8.17.0 Release notes (backport #6224)

[mergify]

Fixes #6222

Preview: Elastic Security 8.17 RNs

---

This is an automatic backport of pull request #6224 done by Mergify.

[mergify]

Cherry-pick of 7c79a64 has failed:

On branch mergify/bp/8.17/pr-6224
Your branch is up to date with 'origin/8.17'.

You are currently cherry-picking commit 7c79a644.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	new file:   docs/detections/notes-page-timeline-details.png
	new file:   docs/release-notes/8.17.asciidoc

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both added:      .backportrc.json
	both added:      .mergify.yml
	both added:      docs/detections/detection-engine-intro.asciidoc
	both added:      docs/detections/detections-index.asciidoc
	both added:      docs/detections/prebuilt-rules/prebuilt-rules-downloadable-updates.asciidoc
	both added:      docs/detections/prebuilt-rules/prebuilt-rules-reference.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-desc-index.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/a-scheduled-task-was-created.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/a-scheduled-task-was-updated.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/abnormal-process-id-or-lock-file-created.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/abnormally-large-dns-response.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/accepted-default-telnet-port-connection.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/access-to-a-sensitive-ldap-attribute.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/access-to-keychain-credentials-directories.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/account-configured-with-never-expiring-password.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/account-discovery-command-via-system-account.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/account-password-reset-remotely.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/adding-hidden-file-attribute-via-attrib.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/adfind-command-activity.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/administrator-privileges-assigned-to-an-okta-group.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/administrator-role-assigned-to-an-okta-user.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/adminsdholder-backdoor.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/adminsdholder-sdprop-exclusion-added.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/adobe-hijack-persistence.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/adversary-behavior-detected-elastic-endgame.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/agent-spoofing-mismatched-agent-id.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/agent-spoofing-multiple-hosts-using-same-agent.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/anomalous-linux-compiler-activity.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/anomalous-process-for-a-linux-population.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/anomalous-process-for-a-windows-population.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/anomalous-windows-process-creation.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/apple-script-execution-followed-by-network-connection.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/apple-scripting-execution-with-administrator-privileges.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/application-added-to-google-workspace-domain.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/application-removed-from-blocklist-in-google-workspace.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/attempt-to-create-okta-api-token.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/attempt-to-deactivate-an-okta-application.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/attempt-to-deactivate-an-okta-network-zone.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/attempt-to-deactivate-an-okta-policy-rule.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/attempt-to-deactivate-an-okta-policy.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/attempt-to-delete-an-okta-application.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/attempt-to-delete-an-okta-network-zone.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/attempt-to-delete-an-okta-policy-rule.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/attempt-to-delete-an-okta-policy.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/attempt-to-disable-gatekeeper.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/attempt-to-disable-syslog-service.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/attempt-to-enable-the-root-account.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/attempt-to-install-root-certificate.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/attempt-to-modify-an-okta-application.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/attempt-to-modify-an-okta-network-zone.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/attempt-to-modify-an-okta-policy-rule.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/attempt-to-modify-an-okta-policy.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/attempt-to-mount-smb-share-via-command-line.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/attempt-to-reset-mfa-factors-for-an-okta-user-account.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/attempt-to-revoke-okta-api-token.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/attempt-to-unload-elastic-endpoint-security-kernel-extension.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/attempted-bypass-of-okta-mfa.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/attempts-to-brute-force-a-microsoft-365-user-account.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/attempts-to-brute-force-an-okta-user-account.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/authorization-plugin-modification.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-cloudtrail-log-created.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-cloudtrail-log-deleted.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-cloudtrail-log-suspended.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-cloudtrail-log-updated.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-cloudwatch-alarm-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-cloudwatch-log-group-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-cloudwatch-log-stream-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-config-resource-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-configuration-recorder-stopped.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-deletion-of-rds-instance-or-cluster.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-ec2-encryption-disabled.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-ec2-full-network-packet-capture-detected.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-ec2-network-access-control-list-creation.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-ec2-network-access-control-list-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-ec2-snapshot-activity.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-ec2-vm-export-failure.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-efs-file-system-or-mount-deleted.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-elasticache-security-group-created.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-elasticache-security-group-modified-or-deleted.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-eventbridge-rule-disabled-or-deleted.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-guardduty-detector-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-iam-assume-role-policy-update.