Skip to content

[New Rules] Add MITRE ATLAS framework support and GenAI threat detection rules #5352

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Mikaayenson merged 29 commits into from
Dec 5, 2025
Merged

[New Rules] Add MITRE ATLAS framework support and GenAI threat detection rules #5352

Mikaayenson merged 29 commits into from
Dec 5, 2025

Conversation

@Mikaayenson
Copy link
Contributor

@Mikaayenson Mikaayenson commented Nov 22, 2025
edited
Loading

Pull Request

Issue link(s): Related https://github.com/elastic/security-team/issues/9809

Summary - What I changed

This PR adds MITRE ATLAS framework support to the detection-rules repository and introduces seven new Generative AI (GenAI) threat detection rules with ATLAS technique references.

Framework Support

  • Added MITRE ATLAS framework support: New atlas.py module with utilities to load and process ATLAS data from the official MITRE ATLAS YAML file
  • Schema updates: Extended threat framework validation to support MITRE ATLAS URLs and tags in rule definitions
  • Test infrastructure: Updated test_all_rules.py with ATLAS validation logic (temporarily skipped pending Security Solution support for ATLAS [[rule.threat]] blocks)
  • ATLAS integration approach: ATLAS techniques are currently referenced via tags (e.g., Mitre Atlas: T0086) and rule references; validation logic is in place for future [[rule.threat]] block support

New Detection Rules

Seven new detection rules targeting GenAI-related threats:

  1. Credential Access - GenAI Process Accessing Sensitive Files

    • Detects when GenAI tools access credential stores, SSH keys, browser data, cloud configs, or API keys
    • ATLAS: AML.T0085, AML.T0085.001, AML.T0055

  2. Command and Control - GenAI Process Connection to Suspicious TLD

    • Detects GenAI tools connecting to suspicious top-level domains commonly used for C2
    • ATLAS: AML.T0086

  3. Defense Evasion - GenAI Process Compiling Executables

    • Detects when GenAI processes spawn compilation or packaging tools
    • ATLAS: AML.T0053

  4. Defense Evasion - GenAI Process Encoding Prior to Network Activity

    • Detects encoding/chunking operations by GenAI processes followed by outbound network connections
    • ATLAS: AML.T0086

  5. Defense Evasion - Unusual Process Modifying GenAI Configuration File

    • Detects unusual modification of GenAI tool configuration files
    • Catches prompt injection attacks that abuse GenAI tools to modify their own configs

  6. Command and Control - GenAI Process Connection to Unusual Domain

    • Detects GenAI tools connecting to domains not seen in the past 7 days
    • ATLAS: AML.T0086

  7. Execution - GenAI or MCP Server Child Process

    • Building block rule detecting child processes spawned by GenAI tools or MCP servers
    • ATLAS: AML.T0053

How To Test

🔱 Tests will run in CI

Manual Testing

  1. Validate framework support and all rules:

    python -m detection_rules test

  2. Lint specific rules:

    python -m detection_rules toml-lint -f rules/cross-platform/credential_access_genai_process_sensitive_file_access.toml

  3. Check ATLAS data loading:

    from detection_rules.atlas import load_atlas_yaml, build_threat_map_entry
atlas_data = load_atlas_yaml()
threat_entry = build_threat_map_entry("Collection", "AML.T0085", "AML.T0085.001")

Expected Test Results

  • All existing tests should pass
  • Schema validation should accept ATLAS framework URLs and tags (unit test should still skip for now)

Checklist

  • Added a label for the type of pr: Rule: New and enhancement (for ATLAS framework support)
  • Added the meta:rapid-merge label if planning to merge within 24 hours
  • Secret and sensitive material has been managed correctly
  • Automated testing was updated or added to match the most common scenarios
  • Documentation and comments were added for features that require explanation

@tradebot-elastic

This comment was marked as duplicate.

Sign in to view
@Mikaayenson Mikaayenson added enhancement New feature or request Rule: New Proposal for new rule labels Nov 22, 2025
@Mikaayenson Mikaayenson self-assigned this Nov 22, 2025
@Mikaayenson Mikaayenson added the python Internal python for the repository label Nov 22, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Nov 22, 2025

Enhancement - Guidelines

These guidelines serve as a reminder set of considerations when addressing adding a feature to the code.

