Ecosyste.ms: Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / elastic/detection-rules issues and pull requests

#4269 - [Rule Tuning] Kernel Module Removal

Pull Request - State: open - Opened by Aegrah 10 days ago - 1 comment
Labels: OS: Linux, Rule: Tuning, Domain: Endpoint, backport: auto, Team: TRADE

#4268 - [Rule Tuning] RPC (Remote Procedure Call) from the Internet

Issue - State: open - Opened by SebastianHuettersen 12 days ago
Labels: Rule: Tuning, community, Team: TRADE

#4267 - Lock versions for releases: 8.11,8.12,8.13,8.14,8.15,8.16

Pull Request - State: closed - Opened by github-actions[bot] 14 days ago - 1 comment
Labels: backport: auto, patch

#4266 - Lock versions for releases: 8.11,8.12,8.13,8.14,8.15,8.16

Pull Request - State: closed - Opened by github-actions[bot] 14 days ago
Labels: backport: auto

#4265 - Update ATT&CK coverage URL(s) in docs/ATT&CK-coverage.md

Pull Request - State: closed - Opened by github-actions[bot] 17 days ago - 2 comments
Labels: enhancement, backport: auto, patch

#4265 - Update ATT&CK coverage URL(s) in docs/ATT&CK-coverage.md

Pull Request - State: closed - Opened by github-actions[bot] 17 days ago - 2 comments
Labels: enhancement, backport: auto, patch

#4264 - Update ATT&CK coverage URL(s) in docs/ATT&CK-coverage.md

Pull Request - State: closed - Opened by github-actions[bot] 17 days ago - 1 comment
Labels: backport: auto

#4264 - Update ATT&CK coverage URL(s) in docs/ATT&CK-coverage.md

Pull Request - State: closed - Opened by github-actions[bot] 17 days ago - 1 comment
Labels: backport: auto

#4263 - Fix extra new line in ATT&CK-coverage.md

Pull Request - State: closed - Opened by shashank-elastic 17 days ago - 1 comment
Labels: bug, python, backport: auto, meta:rapid-merge, patch

#4263 - Fix extra new line in ATT&CK-coverage.md

Pull Request - State: closed - Opened by shashank-elastic 17 days ago - 1 comment
Labels: bug, python, backport: auto, meta:rapid-merge, patch

#4262 - [Rule Tuning] Azure Entra Sign-in Brute Force against Microsoft 365 Accounts

Issue - State: open - Opened by willem-dhaese 17 days ago
Labels: Rule: Tuning, community, Team: TRADE

#4262 - [Rule Tuning] Azure Entra Sign-in Brute Force against Microsoft 365 Accounts

Issue - State: open - Opened by willem-dhaese 17 days ago
Labels: Rule: Tuning, community, Team: TRADE

#4261 - [Rule Tuning] Add Investigation Fields to Specific AWS Rules

Pull Request - State: closed - Opened by terrancedejesus 18 days ago - 1 comment
Labels: documentation, Integration: AWS, Domain: Cloud, Rule: Tuning, schema, backport: auto, bbr, patch

#4260 - [FR] Reset package version and push tag via ci

Pull Request - State: closed - Opened by Mikaayenson 18 days ago - 1 comment
Labels: enhancement, ci/cd, backport: auto, detections-as-code, meta:rapid-merge, patch

#4260 - [FR] Reset package version and push tag via ci

Pull Request - State: closed - Opened by Mikaayenson 18 days ago - 1 comment
Labels: enhancement, ci/cd, backport: auto, detections-as-code, meta:rapid-merge, patch

#4259 - [FR] Fetch history for versioning workflow

Pull Request - State: closed - Opened by Mikaayenson 18 days ago - 1 comment
Labels: bug, ci/cd, backport: auto, meta:rapid-merge, patch

#4259 - [FR] Fetch history for versioning workflow

Pull Request - State: closed - Opened by Mikaayenson 18 days ago - 1 comment
Labels: bug, ci/cd, backport: auto, meta:rapid-merge, patch

