Skip to content

Pull requests: elastic/detection-rules

New pull request New
52 Open 3,388 Closed
52 Open 3,388 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

[Rule Tuning] AWS IAM Brute Force of Assume Role Policy Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5282 opened Nov 4, 2025 by imays11 Draft
@imays11
1
[Rule Tuning] AWS IAM CompromisedKeyQuarantine Policy Attached to User Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5281 opened Nov 4, 2025 by imays11 Draft
@imays11
1
MITRE ATT&CK Sub-Technique Update | Solves Issue #5279 backport: auto community Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#5280 opened Nov 4, 2025 by veritasr3x Loading…
2 tasks done
1
[Rule Tuning] AWS IAM Virtual MFA Device Rules Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5275 opened Nov 3, 2025 by imays11 Draft
@imays11
1
[Rule Tuning] AWS GetSessionToken Abuse bbr Building Block Rules Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5274 opened Nov 3, 2025 by imays11 Draft
@imays11
1
rule-tuning: Elastic Agent service termination improve for detection backport: auto community Domain: Endpoint Rule: Tuning tweaking or tuning an existing rule
#5272 opened Nov 3, 2025 by alstolten Loading…
1
@Aegrah
3
[Rule Tunings] AWS Group Creation, User Added to Group, Group Deletion backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5269 opened Oct 31, 2025 by imays11 Loading…
@imays11
2
[Rule Tuning][New Rule] AWS S3 Bucket Policy Added to Share with External Account/ to Allow Public Access backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5268 opened Oct 30, 2025 by imays11 Loading…
@imays11
3
[New Rule] Privilege Escalation via SUID/SGID Proxy Execution backport: auto Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#5266 opened Oct 30, 2025 by Aegrah Loading…
@Aegrah
5
[Rule Tuning] AWS S3 Bucket Configuration Deletion backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5265 opened Oct 29, 2025 by imays11 Loading…
@imays11
1
[Rule Tuning] AWS S3 Static Site Javascript File Uploaded backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5264 opened Oct 29, 2025 by imays11 Loading…
@imays11
1
[Rule Tuning] AWS S3 Object Versioning Suspended backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5261 opened Oct 29, 2025 by imays11 Loading…
@imays11
1
Renovate Updates backport: auto enhancement New feature or request patch
#5258 opened Oct 28, 2025 by shashank-elastic Loading…
5 tasks
@shashank-elastic
2
Update dependency requests to ~=2.32.5 backport: auto community
#5257 opened Oct 28, 2025 by elastic-renovate-prod bot Loading…
1 task
[Bug] [DAC] Auto Gen Schema Fails on Certain Subqueries backport: auto bug Something isn't working patch python Internal python for the repository schema
#5256 opened Oct 28, 2025 by eric-forte-elastic Loading…
5 tasks
1
@eric-forte-elastic
6
[Rule Tuning] AWS S3 Bucket Server Access Logging Disabled backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5254 opened Oct 27, 2025 by imays11 Loading…
@imays11
1
[Rule Tuning] Azure Diagnostic Settings Deletion backport: auto Domain: Cloud Integration: Azure azure related rules Rule: Tuning tweaking or tuning an existing rule
#5253 opened Oct 27, 2025 by terrancedejesus Loading…
5 tasks
1
@terrancedejesus
1
[Rule Tuning] AWS S3 Bucket Expiration Lifecycle Configuration Added backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5251 opened Oct 27, 2025 by imays11 Loading…
@imays11
1
[New] Windows Server Update Service Spawning Suspicious Processes backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#5250 opened Oct 24, 2025 by Samirbous Loading…
@Samirbous
2
[New Rule][Deprecation] AWS EC2 Export Task Rules backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Deprecation removal of a rule Rule: New Proposal for new rule Team: TRADE
#5248 opened Oct 24, 2025 by imays11 Loading…
@imays11
2
[Rule Tuning] AWS EC2 Full Network Packet Capture Detected backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5244 opened Oct 23, 2025 by imays11 Loading…
@imays11
3
[New Rule] Okta Multiple OS Names Detected for a Single DT Hash Domain: Identity Integration: Okta okta related rules Rule: New Proposal for new rule
#5241 opened Oct 22, 2025 by terrancedejesus Draft
5 tasks
1
@terrancedejesus
2
[Rule Tunings] AWS Multiple API Calls ESQL rules backport: auto bbr Building Block Rules Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5238 opened Oct 21, 2025 by imays11 Loading…
@imays11
5
[Tuning] Potential Ransomware Behavior - Note Files by System backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#5235 opened Oct 21, 2025 by Samirbous Loading…
@Samirbous
7
[Rule Tuning] Adds Crowdstrike Compatibility to Linux Process Rules backport: auto bbr Building Block Rules Domain: Endpoint OS: Linux Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5232 opened Oct 17, 2025 by Aegrah Loading…
@Aegrah
2
ProTip! Type g p on any issue or pull request to go back to the pull request listing page.