Skip to content

Pull requests: elastic/detection-rules

New pull request New
50 Open 3,550 Closed
50 Open 3,550 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

[Rule Tuning] PowerShell Rules - Misc Tuning/Severity Bumps backport: auto bbr Building Block Rules Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#5486 opened Dec 17, 2025 by w0rk3r Loading…
@w0rk3r
2
[New Rule] ConsentFix Detections
#5485 opened Dec 17, 2025 by terrancedejesus Draft
5 tasks
@terrancedejesus
[Rule Tuning] Linux DR Tuning - 4 backport: auto Domain: Endpoint OS: Linux Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5484 opened Dec 17, 2025 by Aegrah Loading…
@Aegrah
3
[Rule Tuning] Linux DR Tuning - 3 backport: auto Domain: Endpoint OS: Linux Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5483 opened Dec 17, 2025 by Aegrah Loading…
@Aegrah
2
[Tuning] Diverse Rules Tuning backport: auto Domain: Endpoint OS: Linux OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#5482 opened Dec 17, 2025 by Samirbous Loading…
@Samirbous
7
[Rule Tuning] Linux DR Tuning - 2 backport: auto Domain: Endpoint OS: Linux Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5481 opened Dec 17, 2025 by Aegrah Loading…
@Aegrah
3
[Tuning] Top Noisy Windows BBR backport: auto bbr Building Block Rules OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#5480 opened Dec 17, 2025 by Samirbous Loading…
@Samirbous
1
[Rule Tunings] AWS New Terms History Window Reduction backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5479 opened Dec 16, 2025 by imays11 Loading…
@imays11
1
[Rule Tuning] Entra ID User Sign-in with Unusual Client backport: auto Domain: Cloud Integration: Azure azure related rules Rule: Tuning tweaking or tuning an existing rule
#5473 opened Dec 16, 2025 by terrancedejesus Loading…
5 tasks
1
@terrancedejesus
1
[New Rules] Several GitHub Related Rules backport: auto Integration: GitHub GitHub integration Rule: New Proposal for new rule Team: TRADE
#5470 opened Dec 16, 2025 by Aegrah Loading…
@Aegrah
1
[Rule Tuning] Shared Object Created or Changed by Previously Unknown … backport: auto Domain: Endpoint OS: Linux Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5469 opened Dec 16, 2025 by Aegrah Loading…
@Aegrah
3
[Rule Tuning] AWS Service Quotas Multi-Region GetServiceQuota Requests backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5468 opened Dec 15, 2025 by imays11 Loading…
@imays11
1
[Rule Tuning] AWS CLI with Kali Linux Fingerprint Identified backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5467 opened Dec 15, 2025 by imays11 Loading…
@imays11
1
[Rule Tuning] Entra ID User Sign-in with Unusual Registered Device backport: auto Domain: Cloud Domain: Identity Integration: Azure azure related rules Rule: Tuning tweaking or tuning an existing rule
#5466 opened Dec 15, 2025 by terrancedejesus Loading…
5 tasks
1
@terrancedejesus
1
[Rule Tuning] Entra ID OAuth PRT Issuance to Non-Managed Device Detected backport: auto Domain: Cloud Domain: Identity Integration: Azure azure related rules Rule: Tuning tweaking or tuning an existing rule
#5464 opened Dec 15, 2025 by terrancedejesus Loading…
5 tasks
1
@terrancedejesus
1
[Rule Tuning] Entra ID OAuth user_impersonation Scope for Unusual User and Client backport: auto Rule: Tuning tweaking or tuning an existing rule
#5462 opened Dec 15, 2025 by terrancedejesus Loading…
5 tasks
1
@terrancedejesus
1
[New] Alerts From Multiple Integrations by Entity backport: auto esql ES|QL Rule: New Proposal for new rule
#5460 opened Dec 15, 2025 by Samirbous Loading…
@Samirbous
8
[Rule Tuning] AWS EventBridge Rule Disabled or Deleted backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5458 opened Dec 12, 2025 by imays11 Loading…
@imays11
1
[Rule Tuning] AWS SQS Queue Purge backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5457 opened Dec 12, 2025 by imays11 Loading…
@imays11
1
[Rule Tunings] AWS Config Rule Tunings backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5456 opened Dec 12, 2025 by imays11 Loading…
@imays11
1
[Rule Tunings] AWS Lambda Rules backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5451 opened Dec 11, 2025 by imays11 Loading…
@imays11
3
[Rule Tunings] AWS Route 53 Rules backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5448 opened Dec 10, 2025 by imays11 Loading…
@imays11
1
[New] React2Shell Network Security Alert backport: auto Domain: Network emerging-threat patch Rule: New Proposal for new rule
#5445 opened Dec 10, 2025 by Samirbous Loading…
@Samirbous
9
Added logic to main.py to use the created_at and updated_at values if they exist backport: auto enhancement New feature or request patch python Internal python for the repository
#5444 opened Dec 10, 2025 by aarju Loading…
2 tasks
10
[New] Suricata and Elastic Defend Network Correlation backport: auto Domain: Endpoint Domain: Network Rule: New Proposal for new rule
#5443 opened Dec 10, 2025 by Samirbous Loading…
@Samirbous
28
ProTip! Follow long discussions with comments:>50.