-
Notifications
You must be signed in to change notification settings - Fork 496
Pull requests: elastic/detection-rules
Author
Label
Projects
Milestones
Reviews
Assignee
Sort
Pull requests list
react_sync_rta_updates_4221
backport: auto
RTA
work on RTA framework
#4198
opened Oct 23, 2024 by
protectionsmachine
Loading…
react_sync_rta_updates_4216
backport: auto
RTA
work on RTA framework
#4197
opened Oct 23, 2024 by
protectionsmachine
Loading…
react_sync_rta_updates_4215
backport: auto
RTA
work on RTA framework
#4196
opened Oct 23, 2024 by
protectionsmachine
Loading…
react_sync_rta_updates_4212
backport: auto
enhancement
New feature or request
RTA
work on RTA framework
#4195
opened Oct 22, 2024 by
protectionsmachine
Loading…
react_sync_rta_updates_4209
backport: auto
enhancement
New feature or request
RTA
work on RTA framework
#4194
opened Oct 22, 2024 by
protectionsmachine
Loading…
react_sync_rta_updates_4208
backport: auto
enhancement
New feature or request
RTA
work on RTA framework
#4193
opened Oct 22, 2024 by
protectionsmachine
Loading…
react_sync_rta_updates_4207
backport: auto
enhancement
New feature or request
RTA
work on RTA framework
#4192
opened Oct 22, 2024 by
protectionsmachine
Loading…
[Rule Tuning] Potential Linux Hack Tool Launched
backport: auto
Domain: Endpoint
OS: Linux
Rule: Tuning
tweaking or tuning an existing rule
Team: TRADE
#4191
opened Oct 22, 2024 by
Aegrah
Loading…
[Tuning] Suspicious Lsass Process Access
backport: auto
Domain: Endpoint
OS: Windows
windows related rules
Rule: Tuning
tweaking or tuning an existing rule
#4188
opened Oct 21, 2024 by
Samirbous
Loading…
[Rule Tuning] Tuning windows related rules
Rule: Tuning
tweaking or tuning an existing rule
Process Termination followed by Deletion
OS: Windows
#4173
opened Oct 18, 2024 by
terrancedejesus
•
Draft
4 of 5 tasks
[New] First Time Seen User Auth via DeviceCode Protocol
backport: auto
Domain: Cloud
Integration: Azure
azure related rules
Rule: New
Proposal for new rule
#4153
opened Oct 14, 2024 by
Samirbous
Loading…
Revert "[Bug] Handle formatting empty list"
backport: auto
python
Internal python for the repository
#4087
opened Sep 17, 2024 by
brokensound77
Loading…
[New Rule] Potential Forced Authentication - SMB Named Pipes
backport: auto
Domain: Endpoint
OS: Windows
windows related rules
Rule: New
Proposal for new rule
[New Rule] Active Directory Forced Authentication from Linux Host
backport: auto
Domain: Endpoint
OS: Windows
windows related rules
Rule: New
Proposal for new rule
[New Rule] [BBR] Active Directory Object Modification by SYSTEM
backlog
backport: auto
bbr
Building Block Rules
Domain: Endpoint
OS: Windows
windows related rules
Rule: New
Proposal for new rule
[FR] Add white space checking for KQL parse
backlog
#3789
opened Jun 14, 2024 by
eric-forte-elastic
•
Draft
[Rule Tuning] Update ML Rules (Analytic Packages) to Add Event Ingested
backport: auto
Integration: Beaconing
Integration: DED
Integration: DGA
Integration: LMD
integration: ProblemChild
ML
machine learning related rule
stale
60 days of inactivity
#3705
opened May 23, 2024 by
terrancedejesus
•
Draft
[New Rules] Azure OpenAI
backlog
backport: auto
esql
ES|QL
Integration: Azure Openai
Rule: New
Proposal for new rule
#3701
opened May 22, 2024 by
Mikaayenson
•
Draft
[FR] Updates to KQL Lib Parsing
bug
Something isn't working
kql
related to the kql module
#3605
opened Apr 18, 2024 by
eric-forte-elastic
•
Draft
[New Rule] Endpoint Security Promotion Rules for Specific Events
backlog
Integration: Endpoint
Elastic Endpoint Security
Rule: New
Proposal for new rule
#3533
opened Mar 24, 2024 by
terrancedejesus
•
Draft
Update collection_microsoft_365_new_inbox_rule.toml
backport: auto
community
Domain: Cloud
Integration: Microsoft 365
#3504
opened Mar 11, 2024 by
acumen-kevinr
Loading…
[FR] Add New feature or request
fleet-release
Issue tracking rule updates released to (OOB) Fleet integration package
python
Internal python for the repository
schema
Supportability
Regarding rule maintenance and support for specific stack versions
v8.15.0
source_updated_at
to Rule Schema as a Build Time Field
backlog
backport: auto
enhancement
#3427
opened Feb 5, 2024 by
terrancedejesus
Loading…
WIP: [POC] Refactor: port unittest to pytest
backlog
backport: auto
bug
Something isn't working
detections-as-code
enhancement
New feature or request
python
Internal python for the repository
test-suite
unit and other testing components
#3361
opened Jan 3, 2024 by
Mikaayenson
•
Draft
[Rule Tuning] Update rules using NPC integration and non-ECS fields
backlog
backport: auto
blocked
Domain: Network
Rule: Tuning
tweaking or tuning an existing rule
#3194
opened Oct 16, 2023 by
brokensound77
Loading…
[FR] Add investigation guide checks
backlog
backport: auto
ci/cd
cli
command line tooling
Domain: Cloud
Domain: Endpoint
enhancement
New feature or request
Integration: Google Workspace
ML
machine learning related rule
OS: Linux
OS: Windows
windows related rules
python
Internal python for the repository
#2994
opened Aug 2, 2023 by
Mikaayenson
•
Draft
Previous Next
ProTip!
no:milestone will show everything without a milestone.