Skip to content

Pull requests: elastic/detection-rules

New pull request New
28 Open 2,775 Closed
28 Open 2,775 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

[Rule Tuning] Linux Persistence Rules backport: auto community Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4393 opened Jan 16, 2025 by Aegrah Loading…
@Aegrah
2
[New Rule] Systemd Shell Execution During Boot backport: auto community Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4392 opened Jan 16, 2025 by Aegrah Loading…
@Aegrah
1
[New Rule] Initramfs Extraction via CPIO backport: auto community Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4389 opened Jan 16, 2025 by Aegrah Loading…
@Aegrah
2
[New Rule] Initramfs Unpacking via unmkinitramfs backport: auto community Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4387 opened Jan 16, 2025 by Aegrah Loading…
@Aegrah
2
[New Rule] Boot File Copy backport: auto community Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4386 opened Jan 16, 2025 by Aegrah Loading…
@Aegrah
2
[New Rule] OpenSSL Password Hash Generation backport: auto community Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4385 opened Jan 16, 2025 by Aegrah Loading…
@Aegrah
2
[New Rule] Dracut Module Creation backport: auto community Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4384 opened Jan 16, 2025 by Aegrah Loading…
@Aegrah
1
[New Rule] Manual Dracut Execution backport: auto Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4383 opened Jan 16, 2025 by Aegrah Loading…
@Aegrah
1
[New Rule] D-Bus Service Created backport: auto community Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4382 opened Jan 16, 2025 by Aegrah Loading…
@Aegrah
1
[New Rule] NetworkManager Dispatcher Script Creation backport: auto community Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4381 opened Jan 16, 2025 by Aegrah Loading…
@Aegrah
1
[New Rule] Unusual Pkexec Execution backport: auto community Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4380 opened Jan 16, 2025 by Aegrah Loading…
@Aegrah
1
[New Rule] Polkit Policy Creation backport: auto community Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4379 opened Jan 16, 2025 by Aegrah Loading…
@Aegrah
1
[New Rule] Polkit Version Discovery backport: auto community Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4378 opened Jan 16, 2025 by Aegrah Loading…
@Aegrah
1
[FR] Generate investigation guides backport: auto Domain: Cloud Domain: Endpoint enhancement New feature or request Integration: AWS AWS related rules Integration: Azure azure related rules Integration: CyberArkPas CyberArkPas integration Integration: Endpoint Elastic Endpoint Security Integration: GCP GCP related rules Integration: Google Workspace Integration: Microsoft 365 Integration: Okta okta related rules OS: Linux patch python Internal python for the repository Security Content
#4358 opened Jan 8, 2025 by Mikaayenson Loading…
1 of 5 tasks
@Mikaayenson
46
[Rule Tuning] Add Public Snapshot Coverage Regarding AWS EC2 EBS Snapshot Shared or Made Public backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule
#4335 opened Jan 6, 2025 by terrancedejesus Loading…
4 of 5 tasks
@terrancedejesus
3
[New Rule] Adding Coverage for AWS S3 Unauthenticated Object Retrieval by Rare Source backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#4315 opened Dec 17, 2024 by terrancedejesus Draft
2 of 5 tasks
@terrancedejesus
3
[New Rule] Adding Coverage for AWS S3 Unauthenticated Object Upload by Rare Source backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#4314 opened Dec 17, 2024 by terrancedejesus Draft
3 of 5 tasks
@terrancedejesus
1
[New Rule] Adding Coverage for AWS S3 Unauthenticated Bucket Listing by Rare Source backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#4313 opened Dec 17, 2024 by terrancedejesus Draft
3 of 5 tasks
@terrancedejesus
4
Add Fortigate Fortinet index to multiple detection rules backport: auto community RTA work on RTA framework
#4275 opened Nov 27, 2024 by SHolzhauer Loading…
1 of 2 tasks
1
1
Revert "[Bug] Handle formatting empty list" backport: auto python Internal python for the repository
#4087 opened Sep 17, 2024 by brokensound77 Loading…
5
[New Rule] Potential Forced Authentication - SMB Named Pipes backlog backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#3916 opened Jul 24, 2024 by w0rk3r Draft
@w0rk3r
10
[New Rule] Active Directory Forced Authentication from Linux Host backlog backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#3912 opened Jul 22, 2024 by w0rk3r Draft
@w0rk3r
14
[New Rule] [BBR] Active Directory Object Modification by SYSTEM backlog backport: auto bbr Building Block Rules Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#3835 opened Jun 26, 2024 by w0rk3r Draft
@w0rk3r
1
[FR] Add white space checking for KQL parse backlog
#3789 opened Jun 14, 2024 by eric-forte-elastic Draft
1
@eric-forte-elastic
2
[New Rules] Azure OpenAI backlog backport: auto esql ES|QL Integration: Azure Openai Rule: New Proposal for new rule
#3701 opened May 22, 2024 by Mikaayenson Draft
@Mikaayenson
20
ProTip! What’s not been updated in a month: updated:<2024-12-18.