Skip to content

Pull requests: elastic/detection-rules

New pull request New
49 Open 2,203 Closed
49 Open 2,203 Closed
Author
Filter by author
Label
Filter by label
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Milestones
Filter by milestone
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

[New rules] AWS IAM AdministratorAccess Policy Attached to : User, Group, Role(es|ql) backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#3735 opened May 31, 2024 by imays11 Loading…
@imays11
2
[New Rule] DNS Global Query Block List Modified or Disabled backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#3734 opened May 31, 2024 by w0rk3r Loading…
@w0rk3r
[Update] Updating upload-artifact to Version 4 backport: auto dev rule meant to be non-prod / non-shipping Supportability Regarding rule maintenance and support for specific stack versions
#3733 opened May 31, 2024 by terrancedejesus Loading…
@terrancedejesus
[Rule Tuning] Shell Configuration Creation or Modification Area: RAD backport: auto OS: Linux Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#3732 opened May 31, 2024 by Aegrah Loading…
@Aegrah
[New Rule] SSH Key Generated via ssh-keygen Area: RAD backport: auto OS: Linux Rule: New Proposal for new rule Team: TRADE
#3731 opened May 31, 2024 by Aegrah Loading…
@Aegrah
[Rule Tuning] Message-of-the-Day (MOTD) Area: RAD backport: auto OS: Linux Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#3730 opened May 31, 2024 by Aegrah Loading…
@Aegrah
[Rule Tuning] Agent Spoofing Area: RAD backport: auto OS: Linux Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#3729 opened May 31, 2024 by Aegrah Loading…
@Aegrah
1
[Rule Tuning] Systemd Service & Timer Area: RAD backport: auto OS: Linux Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#3728 opened May 31, 2024 by Aegrah Loading…
@Aegrah
Test deprecated rule modification backport: auto Rule: Deprecation removal of a rule
#3727 opened May 31, 2024 by shashank-elastic Loading…
@shashank-elastic
2
[New Rule & Tuning] (Ana)Cron & At Job Creation Area: RAD backport: auto OS: Linux Rule: New Proposal for new rule Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#3726 opened May 31, 2024 by Aegrah Loading…
@Aegrah
Refresh MITRE Attack v15.1.0 backport: auto bbr Building Block Rules Domain: Cloud Domain: Endpoint Integration: Microsoft 365 OS: Linux OS: macOS OS: Windows windows related rules
#3725 opened May 31, 2024 by shashank-elastic Loading…
@shashank-elastic
1
react_sync_rta_updates_3539 backport: auto RTA work on RTA framework
#3722 opened May 30, 2024 by eric-forte-elastic Loading…
[New Rule] Rapid7 Threat Command CVEs Correlation backport: auto Integration: Rapid7 Threat Command python Internal python for the repository Rule: New Proposal for new rule schema
#3718 opened May 29, 2024 by terrancedejesus Loading…
@terrancedejesus
8
[New Rule] Potential DNS Server Privilege Escalation via ServerLevelPluginDll backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#3717 opened May 29, 2024 by w0rk3r Loading…
@w0rk3r
8
react_sync_rta_updates_3512 backport: auto RTA work on RTA framework
#3710 opened May 24, 2024 by eric-forte-elastic Loading…
react_sync_rta_updates_3513 backport: auto RTA work on RTA framework
#3709 opened May 23, 2024 by eric-forte-elastic Loading…
[Rule Tuning] Update ML Rules (Analytic Packages) to Add Event Ingested backport: auto Integration: Beaconing Integration: DED Integration: DGA Integration: LMD integration: ProblemChild ML machine learning related rule
#3705 opened May 23, 2024 by terrancedejesus Draft
@terrancedejesus
12
[New Rules] Azure OpenAI Area: RAD backport: auto esql ES|QL Integration: Azure Openai Rule: New Proposal for new rule
#3701 opened May 22, 2024 by Mikaayenson Loading…
@Mikaayenson
15
Update initial_access_microsoft_365_abnormal_clientappid.toml backport: auto Domain: Cloud Integration: Microsoft 365 Rule: Tuning tweaking or tuning an existing rule
#3685 opened May 16, 2024 by Samirbous Loading…
@Samirbous
[FR][DAC] Add Support for Custom Schemas Area: DED detections-as-code enhancement New feature or request python Internal python for the repository schema Team: TRADE
#3679 opened May 15, 2024 by eric-forte-elastic Loading…
1
@eric-forte-elastic
36
react_sync_rta_updates_3453 backport: auto community RTA work on RTA framework
#3664 opened May 13, 2024 by eric-forte-elastic Loading…
1
[FR] Add limited support and validation for version and revision detections-as-code enhancement New feature or request python Internal python for the repository
#3657 opened May 8, 2024 by Mikaayenson Loading…
1
@Mikaayenson
104
[New hunts] 50 ES|QL Windows Hunt Queries Area: RAD backport: auto Hunt: New OS: Windows windows related rules
#3642 opened May 3, 2024 by brokensound77 Loading…
26
[New Rule] AWS EC2 Instance Connect SSH Public Key Uploaded Area: RAD backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#3634 opened May 1, 2024 by terrancedejesus Loading…
@terrancedejesus
[New Rule] AWS Lambda Function Policy Updated To Allow Public Invocation Area: RAD backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#3632 opened Apr 30, 2024 by terrancedejesus Loading…
@terrancedejesus
3
ProTip! Follow long discussions with comments:>50.