Skip to content

Pull requests: elastic/detection-rules

New pull request New
51 Open 4,034 Closed
51 Open 4,034 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

Update release-drafter/release-drafter action to v7 backport: auto community
#6115 opened May 9, 2026 by elastic-renovate-prod Bot Loading…
1 task
Update peter-evans/create-pull-request action to v8 backport: auto community
#6114 opened May 9, 2026 by elastic-renovate-prod Bot Loading…
1 task
Update mshick/add-pr-comment action to v3 backport: auto community
#6113 opened May 8, 2026 by elastic-renovate-prod Bot Loading…
1 task
Update fjogeleit/http-request-action action to v2 backport: auto community
#6112 opened May 8, 2026 by elastic-renovate-prod Bot Loading…
1 task
Update dependency setuptools to v82 backport: auto community
#6111 opened May 8, 2026 by elastic-renovate-prod Bot Loading…
1 task
Update dependency pre-commit to v4 backport: auto community
#6110 opened May 8, 2026 by elastic-renovate-prod Bot Loading…
1 task
Update dependency eql to v1 backport: auto community
#6108 opened May 8, 2026 by elastic-renovate-prod Bot Loading…
1 task
Update elastic/docs-actions digest to e53c90b backport: auto community
#6107 opened May 8, 2026 by elastic-renovate-prod Bot Loading…
1 task
[New] Potential cPanel WHM CRLF Authentication Bypass (CVE-2026-41940) backport: auto Domain: Network Rule: New Proposal for new rule
#6102 opened May 7, 2026 by eric-forte-elastic Contributor Loading…
5 tasks
@eric-forte-elastic
18
[Rule Tuning] Suspicious macOS MS Office Child Process backport: auto Domain: Endpoint OS: macOS Rule: Tuning tweaking or tuning an existing rule
#6101 opened May 7, 2026 by shashank-elastic Contributor Loading…
1 of 5 tasks
@shashank-elastic
2
[New] EKS Control Plane Logging Disabled backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#6100 opened May 7, 2026 by Samirbous Contributor Loading…
@Samirbous
1
[New] Kubernetes CoreDNS or Kube-DNS Configuration Modified backport: auto Integration: Kubernetes Kubernetes Integration Rule: New Proposal for new rule
#6099 opened May 7, 2026 by Samirbous Contributor Loading…
@Samirbous
1
[New] Kubernetes Ephemeral Container Added to Pod backport: auto Domain: Containers Integration: Kubernetes Kubernetes Integration Rule: New Proposal for new rule
#6098 opened May 7, 2026 by Samirbous Contributor Loading…
@Samirbous
1
[Rule Tuning] First-Time FortiGate Administrator Login backport: auto Domain: Network Rule: Tuning tweaking or tuning an existing rule
#6095 opened May 6, 2026 by eric-forte-elastic Contributor Loading…
5 tasks
1
@eric-forte-elastic
9
[New] Kubernetes Static Pod Manifest File Access backport: auto Domain: Containers Domain: Endpoint Integration: Auditd Manager Integration: Cloud Defend Cloud Defend Integration OS: Linux Rule: New Proposal for new rule
#6094 opened May 6, 2026 by Samirbous Contributor Loading…
@Samirbous
7
[New] EKS Access Entry Granted Cluster Admin Policy backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#6091 opened May 6, 2026 by Samirbous Contributor Loading…
@Samirbous
1
[New] EKS Authentication Configuration Modified backport: auto Integration: Kubernetes Kubernetes Integration Rule: New Proposal for new rule
#6090 opened May 6, 2026 by Samirbous Contributor Loading…
@Samirbous
1
[New] Kubernetes API Request Impersonating Privileged Identity backport: auto Integration: Kubernetes Kubernetes Integration Rule: New Proposal for new rule
#6085 opened May 5, 2026 by Samirbous Contributor Loading…
@Samirbous
1
[New] Kubernetes Client Certificate Signing Request Created or Approved backport: auto Integration: Kubernetes Kubernetes Integration Rule: New Proposal for new rule
#6084 opened May 5, 2026 by Samirbous Contributor Loading…
@Samirbous
1
[New] Kubernetes API Server Proxying Request to Kubelet backport: auto Integration: Kubernetes Kubernetes Integration Rule: New Proposal for new rule
#6082 opened May 5, 2026 by Samirbous Contributor Loading…
@Samirbous
1
[New] Kubernetes Service Account Token Created via TokenRequest API backport: auto Integration: Kubernetes Kubernetes Integration Rule: New Proposal for new rule
#6077 opened May 5, 2026 by Samirbous Contributor Loading…
@Samirbous
2
[Rule Tuning] ESQL Rule List Search Fix backport: auto Domain: Endpoint esql ES|QL OS: Linux OS: macOS Rule: Tuning tweaking or tuning an existing rule Team: TRADE
#6076 opened May 5, 2026 by Aegrah Contributor Loading…
@Aegrah
6
[Rule Tuning] Windows High-Severity Rules Revamp - Final backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#6038 opened May 4, 2026 by w0rk3r Contributor Loading…
@w0rk3r
7
MITRE ATT&CK v19.0.0 backport: auto Domain: Cloud Domain: Endpoint enhancement New feature or request Integration: AWS AWS related rules Integration: Azure azure related rules Integration: Endpoint Elastic Endpoint Security Integration: GCP GCP related rules Integration: Google Workspace Integration: Microsoft 365 Integration: Okta okta related rules minor ML machine learning related rule OS: Linux python Internal python for the repository schema
#6037 opened May 4, 2026 by shashank-elastic Contributor Draft
1 of 5 tasks
1
@shashank-elastic
4
[Rule Tuning] Windows High-Severity Rules Revamp - 15 backport: auto Domain: Endpoint OS: Windows windows related rules Rule: Tuning tweaking or tuning an existing rule
#6034 opened May 3, 2026 by w0rk3r Contributor Loading…
@w0rk3r
7
ProTip! Filter pull requests by the default branch with base:main.