elastic / detection-rules Public

Notifications
Fork 223
Star 983

Code
Issues 59
Pull requests 9
Actions
Security
Insights

Code
Issues
Pull requests
Actions
Security
Insights

Labels 68 Milestones 0

New pull request New

9 Open 937 Closed

Author

Filter by author

Label

Filter by label

Use alt + click/return to exclude labels

or ⇧ + click/return for logical OR

Projects

Filter by project

Milestones

Filter by milestone

Reviews

Filter by reviews

No reviews Review required Approved review Changes requested

Assignee

Filter by who’s assigned

Sort

Sort by

Newest Oldest Most commented Least commented Recently updated Least recently updated

Most reactions

[Rule Tuning] Volume Shadow Copy Deleted or Resized via VssAdmin - Sysmon

backport: auto Domain: Endpoint OS: Windows Rule: Tuning

#1757 opened Feb 4, 2022 by w0rk3r • Review required

[New Rule] Multiple MITRE tactics detected on a host

backport: auto blocked

#1755 opened Feb 3, 2022 by SHolzhauer • Draft

[New Rule] AWS RDS data exfiltration using snapshot share

backport: auto Domain: Cloud Integration: AWS

#1754 opened Feb 3, 2022 by SHolzhauer • Review required

[DRAFT] Updating Host Risk Score docs

backport: auto

#1716 opened Jan 24, 2022 by ajosh0504 • Review required

[Rule Tuning] Updating Rules to Reflect V3 Unsupervised ML Jobs

backport: auto ML Rule: Tuning

#1711 opened Jan 19, 2022 by dishadasgupta • Review required

[Documentation] Fix O365 Integration name on Rules and Unit Test

backport: auto documentation Domain: Cloud Integration: Microsoft 365 Rule: Tuning

#1684 opened Jan 6, 2022 by w0rk3r • Approved

[New Rule] Azure Subscription Permission Elevation

backport: auto Domain: Cloud Integration: Azure Rule: New

#1665 opened Dec 15, 2021 by austinsonger • Review required

[Rule Tuning] Fix Interactive Terminal Spawned via Perl bypasses

backport: auto blocked Domain: Endpoint OS: Linux Rule: Tuning

#1654 opened Dec 7, 2021 by youghourta007 • Review required

[eql2kql] fix wildcard bug

backport: auto community python

#1507 opened Sep 28, 2021 by AbdelMoumene-Hadfi • Review required

ProTip! Updated in the last three days: updated:>2022-02-02.

Jan	FEB	Mar
	06
2021	2022	2023