issues
search
elastic
/
detection-rules
https://www.elastic.co/guide/en/security/current/detection-engine-overview.html
Other
1.85k
stars
461
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
[FR] [DAC] Add support for CCS in Beats Validation
#3853
eric-forte-elastic
opened
1 hour ago
0
[New Rule] AWS RDS Snapshot Deleted
#3852
imays11
opened
2 days ago
0
[New Rule] AWS RDS DB Instance or Cluster Deletion Protection Disabled
#3851
imays11
opened
2 days ago
0
[FR] Detection Rule PR Guidelines and Issue Forms
#3850
Mikaayenson
opened
2 days ago
0
[Rule Tuning] Tuning Google Workspace Rules and File Name Length Reduction
#3849
terrancedejesus
opened
2 days ago
0
[Rule Tuning] Unusual File Creation - Alternate Data Stream
#3848
w0rk3r
opened
2 days ago
0
[New Hunt] Add Initial Linux Hunting Files
#3847
terrancedejesus
opened
3 days ago
0
[FR] Update Release Workflow Token Naming
#3846
eric-forte-elastic
opened
3 days ago
3
Lock versions for releases: 8.9,8.10,8.11,8.12,8.13,8.14
#3845
github-actions[bot]
closed
3 days ago
0
[New Rule] AWS RDS DB Instance or Cluster Password Modified
#3844
imays11
opened
3 days ago
0
[Bug][DAC] Rule Threat Reference Fields Exported from Kibana Mismatch URL
#3843
eric-forte-elastic
opened
3 days ago
1
[FR] Limit historical rules to the latest 2
#3842
Mikaayenson
closed
3 days ago
2
[Rule Tuning] Improve Compatibility in WIndows BBR Detection Rules
#3841
w0rk3r
closed
1 hour ago
0
[Tuning] Microsoft Windows Defender Tampering
#3840
Samirbous
closed
3 days ago
0
[Rule Tuning] LSASS Process Access via Windows API
#3839
w0rk3r
closed
3 days ago
0
[Rule Tuning] Attempts to Brute Force a Microsoft 365 User Account
#3838
ZsomborBenedek
opened
4 days ago
1
[Bug] PowerShell Suspicious Discovery Related Windows API Functions - not file.path not working as expected.
#3837
BugOrFeature
opened
4 days ago
1
[New Rule] AWS RDS DB Instance Made Public
#3836
imays11
opened
4 days ago
0
[New Rule] [BBR] Active Directory Object Modification by SYSTEM
#3835
w0rk3r
opened
4 days ago
1
[New] Microsoft Management Console File from Unusual Path
#3834
Samirbous
closed
4 days ago
0
[New Rule] AD Group Modification by SYSTEM
#3833
w0rk3r
closed
4 days ago
0
[New Rules] Git Hook Execution/File Creation
#3832
Aegrah
closed
3 days ago
0
[New Rule] AWS RDS Snapshot Shared with Another Account
#3831
imays11
opened
5 days ago
0
[FR] Added Schema Check for Data View ID and Index
#3830
eric-forte-elastic
opened
5 days ago
0
Trim codeowners
#3829
brokensound77
closed
3 days ago
0
[New BBR] AWS RDS DB Snapshot Created
#3828
imays11
closed
3 days ago
0
[New BBR] AWS RDS DB Snapshot Created
#3827
imays11
closed
5 days ago
1
Generate Better Index Keys
#3826
shashank-elastic
closed
2 days ago
4
[Rule Tuning] Add Initial Microsoft Defender for Endpoint Compatibility to Windows DRs
#3825
w0rk3r
closed
5 days ago
0
[Rule Tuning] LSASS Process Access via Windows API
#3824
joe-desimone
opened
6 days ago
0
Lock versions for releases: 8.9,8.10,8.11,8.12,8.13,8.14
#3823
github-actions[bot]
closed
6 days ago
1
[New Rule] DNF Package Manager Plugin File Creation
#3822
Aegrah
closed
3 days ago
0
Lock versions for releases: 8.9,8.10,8.11,8.12,8.13,8.14
#3821
github-actions[bot]
closed
6 days ago
2
[New Rules] Yum Plugin Creation / Discovery
#3820
Aegrah
closed
6 days ago
0
[New Rule] Entra ID Device Code Auth with Broker Client
#3819
terrancedejesus
closed
17 minutes ago
1
Test case to check updated_date
#3818
shashank-elastic
opened
1 week ago
0
[Bug] schema should not allow `index` and `dataview`
#3817
brokensound77
opened
1 week ago
0
[FR] [DAC] Update default KQL parsing behavior to normalize keywords for custom rule directories.
#3816
eric-forte-elastic
opened
1 week ago
7
[FR] Add API auth to Kibana module
#3815
brokensound77
opened
1 week ago
0
[Rule Tuning] Multiple Device Token Hashes for Single Okta Session
#3814
terrancedejesus
closed
2 days ago
3
[New Rules] rc.local Execution Rules
#3813
Aegrah
closed
3 days ago
0
[Rule Tuning] Executable Bit Set for Potential Persistence Script
#3812
Aegrah
closed
3 days ago
0
[Rule Tuning] System V Init Script Created
#3811
Aegrah
closed
3 days ago
0
[Rule Tuning] LSASS Memory Dump Creation
#3810
ar3diu
opened
1 week ago
2
[Rule Tuning] AWS RDS Snapshot Restored
#3809
imays11
closed
2 days ago
0
[Tuning] Ransomware over SMB
#3808
Samirbous
opened
1 week ago
0
[Bug] Microsoft IIS Service Account Password Dumped doesn't match the command arg
#3807
fdartayre
opened
1 week ago
0
[Rule Tuning] Suspicious Inter-Process Communication via Outlook #3803
#3806
ar3diu
opened
1 week ago
7
[Rule Tuning] rc.local/rc.common File Creation
#3805
Aegrah
closed
3 days ago
0
[New Rule] User or Group Creation/Modification
#3804
Aegrah
closed
4 days ago
0
Next