Skip to content

Pull requests: elastic/detection-rules

New pull request New
40 Open 3,474 Closed
40 Open 3,474 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

[New Rule] Potential Secret Scanning via Gitleaks backport: auto OS: Linux OS: macOS OS: Windows windows related rules Rule: New Proposal for new rule Team: TRADE
#5377 opened Nov 28, 2025 by Aegrah Loading…
@Aegrah
5
[Tuning] Elastic Defend and Network Security Alerts Correlation backport: auto Rule: Tuning tweaking or tuning an existing rule
#5375 opened Nov 28, 2025 by Samirbous Loading…
@Samirbous
2
[New Rule] Privileged Container Creation with Host Directory Mount backport: auto OS: Linux OS: macOS Rule: New Proposal for new rule Team: TRADE
#5373 opened Nov 27, 2025 by Aegrah Loading…
@Aegrah
11
[New Rule] Potential HTTP Downgrade Attack backport: auto Domain: Web Rule: New Proposal for new rule Team: TRADE
#5372 opened Nov 27, 2025 by Aegrah Loading…
@Aegrah
2
[New Rule] Initial Access via File Upload Followed by GET Request backport: auto OS: Linux OS: macOS OS: Windows windows related rules Rule: New Proposal for new rule Team: TRADE
#5371 opened Nov 27, 2025 by Aegrah Loading…
@Aegrah
2
[New Rule] Tampering with RUNNER_TRACKING_ID in GitHub Actions Runners backport: auto OS: Linux OS: macOS Rule: New Proposal for new rule Team: TRADE
#5370 opened Nov 27, 2025 by Aegrah Loading…
@Aegrah
9
[Rule Tuning] AWS EFS File System Deleted backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5369 opened Nov 26, 2025 by imays11 Loading…
@imays11
1
[New/Tuning] NPM Shai-Hulud coverage backport: auto emerging-threat OS: Linux OS: macOS OS: Windows windows related rules Rule: New Proposal for new rule Rule: Tuning tweaking or tuning an existing rule
#5368 opened Nov 26, 2025 by Samirbous Loading…
@Samirbous
25
[Rule Deprecation] AWS Redshift Cluster Creation backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Deprecation removal of a rule Team: TRADE
#5367 opened Nov 26, 2025 by imays11 Loading…
@imays11
2
[Rule Tunings] AWS RDS Rules backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5366 opened Nov 25, 2025 by imays11 Loading…
@imays11
2
[Rule Tuning] M365 OneDrive Excessive File Downloads with OAuth Token backport: auto Domain: Cloud Domain: SaaS Domain: Storage Integration: Microsoft 365 Rule: Tuning tweaking or tuning an existing rule
#5365 opened Nov 25, 2025 by terrancedejesus Loading…
5 tasks
1
@terrancedejesus
1
[FR] ES|QL remote validation support newline split indices backport: auto patch python Internal python for the repository schema
#5356 opened Nov 24, 2025 by eric-forte-elastic Loading…
5 tasks
1
@eric-forte-elastic
1
[New Rule] AWS EC2 LOLBin Execution via SSM backport: auto Domain: Cloud Domain: Endpoint Integration: AWS AWS related rules Integration: Endpoint Elastic Endpoint Security Rule: New Proposal for new rule
#5354 opened Nov 24, 2025 by terrancedejesus Loading…
5 tasks
1
@terrancedejesus
24
[New Rules] Add MITRE ATLAS framework support and GenAI threat detection rules enhancement New feature or request patch python Internal python for the repository Rule: New Proposal for new rule
#5352 opened Nov 22, 2025 by Mikaayenson Draft
4 of 5 tasks
@Mikaayenson
9
Update actions/checkout action to v6 backport: auto community
#5349 opened Nov 20, 2025 by elastic-renovate-prod bot Loading…
1 task
[New Rule] Web Server Potential SQL Injection Request backport: auto bbr Building Block Rules Rule: New Proposal for new rule Team: TRADE
#5342 opened Nov 19, 2025 by Aegrah Loading…
@Aegrah
8
Add MITRE ATT&CK threat mappings for ML job rules backport: auto Domain: Cloud enhancement New feature or request Integration: AWS AWS related rules ML machine learning related rule Rule: Tuning tweaking or tuning an existing rule
#5333 opened Nov 18, 2025 by jmcarlock Loading…
1 task done
5
Update dependency marshmallow to v4 backport: auto community
#5330 opened Nov 17, 2025 by elastic-renovate-prod bot Loading…
1 task
Update dependency elasticsearch to v9 backport: auto community
#5329 opened Nov 17, 2025 by elastic-renovate-prod bot Loading…
1 task
Update actions/upload-artifact action to v5 backport: auto community
#5328 opened Nov 17, 2025 by elastic-renovate-prod bot Loading…
1 task
Update actions/checkout digest backport: auto community
#5327 opened Nov 17, 2025 by elastic-renovate-prod bot Loading…
1 task
Update actions/setup-python action to v6 backport: auto community
#5326 opened Nov 17, 2025 by elastic-renovate-prod bot Loading…
1 task
Update actions/setup-go action to v6 backport: auto community
#5325 opened Nov 17, 2025 by elastic-renovate-prod bot Loading…
1 task
Update actions/github-script action to v8 backport: auto community
#5322 opened Nov 17, 2025 by elastic-renovate-prod bot Loading…
1 task
[Rule Tuning] AWS IAM Brute Force of Assume Role Policy backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5282 opened Nov 4, 2025 by imays11 Loading…
@imays11
9
ProTip! Type g i on any issue or pull request to go back to the issue listing page.