Prebuilt Security Detection Rules
<div class="condensed-table">
| | |
| --- | --- |
| Version | 8.17.3 (View all) |
| Compatible Kibana version(s) | 8.17.0 or higher |
| Supported Serverless project types
What’s this? | Security |
| Subscription level
What’s this? | Basic |
| Level of support
What’s this? | Elastic |
</div>
The detection rules package stores the prebuilt security rules for the Elastic Security detection engine.
To download or update the rules, click Settings > Install Prebuilt Security Detection Rules assets. Then import the rules into the Detection engine.
**Changelog**
| Version | Details | Kibana version(s) |
|---|---|---|
| 8.17.3 | pass:[] Enhancement (View pull request) Release security rules update |
8.17.0 or higher |
| 8.17.3-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.17.2 | pass:[] Enhancement (View pull request) Release security rules update |
8.17.0 or higher |
| 8.17.2-beta.2 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.17.2-beta.1 | pass:[] Bug fix (View pull request) Fix broken link for Prebuilt Security Detection Rules |
— |
| 8.17.1 | pass:[] Enhancement (View pull request) Release security rules update |
8.17.0 or higher |
| 8.17.1-beta.2 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.17.1-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.16.2 | pass:[] Enhancement (View pull request) Release security rules update |
8.16.0 or higher |
| 8.16.2-beta.2 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.16.2-beta.1 | pass:[] Enhancement (View pull request) Release security rules update for testing smart limits |
— |
| 8.16.1 | pass:[] Enhancement (View pull request) Release security rules update |
8.16.0 or higher |
| 8.16.1-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.15.9 | pass:[] Enhancement (View pull request) Release security rules update |
8.15.0 or higher |
| 8.15.9-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.15.8 | pass:[] Enhancement (View pull request) Release security rules update |
8.15.0 or higher |
| 8.15.8-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.15.7 | pass:[] Enhancement (View pull request) Release security rules update |
8.15.0 or higher |
| 8.15.7-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.15.6 | pass:[] Enhancement (View pull request) Release security rules update |
8.15.0 or higher |
| 8.15.6-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.15.5 | pass:[] Enhancement (View pull request) Release security rules update |
8.15.0 or higher |
| 8.15.5-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.15.4 | pass:[] Enhancement (View pull request) Release security rules update |
8.15.0 or higher |
| 8.15.4-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.15.3 | pass:[] Enhancement (View pull request) Release security rules update |
8.15.0 or higher |
| 8.15.3-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.15.2 | pass:[] Enhancement (View pull request) Release security rules update |
8.15.0 or higher |
| 8.15.2-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.15.1 | pass:[] Enhancement (View pull request) Release security rules update |
8.15.0 or higher |
| 8.15.1-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.14.6 | pass:[] Enhancement (View pull request) Release security rules update |
8.14.0 or higher |
| 8.14.6-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.14.5 | pass:[] Enhancement (View pull request) Release security rules update |
8.14.0 or higher |
| 8.14.5-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.14.4 | pass:[] Enhancement (View pull request) Release security rules update |
8.14.0 or higher |
| 8.14.4-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.14.3 | pass:[] Enhancement (View pull request) Release security rules update |
8.14.0 or higher |
| 8.14.3-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.14.2 | pass:[] Enhancement (View pull request) Release security rules update |
8.14.0 or higher |
| 8.14.2-beta.1 | pass:[] Enhancement (View pull request) Release security rules update pass:[] Enhancement (View pull request) Add security capability |
— |
| 8.14.1 | pass:[] Enhancement (View pull request) Release security rules update |
8.14.0 or higher |
| 8.14.1-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.13.6 | pass:[] Enhancement (View pull request) Release security rules update |
8.13.0 or higher |
| 8.13.6-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.13.5 | pass:[] Enhancement (View pull request) Release security rules update |
8.13.0 or higher |
| 8.13.5-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.13.4 | pass:[] Enhancement (View pull request) Release security rules update |
8.13.0 or higher |
| 8.13.4-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.13.3 | pass:[] Enhancement (View pull request) Release security rules update |
8.13.0 or higher |
| 8.13.3-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.13.2 | pass:[] Enhancement (View pull request) Release security rules update |
8.13.0 or higher |
| 8.13.2-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.13.1 | pass:[] Enhancement (View pull request) Release security rules update |
8.13.0 or higher |
