Skip to content

Issues: elastic/detection-rules

Beta
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

146 Open 1,484 Closed
146 Open 1,484 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

[Bug] Help Flag Returns Errors bug Something isn't working community Team: TRADE
#4718 opened May 10, 2025 by sleepless-swan
[FR] Pre-Built Elastic Auditd Ruleset enhancement New feature or request OS: Linux Security Content Team: TRADE
#4713 opened May 9, 2025 by Aegrah
@Aegrah
[FR] Support Visualization of Previous Rule Versions enhancement New feature or request Team: TRADE
#4709 opened May 8, 2025 by w0rk3r
[FR] Unit Test for elastic_endpoint_security Rule ID Change enhancement New feature or request Team: TRADE
#4707 opened May 7, 2025 by Mikaayenson
[FR] Reduce Built-in Git Operations enhancement New feature or request Team: TRADE
#4701 opened May 6, 2025 by eric-forte-elastic
[Rule Tuning] Suspicious Access to LDAP Attributes - Ignored Fields Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4698 opened May 5, 2025 by w0rk3r
@w0rk3r
[New Rule] ADExplorer collecting Active Directory information backlog community Rule: New Proposal for new rule Team: TRADE
#4697 opened May 5, 2025 by pl853
@w0rk3r
[Bug] EQL Sequence Multi-Data Source Schema Validation bug Something isn't working Team: TRADE
#4693 opened May 1, 2025 by terrancedejesus
[Rule Tuning] Startup or Run Key Registry Modification Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4692 opened May 1, 2025 by sw-jung
1
@w0rk3r
1
[Rule Tuning] Deleting Backup Catalogs with Wbadmin community Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4671 opened Apr 28, 2025 by tyler-mcadam
1
@w0rk3r
1
[Rule Tuning] Potential Ransomware Behavior - High count of Readme files by System Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4653 opened Apr 24, 2025 by w0rk3r
@w0rk3r
[Rule Tuning] Google Workspace Admin Role Assigned to a User community Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4651 opened Apr 24, 2025 by buzzdeee
[Rule Tuning] Suspicious Execution from a Mounted Device community Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4603 opened Apr 10, 2025 by kenza-ab
@w0rk3r
1
[FR] Include Timeline Templates export/import in the CLI such that they can be imported and exported together with rules like exceptions and action connectors community enhancement New feature or request Team: TRADE
#4588 opened Apr 1, 2025 by frederikb96
[FR] Handle Cases Where Kibana Duplicates Action Connectors community enhancement New feature or request Team: TRADE
#4576 opened Mar 28, 2025 by eric-forte-elastic
[Bug] Using the CLI to export esql (ES|QL) rules from Kibana results in ValidationError if using metadata according to documentation bug Something isn't working community Team: TRADE
#4575 opened Mar 27, 2025 by frederikb96
2
[Bug] CLI detection_rules kibana import-rules imports all exceptions and connectors if --rule-file or --rule-id is set bug Something isn't working community Team: TRADE
#4574 opened Mar 27, 2025 by frederikb96
1
[FR] GitHub URL inside rule description that points to GitHub location community enhancement New feature or request Team: TRADE
#4560 opened Mar 25, 2025 by CyberneticNomad-v808
2
[Bug] Investigate deprecated_rules.json discrepancies bug Something isn't working Team: TRADE
#4554 opened Mar 20, 2025 by w0rk3r
[FR] CLI function to check a cluster for Deprecated Rules enhancement New feature or request Team: TRADE
#4553 opened Mar 20, 2025 by w0rk3r
1
[Rule Tuning] A scheduled task was updated community Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#4541 opened Mar 17, 2025 by EsbenSec
1
@w0rk3r
2
[FR] Make keeping up with commits easier for already modified rules community enhancement New feature or request Team: TRADE
#4536 opened Mar 14, 2025 by stryngs
[FR] Add Support for Python 3.13 community enhancement New feature or request python Internal python for the repository Team: TRADE
#4534 opened Mar 13, 2025 by eric-forte-elastic
1
[Bug] Missing Related Integrations and Required Fields for ESQL Rules bug Something isn't working Team: TRADE
#4506 opened Mar 3, 2025 by Mikaayenson
@traut
2
[New Rule] Cross-Platform Dev for Python Rules backlog Rule: New Proposal for new rule Team: TRADE
#4505 opened Mar 3, 2025 by Aegrah
ProTip! Find all open issues with in progress development work with linked:pr.