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-iam-brute-force-of-assume-role-policy.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-iam-deactivation-of-mfa-device.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-iam-group-creation.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-iam-group-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-iam-password-recovery-requested.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-iam-user-addition-to-group.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-kms-customer-managed-key-disabled-or-scheduled-for-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-management-console-brute-force-of-root-user-identity.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-management-console-root-login.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-rds-cluster-creation.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-rds-instance-cluster-stoppage.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-rds-instance-creation.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-rds-security-group-creation.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-rds-security-group-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-rds-snapshot-export.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-redshift-cluster-creation.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-root-login-without-mfa.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-route-53-domain-transfer-lock-disabled.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-route-53-domain-transferred-to-another-account.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-route-table-created.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-route-table-modified-or-deleted.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-route53-private-hosted-zone-associated-with-a-vpc.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-s3-bucket-configuration-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-sts-getsessiontoken-abuse.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-vpc-flow-logs-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-waf-access-control-list-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/aws-waf-rule-or-rule-group-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-active-directory-high-risk-sign-in.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-active-directory-high-risk-user-sign-in-heuristic.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-active-directory-powershell-sign-in.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-ad-global-administrator-role-assigned.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-alert-suppression-rule-created-or-modified.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-application-credential-modification.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-automation-account-created.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-automation-runbook-created-or-modified.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-automation-runbook-deleted.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-automation-webhook-created.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-blob-container-access-level-modification.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-blob-permissions-modification.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-command-execution-on-virtual-machine.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-conditional-access-policy-modified.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-diagnostic-settings-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-event-hub-authorization-rule-created-or-updated.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-event-hub-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-external-guest-user-invitation.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-firewall-policy-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-frontdoor-web-application-firewall-waf-policy-deleted.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-full-network-packet-capture-detected.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-global-administrator-role-addition-to-pim-user.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-key-vault-modified.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-kubernetes-events-deleted.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-kubernetes-pods-deleted.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-kubernetes-rolebindings-created.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-network-watcher-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-privilege-identity-management-role-modified.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-resource-group-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-service-principal-addition.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-service-principal-credentials-added.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-storage-account-key-regenerated.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/azure-virtual-network-device-modified-or-deleted.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/base16-or-base32-encoding-decoding-activity.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/bash-shell-profile-modification.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/binary-executed-from-shared-memory-directory.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/bpf-filter-applied-using-tc.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/bypass-uac-via-event-viewer.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/chkconfig-service-add.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/clearing-windows-console-history.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/clearing-windows-event-logs.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/cobalt-strike-command-and-control-beacon.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/command-execution-via-solarwinds-process.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/command-prompt-network-connection.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/command-shell-activity-started-via-rundll32.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/component-object-model-hijacking.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/conhost-spawned-by-suspicious-parent-process.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/connection-to-commonly-abused-free-ssl-certificate-providers.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/connection-to-commonly-abused-web-services.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/connection-to-external-network-via-telnet.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/connection-to-internal-network-via-telnet.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/control-panel-process-with-unusual-arguments.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/creation-of-a-hidden-local-user-account.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/creation-of-hidden-files-and-directories-via-commandline.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/creation-of-hidden-launch-agent-or-daemon.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/creation-of-hidden-login-item-via-apple-script.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/creation-of-hidden-shared-object-file.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/creation-or-modification-of-a-new-gpo-scheduled-task-or-service.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/creation-or-modification-of-domain-backup-dpapi-private-key.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/creation-or-modification-of-root-certificate.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/credential-acquisition-via-registry-hive-dumping.