| 8.13.1-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.12.5 | pass:[] Enhancement (View pull request) Release security rules update |
8.12.0 or higher |
| 8.12.5-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.12.4 | pass:[] Enhancement (View pull request) Release security rules update |
8.12.0 or higher |
| 8.12.4-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.12.3 | pass:[] Enhancement (View pull request) Release security rules update |
8.12.0 or higher |
| 8.12.3-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.12.2 | pass:[] Enhancement (View pull request) Release security rules update |
8.12.0 or higher |
| 8.12.2-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.12.1 | pass:[] Enhancement (View pull request) Release security rules update |
8.12.0 or higher |
| 8.12.1-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.11.4 | pass:[] Enhancement (View pull request) Release security rules update |
8.11.0 or higher |
| 8.11.4-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.11.3 | pass:[] Enhancement (View pull request) Release security rules update |
8.11.0 or higher |
| 8.11.3-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.11.2 | pass:[] Enhancement (View pull request) Release security rules update |
8.11.0 or higher |
| 8.11.2-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.11.1 | pass:[] Enhancement (View pull request) Release security rules update |
8.11.0 or higher |
| 8.11.1-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.10.4-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.10.3 | pass:[] Enhancement (View pull request) Release security rules update |
8.10.1 or higher |
| 8.10.3-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.10.2 | pass:[] Enhancement (View pull request) Release security rules update |
8.10.0 or higher |
| 8.10.2-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.10.1 | pass:[] Enhancement (View pull request) Release security rules update |
8.10.0 or higher |
| 8.10.1-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.9.3 | pass:[] Enhancement (View pull request) Release security rules update |
8.9.0 or higher |
| 8.9.3-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.9.2 | pass:[] Enhancement (View pull request) Release security rules update |
8.9.0 or higher |
| 8.9.2-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.8.7 | pass:[] Enhancement (View pull request) Release security rules update |
8.8.0 or higher |
| 8.8.7-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.7.9 | pass:[] Enhancement (View pull request) Release security rules update |
8.7.0 or higher |
| 8.7.9-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.6.9 | pass:[] Enhancement (View pull request) Release security rules update |
8.6.0 or higher |
| 8.9.1 | pass:[] Enhancement (View pull request) Release security rules update |
8.9.0 or higher |
| 8.8.6 | pass:[] Enhancement (View pull request) Release security rules update |
8.8.0 or higher |
| 8.7.8 | pass:[] Enhancement (View pull request) Release security rules update |
8.7.0 or higher |
| 8.6.8 | pass:[] Enhancement (View pull request) Release security rules update |
8.6.0 or higher |
| 8.5.8 | pass:[] Enhancement (View pull request) Release security rules update |
8.5.0 or higher |
| 8.8.5 | pass:[] Enhancement (View pull request) Release security rules update |
8.8.0 or higher |
| 8.8.5-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.7.7 | pass:[] Enhancement (View pull request) Release security rules update |
8.7.0 or higher |
| 8.7.7-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.6.7 | pass:[] Enhancement (View pull request) Release security rules update |
8.6.0 or higher |
| 8.6.7-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.5.7 | pass:[] Enhancement (View pull request) Release security rules update |
8.5.0 or higher |
| 8.5.7-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.8.4 | pass:[] Enhancement (View pull request) Release security rules update |
8.8.0 or higher |
| 8.8.4-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.7.6 | pass:[] Enhancement (View pull request) Release security rules update |
8.7.0 or higher |
| 8.7.6-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.6.6 | pass:[] Enhancement (View pull request) Release security rules update |
8.6.0 or higher |
| 8.6.6-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.5.6 | pass:[] Enhancement (View pull request) Release security rules update |
8.5.0 or higher |
| 8.5.6-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.8.3 | pass:[] Enhancement (View pull request) Release security rules update |
8.8.0 or higher |
| 8.8.3-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.7.5 | pass:[] Enhancement (View pull request) Release security rules update |
8.7.0 or higher |
| 8.7.5-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.6.5 | pass:[] Enhancement (View pull request) Release security rules update |
8.6.0 or higher |
| 8.6.5-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.5.5 | pass:[] Enhancement (View pull request) Release security rules update |
8.5.0 or higher |
| 8.5.5-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.8.2 | pass:[] Enhancement (View pull request) Release security rules update |
