-
Notifications
You must be signed in to change notification settings - Fork 512
Pull requests: elastic/detection-rules
Author
Label
Projects
Milestones
Reviews
Assignee
Sort
Pull requests list
[New Rule] Adding Coverage for AWS related rules
patch
Rule: New
Proposal for new rule
AWS EC2 Deprecated AMI Discovery
Domain: Cloud
Integration: AWS
#4328
opened Dec 24, 2024 by
terrancedejesus
•
Draft
2 of 5 tasks
[Tuning] Suspicious WMI Event Subscription Created
backport: auto
Domain: Endpoint
OS: Windows
windows related rules
Rule: Tuning
tweaking or tuning an existing rule
#4327
opened Dec 23, 2024 by
Samirbous
Loading…
[New Rule] Kernel Object File Creation
backport: auto
Domain: Endpoint
OS: Linux
Rule: New
Proposal for new rule
Team: TRADE
#4325
opened Dec 19, 2024 by
Aegrah
Loading…
[Fix] Updating the hunting library
backport: auto
Hunt: Tuning
Hunting
OS: Linux
Team: TRADE
threat hunting
Related to hunting/ library.
#4323
opened Dec 19, 2024 by
Aegrah
Loading…
[New Hunt] Persistence via Container
backport: auto
Hunt: New
Hunting
major
OS: Linux
Rule: Hunt
bit noisy but useful for hunting
Team: TRADE
threat hunting
Related to hunting/ library.
#4322
opened Dec 19, 2024 by
Aegrah
Loading…
[New Hunt] Persistence via DPKG/RPM Package
backport: auto
Hunt: New
Hunting
major
OS: Linux
Rule: Hunt
bit noisy but useful for hunting
Team: TRADE
threat hunting
Related to hunting/ library.
#4321
opened Dec 19, 2024 by
Aegrah
Loading…
[New Hunt] Persistence via Web Shells
backport: auto
Hunt: New
Hunting
OS: Linux
Rule: Hunt
bit noisy but useful for hunting
Team: TRADE
threat hunting
Related to hunting/ library.
#4320
opened Dec 19, 2024 by
Aegrah
Loading…
[New Hunt & Tuning] Persistence via LKMs
backport: auto
Hunt: New
Hunt: Tuning
Hunting
OS: Linux
Rule: Hunt
bit noisy but useful for hunting
Team: TRADE
threat hunting
Related to hunting/ library.
#4319
opened Dec 19, 2024 by
Aegrah
Loading…
[New Hunt] Persistence via Dynamic Linker Hijacking
backport: auto
Hunt: New
Hunting
OS: Linux
Rule: Hunt
bit noisy but useful for hunting
Team: TRADE
threat hunting
Related to hunting/ library.
#4318
opened Dec 19, 2024 by
Aegrah
Loading…
[New Hunt] Linux PAM Persistence
backport: auto
Hunting
OS: Linux
Rule: Hunt
bit noisy but useful for hunting
Rule: New
Proposal for new rule
Team: TRADE
#4317
opened Dec 19, 2024 by
Aegrah
Loading…
[New Rule] Adding Coverage for AWS related rules
Rule: New
Proposal for new rule
AWS S3 Unauthenticated Object Retrieval by Rare Source
backport: auto
Domain: Cloud
Integration: AWS
#4315
opened Dec 17, 2024 by
terrancedejesus
Loading…
2 of 5 tasks
[New Rule] Adding Coverage for AWS related rules
Rule: New
Proposal for new rule
AWS S3 Unauthenticated Object Upload by Rare Source
backport: auto
Domain: Cloud
Integration: AWS
#4314
opened Dec 17, 2024 by
terrancedejesus
Loading…
3 of 5 tasks
[New Rule] Adding Coverage for AWS related rules
Rule: New
Proposal for new rule
AWS S3 Unauthenticated Bucket Listing by Rare Source
backport: auto
Domain: Cloud
Integration: AWS
#4313
opened Dec 17, 2024 by
terrancedejesus
Loading…
3 of 5 tasks
[Rule Tuning] Potential Persistence via File Modification
backport: auto
OS: Linux
Rule: Tuning
tweaking or tuning an existing rule
Team: TRADE
#4310
opened Dec 17, 2024 by
Aegrah
Loading…
[New Rule] Simple HTTP Web Server Connection
backport: auto
Domain: Endpoint
OS: Linux
Rule: New
Proposal for new rule
Team: TRADE
#4309
opened Dec 17, 2024 by
Aegrah
Loading…
[New Rule] Simple HTTP Web Server Creation
backport: auto
Domain: Endpoint
OS: Linux
Rule: New
Proposal for new rule
Team: TRADE
#4308
opened Dec 17, 2024 by
Aegrah
Loading…
[New Rule] Loadable Kernel Module Configuration File Creation
backport: auto
Domain: Endpoint
OS: Linux
Rule: New
Proposal for new rule
Team: TRADE
#4307
opened Dec 17, 2024 by
Aegrah
Loading…
[New Rule] Dynamic Linker (ld.so) Creation
backport: auto
Domain: Endpoint
OS: Linux
Rule: New
Proposal for new rule
Team: TRADE
#4306
opened Dec 16, 2024 by
Aegrah
Loading…
[New Rule] Unusual Preload Environment Variable Process Execution
backport: auto
Domain: Endpoint
OS: Linux
Rule: New
Proposal for new rule
Team: TRADE
#4305
opened Dec 16, 2024 by
Aegrah
Loading…
[Rule Tuning] Creation or Modification of Pluggable Authentication Mo…
backport: auto
Domain: Endpoint
OS: Linux
Rule: Tuning
tweaking or tuning an existing rule
Team: TRADE
#4304
opened Dec 16, 2024 by
Aegrah
Loading…
[New Rule] Unusual SSHD Child Process
backport: auto
Domain: Endpoint
OS: Linux
Rule: New
Proposal for new rule
Team: TRADE
#4303
opened Dec 16, 2024 by
Aegrah
Loading…
[New Rule] Pluggable Authentication Module Creation in Unusual Directory
backport: auto
Domain: Endpoint
OS: Linux
Rule: New
Proposal for new rule
Team: TRADE
#4302
opened Dec 16, 2024 by
Aegrah
Loading…
[New Rule] Pluggable Authentication Module Source Download
backport: auto
Domain: Endpoint
OS: Linux
Rule: New
Proposal for new rule
Team: TRADE
#4301
opened Dec 16, 2024 by
Aegrah
Loading…
[New Rule] PAM Version Discovery
backport: auto
Domain: Endpoint
OS: Linux
Rule: New
Proposal for new rule
Team: TRADE
#4300
opened Dec 16, 2024 by
Aegrah
Loading…
[Rule Tuning] Windows misc Rule Tuning
backport: auto
Domain: Endpoint
OS: Windows
windows related rules
Rule: Tuning
tweaking or tuning an existing rule
#4298
opened Dec 12, 2024 by
w0rk3r
Loading…
Previous Next
ProTip!
Exclude everything labeled
bug
with -label:bug.