

8.5.0 or higher

8.5.6-beta.1

Enhancement (View pull request)
Release security rules update

8.8.3

Enhancement (View pull request)
Release security rules update

8.8.0 or higher

8.8.3-beta.1

Enhancement (View pull request)
Release security rules update

8.7.5

Enhancement (View pull request)
Release security rules update

8.7.0 or higher

8.7.5-beta.1

Enhancement (View pull request)
Release security rules update

8.6.5

Enhancement (View pull request)
Release security rules update

8.6.0 or higher

8.6.5-beta.1

Enhancement (View pull request)
Release security rules update

8.5.5

Enhancement (View pull request)
Release security rules update

8.5.0 or higher

8.5.5-beta.1

Enhancement (View pull request)
Release security rules update

8.8.2

Enhancement (View pull request)
Release security rules update

8.8.0 or higher

8.8.2-beta.1

Enhancement (View pull request)
Release security rules update

8.7.4

Enhancement (View pull request)
Release security rules update

8.7.0 or higher

8.7.4-beta.1

Enhancement (View pull request)
Release security rules update

8.6.4

Enhancement (View pull request)
Release security rules update

8.6.0 or higher

8.6.4-beta.1

Enhancement (View pull request)
Release security rules update

8.5.4

Enhancement (View pull request)
Release security rules update

8.5.0 or higher

8.5.4-beta.1

Enhancement (View pull request)
Release security rules update

8.8.1

Enhancement (View pull request)
Release security rules update

8.8.0 or higher

8.8.1-beta.1

Enhancement (View pull request)
Release security rules update

8.7.3

Enhancement (View pull request)
Release security rules update

8.7.0 or higher

8.7.3-beta.1

Enhancement (View pull request)
Release security rules update

8.6.3

Enhancement (View pull request)
Release security rules update

8.6.0 or higher

8.6.3-beta.1

Enhancement (View pull request)
Release security rules update

8.5.3

Enhancement (View pull request)
Release security rules update

8.5.0 or higher

8.5.3-beta.1

Enhancement (View pull request)
Release security rules update

8.4.5

Enhancement (View pull request)
Release security rules update

8.4.0 or higher

8.4.5-beta.1

Enhancement (View pull request)
Release security rules update

8.7.3-beta.0

Enhancement (View pull request)
Release security rules update

8.7.2

Enhancement (View pull request)
Release security rules update

8.7.0 or higher

8.7.2-beta.1

Enhancement (View pull request)
Release security rules update

8.6.2

Enhancement (View pull request)
Release security rules update

8.6.0 or higher

8.6.2-beta.1

Enhancement (View pull request)
Release security rules update

8.5.2

Enhancement (View pull request)
Release security rules update

8.5.0 or higher

8.5.2-beta.1

Enhancement (View pull request)
Release security rules update

8.4.4

Enhancement (View pull request)
Release security rules update

8.4.0 or higher

8.4.4-beta.1

Enhancement (View pull request)
Release security rules update

8.7.1

Enhancement (View pull request)
Release security rules update

8.7.0 or higher

8.7.1-beta.1

Enhancement (View pull request)
Release security rules update

8.6.1

Enhancement (View pull request)
Release security rules update

8.6.0 or higher

8.6.1-beta.1

Enhancement (View pull request)
Release security rules update

8.5.1

Enhancement (View pull request)
Release security rules update

8.5.0 or higher

8.5.1-beta.1

Enhancement (View pull request)
Release security rules update

8.4.3

Enhancement (View pull request)
Release security rules update

8.4.0 or higher

8.4.3-beta.1

Enhancement (View pull request)
Release security rules update

8.4.2

Enhancement (View pull request)
Release security rules update

8.4.0 or higher

8.4.2-beta.1

Enhancement (View pull request)
Release security rules update

8.3.4

Enhancement (View pull request)
Release security rules update

8.3.0 or higher

8.3.4-beta.1

Enhancement (View pull request)
Release security rules update

8.3.3

Enhancement (View pull request)
Release security rules update

8.3.0 or higher

8.4.1

Enhancement (View pull request)
Release security rules update

8.4.0 or higher

8.3.1

Enhancement (View pull request)
Release security rules update

8.3.0 or higher

8.2.1

Enhancement (View pull request)
Release security rules update

8.2.0 or higher

7.16.4

Enhancement (View pull request)
Release security rules update

7.16.0 or higher

8.1.1

Enhancement (View pull request)
Release security rules update

8.1.0 or higher

7.16.3

Enhancement (View pull request)
Release security rules update

7.16.0 or higher

1.0.2

Enhancement (View pull request)
Release security rules update

8.0.0 or higher

0.16.2

Enhancement (View pull request)
Release security rules update

0.16.1

Enhancement (View pull request)
Release security rules update

1.0.1

Enhancement (View pull request)
Release security rules update

8.0.0 or higher

0.14.3

Enhancement (View pull request)
Release security rules update

0.14.2

Enhancement (View pull request)
Release security rules update

0.14.1

Enhancement (View pull request)
Release security rules update

0.13.3

Enhancement (View pull request)
Release security rules update

0.13.2

Enhancement (View pull request)
Release security rules update

0.13.1

Enhancement (View pull request)
Release security rules update

0.13.1-dev.0

Bug fix (View pull request)
Pre-release for 0.13.1 security rules

0.13.0

Bug fix (View pull request)
Fix package for 7.13.0 from detection-rules

0.13.0-dev.0

Enhancement (View pull request)
Publish package for 7.13.0 from detection-rules

0.0.3

Bug fix (View pull request)
Fix security rules naming

0.0.2

Enhancement (View pull request)
Change the rules to match Kibana 7.13 prepackaged

0.0.1-dev.3

Enhancement (View pull request)
Change the integration title

0.0.1-dev.2

Enhancement (View pull request)
Change the saved object type to security-rule

0.0.1-dev.1

Enhancement (View pull request)
Create package for security’s detection engine

« How Container Workload Protection Works Security Posture Management »

On this page

Was this helpful?
Feedback