Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Pull requests: elastic/detection-rules

New pull request New
31 Open 3,322 Closed
31 Open 3,322 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

[Tuning] Startup or Run Key Registry Modification backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#5137 opened Sep 18, 2025 by Samirbous Loading…
5
[New Rule] Entra ID Actor Token User Impersonation Abuse backport: auto Domain: Cloud Domain: Identity Integration: Azure azure related rules Rule: New Proposal for new rule
#5136 opened Sep 18, 2025 by terrancedejesus Loading…
5 tasks
1
@terrancedejesus
1
[Rule Tuning] Mark some field optional for 3rd party compatibility backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#5135 opened Sep 18, 2025 by w0rk3r Loading…
@w0rk3r
2
[Rule Tuning] Suspicious PowerShell Engine ImageLoad backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#5134 opened Sep 18, 2025 by w0rk3r Loading…
@w0rk3r
2
[New Rule] Node.js Pre or Post-Install Script Execution backport: auto Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#5131 opened Sep 18, 2025 by Aegrah Loading…
@Aegrah
2
[New Rule] GitHub Authentication Token Access via Node.js backport: auto Domain: Endpoint emerging-threat OS: Linux Rule: New Proposal for new rule Team: TRADE
#5130 opened Sep 18, 2025 by Aegrah Loading…
@Aegrah
2
[New Rule] Credential Access via TruffleHog Execution backport: auto Domain: Endpoint emerging-threat OS: Linux OS: macOS OS: Windows windows related rules Rule: New Proposal for new rule Team: TRADE
#5129 opened Sep 18, 2025 by Aegrah Loading…
@Aegrah
7
[Bug] Point test_schemas ES|QL to tests/data backport: auto community
#5127 opened Sep 18, 2025 by 17cell Loading…
3
Update dependency pyflakes to v3.4.0 backport: auto community
#5126 opened Sep 17, 2025 by elastic-renovate-prod bot Loading…
1 task
[Rule Tuning] Linux DR Tuning - 1 OS: Linux Team: TRADE
#5122 opened Sep 16, 2025 by Aegrah Draft
@Aegrah
3
Update dependency pre-commit to v3.8.0 backport: auto community
#5121 opened Sep 16, 2025 by elastic-renovate-prod bot Loading…
1 task
Update dependency pep8-naming to v0.15.1 backport: auto community
#5120 opened Sep 16, 2025 by elastic-renovate-prod bot Loading…
1 task
Update dependency nodeenv to v1.9.1 backport: auto community
#5117 opened Sep 16, 2025 by elastic-renovate-prod bot Loading…
1 task
[New Rule] Azure RBAC Built-In Administrator Roles Assigned backport: auto Domain: Cloud Domain: Identity Integration: Azure azure related rules Rule: New Proposal for new rule
#5113 opened Sep 15, 2025 by terrancedejesus Loading…
5 tasks
1
@terrancedejesus
3
[Rule Tuning] Microsoft Entra ID Elevated Access to User Access Administrator backport: auto Domain: Cloud Domain: Identity Integration: Azure azure related rules Rule: Tuning tweaking or tuning an existing rule
#5107 opened Sep 15, 2025 by terrancedejesus Loading…
5 tasks
1
@terrancedejesus
1
Update dependency marko to v2.2.0 backport: auto community
#5103 opened Sep 14, 2025 by elastic-renovate-prod bot Loading…
1 task
Update dependency flake8 to v7.3.0 backport: auto community
#5102 opened Sep 14, 2025 by elastic-renovate-prod bot Loading…
1 task
Update dependency elasticsearch to ~=8.19.0 backport: auto community
#5100 opened Sep 12, 2025 by elastic-renovate-prod bot Loading…
1 task
Update dependency PyGithub to v2.8.1 backport: auto community
#5099 opened Sep 12, 2025 by elastic-renovate-prod bot Loading…
1 task
Update dependency Click to ~=8.2.1 backport: auto community
#5098 opened Sep 12, 2025 by elastic-renovate-prod bot Loading…
1 task
Update tj-actions/changed-files action to v46.0.5 backport: auto community
#5097 opened Sep 12, 2025 by elastic-renovate-prod bot Loading…
1 task
[Rule Tuning] Azure AD Global Administrator Role Assigned backport: auto Domain: Cloud Domain: Identity Integration: Azure azure related rules Rule: Tuning tweaking or tuning an existing rule
#5090 opened Sep 11, 2025 by terrancedejesus Loading…
5 tasks
1
@terrancedejesus
2
CLI next gen - timeline templates, value lists, and more backport: auto community python Internal python for the repository
#5042 opened Aug 30, 2025 by frederikb96 Loading…
2
[Rule Tuning] Standardize Azure / M365 Rule Contents backport: auto
#5035 opened Aug 28, 2025 by terrancedejesus Draft
5 tasks
1
10
feat: ESQL query validation against Elastic cluster backport: auto enhancement New feature or request esql ES|QL Hunting minor python Internal python for the repository test-suite unit and other testing components
#4955 opened Aug 1, 2025 by traut Draft
5 tasks
@eric-forte-elastic
60
ProTip! Type g i on any issue or pull request to go back to the issue listing page.