Skip to content

Pull requests: elastic/detection-rules

New pull request New
20 Open 3,166 Closed
20 Open 3,166 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

[Rule Deprecation] Azure Virtual Network Device Modified or Deleted backport: auto Domain: Cloud Domain: Network Integration: Azure azure related rules Rule: Deprecation removal of a rule
#4889 opened Jul 9, 2025 by terrancedejesus Loading…
5 tasks
1
@terrancedejesus
1
[New Rule/Tuning] Linux User or Group Deletion/Creation backport: auto Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4861 opened Jun 30, 2025 by Aegrah Loading…
@Aegrah
8
[New] Command Line Obfuscation via Whitespace Padding backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#4860 opened Jun 30, 2025 by Samirbous Loading…
@Samirbous
14
[New Rule] Kubectl Secret Access container OS: Linux Rule: New Proposal for new rule Team: TRADE
#4834 opened Jun 19, 2025 by Aegrah Draft
@Aegrah
3
[New Rule] Potential Impersonation Attempt via Kubectl backport: auto container Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4833 opened Jun 19, 2025 by Aegrah Loading…
@Aegrah
4
[New Rule] Kubernetes Unusual Decision by User Agent backport: auto Integration: Kubernetes Kubernetes Integration OS: Linux Rule: New Proposal for new rule Team: TRADE
#4829 opened Jun 19, 2025 by Aegrah Loading…
@Aegrah
12
[New Rules] Potential Relay Attack against a Computer Account backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule Rule: Tuning tweaking or tuning an existing rule
#4826 opened Jun 18, 2025 by w0rk3r Loading…
@w0rk3r
2
Clarify authentication settings to Kibana related to #4495 backport: auto
#4819 opened Jun 17, 2025 by m-a-leclercq Loading…
5 tasks
[Rule: New] Potential Web Server Fuzzing Attempts Detected backport: auto community
#4720 opened May 12, 2025 by MakoWish Loading…
1 of 5 tasks
[New] Microsoft Entra ID Protection Alert and Device Registration backport: auto Domain: Cloud Workloads Domain: Cloud Integration: Azure azure related rules Integration: Microsoft 365 patch Rule: New Proposal for new rule
#4688 opened Apr 30, 2025 by Samirbous Loading…
@Samirbous
5
[New] Potential SAP NetWeaver Exploitation rules backport: auto OS: Linux OS: Windows windows related rules Rule: New Proposal for new rule
#4666 opened Apr 26, 2025 by Samirbous Loading…
@Samirbous
10
[enhancement] In esql validation, allow any order of metadata backport: auto community patch python Internal python for the repository
#4579 opened Mar 28, 2025 by frederikb96 Loading…
5 tasks done
@frederikb96
5
[Security Content] Windows Audit Policies Config Guides - Repo Edition backlog backport: auto Domain: Endpoint OS: Windows windows related rules Security Content
#4501 opened Feb 26, 2025 by w0rk3r Loading…
@w0rk3r
3
[Security Content] Basic EDR Setup Guides - Phase 1 backlog backport: auto Domain: Endpoint OS: Windows windows related rules Security Content
#4492 opened Feb 24, 2025 by w0rk3r Draft
@w0rk3r
6
Revert "[Bug] Handle formatting empty list" backport: auto bug Something isn't working python Internal python for the repository wontfix This will not be worked on
#4087 opened Sep 17, 2024 by brokensound77 Loading…
9
[New Rule] Active Directory Forced Authentication from Linux Host backlog backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#3912 opened Jul 22, 2024 by w0rk3r Draft
@w0rk3r
15
[FR] Add white space checking for KQL parse backlog kql related to the kql module
#3789 opened Jun 14, 2024 by eric-forte-elastic Draft
1
@eric-forte-elastic
2
[FR] Updates to KQL Lib Parsing backport: auto bug Something isn't working community kql related to the kql module patch
#3605 opened Apr 18, 2024 by eric-forte-elastic Loading…
1
@eric-forte-elastic
1
WIP: [POC] Refactor: port unittest to pytest backlog backport: auto bug Something isn't working detections-as-code enhancement New feature or request python Internal python for the repository test-suite unit and other testing components
#3361 opened Jan 3, 2024 by Mikaayenson Draft
@Mikaayenson
11
[Rule Tuning] Update rules using NPC integration and non-ECS fields backlog backport: auto blocked Domain: Network Rule: Tuning tweaking or tuning an existing rule
#3194 opened Oct 16, 2023 by brokensound77 Loading…
@brokensound77
11
ProTip! Updated in the last three days: updated:>2025-07-06.