Skip to content

Pull requests: elastic/detection-rules

New pull request New
43 Open 3,550 Closed
43 Open 3,550 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

[Rule Tunings] AWS New Terms History Window Reduction backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5479 opened Dec 16, 2025 by imays11 Loading…
@imays11
1
[Rule Tuning] Entra ID User Sign-in with Unusual Client backport: auto Domain: Cloud Integration: Azure azure related rules Rule: Tuning tweaking or tuning an existing rule
#5473 opened Dec 16, 2025 by terrancedejesus Loading…
5 tasks
1
@terrancedejesus
1
[New Rules] Several GitHub Related Rules backport: auto Integration: GitHub GitHub integration Rule: New Proposal for new rule Team: TRADE
#5470 opened Dec 16, 2025 by Aegrah Loading…
@Aegrah
1
[Rule Tuning] Shared Object Created or Changed by Previously Unknown … backport: auto Domain: Endpoint OS: Linux Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5469 opened Dec 16, 2025 by Aegrah Loading…
@Aegrah
3
[Rule Tuning] AWS Service Quotas Multi-Region GetServiceQuota Requests backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5468 opened Dec 15, 2025 by imays11 Loading…
@imays11
1
[Rule Tuning] AWS CLI with Kali Linux Fingerprint Identified backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5467 opened Dec 15, 2025 by imays11 Loading…
@imays11
1
[Rule Tuning] Entra ID User Sign-in with Unusual Registered Device backport: auto Domain: Cloud Domain: Identity Integration: Azure azure related rules Rule: Tuning tweaking or tuning an existing rule
#5466 opened Dec 15, 2025 by terrancedejesus Loading…
5 tasks
1
@terrancedejesus
1
[Rule Tuning] Entra ID OAuth PRT Issuance to Non-Managed Device Detected backport: auto Domain: Cloud Domain: Identity Integration: Azure azure related rules Rule: Tuning tweaking or tuning an existing rule
#5464 opened Dec 15, 2025 by terrancedejesus Loading…
5 tasks
1
@terrancedejesus
1
[Rule Tuning] Entra ID OAuth user_impersonation Scope for Unusual User and Client backport: auto Rule: Tuning tweaking or tuning an existing rule
#5462 opened Dec 15, 2025 by terrancedejesus Loading…
5 tasks
1
@terrancedejesus
1
[New] Alerts From Multiple Integrations by Entity backport: auto esql ES|QL Rule: New Proposal for new rule
#5460 opened Dec 15, 2025 by Samirbous Loading…
@Samirbous
8
[Rule Tuning] AWS EventBridge Rule Disabled or Deleted backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5458 opened Dec 12, 2025 by imays11 Loading…
@imays11
1
[Rule Tuning] AWS SQS Queue Purge backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5457 opened Dec 12, 2025 by imays11 Loading…
@imays11
1
[Rule Tunings] AWS Config Rule Tunings backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5456 opened Dec 12, 2025 by imays11 Loading…
@imays11
1
[Rule Tunings] AWS Lambda Rules backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5451 opened Dec 11, 2025 by imays11 Loading…
@imays11
3
[Rule Tunings] AWS Route 53 Rules backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5448 opened Dec 10, 2025 by imays11 Loading…
@imays11
1
[New] React2Shell Network Security Alert backport: auto Domain: Network emerging-threat patch Rule: New Proposal for new rule
#5445 opened Dec 10, 2025 by Samirbous Loading…
@Samirbous
9
Added logic to main.py to use the created_at and updated_at values if they exist backport: auto enhancement New feature or request patch python Internal python for the repository
#5444 opened Dec 10, 2025 by aarju Loading…
2 tasks
10
[New] Suricata and Elastic Defend Network Correlation backport: auto Domain: Endpoint Domain: Network Rule: New Proposal for new rule
#5443 opened Dec 10, 2025 by Samirbous Loading…
@Samirbous
28
[FR] Add keep metadata check to esql schema test backport: auto patch python Internal python for the repository schema test-suite unit and other testing components
#5441 opened Dec 9, 2025 by eric-forte-elastic Loading…
5 tasks
1
@eric-forte-elastic
1
[New Rule] GitHub Actions Bot Pushed to Repository for First Time backport: auto Domain: Cloud Rule: New Proposal for new rule
#5438 opened Dec 9, 2025 by terrancedejesus Loading…
5 tasks
1
@terrancedejesus
9
[New Rule] GitHub Actions Workflow Injection Blocked backport: auto Domain: Cloud Domain: SaaS patch Rule: New Proposal for new rule
#5433 opened Dec 9, 2025 by terrancedejesus Loading…
5 tasks
1
@terrancedejesus
8
[Rule Tunings] AWS WAF Rules backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5429 opened Dec 8, 2025 by imays11 Loading…
@imays11
1
[Bug] Importing rules from directory uses wrong type backport: auto bug Something isn't working detections-as-code patch python Internal python for the repository
#5428 opened Dec 8, 2025 by eric-forte-elastic Loading…
5 tasks
1
@eric-forte-elastic
1
Update actions/checkout action to v6 backport: auto community
#5349 opened Nov 20, 2025 by elastic-renovate-prod bot Loading…
1 task
Update dependency marshmallow to v4 backport: auto community
#5330 opened Nov 17, 2025 by elastic-renovate-prod bot Loading…
1 task
ProTip! Type g p on any issue or pull request to go back to the pull request listing page.