Skip to content

Pull requests: elastic/detection-rules

New pull request New
25 Open 2,893 Closed
25 Open 2,893 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

chore: use docs-dev instead of docs dir for docs backport: auto documentation Improvements or additions to documentation enhancement New feature or request maintenance Internal changes patch python Internal python for the repository
#4522 opened Mar 6, 2025 by traut Loading…
1 of 5 tasks
@traut
6
Deprecation Notice to Cloud Defend Rules backport: auto meta:rapid-merge Rule: Deprecation removal of a rule
#4520 opened Mar 6, 2025 by shashank-elastic Loading…
2 of 5 tasks
@shashank-elastic
24
[FR] Add Env Var DR_CLI_MAX_WIDTH and DaC Docs Updates backport: auto cli command line tooling detections-as-code documentation Improvements or additions to documentation enhancement New feature or request patch python Internal python for the repository
#4518 opened Mar 4, 2025 by eric-forte-elastic Loading…
5 tasks
1
@eric-forte-elastic
10
Add new ML detection rules for Privileged Access Detection
#4516 opened Mar 4, 2025 by sodhikirti07 Draft
5 tasks
7
[New Rule] Uncommon Destination Port Connection by Web Server backport: auto Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4515 opened Mar 4, 2025 by Aegrah Loading…
@Aegrah
6
[New Rule] Unusual File Creation from Web Server Parent backport: auto bbr Building Block Rules Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4514 opened Mar 4, 2025 by Aegrah Loading…
@Aegrah
6
[New Rule] Unusual Process Spawned from Web Server Parent backport: auto Domain: Endpoint esql ES|QL OS: Linux Rule: New Proposal for new rule Team: TRADE
#4513 opened Mar 4, 2025 by Aegrah Loading…
@Aegrah
2
[New Rule] Unusual Command Execution from Web Server Parent backport: auto Domain: Endpoint esql ES|QL OS: Linux Rule: New Proposal for new rule Team: TRADE
#4512 opened Mar 4, 2025 by Aegrah Loading…
@Aegrah
2
[New/Tuning] Docker Socket Enumeration backport: auto Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4510 opened Mar 4, 2025 by Aegrah Loading…
@Aegrah
2
[New Rules] Potential Port/Subnet Scanning Activity from Compromised Host backport: auto Domain: Endpoint esql ES|QL OS: Linux Rule: New Proposal for new rule Team: TRADE
#4509 opened Mar 4, 2025 by Aegrah Loading…
@Aegrah
3
Create new detection rule set documentation to be included in the new docs. backport: auto documentation Improvements or additions to documentation enhancement New feature or request
#4508 opened Mar 4, 2025 by Mpdreamz Loading…
2 tasks
@Mpdreamz
1
[ci] Add new docs-builder automation. backport: auto ci/cd documentation Improvements or additions to documentation enhancement New feature or request
#4507 opened Mar 4, 2025 by Mpdreamz Loading…
@Mpdreamz
1
Prep for Release 9.0 backport: auto bbr Building Block Rules Domain: Cloud Domain: Endpoint enhancement New feature or request Integration: AWS AWS related rules Integration: Azure azure related rules Integration: Endpoint Elastic Endpoint Security Integration: Microsoft 365 OS: Linux OS: Windows windows related rules patch python Internal python for the repository schema
#4502 opened Feb 27, 2025 by shashank-elastic Loading…
1 of 8 tasks
@shashank-elastic
16
[Security Content] Windows Audit Policies Config Guides - Repo Edition backport: auto Domain: Endpoint OS: Windows windows related rules Security Content
#4501 opened Feb 26, 2025 by w0rk3r Loading…
@w0rk3r
1
fix: removing outdated code in Kibana client auth backport: auto bug Something isn't working patch python Internal python for the repository
#4495 opened Feb 25, 2025 by traut Loading…
2 of 5 tasks
4
[Security Content] Basic EDR Setup Guides - Phase 1 backport: auto Domain: Endpoint OS: Windows windows related rules Security Content
#4492 opened Feb 24, 2025 by w0rk3r Draft
@w0rk3r
4
[Rule Tunin] Adjusting Investigation Guide for First Occurrence of Entra ID Auth via DeviceCode Protocol backport: auto Domain: Cloud Integration: Azure azure related rules Rule: Tuning tweaking or tuning an existing rule
#4490 opened Feb 21, 2025 by terrancedejesus Loading…
5 tasks
@terrancedejesus
3
[Rule Tuning] Add exceptions for non-interactive signin failures for Entra M365 Bruteforce backport: auto community Domain: Cloud Integration: Azure azure related rules Rule: Tuning tweaking or tuning an existing rule
#4405 opened Jan 22, 2025 by jvalente-salemstate Loading…
2 tasks done
1
@terrancedejesus
4
Add Fortigate Fortinet index to multiple detection rules backport: auto community RTA work on RTA framework
#4275 opened Nov 27, 2024 by SHolzhauer Loading…
1 of 2 tasks
1
1
Revert "[Bug] Handle formatting empty list" backport: auto python Internal python for the repository wontfix This will not be worked on
#4087 opened Sep 17, 2024 by brokensound77 Loading…
7
[New Rule] Active Directory Forced Authentication from Linux Host backlog backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#3912 opened Jul 22, 2024 by w0rk3r Draft
@w0rk3r
14
[FR] Add white space checking for KQL parse backlog kql related to the kql module
#3789 opened Jun 14, 2024 by eric-forte-elastic Draft
1
@eric-forte-elastic
2
[FR] Updates to KQL Lib Parsing bug Something isn't working kql related to the kql module
#3605 opened Apr 18, 2024 by eric-forte-elastic Draft
1
@eric-forte-elastic
WIP: [POC] Refactor: port unittest to pytest backlog backport: auto bug Something isn't working detections-as-code enhancement New feature or request python Internal python for the repository test-suite unit and other testing components
#3361 opened Jan 3, 2024 by Mikaayenson Draft
@Mikaayenson
11
[Rule Tuning] Update rules using NPC integration and non-ECS fields backlog backport: auto blocked Domain: Network Rule: Tuning tweaking or tuning an existing rule
#3194 opened Oct 16, 2023 by brokensound77 Loading…
@brokensound77
11
ProTip! no:milestone will show everything without a milestone.