Pull requests: elastic/detection-rules
Pull requests list
[FR] Generate investigation guides
enhancement
New feature or request
Security Content
#4358
opened Jan 8, 2025 by
Mikaayenson
•
Draft
1 of 5 tasks
[Rule Tuning] Linux 3rd Party EDR Support - Crowdstrike and S1 - 10
backport: auto
Domain: Endpoint
OS: Linux
Rule: Tuning
tweaking or tuning an existing rule
#4357
opened Jan 8, 2025 by
w0rk3r
Loading…
[Rule Tuning] Linux 3rd Party EDR Support - Crowdstrike and S1 - 9
backport: auto
Domain: Endpoint
OS: Linux
Rule: Tuning
tweaking or tuning an existing rule
#4356
opened Jan 8, 2025 by
w0rk3r
Loading…
[Rule Tuning] Linux 3rd Party EDR Support - Crowdstrike and S1 - 8
backport: auto
Domain: Endpoint
OS: Linux
Rule: Tuning
tweaking or tuning an existing rule
#4355
opened Jan 8, 2025 by
w0rk3r
Loading…
[New Rule] Adding Coverage for AWS related rules
Rule: New
Proposal for new rule
AWS SQS Queue Purge
backport: auto
Domain: Cloud
Integration: AWS
#4354
opened Jan 8, 2025 by
terrancedejesus
Loading…
3 of 5 tasks
[New Rule] Potential Process Name Stomping with Prctl
backport: auto
Domain: Endpoint
OS: Linux
Rule: New
Proposal for new rule
Team: TRADE
#4352
opened Jan 8, 2025 by
Aegrah
Loading…
[Hunt Tuning] Persistence via SSH Configurations and/or Keys
backport: auto
Hunt: Tuning
Hunting
OS: Linux
patch
Team: TRADE
#4351
opened Jan 8, 2025 by
Aegrah
Loading…
[New Rule] Adding Coverage for AWS related rules
Rule: New
Proposal for new rule
SNS Topic Message Publish by Rare User
backport: auto
Domain: Cloud
Integration: AWS
#4350
opened Jan 7, 2025 by
terrancedejesus
Loading…
5 tasks
[Rule Tuning] Linux 3rd Party EDR Support - Crowdstrike and S1 - 7
backport: auto
Domain: Endpoint
OS: Linux
Rule: Tuning
tweaking or tuning an existing rule
#4349
opened Jan 7, 2025 by
w0rk3r
Loading…
[Rule Tuning] Linux 3rd Party EDR Support - Crowdstrike and S1 - 6
backport: auto
Domain: Endpoint
OS: Linux
Rule: Tuning
tweaking or tuning an existing rule
#4348
opened Jan 7, 2025 by
w0rk3r
Loading…
[Rule Tuning] Linux 3rd Party EDR Support - Crowdstrike and S1 - 5
backport: auto
Domain: Endpoint
OS: Linux
Rule: Tuning
tweaking or tuning an existing rule
#4346
opened Jan 7, 2025 by
w0rk3r
Loading…
[Rule Tuning] Linux 3rd Party EDR Support - Crowdstrike and S1 - 4
backport: auto
Domain: Endpoint
OS: Linux
Rule: Tuning
tweaking or tuning an existing rule
#4345
opened Jan 7, 2025 by
w0rk3r
Loading…
[Rule Tuning] Linux 3rd Party EDR Support - Crowdstrike and S1 - 3
backport: auto
Domain: Endpoint
OS: Linux
Rule: Tuning
tweaking or tuning an existing rule
#4343
opened Jan 7, 2025 by
w0rk3r
Loading…
[New Rules] Kernel Seeking/Unpacking Activity
backport: auto
Domain: Endpoint
OS: Linux
Rule: New
Proposal for new rule
Team: TRADE
#4341
opened Jan 7, 2025 by
Aegrah
Loading…
[New Rule] Process Started with Executable Stack
backport: auto
Domain: Endpoint
OS: Linux
Rule: New
Proposal for new rule
Team: TRADE
#4340
opened Jan 7, 2025 by
Aegrah
Loading…
[New Rule] System Binary Path File Permission Modification
backport: auto
Domain: Endpoint
OS: Linux
Rule: New
Proposal for new rule
Team: TRADE
#4339
opened Jan 7, 2025 by
Aegrah
Loading…
[New Rule] Suspicious Path Invocation from Command Line
backport: auto
Domain: Endpoint
OS: Linux
Rule: New
Proposal for new rule
Team: TRADE
#4338
opened Jan 7, 2025 by
Aegrah
Loading…
[New BBR] Linux System Information Discovery via Getconf
backport: auto
bbr
Building Block Rules
OS: Linux
Rule: New
Proposal for new rule
Team: TRADE
#4337
opened Jan 7, 2025 by
Aegrah
Loading…
[Rule Tuning] Add Public Snapshot Coverage Regarding AWS related rules
Rule: Tuning
tweaking or tuning an existing rule
AWS EC2 EBS Snapshot Shared or Made Public
backport: auto
Domain: Cloud
Integration: AWS
#4335
opened Jan 6, 2025 by
terrancedejesus
Loading…
4 of 5 tasks
[Rule Tuning] Adjusting Verbiage for Improvements or additions to documentation
Domain: Cloud
Integration: AWS
AWS related rules
Rule: Tuning
tweaking or tuning an existing rule
AWS EC2 Instance Connect SSH Public Key Uploaded
backport: auto
documentation
#4334
opened Jan 6, 2025 by
terrancedejesus
Loading…
4 of 5 tasks
[New Rule] Adding Coverage for AWS related rules
patch
Rule: New
Proposal for new rule
AWS EC2 Deprecated AMI Discovery
backport: auto
Domain: Cloud
Integration: AWS
#4328
opened Dec 24, 2024 by
terrancedejesus
Loading…
2 of 5 tasks
[New Rule] Adding Coverage for AWS related rules
Rule: New
Proposal for new rule
AWS S3 Unauthenticated Object Retrieval by Rare Source
backport: auto
Domain: Cloud
Integration: AWS
#4315
opened Dec 17, 2024 by
terrancedejesus
Loading…
2 of 5 tasks
[New Rule] Adding Coverage for AWS related rules
Rule: New
Proposal for new rule
AWS S3 Unauthenticated Object Upload by Rare Source
backport: auto
Domain: Cloud
Integration: AWS
#4314
opened Dec 17, 2024 by
terrancedejesus
Loading…
3 of 5 tasks
[New Rule] Adding Coverage for AWS related rules
Rule: New
Proposal for new rule
AWS S3 Unauthenticated Bucket Listing by Rare Source
backport: auto
Domain: Cloud
Integration: AWS
#4313
opened Dec 17, 2024 by
terrancedejesus
Loading…
3 of 5 tasks
[Bug] [DaC] Metadata maturity field default mismatch and poor enforcement of rule naming conventions
backport: auto
bug
Something isn't working
minor
python
Internal python for the repository
#4285
opened Dec 6, 2024 by
eric-forte-elastic
Loading…
5 tasks
ProTip!
Follow long discussions with comments:>50.