Skip to content

Pull requests: elastic/detection-rules

New pull request New
31 Open 2,698 Closed
31 Open 2,698 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

[New Rule] Adding Coverage for AWS S3 Unauthenticated Object Retrieval by Rare Source backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#4315 opened Dec 17, 2024 by terrancedejesus Loading…
2 of 5 tasks
@terrancedejesus
1
[New Rule] Adding Coverage for AWS S3 Unauthenticated Object Upload by Rare Source backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#4314 opened Dec 17, 2024 by terrancedejesus Loading…
3 of 5 tasks
@terrancedejesus
1
[New Rule] Adding Coverage for AWS S3 Unauthenticated Bucket Listing by Rare Source backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#4313 opened Dec 17, 2024 by terrancedejesus Loading…
3 of 5 tasks
@terrancedejesus
1
[Rule Tuning] Potential Persistence via File Modification backport: auto OS: Linux Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4310 opened Dec 17, 2024 by Aegrah Loading…
@Aegrah
1
[New Rule] Simple HTTP Web Server Connection backport: auto Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4309 opened Dec 17, 2024 by Aegrah Loading…
@Aegrah
1
[New Rule] Simple HTTP Web Server Creation backport: auto Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4308 opened Dec 17, 2024 by Aegrah Loading…
@Aegrah
4
[New Rule] Loadable Kernel Module Configuration File Creation backport: auto Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4307 opened Dec 17, 2024 by Aegrah Loading…
@Aegrah
1
[New Rule] Dynamic Linker (ld.so) Creation backport: auto Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4306 opened Dec 16, 2024 by Aegrah Loading…
@Aegrah
1
[New Rule] Unusual Preload Environment Variable Process Execution backport: auto Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4305 opened Dec 16, 2024 by Aegrah Loading…
@Aegrah
5
[Rule Tuning] Creation or Modification of Pluggable Authentication Mo… backport: auto Domain: Endpoint OS: Linux Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4304 opened Dec 16, 2024 by Aegrah Loading…
@Aegrah
1
[New Rule] Unusual SSHD Child Process backport: auto Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4303 opened Dec 16, 2024 by Aegrah Loading…
@Aegrah
3
[New Rule] Pluggable Authentication Module Creation in Unusual Directory backport: auto Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4302 opened Dec 16, 2024 by Aegrah Loading…
@Aegrah
1
[New Rule] Pluggable Authentication Module Source Download backport: auto Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4301 opened Dec 16, 2024 by Aegrah Loading…
@Aegrah
2
[New Rule] PAM Version Discovery backport: auto Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4300 opened Dec 16, 2024 by Aegrah Loading…
@Aegrah
1
[Rule Tuning] Windows misc Rule Tuning backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#4298 opened Dec 12, 2024 by w0rk3r Loading…
@w0rk3r
1
[Tuning] Uncommon Registry Persistence Change backport: auto community Domain: Endpoint OS: Windows windows related rules
#4286 opened Dec 8, 2024 by rad9800 Loading…
1 task done
@Samirbous @rad9800
3
[Bug] [DaC] Metadata maturity field default mismatch and poor enforcement of rule naming conventions backport: auto bug Something isn't working minor python Internal python for the repository
#4285 opened Dec 6, 2024 by eric-forte-elastic Loading…
5 tasks
1
@eric-forte-elastic
6
Add Fortigate Fortinet index to multiple detection rules backport: auto community RTA work on RTA framework
#4275 opened Nov 27, 2024 by SHolzhauer Loading…
1 of 2 tasks
1
Revert "[Bug] Handle formatting empty list" backport: auto python Internal python for the repository
#4087 opened Sep 17, 2024 by brokensound77 Loading…
5
[New Rule] Potential Forced Authentication - SMB Named Pipes backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#3916 opened Jul 24, 2024 by w0rk3r Draft
@w0rk3r
9
[New Rule] Active Directory Forced Authentication from Linux Host backlog backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#3912 opened Jul 22, 2024 by w0rk3r Draft
@w0rk3r
14
[New Rule] [BBR] Active Directory Object Modification by SYSTEM backlog backport: auto bbr Building Block Rules Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#3835 opened Jun 26, 2024 by w0rk3r Draft
@w0rk3r
1
[FR] Add white space checking for KQL parse backlog
#3789 opened Jun 14, 2024 by eric-forte-elastic Draft
1
@eric-forte-elastic
2
[New Rules] Azure OpenAI backlog backport: auto esql ES|QL Integration: Azure Openai Rule: New Proposal for new rule
#3701 opened May 22, 2024 by Mikaayenson Draft
@Mikaayenson
19
[FR] Updates to KQL Lib Parsing bug Something isn't working kql related to the kql module
#3605 opened Apr 18, 2024 by eric-forte-elastic Draft
1
ProTip! Add no:assignee to see everything that’s not assigned.