[Security Rules] Update security rules package to v8.19.17-beta.2 (#17737)

tradebot-elastic · web-flow · commit cede1b3d8904 · 2026-03-10T14:23:11.000Z
diff --git a/packages/security_detection_engine/changelog.yml b/packages/security_detection_engine/changelog.yml
@@ -1,5 +1,10 @@
 # newer versions go on top
 # NOTE: please use pre-release versions (e.g. -beta.0) until a package is ready for production
+- version: 8.19.17-beta.2
+  changes:
+    - description: Release security rules update
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/17737
 - version: 8.19.17-beta.1
   changes:
     - description: Release security rules update
diff --git a/packages/security_detection_engine/kibana/security_rule/e5f6a7b8-c9d0-8e1f-2a3b-4c5d6e7f8a9b_2.json b/packages/security_detection_engine/kibana/security_rule/e5f6a7b8-c9d0-8e1f-2a3b-4c5d6e7f8a9b_2.json
@@ -4,7 +4,7 @@
             "Elastic"
         ],
         "description": "Detects DNS queries to commonly abused remote monitoring and management (RMM) or remote access software domains from processes that are not browsers. Intended to surface RMM clients, scripts, or other non-browser activity contacting these services.",
-        "from": "now-8d",
+        "from": "now-9m",
         "history_window_start": "now-7d",
         "index": [
             "logs-endpoint.events.network-*",
@@ -103,8 +103,8 @@
         ],
         "timestamp_override": "event.ingested",
         "type": "new_terms",
-        "version": 1
+        "version": 2
     },
-    "id": "e5f6a7b8-c9d0-8e1f-2a3b-4c5d6e7f8a9b_1",
+    "id": "e5f6a7b8-c9d0-8e1f-2a3b-4c5d6e7f8a9b_2",
     "type": "security-rule"
 }
diff --git a/packages/security_detection_engine/manifest.yml b/packages/security_detection_engine/manifest.yml
@@ -21,4 +21,4 @@ source:
   license: Elastic-2.0
 title: Prebuilt Security Detection Rules
 type: integration
-version: 8.19.17-beta.1
+version: 8.19.17-beta.2
