Skip to content

Pull requests: elastic/detection-rules

New pull request New
33 Open 3,372 Closed
33 Open 3,372 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

[Rule Tunings] AWS EC2 EBS Snapshot and Encryption Rules backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5229 opened Oct 16, 2025 by imays11 Loading…
@imays11
1
Update lateral_movement_scheduled_task_target.toml to fix null values backport: auto community Domain: Endpoint OS: Windows windows related rules
#5228 opened Oct 16, 2025 by theusername-sudo Loading…
1
[Rule Tuning] Potential CVE-2025-32463 Sudo Chroot Execution Attempt backport: auto Domain: Endpoint OS: Linux Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5227 opened Oct 15, 2025 by Aegrah Loading…
@Aegrah
2
[Rule Tuning] File Transfer or Listener Established via Netcat backport: auto Domain: Endpoint OS: Linux Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5223 opened Oct 15, 2025 by Aegrah Loading…
@Aegrah
5
[New Rule] File Creation with Curly Braces or Command Substitution backport: auto Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#5219 opened Oct 14, 2025 by Aegrah Loading…
@Aegrah
5
[New Rule] Azure Compute Restore Point Collection Deleted backport: auto Domain: Cloud Domain: Storage Integration: Azure azure related rules Rule: New Proposal for new rule
#5217 opened Oct 13, 2025 by terrancedejesus Loading…
5 tasks
1
@terrancedejesus
5
[New Rule] Azure Recovery Services Deletion backport: auto bbr Building Block Rules Domain: Cloud Domain: Storage Rule: New Proposal for new rule
#5214 opened Oct 13, 2025 by terrancedejesus Loading…
5 tasks
1
@terrancedejesus
1
[New Rule] Azure Compute Snapshot Deletion(s) backport: auto Domain: Cloud Domain: Data Domain: Storage Integration: Azure azure related rules Rule: New Proposal for new rule
#5211 opened Oct 13, 2025 by terrancedejesus Loading…
5 tasks
1
@terrancedejesus
4
[New Rule] Azure Storage Account Deletion backport: auto Domain: Cloud Domain: Storage Integration: Azure azure related rules Rule: New Proposal for new rule
#5200 opened Oct 10, 2025 by terrancedejesus Loading…
5 tasks
1
@terrancedejesus
2
Add rules for Azure Activity Logs/GCP Audit ML jobs backport: skip Domain: Cloud Integration: Azure azure related rules Integration: GCP GCP related rules minor ML machine learning related rule Rule: New Proposal for new rule
#5191 opened Oct 6, 2025 by jmcarlock Loading…
5 tasks
20
[Rule Tuning] Suspicious Entra ID OAuth User Impersonation Scope Detected backport: auto Domain: Cloud Domain: Identity Integration: Azure azure related rules Rule: Tuning tweaking or tuning an existing rule
#5190 opened Oct 6, 2025 by terrancedejesus Loading…
5 tasks
1
@terrancedejesus
1
Update README for the installation of kibana and kql packages backport: auto community documentation Improvements or additions to documentation
#5177 opened Oct 2, 2025 by pberba Loading…
5 tasks
2
[Rule Tuning] Update Azure / M365 Rule Names and File Paths backport: auto Domain: Application Domain: Cloud Workloads Domain: Cloud Domain: Email Domain: Endpoint Domain: Identity Domain: Network Domain: SaaS Domain: Storage Integration: Azure azure related rules Integration: Microsoft 365 Rule: Tuning tweaking or tuning an existing rule
#5172 opened Oct 1, 2025 by terrancedejesus Loading…
5 tasks
1
@terrancedejesus
20
[Security Content] Windows Setup Guides - WinEventLog & Sysmon backport: auto Domain: Endpoint OS: Windows windows related rules Security Content
#5162 opened Sep 29, 2025 by w0rk3r Loading…
@w0rk3r
6
Update dependency pyflakes to v3.4.0 backport: auto community
#5126 opened Sep 17, 2025 by elastic-renovate-prod bot Loading…
1 task
[Rule Tuning] Linux DR Tuning - 1 OS: Linux Team: TRADE
#5122 opened Sep 16, 2025 by Aegrah Draft
@Aegrah
5
Update dependency pre-commit to v3.8.0 backport: auto community
#5121 opened Sep 16, 2025 by elastic-renovate-prod bot Loading…
1 task
Update dependency pep8-naming to v0.15.1 backport: auto community
#5120 opened Sep 16, 2025 by elastic-renovate-prod bot Loading…
1 task
Update dependency nodeenv to v1.9.1 backport: auto community
#5117 opened Sep 16, 2025 by elastic-renovate-prod bot Loading…
1 task
Update dependency marko to v2.2.1 backport: auto community
#5103 opened Sep 14, 2025 by elastic-renovate-prod bot Loading…
1 task
Update dependency flake8 to v7.3.0 backport: auto community
#5102 opened Sep 14, 2025 by elastic-renovate-prod bot Loading…
1 task
Update dependency elasticsearch to ~=8.19.1 backport: auto community
#5100 opened Sep 12, 2025 by elastic-renovate-prod bot Loading…
1 task
Update dependency PyGithub to v2.8.1 backport: auto community
#5099 opened Sep 12, 2025 by elastic-renovate-prod bot Loading…
1 task
Update dependency Click to ~=8.3.0 backport: auto community
#5098 opened Sep 12, 2025 by elastic-renovate-prod bot Loading…
1 task
Update tj-actions/changed-files action to v46.0.5 backport: auto community
#5097 opened Sep 12, 2025 by elastic-renovate-prod bot Loading…
1 task
ProTip! Exclude everything labeled bug with -label:bug.