Skip to content

Pull requests: elastic/detection-rules

New pull request New
73 Open 4,145 Closed
73 Open 4,145 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

[New Rule] Potential Redis CONFIG SET Cron Directory Persistence (RedisRaider) backport: auto Domain: Network Integration: Network Traffic Rule: New Proposal for new rule
#6271 opened Jun 11, 2026 by eric-forte-elastic Contributor Loading…
5 tasks
@eric-forte-elastic
10
[New Rule] Potential Redis CONFIG SET SSH Authorized Key Injection backport: auto Domain: Network Integration: Network Traffic Rule: New Proposal for new rule
#6270 opened Jun 11, 2026 by eric-forte-elastic Contributor Loading…
5 tasks
@eric-forte-elastic
11
[New Rule] Potential Redis Lua Use-After-Free RCE Attempt (CVE-2025-49844 / RediShell) backport: auto Domain: Network Integration: Network Traffic Rule: New Proposal for new rule
#6269 opened Jun 11, 2026 by eric-forte-elastic Contributor Loading…
5 tasks
@eric-forte-elastic
10
WIP - [FR] Add optional user agent string for DaC commands detections-as-code enhancement New feature or request kibana-module related to the kibana module patch python Internal python for the repository
#6268 opened Jun 11, 2026 by eric-forte-elastic Contributor Draft
5 tasks
@eric-forte-elastic
1
[New Rule] SMB (Windows File Sharing) Activity from the Internet backport: auto Domain: Network Integration: Corelight Integration: Network Traffic Integration: pfSense integration: Zeek Rule: New Proposal for new rule Team: TRADE
#6267 opened Jun 10, 2026 by eric-forte-elastic Contributor Draft
5 tasks
@eric-forte-elastic
2
[Rule Tuning] Azure Compute VM Command Executed backport: auto Domain: Cloud Domain: Endpoint Integration: Azure azure related rules Rule: Tuning tweaking or tuning an existing rule
#6266 opened Jun 10, 2026 by terrancedejesus Contributor Loading…
5 tasks
@terrancedejesus
4
Update dependency Click to ~=8.4.1 backport: auto community
#6265 opened Jun 10, 2026 by elastic-renovate-prod Bot Loading…
1 task
[New Rules] Add Anthropic compliance audit detection rules backport: auto Integration: Anthropic minor Rule: New Proposal for new rule
#6264 opened Jun 9, 2026 by Mikaayenson Contributor Draft
@Mikaayenson
11
[New Rule] Multiple DHCP Servers Responding to the Same Transaction backport: auto Domain: Network Integration: Network Traffic Rule: New Proposal for new rule Team: TRADE
#6263 opened Jun 9, 2026 by eric-forte-elastic Contributor Loading…
5 tasks
@eric-forte-elastic
9
[New Hunt] Mythic C2 TLS Certificate Observed in Cisco SD-WAN Exploitation backport: auto Domain: Network Hunt: New Hunting Integration: Network Traffic
#6262 opened Jun 9, 2026 by eric-forte-elastic Contributor Loading…
5 tasks
@eric-forte-elastic
2
[Rule Tuning] Add Corelight support for existing rules backport: auto Domain: Network Integration: Corelight patch python Internal python for the repository Rule: Tuning tweaking or tuning an existing rule schema Team: TRADE
#6261 opened Jun 9, 2026 by eric-forte-elastic Contributor Loading…
5 tasks
@eric-forte-elastic
5
[Rule Tuning] Add pfSense support for existing rules backport: auto Domain: Network Integration: pfSense patch python Internal python for the repository Rule: Tuning tweaking or tuning an existing rule schema Team: TRADE
#6260 opened Jun 9, 2026 by eric-forte-elastic Contributor Loading…
5 tasks
@eric-forte-elastic
5
[New Rule] Azure Serial Console Connect to Virtual Machine with Unusual User and ASN backport: auto Domain: Cloud Integration: Azure azure related rules Rule: New Proposal for new rule
#6259 opened Jun 9, 2026 by terrancedejesus Contributor Loading…
5 tasks
@terrancedejesus
4
[New Rule] AWS SES Sending Enabled or Identity Verified by Rare User backport: auto community Domain: Cloud Integration: AWS AWS related rules
#6258 opened Jun 7, 2026 by Aryu-RU Loading…
4 of 5 tasks
[Rule Tuning] Host File System Changes via Windows Subsystem for Linux backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#6255 opened Jun 5, 2026 by Aegrah Contributor Loading…
@Aegrah
6
[New Rule] Systemd Service Override Configuration File Created backport: auto Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#6254 opened Jun 5, 2026 by Aegrah Contributor Loading…
@Aegrah
7
Allow filter-only KQL custom rule exports backport: auto community enhancement New feature or request patch python Internal python for the repository
#6253 opened Jun 4, 2026 by srkyn Loading…
1
5
[Rule Tuning] Multiple Alerts in Different ATT&CK Tactics on a Single Host backport: auto Rule: Tuning tweaking or tuning an existing rule
#6252 opened Jun 4, 2026 by Mikaayenson Contributor Loading…
1 of 5 tasks
1
@Mikaayenson
3
[Rule Tuning] Misc. Linux DRs backport: auto Domain: Endpoint OS: Linux Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#6250 opened Jun 4, 2026 by Aegrah Contributor Loading…
@Aegrah
4
[New Rule] Potential EDR-Freeze via WerFaultSecure Abuse backport: auto community Domain: Endpoint OS: Windows windows related rules
#6248 opened Jun 3, 2026 by Aryu-RU Loading…
6 tasks done
[New Rule] GlobalProtect Cookie Authentication from Unusual Source backport: auto community
#6234 opened Jun 3, 2026 by Aryu-RU Loading…
4 tasks done
[Rule Tunings] Google Workspace minor rule updates backport: auto Domain: Cloud Integration: Google Workspace Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#6233 opened Jun 2, 2026 by imays11 Contributor Loading…
@imays11
1
[New Rule] GenAI CLI Started with Unsafe Permission Bypass backport: auto Domain: GenAI Rule: New Proposal for new rule
#6232 opened Jun 2, 2026 by Mikaayenson Contributor Loading…
@Mikaayenson
2
[Rule Tuning] Misc GenAI Rule Tuning backport: auto Domain: GenAI Rule: Tuning tweaking or tuning an existing rule
#6231 opened Jun 2, 2026 by Mikaayenson Contributor Loading…
@Mikaayenson
5
[New Rule] M365 Identity Unusual Device Code Granting backport: auto Domain: Cloud Domain: Identity Domain: SaaS Integration: Microsoft 365 Rule: New Proposal for new rule
#6230 opened Jun 2, 2026 by terrancedejesus Contributor Loading…
5 tasks
@terrancedejesus
2
ProTip! Type g p on any issue or pull request to go back to the pull request listing page.