elastic / protections-artifacts

Elastic Security detection content for Endpoint

Home Page:https://www.elastic.co/security/endpoint-security

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Protections Artifacts

Elastic Security prevents ransomware and malware, detects advanced threats, and arms responders with vital context. It’s free and open, ready for every endpoint.

Protections-Artifacts is the home of our detection logic (rules, yara, etc) for Elastic Security for endpoint. At Elastic, we believe that being open and transparent is critical for the success of us and our users. Check out our blog post if you are interested in additional background.


Below you will find the artifacts we have opened in this repository:

Folder Description
behavior/ EQL based malicious behavior rules
yara/ Yara rules for malware protection

Questions? Problems? Suggestions?

If you would like you to provide feedback or contribute to this repository, please familiarize yourself with the applicable artifact’s readme and open an issue using one of the provided templates. We cannot accept pull requests at this time because this repository is automatically generated.

You can also reach us in our Slack Workspace or in the Security Discuss forum.


Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one or more contributor license agreements. Licensed under the Elastic License 2.0; you may not use these artifacts except in compliance with the Elastic License 2.0

Contributors must sign a Contributor License Agreement before contributing code to any Elastic repositories.

ezoic increase your site revenue


Elastic Security detection content for Endpoint




Language:YARA 100.0%