Path	Lines of Code
CONTRIBUTING.md	190
LICENSE.txt	66
NOTICE.txt	48
PHILOSOPHY.md	37
README.md	119
Troubleshooting.md	33
detection_rules/etc/api_schemas/7.10/7.10.base.json	633
detection_rules/etc/api_schemas/7.10/7.10.eql.json	658
detection_rules/etc/api_schemas/7.10/7.10.machine_learning.json	650
detection_rules/etc/api_schemas/7.10/7.10.query.json	660
detection_rules/etc/api_schemas/7.10/7.10.saved_query.json	651
detection_rules/etc/api_schemas/7.10/7.10.threshold.json	679
detection_rules/etc/api_schemas/7.11/7.11.base.json	928
detection_rules/etc/api_schemas/7.11/7.11.eql.json	953
detection_rules/etc/api_schemas/7.11/7.11.machine_learning.json	945
detection_rules/etc/api_schemas/7.11/7.11.query.json	955
detection_rules/etc/api_schemas/7.11/7.11.saved_query.json	946
detection_rules/etc/api_schemas/7.11/7.11.threshold.json	974
detection_rules/etc/api_schemas/7.12/7.12.base.json	928
detection_rules/etc/api_schemas/7.12/7.12.eql.json	953
detection_rules/etc/api_schemas/7.12/7.12.machine_learning.json	945
detection_rules/etc/api_schemas/7.12/7.12.query.json	955
detection_rules/etc/api_schemas/7.12/7.12.saved_query.json	946
detection_rules/etc/api_schemas/7.12/7.12.threshold.json	1004
detection_rules/etc/api_schemas/7.13/7.13.base.json	313
detection_rules/etc/api_schemas/7.13/7.13.eql.json	318
detection_rules/etc/api_schemas/7.13/7.13.machine_learning.json	313
detection_rules/etc/api_schemas/7.13/7.13.query.json	323
detection_rules/etc/api_schemas/7.13/7.13.threat_match.json	411
detection_rules/etc/api_schemas/7.13/7.13.threshold.json	384
detection_rules/etc/api_schemas/7.14/7.14.base.json	322
detection_rules/etc/api_schemas/7.14/7.14.eql.json	333
detection_rules/etc/api_schemas/7.14/7.14.machine_learning.json	335
detection_rules/etc/api_schemas/7.14/7.14.query.json	335
detection_rules/etc/api_schemas/7.14/7.14.threat_match.json	426
detection_rules/etc/api_schemas/7.14/7.14.threshold.json	384
detection_rules/etc/api_schemas/7.15/7.15.base.json	334
detection_rules/etc/api_schemas/7.15/7.15.eql.json	345
detection_rules/etc/api_schemas/7.15/7.15.machine_learning.json	347
detection_rules/etc/api_schemas/7.15/7.15.query.json	347
detection_rules/etc/api_schemas/7.15/7.15.threat_match.json	438
detection_rules/etc/api_schemas/7.15/7.15.threshold.json	396
detection_rules/etc/api_schemas/7.16/7.16.base.json	334
detection_rules/etc/api_schemas/7.16/7.16.eql.json	345
detection_rules/etc/api_schemas/7.16/7.16.machine_learning.json	347
detection_rules/etc/api_schemas/7.16/7.16.query.json	347
detection_rules/etc/api_schemas/7.16/7.16.threat_match.json	438
detection_rules/etc/api_schemas/7.16/7.16.threshold.json	396
detection_rules/etc/api_schemas/7.8/7.8.base.json	554
detection_rules/etc/api_schemas/7.8/7.8.machine_learning.json	571
detection_rules/etc/api_schemas/7.8/7.8.query.json	581
detection_rules/etc/api_schemas/7.8/7.8.saved_query.json	572
detection_rules/etc/api_schemas/7.9/7.9.base.json	633
detection_rules/etc/api_schemas/7.9/7.9.machine_learning.json	650
detection_rules/etc/api_schemas/7.9/7.9.query.json	660
