Skip to content

Issues: elastic/detection-rules

Beta
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

147 Open 1,469 Closed
147 Open 1,469 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

[Rule Tuning] Agent Spoofing - Multiple Hosts Using Same Agent backlog community Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#3932 opened Jul 30, 2024 by tehbooom
[Deprecation] AWS EC2 Snapshot Activity backlog Domain: Cloud Integration: AWS AWS related rules Rule: Deprecation removal of a rule Team: TRADE
#3906 opened Jul 18, 2024 by imays11
@imays11
2
[Meta] Active Directory Certificate Services (AD CS) - Part 1 backlog Domain: Endpoint Meta OS: Windows windows related rules Team: TRADE
#3865 opened Jul 3, 2024 by w0rk3r
@w0rk3r
[Meta] EvilNoVNC Threat Detection Coverage Assessment backlog Domain: Cloud Domain: SaaS Meta Team: TRADE
#3787 opened Jun 13, 2024 by terrancedejesus
[FR][DAC] Consideration: Add CLI commands for deprecate / disable rules backlog detections-as-code enhancement New feature or request Team: TRADE
#3786 opened Jun 12, 2024 by eric-forte-elastic
1
[FR][DAC] Consideration: Add support for exceptions APIs in Kibana module backlog detections-as-code enhancement New feature or request kibana-module related to the kibana module
#3785 opened Jun 12, 2024 by brokensound77
[Meta] Add Auth0 Prebuilt Threat Detection Ruleset backlog Meta Team: TRADE
#3780 opened Jun 11, 2024 by terrancedejesus
@terrancedejesus
1
[Rule Tuning] O365 Exchange Suspicious Mailbox Right Delegation backlog community Rule: Tuning tweaking or tuning an existing rule
#3775 opened Jun 11, 2024 by willemri
@terrancedejesus
2
[FR] Revisit Filter Schema for Removal or Extension backlog enhancement New feature or request python Internal python for the repository schema
#3773 opened Jun 10, 2024 by Mikaayenson
[New Rule] Suspicious Okta Cross-Origin Authentication backlog Domain: Cloud Domain: SaaS Integration: Okta okta related rules Rule: New Proposal for new rule
#3769 opened Jun 10, 2024 by terrancedejesus
@terrancedejesus
3
[Meta] Okta Detection Coverage for Cross-Origin Authentication Credential Stuffing backlog Integration: Okta okta related rules Team: TRADE
#3723 opened May 30, 2024 by terrancedejesus
@terrancedejesus
[New Rule] Elastic Agent status not validated backlog Domain: Endpoint esql ES|QL OS: Linux OS: macOS OS: Windows windows related rules Rule: New Proposal for new rule
#3719 opened May 29, 2024 by peasead
@peasead
4
[Bug] O365 Exchange Suspicious Mailbox Right Delegation - False Positives for "NT AUTHORITY\SYSTEM (Microsoft.Exchange.ServiceHost)" backlog bug Something isn't working community
#3702 opened May 22, 2024 by willem-dhaese
@terrancedejesus
[FR][DAC] Consideration: Explore packaging when bypassing the version lock backlog detections-as-code enhancement New feature or request
#3696 opened May 20, 2024 by Mikaayenson
2
[Meta] Integration Validation Refactoring backlog enhancement New feature or request Meta python Internal python for the repository
#3680 opened May 15, 2024 by eric-forte-elastic
6
[Rule Tuning] Tampering of Shell Command-Line History backlog Rule: Tuning tweaking or tuning an existing rule
#3648 opened May 6, 2024 by psanz-estc
@Aegrah
1
[Meta] Explore Microsoft Graph Activity Logs for Detections backlog Domain: Cloud Integration: Azure azure related rules Meta Team: TRADE
#3645 opened May 4, 2024 by terrancedejesus
@terrancedejesus
1
[FR][DAC] Consideration: DAC related CI/CD (GH actions) for syncing with Kibana backlog detections-as-code enhancement New feature or request
#3626 opened Apr 29, 2024 by brokensound77
1
[FR][DAC] Consideration: expose a callback function within kibana export-rules to organize the output backlog detections-as-code enhancement New feature or request
#3625 opened Apr 27, 2024 by brokensound77
1
[FR][DAC] Add validation on exceptions values backlog detections-as-code enhancement New feature or request
#3623 opened Apr 27, 2024 by brokensound77
2
[Rule Tuning] Azure Active Directory High Risk Sign-in => Also alert on failed backlog community Domain: Cloud Integration: Azure azure related rules Rule: Tuning tweaking or tuning an existing rule
#3585 opened Apr 10, 2024 by willem-dhaese
@terrancedejesus
[Bug] KQL fails to parse brackets and wildcards correctly bug Something isn't working community kql related to the kql module Team: TRADE
#3582 opened Apr 7, 2024 by saiiman
1
@eric-forte-elastic
[FR] Better Error Messages for Schema Validation backlog enhancement New feature or request python Internal python for the repository
#3571 opened Apr 3, 2024 by eric-forte-elastic
2
[Meta] Refactor Rule Formatter backlog enhancement New feature or request Meta python Internal python for the repository Team: TRADE
#3558 opened Apr 2, 2024 by Mikaayenson
1
[Meta] Refactor Rule Create and Importer Logic backlog enhancement New feature or request Meta python Internal python for the repository Team: TRADE
#3557 opened Apr 2, 2024 by Mikaayenson
2
ProTip! Follow long discussions with comments:>50.