Skip to content

Pull requests: elastic/detection-rules

New pull request New
52 Open 4,065 Closed
52 Open 4,065 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

[New] Google Workspace Device Registration from Suspicious ASN backport: auto Domain: Cloud Integration: Google Workspace Rule: New Proposal for new rule
#6158 opened May 15, 2026 by Samirbous Contributor Loading…
@Samirbous
1
[Rule Tuning] Add Highlighted/Investigative Fields to M365 SharePoint Site Sharing Policy Weakened Integration: Microsoft 365 Rule: Tuning tweaking or tuning an existing rule
#6157 opened May 15, 2026 by terrancedejesus Contributor Draft
5 tasks
@terrancedejesus
1
[New] pidfd_getfd FD Theft backport: auto Domain: Endpoint OS: Linux Rule: New Proposal for new rule
#6156 opened May 15, 2026 by eric-forte-elastic Contributor Draft
5 tasks
@eric-forte-elastic
3
[New Rule] Google Workspace User Sign-in from Atypical Device Type Integration: Google Workspace Rule: New Proposal for new rule
#6153 opened May 15, 2026 by terrancedejesus Contributor Draft
5 tasks
@terrancedejesus
1
[New] Entra ID Register Device with Unusual User Agent backport: auto Domain: Cloud Integration: Azure azure related rules Rule: New Proposal for new rule
#6151 opened May 15, 2026 by Samirbous Contributor Loading…
@Samirbous
1
[New Rule] Microsoft Entra ID Impossible Travel Sign-in Integration: Azure azure related rules Rule: New Proposal for new rule
#6150 opened May 15, 2026 by terrancedejesus Contributor Draft
5 tasks
@terrancedejesus
1
[New] Entra ID OAuth Device Code Phishing via AiTM backport: auto Domain: Cloud Integration: Azure azure related rules Rule: New Proposal for new rule
#6149 opened May 15, 2026 by Samirbous Contributor Loading…
@Samirbous
2
[New Rule] Google Workspace Impossible Travel Login Integration: Google Workspace Rule: New Proposal for new rule
#6148 opened May 15, 2026 by terrancedejesus Contributor Draft
5 tasks
@terrancedejesus
1
[New Rule] Google Workspace Login Flagged Suspicious (BBR) bbr Building Block Rules Integration: Google Workspace Rule: New Proposal for new rule
#6147 opened May 14, 2026 by terrancedejesus Contributor Draft
5 tasks
@terrancedejesus
6
[New Rule] Google Workspace Login from Atypical ASN Integration: Google Workspace Rule: New Proposal for new rule
#6146 opened May 14, 2026 by terrancedejesus Contributor Draft
5 tasks
@terrancedejesus
7
[New] Potential Tycoon2FA AiTM Rules backport: auto Domain: Cloud Integration: Azure azure related rules Integration: Microsoft 365 Rule: New Proposal for new rule
#6143 opened May 14, 2026 by Samirbous Contributor Loading…
@Samirbous
8
[New] Microsoft Graph Multi-Category Reconnaissance Burst backport: auto Domain: Cloud Integration: Azure azure related rules Rule: New Proposal for new rule
#6142 opened May 14, 2026 by Samirbous Contributor Loading…
@Samirbous
3
[Bug] Typo in the rule filename Potential Persistence via Periodic Tasks backport: auto community Domain: Endpoint OS: macOS
#6141 opened May 13, 2026 by litemars Contributor Loading…
[Rule Tuning] Finder Sync Plugin Registered and Enabled backport: auto community Domain: Endpoint OS: macOS
#6138 opened May 13, 2026 by litemars Contributor Loading…
1
Update elastic/docs-actions digest to 6202b3b backport: auto community
#6137 opened May 13, 2026 by elastic-renovate-prod Bot Loading…
1 task
Update tj-actions/changed-files action to v47 backport: auto community
#6132 opened May 12, 2026 by elastic-renovate-prod Bot Loading…
1 task
[Tuning] Diverse Rules backport: auto Domain: Endpoint Integration: Kubernetes Kubernetes Integration OS: Linux Rule: Tuning tweaking or tuning an existing rule
#6129 opened May 11, 2026 by Samirbous Contributor Loading…
@Samirbous
14
Update release-drafter/release-drafter action to v7 backport: auto community
#6115 opened May 9, 2026 by elastic-renovate-prod Bot Loading…
1 task
Update peter-evans/create-pull-request action to v8 backport: auto community
#6114 opened May 9, 2026 by elastic-renovate-prod Bot Loading…
1 task
Update fjogeleit/http-request-action action to v2 backport: auto community
#6112 opened May 8, 2026 by elastic-renovate-prod Bot Loading…
1 task
Update dependency setuptools to v82 backport: auto community
#6111 opened May 8, 2026 by elastic-renovate-prod Bot Loading…
1 task
Update dependency eql to v1 backport: auto community
#6108 opened May 8, 2026 by elastic-renovate-prod Bot Loading…
1 task
[New] Potential cPanel WHM CRLF Authentication Bypass (CVE-2026-41940) backport: auto Domain: Network Rule: New Proposal for new rule
#6102 opened May 7, 2026 by eric-forte-elastic Contributor Loading…
5 tasks
@eric-forte-elastic
20
[New] AWS EKS Control Plane Logging Disabled backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#6100 opened May 7, 2026 by Samirbous Contributor Loading…
@Samirbous
6
[New] Kubernetes Static Pod Manifest File Access backport: auto Domain: Containers Domain: Endpoint Integration: Auditd Manager Integration: Cloud Defend Cloud Defend Integration OS: Linux Rule: New Proposal for new rule
#6094 opened May 6, 2026 by Samirbous Contributor Loading…
@Samirbous
7
ProTip! Updated in the last three days: updated:>2026-05-14.