#4258 - Account for CCS '::' index pattern

Pull Request - State: closed - Opened by shashank-elastic 18 days ago - 3 comments
Labels: enhancement, python, schema, backport: auto, minor

#4257 - [FR] Update the release versioning process and workflow

Pull Request - State: closed - Opened by Mikaayenson 18 days ago - 2 comments
Labels: enhancement, ci/cd, backport: auto, detections-as-code, patch

#4257 - [FR] Update the release versioning process and workflow

Pull Request - State: closed - Opened by Mikaayenson 18 days ago - 2 comments
Labels: enhancement, ci/cd, backport: auto, detections-as-code, patch

#4256 - Prep for Release 8.17

Pull Request - State: closed - Opened by shashank-elastic 18 days ago - 2 comments
Labels: enhancement, Integration: AWS, Domain: Cloud, OS: Linux, OS: macOS, Domain: Endpoint, schema, backport: auto, bbr, meta:rapid-merge, patch

#4256 - Prep for Release 8.17

Pull Request - State: closed - Opened by shashank-elastic 18 days ago - 2 comments
Labels: enhancement, Integration: AWS, Domain: Cloud, OS: Linux, OS: macOS, Domain: Endpoint, schema, backport: auto, bbr, meta:rapid-merge, patch

#4255 - [Testing] Update release-drafter.yml

Pull Request - State: closed - Opened by Mikaayenson 19 days ago - 1 comment
Labels: enhancement, ci/cd, backport: auto, meta:rapid-merge, patch

#4255 - [Testing] Update release-drafter.yml

Pull Request - State: closed - Opened by Mikaayenson 19 days ago - 1 comment
Labels: enhancement, ci/cd, backport: auto, meta:rapid-merge, patch

#4254 - [Testing] Update release-drafter.yml

Pull Request - State: closed - Opened by Mikaayenson 19 days ago - 1 comment
Labels: bug, ci/cd, backport: auto, meta:rapid-merge, patch

#4254 - [Testing] Update release-drafter.yml

Pull Request - State: closed - Opened by Mikaayenson 19 days ago - 1 comment
Labels: bug, ci/cd, backport: auto, meta:rapid-merge, patch

#4253 - [FR] DRAFT Release Workflow on PR Merge

Pull Request - State: closed - Opened by Mikaayenson 19 days ago - 1 comment
Labels: bug, backport: auto, meta:rapid-merge, maintenance, patch

#4253 - [FR] DRAFT Release Workflow on PR Merge

Pull Request - State: closed - Opened by Mikaayenson 19 days ago - 1 comment
Labels: bug, backport: auto, meta:rapid-merge, maintenance, patch

#4252 - [FR] Update release-drafter.yml

Pull Request - State: closed - Opened by Mikaayenson 19 days ago - 1 comment
Labels: enhancement, backport: auto, patch

#4252 - [FR] Update release-drafter.yml

Pull Request - State: closed - Opened by Mikaayenson 19 days ago - 1 comment
Labels: enhancement, backport: auto, patch

#4251 - [New] Remote Desktop File Opened from Suspicious Path

Pull Request - State: closed - Opened by Samirbous 20 days ago - 1 comment
Labels: Rule: New, OS: Windows, Domain: Endpoint, backport: auto

#4250 - [Bug] Duplicate Alerts in ESQL Detection Rule with 24-Hour Look-Back Period and 5-Minute Interval

Issue - State: open - Opened by jorgecastro2 20 days ago
Labels: bug, community, Team: TRADE

#4250 - [Bug] Duplicate Alerts in ESQL Detection Rule with 24-Hour Look-Back Period and 5-Minute Interval

Issue - State: open - Opened by jorgecastro2 20 days ago
Labels: bug, community, Team: TRADE

