Skip to content

Pull requests: elastic/detection-rules

New pull request New
52 Open 4,021 Closed
52 Open 4,021 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

[FR] May Dependency Updates backport: auto enhancement New feature or request patch python Internal python for the repository
#6103 opened May 8, 2026 by eric-forte-elastic Contributor Loading…
5 tasks
@eric-forte-elastic
2
[New] Potential cPanel WHM CRLF Authentication Bypass (CVE-2026-41940) backport: auto Domain: Network Rule: New Proposal for new rule
#6102 opened May 7, 2026 by eric-forte-elastic Contributor Loading…
5 tasks
@eric-forte-elastic
18
[Rule Tuning] Suspicious macOS MS Office Child Process backport: auto Domain: Endpoint OS: macOS Rule: Tuning tweaking or tuning an existing rule
#6101 opened May 7, 2026 by shashank-elastic Contributor Loading…
1 of 5 tasks
@shashank-elastic
2
[New] EKS Control Plane Logging Disabled backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#6100 opened May 7, 2026 by Samirbous Contributor Loading…
@Samirbous
1
[New] Kubernetes CoreDNS or Kube-DNS Configuration Modified backport: auto Integration: Kubernetes Kubernetes Integration Rule: New Proposal for new rule
#6099 opened May 7, 2026 by Samirbous Contributor Loading…
@Samirbous
1
[New] Kubernetes Ephemeral Container Added to Pod backport: auto Domain: Containers Integration: Kubernetes Kubernetes Integration Rule: New Proposal for new rule
#6098 opened May 7, 2026 by Samirbous Contributor Loading…
@Samirbous
1
Update actions/upload-artifact action to v7 backport: auto community
#6096 opened May 7, 2026 by elastic-renovate-prod Bot Loading…
1 task
[Rule Tuning] First-Time FortiGate Administrator Login backport: auto Domain: Network Rule: Tuning tweaking or tuning an existing rule
#6095 opened May 6, 2026 by eric-forte-elastic Contributor Loading…
5 tasks
1
@eric-forte-elastic
9
[New] Kubernetes Static Pod Manifest File Access backport: auto Domain: Containers Domain: Endpoint Integration: Auditd Manager Integration: Cloud Defend Cloud Defend Integration OS: Linux Rule: New Proposal for new rule
#6094 opened May 6, 2026 by Samirbous Contributor Loading…
@Samirbous
7
[New] EKS Access Entry Granted Cluster Admin Policy backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#6091 opened May 6, 2026 by Samirbous Contributor Loading…
@Samirbous
1
[New] EKS Authentication Configuration Modified backport: auto Integration: Kubernetes Kubernetes Integration Rule: New Proposal for new rule
#6090 opened May 6, 2026 by Samirbous Contributor Loading…
@Samirbous
1
Update actions/github-script action to v9 backport: auto community
#6087 opened May 6, 2026 by elastic-renovate-prod Bot Loading…
1 task
Update release-drafter/release-drafter action to v6.4.0 backport: auto community
#6086 opened May 6, 2026 by elastic-renovate-prod Bot Loading…
1 task
[New] Kubernetes API Request Impersonating Privileged Identity backport: auto Integration: Kubernetes Kubernetes Integration Rule: New Proposal for new rule
#6085 opened May 5, 2026 by Samirbous Contributor Loading…
@Samirbous
1
[New] Kubernetes Client Certificate Signing Request Created or Approved backport: auto Integration: Kubernetes Kubernetes Integration Rule: New Proposal for new rule
#6084 opened May 5, 2026 by Samirbous Contributor Loading…
@Samirbous
1
[New] Kubernetes API Server Proxying Request to Kubelet backport: auto Integration: Kubernetes Kubernetes Integration Rule: New Proposal for new rule
#6082 opened May 5, 2026 by Samirbous Contributor Loading…
@Samirbous
1
[New] Kubernetes Service Account Token Created via TokenRequest API backport: auto Integration: Kubernetes Kubernetes Integration Rule: New Proposal for new rule
#6077 opened May 5, 2026 by Samirbous Contributor Loading…
@Samirbous
2
[Rule Tuning] ESQL Rule List Search Fix backport: auto Domain: Endpoint esql ES|QL OS: Linux OS: macOS Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#6076 opened May 5, 2026 by Aegrah Contributor Loading…
@Aegrah
6
[Rule Tuning] Windows High-Severity Rules Revamp - Final backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#6038 opened May 4, 2026 by w0rk3r Contributor Loading…
@w0rk3r
7
MITRE ATT&CK v19.0.0 backport: auto Domain: Cloud Domain: Endpoint enhancement New feature or request Integration: AWS AWS related rules Integration: Azure azure related rules Integration: Endpoint Elastic Endpoint Security Integration: GCP GCP related rules Integration: Google Workspace Integration: Microsoft 365 Integration: Okta okta related rules minor ML machine learning related rule OS: Linux python Internal python for the repository schema
#6037 opened May 4, 2026 by shashank-elastic Contributor Draft
1 of 5 tasks
1
@shashank-elastic
4
[Rule Tuning] Windows High-Severity Rules Revamp - 15 backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#6034 opened May 3, 2026 by w0rk3r Contributor Loading…
@w0rk3r
7
[Rule Tuning] Windows High-Severity Rules Revamp - 14 backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#6033 opened May 3, 2026 by w0rk3r Contributor Loading…
@w0rk3r
7
[Rule Tuning] Windows High-Severity Rules Revamp - 13 backport: auto Domain: Endpoint OS: macOS OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#6032 opened May 3, 2026 by w0rk3r Contributor Loading…
@w0rk3r
8
[Rule Tuning] Windows High-Severity Rules Revamp - 12 backport: auto Domain: Endpoint OS: macOS OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#6031 opened May 3, 2026 by w0rk3r Contributor Loading…
@w0rk3r
25
[New Rule] Potential Remote Code Execution via Git Enterprise Server backport: auto OS: Linux OS: macOS OS: Windows windows related rules Rule: New Proposal for new rule Team: TRADE
#6003 opened Apr 29, 2026 by Aegrah Contributor Draft
@Aegrah
9
ProTip! Type g i on any issue or pull request to go back to the issue listing page.