Tag
This rule detects Elastic Defend alerts where the alerted process has a package-manager install context in its ancestry (npm, PyPI, Rust), indicating potential supply chain compromise via malicious postinstall scripts.