#4249 - [Rule Tuning] Add Investigation Guides to AWS Rules

Pull Request - State: closed - Opened by terrancedejesus 20 days ago - 1 comment
Labels: documentation, Integration: AWS, Domain: Cloud, Rule: Tuning, backport: auto

#4249 - [Rule Tuning] Add Investigation Guides to AWS Rules

Pull Request - State: closed - Opened by terrancedejesus 20 days ago - 1 comment
Labels: documentation, Integration: AWS, Domain: Cloud, Rule: Tuning, backport: auto

#4248 - [Rule Tuning] Potential OpenSSH Backdoor Logging Activity

Issue - State: open - Opened by frconil 20 days ago
Labels: Rule: Tuning, Team: TRADE

#4247 - Add investigation guide for Amazon Bedrock Rules

Pull Request - State: closed - Opened by shashank-elastic 20 days ago - 1 comment
Labels: Rule: Tuning, backport: auto

#4247 - Add investigation guide for Amazon Bedrock Rules

Pull Request - State: closed - Opened by shashank-elastic 20 days ago - 1 comment
Labels: Rule: Tuning, backport: auto

#4246 - [New Rule] Adding Coverage for `AWS Discovery API Calls via CLI from a Single Resource`

Pull Request - State: closed - Opened by terrancedejesus 21 days ago - 1 comment
Labels: Integration: AWS, Domain: Cloud, Rule: New, backport: auto

#4246 - [New Rule] Adding Coverage for `AWS Discovery API Calls via CLI from a Single Resource`

Pull Request - State: closed - Opened by terrancedejesus 21 days ago - 1 comment
Labels: Integration: AWS, Domain: Cloud, Rule: New, backport: auto

#4245 - [New Rule] Adding Coverage for `AWS IAM Customer-Managed Policy Attached to Role by Rare User`

Pull Request - State: closed - Opened by terrancedejesus 21 days ago - 1 comment
Labels: Integration: AWS, Domain: Cloud, Rule: New, schema, backport: auto, Hunt: New, threat hunting, Hunting, patch

#4245 - [New Rule] Adding Coverage for `AWS IAM Customer-Managed Policy Attached to Role by Rare User`

Pull Request - State: closed - Opened by terrancedejesus 21 days ago - 1 comment
Labels: Integration: AWS, Domain: Cloud, Rule: New, schema, backport: auto, Hunt: New, threat hunting, Hunting, patch

#4244 - [New Rule] Adding Coverage for `AWS IAM Create User via Assumed Role on EC2 Instance`

Pull Request - State: closed - Opened by terrancedejesus 21 days ago - 3 comments
Labels: Integration: AWS, Domain: Cloud, Rule: New, Rule: Tuning, backport: auto, bbr

#4244 - [New Rule] Adding Coverage for `AWS IAM Create User via Assumed Role on EC2 Instance`

Pull Request - State: closed - Opened by terrancedejesus 21 days ago - 3 comments
Labels: Integration: AWS, Domain: Cloud, Rule: New, Rule: Tuning, backport: auto, bbr

#4243 - [New Rule] Security File Access via Common Utilities

Pull Request - State: closed - Opened by Aegrah 21 days ago - 1 comment
Labels: OS: Linux, Rule: New, Domain: Endpoint, backport: auto, Team: TRADE

#4242 - [New Rule] Private Key Searching Activity

Pull Request - State: closed - Opened by Aegrah 21 days ago - 1 comment
Labels: OS: Linux, Rule: New, Domain: Endpoint, backport: auto, Team: TRADE

#4241 - [New Rule] Potential Hex Payload Execution

Pull Request - State: closed - Opened by Aegrah 21 days ago - 1 comment
Labels: OS: Linux, Rule: New, Domain: Endpoint, backport: auto, Team: TRADE

#4240 - [New Rule] IPv4/IPv6 Forwarding Activity

Pull Request - State: closed - Opened by Aegrah 21 days ago - 1 comment
Labels: OS: Linux, Rule: New, Domain: Endpoint, backport: auto, Team: TRADE

