Skip to content

Pull requests: elastic/detection-rules

New pull request New
26 Open 2,718 Closed
26 Open 2,718 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

[Python] Ignore Hunting Doc Changes for Version Code Checks backport: auto enhancement New feature or request maintenance Internal changes python Internal python for the repository
#4331 opened Jan 6, 2025 by terrancedejesus Loading…
3 of 5 tasks
@terrancedejesus
2
[Rule Tuning] Linux 3rd Party EDR Support - Crowdstrike and S1 - 1 backport: auto Domain: Endpoint OS: Linux Rule: Tuning tweaking or tuning an existing rule
#4330 opened Jan 6, 2025 by w0rk3r Loading…
@w0rk3r
1
[New Rule] Adding Coverage for AWS EC2 Deprecated AMI Discovery backport: auto Domain: Cloud Integration: AWS AWS related rules patch Rule: New Proposal for new rule
#4328 opened Dec 24, 2024 by terrancedejesus Loading…
2 of 5 tasks
@terrancedejesus
1
[Fix] Updating the hunting library backport: auto Hunt: Tuning Hunting OS: Linux Team: TRADE threat hunting Related to hunting/ library.
#4323 opened Dec 19, 2024 by Aegrah Loading…
@Aegrah
1
[New Hunt] Persistence via Container backport: auto Hunt: New Hunting major OS: Linux Rule: Hunt bit noisy but useful for hunting Team: TRADE threat hunting Related to hunting/ library.
#4322 opened Dec 19, 2024 by Aegrah Loading…
@Aegrah
1
[New Hunt] Persistence via DPKG/RPM Package backport: auto Hunt: New Hunting major OS: Linux Rule: Hunt bit noisy but useful for hunting Team: TRADE threat hunting Related to hunting/ library.
#4321 opened Dec 19, 2024 by Aegrah Loading…
@Aegrah
1
[New Hunt] Persistence via Web Shells backport: auto Hunt: New Hunting OS: Linux Rule: Hunt bit noisy but useful for hunting Team: TRADE threat hunting Related to hunting/ library.
#4320 opened Dec 19, 2024 by Aegrah Loading…
@Aegrah
2
[New Hunt & Tuning] Persistence via LKMs backport: auto Hunt: New Hunt: Tuning Hunting OS: Linux Rule: Hunt bit noisy but useful for hunting Team: TRADE threat hunting Related to hunting/ library.
#4319 opened Dec 19, 2024 by Aegrah Loading…
@Aegrah
1
[New Hunt] Persistence via Dynamic Linker Hijacking backport: auto Hunt: New Hunting OS: Linux Rule: Hunt bit noisy but useful for hunting Team: TRADE threat hunting Related to hunting/ library.
#4318 opened Dec 19, 2024 by Aegrah Loading…
@Aegrah
1
[New Hunt] Linux PAM Persistence backport: auto Hunting OS: Linux Rule: Hunt bit noisy but useful for hunting Rule: New Proposal for new rule Team: TRADE
#4317 opened Dec 19, 2024 by Aegrah Loading…
@Aegrah
4
[New Rule] Adding Coverage for AWS S3 Unauthenticated Object Retrieval by Rare Source backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#4315 opened Dec 17, 2024 by terrancedejesus Loading…
2 of 5 tasks
@terrancedejesus
2
[New Rule] Adding Coverage for AWS S3 Unauthenticated Object Upload by Rare Source backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#4314 opened Dec 17, 2024 by terrancedejesus Loading…
3 of 5 tasks
@terrancedejesus
1
[New Rule] Adding Coverage for AWS S3 Unauthenticated Bucket Listing by Rare Source backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#4313 opened Dec 17, 2024 by terrancedejesus Loading…
3 of 5 tasks
@terrancedejesus
4
[New Rule] Pluggable Authentication Module Source Download backport: auto Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4301 opened Dec 16, 2024 by Aegrah Loading…
@Aegrah
6
[Bug] [DaC] Metadata maturity field default mismatch and poor enforcement of rule naming conventions backport: auto bug Something isn't working minor python Internal python for the repository
#4285 opened Dec 6, 2024 by eric-forte-elastic Loading…
5 tasks
1
@eric-forte-elastic
6
Add Fortigate Fortinet index to multiple detection rules backport: auto community RTA work on RTA framework
#4275 opened Nov 27, 2024 by SHolzhauer Loading…
1 of 2 tasks
1
Revert "[Bug] Handle formatting empty list" backport: auto python Internal python for the repository
#4087 opened Sep 17, 2024 by brokensound77 Loading…
5
[New Rule] Potential Forced Authentication - SMB Named Pipes backlog backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#3916 opened Jul 24, 2024 by w0rk3r Draft
@w0rk3r
10
[New Rule] Active Directory Forced Authentication from Linux Host backlog backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#3912 opened Jul 22, 2024 by w0rk3r Draft
@w0rk3r
14
[New Rule] [BBR] Active Directory Object Modification by SYSTEM backlog backport: auto bbr Building Block Rules Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#3835 opened Jun 26, 2024 by w0rk3r Draft
@w0rk3r
1
[FR] Add white space checking for KQL parse backlog
#3789 opened Jun 14, 2024 by eric-forte-elastic Draft
1
@eric-forte-elastic
2
[New Rules] Azure OpenAI backlog backport: auto esql ES|QL Integration: Azure Openai Rule: New Proposal for new rule
#3701 opened May 22, 2024 by Mikaayenson Draft
@Mikaayenson
20
[FR] Updates to KQL Lib Parsing bug Something isn't working kql related to the kql module
#3605 opened Apr 18, 2024 by eric-forte-elastic Draft
1
WIP: [POC] Refactor: port unittest to pytest backlog backport: auto bug Something isn't working detections-as-code enhancement New feature or request python Internal python for the repository test-suite unit and other testing components
#3361 opened Jan 3, 2024 by Mikaayenson Draft
@Mikaayenson
11
[Rule Tuning] Update rules using NPC integration and non-ECS fields backlog backport: auto blocked Domain: Network Rule: Tuning tweaking or tuning an existing rule
#3194 opened Oct 16, 2023 by brokensound77 Loading…
@brokensound77
11
ProTip! Exclude everything labeled bug with -label:bug.