February 16, 2026 | Rule Changes Reduced FPs for Reverse Shell Detected rule. Reduced FPs for Dynamic Linker Hijacking Using ld.so Files rule. Reduced FPs for Run shell untrusted rule.
| 0.236.2 |
February 13, 2026 | Rule Changes Reduced FPs for Unprivileged Delegation of Page Faults Handling to a Userspace Process rule. Reduced FPs for Mount Launched in Privileged Container rule. Reduced FPs for Dynamic Linker Hijacking Using ld.so Files rule. Reduced FPs for Container Escape using Kernel Module rule. Reduced FPs for Create Symlink Over Sensitive Files rule. Reduced FPs for Drop and Execute /tmp Binary rule.
| 0.236.1 | February 10, 2026 | Rule Changes Reduced FPs for Dynamic Linker Hijacking Using ld.so Files rule. Reduced FPs for Launch Suspicious Network Tool in Container rule. Reduced FPs for Clear Log Activities rule. Reduced FPs for Reverse Shell Detected rule. Reduced FPs for Mailbox Data Modification rule. Reduced FPs for Launch Excessively Capable Container rule. Reduced FPs for Suspicious RC Script Modification rule.
| 0.236.0 |
February 09, 2026 | Rule Changes Reduced FPs for Reverse Shell Detected rule. Reduced FPs for Contact Task Metadata Endpoint rule. Reduced FPs for Redirect STDOUT/STDIN to Network Connection in Container rule. Reduced FPs for Run shell untrusted rule. Reduced FPs for Execution of binary using ld-linux rule. Reduced FPs for New Kernel Module Created and Loaded rule.
| 0.235.4 |
February 06, 2026 | Rule Changes | 0.235.3 |
February 05, 2026 | Rule Changes Reduced FPs for Offensive Security Tool Detected rule. Reduced FPs for Suspicious Java Child Processes rule. Reduced FPs for Reverse Shell Redirects STDIN/STDOUT Using UNIX Socket rule. Reduced FPs for Suspicious io_uring Activity Detected rule. Reduced FPs for Container Escape using Kernel Module rule.
| 0.235.2 |
February 04, 2026 | Rule Changes Reduced FPs for Base64-encoded Python Script Execution rule. Reduced FPs for Dynamic Linker Hijacking Using ld.so Files rule. Reduced FPs for BPFDoor Backdoor Activity Detected rule. Reduced FPs for Drop and Execute /tmp Binary rule. Reduced FPs for Find GCP Credentials rule.
| 0.235.1 |
February 03, 2026 | Rule Changes Reduced FPs for Run Several XLarge EC2 Instances. Reduced FPs for eBPF Program Loaded into Kernel rule. Reduced FPs for Execution from /tmp rule. Reduced FPs for AWS SSM Agent Activity using StartSession rule.
| 0.235.0 |
February 02, 2026 | Rule Changes Reduced FPs for Create Symlink Over Sensitive Files rule. Reduced FPs for Instance Metadata Service Contacted During Package Install rule. Reduced FPs for Suspicious io_uring Activity Detected rule. Reduced FPs for Run shell untrusted rule. Reduced FPs for Execution from /tmp rule. Reduced FPs for Reverse Shell Detected rule. Reduced FPs for Launch Suspicious Network Tool in Container rule.
| 0.234.3 |
January 30, 2026 | Rule Changes Reduced FPs for Dynamic Linker Hijacking Using ld.so Files rule. Reduced FPs for Find GCP Credentials rule. Reduced FPs for Suspicious RC Script Modification rule.
| 0.234.2 |
January 28, 2026 | Rule Changes Reduced FPs for Dynamic Linker Hijacking Using ld.so Files rule. Reduced FPs for Clear Log Activities rule. Reduced FPs for Reconnaissance attempt to find SUID binaries rule. Reduced FPs for Reconnaissance attempt to find SETGID binaries rule.
| 0.234.1 |
January 27, 2026 | New Rules Rule Changes Reduced FPs for Base64-encoded Python Script Execution rule. Reduced FPs for Drop and Execute /tmp Binary rule. Reduced FPs for Reverse Shell Spawned From Binary Through Pipes rule. Reduced FPs for Modify Grub Configuration Files rule. Reduced FPs for Reverse Shell Redirects STDIN/STDOUT Using UNIX Socket rule.