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/credential-dumping-detected-elastic-endgame.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/credential-dumping-prevented-elastic-endgame.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/credential-manipulation-detected-elastic-endgame.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/credential-manipulation-prevented-elastic-endgame.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/cyberark-privileged-access-security-error.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/cyberark-privileged-access-security-recommended-monitor.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/default-cobalt-strike-team-server-certificate.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/delete-volume-usn-journal-with-fsutil.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/deleting-backup-catalogs-with-wbadmin.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/disable-windows-event-and-security-logs-using-built-in-tools.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/disable-windows-firewall-rules-via-netsh.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/disabling-user-account-control-via-registry-modification.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/disabling-windows-defender-security-settings-via-powershell.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/dns-over-https-enabled-via-registry.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/dns-tunneling.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/domain-added-to-google-workspace-trusted-domains.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/dumping-account-hashes-via-built-in-commands.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/dumping-of-keychain-content-via-security-command.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/dynamic-linker-copy.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/eggshell-backdoor-execution.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/elastic-agent-service-terminated.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/emond-rules-creation-or-modification.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/enable-host-network-discovery-via-netsh.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/encoded-executable-stored-in-the-registry.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/encrypting-files-with-winrar-or-7z.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/endpoint-security.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/enumeration-command-spawned-via-wmiprvse.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/enumeration-of-administrator-accounts.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/enumeration-of-kernel-modules.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/enumeration-of-privileged-local-groups-membership.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/enumeration-of-users-or-groups-via-built-in-commands.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/executable-file-creation-with-multiple-extensions.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/execution-from-unusual-directory-command-line.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/execution-of-com-object-via-xwizard.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/execution-of-file-written-or-modified-by-microsoft-office.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/execution-of-file-written-or-modified-by-pdf-reader.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/execution-of-persistent-suspicious-program.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/execution-via-local-sxs-shared-module.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/execution-via-tsclient-mountpoint.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/execution-with-explicit-credentials-via-scripting.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/exploit-detected-elastic-endgame.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/exploit-prevented-elastic-endgame.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/exporting-exchange-mailbox-via-powershell.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/external-alerts.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/external-ip-lookup-from-non-browser-process.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/file-deletion-via-shred.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/file-made-immutable-by-chattr.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/file-permission-modification-in-writable-directory.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/file-transfer-or-listener-established-via-netcat.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/finder-sync-plugin-registered-and-enabled.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/full-user-mode-dumps-enabled-system-wide.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/gcp-firewall-rule-creation.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/gcp-firewall-rule-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/gcp-firewall-rule-modification.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/gcp-iam-custom-role-creation.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/gcp-iam-role-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/gcp-iam-service-account-key-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/gcp-logging-bucket-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/gcp-logging-sink-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/gcp-logging-sink-modification.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/gcp-pub-sub-subscription-creation.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/gcp-pub-sub-subscription-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/gcp-pub-sub-topic-creation.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/gcp-pub-sub-topic-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/gcp-service-account-creation.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/gcp-service-account-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/gcp-service-account-disabled.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/gcp-service-account-key-creation.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/gcp-storage-bucket-configuration-modification.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/gcp-storage-bucket-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/gcp-storage-bucket-permissions-modification.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/gcp-virtual-private-cloud-network-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/gcp-virtual-private-cloud-route-creation.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/gcp-virtual-private-cloud-route-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/google-drive-ownership-transferred-via-google-workspace.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/google-workspace-2sv-policy-disabled.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/google-workspace-admin-role-assigned-to-a-user.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/google-workspace-admin-role-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/google-workspace-bitlocker-setting-disabled.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/google-workspace-custom-admin-role-created.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/google-workspace-custom-gmail-route-created-or-modified.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/google-workspace-mfa-enforcement-disabled.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/google-workspace-password-policy-modified.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/google-workspace-role-modified.