Issues: elastic/detection-rules
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
[FR] New Terms Suppression Schema Updates
Area: DED
enhancement
New feature or request
python
Internal python for the repository
schema
Team: TRADE
#3640
opened May 2, 2024 by
eric-forte-elastic
[FR] Update README with WSL instructions for Py3.12
Area: DED
detections-as-code
enhancement
New feature or request
#3639
opened May 2, 2024 by
eric-forte-elastic
[FR][DAC] Consideration: DAC related CI/CD (GH actions) for syncing with Kibana
detections-as-code
enhancement
New feature or request
#3626
opened Apr 29, 2024 by
brokensound77
[FR][DAC] Consideration: expose a callback function within New feature or request
kibana export-rules
to organize the output
detections-as-code
enhancement
#3625
opened Apr 27, 2024 by
brokensound77
[FR][DAC] Consideration: expose kql parse paremeters for custom rules validation
detections-as-code
enhancement
New feature or request
#3624
opened Apr 27, 2024 by
brokensound77
[FR][DAC] Consideration: add validation on exceptions values
detections-as-code
enhancement
New feature or request
#3623
opened Apr 27, 2024 by
brokensound77
[FR] normalize use of yaml extension (vs yml)
enhancement
New feature or request
#3622
opened Apr 27, 2024 by
brokensound77
[FR][DAC] raise a better exception for missing contents in config files
detections-as-code
enhancement
New feature or request
#3621
opened Apr 27, 2024 by
brokensound77
[FR][DAC] Add *LIMITED* support for New feature or request
version
and revision
to BaseRuleData
detections-as-code
enhancement
#3620
opened Apr 27, 2024 by
brokensound77
[FR][DAC] further decouple reliance on default rule dir locations
detections-as-code
enhancement
New feature or request
#3619
opened Apr 26, 2024 by
brokensound77
[FR][DAC] add support for custom-schemas (BYOS)
detections-as-code
enhancement
New feature or request
#3618
opened Apr 26, 2024 by
brokensound77
Threshold rule less than or checking when count is 0
Area: RAD
community
enhancement
New feature or request
#3617
opened Apr 23, 2024 by
kulbozz
[Rule Tuning] Very high false positive rate in 'Agent Spoofing - Multiple Hosts Using Same Agent'
bug
Something isn't working
community
#3613
opened Apr 22, 2024 by
jvalente-salemstate
[Rule Tuning] Windows Service Installed via an Unusual Client
community
Rule: Tuning
tweaking or tuning an existing rule
#3588
opened Apr 11, 2024 by
eriroley
[Rule Tuning] Azure Active Directory High Risk Sign-in => Also alert on failed
community
Rule: Tuning
tweaking or tuning an existing rule
#3585
opened Apr 10, 2024 by
willem-dhaese
[Bug] KQL fails to parse brackets and wildcards correctly
Area: DED
bug
Something isn't working
community
Team: TRADE
#3582
opened Apr 7, 2024 by
saiiman
[FR] Better Error Messages for Schema Validation
Area: DED
enhancement
New feature or request
python
Internal python for the repository
#3571
opened Apr 3, 2024 by
eric-forte-elastic
[FR] Back-porting Version Trimming
Area: DED
enhancement
New feature or request
#3563
opened Apr 2, 2024 by
shashank-elastic
[Rule Tuning] Potential SSH Brute Force Detected on Privileged Account
community
Rule: Tuning
tweaking or tuning an existing rule
#3562
opened Apr 2, 2024 by
willem-dhaese
[Meta] Refactor Rule Formatter
Area: DED
enhancement
New feature or request
Meta
python
Internal python for the repository
Team: TRADE
#3558
opened Apr 2, 2024 by
Mikaayenson
[Meta] Refactor Rule Create and Importer Logic
Area: DED
enhancement
New feature or request
Meta
python
Internal python for the repository
Team: TRADE
#3557
opened Apr 2, 2024 by
Mikaayenson
[Meta] Refactor Rule Loader and Validation for Optimizations
Area: DED
enhancement
New feature or request
Meta
python
Internal python for the repository
Team: TRADE
#3556
opened Apr 2, 2024 by
Mikaayenson
[Meta] Explore Detection Opportunities on Active Directory Relay, Spoofing and Coercion Attacks - Part 1
Area: RAD
Domain: Endpoint
Meta
OS: Windows
windows related rules
Team: TRADE
#3544
opened Mar 28, 2024 by
w0rk3r
[Bug] Query validation failing to capture InSet edge case with ip field types
bug
Something isn't working
#3540
opened Mar 26, 2024 by
Mikaayenson
[Meta] Linux Active Directory Tooling detection
Area: RAD
Meta
OS: Linux
Team: TRADE
#3523
opened Mar 20, 2024 by
w0rk3r
Previous Next
ProTip!
no:milestone will show everything without a milestone.