issues
search
elastic
/
detection-rules
https://www.elastic.co/guide/en/security/current/detection-engine-overview.html
Other
1.92k
stars
492
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
[Bug] [DAC] Import rules into repo loads exceptions without argument
#3893
eric-forte-elastic
closed
2 months ago
1
[New Rule] AWS S3 Bucket Server Access Logging Disabled
#3892
imays11
closed
2 months ago
1
[Bug] Unit Tests with Git Breaks CI workflows for Wiped Forked Repos
#3891
Mikaayenson
closed
2 months ago
4
[FR] Support new_terms schema import/export w/custom format
#3890
Mikaayenson
closed
2 months ago
5
[DaC] Beta Release
#3889
eric-forte-elastic
closed
2 months ago
3
[Bug] Fix typo in dataview variable
#3888
Mikaayenson
closed
2 months ago
0
[Rule Tuning] Suspicious DLL Loaded for Persistence or Privilege Escalation
#3887
w0rk3r
closed
2 months ago
1
[Bug] Hunting - Add UTF-8 Encoding for all Read and Write Operations
#3886
terrancedejesus
closed
2 months ago
1
[Rule Tuning] Updated setup guide
#3885
Aegrah
closed
2 months ago
3
[New Rule] Unsafe Docker Container Creation
#3884
Aegrah
closed
2 months ago
2
[New Rules] Docker Entrypoint Netcon / Nsenter Escape
#3883
Aegrah
closed
2 months ago
0
[New Rule] RPM Package Installed by Unusual Parent Process
#3882
Aegrah
closed
2 months ago
0
[FR] [DAC] Update docs
#3881
eric-forte-elastic
closed
2 months ago
0
Lock versions for releases: 8.9,8.10,8.11,8.12,8.13,8.14
#3880
github-actions[bot]
closed
3 months ago
1
[New Rules] DPKG Execution/Installation
#3879
Aegrah
closed
2 months ago
0
Fix Double Bump For Rule Microsoft Management Console File from Unusu…
#3878
shashank-elastic
closed
3 months ago
0
Lock versions for releases: 8.9,8.10,8.11,8.12,8.13,8.14
#3877
github-actions[bot]
closed
3 months ago
1
Lock versions for releases: 8.9,8.10,8.11,8.12,8.13,8.14
#3876
github-actions[bot]
closed
3 months ago
2
[Tuning & Changes] Misc rule/hunt tuning
#3875
Aegrah
closed
2 months ago
1
[Rule Tuning] Fix event.action conditions - AD Rules
#3874
w0rk3r
closed
3 months ago
0
[Bug] Persistence ssh key generation index pattern
#3873
joe-desimone
closed
3 months ago
1
[Bug] Normalize Hunting Index Link Generation
#3872
terrancedejesus
closed
3 months ago
4
[New Hunt] Persistence through System V Init
#3871
Aegrah
closed
3 months ago
0
[FR] [DAC] Add Exceptions Import Support for Kibana and ndjson
#3870
eric-forte-elastic
closed
2 months ago
0
[FR] [DAC] Import Exceptions from API Export and ndjson
#3869
eric-forte-elastic
closed
2 months ago
1
[Rule Tunings] Change `from` field to prevent double alerts
#3868
imays11
closed
2 months ago
0
[Rule Tunings] AWS Administrator Access Policy Attached Rules
#3867
imays11
closed
2 months ago
0
Unit Test to validate from field in toml file
#3866
shashank-elastic
closed
3 months ago
0
[Meta] Active Directory Certificate Services (AD CS) - Part 1
#3865
w0rk3r
opened
3 months ago
0
[New Rule] Potential PowerShell Obfuscated Script
#3864
w0rk3r
closed
3 months ago
1
[FR] Add support for Kibana Rule Type rule_default
#3863
eric-forte-elastic
closed
2 months ago
1
[FR] [DAC] Add exceptions importing from ndjson
#3862
eric-forte-elastic
closed
2 months ago
3
[New Rule] AWS S3 Object Encryption Using External KMS Key
#3861
imays11
closed
3 months ago
0
[Rule Tuning] Tune `Attempts to Brute Force a Microsoft 365 User Account`
#3860
terrancedejesus
closed
3 months ago
0
Update MITRE ATT&CK to v15.1.1.
#3859
protectionsmachine
closed
3 months ago
1
Update MITRE ATT&CK to
#3858
protectionsmachine
closed
3 months ago
0
[FR] [DAC] Add index_or_dataview Property
#3857
eric-forte-elastic
closed
3 months ago
2
[FR] Added Modify URL Preload Function
#3856
eric-forte-elastic
closed
3 months ago
0
[New] Sensitive Registry Hive Access via RegBack
#3855
Samirbous
closed
3 months ago
0
[Rule Tuning] Potential AWS S3 Bucket Ransomware Note Uploaded
#3854
terrancedejesus
closed
3 months ago
0
[FR] [DAC] Add support for CCS in Beats Validation
#3853
eric-forte-elastic
closed
3 months ago
0
[New Rule] AWS RDS Snapshot Deleted
#3852
imays11
closed
3 months ago
0
[New Rule] AWS RDS DB Instance or Cluster Deletion Protection Disabled
#3851
imays11
closed
3 months ago
0
[FR] Detection Rule PR Guidelines and Issue Forms
#3850
Mikaayenson
closed
3 months ago
0
[Rule Tuning] Tuning Google Workspace Rules and File Name Length Reduction
#3849
terrancedejesus
closed
3 months ago
0
[Rule Tuning] Unusual File Creation - Alternate Data Stream
#3848
w0rk3r
closed
3 months ago
0
[New Hunt] Add Initial Linux Hunting Files
#3847
terrancedejesus
closed
3 months ago
7
[FR] Update Release Workflow Token Naming
#3846
eric-forte-elastic
closed
3 weeks ago
8
Lock versions for releases: 8.9,8.10,8.11,8.12,8.13,8.14
#3845
github-actions[bot]
closed
3 months ago
0
[New Rule] AWS RDS DB Instance or Cluster Password Modified
#3844
imays11
closed
3 months ago
0
Previous
Next