Skip to content

Issues: elastic/detection-rules

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

147 Open 1,427 Closed
147 Open 1,427 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

[FR] Support Alert Suppression for EQL Sequences in 8.18 enhancement New feature or request Team: TRADE
#4326 opened Dec 19, 2024 by Mikaayenson
[Rule Tuning] persistence_via_cron Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4316 opened Dec 19, 2024 by farbod-sec
@Aegrah
Ensure that all historical rule versions are included in the prebuilt rules package bug Something isn't working Team: TRADE
#4312 opened Dec 17, 2024 by xcrzx
@shashank-elastic
Include all historical rule versions in the prebuilt rules package bug Something isn't working Team: TRADE
#4311 opened Dec 17, 2024 by xcrzx
@shashank-elastic
[Rule Tuning] login_activity_by_source_address.toml Hunt: Tuning OS: Linux Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4287 opened Dec 9, 2024 by farbod-sec
@Aegrah
2
[Bug] [DaC] Metadata maturity field default mismatch and poor enforcement of rule naming conventions bug Something isn't working Team: TRADE
#4282 opened Dec 4, 2024 by eric-forte-elastic
1
@eric-forte-elastic
1
[Bug] Package v8.16.2 contains new rule versions without updates bug Something isn't working Team: TRADE
#4276 opened Dec 2, 2024 by banderror
@Mikaayenson @xcrzx @shashank-elastic
13
[Rule Tuning] RPC (Remote Procedure Call) from the Internet community Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4268 opened Nov 13, 2024 by SebastianHuettersen
1
1
[Rule Tuning] Azure Entra Sign-in Brute Force against Microsoft 365 Accounts community Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4262 opened Nov 8, 2024 by willem-dhaese
[Bug] Duplicate Alerts in ESQL Detection Rule with 24-Hour Look-Back Period and 5-Minute Interval bug Something isn't working community Team: TRADE
#4250 opened Nov 5, 2024 by jorgecastro2
[Rule Tuning] Potential OpenSSH Backdoor Logging Activity Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4248 opened Nov 5, 2024 by frconil
@Aegrah
[Bug] exclude_export_details export flag also excludes exceptions and exception lists bug Something isn't working community Team: TRADE
#4219 opened Oct 30, 2024 by Vexil-Derivative
[Rule Tuning] SMB Connections via LOLBin or Untrusted Process Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4218 opened Oct 30, 2024 by Mikaayenson
@w0rk3r @Aegrah
[Investigation] CI Check for Minstacked Integration Schema Changes backlog enhancement New feature or request Team: TRADE
#4161 opened Oct 16, 2024 by Mikaayenson
@shashank-elastic
1
[Investigation] Smart Limits for Detection Rules enhancement New feature or request Team: TRADE
#4150 opened Oct 11, 2024 by Mikaayenson
@Mikaayenson @shashank-elastic
9
[Meta] WMI Rules using Elastic Defend WMI Events backlog Meta OS: Windows windows related rules Team: TRADE
#4143 opened Oct 8, 2024 by Samirbous
@Samirbous
[New Rule][BBR] A user logged into Slack from a new country backlog Integration: Slack Rule: New Proposal for new rule Team: TRADE
#4138 opened Oct 3, 2024 by brokensound77
@brokensound77
1
[New Rule] A user has downloaded an excessive amount of files in Slack over a short period Integration: Slack Rule: New Proposal for new rule Team: TRADE
#4137 opened Oct 3, 2024 by brokensound77
@brokensound77
1
[New Rule] A user previewed multiple Slack rooms without joining in a short period backlog Integration: Slack Rule: New Proposal for new rule Team: TRADE
#4136 opened Oct 3, 2024 by brokensound77
@brokensound77
1
[New Rule][BBR] A user previewed a Slack channel without joining backlog Integration: Slack Rule: New Proposal for new rule Team: TRADE
#4135 opened Oct 3, 2024 by brokensound77
@brokensound77
1
[New Rule] Excessive apps installed in Slack over short duration backlog Integration: Slack Rule: New Proposal for new rule Team: TRADE
#4134 opened Oct 3, 2024 by brokensound77
@brokensound77
1
[New Rule] An anomaly was detected with a Slack user Integration: Slack Rule: New Proposal for new rule Team: TRADE
#4133 opened Oct 3, 2024 by brokensound77
@brokensound77
1
[New Rule] Multiple self adds to Google Workspace user groups in short succession Rule: New Proposal for new rule Team: TRADE
#4131 opened Oct 2, 2024 by brokensound77
@brokensound77
1
[New Rule] Google Workspace User Group Access Modified to Allow External Access Rule: New Proposal for new rule Team: TRADE
#4130 opened Oct 2, 2024 by brokensound77
@brokensound77
1
[New Rule] Multiple successive Google Workspace groups joined or requested to join in short succession Rule: New Proposal for new rule Team: TRADE
#4129 opened Oct 2, 2024 by brokensound77
@brokensound77
1
ProTip! Updated in the last three days: updated:>2024-12-26.