You are viewing docs on Elastic's new documentation system, currently in technical preview. For all other Elastic docs, visit elastic.co/guide.

Last updated: Apr 10th, 2023

Prebuilt Security Detection Rules

Prebuilt detection rules for Elastic Security

What is an Elastic integration?

This integration is powered by Elastic Agent. Elastic Agent is a single, unified way to add monitoring for logs, metrics, and other types of data to a host. It can also protect hosts from security threats, query data from operating systems, forward data from remote services or hardware, and more. Refer to our documentation for a detailed comparison between Beats and Elastic Agent.

Prefer to use Beats for this use case? See Filebeat modules for logs or Metricbeat modules for metrics.

Get started with integrations

See the integrations quick start guides to get started:

The detection rules package stores the prebuilt security rules for the Elastic Security detection engine.

To download or update the rules, click Settings > Install Prebuilt Security Detection Rules assets. Then import the rules into the Detection engine.

License Notice

Changelog

Version	Details
8.7.1	Enhancement View pull request Release security rules update
8.7.1-beta.1	Enhancement View pull request Release security rules update
8.6.1	Enhancement View pull request Release security rules update
8.6.1-beta.1	Enhancement View pull request Release security rules update
8.5.1	Enhancement View pull request Release security rules update
8.5.1-beta.1	Enhancement View pull request Release security rules update
8.4.3	Enhancement View pull request Release security rules update
8.4.3-beta.1	Enhancement View pull request Release security rules update
8.4.2	Enhancement View pull request Release security rules update
8.4.2-beta.1	Enhancement View pull request Release security rules update
8.3.4	Enhancement View pull request Release security rules update
8.3.4-beta.1	Enhancement View pull request Release security rules update
8.3.3	Enhancement View pull request Release security rules update
8.4.1	Enhancement View pull request Release security rules update
8.3.1	Enhancement View pull request Release security rules update
8.2.1	Enhancement View pull request Release security rules update
7.16.4	Enhancement View pull request Release security rules update
8.1.1	Enhancement View pull request Release security rules update
7.16.3	Enhancement View pull request Release security rules update
1.0.2	Enhancement View pull request Release security rules update
0.16.2	Enhancement View pull request Release security rules update
0.16.1	Enhancement View pull request Release security rules update
1.0.1	Enhancement View pull request Release security rules update
0.14.3	Enhancement View pull request Release security rules update
0.14.2	Enhancement View pull request Release security rules update
0.14.1	Enhancement View pull request Release security rules update
0.13.3	Enhancement View pull request Release security rules update
0.13.2	Enhancement View pull request Release security rules update
0.13.1	Enhancement View pull request Release security rules update
0.13.1-dev.0	Bug fix View pull request Pre-release for 0.13.1 security rules
0.13.0	Bug fix View pull request Fix package for 7.13.0 from detection-rules
0.13.0-dev.0	Enhancement View pull request Publish package for 7.13.0 from detection-rules
0.0.3	Bug fix View pull request Fix security rules naming
0.0.2	Enhancement View pull request Change the rules to match Kibana 7.13 prepackaged
0.0.1-dev.3	Enhancement View pull request Change the integration title
0.0.1-dev.2	Enhancement View pull request Change the saved object type to security-rule
0.0.1-dev.1	Enhancement View pull request Create package for security's detection engine