Skip to content

Issues: elastic/detection-rules

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear current search query, filters, and sorts
120 Open 167 Closed
120 Open 167 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

[Investigation] CI Check for Minstacked Integration Schema Changes backlog enhancement New feature or request Team: TRADE
#4161 opened Oct 16, 2024 by Mikaayenson
@shashank-elastic
[Meta] WMI Rules using Elastic Defend WMI Events backlog Meta OS: Windows windows related rules Team: TRADE
#4143 opened Oct 8, 2024 by Samirbous
@Samirbous
[Meta] Evaluate moving PowerShell Rules to ES|QL backlog Meta Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4095 opened Sep 23, 2024 by w0rk3r
@w0rk3r
[New Rule] Google Sheets C2 Detection Review (Voldemort) backlog Domain: Endpoint Domain: SaaS Integration: Endpoint Elastic Endpoint Security OS: Windows windows related rules Rule: New Proposal for new rule Team: TRADE
#4051 opened Sep 3, 2024 by terrancedejesus
@terrancedejesus
2
[FR] Deprecate Experimental ML Logic backlog enhancement New feature or request Team: TRADE
#4023 opened Aug 27, 2024 by Mikaayenson
@shashank-elastic
[FR] Redesign Filed Mapping Check for Integration Packages backlog enhancement New feature or request Team: TRADE
#4006 opened Aug 22, 2024 by shashank-elastic
@shashank-elastic
[FR][DAC] Consideration: Support Bulk Actions backlog detections-as-code enhancement New feature or request
#3962 opened Aug 6, 2024 by Mikaayenson
[Rule Tuning] Potential Password Spraying of Microsoft 365 User Accounts backlog community Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#3934 opened Jul 31, 2024 by janniten
[Rule Tuning] Agent Spoofing - Multiple Hosts Using Same Agent backlog community Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#3932 opened Jul 30, 2024 by tehbooom
[Deprecation] AWS EC2 Snapshot Activity backlog Domain: Cloud Integration: AWS AWS related rules Rule: Deprecation removal of a rule Team: TRADE
#3906 opened Jul 18, 2024 by imays11
@imays11
2
[Meta] Active Directory Certificate Services (AD CS) - Part 1 backlog Domain: Endpoint Meta OS: Windows windows related rules Team: TRADE
#3865 opened Jul 3, 2024 by w0rk3r
@w0rk3r
[New Rule] [BBR] Active Directory Object Modification by SYSTEM backlog backport: auto bbr Building Block Rules Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#3835 opened Jun 26, 2024 by w0rk3r Draft
@w0rk3r
1
[FR] Add white space checking for KQL parse backlog
#3789 opened Jun 14, 2024 by eric-forte-elastic Draft
1
@eric-forte-elastic
2
[Meta] EvilNoVNC Threat Detection Coverage Assessment backlog Domain: Cloud Domain: SaaS Meta Team: TRADE
#3787 opened Jun 13, 2024 by terrancedejesus
[FR][DAC] Consideration: Add CLI commands for deprecate / disable rules backlog detections-as-code enhancement New feature or request Team: TRADE
#3786 opened Jun 12, 2024 by eric-forte-elastic
1
[FR][DAC] Consideration: Add support for exceptions APIs in Kibana module backlog detections-as-code enhancement New feature or request kibana-module related to the kibana module
#3785 opened Jun 12, 2024 by brokensound77
[Meta] Add Auth0 Prebuilt Threat Detection Ruleset backlog Meta Team: TRADE
#3780 opened Jun 11, 2024 by terrancedejesus
@terrancedejesus
1
[Rule Tuning] O365 Exchange Suspicious Mailbox Right Delegation backlog community Rule: Tuning tweaking or tuning an existing rule
#3775 opened Jun 11, 2024 by willemri
@terrancedejesus
2
[FR] Revisit Filter Schema for Removal or Extension backlog enhancement New feature or request python Internal python for the repository schema
#3773 opened Jun 10, 2024 by Mikaayenson
[New Rule] Suspicious Okta Cross-Origin Authentication backlog Domain: Cloud Domain: SaaS Integration: Okta okta related rules Rule: New Proposal for new rule
#3769 opened Jun 10, 2024 by terrancedejesus
@terrancedejesus
3
[Meta] Okta Detection Coverage for Cross-Origin Authentication Credential Stuffing backlog Integration: Okta okta related rules Team: TRADE
#3723 opened May 30, 2024 by terrancedejesus
@terrancedejesus
[New Rule] Elastic Agent status not validated backlog Domain: Endpoint esql ES|QL OS: Linux OS: macOS OS: Windows windows related rules Rule: New Proposal for new rule
#3719 opened May 29, 2024 by peasead
@peasead
4
[New Rule] Process Backgrounded by Unusual Parent backlog OS: Linux Rule: New Proposal for new rule Team: TRADE
#3713 opened May 27, 2024 by Aegrah
@Aegrah
[Bug] O365 Exchange Suspicious Mailbox Right Delegation - False Positives for "NT AUTHORITY\SYSTEM (Microsoft.Exchange.ServiceHost)" backlog bug Something isn't working community
#3702 opened May 22, 2024 by willem-dhaese
@terrancedejesus
[New Rules] Azure OpenAI backlog backport: auto esql ES|QL Integration: Azure Openai Rule: New Proposal for new rule
#3701 opened May 22, 2024 by Mikaayenson Draft
@Mikaayenson
19
ProTip! Updated in the last three days: updated:>2024-11-10.