#4240 - [New Rule] IPv4/IPv6 Forwarding Activity

Pull Request - State: closed - Opened by Aegrah 21 days ago - 1 comment
Labels: OS: Linux, Rule: New, Domain: Endpoint, backport: auto, Team: TRADE

#4239 - [New Rule] Memory Swap Modification

Pull Request - State: closed - Opened by Aegrah 21 days ago - 1 comment
Labels: OS: Linux, Rule: New, Domain: Endpoint, backport: auto, Team: TRADE

#4238 - [New Rule] Unusual Interactive Shell Launched from System User

Pull Request - State: closed - Opened by Aegrah 21 days ago - 1 comment
Labels: OS: Linux, Rule: New, Domain: Endpoint, backport: auto, Team: TRADE

#4237 - [New Rule] Curl SOCKS Proxy Activity from Unusual Parent

Pull Request - State: closed - Opened by Aegrah 21 days ago - 1 comment
Labels: OS: Linux, Rule: New, Domain: Endpoint, backport: auto, Team: TRADE

#4237 - [New Rule] Curl SOCKS Proxy Activity from Unusual Parent

Pull Request - State: closed - Opened by Aegrah 21 days ago - 1 comment
Labels: OS: Linux, Rule: New, Domain: Endpoint, backport: auto, Team: TRADE

#4236 - [New Rule] Web Server Spawned via Python

Pull Request - State: closed - Opened by Aegrah 21 days ago - 1 comment
Labels: OS: Linux, Rule: New, Domain: Endpoint, backport: auto, Team: TRADE

#4235 - [New Rule] Potential Data Splitting Detected

Pull Request - State: closed - Opened by Aegrah 21 days ago - 1 comment
Labels: OS: Linux, Rule: New, Domain: Endpoint, backport: auto, Team: TRADE

#4234 - [Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 9

Pull Request - State: closed - Opened by w0rk3r 23 days ago - 1 comment
Labels: Rule: Tuning, OS: Windows, Domain: Endpoint, backport: auto

#4234 - [Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 9

Pull Request - State: closed - Opened by w0rk3r 23 days ago - 1 comment
Labels: Rule: Tuning, OS: Windows, Domain: Endpoint, backport: auto

#4233 - [Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 8

Pull Request - State: closed - Opened by w0rk3r 23 days ago - 1 comment
Labels: Rule: Tuning, OS: Windows, Domain: Endpoint, backport: auto

#4233 - [Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 8

Pull Request - State: closed - Opened by w0rk3r 23 days ago - 1 comment
Labels: Rule: Tuning, OS: Windows, Domain: Endpoint, backport: auto

#4232 - [Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 7

Pull Request - State: closed - Opened by w0rk3r 23 days ago - 1 comment
Labels: Rule: Tuning, OS: Windows, Domain: Endpoint, backport: auto

#4232 - [Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 7

Pull Request - State: closed - Opened by w0rk3r 23 days ago - 1 comment
Labels: Rule: Tuning, OS: Windows, Domain: Endpoint, backport: auto

#4231 - [Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 6

Pull Request - State: closed - Opened by w0rk3r 23 days ago - 1 comment
Labels: Rule: Tuning, OS: Windows, Domain: Endpoint, backport: auto

#4231 - [Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 6

Pull Request - State: closed - Opened by w0rk3r 23 days ago - 1 comment
Labels: Rule: Tuning, OS: Windows, Domain: Endpoint, backport: auto

#4230 - [Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 5

Pull Request - State: closed - Opened by w0rk3r 23 days ago - 1 comment
Labels: Rule: Tuning, OS: Windows, Domain: Endpoint, backport: auto

#4230 - [Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 5

Pull Request - State: closed - Opened by w0rk3r 23 days ago - 1 comment
Labels: Rule: Tuning, OS: Windows, Domain: Endpoint, backport: auto

#4229 - [New Rule] Adding Coverage for `AWS SSM Command Document Created by Rare User`

