IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« rc.local/rc.common File Creation Update v8.16.1 »
Elastic Docs Elastic Security Solution [8.16] Detections and alerts

Downloadable rule updates

edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.

Downloadable rule updates

edit

This section lists all updates to prebuilt detection rules, made available with the Prebuilt Security Detection Rules integration in Fleet.

To update your installed rules to the latest versions, follow the instructions in Update Elastic prebuilt rules.

For previous rule updates, please navigate to the last version.

Update version Date New rules Updated rules Notes

8.16.12

30 Apr 2025

0

55

Version parity to ensure future updates are more meaningful and informative

8.16.11

28 Apr 2025

21

11

This release includes new rules for Windows, Linux, Azure and AWS. New rules for Windows include detection for defense evasion and execution New rules for Linux include detection for credential access, execution, privilege escalation, credential access, lateral movement and discovery. New rules for Azure include detection for initial access. New rules for AWS include detection for initial access and persistence. Additionally, significant rule tuning for MacOS, Windows, Microsoft 365, Linux and Azure rules has been added for better rule efficacy and performance.

8.16.10

08 Apr 2025

5

75

This release includes new rules for MacOS, Microsoft 365, AWS and PAD. New rules for MacOS include detection for command and control. New rules for Microsoft 365 include detection for initial access. New rules for AWS include detection for exfiltration. New rules for PAD include detection for privilege escalation. Elastic Defend for Container rules are deprecated. Additionally, significant rule tuning for Linux, Windows, Microsoft 365 and Azure rules has been added for better rule efficacy and performance.

8.16.9

13 Mar 2025

33

200

This release includes new rules for Linux, Windows, Microsoft 365, AWS, Azure and Azure OpenAI. New rules for Linux include detection for defense evasion, persistence, command and control, discovery, impact, initial access, exfiltration and lateral movement. New rules for Windows include detection for defense evasion. New rules for Microsoft 365 include detection for collection. New rules for AWS include detection for resource development. New rules for Azure include detection for initial access and credential access. Additionally, significant rule tuning for Linux, Windows and AWS rules has been added for better rule efficacy and performance.

8.16.8

17 Feb 2025

0

20

This release includes significant rule tuning for Windows, Linux and MacOS rules for better rule efficacy and performance.

8.16.7

10 Feb 2025

0

191

This release includes significant rule tuning for Windows and PanOS rules for better rule efficacy and performance.

8.16.6

04 Feb 2025

7

1047

This release includes new rules for Linux and Windows. New rules for Linux include detection for execution and persistence. New rules for Windows include detection for defense evasion, execution and command and control. Additionally, significant rule tuning for Linux, Windows, MacOS, and AWS rules has been added for better rule efficacy and performance.

8.16.5

21 Jan 2025

29

109

This release includes new rules for Linux, Windows and AWS integration. Deprecated rules include Deprecated - Suspicious JAVA Child Process and Deprecated - Potential Password Spraying of Access ['Microsoft 365']. New rules for Linux include detection for execution, discovery, persistence and defense evasion. New rules for Windows include detection for defense evasion. New Rules for AWS include detection for lateral movement, discovery, collection, impact and defense evasion. Additionally, significant rule tuning for Linux, Windows, Crowdstrike and SentinelOne rules has been added for better rule efficacy and performance.

8.16.4

08 Jan 2025

20

10

This release includes new rules for Linux, Azure and Elastic Defend integration. Deprecated rules include Suspicious File Changes Activity Detected New rules for Linux include detection for persistence and defense evasion. New rules for Azure include detection for credential access. New Rules for Elastic Defend include detection for defense evasion, execution and impact. Additionally, significant rule tuning for Linux, Windows and Okta rules has been added for better rule efficacy and performance.

8.16.3

10 Dec 2024

5

6

This release includes new rules for AWS, and AWS Bedrock integration. New rules for AWS include detection for persistence. New rules for AWS Bedrock include detection for LLM prompt injection and LLM jailbreak. Additionally, significant rule tuning for AWS, Github, AWS Bedrock and Azure rules has been added for better rule efficacy and performance.

8.16.2

27 Nov 2024

1

0

This release includes a new rule for AWS integration privilege escalation detection.

8.16.1

11 Nov 2024

21

116

This release includes new rules for Windows, Linux, AWS, and Azure integration. New rules for Windows include detection for initial access. New rules for Linux include detection for defense evasion, command and control, impact, discovery, execution and exfiltration. New rules for AWS include detection for privilege escalation, exfiltration, execution, discovery and persistence. New rules for Azure include detection for credential access. Additionally, significant rule tuning for Windows and AWS rules has been added for better rule efficacy and performance.
« rc.local/rc.common File Creation Update v8.16.1 »