issues
search
elastic
/
detection-rules
https://www.elastic.co/guide/en/security/current/detection-engine-overview.html
Other
1.92k
stars
492
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
[FR][DAC] Import Rules Verbose Message
#4093
eric-forte-elastic
opened
2 weeks ago
1
[FR] [DAC] Add exceptions list and action connector text to import-rules logging messages
#4092
eric-forte-elastic
opened
2 weeks ago
0
Update ATT&CK coverage URL(s) in docs/ATT&CK-coverage.md
#4091
github-actions[bot]
closed
2 weeks ago
1
[[DO NOT MERGE ]] Update ATT&CK coverage URL(s) in docs/ATT&CK-coverage.md
#4090
github-actions[bot]
closed
2 weeks ago
0
[Tuning] Add logs-panw.panos index to Network rules
#4089
Samirbous
closed
2 weeks ago
2
[[ DO NOTY MERGE ]] Update ATT&CK coverage URL(s) in docs/ATT&CK-coverage.md
#4088
github-actions[bot]
closed
2 weeks ago
1
Revert "[Bug] Handle formatting empty list"
#4087
brokensound77
opened
3 weeks ago
2
[Bug] Handle formatting empty list
#4086
Mikaayenson
closed
3 weeks ago
2
[Hunting] Re-factor Hunting Library Code
#4085
terrancedejesus
closed
5 days ago
6
[New] ROT encoded Python Script Execution
#4084
Samirbous
closed
3 weeks ago
1
[Bug] Dependency using a deprecated and removed module (`pkg_resources`)
#4083
brokensound77
opened
3 weeks ago
2
Lock versions for releases: 8.10,8.11,8.12,8.13,8.14,8.15
#4082
github-actions[bot]
closed
3 weeks ago
0
min_stack New Rules that use the S1 Integration
#4081
shashank-elastic
closed
3 weeks ago
1
Lock versions for releases: 8.10,8.11,8.12,8.13,8.14,8.15
#4080
github-actions[bot]
closed
3 weeks ago
1
[Rule Tuning] min_stack New Rules that use the S1 Integration
#4079
w0rk3r
closed
3 weeks ago
1
Lock versions for releases: 8.10,8.11,8.12,8.13,8.14,8.15
#4078
github-actions[bot]
closed
3 weeks ago
0
Add flag to update the docs/ATT&CK-coverage.md with markdown URL(s)
#4077
shashank-elastic
closed
2 weeks ago
3
[New] Potential Escalation via Vulnerable MSI Repair - CVE-2024-38014
#4076
Samirbous
closed
3 weeks ago
1
[New Rule] PowerShell Script with Windows Defender Tampering Capabilities
#4075
w0rk3r
closed
3 weeks ago
1
[New Rule] Okta Public Client App OAuth Token Request with Client Credentials
#4074
terrancedejesus
closed
3 weeks ago
2
Skip Development Rules from Security Docs
#4073
shashank-elastic
closed
3 weeks ago
1
[New Rule] AWS Bedrock Detections
#4072
shashank-elastic
closed
3 weeks ago
1
react_sync_rta_updates_4032
#4071
protectionsmachine
closed
3 weeks ago
1
react_sync_rta_updates_4025
#4070
protectionsmachine
closed
3 weeks ago
1
react_sync_rta_updates_4023
#4069
protectionsmachine
closed
3 weeks ago
1
react_sync_rta_updates_4022
#4068
protectionsmachine
closed
3 weeks ago
1
[Rule Tuning] Remote Execution via File Shares
#4067
w0rk3r
closed
3 weeks ago
1
Support toml lint for investigate transforms
#4066
shashank-elastic
closed
3 weeks ago
6
[Tuning] Unusual Network Activity from a Windows System Binary
#4065
Samirbous
closed
4 weeks ago
1
[New Hunt] Add Initial Okta Hunting Queries
#4064
terrancedejesus
closed
3 weeks ago
1
Failing rules after elastic and kibana update on 8.14.3
#4063
PaHuf
closed
4 weeks ago
4
[New] MsiExec Service Child Process With Network Connection
#4062
Samirbous
closed
3 weeks ago
1
[New] Attempt to establish VScode Remote Tunnel
#4061
Samirbous
closed
3 weeks ago
1
[New] Suspicious PowerShell Execution via Windows Scripts
#4060
Samirbous
closed
3 weeks ago
1
Browser Extension Install - filters on wrong field
#4059
willemri
opened
1 month ago
1
[New] Detonate LNK TOP Rules
#4058
Samirbous
closed
3 weeks ago
2
[Rule Tuning] M365/Azure Brute-Forcing New Rule and Tuning; Deprecate Similar Rule
#4057
terrancedejesus
closed
4 weeks ago
4
[Rule Tuning] 3rd Party EDR Compatibility - 18
#4056
w0rk3r
opened
1 month ago
1
[New] Persistence via a Windows Installer
#4055
Samirbous
closed
3 weeks ago
1
[New Rule] New Microsoft 365 Impossible Travel Rules and Deprecation
#4054
terrancedejesus
closed
1 month ago
1
[Tuning] Potential Execution via XZBackdoor
#4053
Samirbous
closed
1 month ago
1
[New Rule] Cross Platform: AWS `SendCommand` API Call with Run Shell Command Parameters
#4052
terrancedejesus
closed
3 weeks ago
1
[New Rule] Google Sheets C2 Detection Review (Voldemort)
#4051
terrancedejesus
opened
1 month ago
0
Lock versions for releases: 8.10,8.11,8.12,8.13,8.14,8.15
#4050
github-actions[bot]
closed
1 month ago
1
Mdr dac
#4049
zsohamwag
closed
1 month ago
1
Testcase to check if Rule Type: BBR tag is present for all BBR rules
#4048
shashank-elastic
closed
1 month ago
1
[New Rule] Add Jamf Protect detection rules
#4047
txhaflaire
closed
3 weeks ago
12
[FR] Unit test to check for related_integrations based on index
#4046
shashank-elastic
opened
1 month ago
4
[Bug] Test `test_required_tags` does not include BBR rules
#4045
shashank-elastic
closed
1 month ago
1
[New] Potential Foxmail Exploitation
#4044
Samirbous
closed
3 weeks ago
1
Previous
Next