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/google-workspace-user-organizational-unit-changed.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/group-policy-abuse-for-privilege-addition.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/halfbaked-command-and-control-beacon.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/high-number-of-okta-user-password-reset-or-unlock-attempts.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/high-number-of-process-and-or-service-terminations.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/high-number-of-process-terminations.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/hosts-file-modified.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/hping-process-activity.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/iis-http-logging-disabled.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/image-file-execution-options-injection.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/imageload-via-windows-update-auto-update-client.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/inbound-connection-to-an-unsecure-elasticsearch-node.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/incoming-dcom-lateral-movement-via-mshta.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/incoming-dcom-lateral-movement-with-mmc.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/incoming-dcom-lateral-movement-with-shellbrowserwindow-or-shellwindows.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/incoming-execution-via-powershell-remoting.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/incoming-execution-via-winrm-remote-shell.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/installation-of-custom-shim-databases.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/installation-of-security-support-provider.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/installutil-process-making-network-connections.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/interactive-terminal-spawned-via-perl.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/interactive-terminal-spawned-via-python.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/ipsec-nat-traversal-port-activity.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/kerberos-cached-credentials-dumping.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/kerberos-pre-authentication-disabled-for-user.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/kerberos-traffic-from-unusual-process.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/kernel-module-load-via-insmod.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/kernel-module-removal.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/keychain-password-retrieval-via-command-line.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/krbtgt-delegation-backdoor.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/kubernetes-anonymous-request-authorized.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/kubernetes-container-created-with-excessive-linux-capabilities.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/kubernetes-denied-service-account-request.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/kubernetes-exposed-service-created-with-type-nodeport.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/kubernetes-pod-created-with-a-sensitive-hostpath-volume.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/kubernetes-pod-created-with-hostipc.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/kubernetes-pod-created-with-hostnetwork.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/kubernetes-pod-created-with-hostpid.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/kubernetes-privileged-pod-created.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/kubernetes-suspicious-assignment-of-controller-service-account.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/kubernetes-suspicious-self-subject-review.asciidoc
	both added:     
(…)
e-details/persistence-via-wmi-standard-registry-provider.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/persistent-scripts-in-the-startup-directory.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/port-forwarding-rule-addition.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/possible-consent-grant-attack-via-azure-registered-application.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/possible-fin7-dga-command-and-control-behavior.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/possible-okta-dos-attack.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-admin-group-account-addition.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-application-shimming-via-sdbinst.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-command-and-control-via-internet-explorer.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-cookies-theft-via-browser-debugging.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-credential-access-via-dcsync.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-credential-access-via-duplicatehandle-in-lsass.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-credential-access-via-lsass-memory-dump.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-credential-access-via-renamed-com-services-dll.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-credential-access-via-trusted-developer-utility.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-credential-access-via-windows-utilities.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-disabling-of-selinux.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-dll-side-loading-via-microsoft-antimalware-service-executable.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-dns-tunneling-via-nslookup.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-evasion-via-filter-manager.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-hidden-local-user-account-creation.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-invoke-mimikatz-powershell-script.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-java-jndi-exploitation-attempt.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-kerberos-attack-via-bifrost.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-lateral-tool-transfer-via-smb-share.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-local-ntlm-relay-via-http.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-lsa-authentication-package-abuse.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-lsass-clone-creation-via-psscapturesnapshot.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-lsass-memory-dump-via-psscapturesnapshot.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-macos-ssh-brute-force-detected.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-microsoft-office-sandbox-evasion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-modification-of-accessibility-binaries.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-non-standard-port-ssh-connection.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-openssh-backdoor-logging-activity.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-persistence-via-atom-init-script-modification.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-persistence-via-login-hook.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-persistence-via-periodic-tasks.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-persistence-via-time-provider-modification.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-port-monitor-or-print-processor-registration-abuse.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-privacy-control-bypass-via-localhost-secure-copy.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-privacy-control-bypass-via-tccdb-modification.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-privilege-escalation-via-installerfiletakeover.