Rapid7 Threat Command CVEs Correlation

Last updated 14 days ago on 2025-03-21

Created 10 months ago on 2024-05-29

About

This rule is triggered when CVEs collected from the Rapid7 Threat Command Integration have a match against vulnerabilities that were found in the customer environment.

Tags: OS: WindowsData Source: Elastic EndgameData Source: WindowsData Source: NetworkData Source: Rapid7 Threat CommandRule Type: Threat MatchUse Case: VulnerabilityUse Case: Asset VisibilityUse Case: Continuous MonitoringLanguage: kuery
Severity: critical
Risk Score: 99
License: Elastic License v2(opens in a new tab or window)

Definition

Rule Type: Threat Match Rule
Integration Pack: Prebuilt Security Detection Rules
Index Patterns: auditbeat-*endgame-*filebeat-*logs-*packetbeat-*winlogbeat-*
Related Integrations: ti_rapid7_threat_command(opens in a new tab or window)
Query

vulnerability.id : *

Install detection rules in Elastic Security

Detect Rapid7 Threat Command CVEs Correlation in the Elastic Security detection engine by installing this rule into your Elastic Stack.

To setup this rule, check out the installation guide for Prebuilt Security Detection Rules(opens in a new tab or window).