detection_rules/etc/api_schemas/7.9/7.9.saved_query.json	651
detection_rules/etc/api_schemas/7.9/7.9.threshold.json	679
detection_rules/etc/api_schemas/8.0/8.0.base.json	334
detection_rules/etc/api_schemas/8.0/8.0.eql.json	345
detection_rules/etc/api_schemas/8.0/8.0.machine_learning.json	347
detection_rules/etc/api_schemas/8.0/8.0.query.json	347
detection_rules/etc/api_schemas/8.0/8.0.threat_match.json	438
detection_rules/etc/api_schemas/8.0/8.0.threshold.json	396
detection_rules/etc/api_schemas/8.1/8.1.base.json	336
detection_rules/etc/api_schemas/8.1/8.1.eql.json	347
detection_rules/etc/api_schemas/8.1/8.1.machine_learning.json	349
detection_rules/etc/api_schemas/8.1/8.1.query.json	349
detection_rules/etc/api_schemas/8.1/8.1.threat_match.json	440
detection_rules/etc/api_schemas/8.1/8.1.threshold.json	398
detection_rules/etc/api_schemas/8.10/8.10.base.json	453
detection_rules/etc/api_schemas/8.10/8.10.eql.json	475
detection_rules/etc/api_schemas/8.10/8.10.machine_learning.json	465
detection_rules/etc/api_schemas/8.10/8.10.new_terms.json	516
detection_rules/etc/api_schemas/8.10/8.10.query.json	465
detection_rules/etc/api_schemas/8.10/8.10.threat_match.json	556
detection_rules/etc/api_schemas/8.10/8.10.threshold.json	514
detection_rules/etc/api_schemas/8.11/8.11.base.json	453
detection_rules/etc/api_schemas/8.11/8.11.eql.json	475
detection_rules/etc/api_schemas/8.11/8.11.machine_learning.json	465
detection_rules/etc/api_schemas/8.11/8.11.new_terms.json	516
detection_rules/etc/api_schemas/8.11/8.11.query.json	465
detection_rules/etc/api_schemas/8.11/8.11.threat_match.json	556
detection_rules/etc/api_schemas/8.11/8.11.threshold.json	514
detection_rules/etc/api_schemas/8.12/8.12.base.json	453
detection_rules/etc/api_schemas/8.12/8.12.eql.json	475
detection_rules/etc/api_schemas/8.12/8.12.machine_learning.json	465
detection_rules/etc/api_schemas/8.12/8.12.new_terms.json	516
detection_rules/etc/api_schemas/8.12/8.12.query.json	465
detection_rules/etc/api_schemas/8.12/8.12.threat_match.json	556
detection_rules/etc/api_schemas/8.12/8.12.threshold.json	514
detection_rules/etc/api_schemas/8.13/8.13.base.json	415
detection_rules/etc/api_schemas/8.13/8.13.eql.json	491
detection_rules/etc/api_schemas/8.13/8.13.esql.json	479
detection_rules/etc/api_schemas/8.13/8.13.machine_learning.json	426
detection_rules/etc/api_schemas/8.13/8.13.new_terms.json	534
detection_rules/etc/api_schemas/8.13/8.13.query.json	483
detection_rules/etc/api_schemas/8.13/8.13.threat_match.json	576
detection_rules/etc/api_schemas/8.13/8.13.threshold.json	511
detection_rules/etc/api_schemas/8.14/master/8.14.base.json	524
detection_rules/etc/api_schemas/8.14/master/8.14.eql.json	602
detection_rules/etc/api_schemas/8.14/master/8.14.esql.json	590
detection_rules/etc/api_schemas/8.14/master/8.14.machine_learning.json	534
detection_rules/etc/api_schemas/8.14/master/8.14.new_terms.json	645
detection_rules/etc/api_schemas/8.14/master/8.14.query.json	594
detection_rules/etc/api_schemas/8.14/master/8.14.threat_match.json	685
detection_rules/etc/api_schemas/8.14/master/8.14.threshold.json	620
