-
Notifications
You must be signed in to change notification settings - Fork 500
Issues: elastic/detection-rules
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
[Rule Tuning] Azure Entra Sign-in Brute Force against Microsoft 365 Accounts
community
Rule: Tuning
tweaking or tuning an existing rule
Team: TRADE
#4262
opened Nov 8, 2024 by
willem-dhaese
[Bug] Duplicate Alerts in ESQL Detection Rule with 24-Hour Look-Back Period and 5-Minute Interval
bug
Something isn't working
community
Team: TRADE
#4250
opened Nov 5, 2024 by
jorgecastro2
[Rule Tuning] Potential OpenSSH Backdoor Logging Activity
Rule: Tuning
tweaking or tuning an existing rule
Team: TRADE
#4248
opened Nov 5, 2024 by
frconil
[Bug] exclude_export_details export flag also excludes exceptions and exception lists
bug
Something isn't working
community
Team: TRADE
#4219
opened Oct 30, 2024 by
Vexil-Derivative
[Rule Tuning] SMB Connections via LOLBin or Untrusted Process
Rule: Tuning
tweaking or tuning an existing rule
Team: TRADE
#4218
opened Oct 30, 2024 by
Mikaayenson
[FR] CI Job to Sync ES|QL Custom Fields with Prebuilt Filterlist for Telemetry
enhancement
New feature or request
Team: TRADE
#4168
opened Oct 17, 2024 by
terrancedejesus
[Investigation] CI Check for Minstacked Integration Schema Changes
backlog
enhancement
New feature or request
Team: TRADE
#4161
opened Oct 16, 2024 by
Mikaayenson
[Investigation] Smart Limits for Detection Rules
enhancement
New feature or request
Team: TRADE
#4150
opened Oct 11, 2024 by
Mikaayenson
[Meta] WMI Rules using Elastic Defend WMI Events
backlog
Meta
OS: Windows
windows related rules
Team: TRADE
#4143
opened Oct 8, 2024 by
Samirbous
[New Rule][BBR] A user logged into Slack from a new country
Integration: Slack
Rule: New
Proposal for new rule
Team: TRADE
#4138
opened Oct 3, 2024 by
brokensound77
[New Rule] A user has downloaded an excessive amount of files in Slack over a short period
Integration: Slack
Rule: New
Proposal for new rule
Team: TRADE
#4137
opened Oct 3, 2024 by
brokensound77
[New Rule] A user previewed multiple Slack rooms without joining in a short period
Integration: Slack
Rule: New
Proposal for new rule
Team: TRADE
#4136
opened Oct 3, 2024 by
brokensound77
[New Rule][BBR] A user previewed a Slack channel without joining
Integration: Slack
Rule: New
Proposal for new rule
Team: TRADE
#4135
opened Oct 3, 2024 by
brokensound77
[New Rule] Excessive apps installed in Slack over short duration
Integration: Slack
Rule: New
Proposal for new rule
Team: TRADE
#4134
opened Oct 3, 2024 by
brokensound77
[New Rule] An anomaly was detected with a Slack user
Integration: Slack
Rule: New
Proposal for new rule
Team: TRADE
#4133
opened Oct 3, 2024 by
brokensound77
[New Rule] Multiple self adds to Google Workspace user groups in short succession
Rule: New
Proposal for new rule
Team: TRADE
#4131
opened Oct 2, 2024 by
brokensound77
[New Rule] Google Workspace User Group Access Modified to Allow External Access
Rule: New
Proposal for new rule
Team: TRADE
#4130
opened Oct 2, 2024 by
brokensound77
[New Rule] Multiple successive Google Workspace groups joined or requested to join in short succession
Rule: New
Proposal for new rule
Team: TRADE
#4129
opened Oct 2, 2024 by
brokensound77
[Rule Tuning] External User Added to Google Workspace Group
Integration: Google Workspace
Rule: Tuning
tweaking or tuning an existing rule
Team: TRADE
#4128
opened Oct 2, 2024 by
brokensound77
[New Rule] Searches for sensitive files via Google Workspace Cloud Search
Integration: Google Workspace
Rule: New
Proposal for new rule
Team: TRADE
#4127
opened Oct 2, 2024 by
brokensound77
[New hunt] A sensitive canary file was accessed in Google Workspace
Hunt: New
Team: TRADE
#4125
opened Oct 2, 2024 by
brokensound77
[New hunt] Sensitive file access by user in Google Workspace
Hunt: New
Integration: Google Workspace
Team: TRADE
#4122
opened Oct 2, 2024 by
brokensound77
[New hunt] All files accessed by user in Google Workspace
Hunt: New
Integration: Google Workspace
Team: TRADE
#4121
opened Oct 2, 2024 by
brokensound77
Previous Next
ProTip!
Follow long discussions with comments:>50.