Skip to content

Pull requests: elastic/detection-rules

New pull request New
41 Open 3,571 Closed
41 Open 3,571 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

[Rule Tuning] GenAI DR Tuning Rule: Tuning tweaking or tuning an existing rule
#5506 opened Dec 19, 2025 by Mikaayenson Draft
5 tasks
@Mikaayenson
2
[Rule Tuning] Linux DR Tuning - 8 backport: auto Domain: Endpoint OS: Linux Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5505 opened Dec 19, 2025 by Aegrah Loading…
@Aegrah
3
[Rule Tuning] Linux DR Tuning - 7 backport: auto Domain: Endpoint OS: Linux Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5504 opened Dec 19, 2025 by Aegrah Loading…
@Aegrah
7
[Tuning] Suspicious React Server Child Process backport: auto Domain: Endpoint Rule: Tuning tweaking or tuning an existing rule
#5503 opened Dec 19, 2025 by Samirbous Loading…
@Samirbous
2
[Rule Tuning] Entra ID Excessive Account Lockouts Detected Domain: Cloud Domain: Identity Integration: Azure azure related rules Rule: Tuning tweaking or tuning an existing rule
#5502 opened Dec 19, 2025 by terrancedejesus Draft
5 tasks
1
@terrancedejesus
1
[Rule Tuning] AWS EC2 EBS Snapshot Access Removed backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5499 opened Dec 18, 2025 by imays11 Loading…
@imays11
3
[Rule Tuning] Linux DR Tuning - 6 backport: auto Domain: Endpoint OS: Linux Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5497 opened Dec 18, 2025 by Aegrah Loading…
@Aegrah
6
[Rule Tuning] Linux DR Tuning - 5 backport: auto Domain: Endpoint OS: Linux Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5494 opened Dec 18, 2025 by Aegrah Loading…
@Aegrah
5
[New Rule] ConsentFix Detections
#5485 opened Dec 17, 2025 by terrancedejesus Draft
5 tasks
@terrancedejesus
[Rule Tuning] Linux DR Tuning - 4 backport: auto Domain: Endpoint OS: Linux Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5484 opened Dec 17, 2025 by Aegrah Loading…
@Aegrah
9
[Rule Tuning] Linux DR Tuning - 3 backport: auto Domain: Endpoint OS: Linux Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5483 opened Dec 17, 2025 by Aegrah Loading…
@Aegrah
16
[Rule Tuning] Linux DR Tuning - 2 backport: auto Domain: Endpoint OS: Linux Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5481 opened Dec 17, 2025 by Aegrah Loading…
@Aegrah
5
[New Rules] Several GitHub Related Rules backport: auto Integration: GitHub GitHub integration Rule: New Proposal for new rule Team: TRADE
#5470 opened Dec 16, 2025 by Aegrah Loading…
@Aegrah
4
[Rule Tuning] AWS Service Quotas Multi-Region GetServiceQuota Requests backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5468 opened Dec 15, 2025 by imays11 Loading…
@imays11
2
[Rule Tuning] Entra ID User Sign-in with Unusual Registered Device backport: auto Domain: Cloud Domain: Identity Integration: Azure azure related rules Rule: Tuning tweaking or tuning an existing rule
#5466 opened Dec 15, 2025 by terrancedejesus Loading…
5 tasks
1
@terrancedejesus
3
[Rule Tuning] Entra ID OAuth PRT Issuance to Non-Managed Device Detected backport: auto Domain: Cloud Domain: Identity Integration: Azure azure related rules Rule: Tuning tweaking or tuning an existing rule
#5464 opened Dec 15, 2025 by terrancedejesus Loading…
5 tasks
1
@terrancedejesus
3
[Rule Tuning] AWS SQS Queue Purge backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5457 opened Dec 12, 2025 by imays11 Loading…
@imays11
2
[Rule Tunings] AWS Config Rule Tunings backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5456 opened Dec 12, 2025 by imays11 Loading…
@imays11
1
[Rule Tunings] AWS Lambda Rules backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5451 opened Dec 11, 2025 by imays11 Loading…
@imays11
5
Added logic to main.py to use the created_at and updated_at values if they exist backport: auto enhancement New feature or request patch python Internal python for the repository
#5444 opened Dec 10, 2025 by aarju Loading…
2 tasks
10
[FR] Add keep metadata check to esql schema test backport: auto patch python Internal python for the repository schema test-suite unit and other testing components
#5441 opened Dec 9, 2025 by eric-forte-elastic Loading…
5 tasks
1
@eric-forte-elastic
10
[Bug] Importing rules from directory uses wrong type backport: auto bug Something isn't working detections-as-code patch python Internal python for the repository
#5428 opened Dec 8, 2025 by eric-forte-elastic Loading…
5 tasks
1
@eric-forte-elastic
1
Update actions/checkout action to v6 backport: auto community
#5349 opened Nov 20, 2025 by elastic-renovate-prod bot Loading…
1 task
Update dependency marshmallow to v4 backport: auto community
#5330 opened Nov 17, 2025 by elastic-renovate-prod bot Loading…
1 task
Update dependency elasticsearch to v9 backport: auto community
#5329 opened Nov 17, 2025 by elastic-renovate-prod bot Loading…
1 task
ProTip! Adding no:label will show everything without a label.