Skip to content

Pull requests: elastic/detection-rules

New pull request New
25 Open 2,876 Closed
25 Open 2,876 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

Prep for Release 9.0 backport: auto bbr Building Block Rules Domain: Cloud Domain: Endpoint enhancement New feature or request Integration: AWS AWS related rules Integration: Azure azure related rules Integration: Endpoint Elastic Endpoint Security Integration: Microsoft 365 OS: Linux OS: Windows windows related rules patch python Internal python for the repository schema
#4502 opened Feb 27, 2025 by shashank-elastic Loading…
1 of 5 tasks
@shashank-elastic
11
[Security Content] Windows Audit Policies Config Guides - Repo Edition backport: auto Domain: Endpoint OS: Windows windows related rules Security Content
#4501 opened Feb 26, 2025 by w0rk3r Loading…
@w0rk3r
[New Rule] Python Site or User Customize File Creation backport: auto Domain: Endpoint OS: Linux Team: TRADE
#4500 opened Feb 26, 2025 by Aegrah Loading…
@Aegrah
5
[New Rule] Python Path File (pth) Creation backport: auto Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4499 opened Feb 26, 2025 by Aegrah Loading…
@Aegrah
6
chore: adjust paths to track in REACT test CI workflow backport: auto maintenance Internal changes
#4498 opened Feb 26, 2025 by traut Loading…
1 of 5 tasks
1
fix: removing outdated code in Kibana client auth backport: auto bug Something isn't working patch
#4495 opened Feb 25, 2025 by traut Loading…
2 of 5 tasks
2
[Security Content] Basic EDR Setup Guides - Phase 1 backport: auto Domain: Endpoint OS: Windows windows related rules Security Content
#4492 opened Feb 24, 2025 by w0rk3r Loading…
@w0rk3r
3
[Rule Tunin] Adjusting Investigation Guide for First Occurrence of Entra ID Auth via DeviceCode Protocol backport: auto Domain: Cloud Integration: Azure azure related rules Rule: Tuning tweaking or tuning an existing rule
#4490 opened Feb 21, 2025 by terrancedejesus Loading…
5 tasks
@terrancedejesus
3
[New Rule] Base64 Decoded Payload Piped to Interpreter backport: auto Domain: Endpoint OS: Linux Team: TRADE
#4488 opened Feb 21, 2025 by Aegrah Loading…
@Aegrah
3
[New Rule] Unusual File Transfer Utility Launched backport: auto Domain: Endpoint OS: Linux Team: TRADE
#4487 opened Feb 21, 2025 by Aegrah Loading…
@Aegrah
3
[New Rule] Unusual Base64 Encoding/Decoding Activity backport: auto Domain: Endpoint OS: Linux Team: TRADE
#4486 opened Feb 21, 2025 by Aegrah Loading…
@Aegrah
2
[New Rule] Kill Command Execution backport: auto Domain: Endpoint OS: Linux Team: TRADE
#4485 opened Feb 21, 2025 by Aegrah Loading…
@Aegrah
5
[New Rule] Successful SSH Authentication from Unusual IP-Address backport: auto Domain: Endpoint OS: Linux Team: TRADE
#4482 opened Feb 21, 2025 by Aegrah Loading…
@Aegrah
5
[New Rule] Successful SSH Authentication from Unusual User backport: auto Domain: Endpoint OS: Linux Team: TRADE
#4481 opened Feb 21, 2025 by Aegrah Loading…
@Aegrah
9
[New Rule] Successful SSH Authentication from Unusual SSH Public Key backport: auto Domain: Endpoint OS: Linux Team: TRADE
#4478 opened Feb 21, 2025 by Aegrah Loading…
@Aegrah
7
chore: Removing RTAs backport: auto community Hunting maintenance Internal changes patch python Internal python for the repository RTA work on RTA framework schema
#4437 opened Feb 3, 2025 by traut Loading…
5 tasks
6
[Rule Tuning] Add exceptions for non-interactive signin failures for Entra M365 Bruteforce backport: auto community Domain: Cloud Integration: Azure azure related rules Rule: Tuning tweaking or tuning an existing rule
#4405 opened Jan 22, 2025 by jvalente-salemstate Loading…
2 tasks done
1
@terrancedejesus
4
Add Fortigate Fortinet index to multiple detection rules backport: auto community RTA work on RTA framework
#4275 opened Nov 27, 2024 by SHolzhauer Loading…
1 of 2 tasks
1
1
Revert "[Bug] Handle formatting empty list" backport: auto python Internal python for the repository wontfix This will not be worked on
#4087 opened Sep 17, 2024 by brokensound77 Loading…
7
[New Rule] Active Directory Forced Authentication from Linux Host backlog backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#3912 opened Jul 22, 2024 by w0rk3r Draft
@w0rk3r
14
[FR] Add white space checking for KQL parse backlog kql related to the kql module
#3789 opened Jun 14, 2024 by eric-forte-elastic Draft
1
@eric-forte-elastic
2
[New Rules] Azure OpenAI backlog backport: auto esql ES|QL Integration: Azure Openai Rule: New Proposal for new rule
#3701 opened May 22, 2024 by Mikaayenson Loading…
@Mikaayenson
33
[FR] Updates to KQL Lib Parsing bug Something isn't working kql related to the kql module
#3605 opened Apr 18, 2024 by eric-forte-elastic Draft
1
@eric-forte-elastic
WIP: [POC] Refactor: port unittest to pytest backlog backport: auto bug Something isn't working detections-as-code enhancement New feature or request python Internal python for the repository test-suite unit and other testing components
#3361 opened Jan 3, 2024 by Mikaayenson Draft
@Mikaayenson
11
[Rule Tuning] Update rules using NPC integration and non-ECS fields backlog backport: auto blocked Domain: Network Rule: Tuning tweaking or tuning an existing rule
#3194 opened Oct 16, 2023 by brokensound77 Loading…
@brokensound77
11
ProTip! Type g p on any issue or pull request to go back to the pull request listing page.