Skip to content

Pull requests: elastic/detection-rules

New pull request New
35 Open 3,121 Closed
35 Open 3,121 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

[Tuning] Elevation via SCM rules backport: auto Domain: Endpoint OS: Windows windows related rules patch Rule: Tuning tweaking or tuning an existing rule
#4837 opened Jun 19, 2025 by Samirbous Loading…
@Samirbous
6
[New Rule] Kubectl Network Configuration Modification backport: auto container Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4836 opened Jun 19, 2025 by Aegrah Loading…
@Aegrah
2
[New BBR] Kubectl Configuration Discovery backport: auto bbr Building Block Rules container OS: Linux Rule: New Proposal for new rule Team: TRADE
#4835 opened Jun 19, 2025 by Aegrah Loading…
@Aegrah
1
[New Rule] Kubectl Secret Access container OS: Linux Rule: New Proposal for new rule Team: TRADE
#4834 opened Jun 19, 2025 by Aegrah Draft
@Aegrah
3
[New Rule] Potential Impersonation Attempt via Kubectl backport: auto container Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4833 opened Jun 19, 2025 by Aegrah Loading…
@Aegrah
3
[New Rule] Potential Kubectl Masquerading backport: auto container Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4832 opened Jun 19, 2025 by Aegrah Loading…
@Aegrah
4
[Rule Tuning] Added Kubernetes Domain Tag backport: auto container Domain: Endpoint OS: Linux Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4831 opened Jun 19, 2025 by Aegrah Loading…
@Aegrah
2
[New BBR] Kubectl Workload and Cluster Discovery backport: auto bbr Building Block Rules container OS: Linux Rule: New Proposal for new rule Team: TRADE
#4830 opened Jun 19, 2025 by Aegrah Loading…
@Aegrah
1
[New Rule] Kubernetes Unusual Decision by User Agent backport: auto Integration: Kubernetes Kubernetes Integration OS: Linux Rule: New Proposal for new rule Team: TRADE
#4829 opened Jun 19, 2025 by Aegrah Loading…
@Aegrah
1
[Rule Tuning] AWS SSM SendCommand Execution by Rare User backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4828 opened Jun 19, 2025 by imays11 Loading…
@imays11
1
[Rule Tunings] AWS Role Assumption By Service / User backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4827 opened Jun 19, 2025 by imays11 Loading…
@imays11
1
[New Rules] Potential Relay Attack against a Computer Account backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule Rule: Tuning tweaking or tuning an existing rule
#4826 opened Jun 18, 2025 by w0rk3r Loading…
@w0rk3r
2
[New Rule] Excessive Microsoft 365 Mailbox Items Accessed backport: auto Domain: Cloud Domain: Email Integration: Microsoft 365 patch Rule: New Proposal for new rule
#4825 opened Jun 18, 2025 by terrancedejesus Loading…
5 tasks
1
@terrancedejesus
1
Update Version Lock code owners backport: auto enhancement New feature or request meta:rapid-merge
#4823 opened Jun 18, 2025 by shashank-elastic Draft
2 of 5 tasks
@shashank-elastic
2
[Rule Tuning] Sharpening Kubernetes Rules Indices backport: auto container OS: Linux Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4822 opened Jun 18, 2025 by Aegrah Loading…
@Aegrah
1
Archive Attack Coverage Update Workflow backport: auto maintenance Internal changes
#4821 opened Jun 18, 2025 by shashank-elastic Loading…
1 of 5 tasks
@shashank-elastic
Clarify authentication settings to Kibana related to #4495 backport: auto
#4819 opened Jun 17, 2025 by m-a-leclercq Loading…
5 tasks
[Rule Tuning] Suspicious Microsoft 365 Mail Access by Unusual ClientAppId backport: auto Domain: Cloud Domain: Email Integration: Microsoft 365 patch Rule: Tuning tweaking or tuning an existing rule
#4806 opened Jun 16, 2025 by terrancedejesus Loading…
5 tasks
1
@terrancedejesus
4
[New Rule] Microsoft Entra ID Suspicious Cloud Device Registration Domain: Cloud Domain: Identity Integration: Azure azure related rules patch Rule: New Proposal for new rule
#4802 opened Jun 13, 2025 by terrancedejesus Draft
5 tasks
1
@terrancedejesus
2
fix: type hinting fixes and additional code checks backport: auto ci/cd maintenance Internal changes minor python Internal python for the repository
#4790 opened Jun 11, 2025 by traut Loading…
5 tasks
@traut
28
[New Hunt] Potential Spoofed microsoftonline.com via Fuzzy Match backport: auto Domain: Cloud Domain: Endpoint Domain: Identity Domain: Network Hunt: New Hunting Integration: Azure azure related rules Integration: Microsoft 365
#4770 opened Jun 3, 2025 by terrancedejesus Loading…
5 tasks
1
@terrancedejesus
3
Bump setuptools from 75.2.0 to 78.1.1 backport: auto community dependencies Pull requests that update a dependency file major python Internal python for the repository
#4730 opened May 19, 2025 by dependabot bot Loading…
2
[Rule: New] Potential Web Server Fuzzing Attempts Detected backport: auto community
#4720 opened May 12, 2025 by MakoWish Loading…
1 of 5 tasks
[New] Microsoft Entra ID Protection Alert and Device Registration backport: auto Domain: Cloud Workloads Domain: Cloud Integration: Azure azure related rules Integration: Microsoft 365 patch Rule: New Proposal for new rule
#4688 opened Apr 30, 2025 by Samirbous Loading…
@Samirbous
4
[New] Potential SAP NetWeaver Exploitation rules backport: auto OS: Linux OS: Windows windows related rules Rule: New Proposal for new rule
#4666 opened Apr 26, 2025 by Samirbous Loading…
@Samirbous
10
ProTip! Exclude everything labeled bug with -label:bug.