Pull Request - State: closed - Opened by terrancedejesus 24 days ago - 1 comment
Labels: Integration: AWS, Domain: Cloud, Rule: New, backport: auto

#4229 - [New Rule] Adding Coverage for `AWS SSM Command Document Created by Rare User`

Pull Request - State: closed - Opened by terrancedejesus 24 days ago - 1 comment
Labels: Integration: AWS, Domain: Cloud, Rule: New, backport: auto

#4228 - [Rule Tuning] Tuning `AWS STS Temporary Credentials via AssumeRole`

Pull Request - State: closed - Opened by terrancedejesus 24 days ago - 1 comment
Labels: Integration: AWS, Domain: Cloud, Rule: New, Rule: Tuning, backport: auto

#4228 - [Rule Tuning] Tuning `AWS STS Temporary Credentials via AssumeRole`

Pull Request - State: closed - Opened by terrancedejesus 24 days ago - 1 comment
Labels: Integration: AWS, Domain: Cloud, Rule: New, Rule: Tuning, backport: auto

#4227 - [New Rule] Directory Creation in /bin directory

Pull Request - State: closed - Opened by Aegrah 24 days ago - 1 comment
Labels: OS: Linux, Rule: New, Domain: Endpoint, backport: auto, Team: TRADE

#4226 - [New Rule] Hidden Directory Creation via Unusual Parent

Pull Request - State: closed - Opened by Aegrah 24 days ago - 1 comment
Labels: OS: Linux, Rule: New, Domain: Endpoint, backport: auto, Team: TRADE

#4225 - [Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 4

Pull Request - State: closed - Opened by w0rk3r 24 days ago - 1 comment
Labels: Rule: Tuning, OS: Windows, Domain: Endpoint, backport: auto

#4225 - [Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 4

Pull Request - State: closed - Opened by w0rk3r 24 days ago - 1 comment
Labels: Rule: Tuning, OS: Windows, Domain: Endpoint, backport: auto

#4224 - [New Rule] Adding Coverage for `AWS SNS Email Subscription by Rare User`

Pull Request - State: closed - Opened by terrancedejesus 24 days ago - 1 comment
Labels: Integration: AWS, Domain: Cloud, Rule: New, backport: auto

#4224 - [New Rule] Adding Coverage for `AWS SNS Email Subscription by Rare User`

Pull Request - State: closed - Opened by terrancedejesus 24 days ago - 1 comment
Labels: Integration: AWS, Domain: Cloud, Rule: New, backport: auto

#4223 - [FR] Add Versioning Processes to DR

Pull Request - State: closed - Opened by Mikaayenson 25 days ago - 2 comments
Labels: enhancement, ci/cd, backport: auto, Team: TRADE, minor

#4223 - [FR] Add Versioning Processes to DR

Pull Request - State: closed - Opened by Mikaayenson 25 days ago - 2 comments
Labels: enhancement, ci/cd, backport: auto, Team: TRADE, minor

#4222 - [Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 3

Pull Request - State: closed - Opened by w0rk3r 25 days ago - 2 comments
Labels: Rule: Tuning, OS: Windows, Domain: Endpoint, backport: auto

#4222 - [Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 3

Pull Request - State: closed - Opened by w0rk3r 25 days ago - 2 comments
Labels: Rule: Tuning, OS: Windows, Domain: Endpoint, backport: auto

#4221 - [Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 2

Pull Request - State: closed - Opened by w0rk3r 25 days ago - 1 comment
Labels: Rule: Tuning, OS: Windows, Domain: Endpoint, backport: auto

#4221 - [Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 2

Pull Request - State: closed - Opened by w0rk3r 25 days ago - 1 comment
Labels: Rule: Tuning, OS: Windows, Domain: Endpoint, backport: auto

#4220 - [Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 1

Pull Request - State: closed - Opened by w0rk3r 25 days ago - 1 comment
Labels: Rule: Tuning, OS: Windows, Domain: Endpoint, python, schema, backport: auto

