issues
search
elastic
/
detection-rules
https://www.elastic.co/guide/en/security/current/detection-engine-overview.html
Other
1.92k
stars
492
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
react_sync_rta_updates_3793
#3943
protectionsmachine
closed
2 months ago
1
react_sync_rta_updates_3791
#3942
protectionsmachine
closed
2 months ago
1
react_sync_rta_updates_3786
#3941
protectionsmachine
closed
2 months ago
1
react_sync_rta_updates_3788
#3940
protectionsmachine
closed
2 months ago
1
[Rule Tuning] Missing winlogbeat index in Windows DRs
#3939
willem-dhaese
closed
2 months ago
8
react_sync_rta_updates_3783
#3938
protectionsmachine
closed
2 months ago
1
react_sync_rta_updates_3784
#3937
protectionsmachine
closed
2 months ago
1
[Bug] Building wheels failed in self hosted runner [windows]
#3936
sohamwaglekar
closed
2 months ago
1
[Rule Tuning] Microsoft IIS Service Account Password Dumped
#3935
w0rk3r
closed
2 months ago
1
[Rule Tuning] Potential Password Spraying of Microsoft 365 User Accounts
#3934
janniten
opened
2 months ago
0
[Rule Tuning] System Binary Moved or Copied
#3933
Aegrah
closed
2 months ago
1
[Rule Tuning] Agent Spoofing - Multiple Hosts Using Same Agent
#3932
tehbooom
opened
2 months ago
0
[Rule Tuning] Removed Endgame from Incompatible Rules
#3931
Aegrah
closed
2 months ago
1
[New Rule] Openssl Client or Server Activity
#3930
Aegrah
closed
1 month ago
1
[Tuning] Executable Bit Set for Potential Persistence Script
#3929
Aegrah
closed
2 months ago
1
[New Rule] Potential Relay Attack against a Domain Controller
#3928
w0rk3r
closed
2 months ago
1
Lock versions for releases: 8.10,8.11,8.12,8.13,8.14,8.15
#3927
github-actions[bot]
closed
2 months ago
1
Lock versions for releases: 8.10,8.11,8.12,8.13,8.14,8.15
#3926
github-actions[bot]
closed
2 months ago
0
Update Rule Min stack
#3925
shashank-elastic
closed
2 months ago
1
Lock versions for releases: 8.10,8.11,8.12,8.13,8.14,8.15
#3924
github-actions[bot]
closed
2 months ago
1
[New Rule] AWS IAM User or Role Created Cloudformation Stack for First Time
#3923
imays11
closed
2 months ago
1
[New Rule] AWS EC2 Instance Console Login via Assumed Role
#3922
imays11
closed
2 months ago
1
[Bug] [DAC] Fix Bug where Validates Data Applies to All Rules
#3921
eric-forte-elastic
closed
2 months ago
2
[New Rule] AWS EC2 Instance Interaction with IAM Service
#3920
imays11
closed
2 months ago
1
Prep for next release 8.16
#3919
shashank-elastic
closed
2 months ago
1
[New] Execution via Windows Command Debugging Utility
#3918
Samirbous
closed
3 weeks ago
1
[New Rule] Active Directory Forced Authentication from Linux Host - SMB Named Pipes
#3917
w0rk3r
closed
2 months ago
1
[New Rule] Potential Forced Authentication - SMB Named Pipes
#3916
w0rk3r
opened
2 months ago
1
Revert "Prep for next release 8.16"
#3915
shashank-elastic
closed
2 months ago
1
Prep for next release 8.16
#3914
shashank-elastic
closed
2 months ago
1
Prep for Release 8.16
#3913
shashank-elastic
closed
2 months ago
1
[New Rule] Active Directory Forced Authentication from Linux Host
#3912
w0rk3r
opened
2 months ago
2
Add Data Source: System tag to security rules which have logs-system.security* or logs-system.* index pattern [FR]
#3911
mbudge
closed
2 months ago
0
[New Rule] AWS IAM CompromisedKeyQuarantine Policy Attached to User
#3910
imays11
closed
2 months ago
1
Create test_rule_01.toml
#3909
vmelastic
closed
2 months ago
1
[New Rule] Potential WSUS Abuse for Lateral Movement
#3908
w0rk3r
closed
2 months ago
1
[FR] Adopt DAC with current ruleset
#3907
acumen-kevinr
closed
2 months ago
2
[Deprecation] AWS EC2 Snapshot Activity
#3906
imays11
opened
2 months ago
2
[Rule Tuning] Misc. DR Rule Tuning - Part 2
#3905
Aegrah
closed
2 months ago
1
[Rule Tuning] Misc. DR Rule Tuning
#3904
Aegrah
closed
2 months ago
1
[Rule Tuning] PowerShell Rule Review & Tuning
#3903
w0rk3r
closed
2 months ago
1
Remove Rule:Promotion labels and add other relavent labels
#3902
shashank-elastic
closed
2 months ago
0
[tuning] Connection to Commonly Abused Web Services
#3901
Samirbous
closed
2 months ago
1
[New Rule] Service DACL Modification via sc.exe
#3900
w0rk3r
closed
2 months ago
1
Replicating User Error [[ Do not Merge ]]
#3899
shashank-elastic
closed
2 months ago
0
[Rule Tuning] Tuning AWS Rules for SAML Provider Updates and Assumed Roles via STS
#3898
terrancedejesus
closed
1 month ago
2
[FR] Generate Release Docs for deprecated Rules
#3897
shashank-elastic
opened
2 months ago
2
[New Rules] Git Hook execution/netcon
#3896
Aegrah
closed
2 months ago
1
[New Rule] AWS S3 Bucket Replicated to Another Account
#3895
imays11
closed
2 months ago
1
[New Rule] AWS S3 Object Versioning Suspended
#3894
imays11
closed
2 months ago
1
Previous
Next