Skip to content

Pull requests: elastic/detection-rules

New pull request New
91 Open 4,172 Closed
91 Open 4,172 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

[New] Java Dropped and Executed With DNS Lookup backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#6320 opened Jun 21, 2026 by Samirbous Contributor Loading…
@Samirbous
15
[New] Quick Assist Full Control Sharing Mode Enabled backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#6319 opened Jun 21, 2026 by Samirbous Contributor Loading…
@Samirbous
11
[New Rule] Suspicious Microsoft Quick Assist Child Process backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#6318 opened Jun 21, 2026 by w0rk3r Contributor Loading…
@w0rk3r
5
[New Rule] Command Interpreter Spawned by Obsidian backport: auto community
#6317 opened Jun 20, 2026 by Aryu-RU Loading…
5 of 6 tasks
1
[New Rule] AWS Backup Monitoring or Audit Controls Disabled backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#6315 opened Jun 19, 2026 by bryans3c Contributor Loading…
5 tasks
@bryans3c
5
[New Rule] AWS Backup Recovery Point Lifecycle Modified backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#6314 opened Jun 19, 2026 by bryans3c Contributor Loading…
5 tasks
@bryans3c
8
[New Rule] AWS Backup Vault Access Policy Modified or Deleted backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#6313 opened Jun 19, 2026 by bryans3c Contributor Loading…
5 tasks
@bryans3c
8
[New Rule] AWS Backup Plan or Selection Deleted backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#6312 opened Jun 19, 2026 by bryans3c Contributor Loading…
5 tasks
@bryans3c
5
[New Rule] AWS Backup Vault Deleted or Vault Lock Removed backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#6311 opened Jun 19, 2026 by bryans3c Contributor Loading…
5 tasks
@bryans3c
6
[New Rule] AWS Backup Recovery Point Deleted backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#6310 opened Jun 19, 2026 by bryans3c Contributor Loading…
5 tasks
@bryans3c
4
[DaC] [Bug] Raw rule loading fails when deprecated and active rules share a name backport: auto bug Something isn't working detections-as-code patch python Internal python for the repository
#6309 opened Jun 18, 2026 by eric-forte-elastic Contributor Loading…
1 of 5 tasks
1
@eric-forte-elastic
3
[Rule Tuning] Refine scope of SMTP and IPSEC NAT Rules backport: auto Domain: Network integration: Zeek Rule: Tuning tweaking or tuning an existing rule
#6307 opened Jun 18, 2026 by eric-forte-elastic Contributor Loading…
5 tasks
@eric-forte-elastic
5
[New Rule] Azure AD Graph Access with Unusual User and ASN backport: auto Domain: Cloud Integration: Azure azure related rules Rule: New Proposal for new rule
#6305 opened Jun 18, 2026 by terrancedejesus Contributor Loading…
5 tasks
@terrancedejesus
6
[New Rule] AWS KMS Imported Key Material Deleted backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#6304 opened Jun 18, 2026 by bryans3c Contributor Loading…
5 tasks
@bryans3c
4
[New Rule] AWS IAM Login Profile Created or Modified for an IAM User backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#6303 opened Jun 18, 2026 by bryans3c Contributor Loading…
5 tasks
@bryans3c
7
[New Rule] AWS IAM Account Password Policy Deleted backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#6302 opened Jun 18, 2026 by bryans3c Contributor Loading…
5 tasks
@bryans3c
6
[New Rule] AWS IAM Inline Policy Added to a Group backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#6301 opened Jun 18, 2026 by bryans3c Contributor Loading…
5 tasks
@bryans3c
8
[New Rule] AWS IAM Permissions Boundary Modified or Removed backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#6300 opened Jun 18, 2026 by bryans3c Contributor Loading…
5 tasks
@bryans3c
8
[New Rule] AWS Lambda Function Invoked Cross-Account backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#6299 opened Jun 18, 2026 by bryans3c Contributor Loading…
5 tasks
@bryans3c
7
[New Rule] AWS Lambda Function High-Frequency Invocation by a Single Principal backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#6298 opened Jun 18, 2026 by bryans3c Contributor Loading…
5 tasks
@bryans3c
6
[New Rule] AWS Lambda Function Invoked from an Unusual Source ASN backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#6297 opened Jun 18, 2026 by bryans3c Contributor Loading…
5 tasks
@bryans3c
5
[New Rule] AWS Lambda Function Invoked by an Unusual Principal backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#6296 opened Jun 18, 2026 by bryans3c Contributor Loading…
5 tasks
@bryans3c
4
[New Rule] AWS Lambda Function Policy Updated to Allow Cross-Account Invocation backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#6295 opened Jun 18, 2026 by bryans3c Contributor Loading…
5 tasks
@bryans3c
8
[New Rule] AWS Lambda Function URL Created with Public Access backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#6294 opened Jun 18, 2026 by bryans3c Contributor Loading…
5 tasks
@bryans3c
6
[New Rule] AWS Lambda Layer Shared Externally backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#6293 opened Jun 18, 2026 by bryans3c Contributor Loading…
5 tasks
@bryans3c
6
ProTip! Updated in the last three days: updated:>2026-06-18.