-
Notifications
You must be signed in to change notification settings - Fork 497
Issues: elastic/detection-rules
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
[Rule Tuning] Potential Linux Hack Tool Launched
Rule: Tuning
tweaking or tuning an existing rule
Team: TRADE
#4190
opened Oct 22, 2024 by
stuartMoorhouse
[FR] CI Job to Sync ES|QL Custom Fields with Prebuilt Filterlist for Telemetry
enhancement
New feature or request
Team: TRADE
#4168
opened Oct 17, 2024 by
terrancedejesus
[FR] CI Check for Minstacked Integration Schema Changes
backlog
enhancement
New feature or request
Team: TRADE
#4161
opened Oct 16, 2024 by
Mikaayenson
[Investigation] Smart Limits for Detection Rules
enhancement
New feature or request
Team: TRADE
#4150
opened Oct 11, 2024 by
Mikaayenson
[Meta] WMI Rules using Elastic Defend WMI Events
backlog
Meta
OS: Windows
windows related rules
Team: TRADE
#4143
opened Oct 8, 2024 by
Samirbous
[Rule Tuning] Suspicious DLL Loaded for Persistence or Privilege Escalation
community
Rule: Tuning
tweaking or tuning an existing rule
Team: TRADE
#4139
opened Oct 3, 2024 by
joseph-coulter
[New Rule][BBR] A user logged into Slack from a new country
Integration: Slack
Rule: New
Proposal for new rule
Team: TRADE
#4138
opened Oct 3, 2024 by
brokensound77
[New Rule] A user has downloaded an excessive amount of files in Slack over a short period
Integration: Slack
Rule: New
Proposal for new rule
Team: TRADE
#4137
opened Oct 3, 2024 by
brokensound77
[New Rule] A user previewed multiple Slack rooms without joining in a short period
Integration: Slack
Rule: New
Proposal for new rule
Team: TRADE
#4136
opened Oct 3, 2024 by
brokensound77
[New Rule][BBR] A user previewed a Slack channel without joining
Integration: Slack
Rule: New
Proposal for new rule
Team: TRADE
#4135
opened Oct 3, 2024 by
brokensound77
[New Rule] Excessive apps installed in Slack over short duration
Integration: Slack
Rule: New
Proposal for new rule
Team: TRADE
#4134
opened Oct 3, 2024 by
brokensound77
[New Rule] An anomaly was detected with a Slack user
Integration: Slack
Rule: New
Proposal for new rule
Team: TRADE
#4133
opened Oct 3, 2024 by
brokensound77
[New Rule] Multiple self adds to Google Workspace user groups in short succession
Rule: New
Proposal for new rule
Team: TRADE
#4131
opened Oct 2, 2024 by
brokensound77
[New Rule] Google Workspace User Group Access Modified to Allow External Access
Rule: New
Proposal for new rule
Team: TRADE
#4130
opened Oct 2, 2024 by
brokensound77
[New Rule] Multiple successive Google Workspace groups joined or requested to join in short succession
Rule: New
Proposal for new rule
Team: TRADE
#4129
opened Oct 2, 2024 by
brokensound77
[Rule Tuning] External User Added to Google Workspace Group
Integration: Google Workspace
Rule: Tuning
tweaking or tuning an existing rule
Team: TRADE
#4128
opened Oct 2, 2024 by
brokensound77
[New Rule] Searches for sensitive files via Google Workspace Cloud Search
Integration: Google Workspace
Rule: New
Proposal for new rule
Team: TRADE
#4127
opened Oct 2, 2024 by
brokensound77
[New hunt] A sensitive canary file was accessed in Google Workspace
Hunt: New
Team: TRADE
#4125
opened Oct 2, 2024 by
brokensound77
[New hunt] Sensitive file access by user in Google Workspace
Hunt: New
Integration: Google Workspace
Team: TRADE
#4122
opened Oct 2, 2024 by
brokensound77
[New hunt] All files accessed by user in Google Workspace
Hunt: New
Integration: Google Workspace
Team: TRADE
#4121
opened Oct 2, 2024 by
brokensound77
[Rule Tuning] Google Workspace Drive Encryption Key(s) Accessed from Anonymous User
Integration: Google Workspace
Rule: Tuning
tweaking or tuning an existing rule
Team: TRADE
#4120
opened Oct 2, 2024 by
brokensound77
[Rule Tuning] Multiple Okta User Auth Events with Same Device Token Hash Behind a Proxy
Integration: Okta
okta related rules
Rule: Tuning
tweaking or tuning an existing rule
Team: TRADE
#4119
opened Oct 2, 2024 by
brokensound77
[Rule Tuning] Microsoft 365 Impossible travel activity
community
Rule: Tuning
tweaking or tuning an existing rule
Team: TRADE
#4103
opened Sep 25, 2024 by
willemri
Previous Next
ProTip!
Exclude everything labeled
bug
with -label:bug.