Issues: elastic/detection-rules
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
[Rule Tuning] Suspicious Web Browser Sensitive File Access
community
Rule: Tuning
tweaking or tuning an existing rule
#3690
opened May 17, 2024 by
ar3diu
[FR] [DAC] Use Rules Config Directories If None Specified
Area: DED
detections-as-code
enhancement
New feature or request
python
Internal python for the repository
Team: TRADE
#3687
opened May 16, 2024 by
eric-forte-elastic
[FR][DAC] Unit Test Locked Version Support for Custom Config
Area: DED
enhancement
New feature or request
Team: TRADE
#3682
opened May 15, 2024 by
eric-forte-elastic
[FR] Integration Validation Refactoring
enhancement
New feature or request
python
Internal python for the repository
#3680
opened May 15, 2024 by
eric-forte-elastic
[FR][DAC] Consideration: add exceptions importing from ndjson
detections-as-code
enhancement
New feature or request
#3674
opened May 14, 2024 by
Mikaayenson
[New Rule] Possible Access Tokens Phishing via Device Code Login
community
Rule: New
Proposal for new rule
#3665
opened May 13, 2024 by
BreakingMhet
[FR] Add missing logs-system.security* to applicable security rules
community
enhancement
New feature or request
#3661
opened May 11, 2024 by
mbudge
[FR] Update Utility Path Computation to Use Pathlib
Area: DED
enhancement
New feature or request
python
Internal python for the repository
Team: TRADE
#3658
opened May 9, 2024 by
eric-forte-elastic
[Rule Tuning] Tampering of Shell Command-Line History
Rule: Tuning
tweaking or tuning an existing rule
#3648
opened May 6, 2024 by
psanz-estc
[Meta] Explore Microsoft Graph Activity Logs for Detections
Area: DED
Area: RAD
Domain: Cloud
Integration: Azure
azure related rules
Meta
Team: TRADE
#3645
opened May 4, 2024 by
terrancedejesus
[FR] New Terms Suppression Schema Updates
Area: DED
enhancement
New feature or request
python
Internal python for the repository
schema
Team: TRADE
#3640
opened May 2, 2024 by
eric-forte-elastic
[FR][DAC] Consideration: DAC related CI/CD (GH actions) for syncing with Kibana
detections-as-code
enhancement
New feature or request
#3626
opened Apr 29, 2024 by
brokensound77
[FR][DAC] Consideration: expose a callback function within New feature or request
kibana export-rules
to organize the output
detections-as-code
enhancement
#3625
opened Apr 27, 2024 by
brokensound77
[FR][DAC] Consideration: expose kql parse parameters for custom rules validation
detections-as-code
enhancement
New feature or request
#3624
opened Apr 27, 2024 by
brokensound77
[FR][DAC] Consideration: add validation on exceptions values
detections-as-code
enhancement
New feature or request
#3623
opened Apr 27, 2024 by
brokensound77
[FR][DAC] Add *LIMITED* support for New feature or request
version
and revision
to BaseRuleData
detections-as-code
enhancement
#3620
opened Apr 27, 2024 by
brokensound77
[FR][DAC] add support for custom-schemas (BYOS)
detections-as-code
enhancement
New feature or request
#3618
opened Apr 26, 2024 by
brokensound77
Threshold rule less than or checking when count is 0
Area: RAD
community
enhancement
New feature or request
#3617
opened Apr 23, 2024 by
kulbozz
[Rule Tuning] Very high false positive rate in 'Agent Spoofing - Multiple Hosts Using Same Agent'
bug
Something isn't working
community
#3613
opened Apr 22, 2024 by
jvalente-salemstate
[Rule Tuning] Azure Active Directory High Risk Sign-in => Also alert on failed
community
Rule: Tuning
tweaking or tuning an existing rule
#3585
opened Apr 10, 2024 by
willem-dhaese
[Bug] KQL fails to parse brackets and wildcards correctly
Area: DED
bug
Something isn't working
community
Team: TRADE
#3582
opened Apr 7, 2024 by
saiiman
[FR] Better Error Messages for Schema Validation
Area: DED
enhancement
New feature or request
python
Internal python for the repository
#3571
opened Apr 3, 2024 by
eric-forte-elastic
[FR] Back-porting Version Trimming
Area: DED
enhancement
New feature or request
#3563
opened Apr 2, 2024 by
shashank-elastic
[Rule Tuning] Potential SSH Brute Force Detected on Privileged Account
community
Rule: Tuning
tweaking or tuning an existing rule
#3562
opened Apr 2, 2024 by
willem-dhaese
[Meta] Refactor Rule Formatter
Area: DED
enhancement
New feature or request
Meta
python
Internal python for the repository
Team: TRADE
#3558
opened Apr 2, 2024 by
Mikaayenson
Previous Next
ProTip!
Find all open issues with in progress development work with linked:pr.