Pull requests: elastic/detection-rules
Pull requests list
Lock versions for releases: 8.12,8.13,8.14,8.15,8.16,8.17
backport: auto
#4411
opened Jan 22, 2025 by
github-actions
bot
Loading…
[Rule Tuning] Improve Detection Compatibility with Non-English Logs
backport: auto
community
Domain: Endpoint
OS: Windows
windows related rules
Rule: Tuning
tweaking or tuning an existing rule
#4410
opened Jan 22, 2025 by
w0rk3r
Loading…
[New Hunt] Adding Hunting Query for AWS related rules
IAM Unusual Default Aviatrix Role Activity
backport: auto
community
Domain: Cloud
Hunt: New
Hunting
Integration: AWS
#4409
opened Jan 22, 2025 by
terrancedejesus
Loading…
3 of 5 tasks
[New Hunt] Persistence via NetworkManager Dispatcher Script
backport: auto
community
Hunt: New
Hunting
OS: Linux
Rule: Hunt
bit noisy but useful for hunting
Team: TRADE
threat hunting
Related to hunting/ library.
#4408
opened Jan 22, 2025 by
Aegrah
Loading…
[New Hunt] Persistence via Desktop Bus (D-Bus)
backport: auto
community
Hunt: New
Hunting
OS: Linux
Rule: Hunt
bit noisy but useful for hunting
Team: TRADE
threat hunting
Related to hunting/ library.
#4407
opened Jan 22, 2025 by
Aegrah
Loading…
[New Hunt] Persistence via PolicyKit
backport: auto
community
Hunt: New
Hunting
OS: Linux
Rule: Hunt
bit noisy but useful for hunting
Team: TRADE
threat hunting
Related to hunting/ library.
#4406
opened Jan 22, 2025 by
Aegrah
Loading…
[Rule Tuning] Add exceptions for non-interactive signin failures for Entra M365 Bruteforce
backport: auto
community
Domain: Cloud
Integration: Azure
azure related rules
#4405
opened Jan 22, 2025 by
jvalente-salemstate
Loading…
2 tasks done
[New Hunt] General Kernel Manipulation
backport: auto
community
Hunt: New
Hunting
OS: Linux
Rule: Hunt
bit noisy but useful for hunting
Team: TRADE
threat hunting
Related to hunting/ library.
#4403
opened Jan 21, 2025 by
Aegrah
Loading…
[New Hunt] Persistence via Initramfs
backport: auto
community
Hunt: New
Hunting
OS: Linux
Rule: Hunt
bit noisy but useful for hunting
Team: TRADE
threat hunting
Related to hunting/ library.
#4402
opened Jan 21, 2025 by
Aegrah
Loading…
[New & Tuning] Persistence via GRUB Bootloader
backport: auto
community
Hunt: New
Hunt: Tuning
Hunting
OS: Linux
Rule: Hunt
bit noisy but useful for hunting
Team: TRADE
threat hunting
Related to hunting/ library.
#4401
opened Jan 21, 2025 by
Aegrah
Loading…
[New Rule] Potential Forced Authentication - SMB Named Pipes
backlog
backport: auto
Domain: Endpoint
OS: Windows
windows related rules
Rule: New
Proposal for new rule
[New Rule] Active Directory Forced Authentication from Linux Host
backlog
backport: auto
Domain: Endpoint
OS: Windows
windows related rules
Rule: New
Proposal for new rule
[New Rule] [BBR] Active Directory Object Modification by SYSTEM
backlog
backport: auto
bbr
Building Block Rules
Domain: Endpoint
OS: Windows
windows related rules
Rule: New
Proposal for new rule
[FR] Add white space checking for KQL parse
backlog
#3789
opened Jun 14, 2024 by
eric-forte-elastic
•
Draft
[New Rules] Azure OpenAI
backlog
backport: auto
esql
ES|QL
Integration: Azure Openai
Rule: New
Proposal for new rule
#3701
opened May 22, 2024 by
Mikaayenson
•
Draft
WIP: [POC] Refactor: port unittest to pytest
backlog
backport: auto
bug
Something isn't working
detections-as-code
enhancement
New feature or request
python
Internal python for the repository
test-suite
unit and other testing components
#3361
opened Jan 3, 2024 by
Mikaayenson
•
Draft
[Rule Tuning] Update rules using NPC integration and non-ECS fields
backlog
backport: auto
blocked
Domain: Network
Rule: Tuning
tweaking or tuning an existing rule
#3194
opened Oct 16, 2023 by
brokensound77
Loading…
ProTip!
Mix and match filters to narrow down what you’re looking for.