Skip to content

Pull requests: elastic/detection-rules

New pull request New
26 Open 2,944 Closed
26 Open 2,944 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

[New Rule] Potential PowerShell Obfuscation via String Reordering backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#4595 opened Apr 3, 2025 by w0rk3r Loading…
@w0rk3r
2
[Enhancement] Add flag to export rules via KQL search on name backport: auto community enhancement New feature or request python Internal python for the repository
#4594 opened Apr 3, 2025 by frederikb96 Loading…
5 tasks done
@frederikb96
4
Feature exclude tactic name backport: auto community patch python Internal python for the repository
#4593 opened Apr 3, 2025 by frederikb96 Loading…
5 tasks done
@frederikb96
3
[Rule Tuning] Add Host Metadata to ES|QL Aggregation Rules backport: auto bbr Building Block Rules Domain: Endpoint OS: Linux Rule: Tuning tweaking or tuning an existing rule
#4592 opened Apr 3, 2025 by w0rk3r Loading…
@w0rk3r
5
[Rule Tuning] SSH Authorized Keys File Deletion backport: auto Domain: Endpoint OS: Linux Rule: Tuning tweaking or tuning an existing rule
#4591 opened Apr 3, 2025 by w0rk3r Loading…
@w0rk3r
4
[FR] Add Kibana Action Connector Error to Exception List Workaround backport: auto enhancement New feature or request patch python Internal python for the repository
#4583 opened Mar 30, 2025 by eric-forte-elastic Loading…
5 tasks
1
@eric-forte-elastic
1
[FR] Add Support for Local Dates Flag backport: auto community enhancement New feature or request patch python Internal python for the repository
#4582 opened Mar 29, 2025 by eric-forte-elastic Loading…
1 of 5 tasks
1
@eric-forte-elastic
4
[FR] Update Detection Rules MITRE Workflow to SHA Pin backport: auto ci/cd enhancement New feature or request patch
#4581 opened Mar 28, 2025 by eric-forte-elastic Loading…
5 tasks
1
@eric-forte-elastic
1
[enhancement] In esql validation, allow any order of metadata backport: auto community patch python Internal python for the repository
#4579 opened Mar 28, 2025 by frederikb96 Loading…
5 tasks done
@frederikb96
1
Lock versions for releases: 8.14,8.15,8.16,8.17,8.18,9.0 backport: auto
#4572 opened Mar 27, 2025 by github-actions bot Loading…
@shashank-elastic
27
[Rule Tuning] Tuning Azure Service Principal Credentials Added backport: auto Domain: Cloud Hunt: New Hunting Integration: Azure azure related rules patch Rule: Hunt bit noisy but useful for hunting Rule: Tuning tweaking or tuning an existing rule threat hunting Related to hunting/ library.
#4570 opened Mar 26, 2025 by terrancedejesus Loading…
5 tasks
@terrancedejesus
5
[Bug] Update Schema Prompt to include new_terms_fields backport: auto bug Something isn't working patch
#4567 opened Mar 26, 2025 by eric-forte-elastic Loading…
5 tasks
1
@eric-forte-elastic
1
[Rule Tuning] Adjusting Microsoft Entra ID Rare Authentication Requirement for Principal User backport: auto Domain: Cloud Integration: Azure azure related rules patch Rule: Tuning tweaking or tuning an existing rule
#4562 opened Mar 25, 2025 by terrancedejesus Loading…
5 tasks
@terrancedejesus
3
[Deprecate] LaunchDaemon Creation or Modification and Immediate Loading backport: auto OS: macOS Rule: Deprecation removal of a rule
#4547 opened Mar 19, 2025 by DefSecSentinel Loading…
@DefSecSentinel
10
[Tuning] MacOS DR Tuning PR backport: skip Domain: Endpoint OS: macOS Rule: Tuning tweaking or tuning an existing rule
#4546 opened Mar 19, 2025 by DefSecSentinel Loading…
@DefSecSentinel
34
[D4C Conversion] Converting Compatible D4C Rules to DR backport: auto container Domain: Endpoint OS: Linux Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4532 opened Mar 12, 2025 by Aegrah Loading…
@Aegrah
24
[FN Tuning] Shared Object Created or Changed by Previously Unknown Pr… backport: auto Domain: Endpoint OS: Linux Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4529 opened Mar 11, 2025 by Aegrah Loading…
@Aegrah
9
[Security Content] Windows Audit Policies Config Guides - Repo Edition backport: auto Domain: Endpoint OS: Windows windows related rules Security Content
#4501 opened Feb 26, 2025 by w0rk3r Loading…
@w0rk3r
1
[Security Content] Basic EDR Setup Guides - Phase 1 backport: auto Domain: Endpoint OS: Windows windows related rules Security Content
#4492 opened Feb 24, 2025 by w0rk3r Draft
@w0rk3r
4
[Rule Tuning] Add exceptions for non-interactive signin failures for Entra M365 Bruteforce backport: auto community Domain: Cloud Integration: Azure azure related rules Rule: Tuning tweaking or tuning an existing rule
#4405 opened Jan 22, 2025 by jvalente-salemstate Loading…
2 tasks done
1
@terrancedejesus
6
Revert "[Bug] Handle formatting empty list" backport: auto python Internal python for the repository wontfix This will not be worked on
#4087 opened Sep 17, 2024 by brokensound77 Loading…
7
[New Rule] Active Directory Forced Authentication from Linux Host backlog backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#3912 opened Jul 22, 2024 by w0rk3r Draft
@w0rk3r
15
[FR] Add white space checking for KQL parse backlog kql related to the kql module
#3789 opened Jun 14, 2024 by eric-forte-elastic Draft
1
@eric-forte-elastic
2
[FR] Updates to KQL Lib Parsing bug Something isn't working kql related to the kql module
#3605 opened Apr 18, 2024 by eric-forte-elastic Draft
1
@eric-forte-elastic
WIP: [POC] Refactor: port unittest to pytest backlog backport: auto bug Something isn't working detections-as-code enhancement New feature or request python Internal python for the repository test-suite unit and other testing components
#3361 opened Jan 3, 2024 by Mikaayenson Draft
@Mikaayenson
11
ProTip! Mix and match filters to narrow down what you’re looking for.