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-privilege-escalation-via-pkexec.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-privilege-escalation-via-sudoers-file-modification.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-privileged-escalation-via-samaccountname-spoofing.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-process-injection-via-powershell.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-protocol-tunneling-via-earthworm.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-remote-credential-access-via-registry.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-remote-desktop-shadowing-activity.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-remote-desktop-tunneling-detected.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-reverse-shell-activity-via-terminal.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-secure-file-deletion-via-sdelete-utility.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-shadow-credentials-added-to-ad-object.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-shadow-file-read-via-command-line-utilities.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-sharprdp-behavior.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/potential-windows-error-manager-masquerading.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/powershell-kerberos-ticket-request.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/powershell-keylogging-script.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/powershell-minidump-script.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/powershell-psreflect-script.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/powershell-script-block-logging-disabled.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/powershell-script-with-token-impersonation-capabilities.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/powershell-share-enumeration-script.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/powershell-suspicious-discovery-related-windows-api-functions.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/powershell-suspicious-payload-encoded-and-compressed.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/powershell-suspicious-script-with-audio-capture-capabilities.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/powershell-suspicious-script-with-screenshot-capabilities.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/privilege-escalation-via-named-pipe-impersonation.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/privilege-escalation-via-rogue-named-pipe-impersonation.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/privilege-escalation-via-root-crontab-file-modification.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/privilege-escalation-via-windir-environment-variable.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/privileged-account-brute-force.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/privileges-elevation-via-parent-process-pid-spoofing.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/process-activity-via-compiled-html-file.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/process-created-with-an-elevated-token.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/process-creation-via-secondary-logon.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/process-execution-from-an-unusual-directory.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/process-injection-by-the-microsoft-build-engine.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/process-injection-detected-elastic-endgame.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/process-injection-prevented-elastic-endgame.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/process-started-from-process-id-pid-file.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/process-termination-followed-by-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/program-files-directory-masquerading.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/prompt-for-credentials-with-osascript.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/psexec-network-connection.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/ransomware-detected-elastic-endgame.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/ransomware-prevented-elastic-endgame.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/rare-aws-error-code.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/rare-user-logon.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/rdp-enabled-via-registry.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/rdp-remote-desktop-protocol-from-the-internet.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/registry-persistence-via-appcert-dll.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/registry-persistence-via-appinit-dll.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/remote-computer-account-dnshostname-update.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/remote-desktop-enabled-in-windows-firewall-by-netsh.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/remote-execution-via-file-shares.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/remote-file-copy-to-a-hidden-share.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/remote-file-copy-via-teamviewer.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/remote-file-download-via-desktopimgdownldr-utility.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/remote-file-download-via-mpcmdrun.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/remote-file-download-via-powershell.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/remote-file-download-via-script-interpreter.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/remote-scheduled-task-creation.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/remote-ssh-login-enabled-via-systemsetup-command.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/remote-system-discovery-commands.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/remote-windows-service-installed.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/remotely-started-services-via-rpc.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/renamed-autoit-scripts-interpreter.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/roshal-archive-rar-or-powershell-file-downloaded-from-the-internet.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/rpc-remote-procedure-call-from-the-internet.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/rpc-remote-procedure-call-to-the-internet.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/scheduled-task-created-by-a-windows-script.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/scheduled-task-execution-at-scale-via-gpo.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/scheduled-tasks-at-command-enabled.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/screensaver-plist-file-modified-by-unexpected-process.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/searching-for-saved-credentials-via-vaultcmd.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/security-software-discovery-using-wmic.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/security-software-discovery-via-grep.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/sedebugprivilege-enabled-by-a-suspicious-process.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/sensitive-files-compression.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/sensitive-privilege-seenabledelegationprivilege-assigned-to-a-user.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/service-command-lateral-movement.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/service-control-spawned-via-script-interpreter.