Skip to content

Pull requests: elastic/detection-rules

New pull request New
46 Open 4,087 Closed
46 Open 4,087 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

[New] Azure VM Extension Deployment by Interactive User backport: auto Domain: Cloud Integration: Azure azure related rules Rule: New Proposal for new rule
#6176 opened May 21, 2026 by Samirbous Contributor Loading…
@Samirbous
1
[New Rule] Azure AD Graph Access with Suspicious User-Agent Domain: Cloud Integration: Azure azure related rules Rule: New Proposal for new rule
#6175 opened May 21, 2026 by terrancedejesus Contributor Draft
5 tasks
@terrancedejesus
1
[New Rule] Azure AD Graph 4xx Error Surge from User Integration: Azure azure related rules Rule: New Proposal for new rule
#6174 opened May 21, 2026 by terrancedejesus Contributor Draft
5 tasks
@terrancedejesus
1
[New Rule] Azure AD Graph Access with Unusual User and ASN Domain: Cloud Domain: Identity Integration: Azure azure related rules Rule: New Proposal for new rule
#6171 opened May 20, 2026 by terrancedejesus Contributor Draft
5 tasks
@terrancedejesus
1
[New Rule] Azure AD Graph Potential Enumeration (ROADrecon) Domain: Cloud Integration: Azure azure related rules Rule: New Proposal for new rule
#6170 opened May 20, 2026 by terrancedejesus Contributor Draft
5 tasks
@terrancedejesus
1
[New] Azure Run Command Correlated with Process Execution backport: auto Domain: Endpoint Integration: Azure azure related rules OS: Linux OS: Windows windows related rules Rule: New Proposal for new rule
#6169 opened May 20, 2026 by Samirbous Contributor Loading…
@Samirbous
5
Add Entra ID identity attack rules: TAP creation, guest-to-member promotion, OAuth redirect URI (3 rules) backport: auto community Domain: Cloud Integration: Azure azure related rules
#6168 opened May 20, 2026 by descambiado Loading…
1
[Rule Tuning] Forwarded Google Workspace Security Alert backport: auto Domain: Cloud Integration: Google Workspace Rule: Tuning tweaking or tuning an existing rule
#6166 opened May 19, 2026 by imays11 Contributor Loading…
@imays11
1
[Rule Tuning] Suspicious AWS S3 Connection via Script Interpreter backport: auto Domain: Endpoint OS: macOS Rule: Tuning tweaking or tuning an existing rule
#6165 opened May 19, 2026 by shashank-elastic Contributor Loading…
1 of 5 tasks
1
@shashank-elastic
6
[New Rule] Google Workspace User Sign-in from Atypical Device Type backport: auto Domain: Cloud Integration: Google Workspace Rule: New Proposal for new rule
#6153 opened May 15, 2026 by terrancedejesus Contributor Loading…
5 tasks
@terrancedejesus
3
[New Rule] Microsoft Entra ID Impossible Travel Sign-in backport: auto Domain: Cloud Integration: Azure azure related rules Rule: New Proposal for new rule
#6150 opened May 15, 2026 by terrancedejesus Contributor Loading…
5 tasks
@terrancedejesus
1
[New Rule] Google Workspace Impossible Travel Login backport: auto Domain: Cloud Integration: Google Workspace Rule: New Proposal for new rule
#6148 opened May 15, 2026 by terrancedejesus Contributor Loading…
5 tasks
@terrancedejesus
1
[New Rule] Google Workspace Login from Atypical ASN backport: auto Domain: Cloud Integration: Google Workspace Rule: New Proposal for new rule
#6146 opened May 14, 2026 by terrancedejesus Contributor Loading…
5 tasks
@terrancedejesus
9
Update elastic/docs-actions digest to 1ee4c38 backport: auto community
#6137 opened May 13, 2026 by elastic-renovate-prod Bot Loading…
1 task
Update tj-actions/changed-files action to v47 backport: auto community
#6132 opened May 12, 2026 by elastic-renovate-prod Bot Loading…
1 task
Update release-drafter/release-drafter action to v7 backport: auto community
#6115 opened May 9, 2026 by elastic-renovate-prod Bot Loading…
1 task
Update peter-evans/create-pull-request action to v8 backport: auto community
#6114 opened May 9, 2026 by elastic-renovate-prod Bot Loading…
1 task
Update fjogeleit/http-request-action action to v2 backport: auto community
#6112 opened May 8, 2026 by elastic-renovate-prod Bot Loading…
1 task
Update dependency setuptools to v82 backport: auto community
#6111 opened May 8, 2026 by elastic-renovate-prod Bot Loading…
1 task
Update dependency eql to v1 backport: auto community
#6108 opened May 8, 2026 by elastic-renovate-prod Bot Loading…
1 task
[Rule Tuning] ESQL Rule List Search Fix backport: auto Domain: Endpoint esql ES|QL OS: Linux OS: macOS Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#6076 opened May 5, 2026 by Aegrah Contributor Loading…
@Aegrah
7
MITRE ATT&CK v19.0.0 backport: auto Domain: Cloud Domain: Endpoint enhancement New feature or request Integration: AWS AWS related rules Integration: Azure azure related rules Integration: Endpoint Elastic Endpoint Security Integration: GCP GCP related rules Integration: Google Workspace Integration: Microsoft 365 Integration: Okta okta related rules minor ML machine learning related rule OS: Linux python Internal python for the repository schema
#6037 opened May 4, 2026 by shashank-elastic Contributor Draft
1 of 5 tasks
1
@shashank-elastic
4
[New Rule] Potential Remote Code Execution via Git Enterprise Server backport: auto OS: Linux OS: macOS OS: Windows windows related rules Rule: New Proposal for new rule Team: TRADE
#6003 opened Apr 29, 2026 by Aegrah Contributor Draft
@Aegrah
9
[Bug] KQL does not properly escape leading forward slash backport: auto bug Something isn't working kql related to the kql module patch
#6001 opened Apr 29, 2026 by eric-forte-elastic Contributor Loading…
5 tasks
1
@eric-forte-elastic
2
[Bug] TOML string outputs are not properly escaped backport: auto bug Something isn't working community detections-as-code patch python Internal python for the repository
#6000 opened Apr 29, 2026 by eric-forte-elastic Contributor Loading…
5 tasks
1
@eric-forte-elastic
8
ProTip! What’s not been updated in a month: updated:<2026-04-21.