#4220 - [Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 1

Pull Request - State: closed - Opened by w0rk3r 25 days ago - 1 comment
Labels: Rule: Tuning, OS: Windows, Domain: Endpoint, python, schema, backport: auto

#4219 - [Bug] exclude_export_details export flag also excludes exceptions and exception lists

Issue - State: open - Opened by Vexil-Derivative 26 days ago
Labels: bug, community, Team: TRADE

#4219 - [Bug] exclude_export_details export flag also excludes exceptions and exception lists

Issue - State: open - Opened by Vexil-Derivative 26 days ago
Labels: bug, community, Team: TRADE

#4218 - [Rule Tuning] SMB Connections via LOLBin or Untrusted Process

Issue - State: open - Opened by Mikaayenson 26 days ago
Labels: Rule: Tuning, Team: TRADE

#4218 - [Rule Tuning] SMB Connections via LOLBin or Untrusted Process

Issue - State: open - Opened by Mikaayenson 26 days ago
Labels: Rule: Tuning, Team: TRADE

#4217 - Lock versions for releases: 8.10,8.11,8.12,8.13,8.14,8.15

Pull Request - State: closed - Opened by github-actions[bot] 28 days ago
Labels: backport: auto

#4217 - Lock versions for releases: 8.10,8.11,8.12,8.13,8.14,8.15

Pull Request - State: closed - Opened by github-actions[bot] 28 days ago
Labels: backport: auto

#4216 - Fix Minstack version for windows integration - Pahse 2

Pull Request - State: closed - Opened by shashank-elastic 28 days ago - 1 comment
Labels: ML, Rule: Tuning, backport: auto, bbr, meta:rapid-merge

#4216 - Fix Minstack version for windows integration - Pahse 2

Pull Request - State: closed - Opened by shashank-elastic 28 days ago - 1 comment
Labels: ML, Rule: Tuning, backport: auto, bbr, meta:rapid-merge

#4215 - Lock versions for releases: 8.10,8.11,8.12,8.13,8.14,8.15

Pull Request - State: closed - Opened by github-actions[bot] 28 days ago - 2 comments
Labels: backport: auto

#4215 - Lock versions for releases: 8.10,8.11,8.12,8.13,8.14,8.15

Pull Request - State: closed - Opened by github-actions[bot] 28 days ago - 2 comments
Labels: backport: auto

#4214 - Fix Minstack version for windows integration

Pull Request - State: closed - Opened by shashank-elastic 28 days ago - 1 comment
Labels: ML, Rule: Tuning, OS: Windows, Domain: Endpoint, backport: auto, bbr, meta:rapid-merge

#4214 - Fix Minstack version for windows integration

Pull Request - State: closed - Opened by shashank-elastic 28 days ago - 1 comment
Labels: ML, Rule: Tuning, OS: Windows, Domain: Endpoint, backport: auto, bbr, meta:rapid-merge

#4213 - react_sync_rta_updates_4250

Pull Request - State: closed - Opened by protectionsmachine 28 days ago - 1 comment
Labels: enhancement, RTA, backport: auto

#4213 - react_sync_rta_updates_4250

Pull Request - State: closed - Opened by protectionsmachine 28 days ago - 1 comment
Labels: enhancement, RTA, backport: auto

#4212 - Lock versions for releases: 8.10,8.11,8.12,8.13,8.14,8.15

Pull Request - State: closed - Opened by github-actions[bot] 28 days ago - 1 comment
Labels: backport: auto

#4212 - Lock versions for releases: 8.10,8.11,8.12,8.13,8.14,8.15

Pull Request - State: closed - Opened by github-actions[bot] 28 days ago - 1 comment
Labels: backport: auto

#4211 - Update ATT&CK coverage URL(s) in docs/ATT&CK-coverage.md

Pull Request - State: closed - Opened by github-actions[bot] 28 days ago - 1 comment
Labels: backport: auto