Pull Request

Issue link(s): Related https://github.com/elastic/security-team/issues/9809

Summary - What I changed

This PR adds MITRE ATLAS framework support to the detection-rules repository and introduces five new Generative AI (GenAI) threat detection rules that leverage ATLAS techniques.

Framework Support

Added MITRE ATLAS framework support: New atlas.py module with utilities to load and process ATLAS data from the official MITRE ATLAS YAML file
Schema updates: Extended threat framework validation to support MITRE ATLAS URLs and tags in rule definitions
Rule schema enhancement: Updated rule.py to accept "MITRE ATLAS" as a valid threat framework alongside "MITRE ATT&CK"

New Detection Rules

Five new cross-platform detection rules targeting GenAI-related threats:

Collection - GenAI Process Accessing Sensitive Files (collection_genai_process_sensitive_file_access.toml)
- Detects when GenAI tools access credential stores, SSH keys, browser data, or other sensitive files
- Maps to ATLAS techniques: AML.T0085 (Data from AI Services), AML.T0085.001 (AI Agent Tools), AML.T0055 (Unsecured Credentials)
Command and Control - GenAI Process Connection to Suspicious TLD (command_and_control_genai_process_suspicious_tld_connection.toml)
- Detects GenAI tools connecting to suspicious top-level domains commonly used for C2
- Maps to ATLAS technique: AML.T0086 (Exfiltration via AI Agent Tool Invocation)
Execution - GenAI Process Compiling Executables (execution_genai_process_compiling_executables.toml)
- Detects when GenAI processes spawn compilation tools (gcc, clang, msbuild, pyinstaller, etc.)
- Maps to ATLAS technique: AML.T0053 (AI Agent Tool Invocation)
Execution - MCP Server Spawning Any Child Process (execution_mcp_server_any_child_process.toml)
- Detects any child process spawned by Model Context Protocol (MCP) servers
- Maps to ATLAS technique: AML.T0053 (AI Agent Tool Invocation)
Exfiltration - GenAI Process Encoding Prior to Network Activity (exfiltration_genai_process_encoding_prior_to_network_activity.toml)
- Detects encoding/chunking operations (base64, gzip, tar, zip) by GenAI processes followed by network activity
- Maps to ATLAS technique: AML.T0086 (Exfiltration via AI Agent Tool Invocation)

All rules are cross-platform (Windows, macOS, Linux), use EQL queries, and include comprehensive investigation guides and false positive analysis.

How To Test

🔱 Tests will run in CI

Manual Testing

Validate ATLAS framework support:
```
python -m detection_rules test
```

Verify rule validation:

python -m detection_rules validate-rule rules/cross-platform/collection_genai_process_sensitive_file_access.toml

Check ATLAS data loading:

from detection_rules.atlas import load_atlas_yaml, build_threat_map_entry
atlas_data = load_atlas_yaml()
threat_entry = build_threat_map_entry("Collection", "AML.T0085", "AML.T0085.001")

Expected Test Results

All existing tests should pass
New rules should validate successfully with ATLAS threat mappings
Schema validation should accept ATLAS framework URLs and tags

Checklist

[x] Added a label for the type of pr: Rule: New and enhancement (for ATLAS framework support)
[ ] Added the meta:rapid-merge label if planning to merge within 24 hours
[x] Secret and sensitive material has been managed correctly
[x] Automated testing was updated or added to match the most common scenarios
[x] Documentation and comments were added for features that require explanation

Nov 22 '25 00:11 Mikaayenson

⛔️ Test failed

Results

❌ GenAI Process Connection to Suspicious Top Level Domain (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta
❌ MCP Server Spawning Any Child Process (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta
❌ GenAI Process Compiling or Generating Executables (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta
❌ GenAI Process Accessing Sensitive Files (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta
❌ GenAI Process Performing Encoding/Chunking Prior to Network Activity (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta

Nov 22 '25 00:11 tradebot-elastic

Enhancement - Guidelines

These guidelines serve as a reminder set of considerations when addressing adding a feature to the code.