| 0.234.0 |
January 26, 2026 | Rule Changes Reduced FPs for Execution from Temporary Filesystem (tmpfs) rule. Reduced FPs for Reverse Shell Spawned From Binary Through Pipes rule. Reduced FPs for Modification of Container Image Cache rule. Reduced FPs for Reverse Shell Redirects STDIN/STDOUT Using UNIX Socket rule. Reduced FPs for Find GCP Credentials rule. Reduced FPs for Drop and Execute /tmp Binary rule. Reduced FPs for Dynamic Linker Hijacking Using ld.so Files rule.
| 0.233.3 |
January 23, 2026 | Rule Changes Reduced FPs for New Kernel Module Created and Loaded rule. Reduced FPs for Drop and Execute /tmp Binary rule. Reduced FPs for Dynamic Linker Hijacking Using ld.so Files rule.
| 0.233.2 |
January 22, 2026 | Rule Changes Reduced FPs for Dynamic Linker Hijacking Using ld.so Files rule. Reduced FPs for Suspicious Operations with Firewalls rule. Reduced FPs for Launch Suspicious Network Tool on Host rule. Reduced FPs for Drop and Execute /tmp Binary rule. Reduced FPs for PTRACE Attached to Process rule. Reduced FPs for BPFDoor Backdoor Activity Detected rule. Reduced FPs for Reverse Shell Redirects STDIN/STDOUT To Socket with Pipes rule.
| 0.233.1 |
January 20, 2026 | Rule Changes Reduced FPs for EC2 Create Launch Template rule. Reduced FPs for Reverse Shell Detected rule. Reduced FPs for Reverse Shell Spawned From Binary Through Pipes rule. Reduced FPs for Launch Ingress Remote File Copy Tools in Container rule. Reduced FPs for DNS Fast Flux Activity Detected rule.
| 0.233.0 |
January 16, 2026 | Rule Changes Reduced FPs for Modify Grub Configuration Files rule. Reduced FPs for Reverse Shell Redirects STDIN/STDOUT Using UNIX Socket rule. Reduced FPs for Dynamic Linker Hijacking Detected rule. Reduced FPs for Execution from /dev/shm rule. Reduced FPs for BPFDoor Backdoor Activity Detected rule. Reduced FPs for Dump Memory using /proc Filesystem rule. Reduced FPs for Detect reconnaissance scripts rule. Reduced FPs for nsenter Container Escape rule.
| 0.232.2 |
January 14, 2026 | Rule Changes Reduced FPs for Mount Launched in Privileged Container rule. Reduced FPs for Launch Ingress Remote File Copy Tools in Container rule. Reduced FPs for Detect reconnaissance scripts rule. Reduced FPs for Mount on Container Path Detected rule. Reduced FPs for Linux Kernel Module Injection Detected rule. Reduced FPs for Reverse Shell Spawned From Binary Through Pipes rule.
| 0.232.1 |
January 13, 2026 | Rule Changes Reduced FPs for nsenter Container Escape rule. Reduced FPs for EC2 Get User Data. Reduced FPs for EC2 Create Launch Template. Reduced FPs for Read sensitive file untrusted rule. Reduced FPs for Dynamic Linker Hijacking Detected rule. Reduced FPs for Execution from /dev/shm rule. Reduced FPs for Base64-encoded Shell Script Execution rule. Reduced FPs for Reverse Shell Detected rule. Reduced FPs for New Kernel Module Created and Loaded rule. Reduced FPs for Dynamic Linker Hijacking Using ld.so Files rule. Improve Output for Allocate New Elastic IP Address to AWS Account.
| 0.232.0 |
January 09, 2026 | Rule Changes Reduced FPs for JVM Attach Attempt using Unix Socket rule. Reduced FPs for DNS Fast Flux Activity Detected rule. Reduced FPs for Reverse Shell Detected rule. Reduced FPs for PTRACE attached to process rule. Reduced FPs for BPFDoor Backdoor Activity Detected rule. Reduced FPs for Network Tool Executed During NPM Install rule. Reduced FPs for DNS Lookup for Proxy/VPN Domain Detected rule.
| 0.231.7 |
January 05, 2026 | Rule Changes Reduced FPs for Create Symlink Over Sensitive Files rule. Reduced FPs for Possible Remote Command Execution Detected rule. Reduced FPs for BPF Command Executed by Fileless Program rule. Reduced FPs for Modify Grub Configuration Files rule.
| 0.231.6 |
