Skip to content

Issues: elastic/detection-rules

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

140 Open 1,446 Closed
140 Open 1,446 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

[Rule Tuning] Enumeration of Administrator Accounts community Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4461 opened Feb 13, 2025 by soc-sinstar
[Meta] MacOS Detection Rules Dilemma Meta OS: macOS Team: TRADE
#4456 opened Feb 11, 2025 by DefSecSentinel
@DefSecSentinel
Misleading Detection Rule Name community
#4454 opened Feb 10, 2025 by monkeyonbranch
@terrancedejesus
1
[Rule Tuning] Potential DLL Side-Loading via Trusted Microsoft Programs community Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4449 opened Feb 5, 2025 by tyler-mcadam
[Rule Tuning] Azure Entra Sign-in Brute Force against Microsoft 365 Accounts community Domain: SaaS Integration: Azure azure related rules Integration: Microsoft 365 Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4404 opened Jan 22, 2025 by jvalente-salemstate
1
@terrancedejesus
[Bug] Package v8.16.2 contains new rule versions without updates bug Something isn't working Team: TRADE
#4276 opened Dec 2, 2024 by banderror
@Mikaayenson @xcrzx @shashank-elastic
13
[Rule Tuning] RPC (Remote Procedure Call) from the Internet community Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4268 opened Nov 13, 2024 by SebastianHuettersen
1
3
[Rule Tuning] Azure Entra Sign-in Brute Force against Microsoft 365 Accounts backlog community Domain: Cloud Domain: SaaS Integration: Azure azure related rules Integration: Microsoft 365 Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4262 opened Nov 8, 2024 by willem-dhaese
@terrancedejesus
2
[Bug] Duplicate Alerts in ESQL Detection Rule with 24-Hour Look-Back Period and 5-Minute Interval backlog bug Something isn't working community Team: TRADE
#4250 opened Nov 5, 2024 by jorgecastro2
[Bug] exclude_export_details export flag also excludes exceptions and exception lists backlog bug Something isn't working community Team: TRADE
#4219 opened Oct 30, 2024 by Vexil-Derivative
[FR] CI Job to Sync ES|QL Custom Fields with Prebuilt Filterlist for Telemetry backlog enhancement New feature or request Team: TRADE
#4168 opened Oct 17, 2024 by terrancedejesus
3
[Investigation] CI Check for Minstacked Integration Schema Changes backlog enhancement New feature or request Team: TRADE
#4161 opened Oct 16, 2024 by Mikaayenson
@shashank-elastic
5
[New Rule][BBR] A user logged into Slack from a new country backlog Integration: Slack Rule: New Proposal for new rule Team: TRADE
#4138 opened Oct 3, 2024 by brokensound77
@brokensound77
1
[New Rule] A user has downloaded an excessive amount of files in Slack over a short period backlog Integration: Slack Rule: New Proposal for new rule Team: TRADE
#4137 opened Oct 3, 2024 by brokensound77
@brokensound77
3
[New Rule] A user previewed multiple Slack rooms without joining in a short period backlog Integration: Slack Rule: New Proposal for new rule Team: TRADE
#4136 opened Oct 3, 2024 by brokensound77
@brokensound77
1
[New Rule][BBR] A user previewed a Slack channel without joining backlog Integration: Slack Rule: New Proposal for new rule Team: TRADE
#4135 opened Oct 3, 2024 by brokensound77
@brokensound77
1
[New Rule] Excessive apps installed in Slack over short duration backlog Integration: Slack Rule: New Proposal for new rule Team: TRADE
#4134 opened Oct 3, 2024 by brokensound77
@brokensound77
1
[New Rule] An anomaly was detected with a Slack user backlog Integration: Slack Rule: New Proposal for new rule Team: TRADE
#4133 opened Oct 3, 2024 by brokensound77
@brokensound77
1
[New Rule] Multiple self adds to Google Workspace user groups in short succession backlog Rule: New Proposal for new rule Team: TRADE
#4131 opened Oct 2, 2024 by brokensound77
@brokensound77
1
[New Rule] Google Workspace User Group Access Modified to Allow External Access backlog Rule: New Proposal for new rule Team: TRADE
#4130 opened Oct 2, 2024 by brokensound77
@brokensound77
1
[New Rule] Multiple successive Google Workspace groups joined or requested to join in short succession backlog Rule: New Proposal for new rule Team: TRADE
#4129 opened Oct 2, 2024 by brokensound77
@brokensound77
1
[Rule Tuning] External User Added to Google Workspace Group backlog Integration: Google Workspace Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4128 opened Oct 2, 2024 by brokensound77
1
[New Rule] Searches for sensitive files via Google Workspace Cloud Search backlog Integration: Google Workspace Rule: New Proposal for new rule Team: TRADE
#4127 opened Oct 2, 2024 by brokensound77
2
[New hunt] A sensitive canary file was accessed in Google Workspace backlog Hunt: New Team: TRADE
#4125 opened Oct 2, 2024 by brokensound77
@brokensound77
1
[New hunt] All file activity by user and action in Google Workspace backlog Hunt: New Integration: Google Workspace Team: TRADE
#4124 opened Oct 2, 2024 by brokensound77
@brokensound77
1
ProTip! no:milestone will show everything without a milestone.