[Custom] Detection rules inspiration #66
Description
I'm the author of Fibratus, an open-source adversary tradecraft detection, prevention, and hunting tool focused on Windows security. I wanted to take a moment to express my appreciation for the work Elastic is doing with the protections-artifacts repository. The transparency and depth of the work you're sharing is not only impressive, but also incredibly valuable to the broader security community.
I wanted to clarify a licensing question: I'm interested in using the repository as a source of inspiration for some of the detection logic in Fibratus, but not copying or directly reusing any of the code or data. Moreover, the vast majority of your detection rules are impossible to translate to Fibratus equivalent because of the lack of telemetry or detection capabilities.
Would such use—inspired by your approach but implemented independently—be considered a violation of the Elastic license?
I want to make sure I respect both the letter and spirit of your licensing terms while continuing to contribute to the open security ecosystem including any Fibratus rule Elastic can benefit from.
Thanks in advance, and again, I truly appreciate the work you're doing.