Skip to content

Pull requests: elastic/detection-rules

New pull request New
47 Open 2,302 Closed
47 Open 2,302 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

[New Rule] AWS RDS Snapshot Deleted backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#3852 opened Jun 29, 2024 by imays11 Loading…
@imays11
[New Rule] AWS RDS DB Instance or Cluster Deletion Protection Disabled backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#3851 opened Jun 28, 2024 by imays11 Loading…
@imays11
[FR] Detection Rule PR Guidelines and Issue Forms backport: auto ci/cd enhancement New feature or request
#3850 opened Jun 28, 2024 by Mikaayenson Loading…
1
@Mikaayenson
[Rule Tuning] Tuning Google Workspace Rules and File Name Length Reduction backport: auto Domain: Cloud Domain: SaaS Integration: Google Workspace Rule: Tuning tweaking or tuning an existing rule
#3849 opened Jun 28, 2024 by terrancedejesus Loading…
@terrancedejesus
1
[Rule Tuning] Unusual File Creation - Alternate Data Stream backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#3848 opened Jun 28, 2024 by w0rk3r Loading…
1
@w0rk3r
[New Hunt] Add Initial Linux Hunting Files Hunt: New threat hunting Related to hunting/ library.
#3847 opened Jun 28, 2024 by terrancedejesus Draft
@terrancedejesus
[FR] Update Release Workflow Token Naming backport: auto ci/cd Team: TRADE
#3846 opened Jun 28, 2024 by eric-forte-elastic Loading…
@eric-forte-elastic
4
[New Rule] AWS RDS DB Instance or Cluster Password Modified backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#3844 opened Jun 28, 2024 by imays11 Loading…
@imays11
[Rule Tuning] Improve Compatibility in WIndows BBR Detection Rules backport: auto bbr Building Block Rules Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#3841 opened Jun 27, 2024 by w0rk3r Loading…
1
@w0rk3r
1
[New Rule] AWS RDS DB Instance Made Public backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#3836 opened Jun 27, 2024 by imays11 Loading…
@imays11
2
[New Rule] [BBR] Active Directory Object Modification by SYSTEM backport: auto bbr Building Block Rules Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#3835 opened Jun 26, 2024 by w0rk3r Draft
@w0rk3r
1
[New Rule] AWS RDS Snapshot Shared with Another Account backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#3831 opened Jun 26, 2024 by imays11 Loading…
1
@imays11
4
[FR] Added Schema Check for Data View ID and Index backport: auto bug Something isn't working python Internal python for the repository test-suite unit and other testing components
#3830 opened Jun 25, 2024 by eric-forte-elastic Loading…
1
@eric-forte-elastic
1
[Rule Tuning] LSASS Process Access via Windows API backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#3824 opened Jun 25, 2024 by joe-desimone Loading…
2
[New Rule] Entra ID Device Code Auth with Broker Client backport: auto bug Something isn't working Domain: Cloud Integration: Azure azure related rules python Internal python for the repository Rule: New Proposal for new rule
#3819 opened Jun 24, 2024 by terrancedejesus Loading…
@terrancedejesus
6
Test case to check updated_date backport: auto
#3818 opened Jun 24, 2024 by shashank-elastic Loading…
@shashank-elastic
2
[FR] [DAC] Update default KQL parsing behavior to normalize keywords for custom rule directories. detections-as-code python Internal python for the repository Team: TRADE
#3816 opened Jun 21, 2024 by eric-forte-elastic Loading…
1
@eric-forte-elastic
12
[FR] Add API auth to Kibana module backport: auto python Internal python for the repository
#3815 opened Jun 21, 2024 by brokensound77 Loading…
1
@brokensound77
[Rule Tuning] LSASS Memory Dump Creation backport: auto community Domain: Endpoint OS: Windows windows related rules
#3810 opened Jun 21, 2024 by ar3diu Loading…
2
[Tuning] Ransomware over SMB backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#3808 opened Jun 20, 2024 by Samirbous Loading…
@Samirbous
[Rule Tuning] Suspicious Inter-Process Communication via Outlook #3803 backport: auto community Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#3806 opened Jun 20, 2024 by ar3diu Loading…
1
@ar3diu
8
Create an Issue in Kibana for MITRE Updates backport: auto
#3796 opened Jun 17, 2024 by shashank-elastic Loading…
1
@shashank-elastic
5
[FR] Add white space checking for KQL parse
#3789 opened Jun 14, 2024 by eric-forte-elastic Draft
1
2
Use masquerading in linux_compress_sensitive_files rta script backport: auto RTA work on RTA framework
#3782 opened Jun 12, 2024 by jesse-sant Loading…
@jesse-sant
1
react_sync_rta_updates_3548 backport: auto RTA work on RTA framework
#3766 opened Jun 7, 2024 by eric-forte-elastic Loading…
ProTip! Mix and match filters to narrow down what you’re looking for.