Skip to content

Pull requests: elastic/detection-rules

New pull request New
12 Open 3,271 Closed
12 Open 3,271 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

CLI next gen - timeline templates, value lists, and more backport: auto community python Internal python for the repository
#5042 opened Aug 30, 2025 by frederikb96 Loading…
[FR] Add negate DOES NOT MATCH capability to IM rule type (>=9.2) backport: auto enhancement New feature or request minor python Internal python for the repository schema
#5041 opened Aug 29, 2025 by Mikaayenson Loading…
1 of 5 tasks
@Mikaayenson
5
[FR] Add support for 5 group_by fields in threshold rules (>=9.2) backport: auto detections-as-code enhancement New feature or request minor python Internal python for the repository schema
#5040 opened Aug 29, 2025 by Mikaayenson Loading…
1 of 5 tasks
@Mikaayenson
5
[Rule Tuning] Standardize Azure / M365 Rule Contents
#5035 opened Aug 28, 2025 by terrancedejesus Draft
5 tasks
1
2
feat: ESQL query validation against Elastic cluster
#4955 opened Aug 1, 2025 by traut Draft
5 tasks
@eric-forte-elastic
7
[New Rule/Tuning] Linux User or Group Deletion/Creation backport: auto Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4861 opened Jun 30, 2025 by Aegrah Draft
@Aegrah
8
[New Rule] Kubectl Secret Access container OS: Linux Rule: New Proposal for new rule Team: TRADE
#4834 opened Jun 19, 2025 by Aegrah Draft
@Aegrah
7
[Rule: New] Potential Web Server Fuzzing Attempts Detected backlog backport: auto community
#4720 opened May 12, 2025 by MakoWish Loading…
1 of 5 tasks
1
[New] Microsoft Entra ID Protection Alert and Device Registration backport: auto Domain: Cloud Workloads Domain: Cloud Integration: Azure azure related rules Integration: Microsoft 365 patch Rule: New Proposal for new rule
#4688 opened Apr 30, 2025 by Samirbous Loading…
@Samirbous
6
[New] Potential SAP NetWeaver Exploitation rules backlog backport: auto OS: Linux OS: Windows windows related rules Rule: New Proposal for new rule
#4666 opened Apr 26, 2025 by Samirbous Loading…
@Samirbous
11
[New Rule] Active Directory Forced Authentication from Linux Host backlog backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#3912 opened Jul 22, 2024 by w0rk3r Draft
@w0rk3r
15
[Rule Tuning] Update rules using NPC integration and non-ECS fields backlog backport: auto blocked Domain: Network Rule: Tuning tweaking or tuning an existing rule
#3194 opened Oct 16, 2023 by brokensound77 Loading…
@brokensound77
11
ProTip! Mix and match filters to narrow down what you’re looking for.