detection_rules/etc/api_schemas/8.15/8.15.base.json	430
detection_rules/etc/api_schemas/8.15/8.15.eql.json	508
detection_rules/etc/api_schemas/8.15/8.15.esql.json	496
detection_rules/etc/api_schemas/8.15/8.15.machine_learning.json	440
detection_rules/etc/api_schemas/8.15/8.15.new_terms.json	551
detection_rules/etc/api_schemas/8.15/8.15.query.json	500
detection_rules/etc/api_schemas/8.15/8.15.threat_match.json	591
detection_rules/etc/api_schemas/8.15/8.15.threshold.json	526
detection_rules/etc/api_schemas/8.16/8.16.base.json	412
detection_rules/etc/api_schemas/8.16/8.16.eql.json	490
detection_rules/etc/api_schemas/8.16/8.16.esql.json	478
detection_rules/etc/api_schemas/8.16/8.16.machine_learning.json	476
detection_rules/etc/api_schemas/8.16/8.16.new_terms.json	533
detection_rules/etc/api_schemas/8.16/8.16.query.json	482
detection_rules/etc/api_schemas/8.16/8.16.threat_match.json	573
detection_rules/etc/api_schemas/8.16/8.16.threshold.json	508
detection_rules/etc/api_schemas/8.17/8.17.base.json	412
detection_rules/etc/api_schemas/8.17/8.17.eql.json	490
detection_rules/etc/api_schemas/8.17/8.17.esql.json	478
detection_rules/etc/api_schemas/8.17/8.17.machine_learning.json	476
detection_rules/etc/api_schemas/8.17/8.17.new_terms.json	533
detection_rules/etc/api_schemas/8.17/8.17.query.json	482
detection_rules/etc/api_schemas/8.17/8.17.threat_match.json	573
detection_rules/etc/api_schemas/8.17/8.17.threshold.json	508
detection_rules/etc/api_schemas/8.2/8.2.base.json	336
detection_rules/etc/api_schemas/8.2/8.2.eql.json	347
detection_rules/etc/api_schemas/8.2/8.2.machine_learning.json	349
detection_rules/etc/api_schemas/8.2/8.2.query.json	349
detection_rules/etc/api_schemas/8.2/8.2.threat_match.json	440
detection_rules/etc/api_schemas/8.2/8.2.threshold.json	398
detection_rules/etc/api_schemas/8.3/8.3.base.json	344
detection_rules/etc/api_schemas/8.3/8.3.eql.json	355
detection_rules/etc/api_schemas/8.3/8.3.machine_learning.json	357
detection_rules/etc/api_schemas/8.3/8.3.query.json	357
detection_rules/etc/api_schemas/8.3/8.3.threat_match.json	448
detection_rules/etc/api_schemas/8.3/8.3.threshold.json	406
detection_rules/etc/api_schemas/8.4/8.4.base.json	383
detection_rules/etc/api_schemas/8.4/8.4.eql.json	394
detection_rules/etc/api_schemas/8.4/8.4.machine_learning.json	396
detection_rules/etc/api_schemas/8.4/8.4.query.json	396
detection_rules/etc/api_schemas/8.4/8.4.threat_match.json	487
detection_rules/etc/api_schemas/8.4/8.4.threshold.json	445
detection_rules/etc/api_schemas/8.5/8.5.base.json	405
detection_rules/etc/api_schemas/8.5/8.5.eql.json	416
detection_rules/etc/api_schemas/8.5/8.5.machine_learning.json	418
detection_rules/etc/api_schemas/8.5/8.5.query.json	418
detection_rules/etc/api_schemas/8.5/8.5.threat_match.json	509
detection_rules/etc/api_schemas/8.5/8.5.threshold.json	467
detection_rules/etc/api_schemas/8.6/8.6.base.json	407
detection_rules/etc/api_schemas/8.6/8.6.eql.json	418
detection_rules/etc/api_schemas/8.6/8.6.machine_learning.json	420
detection_rules/etc/api_schemas/8.6/8.6.query.json	420