Documentation and Context

[ ] Describe the feature enhancement in detail (alternative solutions, description of the solution, etc.) if not already documented in an issue.
[ ] Include additional context or screenshots.
[ ] Ensure the enhancement includes necessary updates to the documentation and versioning.

Code Standards and Practices

[ ] Code follows established design patterns within the repo and avoids duplication.
[ ] Ensure that the code is modular and reusable where applicable.

Testing

[ ] New unit tests have been added to cover the enhancement.
[ ] Existing unit tests have been updated to reflect the changes.
[ ] Provide evidence of testing and validating the enhancement (e.g., test logs, screenshots).
[ ] Validate that any rules affected by the enhancement are correctly updated.
[ ] Ensure that performance is not negatively impacted by the changes.
[ ] Verify that any release artifacts are properly generated and tested.
[ ] Conducted system testing, including fleet, import, and create APIs (e.g., run make test-cli, make test-remote-cli, make test-hunting-cli)

Additional Checks

[ ] Verify that the enhancement works across all relevant environments (e.g., different OS versions).
[ ] Confirm that the proper version label is applied to the PR patch, minor, major.

Nov 22 '25 00:11 github-actions[bot]

⛔️ Test failed

Results

❌ GenAI Process Connection to Suspicious Top Level Domain (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta
❌ MCP Server Spawning Any Child Process (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta
❌ GenAI Process Compiling or Generating Executables (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta
❌ GenAI Process Accessing Sensitive Files (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta
❌ GenAI Process Performing Encoding/Chunking Prior to Network Activity (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta

Nov 22 '25 00:11 tradebot-elastic

⛔️ Test failed

Results

❌ GenAI Process Connection to Suspicious Top Level Domain (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta
❌ MCP Server Spawning Any Child Process (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta
❌ GenAI Process Compiling or Generating Executables (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta
❌ GenAI Process Accessing Sensitive Files (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta
❌ GenAI Process Performing Encoding/Chunking Prior to Network Activity (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta

Nov 22 '25 00:11 tradebot-elastic

⛔️ Test failed

Results

❌ GenAI Process Connection to Suspicious Top Level Domain (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta
❌ MCP Server Spawning Any Child Process (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta
❌ GenAI Process Compiling or Generating Executables (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta
❌ GenAI Process Accessing Sensitive Files (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta
❌ GenAI Process Performing Encoding/Chunking Prior to Network Activity (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta

Nov 22 '25 00:11 tradebot-elastic

⛔️ Test failed

Results

❌ GenAI Process Connection to Suspicious Top Level Domain (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta
❌ MCP Server Spawning Any Child Process (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta
❌ GenAI Process Compiling or Generating Executables (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta
❌ GenAI Process Accessing Sensitive Files (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta
❌ GenAI Process Performing Encoding/Chunking Prior to Network Activity (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta

Nov 24 '25 14:11 tradebot-elastic

💚 CLA has been signed

Dec 04 '25 06:12 cla-checker-service[bot]

⛔️ Test failed

Results

❌ GenAI Process Connection to Suspicious Top Level Domain (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta
❌ GenAI Process Compiling or Generating Executables (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta
❌ GenAI Process Accessing Sensitive Files (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta
❌ GenAI Process Performing Encoding/Chunking Prior to Network Activity (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta

Dec 04 '25 06:12 tradebot-elastic

⛔️ Test failed

Results

❌ GenAI Process Connection to Suspicious Top Level Domain (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta
❌ GenAI Process Compiling or Generating Executables (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta
❌ GenAI Process Accessing Sensitive Files (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta
❌ GenAI Process Performing Encoding/Chunking Prior to Network Activity (eql)
- coverage_issue: no_rta
- stack_validation_failed: no_rta