Skip to content

Pull requests: elastic/detection-rules

New pull request New
30 Open 3,141 Closed
30 Open 3,141 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

[New Rule] Kubectl Apply Pod from URL backport: auto container Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4855 opened Jun 27, 2025 by Aegrah Loading…
@Aegrah
3
[New Rule] Kubernetes Events Deleted backport: auto container Integration: Kubernetes Kubernetes Integration Rule: New Proposal for new rule Team: TRADE
#4853 opened Jun 27, 2025 by Aegrah Loading…
@Aegrah
1
[Bug] Fix Filter Support for Import Rules backport: auto bug Something isn't working community detections-as-code patch python Internal python for the repository
#4852 opened Jun 26, 2025 by eric-forte-elastic Loading…
5 tasks
1
@eric-forte-elastic
1
[Rule Tuning] Microsoft Entra ID Exccessive Account Lockouts Detected backport: auto Domain: Cloud Domain: Identity Integration: Azure azure related rules python Internal python for the repository Rule: Tuning tweaking or tuning an existing rule
#4851 opened Jun 26, 2025 by terrancedejesus Loading…
5 tasks
@terrancedejesus
6
[New Rule] Kubernetes Sensitive Configuration File Activity backport: auto container Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4849 opened Jun 26, 2025 by Aegrah Loading…
@Aegrah
4
[New Rule] Kubernetes Forbidden Creation Request backport: auto container Integration: Kubernetes Kubernetes Integration OS: Linux Rule: New Proposal for new rule Team: TRADE
#4843 opened Jun 24, 2025 by Aegrah Loading…
@Aegrah
1
[New Rule] Kubernetes Direct API Request via Curl or Wget backport: auto container Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4841 opened Jun 23, 2025 by Aegrah Loading…
@Aegrah
2
[New Rule] Kubectl Network Configuration Modification backport: auto container Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4836 opened Jun 19, 2025 by Aegrah Loading…
@Aegrah
2
[New BBR] Kubectl Configuration Discovery backport: auto bbr Building Block Rules container OS: Linux Rule: New Proposal for new rule Team: TRADE
#4835 opened Jun 19, 2025 by Aegrah Loading…
@Aegrah
1
[New Rule] Kubectl Secret Access container OS: Linux Rule: New Proposal for new rule Team: TRADE
#4834 opened Jun 19, 2025 by Aegrah Draft
@Aegrah
3
[New Rule] Potential Impersonation Attempt via Kubectl backport: auto container Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4833 opened Jun 19, 2025 by Aegrah Loading…
@Aegrah
4
[New Rule] Potential Kubectl Masquerading backport: auto container Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4832 opened Jun 19, 2025 by Aegrah Loading…
@Aegrah
8
[New Rule] Kubernetes Unusual Decision by User Agent backport: auto Integration: Kubernetes Kubernetes Integration OS: Linux Rule: New Proposal for new rule Team: TRADE
#4829 opened Jun 19, 2025 by Aegrah Loading…
@Aegrah
6
[New Rules] Potential Relay Attack against a Computer Account backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule Rule: Tuning tweaking or tuning an existing rule
#4826 opened Jun 18, 2025 by w0rk3r Loading…
@w0rk3r
2
Clarify authentication settings to Kibana related to #4495 backport: auto
#4819 opened Jun 17, 2025 by m-a-leclercq Loading…
5 tasks
[New Rule] Microsoft Entra ID Suspicious Cloud Device Registration Domain: Cloud Domain: Identity Integration: Azure azure related rules patch Rule: New Proposal for new rule
#4802 opened Jun 13, 2025 by terrancedejesus Draft
5 tasks
1
@terrancedejesus
2
fix: type hinting fixes and additional code checks backport: auto ci/cd Hunting maintenance Internal changes minor python Internal python for the repository schema
#4790 opened Jun 11, 2025 by traut Loading…
5 tasks
2
@traut
34
Bump setuptools from 75.2.0 to 78.1.1 backport: auto community dependencies Pull requests that update a dependency file major python Internal python for the repository
#4730 opened May 19, 2025 by dependabot bot Loading…
2
[Rule: New] Potential Web Server Fuzzing Attempts Detected backport: auto community
#4720 opened May 12, 2025 by MakoWish Loading…
1 of 5 tasks
[New] Microsoft Entra ID Protection Alert and Device Registration backport: auto Domain: Cloud Workloads Domain: Cloud Integration: Azure azure related rules Integration: Microsoft 365 patch Rule: New Proposal for new rule
#4688 opened Apr 30, 2025 by Samirbous Loading…
@Samirbous
5
[New] Potential SAP NetWeaver Exploitation rules backport: auto OS: Linux OS: Windows windows related rules Rule: New Proposal for new rule
#4666 opened Apr 26, 2025 by Samirbous Loading…
@Samirbous
10
[enhancement] In esql validation, allow any order of metadata backport: auto community patch python Internal python for the repository
#4579 opened Mar 28, 2025 by frederikb96 Loading…
5 tasks done
@frederikb96
4
[Security Content] Windows Audit Policies Config Guides - Repo Edition backlog backport: auto Domain: Endpoint OS: Windows windows related rules Security Content
#4501 opened Feb 26, 2025 by w0rk3r Loading…
@w0rk3r
3
[Security Content] Basic EDR Setup Guides - Phase 1 backlog backport: auto Domain: Endpoint OS: Windows windows related rules Security Content
#4492 opened Feb 24, 2025 by w0rk3r Draft
@w0rk3r
6
Revert "[Bug] Handle formatting empty list" backport: auto bug Something isn't working python Internal python for the repository wontfix This will not be worked on
#4087 opened Sep 17, 2024 by brokensound77 Loading…
9
ProTip! Exclude everything labeled bug with -label:bug.