Skip to content

Issues: elastic/detection-rules

Beta
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

147 Open 1,469 Closed
147 Open 1,469 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Rule suggestion process community
#4636 opened Apr 21, 2025 by richlv
[Rule Tuning] Suspicious Execution from a Mounted Device community Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4603 opened Apr 10, 2025 by kenza-ab
@w0rk3r
1
[FR] Include Timeline Templates export/import in the CLI such that they can be imported and exported together with rules like exceptions and action connectors community enhancement New feature or request Team: TRADE
#4588 opened Apr 1, 2025 by frederikb96
[FR] Handle Cases Where Kibana Duplicates Action Connectors community enhancement New feature or request Team: TRADE
#4576 opened Mar 28, 2025 by eric-forte-elastic
[Bug] Using the CLI to export esql (ES|QL) rules from Kibana results in ValidationError if using metadata according to documentation bug Something isn't working community Team: TRADE
#4575 opened Mar 27, 2025 by frederikb96
2
[Bug] CLI detection_rules kibana import-rules imports all exceptions and connectors if --rule-file or --rule-id is set bug Something isn't working community Team: TRADE
#4574 opened Mar 27, 2025 by frederikb96
1
[FR] GitHub URL inside rule description that points to GitHub location community enhancement New feature or request Team: TRADE
#4560 opened Mar 25, 2025 by CyberneticNomad-v808
2
[Bug] Investigate deprecated_rules.json discrepancies bug Something isn't working Team: TRADE
#4554 opened Mar 20, 2025 by w0rk3r
[FR] CLI function to check a cluster for Deprecated Rules enhancement New feature or request Team: TRADE
#4553 opened Mar 20, 2025 by w0rk3r
1
[Rule Tuning] A scheduled task was updated community Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4541 opened Mar 17, 2025 by EsbenSec
[FR] Make keeping up with commits easier for already modified rules community enhancement New feature or request Team: TRADE
#4536 opened Mar 14, 2025 by stryngs
[FR] Add Support for Python 3.13 community enhancement New feature or request python Internal python for the repository Team: TRADE
#4534 opened Mar 13, 2025 by eric-forte-elastic
[Bug] Missing Related Integrations and Required Fields for ESQL Rules bug Something isn't working Team: TRADE
#4506 opened Mar 3, 2025 by Mikaayenson
2
[New Rule] Cross-Platform Dev for Python Rules backlog Rule: New Proposal for new rule Team: TRADE
#4505 opened Mar 3, 2025 by Aegrah
[Meta] MacOS Detection Rules Dilemma Meta OS: macOS Team: TRADE
#4456 opened Feb 11, 2025 by DefSecSentinel
@DefSecSentinel
2
Misleading Detection Rule Name backlog community
#4454 opened Feb 10, 2025 by monkeyonbranch
@terrancedejesus
2
[Rule Tuning] Potential DLL Side-Loading via Trusted Microsoft Programs community Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4449 opened Feb 5, 2025 by tyler-mcadam
@Samirbous
3
[Rule Tuning] Azure Entra Sign-in Brute Force against Microsoft 365 Accounts community Domain: SaaS Integration: Azure azure related rules Integration: Microsoft 365 Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4404 opened Jan 22, 2025 by jvalente-salemstate
1
@terrancedejesus
2
[Bug] Package v8.16.2 contains new rule versions without updates bug Something isn't working Team: TRADE
#4276 opened Dec 2, 2024 by banderror
@nikitaindik
15
[Rule Tuning] RPC (Remote Procedure Call) from the Internet backlog community Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4268 opened Nov 13, 2024 by SebastianHuettersen
1
4
[Rule Tuning] Azure Entra Sign-in Brute Force against Microsoft 365 Accounts backlog community Domain: Cloud Domain: SaaS Integration: Azure azure related rules Integration: Microsoft 365 Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4262 opened Nov 8, 2024 by willem-dhaese
@terrancedejesus
2
[Bug] Duplicate Alerts in ESQL Detection Rule with 24-Hour Look-Back Period and 5-Minute Interval backlog bug Something isn't working community Team: TRADE
#4250 opened Nov 5, 2024 by jorgecastro2
[Bug] exclude_export_details export flag also excludes exceptions and exception lists backlog bug Something isn't working community Team: TRADE
#4219 opened Oct 30, 2024 by Vexil-Derivative
1
[FR] CI Job to Sync ES|QL Custom Fields with Prebuilt Filterlist for Telemetry backlog enhancement New feature or request Team: TRADE
#4168 opened Oct 17, 2024 by terrancedejesus
3
[New Rule][BBR] A user logged into Slack from a new country backlog Integration: Slack Rule: New Proposal for new rule Team: TRADE
#4138 opened Oct 3, 2024 by brokensound77
@brokensound77
1
ProTip! Type g i on any issue or pull request to go back to the issue listing page.