8.8.0 or higher |
| 8.8.2-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.7.4 | pass:[] Enhancement (View pull request) Release security rules update |
8.7.0 or higher |
| 8.7.4-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.6.4 | pass:[] Enhancement (View pull request) Release security rules update |
8.6.0 or higher |
| 8.6.4-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.5.4 | pass:[] Enhancement (View pull request) Release security rules update |
8.5.0 or higher |
| 8.5.4-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.8.1 | pass:[] Enhancement (View pull request) Release security rules update |
8.8.0 or higher |
| 8.8.1-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.7.3 | pass:[] Enhancement (View pull request) Release security rules update |
8.7.0 or higher |
| 8.7.3-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.6.3 | pass:[] Enhancement (View pull request) Release security rules update |
8.6.0 or higher |
| 8.6.3-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.5.3 | pass:[] Enhancement (View pull request) Release security rules update |
8.5.0 or higher |
| 8.5.3-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.4.5 | pass:[] Enhancement (View pull request) Release security rules update |
8.4.0 or higher |
| 8.4.5-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.7.3-beta.0 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.7.2 | pass:[] Enhancement (View pull request) Release security rules update |
8.7.0 or higher |
| 8.7.2-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.6.2 | pass:[] Enhancement (View pull request) Release security rules update |
8.6.0 or higher |
| 8.6.2-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.5.2 | pass:[] Enhancement (View pull request) Release security rules update |
8.5.0 or higher |
| 8.5.2-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.4.4 | pass:[] Enhancement (View pull request) Release security rules update |
8.4.0 or higher |
| 8.4.4-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.7.1 | pass:[] Enhancement (View pull request) Release security rules update |
8.7.0 or higher |
| 8.7.1-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.6.1 | pass:[] Enhancement (View pull request) Release security rules update |
8.6.0 or higher |
| 8.6.1-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.5.1 | pass:[] Enhancement (View pull request) Release security rules update |
8.5.0 or higher |
| 8.5.1-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.4.3 | pass:[] Enhancement (View pull request) Release security rules update |
8.4.0 or higher |
| 8.4.3-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.4.2 | pass:[] Enhancement (View pull request) Release security rules update |
8.4.0 or higher |
| 8.4.2-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.3.4 | pass:[] Enhancement (View pull request) Release security rules update |
8.3.0 or higher |
| 8.3.4-beta.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 8.3.3 | pass:[] Enhancement (View pull request) Release security rules update |
8.3.0 or higher |
| 8.4.1 | pass:[] Enhancement (View pull request) Release security rules update |
8.4.0 or higher |
| 8.3.1 | pass:[] Enhancement (View pull request) Release security rules update |
8.3.0 or higher |
| 8.2.1 | pass:[] Enhancement (View pull request) Release security rules update |
8.2.0 or higher |
| 7.16.4 | pass:[] Enhancement (View pull request) Release security rules update |
7.16.0 or higher |
| 8.1.1 | pass:[] Enhancement (View pull request) Release security rules update |
8.1.0 or higher |
| 7.16.3 | pass:[] Enhancement (View pull request) Release security rules update |
7.16.0 or higher |
| 1.0.2 | pass:[] Enhancement (View pull request) Release security rules update |
8.0.0 or higher |
| 0.16.2 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 0.16.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 1.0.1 | pass:[] Enhancement (View pull request) Release security rules update |
8.0.0 or higher |
| 0.14.3 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 0.14.2 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 0.14.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 0.13.3 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 0.13.2 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 0.13.1 | pass:[] Enhancement (View pull request) Release security rules update |
— |
| 0.13.1-dev.0 | pass:[] Bug fix (View pull request) Pre-release for 0.13.1 security rules |
— |
| 0.13.0 | pass:[] Bug fix (View pull request) Fix package for 7.13.0 from detection-rules |
— |
| 0.13.0-dev.0 | pass:[] Enhancement (View pull request) Publish package for 7.13.0 from detection-rules |
— |
| 0.0.3 | pass:[] Bug fix (View pull request) Fix security rules naming |
— |
| 0.0.2 | pass:[] Enhancement (View pull request) Change the rules to match Kibana 7.13 prepackaged |
— |
| 0.0.1-dev.3 | pass:[] Enhancement (View pull request) Change the integration title |
— |
| 0.0.1-dev.2 | pass:[] Enhancement (View pull request) Change the saved object type to security-rule |
— |
| 0.0.1-dev.1 | pass:[] Enhancement (View pull request) Create package for security’s detection engine |
— |