detection_rules/etc/api_schemas/8.6/8.6.threat_match.json	511
detection_rules/etc/api_schemas/8.6/8.6.threshold.json	469
detection_rules/etc/api_schemas/8.7/8.7.base.json	410
detection_rules/etc/api_schemas/8.7/8.7.eql.json	420
detection_rules/etc/api_schemas/8.7/8.7.machine_learning.json	422
detection_rules/etc/api_schemas/8.7/8.7.new_terms.json	473
detection_rules/etc/api_schemas/8.7/8.7.query.json	422
detection_rules/etc/api_schemas/8.7/8.7.threat_match.json	513
detection_rules/etc/api_schemas/8.7/8.7.threshold.json	471
detection_rules/etc/api_schemas/8.8/8.8.base.json	450
detection_rules/etc/api_schemas/8.8/8.8.eql.json	460
detection_rules/etc/api_schemas/8.8/8.8.machine_learning.json	462
detection_rules/etc/api_schemas/8.8/8.8.new_terms.json	513
detection_rules/etc/api_schemas/8.8/8.8.query.json	462
detection_rules/etc/api_schemas/8.8/8.8.threat_match.json	553
detection_rules/etc/api_schemas/8.8/8.8.threshold.json	511
detection_rules/etc/api_schemas/8.9/8.9.base.json	453
detection_rules/etc/api_schemas/8.9/8.9.eql.json	463
detection_rules/etc/api_schemas/8.9/8.9.machine_learning.json	465
detection_rules/etc/api_schemas/8.9/8.9.new_terms.json	516
detection_rules/etc/api_schemas/8.9/8.9.query.json	465
detection_rules/etc/api_schemas/8.9/8.9.threat_match.json	556
detection_rules/etc/api_schemas/8.9/8.9.threshold.json	514
detection_rules/etc/api_schemas/master/master.base.json	412
detection_rules/etc/api_schemas/master/master.eql.json	490
detection_rules/etc/api_schemas/master/master.esql.json	478
detection_rules/etc/api_schemas/master/master.machine_learning.json	476
detection_rules/etc/api_schemas/master/master.new_terms.json	533
detection_rules/etc/api_schemas/master/master.query.json	482
detection_rules/etc/api_schemas/master/master.threat_match.json	573
detection_rules/etc/api_schemas/master/master.threshold.json	508
detection_rules/etc/attack-crosswalk.json	2420
detection_rules/etc/attack-technique-redirects.json	136
detection_rules/etc/deprecated_rules.json	387
detection_rules/etc/downloadable_updates.json	156
detection_rules/etc/non-ecs-schema.json	181
detection_rules/etc/rule_template_typosquatting_domain.json	47
detection_rules/etc/security-logo-color-64px.svg	14
detection_rules/etc/test_toml.json	166
docs-dev/ATT&CK-coverage.md	150
docs-dev/custom-rules-management.md	163
docs-dev/deprecating.md	14
docs-dev/detections-as-code.md	38
docs-dev/developing.md	49
docs-dev/experimental-machine-learning/DGA.md	34
docs-dev/experimental-machine-learning/beaconing.md	59
docs-dev/experimental-machine-learning/experimental-detections.md	17
docs-dev/experimental-machine-learning/host-risk-score.md	150
docs-dev/experimental-machine-learning/problem-child.md	44
docs-dev/experimental-machine-learning/readme.md	74
docs-dev/experimental-machine-learning/url-spoof.md	61
docs-dev/experimental-machine-learning/user-risk-score.md	116
docs-dev/rule-insights.md	65
docs-dev/typosquatting_rule.md	19
docs-dev/versioning.md	116
hunting/README.md	112
hunting/index.md	130
hunting/llm/README.md	31
rules/README.md	25
rules/integrations/aws/NOTICE.txt	20