Skip to content

Pull requests: elastic/detection-rules

Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort

Pull requests list

WIP - Initial MITRE v19 Support detections-as-code enhancement New feature or request patch python Internal python for the repository
#6367 opened Jul 1, 2026 by eric-forte-elastic Contributor Draft
5 tasks
[Tuning] Web Server Potential SQL Injection Request backport: auto bbr Building Block Rules Domain: Web Rule: Tuning tweaking or tuning an existing rule
#6365 opened Jul 1, 2026 by Samirbous Contributor Loading…
[New] Potential SQL Injection Against Microsoft SQL Server backport: auto Domain: Endpoint OS: Windows windows related rules Rule: New Proposal for new rule
#6364 opened Jul 1, 2026 by Samirbous Contributor Loading…
[Rule Tuning] Credential Acquisition via Registry Hive Dumping backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#6362 opened Jun 30, 2026 by w0rk3r Contributor Loading…
[New Rule] Microsoft Defender XDR Promotion Rules Rule: New Proposal for new rule Rule: Tuning tweaking or tuning an existing rule
#6360 opened Jun 30, 2026 by terrancedejesus Contributor Draft
5 tasks
[Rule Tuning] Entra ID OAuth Device Code Phishing via AiTM backport: auto Domain: Cloud Domain: Identity Integration: Azure azure related rules Rule: Tuning tweaking or tuning an existing rule
#6358 opened Jun 30, 2026 by terrancedejesus Contributor Loading…
5 tasks
[New] GKE Kubernetes Rules backport: auto Domain: Cloud Integration: GCP GCP related rules Rule: New Proposal for new rule
#6357 opened Jun 30, 2026 by Samirbous Contributor Loading…
[New Rule] AWS IAM User Console Login from Multiple Geolocations backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#6348 opened Jun 29, 2026 by bryans3c Contributor Loading…
5 tasks
[New Rule] AWS ECR Repository or Registry Policy Granted Public Access backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#6342 opened Jun 29, 2026 by bryans3c Contributor Loading…
5 tasks
[Rule Tuning] Migrate Phase 1 vendor fields to ECS and trim non-ecs schema patch Rule: Tuning tweaking or tuning an existing rule schema
#6328 opened Jun 23, 2026 by Mikaayenson Contributor Draft
3 of 5 tasks
[Rule Tuning] First Time Seen Remote Monitoring and Management Tool backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#6326 opened Jun 23, 2026 by w0rk3r Contributor Loading…
ProTip! What’s not been updated in a month: updated:<2026-06-01.