issues
search
elastic
/
detection-rules
https://www.elastic.co/guide/en/security/current/detection-engine-overview.html
Other
1.92k
stars
492
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
[New] WPS Office Exploitation via DLL Hijack
#4043
Samirbous
closed
3 weeks ago
1
[Rule Tuning] 3rd Party EDR Compatibility - 17
#4042
w0rk3r
opened
1 month ago
1
[Rule Tuning] 3rd Party EDR Compatibility - 16
#4041
w0rk3r
opened
1 month ago
1
[Rule Tuning] 3rd Party EDR Compatibility - 15
#4040
w0rk3r
opened
1 month ago
1
[Rule Tuning] 3rd Party EDR Compatibility - 14
#4039
w0rk3r
opened
1 month ago
1
[Rule Tuning] 3rd Party EDR Compatibility - 13
#4038
w0rk3r
opened
1 month ago
1
[Rule Tuning] 3rd Party EDR Compatibility - 12
#4037
w0rk3r
opened
1 month ago
1
[Rule Tuning] 3rd Party EDR Compatibility - 11
#4036
w0rk3r
opened
1 month ago
1
[Rule Tuning] 3rd Party EDR Compatibility - 10
#4035
w0rk3r
opened
1 month ago
1
[Rule Tuning] 3rd Party EDR Compatibility - 9
#4034
w0rk3r
opened
1 month ago
1
[Bug] Toml Lint Fails on rules with investigate transforms
#4033
Mikaayenson
closed
3 weeks ago
0
[Rule Tuning] 3rd Party EDR Compatibility - 8
#4032
w0rk3r
opened
1 month ago
1
[Rule Tuning] 3rd Party EDR Compatibility - 7
#4031
w0rk3r
opened
1 month ago
1
[Rule Tuning] 3rd Party EDR Compatibility - 6
#4030
w0rk3r
opened
1 month ago
1
[Tuning] Suspicious Web Browser Sensitive File Access
#4029
Samirbous
closed
1 month ago
2
[New Rule] Attempt to Disable Auditd Service
#4028
Aegrah
closed
1 month ago
1
[New Rule] Potential Defense Evasion via Doas
#4027
Aegrah
closed
1 month ago
1
[New Rule] SSL Certificate Deletion
#4026
Aegrah
closed
1 month ago
1
[New Rule] Root Certificate Installation
#4025
Aegrah
closed
1 month ago
2
[New Rule] SELinux Configuration Creation or Modification
#4024
Aegrah
closed
1 month ago
1
[FR] Deprecate Experimental ML Logic
#4023
Mikaayenson
opened
1 month ago
0
[Rule Tuning] 3rd Party EDR Compatibility - 5
#4022
w0rk3r
opened
1 month ago
1
[Rule Tuning] 3rd Party EDR Compatibility - 4
#4021
w0rk3r
opened
1 month ago
1
[Rule Tuning] 3rd Party EDR Compatibility - 3
#4020
w0rk3r
opened
1 month ago
1
[Rule Tuning] 3rd Party EDR Compatibility - 2
#4019
w0rk3r
opened
1 month ago
1
Mdr dac
#4018
zsohamwag
closed
1 month ago
2
[Rule Tuning] 3rd Party EDR Compatibility - 1
#4017
w0rk3r
opened
1 month ago
1
[Rule Tuning] Enumeration of Privileged Local Groups Membership
#4016
w0rk3r
closed
1 month ago
1
[New Rule] New Rules AWS Multi-Region Discovery of EC2 Instances and Quotas
#4015
terrancedejesus
closed
1 month ago
1
react_sync_rta_updates_3916
#4014
protectionsmachine
closed
1 month ago
1
[FR] [DaC] Update Import Rules to Repo Help Text for Clarity
#4013
eric-forte-elastic
closed
1 month ago
1
Properly reference rule type in import-rules-to-repo command
#4012
0xdeadbeefJERKY
closed
1 month ago
1
[Bug] import-rules-to-repo command makes improper reference to rule type
#4011
0xdeadbeefJERKY
closed
1 month ago
1
react_sync_rta_updates_3765
#4010
protectionsmachine
closed
1 month ago
2
[New Rule] Access Control List Modification via setfacl
#4009
Aegrah
closed
1 month ago
1
[Bug] Development Rules Should not be part of Prebuilt Rule Reference
#4008
shashank-elastic
closed
3 weeks ago
1
[Bug] Broken Links in ATT&CK-coverage.md
#4007
shashank-elastic
closed
2 weeks ago
0
[FR] Redesign Filed Mapping Check for Integration Packages
#4006
shashank-elastic
opened
1 month ago
0
[New Rule] Instance Metadata Service (IMDS) API Requests - Linux
#4005
terrancedejesus
closed
1 month ago
2
[Rule Tuning] Potential privilege escalation via CVE-2022-38028
#4004
w0rk3r
closed
1 month ago
1
[Bug] Add historical Rules as Default when Build Package
#4003
eric-forte-elastic
closed
1 month ago
2
[New Rule] AWS CLI Command with Custom Endpoint URL
#4002
terrancedejesus
closed
1 month ago
1
Refresh Integration Manifest and Schema
#4001
shashank-elastic
closed
1 month ago
3
Update ProblemChild detection rules with High and Low probability
#4000
sodhikirti07
closed
1 month ago
8
[Rule Tuning] Interactive Exec Command Launched Against A Running Container
#3999
damianfedeczko
opened
1 month ago
3
[Rule Tuning] RPC (Remote Procedure Call) from the Internet
#3998
willem-dhaese
closed
2 weeks ago
6
Lock versions for releases: 8.10,8.11,8.12,8.13,8.14,8.15
#3997
github-actions[bot]
closed
1 month ago
0
Remove unused @click.pass_context
#3996
shashank-elastic
closed
1 month ago
3
Lock versions for releases: 8.10,8.11,8.12,8.13,8.14,8.15
#3995
github-actions[bot]
closed
1 month ago
1
[Bug] Refreshing Latest Integration Schemas Breaks DGA
#3994
shashank-elastic
closed
1 month ago
0
Previous
Next