Skip to content

[New Rules] Add MITRE ATLAS framework support and GenAI threat detection rules #5352

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 5 commits into
base: main
Choose a base branch
from
Draft

[New Rules] Add MITRE ATLAS framework support and GenAI threat detection rules #5352

wants to merge 5 commits into from

Conversation

@Mikaayenson
Copy link
Contributor

@Mikaayenson Mikaayenson commented Nov 22, 2025
edited
Loading

Pull Request

Issue link(s): Related https://github.com/elastic/security-team/issues/9809

Summary - What I changed

This PR adds MITRE ATLAS framework support to the detection-rules repository and introduces five new Generative AI (GenAI) threat detection rules that leverage ATLAS techniques.

Framework Support

  • Added MITRE ATLAS framework support: New atlas.py module with utilities to load and process ATLAS data from the official MITRE ATLAS YAML file
  • Schema updates: Extended threat framework validation to support MITRE ATLAS URLs and tags in rule definitions
  • Rule schema enhancement: Updated rule.py to accept "MITRE ATLAS" as a valid threat framework alongside "MITRE ATT&CK"

New Detection Rules

Five new cross-platform detection rules targeting GenAI-related threats:

  1. Collection - GenAI Process Accessing Sensitive Files (collection_genai_process_sensitive_file_access.toml)

    • Detects when GenAI tools access credential stores, SSH keys, browser data, or other sensitive files
    • Maps to ATLAS techniques: AML.T0085 (Data from AI Services), AML.T0085.001 (AI Agent Tools), AML.T0055 (Unsecured Credentials)

  2. Command and Control - GenAI Process Connection to Suspicious TLD (command_and_control_genai_process_suspicious_tld_connection.toml)

    • Detects GenAI tools connecting to suspicious top-level domains commonly used for C2
    • Maps to ATLAS technique: AML.T0086 (Exfiltration via AI Agent Tool Invocation)

  3. Execution - GenAI Process Compiling Executables (execution_genai_process_compiling_executables.toml)

    • Detects when GenAI processes spawn compilation tools (gcc, clang, msbuild, pyinstaller, etc.)
    • Maps to ATLAS technique: AML.T0053 (AI Agent Tool Invocation)

  4. Execution - MCP Server Spawning Any Child Process (execution_mcp_server_any_child_process.toml)

    • Detects any child process spawned by Model Context Protocol (MCP) servers
    • Maps to ATLAS technique: AML.T0053 (AI Agent Tool Invocation)

  5. Exfiltration - GenAI Process Encoding Prior to Network Activity (exfiltration_genai_process_encoding_prior_to_network_activity.toml)

    • Detects encoding/chunking operations (base64, gzip, tar, zip) by GenAI processes followed by network activity
    • Maps to ATLAS technique: AML.T0086 (Exfiltration via AI Agent Tool Invocation)

All rules are cross-platform (Windows, macOS, Linux), use EQL queries, and include comprehensive investigation guides and false positive analysis.

How To Test

🔱 Tests will run in CI

Manual Testing

  1. Validate ATLAS framework support:

    python -m detection_rules test

  2. Verify rule validation:

    python -m detection_rules validate-rule rules/cross-platform/collection_genai_process_sensitive_file_access.toml

  3. Check ATLAS data loading:

    from detection_rules.atlas import load_atlas_yaml, build_threat_map_entry
atlas_data = load_atlas_yaml()
threat_entry = build_threat_map_entry("Collection", "AML.T0085", "AML.T0085.001")

Expected Test Results

  • All existing tests should pass
  • New rules should validate successfully with ATLAS threat mappings
  • Schema validation should accept ATLAS framework URLs and tags

Checklist

  • Added a label for the type of pr: Rule: New and enhancement (for ATLAS framework support)
  • Added the meta:rapid-merge label if planning to merge within 24 hours
  • Secret and sensitive material has been managed correctly
  • Automated testing was updated or added to match the most common scenarios
  • Documentation and comments were added for features that require explanation

@tradebot-elastic
Copy link

tradebot-elastic commented Nov 22, 2025
edited
Loading

⛔️ Test failed

Results
  • ❌ GenAI Process Connection to Suspicious Top Level Domain (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ MCP Server Spawning Any Child Process (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Compiling or Generating Executables (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Accessing Sensitive Files (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Performing Encoding/Chunking Prior to Network Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta

@Mikaayenson Mikaayenson added enhancement New feature or request Rule: New Proposal for new rule labels Nov 22, 2025
@Mikaayenson Mikaayenson self-assigned this Nov 22, 2025
@Mikaayenson Mikaayenson added the python Internal python for the repository label Nov 22, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Nov 22, 2025

Enhancement - Guidelines

These guidelines serve as a reminder set of considerations when addressing adding a feature to the code.

