4 Pull requests merged by 2 people

• [New Hunt] Microsoft Entra Infrequent Suspicious OData Client Requests

  #4708 merged May 10, 2025

• [New Rule] Suspicious Email Access by First-Party Application via Microsoft Graph

  #4704 merged May 10, 2025

• [New Rule] Microsoft Entra Session Reuse with Suspicious Graph Access

  #4711 merged May 10, 2025

• [Rule Tuning] Unusual File Creation - Alternate Data Stream

  #4712 merged May 9, 2025

7 Pull requests opened by 5 people

• [Rule Tuning] Unusual Scheduled Task Update

  #4714 opened May 9, 2025

• [Rule Tuning] Backup Deletion with Wbadmin

  #4715 opened May 9, 2025

• [Rule Tuning] Potential Microsoft 365 User Account Brute Force

  #4716 opened May 10, 2025

• [New Rule] Multiple Microsoft 365 User Account Lockouts in Short Time Window

  #4717 opened May 10, 2025

• Resolve datetime.utcfromtimestamp deprecation

  #4719 opened May 11, 2025

• [Rule: New] Potential Web Server Fuzzing Attempts Detected

  #4720 opened May 12, 2025

• [Tuning] Microsoft Azure or Mail Sign-in from a Suspicious Source

  #4723 opened May 15, 2025

6 Issues closed by 3 people

• [FR] Tag Deprecated rules as deprecated

  #2327 closed May 9, 2025

• [Bug] Duplicate Alerts in ESQL Detection Rule with 24-Hour Look-Back Period and 5-Minute Interval

  #4250 closed May 9, 2025

• [Rule Tuning] Potential DLL Side-Loading via Trusted Microsoft Programs

  #4449 closed May 9, 2025

• [Rule Tuning] Unusual File Creation - Alternate Data Stream

  #4680 closed May 9, 2025

• [Rule Tuning] O365 Exchange Suspicious Mailbox Right Delegation

  #3775 closed May 9, 2025

• [Bug] O365 Exchange Suspicious Mailbox Right Delegation - False Positives for "NT AUTHORITY\SYSTEM (Microsoft.Exchange.ServiceHost)"

  #3702 closed May 9, 2025

4 Issues opened by 4 people

• [Rule Tuning] Windows Registry File Creation in SMB Share

  #4722 opened May 14, 2025

• [Rule Tuning] attrib.exe usage by draw.io

  #4721 opened May 13, 2025

• [Bug] Help Flag Returns Errors

  #4718 opened May 10, 2025

• [FR] Pre-Built Elastic Auditd Ruleset

  #4713 opened May 9, 2025

6 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• [Rule Tuning] A scheduled task was updated

  #4541 commented on May 9, 2025 • 0 new comments

• [FR] Make keeping up with commits easier for already modified rules

  #4536 commented on May 13, 2025 • 0 new comments

• Revert "[Bug] Handle formatting empty list"

  #4087 commented on May 14, 2025 • 0 new comments

• [Security Content] Basic EDR Setup Guides - Phase 1

  #4492 commented on May 14, 2025 • 0 new comments

• [Security Content] Windows Audit Policies Config Guides - Repo Edition

  #4501 commented on May 14, 2025 • 0 new comments

• [Rule Tuning] Startup or Run Key Registry Modification

  #4710 commented on May 12, 2025 • 0 new comments