Pull requests: elastic/detection-rules
Pull requests list
[New] Ransomware over SMB
backport: auto
Domain: Endpoint
OS: Windows
windows related rules
Rule: New
Proposal for new rule
#3638
opened May 2, 2024 by
Samirbous
Loading…
[FR] Add Hunt Structure and Initial LLM Queries 🚀
backport: auto
esql
ES|QL
llm
Rule: Hunt
bit noisy but useful for hunting
#3637
opened May 2, 2024 by
Mikaayenson
Loading…
[New Rule] AWS EC2 Instance Connect SSH Public Key Uploaded
Area: RAD
Domain: Cloud
Integration: AWS
AWS related rules
Rule: New
Proposal for new rule
#3634
opened May 1, 2024 by
terrancedejesus
•
Draft
[New Rule] Building Block Rule - AWS IAM Login Profile Added to User
Area: RAD
bbr
Building Block Rules
Domain: Cloud
Integration: AWS
AWS related rules
Rule: New
Proposal for new rule
#3633
opened Apr 30, 2024 by
terrancedejesus
•
Draft
[New Rule] AWS Lambda Function Policy Updated To Allow Public Invocation
Area: RAD
Domain: Cloud
Integration: AWS
AWS related rules
Rule: New
Proposal for new rule
#3632
opened Apr 30, 2024 by
terrancedejesus
•
Draft
[New Rule] AWS Lambda Layer Added to Existing Function
Area: RAD
Domain: Cloud
Integration: AWS
AWS related rules
Rule: New
Proposal for new rule
#3631
opened Apr 30, 2024 by
terrancedejesus
•
Draft
[Rule Tuning] Add Initial SentinelOne Compatibility to Windows DRs
backport: auto
Domain: Endpoint
OS: Windows
windows related rules
Rule: Tuning
tweaking or tuning an existing rule
#3627
opened Apr 30, 2024 by
w0rk3r
Loading…
[New Rule] AWS Lambda Function Created or Updated
Area: RAD
bbr
Building Block Rules
Domain: Cloud
Integration: AWS
AWS related rules
Rule: New
Proposal for new rule
#3610
opened Apr 20, 2024 by
terrancedejesus
•
Draft
[New Rule] AWS IAM Roles Anywhere Profile Creation and Trusted Anchor with External Certificate Created
Area: RAD
Domain: Cloud
Integration: AWS
AWS related rules
Rule: New
Proposal for new rule
#3609
opened Apr 20, 2024 by
terrancedejesus
•
Draft
[New Rule] AWS S3 Bucket Object Retrieval, Deletion, and Potential Ransom Note Replacement
Area: RAD
Domain: Cloud
Integration: AWS
AWS related rules
Rule: New
Proposal for new rule
#3604
opened Apr 18, 2024 by
terrancedejesus
•
Draft
[New Rule] AWS S3 Bucket Policy Added to Share with External Account
Area: RAD
Domain: Cloud
Integration: AWS
AWS related rules
Rule: New
Proposal for new rule
#3603
opened Apr 18, 2024 by
terrancedejesus
•
Draft
[New Rule] AWS EC2 EBS Snapshot Shared with Another Account
Area: RAD
Domain: Cloud
Integration: AWS
AWS related rules
Rule: New
Proposal for new rule
#3601
opened Apr 17, 2024 by
terrancedejesus
•
Draft
[New Rule] AWS EC2 AMI Shared with Another Account
Area: RAD
Domain: Cloud
Integration: AWS
AWS related rules
Rule: New
Proposal for new rule
#3600
opened Apr 16, 2024 by
terrancedejesus
•
Draft
[New Rule] AWS EC2 VPC Security Group Rule Added for Any Address or Remote Access Ports
Area: RAD
Domain: Cloud
Integration: AWS
AWS related rules
Rule: New
Proposal for new rule
#3599
opened Apr 16, 2024 by
terrancedejesus
•
Draft
[New Rule] First Occurrence of AWS Resource Starting SSM Session to EC2 Instance
Area: RAD
Domain: Cloud
Integration: AWS
AWS related rules
Rule: New
Proposal for new rule
#3598
opened Apr 16, 2024 by
terrancedejesus
•
Draft
[New Rule] Attempt to Retrieve User Data from AWS EC2 Instance
Area: RAD
bbr
Building Block Rules
Domain: Cloud
Integration: AWS
AWS related rules
Rule: New
Proposal for new rule
#3593
opened Apr 15, 2024 by
terrancedejesus
•
Draft
[New Rule] Route53 Resolver Query Log Configuration Deleted
Area: RAD
Domain: Cloud
Integration: AWS
AWS related rules
Rule: New
Proposal for new rule
#3592
opened Apr 12, 2024 by
terrancedejesus
•
Draft
[New Rule] AWS S3 Bucket Expiration Lifecycle Configuration Added
Area: RAD
Domain: Cloud
Integration: AWS
AWS related rules
Rule: New
Proposal for new rule
#3591
opened Apr 12, 2024 by
terrancedejesus
•
Draft
[New Rule] Resource Accessing AWS Systems Manager SecureString Parameters with Decryption Flag
Area: RAD
Domain: Cloud
Integration: AWS
AWS related rules
Rule: New
Proposal for new rule
#3590
opened Apr 12, 2024 by
terrancedejesus
•
Draft
[New Rule] Rapid Secret Retrieval Attempts from AWS SecretsManager
Area: RAD
backport: auto
Domain: Cloud
Integration: AWS
AWS related rules
Rule: New
Proposal for new rule
Rule: Tuning
tweaking or tuning an existing rule
#3589
opened Apr 12, 2024 by
terrancedejesus
•
Draft
[New Rule] First Occurrence of User Identity Retrieving Credentials from EC2 Instance with an Assumed Role
Area: RAD
Domain: Cloud
Integration: AWS
AWS related rules
Rule: New
Proposal for new rule
#3586
opened Apr 10, 2024 by
terrancedejesus
•
Draft
[Bug] Query validation failing to capture InSet edge case with ip field types
Area: DED
backport: auto
bug
Something isn't working
python
Internal python for the repository
schema
Team: TRADE
#3572
opened Apr 4, 2024 by
eric-forte-elastic
Loading…
ProTip!
Exclude everything labeled
bug with -label:bug.