Home

Awesome

ATT&CK navigator coverage

<h1><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt786d938064f8c8be/5e0e7b96fb35e665aed32798/logo-endpoint-32-color.svg"/> Protections Artifacts</h1>

Elastic Security prevents ransomware and malware, detects advanced threats, and arms responders with vital context. It’s free and open, ready for every endpoint.

Protections-Artifacts is the home of our detection logic (rules, yara, etc) for Elastic Security for endpoint. At Elastic, we believe that being open and transparent is critical for the success of us and our users. Check out our blog post if you are interested in additional background.

Directory

Below you will find the artifacts we have opened in this repository:

FolderDescription
behavior/EQL based malicious behavior rules
yara/Yara rules for malware protection
ransomware/Elastic ransomware protection artifact

Questions? Problems? Suggestions?

If you would like you to provide feedback or contribute to this repository, please familiarize yourself with the applicable artifact’s readme and open an issue using one of the provided templates. We cannot accept pull requests at this time because this repository is automatically generated.

You can also reach us in our Slack Workspace or in the Security Discuss forum.

License

Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one or more contributor license agreements. Licensed under the Elastic License 2.0; you may not use these artifacts except in compliance with the Elastic License 2.0

Contributors must sign a Contributor License Agreement before contributing code to any Elastic repositories.