Skip to content

Pull requests: elastic/detection-rules

New pull request New
26 Open 3,612 Closed
26 Open 3,612 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

[New Rules] Ollama Detections Domain: GenAI Rule: New Proposal for new rule
#5546 opened Jan 9, 2026 by Mikaayenson Draft
1 of 5 tasks
@Mikaayenson
5
[Rule Tuning] Okta Sign-In Events via Third-Party IdP - Convert to New Terms backport: auto Domain: Cloud Domain: Identity Integration: Okta okta related rules Rule: Tuning tweaking or tuning an existing rule
#5544 opened Jan 9, 2026 by terrancedejesus Loading…
5 tasks
1
@terrancedejesus
1
[Rule Tuning] New Okta Authentication Behavior Detected backport: auto bbr Building Block Rules Domain: Identity Integration: Okta okta related rules Rule: Tuning tweaking or tuning an existing rule
#5542 opened Jan 9, 2026 by terrancedejesus Loading…
5 tasks
1
@terrancedejesus
2
[New Rule] PowerShell Script Block Entropy Outlier via MAD Z-Score backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#5539 opened Jan 8, 2026 by w0rk3r Draft
@w0rk3r
3
Add investigation fields to beaconing rules
#5536 opened Jan 7, 2026 by susan-shu-c Draft
5 tasks
Update actions/setup-python digest to 83679a8 backport: auto community
#5527 opened Jan 3, 2026 by elastic-renovate-prod bot Loading…
1 task
[New Rule] ConsentFix Detections backport: auto Domain: Cloud Integration: Azure azure related rules Integration: Microsoft 365 Rule: New Proposal for new rule Rule: Tuning tweaking or tuning an existing rule
#5485 opened Dec 17, 2025 by terrancedejesus Loading…
5 tasks
@terrancedejesus
1
Added logic to main.py to use the created_at and updated_at values if they exist backport: auto enhancement New feature or request patch python Internal python for the repository
#5444 opened Dec 10, 2025 by aarju Loading…
2 tasks
11
[FR] Add keep metadata check to esql schema test backport: auto patch python Internal python for the repository schema test-suite unit and other testing components
#5441 opened Dec 9, 2025 by eric-forte-elastic Loading…
5 tasks
1
@eric-forte-elastic
11
Update actions/checkout action to v6 backport: auto community
#5349 opened Nov 20, 2025 by elastic-renovate-prod bot Loading…
1 task
Update dependency marshmallow to v4 backport: auto community
#5330 opened Nov 17, 2025 by elastic-renovate-prod bot Loading…
1 task
Update dependency elasticsearch to v9 backport: auto community
#5329 opened Nov 17, 2025 by elastic-renovate-prod bot Loading…
1 task
Update actions/upload-artifact action to v6 backport: auto community
#5328 opened Nov 17, 2025 by elastic-renovate-prod bot Loading…
1 task
Update actions/checkout digest backport: auto community
#5327 opened Nov 17, 2025 by elastic-renovate-prod bot Loading…
1 task
Update actions/setup-python action to v6 backport: auto community
#5326 opened Nov 17, 2025 by elastic-renovate-prod bot Loading…
1 task
Update actions/setup-go action to v6 backport: auto community
#5325 opened Nov 17, 2025 by elastic-renovate-prod bot Loading…
1 task
Update actions/github-script action to v8 backport: auto community
#5322 opened Nov 17, 2025 by elastic-renovate-prod bot Loading…
1 task
[New Rule] File Creation with Curly Braces or Command Substitution backport: auto Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#5219 opened Oct 14, 2025 by Aegrah Draft
@Aegrah
5
Update README for the installation of kibana and kql packages backport: auto community documentation Improvements or additions to documentation
#5177 opened Oct 2, 2025 by pberba Loading…
5 tasks
3
Update dependency elasticsearch to ~=8.19.3 backport: auto community
#5100 opened Sep 12, 2025 by elastic-renovate-prod bot Loading…
1 task
[Rule Tuning] Standardize Azure / M365 Rule Contents backlog backport: auto
#5035 opened Aug 28, 2025 by terrancedejesus Draft
5 tasks
1
@terrancedejesus
12
[New Rule/Tuning] Linux User or Group Deletion/Creation backport: auto Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#4861 opened Jun 30, 2025 by Aegrah Draft
@Aegrah
9
[New Rule] Kubectl Secret Access container OS: Linux Rule: New Proposal for new rule Team: TRADE
#4834 opened Jun 19, 2025 by Aegrah Draft
@Aegrah
8
[Rule: New] Potential Web Server Fuzzing Attempts Detected backlog backport: auto community
#4720 opened May 12, 2025 by MakoWish Loading…
1 of 5 tasks
@Aegrah
3
[New Rule] Active Directory Forced Authentication from Linux Host backlog backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#3912 opened Jul 22, 2024 by w0rk3r Draft
@w0rk3r
17
ProTip! Type g i on any issue or pull request to go back to the issue listing page.