Elastic Security prevents ransomware and malware, detects advanced threats, and arms responders with vital context. It’s free and open, ready for every endpoint.
Protections-Artifacts is the home of our detection logic (rules, yara, etc) for Elastic Security for endpoint. At Elastic, we believe that being open and transparent is critical for the success of us and our users. Check out our blog post if you are interested in additional background.
Below you will find the artifacts we have opened in this repository:
| Folder | Description |
|---|---|
behavior/ |
EQL based malicious behavior rules |
yara/ |
Yara rules for malware protection |
ransomware/ |
Elastic ransomware protection artifact |
If you would like you to provide feedback or contribute to this repository, please familiarize yourself with the applicable artifact’s readme and open an issue using one of the provided templates. We cannot accept pull requests at this time because this repository is automatically generated.
You can also reach us in our Slack Workspace or in the Security Discuss forum.
Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one or more contributor license agreements. Licensed under the Elastic License 2.0; you may not use these artifacts except in compliance with the Elastic License 2.0
Contributors must sign a Contributor License Agreement before contributing code to any Elastic repositories.