Documentation and Context

  • Describe the feature enhancement in detail (alternative solutions, description of the solution, etc.) if not already documented in an issue.
  • Include additional context or screenshots.
  • Ensure the enhancement includes necessary updates to the documentation and versioning.

Code Standards and Practices

  • Code follows established design patterns within the repo and avoids duplication.
  • Ensure that the code is modular and reusable where applicable.

Testing

  • New unit tests have been added to cover the enhancement.
  • Existing unit tests have been updated to reflect the changes.
  • Provide evidence of testing and validating the enhancement (e.g., test logs, screenshots).
  • Validate that any rules affected by the enhancement are correctly updated.
  • Ensure that performance is not negatively impacted by the changes.
  • Verify that any release artifacts are properly generated and tested.
  • Conducted system testing, including fleet, import, and create APIs (e.g., run make test-cli, make test-remote-cli, make test-hunting-cli)

Additional Checks

  • Verify that the enhancement works across all relevant environments (e.g., different OS versions).
  • Confirm that the proper version label is applied to the PR patch, minor, major.

@tradebot-elastic

This comment was marked as duplicate.

Sign in to view
@Mikaayenson Mikaayenson changed the title Add MITRE ATLAS framework support and GenAI threat detection rules [New Rules] Add MITRE ATLAS framework support and GenAI threat detection rules Nov 22, 2025
@tradebot-elastic

This comment was marked as duplicate.

Sign in to view
@tradebot-elastic

This comment was marked as duplicate.

Sign in to view
@Mikaayenson @Samirbous
Update rules/cross-platform/collection_genai_process_sensitive_file_a…
288178b 
…ccess.toml

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
@tradebot-elastic

This comment was marked as duplicate.

Sign in to view
@cla-checker-service
Copy link

cla-checker-service bot commented Dec 4, 2025
edited
Loading

💚 CLA has been signed

@Mikaayenson Mikaayenson marked this pull request as ready for review December 4, 2025 06:15
@botelastic botelastic bot added bbr Building Block Rules schema labels Dec 4, 2025
@tradebot-elastic
Copy link

tradebot-elastic commented Dec 4, 2025
edited
Loading

⛔️ Test failed

Results
  • ❌ GenAI Process Connection to Suspicious Top Level Domain (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Compiling or Generating Executables (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Accessing Sensitive Files (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Performing Encoding/Chunking Prior to Network Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta

Samirbous
Samirbous reviewed Dec 4, 2025
View reviewed changes
@tradebot-elastic
Copy link

tradebot-elastic commented Dec 4, 2025
edited
Loading

⛔️ Test failed

Results
  • ❌ GenAI Process Connection to Suspicious Top Level Domain (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Compiling or Generating Executables (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Accessing Sensitive Files (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Performing Encoding/Chunking Prior to Network Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta

@tradebot-elastic

This comment was marked as duplicate.

Sign in to view
@tradebot-elastic

This comment was marked as duplicate.

Sign in to view
@tradebot-elastic

This comment was marked as duplicate.

Sign in to view
@tradebot-elastic

This comment was marked as duplicate.

Sign in to view
eric-forte-elastic
eric-forte-elastic approved these changes Dec 4, 2025
View reviewed changes
Copy link
Contributor

@eric-forte-elastic eric-forte-elastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟢 Manual review, local testing (ref), looks good to me! 👍

Mikaayenson
Mikaayenson commented Dec 4, 2025
View reviewed changes
rules_building_block/execution_mcp_server_child_process.toml
shell commands, read files, and interact with external services. This building block provides visibility into
AI-initiated process execution for correlation with other suspicious activity.
"""
from = "now-119m"
Copy link
Contributor Author

@Mikaayenson Mikaayenson Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wondering if we should bypass_bbr_timing = true

Copy link
Contributor

@Aegrah Aegrah Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you don't expect it to be noisy I would just run on regular interval here.

