Skip to content

Issues: elastic/detection-rules

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

172 Open 1,286 Closed
172 Open 1,286 Closed
Author
Filter by author
Label
Filter by label
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Milestones
Filter by milestone
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

[Rule Tuning] Suspicious Web Browser Sensitive File Access community Rule: Tuning tweaking or tuning an existing rule
#3690 opened May 17, 2024 by ar3diu
1
[FR] [DAC] Use Rules Config Directories If None Specified Area: DED detections-as-code enhancement New feature or request python Internal python for the repository Team: TRADE
#3687 opened May 16, 2024 by eric-forte-elastic
1
@eric-forte-elastic
[FR][DAC] Unit Test Locked Version Support for Custom Config Area: DED enhancement New feature or request Team: TRADE
#3682 opened May 15, 2024 by eric-forte-elastic
1
@eric-forte-elastic
2
[FR] Integration Validation Refactoring enhancement New feature or request python Internal python for the repository
#3680 opened May 15, 2024 by eric-forte-elastic
@eric-forte-elastic
2
[FR][DAC] Consideration: add exceptions importing from ndjson detections-as-code enhancement New feature or request
#3674 opened May 14, 2024 by Mikaayenson
[New Rule] Possible Access Tokens Phishing via Device Code Login community Rule: New Proposal for new rule
#3665 opened May 13, 2024 by BreakingMhet
[FR] Add missing logs-system.security* to applicable security rules community enhancement New feature or request
#3661 opened May 11, 2024 by mbudge
@w0rk3r
[FR] Update Utility Path Computation to Use Pathlib Area: DED enhancement New feature or request python Internal python for the repository Team: TRADE
#3658 opened May 9, 2024 by eric-forte-elastic
1
@eric-forte-elastic
1
[Rule Tuning] Tampering of Shell Command-Line History Rule: Tuning tweaking or tuning an existing rule
#3648 opened May 6, 2024 by psanz-estc
@Aegrah
1
[Meta] Explore Microsoft Graph Activity Logs for Detections Area: DED Area: RAD Domain: Cloud Integration: Azure azure related rules Meta Team: TRADE
#3645 opened May 4, 2024 by terrancedejesus
[FR] New Terms Suppression Schema Updates Area: DED enhancement New feature or request python Internal python for the repository schema Team: TRADE
#3640 opened May 2, 2024 by eric-forte-elastic
@eric-forte-elastic
[FR][DAC] Consideration: DAC related CI/CD (GH actions) for syncing with Kibana detections-as-code enhancement New feature or request
#3626 opened Apr 29, 2024 by brokensound77
@Mikaayenson @eric-forte-elastic
[FR][DAC] Consideration: expose a callback function within kibana export-rules to organize the output detections-as-code enhancement New feature or request
#3625 opened Apr 27, 2024 by brokensound77
@Mikaayenson @eric-forte-elastic
[FR][DAC] Consideration: expose kql parse parameters for custom rules validation detections-as-code enhancement New feature or request
#3624 opened Apr 27, 2024 by brokensound77
@Mikaayenson @eric-forte-elastic
[FR][DAC] Consideration: add validation on exceptions values detections-as-code enhancement New feature or request
#3623 opened Apr 27, 2024 by brokensound77
@Mikaayenson @eric-forte-elastic
[FR][DAC] Add *LIMITED* support for version and revision to BaseRuleData detections-as-code enhancement New feature or request
#3620 opened Apr 27, 2024 by brokensound77
1
@Mikaayenson @eric-forte-elastic
[FR][DAC] add support for custom-schemas (BYOS) detections-as-code enhancement New feature or request
#3618 opened Apr 26, 2024 by brokensound77
1
@Mikaayenson @eric-forte-elastic
Threshold rule less than or checking when count is 0 Area: RAD community enhancement New feature or request
#3617 opened Apr 23, 2024 by kulbozz
@w0rk3r
[Rule Tuning] Very high false positive rate in 'Agent Spoofing - Multiple Hosts Using Same Agent' bug Something isn't working community
#3613 opened Apr 22, 2024 by jvalente-salemstate
1
[Rule Tuning] Azure Active Directory High Risk Sign-in => Also alert on failed community Rule: Tuning tweaking or tuning an existing rule
#3585 opened Apr 10, 2024 by willem-dhaese
@w0rk3r
[Bug] KQL fails to parse brackets and wildcards correctly Area: DED bug Something isn't working community Team: TRADE
#3582 opened Apr 7, 2024 by saiiman
1
@Mikaayenson @eric-forte-elastic
[FR] Better Error Messages for Schema Validation Area: DED enhancement New feature or request python Internal python for the repository
#3571 opened Apr 3, 2024 by eric-forte-elastic
1
[FR] Back-porting Version Trimming Area: DED enhancement New feature or request
#3563 opened Apr 2, 2024 by shashank-elastic
1
@shashank-elastic
5
[Rule Tuning] Potential SSH Brute Force Detected on Privileged Account community Rule: Tuning tweaking or tuning an existing rule
#3562 opened Apr 2, 2024 by willem-dhaese
@Aegrah
3
[Meta] Refactor Rule Formatter Area: DED enhancement New feature or request Meta python Internal python for the repository Team: TRADE
#3558 opened Apr 2, 2024 by Mikaayenson
ProTip! Find all open issues with in progress development work with linked:pr.