Skip to content

Pull requests: elastic/detection-rules

New pull request New
26 Open 2,599 Closed
26 Open 2,599 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

react_sync_rta_updates_4221 backport: auto RTA work on RTA framework
#4198 opened Oct 23, 2024 by protectionsmachine Loading…
react_sync_rta_updates_4216 backport: auto RTA work on RTA framework
#4197 opened Oct 23, 2024 by protectionsmachine Loading…
react_sync_rta_updates_4215 backport: auto RTA work on RTA framework
#4196 opened Oct 23, 2024 by protectionsmachine Loading…
react_sync_rta_updates_4212 backport: auto enhancement New feature or request RTA work on RTA framework
#4195 opened Oct 22, 2024 by protectionsmachine Loading…
@shashank-elastic
1
react_sync_rta_updates_4209 backport: auto enhancement New feature or request RTA work on RTA framework
#4194 opened Oct 22, 2024 by protectionsmachine Loading…
@shashank-elastic
1
react_sync_rta_updates_4208 backport: auto enhancement New feature or request RTA work on RTA framework
#4193 opened Oct 22, 2024 by protectionsmachine Loading…
@shashank-elastic
1
react_sync_rta_updates_4207 backport: auto enhancement New feature or request RTA work on RTA framework
#4192 opened Oct 22, 2024 by protectionsmachine Loading…
@shashank-elastic
1
[Rule Tuning] Potential Linux Hack Tool Launched backport: auto Domain: Endpoint OS: Linux Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4191 opened Oct 22, 2024 by Aegrah Loading…
1
@Aegrah
1
[Tuning] Suspicious Lsass Process Access backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#4188 opened Oct 21, 2024 by Samirbous Loading…
@Samirbous
1
[Rule Tuning] Tuning Process Termination followed by Deletion OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#4173 opened Oct 18, 2024 by terrancedejesus Draft
4 of 5 tasks
2
[New] First Time Seen User Auth via DeviceCode Protocol backport: auto Domain: Cloud Integration: Azure azure related rules Rule: New Proposal for new rule
#4153 opened Oct 14, 2024 by Samirbous Loading…
@Samirbous
4
Revert "[Bug] Handle formatting empty list" backport: auto python Internal python for the repository
#4087 opened Sep 17, 2024 by brokensound77 Loading…
3
[New Rule] Potential Forced Authentication - SMB Named Pipes backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#3916 opened Jul 24, 2024 by w0rk3r Draft
@w0rk3r
8
[New Rule] Active Directory Forced Authentication from Linux Host backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#3912 opened Jul 22, 2024 by w0rk3r Draft
@w0rk3r
12
[New Rule] [BBR] Active Directory Object Modification by SYSTEM backlog backport: auto bbr Building Block Rules Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#3835 opened Jun 26, 2024 by w0rk3r Draft
@w0rk3r
1
[FR] Add white space checking for KQL parse backlog
#3789 opened Jun 14, 2024 by eric-forte-elastic Draft
1
@eric-forte-elastic
2
[Rule Tuning] Update ML Rules (Analytic Packages) to Add Event Ingested backport: auto Integration: Beaconing Integration: DED Integration: DGA Integration: LMD integration: ProblemChild ML machine learning related rule stale 60 days of inactivity
#3705 opened May 23, 2024 by terrancedejesus Draft
1
@terrancedejesus
15
[New Rules] Azure OpenAI backlog backport: auto esql ES|QL Integration: Azure Openai Rule: New Proposal for new rule
#3701 opened May 22, 2024 by Mikaayenson Draft
@Mikaayenson
19
[FR] Updates to KQL Lib Parsing bug Something isn't working kql related to the kql module
#3605 opened Apr 18, 2024 by eric-forte-elastic Draft
1
[New Rule] Endpoint Security Promotion Rules for Specific Events backlog Integration: Endpoint Elastic Endpoint Security Rule: New Proposal for new rule
#3533 opened Mar 24, 2024 by terrancedejesus Draft
@terrancedejesus
10
Update collection_microsoft_365_new_inbox_rule.toml backport: auto community Domain: Cloud Integration: Microsoft 365
#3504 opened Mar 11, 2024 by acumen-kevinr Loading…
5
[FR] Add source_updated_at to Rule Schema as a Build Time Field backlog backport: auto enhancement New feature or request fleet-release Issue tracking rule updates released to (OOB) Fleet integration package python Internal python for the repository schema Supportability Regarding rule maintenance and support for specific stack versions v8.15.0
#3427 opened Feb 5, 2024 by terrancedejesus Loading…
1
@terrancedejesus
11
WIP: [POC] Refactor: port unittest to pytest backlog backport: auto bug Something isn't working detections-as-code enhancement New feature or request python Internal python for the repository test-suite unit and other testing components
#3361 opened Jan 3, 2024 by Mikaayenson Draft
@Mikaayenson
11
[Rule Tuning] Update rules using NPC integration and non-ECS fields backlog backport: auto blocked Domain: Network Rule: Tuning tweaking or tuning an existing rule
#3194 opened Oct 16, 2023 by brokensound77 Loading…
@Mikaayenson
11
[FR] Add investigation guide checks backlog backport: auto ci/cd cli command line tooling Domain: Cloud Domain: Endpoint enhancement New feature or request Integration: Google Workspace ML machine learning related rule OS: Linux OS: Windows windows related rules python Internal python for the repository
#2994 opened Aug 2, 2023 by Mikaayenson Draft
@Mikaayenson
3
ProTip! no:milestone will show everything without a milestone.