Skip to content

Pull requests: elastic/detection-rules

New pull request New
50 Open 3,997 Closed
50 Open 3,997 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

add json.dumps to fix multiline escape issue backport: auto community python Internal python for the repository
#6074 opened May 4, 2026 by wingiti Contributor Loading…
5 tasks
[DaC] [Bug] Rule Formatter Line Wrapping Breaks Query String Filters backport: auto bug Something isn't working detections-as-code meta:rapid-merge patch python Internal python for the repository
#6046 opened May 4, 2026 by eric-forte-elastic Contributor Loading…
5 tasks
1
@eric-forte-elastic
2
[Rule Tuning] Network Rules Update Type and Status Field Names backport: auto Domain: Network Integration: Network Traffic
#6043 opened May 4, 2026 by eric-forte-elastic Contributor Loading…
5 tasks
@eric-forte-elastic
2
Add missing response actions backport: auto community python Internal python for the repository
#6041 opened May 4, 2026 by wingiti Contributor Loading…
5 tasks
1
[Rule Tuning] Windows High-Severity Rules Revamp - Final backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#6038 opened May 4, 2026 by w0rk3r Contributor Loading…
@w0rk3r
7
MITRE ATT&CK v19.0.0 backport: auto Domain: Cloud Domain: Endpoint enhancement New feature or request Integration: AWS AWS related rules Integration: Azure azure related rules Integration: Endpoint Elastic Endpoint Security Integration: GCP GCP related rules Integration: Google Workspace Integration: Microsoft 365 Integration: Okta okta related rules minor ML machine learning related rule OS: Linux python Internal python for the repository schema
#6037 opened May 4, 2026 by shashank-elastic Contributor Draft
1 of 5 tasks
1
@shashank-elastic
4
[Rule Tuning] Windows High-Severity Rules Revamp - 15 backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#6034 opened May 3, 2026 by w0rk3r Contributor Loading…
@w0rk3r
7
[Rule Tuning] Windows High-Severity Rules Revamp - 14 backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#6033 opened May 3, 2026 by w0rk3r Contributor Loading…
@w0rk3r
7
[Rule Tuning] Windows High-Severity Rules Revamp - 13 backport: auto Domain: Endpoint OS: macOS OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#6032 opened May 3, 2026 by w0rk3r Contributor Loading…
@w0rk3r
8
[Rule Tuning] Windows High-Severity Rules Revamp - 12 backport: auto Domain: Endpoint OS: macOS OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#6031 opened May 3, 2026 by w0rk3r Contributor Loading…
@w0rk3r
25
[Rule Tuning] Windows High-Severity Rules Revamp - 11 backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#6030 opened May 3, 2026 by w0rk3r Contributor Loading…
@w0rk3r
10
[Rule Tuning] Windows High-Severity Rules Revamp - 10 backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#6028 opened May 1, 2026 by w0rk3r Contributor Loading…
@w0rk3r
19
[FR] Add new unit test for process fields in non process events backport: auto enhancement New feature or request patch test-suite unit and other testing components
#6011 opened Apr 29, 2026 by Mikaayenson Contributor Loading…
3 tasks
@Mikaayenson
2
[New] Container Runtime CLI Execution with Suspicious Arguments backport: auto Domain: Containers Domain: Endpoint Integration: Auditd Manager OS: Linux Rule: New Proposal for new rule
#6009 opened Apr 29, 2026 by Samirbous Contributor Loading…
@Samirbous
30
[FR] Merged Renovate Dependency Updates backport: auto dependencies Pull requests that update a dependency file enhancement New feature or request patch python Internal python for the repository
#6008 opened Apr 29, 2026 by eric-forte-elastic Contributor Loading…
5 tasks
@eric-forte-elastic
3
[New] Kubernetes and Cloud Credential Path Access via Process Arguments backport: auto Domain: Endpoint Integration: Auditd Manager OS: Linux Rule: New Proposal for new rule
#6007 opened Apr 29, 2026 by Samirbous Contributor Loading…
@Samirbous
8
[New Rule] Potential Remote Code Execution via Git Enterprise Server backport: auto OS: Linux OS: macOS OS: Windows windows related rules Rule: New Proposal for new rule Team: TRADE
#6003 opened Apr 29, 2026 by Aegrah Contributor Draft
@Aegrah
9
[Bug] KQL does not properly escape leading forward slash backport: auto bug Something isn't working kql related to the kql module patch
#6001 opened Apr 29, 2026 by eric-forte-elastic Contributor Loading…
5 tasks
1
@eric-forte-elastic
2
[Bug] TOML string outputs are not properly escaped backport: auto bug Something isn't working community detections-as-code patch python Internal python for the repository
#6000 opened Apr 29, 2026 by eric-forte-elastic Contributor Loading…
5 tasks
1
@eric-forte-elastic
4
[Enhancement] Add test for constant_keyword fields on alerts-only rules backport: auto bug Something isn't working patch python Internal python for the repository test-suite unit and other testing components
#5997 opened Apr 28, 2026 by terrancedejesus Contributor Loading…
5 tasks
1
ci(docs): scope pull_request triggers to integration branches backport: auto
#5995 opened Apr 28, 2026 by Mpdreamz Member Loading…
@Mpdreamz
Update dependency marshmallow-jsonschema to ~=0.16.0 backport: auto community
#5993 opened Apr 28, 2026 by elastic-renovate-prod Bot Loading…
1 task
Update dependency pyright to v1.1.409 backport: auto community
#5984 opened Apr 26, 2026 by elastic-renovate-prod Bot Loading…
1 task
docs: add preface for deprecated prebuilt detection rules page
#5968 opened Apr 22, 2026 by Mpdreamz Member Draft
9
[Rule Tuning] Credential access collection sensitive files backport: auto community Domain: Endpoint OS: Linux
#5952 opened Apr 17, 2026 by litemars Loading…
@Aegrah
3
ProTip! What’s not been updated in a month: updated:<2026-04-04.