elastic / detection-rules Public

Notifications You must be signed in to change notification settings
Fork 600
Star 2.4k

Code
Issues 159
Pull requests 26
Actions
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Actions
Security
Insights

Pull requests: elastic/detection-rules

Labels 133 Milestones 1

New pull request New

26 Open 3,357 Closed

Author

Filter by author

Uh oh!

There was an error while loading. Please reload this page.

Label

Filter by label

Uh oh!

There was an error while loading. Please reload this page.

Use alt + click/return to exclude labels

or ⇧ + click/return for logical OR

Projects

Filter by project

Uh oh!

There was an error while loading. Please reload this page.

Milestones

Filter by milestone

Uh oh!

There was an error while loading. Please reload this page.

Reviews

Filter by reviews

No reviews Review required Approved review Changes requested

Assignee

Filter by who’s assigned

Assigned to nobody

Uh oh!

There was an error while loading. Please reload this page.

Sort

Sort by

Newest Oldest Most commented Least commented Recently updated Least recently updated Best match

Most reactions

Pull requests list

[Rule Tuning] Suspicious Entra ID OAuth User Impersonation Scope Detected backport: auto Domain: Cloud Domain: Identity Integration: Azure

azure related rules

Rule: Tuning

tweaking or tuning an existing rule

#5190 opened Oct 6, 2025 by terrancedejesus

Loading…

5 tasks

[New Rule] Entra ID Protection Admin Confirmed Compromise backport: auto Domain: Cloud Domain: Identity Integration: Azure

azure related rules

Rule: New

Proposal for new rule

#5186 opened Oct 6, 2025 by terrancedejesus

Loading…

5 tasks

[New Rule] Azure Storage Blob Retrieval via AzCopy Domain: Cloud Domain: Identity Domain: Storage Integration: Azure

azure related rules

Rule: New

Proposal for new rule

#5179 opened Oct 2, 2025 by terrancedejesus • Draft

5 tasks

Update README for the installation of kibana and kql packages backport: auto community documentation

Improvements or additions to documentation

#5177 opened Oct 2, 2025 by pberba

Loading…

5 tasks

[Rule Tuning] Update Azure / M365 Rule Names and File Paths backport: auto Domain: Application Domain: Cloud Workloads Domain: Cloud Domain: Email Domain: Endpoint Domain: Identity Domain: Network Domain: SaaS Domain: Storage Integration: Azure

azure related rules

Integration: Microsoft 365 Rule: Tuning

tweaking or tuning an existing rule

#5172 opened Oct 1, 2025 by terrancedejesus

Loading…

5 tasks

[Security Content] Windows Setup Guides - WinEventLog & Sysmon backport: auto Domain: Endpoint OS: Windows

windows related rules

Security Content

#5162 opened Sep 29, 2025 by w0rk3r

Loading…

Update dependency pyflakes to v3.4.0 backport: auto community

#5126 opened Sep 17, 2025 by elastic-renovate-prod bot

Loading…

1 task

[Rule Tuning] Linux DR Tuning - 1 OS: Linux Team: TRADE

#5122 opened Sep 16, 2025 by Aegrah • Draft

Update dependency pre-commit to v3.8.0 backport: auto community

#5121 opened Sep 16, 2025 by elastic-renovate-prod bot

Loading…

1 task

Update dependency pep8-naming to v0.15.1 backport: auto community

#5120 opened Sep 16, 2025 by elastic-renovate-prod bot

Loading…

1 task

Update dependency nodeenv to v1.9.1 backport: auto community

#5117 opened Sep 16, 2025 by elastic-renovate-prod bot

Loading…

1 task

Update dependency marko to v2.2.0 backport: auto community

#5103 opened Sep 14, 2025 by elastic-renovate-prod bot

Loading…

1 task

Update dependency flake8 to v7.3.0 backport: auto community

#5102 opened Sep 14, 2025 by elastic-renovate-prod bot

Loading…

1 task

Update dependency elasticsearch to ~=8.19.1 backport: auto community

#5100 opened Sep 12, 2025 by elastic-renovate-prod bot

Loading…

1 task

Update dependency PyGithub to v2.8.1 backport: auto community

#5099 opened Sep 12, 2025 by elastic-renovate-prod bot

Loading…

1 task

Update dependency Click to ~=8.3.0 backport: auto community

#5098 opened Sep 12, 2025 by elastic-renovate-prod bot

Loading…

1 task

Update tj-actions/changed-files action to v46.0.5 backport: auto community

#5097 opened Sep 12, 2025 by elastic-renovate-prod bot

Loading…

1 task

CLI next gen - timeline templates, value lists, and more backport: auto community python

Internal python for the repository

#5042 opened Aug 30, 2025 by frederikb96

Loading…

[Rule Tuning] Standardize Azure / M365 Rule Contents backport: auto

#5035 opened Aug 28, 2025 by terrancedejesus • Draft

5 tasks

feat: ESQL query validation against Elastic cluster backport: auto enhancement

New feature or request

esql

ES|QL

Hunting minor python

Internal python for the repository

schema test-suite

unit and other testing components

#4955 opened Aug 1, 2025 by traut

Loading…

1 of 5 tasks

[New Rule/Tuning] Linux User or Group Deletion/Creation backport: auto Domain: Endpoint OS: Linux Rule: New

Proposal for new rule

Team: TRADE

#4861 opened Jun 30, 2025 by Aegrah • Draft

[New Rule] Kubectl Secret Access container OS: Linux Rule: New

Proposal for new rule

Team: TRADE

#4834 opened Jun 19, 2025 by Aegrah • Draft

[Rule: New] Potential Web Server Fuzzing Attempts Detected backlog backport: auto community

#4720 opened May 12, 2025 by MakoWish

Loading…

1 of 5 tasks

[New] Potential SAP NetWeaver Exploitation rules backlog backport: auto OS: Linux OS: Windows

windows related rules

Rule: New

Proposal for new rule

#4666 opened Apr 26, 2025 by Samirbous

Loading…

[New Rule] Active Directory Forced Authentication from Linux Host backlog backport: auto Domain: Endpoint OS: Windows

windows related rules

Rule: New

Proposal for new rule

#3912 opened Jul 22, 2024 by w0rk3r • Draft

Previous 1 2 Next

Previous Next

ProTip! Mix and match filters to narrow down what you’re looking for.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Uh oh!