Skip to content

Add elastic-endpoint filter for DGA, LMD, LotL #16209

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jmcarlock merged 2 commits into from
Dec 2, 2025
Merged

Add elastic-endpoint filter for DGA, LMD, LotL #16209

jmcarlock merged 2 commits into from
Dec 2, 2025

Conversation

@jmcarlock
Copy link
Contributor

@jmcarlock jmcarlock commented Dec 2, 2025

Proposed commit message

Filter elastic-endpoint processes from packages to reduce FPs

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • [ ] I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • [ ] I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

Tested with SecML integrations test pipeline and using elastic-package.

Related issues

@jmcarlock jmcarlock requested review from a team as code owners December 2, 2025 19:16
@jmcarlock jmcarlock added Integration:lmd Lateral Movement Detection bugfix Pull request that fixes a bug issue Integration:dga Domain Generation Algorithm Detection Integration:problemchild Living off the Land Attack Detection labels Dec 2, 2025
@elasticmachine
Copy link

elasticmachine commented Dec 2, 2025

💚 Build Succeeded

susan-shu-c
susan-shu-c approved these changes Dec 2, 2025
View reviewed changes
Copy link
Member

@susan-shu-c susan-shu-c left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@jmcarlock jmcarlock merged commit a1e4e74 into main Dec 2, 2025
7 checks passed
@jmcarlock jmcarlock deleted the ueba-packages-add-elastic-endpoint-exceptions branch December 2, 2025 20:54
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Dec 2, 2025

Package dga - 2.3.4 containing this change is available at https://epr.elastic.co/package/dga/2.3.4/

@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Dec 2, 2025

Package lmd - 2.5.4 containing this change is available at https://epr.elastic.co/package/lmd/2.5.4/

@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Dec 2, 2025

Package problemchild - 2.4.4 containing this change is available at https://epr.elastic.co/package/problemchild/2.4.4/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@susan-shu-c susan-shu-c susan-shu-c approved these changes

@sodhikirti07 sodhikirti07 sodhikirti07 approved these changes

Assignees

No one assigned

Labels

bugfix Pull request that fixes a bug issue Integration:dga Domain Generation Algorithm Detection Integration:lmd Lateral Movement Detection Integration:problemchild Living off the Land Attack Detection

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@jmcarlock @elasticmachine @susan-shu-c @sodhikirti07