Skip to content

Pull requests: elastic/detection-rules

New pull request New
19 Open 3,053 Closed
19 Open 3,053 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

[Rule: New] Potential Web Server Fuzzing Attempts Detected backport: auto community
#4720 opened May 12, 2025 by MakoWish Loading…
1 of 5 tasks
Resolve datetime.utcfromtimestamp deprecation backport: auto community python Internal python for the repository
#4719 opened May 11, 2025 by emmanuel-ferdman Loading…
5 tasks
3
[New Rule] Multiple Microsoft 365 User Account Lockouts in Short Time Window Domain: SaaS Integration: Microsoft 365 Rule: New Proposal for new rule
#4717 opened May 10, 2025 by terrancedejesus Draft
5 tasks
@terrancedejesus
1
[Rule Tuning] Potential Microsoft 365 User Account Brute Force Domain: Cloud Domain: SaaS Integration: Azure azure related rules Integration: Microsoft 365 Rule: Tuning tweaking or tuning an existing rule
#4716 opened May 10, 2025 by terrancedejesus Draft
5 tasks
@terrancedejesus
1
[Rule Tuning] Backup Deletion with Wbadmin backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#4715 opened May 9, 2025 by w0rk3r Loading…
1
@w0rk3r
5
[Rule Tuning] Unusual Scheduled Task Update backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#4714 opened May 9, 2025 by w0rk3r Loading…
1
@w0rk3r
2
[Rule Tuning] Startup or Run Key Registry Modification backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#4710 opened May 8, 2025 by w0rk3r Loading…
1
@w0rk3r
2
[New] Microsoft Entra ID Protection Alert and Device Registration backport: auto Domain: Cloud Integration: Azure azure related rules Integration: Microsoft 365 patch Rule: New Proposal for new rule
#4688 opened Apr 30, 2025 by Samirbous Loading…
@Samirbous
3
[New] Potential SAP NetWeaver Exploitation rules backport: auto OS: Linux OS: Windows windows related rules Rule: New Proposal for new rule
#4666 opened Apr 26, 2025 by Samirbous Loading…
@Samirbous
7
Mark extensions
#4643 opened Apr 23, 2025 by hop-dev Draft
5 tasks
[enhancement] In esql validation, allow any order of metadata backport: auto community patch python Internal python for the repository
#4579 opened Mar 28, 2025 by frederikb96 Loading…
5 tasks done
@frederikb96
3
[Security Content] Windows Audit Policies Config Guides - Repo Edition backport: auto Domain: Endpoint OS: Windows windows related rules Security Content stale 60 days of inactivity
#4501 opened Feb 26, 2025 by w0rk3r Loading…
@w0rk3r
2
[Security Content] Basic EDR Setup Guides - Phase 1 backport: auto Domain: Endpoint OS: Windows windows related rules Security Content stale 60 days of inactivity
#4492 opened Feb 24, 2025 by w0rk3r Draft
@w0rk3r
5
Revert "[Bug] Handle formatting empty list" backport: auto python Internal python for the repository stale 60 days of inactivity wontfix This will not be worked on
#4087 opened Sep 17, 2024 by brokensound77 Loading…
8
[New Rule] Active Directory Forced Authentication from Linux Host backlog backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#3912 opened Jul 22, 2024 by w0rk3r Draft
@w0rk3r
15
[FR] Add white space checking for KQL parse backlog kql related to the kql module
#3789 opened Jun 14, 2024 by eric-forte-elastic Draft
1
@eric-forte-elastic
2
[FR] Updates to KQL Lib Parsing bug Something isn't working kql related to the kql module
#3605 opened Apr 18, 2024 by eric-forte-elastic Draft
1
@eric-forte-elastic
WIP: [POC] Refactor: port unittest to pytest backlog backport: auto bug Something isn't working detections-as-code enhancement New feature or request python Internal python for the repository test-suite unit and other testing components
#3361 opened Jan 3, 2024 by Mikaayenson Draft
@Mikaayenson
11
[Rule Tuning] Update rules using NPC integration and non-ECS fields backlog backport: auto blocked Domain: Network Rule: Tuning tweaking or tuning an existing rule
#3194 opened Oct 16, 2023 by brokensound77 Loading…
@brokensound77
11
ProTip! Exclude everything labeled bug with -label:bug.