This documentation contains work-in-progress information for future Elastic Stack and Cloud releases. Use the version selector to view supported release docs. It also contains some Elastic Cloud serverless information. Check out our serverless docs for more details.

« Credential Dumping - Prevented - Elastic Endgame Exploit - Prevented - Elastic Endgame »

› ›

Exploit - Detected - Elastic Endgame

edit

Exploit - Detected - Elastic Endgame

edit

Elastic Endgame detected an Exploit. Click the Elastic Endgame icon in the event.module column or the link in the rule.reference column for additional information.

Rule type: query

Rule indices:

endgame-*

Severity: high

Risk score: 73

Runs every: 10m

Searches indices from: now-15m (Date Math format, see also Additional look-back time)

Maximum alerts per execution: 10000

References: None

Tags:

Elastic
Elastic Endgame
Threat Detection
Execution
Privilege Escalation

Version: 9

Rule authors:

Elastic

Rule license: Elastic License v2

Rule query

edit

event.kind:alert and event.module:endgame and endgame.metadata.type:detection and (event.action:exploit_event or endgame.event_subtype_full:exploit_event)

Framework: MITRE ATT&CK^TM

Tactic:
- Name: Execution
- ID: TA0002
- Reference URL: https://attack.mitre.org/tactics/TA0002/
Tactic:
- Name: Privilege Escalation
- ID: TA0004
- Reference URL: https://attack.mitre.org/tactics/TA0004/
Technique:
- Name: Exploitation for Privilege Escalation
- ID: T1068
- Reference URL: https://attack.mitre.org/techniques/T1068/

« Credential Dumping - Prevented - Elastic Endgame Exploit - Prevented - Elastic Endgame »