Pull requests · elastic/detection-rules · GitHub
Skip to content

Pull requests: elastic/detection-rules

New pull request New
51 Open 3,913 Closed
51 Open 3,913 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

[Bug] Fix Value List ID Import/Export within Exception List backport: auto bug Something isn't working community detections-as-code patch python Internal python for the repository
#5979 opened Apr 23, 2026 by eric-forte-elastic Contributor Loading…
5 tasks
1
@eric-forte-elastic
1
[New] Suspicious Kubernetes Pod Exec backport: auto Integration: Kubernetes Kubernetes Integration Rule: New Proposal for new rule
#5978 opened Apr 23, 2026 by Samirbous Contributor Loading…
@Samirbous
1
[New] Curl or Wget Execution from Container Context backport: auto Domain: Containers Domain: Endpoint Integration: Auditd Manager OS: Linux Rule: New Proposal for new rule
#5975 opened Apr 22, 2026 by Samirbous Contributor Loading…
@Samirbous
3
[New] Kubernetes Secret get or list with Suspicious User Agent backport: auto Integration: Kubernetes Kubernetes Integration Rule: New Proposal for new rule
#5974 opened Apr 22, 2026 by Samirbous Contributor Loading…
@Samirbous
1
[New] Kubernetes Secret get or list from Node or Pod Service Account backport: auto Integration: Kubernetes Kubernetes Integration Rule: New Proposal for new rule
#5973 opened Apr 22, 2026 by Samirbous Contributor Loading…
@Samirbous
1
[New] Kubernetes Multi-Resource Discovery backport: auto Integration: Kubernetes Kubernetes Integration Rule: New Proposal for new rule
#5971 opened Apr 22, 2026 by Samirbous Contributor Loading…
@Samirbous
1
[Rule Tuning] Windows High-Severity Rules Revamp - 3 backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#5969 opened Apr 22, 2026 by w0rk3r Contributor Loading…
@w0rk3r
3
docs: add preface for deprecated prebuilt detection rules page
#5968 opened Apr 22, 2026 by Mpdreamz Member Draft
9
[New] Kubernetes Rapid Secret GET Activity Against Multiple Objects backport: auto Integration: Kubernetes Kubernetes Integration Rule: New Proposal for new rule
#5967 opened Apr 22, 2026 by Samirbous Contributor Loading…
@Samirbous
1
[New] Kubernetes Secrets List Across Cluster or Sensitive Namespaces backport: auto Integration: Kubernetes Kubernetes Integration Rule: New Proposal for new rule
#5966 opened Apr 22, 2026 by Samirbous Contributor Loading…
@Samirbous
1
[New] Potential Privilege Escalation in Container via Runc Init backport: auto Domain: Containers Domain: Endpoint OS: Linux Rule: New Proposal for new rule
#5964 opened Apr 22, 2026 by Samirbous Contributor Loading…
@Samirbous
5
Fix value lists within exception lists backport: auto community patch python Internal python for the repository
#5963 opened Apr 22, 2026 by wingiti Loading…
5 tasks
1
5
[New] AWS Lateral Movement via Kubernetes SA backport: auto Domain: Cloud Domain: Endpoint Integration: AWS AWS related rules OS: Linux Rule: New Proposal for new rule
#5959 opened Apr 22, 2026 by Samirbous Contributor Loading…
@Samirbous
9
[Rule Tuning] Credential access collection sensitive files backport: auto community Domain: Endpoint OS: Linux
#5952 opened Apr 17, 2026 by litemars Loading…
1
Update dependency tabulate to v0.10.0 backport: auto community
#5946 opened Apr 12, 2026 by elastic-renovate-prod Bot Loading…
1 task
Pin elastic/docs-actions action to 0cc5a2c backport: auto community
#5945 opened Apr 12, 2026 by elastic-renovate-prod Bot Loading…
1 task
[New Rule] DNS to Commonly Abused Web Services backport: auto Domain: Endpoint OS: Linux Rule: New Proposal for new rule Team: TRADE
#5938 opened Apr 9, 2026 by Aegrah Contributor Loading…
@Aegrah
6
[Hunt Tuning] Entra ID Device Code Phishing / Update Drifted Docs backport: auto Domain: Cloud Domain: Identity Hunt: Tuning Hunting Integration: AWS AWS related rules Integration: Azure azure related rules
#5936 opened Apr 8, 2026 by terrancedejesus Contributor Loading…
5 tasks
1
@terrancedejesus
2
[Rule Tuning] RDP (Remote Desktop Protocol) from the Internet backport: auto Domain: Network Integration: Network Traffic integration: PANW integration: Zeek patch Rule: Tuning tweaking or tuning an existing rule
#5932 opened Apr 8, 2026 by eric-forte-elastic Contributor Draft
5 tasks
1
@eric-forte-elastic
18
Fix TOML transform sections for Tomlet / docs-builder backport: auto Domain: Endpoint OS: Windows windows related rules
#5931 opened Apr 8, 2026 by Mpdreamz Member Loading…
5 tasks
@Mpdreamz
4
[New] Diverse AWS rules backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule Rule: Tuning tweaking or tuning an existing rule
#5913 opened Apr 3, 2026 by Samirbous Contributor Loading…
@Samirbous
45
Update actions/checkout digest backport: auto community
#5912 opened Apr 3, 2026 by elastic-renovate-prod Bot Loading…
1 task
Update dependency requests to ~=2.33.1 backport: auto community
#5907 opened Apr 1, 2026 by elastic-renovate-prod Bot Loading…
1 task
Update dependency PyGithub to v2.9.1 backport: auto community
#5898 opened Mar 30, 2026 by elastic-renovate-prod Bot Loading…
1 task
Add FreeIPA detection rules (26 rules across 4 data streams) community
#5896 opened Mar 28, 2026 by Oddly Draft
1
ProTip! Type g i on any issue or pull request to go back to the issue listing page.