-
Notifications
You must be signed in to change notification settings - Fork 460
Pull requests: elastic/detection-rules
Author
Label
Projects
Milestones
Reviews
Assignee
Sort
Pull requests list
[New Rule] AWS RDS Snapshot Deleted
backport: auto
Domain: Cloud
Integration: AWS
AWS related rules
Rule: New
Proposal for new rule
#3852
opened Jun 29, 2024 by
imays11
Loading…
[New Rule] AWS RDS DB Instance or Cluster Deletion Protection Disabled
backport: auto
Domain: Cloud
Integration: AWS
AWS related rules
Rule: New
Proposal for new rule
#3851
opened Jun 28, 2024 by
imays11
Loading…
[FR] Detection Rule PR Guidelines and Issue Forms
backport: auto
ci/cd
enhancement
New feature or request
#3850
opened Jun 28, 2024 by
Mikaayenson
Loading…
[Rule Tuning] Tuning Google Workspace Rules and File Name Length Reduction
backport: auto
Domain: Cloud
Domain: SaaS
Integration: Google Workspace
Rule: Tuning
tweaking or tuning an existing rule
#3849
opened Jun 28, 2024 by
terrancedejesus
Loading…
[Rule Tuning] Unusual File Creation - Alternate Data Stream
backport: auto
Domain: Endpoint
OS: Windows
windows related rules
Rule: Tuning
tweaking or tuning an existing rule
#3848
opened Jun 28, 2024 by
w0rk3r
Loading…
[New Hunt] Add Initial Linux Hunting Files
Hunt: New
threat hunting
Related to hunting/ library.
#3847
opened Jun 28, 2024 by
terrancedejesus
•
Draft
[FR] Update Release Workflow Token Naming
backport: auto
ci/cd
Team: TRADE
#3846
opened Jun 28, 2024 by
eric-forte-elastic
Loading…
[New Rule] AWS RDS DB Instance or Cluster Password Modified
backport: auto
Domain: Cloud
Integration: AWS
AWS related rules
Rule: New
Proposal for new rule
#3844
opened Jun 28, 2024 by
imays11
Loading…
[Rule Tuning] Improve Compatibility in WIndows BBR Detection Rules
backport: auto
bbr
Building Block Rules
Domain: Endpoint
OS: Windows
windows related rules
Rule: Tuning
tweaking or tuning an existing rule
#3841
opened Jun 27, 2024 by
w0rk3r
Loading…
[New Rule] AWS RDS DB Instance Made Public
backport: auto
Domain: Cloud
Integration: AWS
AWS related rules
Rule: New
Proposal for new rule
#3836
opened Jun 27, 2024 by
imays11
Loading…
[New Rule] [BBR] Active Directory Object Modification by SYSTEM
backport: auto
bbr
Building Block Rules
Domain: Endpoint
OS: Windows
windows related rules
Rule: New
Proposal for new rule
[New Rule] AWS RDS Snapshot Shared with Another Account
backport: auto
Domain: Cloud
Integration: AWS
AWS related rules
Rule: New
Proposal for new rule
#3831
opened Jun 26, 2024 by
imays11
Loading…
[FR] Added Schema Check for Data View ID and Index
backport: auto
bug
Something isn't working
python
Internal python for the repository
test-suite
unit and other testing components
#3830
opened Jun 25, 2024 by
eric-forte-elastic
Loading…
[Rule Tuning] LSASS Process Access via Windows API
backport: auto
Domain: Endpoint
OS: Windows
windows related rules
Rule: Tuning
tweaking or tuning an existing rule
Team: TRADE
#3824
opened Jun 25, 2024 by
joe-desimone
Loading…
[New Rule] Entra ID Device Code Auth with Broker Client
backport: auto
bug
Something isn't working
Domain: Cloud
Integration: Azure
azure related rules
python
Internal python for the repository
Rule: New
Proposal for new rule
#3819
opened Jun 24, 2024 by
terrancedejesus
Loading…
Test case to check updated_date
backport: auto
#3818
opened Jun 24, 2024 by
shashank-elastic
Loading…
[FR] [DAC] Update default KQL parsing behavior to normalize keywords for custom rule directories.
detections-as-code
python
Internal python for the repository
Team: TRADE
#3816
opened Jun 21, 2024 by
eric-forte-elastic
Loading…
[FR] Add API auth to Kibana module
backport: auto
python
Internal python for the repository
#3815
opened Jun 21, 2024 by
brokensound77
Loading…
[Rule Tuning] LSASS Memory Dump Creation
backport: auto
community
Domain: Endpoint
OS: Windows
windows related rules
#3810
opened Jun 21, 2024 by
ar3diu
Loading…
[Tuning] Ransomware over SMB
backport: auto
Domain: Endpoint
OS: Windows
windows related rules
Rule: Tuning
tweaking or tuning an existing rule
#3808
opened Jun 20, 2024 by
Samirbous
Loading…
[Rule Tuning] Suspicious Inter-Process Communication via Outlook #3803
backport: auto
community
Domain: Endpoint
OS: Windows
windows related rules
Rule: Tuning
tweaking or tuning an existing rule
#3806
opened Jun 20, 2024 by
ar3diu
Loading…
Create an Issue in Kibana for MITRE Updates
backport: auto
#3796
opened Jun 17, 2024 by
shashank-elastic
Loading…
Use masquerading in linux_compress_sensitive_files rta script
backport: auto
RTA
work on RTA framework
#3782
opened Jun 12, 2024 by
jesse-sant
Loading…
react_sync_rta_updates_3548
backport: auto
RTA
work on RTA framework
#3766
opened Jun 7, 2024 by
eric-forte-elastic
Loading…
Previous Next
ProTip!
Mix and match filters to narrow down what you’re looking for.