Skip to content

Pull requests: elastic/detection-rules

New pull request New
30 Open 3,470 Closed
30 Open 3,470 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

[FR] ES|QL remote validation support newline split indices backport: auto patch python Internal python for the repository schema
#5356 opened Nov 24, 2025 by eric-forte-elastic Loading…
5 tasks
1
@eric-forte-elastic
1
[New Rule] AWS EC2 LOLBin Execution via SSM Domain: Cloud Domain: Endpoint Integration: AWS AWS related rules Integration: Endpoint Elastic Endpoint Security Rule: New Proposal for new rule
#5354 opened Nov 24, 2025 by terrancedejesus Draft
5 tasks
1
@terrancedejesus
19
[New Rules] Add MITRE ATLAS framework support and GenAI threat detection rules enhancement New feature or request patch python Internal python for the repository Rule: New Proposal for new rule
#5352 opened Nov 22, 2025 by Mikaayenson Draft
4 of 5 tasks
@Mikaayenson
8
Update actions/checkout action to v6 backport: auto community
#5349 opened Nov 20, 2025 by elastic-renovate-prod bot Loading…
1 task
[New Rule] Web Server Potential SQL Injection Request backport: auto bbr Building Block Rules Rule: New Proposal for new rule Team: TRADE
#5342 opened Nov 19, 2025 by Aegrah Loading…
@Aegrah
8
Add MITRE ATT&CK threat mappings for ML job rules backport: auto Domain: Cloud enhancement New feature or request Integration: AWS AWS related rules ML machine learning related rule Rule: Tuning tweaking or tuning an existing rule
#5333 opened Nov 18, 2025 by jmcarlock Loading…
1 task done
5
Update dependency marshmallow to v4 backport: auto community
#5330 opened Nov 17, 2025 by elastic-renovate-prod bot Loading…
1 task
Update dependency elasticsearch to v9 backport: auto community
#5329 opened Nov 17, 2025 by elastic-renovate-prod bot Loading…
1 task
Update actions/upload-artifact action to v5 backport: auto community
#5328 opened Nov 17, 2025 by elastic-renovate-prod bot Loading…
1 task
Update actions/checkout digest backport: auto community
#5327 opened Nov 17, 2025 by elastic-renovate-prod bot Loading…
1 task
Update actions/setup-python action to v6 backport: auto community
#5326 opened Nov 17, 2025 by elastic-renovate-prod bot Loading…
1 task
Update actions/setup-go action to v6 backport: auto community
#5325 opened Nov 17, 2025 by elastic-renovate-prod bot Loading…
1 task
Update actions/github-script action to v8 backport: auto community
#5322 opened Nov 17, 2025 by elastic-renovate-prod bot Loading…
1 task
[Rule Tuning] AWS IAM Brute Force of Assume Role Policy backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5282 opened Nov 4, 2025 by imays11 Draft
@imays11
7
Update dependency requests to ~=2.32.5 backport: auto community
#5257 opened Oct 28, 2025 by elastic-renovate-prod bot Loading…
1 task
[Rule Tunings] AWS Multiple API Calls ESQL rules backport: auto bbr Building Block Rules Domain: Cloud Integration: AWS AWS related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#5238 opened Oct 21, 2025 by imays11 Draft
@imays11
5
Update lateral_movement_scheduled_task_target.toml to fix null values backport: auto community Domain: Endpoint OS: Windows windows related rules
#5228 opened Oct 16, 2025 by theusername-sudo Loading…
@w0rk3r
1
[New Rule] File Creation with Curly Braces or Command Substitution backport: auto Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#5219 opened Oct 14, 2025 by Aegrah Draft
@Aegrah
5
Add rules for Azure Activity Logs/GCP Audit ML jobs backport: skip Domain: Cloud Integration: Azure azure related rules Integration: GCP GCP related rules minor ML machine learning related rule Rule: New Proposal for new rule
#5191 opened Oct 6, 2025 by jmcarlock Loading…
5 tasks
@jmcarlock
26
Update README for the installation of kibana and kql packages backport: auto community documentation Improvements or additions to documentation
#5177 opened Oct 2, 2025 by pberba Loading…
5 tasks
3
[Rule Tuning] Update Azure / M365 Rule Names and File Paths backport: auto Domain: Application Domain: Cloud Workloads Domain: Cloud Domain: Email Domain: Endpoint Domain: Identity Domain: Network Domain: SaaS Domain: Storage Integration: Azure azure related rules Integration: Microsoft 365 Rule: Tuning tweaking or tuning an existing rule
#5172 opened Oct 1, 2025 by terrancedejesus Loading…
5 tasks
1
@terrancedejesus
21
[Rule Tuning] Linux DR Tuning - 1 OS: Linux Team: TRADE
#5122 opened Sep 16, 2025 by Aegrah Draft
@Aegrah
5
Update dependency elasticsearch to ~=8.19.2 backport: auto community
#5100 opened Sep 12, 2025 by elastic-renovate-prod bot Loading…
1 task
[Rule Tuning] Standardize Azure / M365 Rule Contents backlog backport: auto
#5035 opened Aug 28, 2025 by terrancedejesus Draft
5 tasks
1
12
[New Rule/Tuning] Linux User or Group Deletion/Creation backport: auto Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4861 opened Jun 30, 2025 by Aegrah Draft
@Aegrah
9
ProTip! Exclude everything labeled bug with -label:bug.