Skip to content

Issues: elastic/detection-rules

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

170 Open 1,276 Closed
170 Open 1,276 Closed
Author
Filter by author
Label
Filter by label
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Milestones
Filter by milestone
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

[FR] New Terms Suppression Schema Updates Area: DED enhancement New feature or request python Internal python for the repository schema Team: TRADE
#3640 opened May 2, 2024 by eric-forte-elastic
@eric-forte-elastic
[FR] Update README with WSL instructions for Py3.12 Area: DED detections-as-code enhancement New feature or request
#3639 opened May 2, 2024 by eric-forte-elastic
@eric-forte-elastic
[FR][DAC] Consideration: DAC related CI/CD (GH actions) for syncing with Kibana detections-as-code enhancement New feature or request
#3626 opened Apr 29, 2024 by brokensound77
@Mikaayenson @eric-forte-elastic
[FR][DAC] Consideration: expose a callback function within kibana export-rules to organize the output detections-as-code enhancement New feature or request
#3625 opened Apr 27, 2024 by brokensound77
@Mikaayenson @eric-forte-elastic
[FR][DAC] Consideration: expose kql parse paremeters for custom rules validation detections-as-code enhancement New feature or request
#3624 opened Apr 27, 2024 by brokensound77
@Mikaayenson @eric-forte-elastic
[FR][DAC] Consideration: add validation on exceptions values detections-as-code enhancement New feature or request
#3623 opened Apr 27, 2024 by brokensound77
@Mikaayenson @eric-forte-elastic
[FR] normalize use of yaml extension (vs yml) enhancement New feature or request
#3622 opened Apr 27, 2024 by brokensound77
@Mikaayenson
[FR][DAC] raise a better exception for missing contents in config files detections-as-code enhancement New feature or request
#3621 opened Apr 27, 2024 by brokensound77
@Mikaayenson @eric-forte-elastic
[FR][DAC] Add *LIMITED* support for version and revision to BaseRuleData detections-as-code enhancement New feature or request
#3620 opened Apr 27, 2024 by brokensound77
@Mikaayenson @eric-forte-elastic
[FR][DAC] further decouple reliance on default rule dir locations detections-as-code enhancement New feature or request
#3619 opened Apr 26, 2024 by brokensound77
@Mikaayenson @eric-forte-elastic
[FR][DAC] add support for custom-schemas (BYOS) detections-as-code enhancement New feature or request
#3618 opened Apr 26, 2024 by brokensound77
@Mikaayenson @eric-forte-elastic
Threshold rule less than or checking when count is 0 Area: RAD community enhancement New feature or request
#3617 opened Apr 23, 2024 by kulbozz
[Rule Tuning] Very high false positive rate in 'Agent Spoofing - Multiple Hosts Using Same Agent' bug Something isn't working community
#3613 opened Apr 22, 2024 by jvalente-salemstate
1
[Rule Tuning] Windows Service Installed via an Unusual Client community Rule: Tuning tweaking or tuning an existing rule
#3588 opened Apr 11, 2024 by eriroley
@w0rk3r
[Rule Tuning] Azure Active Directory High Risk Sign-in => Also alert on failed community Rule: Tuning tweaking or tuning an existing rule
#3585 opened Apr 10, 2024 by willem-dhaese
[Bug] KQL fails to parse brackets and wildcards correctly Area: DED bug Something isn't working community Team: TRADE
#3582 opened Apr 7, 2024 by saiiman
1
@Mikaayenson @eric-forte-elastic
[FR] Better Error Messages for Schema Validation Area: DED enhancement New feature or request python Internal python for the repository
#3571 opened Apr 3, 2024 by eric-forte-elastic
1
[FR] Back-porting Version Trimming Area: DED enhancement New feature or request
#3563 opened Apr 2, 2024 by shashank-elastic
@shashank-elastic
2
[Rule Tuning] Potential SSH Brute Force Detected on Privileged Account community Rule: Tuning tweaking or tuning an existing rule
#3562 opened Apr 2, 2024 by willem-dhaese
@Aegrah
3
[Meta] Refactor Rule Formatter Area: DED enhancement New feature or request Meta python Internal python for the repository Team: TRADE
#3558 opened Apr 2, 2024 by Mikaayenson
[Meta] Refactor Rule Create and Importer Logic Area: DED enhancement New feature or request Meta python Internal python for the repository Team: TRADE
#3557 opened Apr 2, 2024 by Mikaayenson
[Meta] Refactor Rule Loader and Validation for Optimizations Area: DED enhancement New feature or request Meta python Internal python for the repository Team: TRADE
#3556 opened Apr 2, 2024 by Mikaayenson
[Meta] Explore Detection Opportunities on Active Directory Relay, Spoofing and Coercion Attacks - Part 1 Area: RAD Domain: Endpoint Meta OS: Windows windows related rules Team: TRADE
#3544 opened Mar 28, 2024 by w0rk3r
@w0rk3r
[Bug] Query validation failing to capture InSet edge case with ip field types bug Something isn't working
#3540 opened Mar 26, 2024 by Mikaayenson
1
@eric-forte-elastic
4
[Meta] Linux Active Directory Tooling detection Area: RAD Meta OS: Linux Team: TRADE
#3523 opened Mar 20, 2024 by w0rk3r
@w0rk3r
ProTip! no:milestone will show everything without a milestone.