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/service-creation-via-local-kerberos-authentication.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/sharepoint-malware-file-upload.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/shell-execution-via-apple-scripting.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/signed-proxy-execution-via-ms-work-folders.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/sip-provider-modification.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/smb-windows-file-sharing-activity-to-the-internet.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/smtp-on-port-26-tcp.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/softwareupdate-preferences-modification.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/solarwinds-process-disabling-services-via-registry.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/spike-in-aws-error-messages.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/spike-in-failed-logon-events.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/spike-in-firewall-denies.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/spike-in-logon-events.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/spike-in-network-traffic-to-a-country.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/spike-in-network-traffic.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/ssh-authorized-keys-file-modification.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/startup-folder-persistence-via-unsigned-process.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/startup-logon-script-added-to-group-policy-object.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/startup-or-run-key-registry-modification.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/startup-persistence-by-a-suspicious-process.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/sublime-plugin-or-application-script-modification.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/sudo-heap-based-buffer-overflow-attempt.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/sudoers-file-modification.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/sunburst-command-and-control-activity.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-activity-reported-by-okta-user.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-automator-workflows-execution.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-browser-child-process.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-calendar-file-modification.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-certutil-commands.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-child-process-of-adobe-acrobat-reader-update-service.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-cmd-execution-via-wmi.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-crontab-creation-or-modification.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-dll-loaded-for-persistence-or-privilege-escalation.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-emond-child-process.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-endpoint-security-parent-process.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-execution-from-a-mounted-device.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-execution-via-scheduled-task.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-explorer-child-process.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-file-creation-in-etc-for-persistence.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-hidden-child-process-of-launchd.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-html-file-creation.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-imagepath-service-creation.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-lsass-access-via-malseclogon.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-macos-ms-office-child-process.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-managed-code-hosting-process.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-microsoft-diagnostics-wizard-execution.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-ms-office-child-process.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-ms-outlook-child-process.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-pdf-reader-child-process.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-portable-executable-encoded-in-powershell-script.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-powershell-engine-imageload.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-powershell-script.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-print-spooler-file-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-print-spooler-point-and-print-dll.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-print-spooler-spl-file-created.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-printspooler-service-executable-file-creation.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-process-access-via-direct-system-call.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-process-creation-calltrace.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-process-execution-via-renamed-psexec-executable.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-rdp-activex-client-loaded.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-remote-registry-access-via-sebackupprivilege.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-script-object-execution.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-service-was-installed-in-the-system.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-solarwinds-child-process.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-startup-shell-folder-modification.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-werfault-child-process.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-wmi-image-load-from-ms-office.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-wmic-xsl-script-execution.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/suspicious-zoom-child-process.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/svchost-spawning-cmd.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/symbolic-link-to-shadow-copy-created.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/system-information-discovery-via-windows-command-shell.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/system-log-file-deletion.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/system-shells-via-services.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/systemkey-access-via-command-line.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/tcc-bypass-via-mounted-apfs-snapshot-access.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/temporarily-scheduled-task-creation.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/third-party-backup-files-deleted-via-unexpected-process.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/timestomping-using-touch-command.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/uac-bypass-attempt-via-elevated-com-internet-explorer-add-on-installer.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/uac-bypass-attempt-via-privileged-ifileoperation-com-interface.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/uac-bypass-attempt-via-windows-directory-masquerading.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/uac-bypass-attempt-with-ieditionupgrademanager-elevated-com-interface.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/uac-bypass-via-diskcleanup-scheduled-task-hijack.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/uac-bypass-via-icmluautil-elevated-com-interface.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/uac-bypass-via-windows-firewall-snap-in-hijack.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unauthorized-access-to-an-okta-application.