Pull requests: elastic/detection-rules
Pull requests list
[Rule Tuning] Excessive Secret or Key Retrieval from Azure Key Vault
backport: auto
Domain: Cloud
Integration: Azure
azure related rules
meta:rapid-merge
Rule: Tuning
tweaking or tuning an existing rule
#5220
opened Oct 14, 2025 by
Mikaayenson
Loading…
2 of 5 tasks
[New Rule] File Creation with Curly Braces or Command Substitution
backport: auto
Domain: Endpoint
OS: Linux
Rule: New
Proposal for new rule
Team: TRADE
#5219
opened Oct 14, 2025 by
Aegrah
Loading…
[Rule Tunings] AWS Root Access Rules
backport: auto
Domain: Cloud
Integration: AWS
AWS related rules
Rule: Tuning
tweaking or tuning an existing rule
Team: TRADE
#5218
opened Oct 13, 2025 by
imays11
Loading…
[New Rule] Azure Compute Restore Point Collection Deleted
Domain: Cloud
Domain: Storage
Integration: Azure
azure related rules
Rule: New
Proposal for new rule
#5217
opened Oct 13, 2025 by
terrancedejesus
•
Draft
5 tasks
[Rule Tunings] AWS IAM Administrator Access Policy Attached to Group/Role/User
backport: auto
Domain: Cloud
Integration: AWS
AWS related rules
Rule: Tuning
tweaking or tuning an existing rule
Team: TRADE
#5215
opened Oct 13, 2025 by
imays11
Loading…
[New Rule] Azure Recovery Services Deletion
backport: auto
Domain: Cloud
Domain: Storage
Rule: New
Proposal for new rule
#5214
opened Oct 13, 2025 by
terrancedejesus
Loading…
5 tasks
[Rule Tuning] AWS User Created Access Keys For Another User
backport: auto
Domain: Cloud
Integration: AWS
AWS related rules
Rule: Tuning
tweaking or tuning an existing rule
Team: TRADE
#5212
opened Oct 13, 2025 by
imays11
Loading…
[New Rule] Azure Compute Snapshot Deletion(s)
backport: auto
Domain: Data
Domain: Storage
Integration: Azure
azure related rules
Rule: New
Proposal for new rule
#5211
opened Oct 13, 2025 by
terrancedejesus
Loading…
5 tasks
[Rule Tuning][Deprecation] AWS Root Console Login Rules
backport: auto
Domain: Cloud
Integration: AWS
AWS related rules
Rule: Deprecation
removal of a rule
Rule: Tuning
tweaking or tuning an existing rule
Team: TRADE
#5201
opened Oct 10, 2025 by
imays11
Loading…
[New Rule] Azure Storage Account Deletion
backport: auto
Domain: Cloud
Domain: Storage
Integration: Azure
azure related rules
Rule: New
Proposal for new rule
#5200
opened Oct 10, 2025 by
terrancedejesus
Loading…
5 tasks
[Rule Tuning][New BBR Rule] AWS Sign-In Token Creation and Console Login
backport: auto
bbr
Building Block Rules
Domain: Cloud
Integration: AWS
AWS related rules
Rule: Tuning
tweaking or tuning an existing rule
Team: TRADE
#5197
opened Oct 9, 2025 by
imays11
Loading…
[Rule Tuning] Suspicious Entra ID OAuth User Impersonation Scope Detected
backport: auto
Domain: Cloud
Domain: Identity
Integration: Azure
azure related rules
Rule: Tuning
tweaking or tuning an existing rule
#5190
opened Oct 6, 2025 by
terrancedejesus
Loading…
5 tasks
[New Rule] Entra ID Protection Admin Confirmed Compromise
backport: auto
Domain: Cloud
Domain: Identity
Integration: Azure
azure related rules
Rule: New
Proposal for new rule
#5186
opened Oct 6, 2025 by
terrancedejesus
Loading…
5 tasks
[New Rule] Azure Storage Blob Retrieval via AzCopy
backport: auto
Domain: Cloud
Domain: Identity
Domain: Storage
Integration: Azure
azure related rules
Rule: New
Proposal for new rule
#5179
opened Oct 2, 2025 by
terrancedejesus
Loading…
5 tasks
[Rule Tuning] Update Azure / M365 Rule Names and File Paths
backport: auto
Domain: Application
Domain: Cloud Workloads
Domain: Cloud
Domain: Email
Domain: Endpoint
Domain: Identity
Domain: Network
Domain: SaaS
Domain: Storage
Integration: Azure
azure related rules
Integration: Microsoft 365
Rule: Tuning
tweaking or tuning an existing rule
#5172
opened Oct 1, 2025 by
terrancedejesus
Loading…
5 tasks
[Security Content] Windows Setup Guides - WinEventLog & Sysmon
backport: auto
Domain: Endpoint
OS: Windows
windows related rules
Security Content
#5162
opened Sep 29, 2025 by
w0rk3r
Loading…
Previous Next
ProTip!
no:milestone will show everything without a milestone.