Skip to content

issues Search Results · repo:elastic/detection-rules language:Python

Filter by

1k results
 (56 ms)

1k results

inelastic/detection-rules (press backspace or delete to remove)

elastic/detection-rules
[Rule Tuning] Potential DLL Side-Loading via Trusted Microsoft Programs

Link to Rule https://github.com/elastic/detection-rules/blob/main/rules/windows/defense_evasion_execution_suspicious_explorer_winword.toml Rule Tuning Type None Description It seems that there is ...
community
Rule: Tuning
Team: TRADE
  • beninsh
  • 2
  • Opened 
    6 days ago
  • #4611

elastic/detection-rules
[Rule Tuning] Suspicious Execution from a Mounted Device

Link to Rule https://github.com/elastic/detection-rules/blob/3b1f780435a41c9bcbf27609ec234700c27736fb/rules/windows/defense_evasion_suspicious_execution_from_mounted_device.toml#L17 Rule Tuning Type ...
community
Rule: Tuning
Team: TRADE
  • kenza-ab
  • Opened 
    10 days ago
  • #4603

elastic/detection-rules
[Bug] Rule Remote File Download via PowerShell

Describe the Bug Rule uses the field user.id to exclude SYSTEM accounts: ... and not user.id : S-1-5-18 However, events logged by Sysmon frequently set user.id as SYSTEM (S-1-5-18) regardless of the ...
bug
community
Team: TRADE
  • p1kusmie
  • 1
  • Opened 
    16 days ago
  • #4597

elastic/detection-rules
[FR] Include Timeline Templates export/import in the CLI such that they can be imported and exported together with rules like exceptions and action connectors

Repository Feature None Problem Description Currently, timeline templates are referenced by id and name in the exported rule files. However, the tempalte itself is not exported/cannot be imported via ...
community
enhancement
Team: TRADE
  • frederikb96
  • Opened 
    19 days ago
  • #4588

elastic/detection-rules
STRETCH: Ingest Pipelines to parse basic SDDL

  • w0rk3r
  • Opened 
    20 days ago
  • #4587

elastic/detection-rules
Ship detections and hunting queries

  • w0rk3r
  • Opened 
    20 days ago
  • #4586

elastic/detection-rules
Document and do it

  • w0rk3r
  • Opened 
    20 days ago
  • #4585

elastic/detection-rules
Read the whitepaper and decide on scenarios that can be simulated with low to medium effort

  • w0rk3r
  • Opened 
    20 days ago
  • #4584

elastic/detection-rules
[FR] Update Detection Rules MITRE Workflow to SHA Pin

Repository Feature Core Repo - (rule management, validation, testing, lib, cicd, etc.) Problem Description Summary We should update our workflow to follow Github best practices pining actions to a ...
enhancement
Team: TRADE
  • eric-forte-elastic
  • Opened 
    23 days ago
  • #4580

elastic/detection-rules
[FR] Add a Flag to Drop creation_date and updated_date when Importing Rules

Repository Feature Detections-as-Code (DaC) - (primarily custom rule management) Problem Description From one of our community members: Dropping creation_date and updated_date metadata fields? Could ...
community
enhancement
Team: TRADE
  • eric-forte-elastic
  • Opened 
    24 days ago
  • #4578
Issue origami icon

Learn how you can use GitHub Issues to plan and track your work.

Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub Issues
ProTip! 
Restrict your search to the title by using the in:title qualifier.
Issue origami icon

Learn how you can use GitHub Issues to plan and track your work.

Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub Issues
ProTip! 
Restrict your search to the title by using the in:title qualifier.
Issue search results · GitHub