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/uncommon-registry-persistence-change.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unexpected-child-process-of-macos-screensaver-engine.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-aws-command-for-a-user.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-child-process-from-a-system-virtual-process.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-child-processes-of-rundll32.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-city-for-an-aws-command.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-country-for-an-aws-command.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-dns-activity.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-executable-file-creation-by-a-system-critical-process.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-file-creation-alternate-data-stream.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-hour-for-a-user-to-logon.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-linux-network-activity.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-linux-network-connection-discovery.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-linux-network-port-activity.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-linux-process-calling-the-metadata-service.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-linux-process-discovery-activity.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-linux-system-information-discovery-activity.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-linux-user-calling-the-metadata-service.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-linux-username.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-login-activity.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-network-activity-from-a-windows-system-binary.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-network-connection-via-dllhost.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-network-connection-via-rundll32.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-network-destination-domain-name.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-parent-child-relationship.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-persistence-via-services-registry.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-print-spooler-child-process.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-process-execution-path-alternate-data-stream.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-process-for-a-linux-host.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-process-for-a-windows-host.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-process-network-connection.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-service-host-child-process-childless-service.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-source-ip-for-a-user-to-logon-from.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-sudo-activity.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-web-request.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-web-user-agent.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-windows-network-activity.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-windows-path-activity.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-windows-process-calling-the-metadata-service.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-windows-remote-user.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-windows-service.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-windows-user-calling-the-metadata-service.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-windows-user-privilege-elevation-activity.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/unusual-windows-username.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/user-account-creation.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/user-account-exposed-to-kerberoasting.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/user-added-as-owner-for-azure-application.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/user-added-as-owner-for-azure-service-principal.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/user-added-to-privileged-group.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/virtual-machine-fingerprinting-via-grep.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/virtual-machine-fingerprinting.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/virtual-private-network-connection-attempt.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/vnc-virtual-network-computing-from-the-internet.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/vnc-virtual-network-computing-to-the-internet.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/volume-shadow-copy-deleted-or-resized-via-vssadmin.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/volume-shadow-copy-deletion-via-powershell.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/volume-shadow-copy-deletion-via-wmic.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/web-application-suspicious-activity-post-request-declined.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/web-application-suspicious-activity-sqlmap-user-agent.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/web-application-suspicious-activity-unauthorized-method.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/web-shell-detection-script-process-child-of-common-web-processes.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/webproxy-settings-modification.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/webserver-access-logs-deleted.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/whoami-process-activity.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/windows-cryptoapi-spoofing-vulnerability-cve-2020-0601-curveball.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/windows-defender-disabled-via-registry-modification.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/windows-defender-exclusions-added-via-powershell.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/windows-event-logs-cleared.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/windows-firewall-disabled-via-powershell.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/windows-network-enumeration.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/windows-registry-file-creation-in-smb-share.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/windows-script-executing-powershell.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/windows-script-interpreter-executing-process-via-wmi.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/windows-service-installed-via-an-unusual-client.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/wireless-credential-dumping-using-netsh-command.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/wmi-incoming-lateral-movement.asciidoc
	both added:      docs/detections/prebuilt-rules/rule-details/zoom-meeting-with-no-passcode.asciidoc
	both added:      docs/index.asciidoc
	both added:      docs/release-notes.asciidoc
	both added:      docs/release-notes/8.15.asciidoc
	both added:      docs/release-notes/8.16.asciidoc

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

[github-actions]

A documentation preview will be available soon.

• 🔨 Buildkite builds
• 📚 HTML diff
• 📙 Preview page

Request a new doc build by commenting

• Rebuild this PR: run docs-build
• Rebuild this PR and all Elastic docs: run docs-build rebuild

_{run docs-build is much faster than run docs-build rebuild. A rebuild should only be needed in rare situations.}

_{If your PR continues to fail for an unknown reason, the doc build pipeline may be broken. Elastic employees can check the pipeline status here.}

[nastasha-solomon]

Closing as this is not the correct backport content.