Skip to content

Issues: elastic/detection-rules

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear current search query, filters, and sorts
31 Open 1,277 Closed
31 Open 1,277 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

[FN Tuning] Suspicious /proc/maps Discovery backport: auto Domain: Endpoint OS: Linux Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4659 opened Apr 25, 2025 by Aegrah Loading…
@Aegrah
7
[Rule Tuning] Potential Ransomware Behavior - High count of Readme files by System Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4653 opened Apr 24, 2025 by w0rk3r
@w0rk3r
[Rule Tuning] Google Workspace Admin Role Assigned to a User community Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4651 opened Apr 24, 2025 by buzzdeee
[New Rule] MSFT Tenant OAuth Phishing via First-Party VSCode Client backport: auto Domain: Cloud emerging-threat Integration: Azure azure related rules Integration: Microsoft 365 patch Rule: New Proposal for new rule Rule: Tuning tweaking or tuning an existing rule
#4642 opened Apr 23, 2025 by terrancedejesus Loading…
5 tasks
@terrancedejesus
2
[Rule Tuning] Reduce Severity from Critical to High backport: auto Rule: Tuning tweaking or tuning an existing rule
#4637 opened Apr 22, 2025 by w0rk3r Loading…
@w0rk3r
4
[New Rule] Potential Dynamic IEX Reconstruction via Environment Variables backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#4633 opened Apr 16, 2025 by w0rk3r Loading…
@w0rk3r
2
[New Rule] Potential PowerShell Obfuscation via Invalid Escape Sequences backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#4614 opened Apr 15, 2025 by w0rk3r Loading…
@w0rk3r
6
[New Rule] Potential PowerShell Obfuscation via Character Array Reconstruction backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#4608 opened Apr 14, 2025 by w0rk3r Loading…
@w0rk3r
7
[Rule Tuning] Suspicious Execution from a Mounted Device community Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4603 opened Apr 10, 2025 by kenza-ab
@w0rk3r
1
[Rule Tuning] A scheduled task was updated community Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4541 opened Mar 17, 2025 by EsbenSec
[Rule Tuning] Potential DLL Side-Loading via Trusted Microsoft Programs community Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4449 opened Feb 5, 2025 by tyler-mcadam
@Samirbous
3
[Rule Tuning] Add exceptions for non-interactive signin failures for Entra M365 Bruteforce backport: auto community Domain: Cloud Integration: Azure azure related rules Rule: Tuning tweaking or tuning an existing rule
#4405 opened Jan 22, 2025 by jvalente-salemstate Loading…
2 tasks done
1
@terrancedejesus
10
[Rule Tuning] Azure Entra Sign-in Brute Force against Microsoft 365 Accounts community Domain: SaaS Integration: Azure azure related rules Integration: Microsoft 365 Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4404 opened Jan 22, 2025 by jvalente-salemstate
1
@terrancedejesus
2
[Rule Tuning] RPC (Remote Procedure Call) from the Internet backlog community Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4268 opened Nov 13, 2024 by SebastianHuettersen
1
4
[Rule Tuning] Azure Entra Sign-in Brute Force against Microsoft 365 Accounts backlog community Domain: Cloud Domain: SaaS Integration: Azure azure related rules Integration: Microsoft 365 Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4262 opened Nov 8, 2024 by willem-dhaese
@terrancedejesus
2
[Rule Tuning] External User Added to Google Workspace Group backlog Integration: Google Workspace Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4128 opened Oct 2, 2024 by brokensound77
1
[Rule Tuning] Google Workspace Drive Encryption Key(s) Accessed from Anonymous User backlog Integration: Google Workspace Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4120 opened Oct 2, 2024 by brokensound77
@terrancedejesus
1
[Rule Tuning] Multiple Okta User Auth Events with Same Device Token Hash Behind a Proxy backlog Integration: Okta okta related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4119 opened Oct 2, 2024 by brokensound77
@terrancedejesus
1
[Rule Tuning] Potential Password Spraying of Microsoft 365 User Accounts backlog community Domain: Cloud Domain: SaaS Integration: Microsoft 365 Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#3934 opened Jul 31, 2024 by janniten
@terrancedejesus
[Rule Tuning] Agent Spoofing - Multiple Hosts Using Same Agent backlog community Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#3932 opened Jul 30, 2024 by tehbooom
[Rule Tuning] O365 Exchange Suspicious Mailbox Right Delegation backlog community Rule: Tuning tweaking or tuning an existing rule
#3775 opened Jun 11, 2024 by willemri
@terrancedejesus
2
[Rule Tuning] Tampering of Shell Command-Line History backlog Rule: Tuning tweaking or tuning an existing rule
#3648 opened May 6, 2024 by psanz-estc
@Aegrah
1
[Rule Tuning] Azure Active Directory High Risk Sign-in => Also alert on failed backlog community Domain: Cloud Integration: Azure azure related rules Rule: Tuning tweaking or tuning an existing rule
#3585 opened Apr 10, 2024 by willem-dhaese
@terrancedejesus
[Rule Tuning] First Time Seen Google Workspace OAuth Login from Third-Party Application backlog community Rule: Tuning tweaking or tuning an existing rule
#3280 opened Nov 20, 2023 by ar3diu
@terrancedejesus
[Rule Tuning] Update rules using NPC integration and non-ECS fields backlog backport: auto blocked Domain: Network Rule: Tuning tweaking or tuning an existing rule
#3194 opened Oct 16, 2023 by brokensound77 Loading…
@brokensound77
11
ProTip! Add no:assignee to see everything that’s not assigned.