Skip to content

Issues: elastic/detection-rules

Beta
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear current search query, filters, and sorts
22 Open 619 Closed
22 Open 619 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

[Rule Tuning] Potential Ransomware Behavior - High count of Readme files by System Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4653 opened Apr 24, 2025 by w0rk3r
@w0rk3r
[Rule Tuning] Reduce Severity from Critical to High backport: auto Rule: Tuning tweaking or tuning an existing rule
#4637 opened Apr 22, 2025 by w0rk3r Loading…
@w0rk3r
4
Rule suggestion process community
#4636 opened Apr 21, 2025 by richlv
@w0rk3r
2
[New Rule] Potential Dynamic IEX Reconstruction via Environment Variables backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#4633 opened Apr 16, 2025 by w0rk3r Loading…
@w0rk3r
2
[New Rule] Potential PowerShell Obfuscation via Special Character Overuse backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#4632 opened Apr 16, 2025 by w0rk3r Loading…
@w0rk3r
3
[New Rule] Potential PowerShell Obfuscation via High Numeric Character Proportion backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#4631 opened Apr 16, 2025 by w0rk3r Loading…
@w0rk3r
2
[New Rule] Potential PowerShell Obfuscation via Backtick-Escaped Variable Expansion backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#4630 opened Apr 16, 2025 by w0rk3r Loading…
@w0rk3r
2
[New Rule][BBR] Potential PowerShell Obfuscation via High Special Character Proportion backport: auto bbr Building Block Rules Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#4629 opened Apr 16, 2025 by w0rk3r Loading…
@w0rk3r
3
[New Rule] Potential PowerShell Obfuscation via Concatenated Dynamic Command Invocation backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#4615 opened Apr 15, 2025 by w0rk3r Loading…
@w0rk3r
2
[New Rule] Potential PowerShell Obfuscation via Invalid Escape Sequences backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#4614 opened Apr 15, 2025 by w0rk3r Loading…
@w0rk3r
6
[New Rule] PowerShell Obfuscation via Negative Index String Reversal backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#4610 opened Apr 14, 2025 by w0rk3r Loading…
@w0rk3r
6
[New Rule] Potential PowerShell Obfuscation via Reverse Keywords backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#4609 opened Apr 14, 2025 by w0rk3r Loading…
@w0rk3r
6
[New Rule] Potential PowerShell Obfuscation via Character Array Reconstruction backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#4608 opened Apr 14, 2025 by w0rk3r Loading…
@w0rk3r
7
[New Rule] Potential PowerShell Obfuscation via String Concatenation backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#4607 opened Apr 14, 2025 by w0rk3r Loading…
@w0rk3r
6
[Rule Tuning] Suspicious Execution from a Mounted Device community Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4603 opened Apr 10, 2025 by kenza-ab
@w0rk3r
1
[Security Content] Windows Audit Policies Config Guides - Repo Edition backport: auto Domain: Endpoint OS: Windows windows related rules Security Content
#4501 opened Feb 26, 2025 by w0rk3r Loading…
@w0rk3r
1
[Security Content] Basic EDR Setup Guides - Phase 1 backport: auto Domain: Endpoint OS: Windows windows related rules Security Content
#4492 opened Feb 24, 2025 by w0rk3r Draft
@w0rk3r
4
[New Rule] Active Directory Forced Authentication from Linux Host backlog backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#3912 opened Jul 22, 2024 by w0rk3r Draft
@w0rk3r
15
[Meta] Active Directory Certificate Services (AD CS) - Part 1 backlog Domain: Endpoint Meta OS: Windows windows related rules Team: TRADE
#3865 opened Jul 3, 2024 by w0rk3r
@w0rk3r
[Meta] Linux Active Directory Tooling detection backlog Meta OS: Linux Team: TRADE
#3523 opened Mar 20, 2024 by w0rk3r
@w0rk3r
1
[Meta] Explore Detection Opportunities on Active Directory Object Ownership issues backlog Meta OS: Windows windows related rules Team: TRADE
#3522 opened Mar 20, 2024 by w0rk3r
4 tasks
@w0rk3r
2
[New Rule] Suspicious WebDav Client Execution backlog community Rule: New Proposal for new rule
#2649 opened Mar 17, 2023 by willemdh
@w0rk3r
1
ProTip! Type g i on any issue or pull request to go back to the issue listing page.