Documentation and Context

  • Describe the feature enhancement in detail (alternative solutions, description of the solution, etc.) if not already documented in an issue.
  • Include additional context or screenshots.
  • Ensure the enhancement includes necessary updates to the documentation and versioning.

Code Standards and Practices

  • Code follows established design patterns within the repo and avoids duplication.
  • Ensure that the code is modular and reusable where applicable.

Testing

  • New unit tests have been added to cover the enhancement.
  • Existing unit tests have been updated to reflect the changes.
  • Provide evidence of testing and validating the enhancement (e.g., test logs, screenshots).
  • Validate that any rules affected by the enhancement are correctly updated.
  • Ensure that performance is not negatively impacted by the changes.
  • Verify that any release artifacts are properly generated and tested.
  • Conducted system testing, including fleet, import, and create APIs (e.g., run make test-cli, make test-remote-cli, make test-hunting-cli)

Additional Checks

  • Verify that the enhancement works across all relevant environments (e.g., different OS versions).
  • Confirm that the proper version label is applied to the PR patch, minor, major.

@tradebot-elastic
Copy link

tradebot-elastic commented Nov 22, 2025
edited
Loading

⛔️ Test failed

Results
  • ❌ GenAI Process Connection to Suspicious Top Level Domain (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ MCP Server Spawning Any Child Process (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Compiling or Generating Executables (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Accessing Sensitive Files (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Performing Encoding/Chunking Prior to Network Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta

@Mikaayenson Mikaayenson changed the title Add MITRE ATLAS framework support and GenAI threat detection rules [New Rules] Add MITRE ATLAS framework support and GenAI threat detection rules Nov 22, 2025
@tradebot-elastic
Copy link

tradebot-elastic commented Nov 22, 2025
edited
Loading

⛔️ Test failed

Results
  • ❌ GenAI Process Connection to Suspicious Top Level Domain (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ MCP Server Spawning Any Child Process (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Compiling or Generating Executables (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Accessing Sensitive Files (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Performing Encoding/Chunking Prior to Network Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta

@tradebot-elastic
Copy link

tradebot-elastic commented Nov 22, 2025
edited
Loading

⛔️ Test failed

Results
  • ❌ GenAI Process Connection to Suspicious Top Level Domain (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ MCP Server Spawning Any Child Process (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Compiling or Generating Executables (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Accessing Sensitive Files (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Performing Encoding/Chunking Prior to Network Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta

Mikaayenson
Mikaayenson commented Nov 23, 2025
View reviewed changes
rules/cross-platform/command_and_control_genai_process_suspicious_tld_connection.toml
Comment on lines +129 to +130
[[rule.threat]]
framework = "MITRE ATLAS"
Copy link
Contributor Author

@Mikaayenson Mikaayenson Nov 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still need to test importing ndjson to Kibana

Copy link
Contributor Author

@Mikaayenson Mikaayenson Nov 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can import / export these rules with the proper mappings, editing the MITRE fields will remove the ATLAS mappings.

@tradebot-elastic
Copy link

tradebot-elastic commented Nov 24, 2025
edited
Loading

⛔️ Test failed

Results
  • ❌ GenAI Process Connection to Suspicious Top Level Domain (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ MCP Server Spawning Any Child Process (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Compiling or Generating Executables (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Accessing Sensitive Files (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta
  • ❌ GenAI Process Performing Encoding/Chunking Prior to Network Activity (eql)
    • coverage_issue: no_rta
    • stack_validation_failed: no_rta

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Samirbous Samirbous Samirbous left review comments

@eric-forte-elastic eric-forte-elastic Awaiting requested review from eric-forte-elastic eric-forte-elastic will be requested when the pull request is marked ready for review eric-forte-elastic is a code owner

@traut traut Awaiting requested review from traut traut will be requested when the pull request is marked ready for review traut is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

@Mikaayenson Mikaayenson

Labels

enhancement New feature or request patch python Internal python for the repository Rule: New Proposal for new rule

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Mikaayenson @tradebot-elastic @Samirbous