Copy link
Contributor Author

@Mikaayenson Mikaayenson Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this will be noisy

@Mikaayenson Mikaayenson requested a review from Aegrah December 4, 2025 20:31
Aegrah
Aegrah approved these changes Dec 5, 2025
View reviewed changes
Copy link
Contributor

@Aegrah Aegrah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! Some comments to improve on.

rules/cross-platform/command_and_control_genai_process_suspicious_tld_connection.toml
type = "eql"

query = '''
network where host.os.type in ("macos", "windows") and
Copy link
Contributor

@Aegrah Aegrah Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

event.action/event.type could be added here

rules/cross-platform/defense_evasion_genai_process_encoding_prior_to_network_activity.toml

// Encoding/compression followed by network activity
[process where event.type == "start"
and event.type == "start"
Copy link
Contributor

@Aegrah Aegrah Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
and event.type == "start"

Copy link
Contributor

@Aegrah Aegrah Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same note on event.action

rules_building_block/execution_mcp_server_child_process.toml
shell commands, read files, and interact with external services. This building block provides visibility into
AI-initiated process execution for correlation with other suspicious activity.
"""
from = "now-119m"
Copy link
Contributor

@Aegrah Aegrah Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you don't expect it to be noisy I would just run on regular interval here.

rules_building_block/execution_mcp_server_child_process.toml
type = "eql"

query = '''
process where event.type == "start"
Copy link
Contributor

@Aegrah Aegrah Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would be good to add compatible event.actions

@Mikaayenson @Aegrah
Update rules/cross-platform/defense_evasion_genai_process_compiling_e…
ddd8f6a 
…xecutables.toml

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>
@tradebot-elastic
Copy link

tradebot-elastic commented Dec 5, 2025
edited
Loading

⛔️ Test failed

Results
  • ❌ Unusual Process Modifying GenAI Configuration File (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Connection to Unusual Domain (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Connection to Suspicious Top Level Domain (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Compiling or Generating Executables (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Accessing Sensitive Files (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Performing Encoding/Chunking Prior to Network Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta

@Mikaayenson @Aegrah
Update rules/cross-platform/defense_evasion_genai_process_encoding_pr…
85126a0 
…ior_to_network_activity.toml

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>
@tradebot-elastic
Copy link

tradebot-elastic commented Dec 5, 2025
edited
Loading

⛔️ Test failed

Results
  • ❌ Unusual Process Modifying GenAI Configuration File (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Connection to Unusual Domain (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Connection to Suspicious Top Level Domain (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Compiling or Generating Executables (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Accessing Sensitive Files (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Performing Encoding/Chunking Prior to Network Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta

terrancedejesus
terrancedejesus approved these changes Dec 5, 2025
View reviewed changes
Copy link
Contributor

@terrancedejesus terrancedejesus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM peer review with @Mikaayenson

@tradebot-elastic
Copy link

tradebot-elastic commented Dec 5, 2025
edited
Loading

⛔️ Test failed

Results
  • ❌ Unusual Process Modifying GenAI Configuration File (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Connection to Unusual Domain (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Connection to Suspicious Top Level Domain (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Compiling or Generating Executables (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Accessing Sensitive Files (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Performing Encoding/Chunking Prior to Network Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta

@tradebot-elastic
Copy link

tradebot-elastic commented Dec 5, 2025
edited
Loading

⛔️ Test failed

Results
  • ❌ Unusual Process Modifying GenAI Configuration File (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Connection to Unusual Domain (kuery)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Connection to Suspicious Top Level Domain (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Compiling or Generating Executables (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Accessing Sensitive Files (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Performing Encoding/Chunking Prior to Network Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta

@Mikaayenson
Copy link
Contributor Author

Mikaayenson commented Dec 5, 2025

@Aegrah ill take event.action and expand the scope for some of the rules in the next round (e.g. potentially working in FIM). I've address most of the other comments . 🙇 thanks for the extra eyes.

@Mikaayenson Mikaayenson merged commit f40a383 into main Dec 5, 2025
17 checks passed
@Mikaayenson Mikaayenson deleted the additional_genai_coverage branch December 5, 2025 18:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Samirbous Samirbous Samirbous approved these changes

@Aegrah Aegrah Aegrah approved these changes

@terrancedejesus terrancedejesus terrancedejesus approved these changes

@eric-forte-elastic eric-forte-elastic eric-forte-elastic approved these changes

@traut traut Awaiting requested review from traut traut is a code owner

Assignees

@Mikaayenson Mikaayenson

Labels

backport: auto bbr Building Block Rules enhancement New feature or request patch python Internal python for the repository Rule: New Proposal for new rule schema

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@Mikaayenson @tradebot-elastic @Samirbous @Aegrah @terrancedejesus @eric-forte-elastic