Ecosyste.ms: Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / elastic/security-docs issues and pull requests

#5895 - [Suggestion] Add example of excluding cold/frozen data from Indicator Match rule queries

Pull Request - State: open - Opened by nastasha-solomon about 1 month ago - 1 comment
Labels: Feature: Rules, Team: Detection Engine, Priority: Medium, Effort: Medium, v8.16.0

#5894 - Removes 8.15 release notes from the 8.14 branch

Pull Request - State: closed - Opened by nastasha-solomon about 1 month ago - 1 comment
Labels: release-notes, v8.14.0

#5893 - [8.14] [Known Issue][Detection Engine] Alert tags maintain state (backport #5884)

Pull Request - State: closed - Opened by mergify[bot] about 1 month ago - 2 comments
Labels: backport, conflicts

#5892 - [8.15] [Known Issue][Detection Engine] Alert tags maintain state (backport #5884)

Pull Request - State: closed - Opened by mergify[bot] about 1 month ago - 1 comment
Labels: backport

#5891 - [8.x] [Known Issue][Detection Engine] Alert tags maintain state (backport #5884)

Pull Request - State: closed - Opened by mergify[bot] about 1 month ago - 1 comment
Labels: backport

#5890 - [BUG] Fix Cloud Native Security ref link

Issue - State: open - Opened by jmikell821 about 1 month ago
Labels: bug, Team: Cloud Security, Priority: Medium, Effort: Small, v8.14.0, v8.15.0

#5889 - [Request] Improvements to Attack Discovery

Issue - State: open - Opened by dhru42 about 1 month ago

#5888 - Rule Immutability/Customization - updates - milestone 3

Issue - State: open - Opened by ARWNightingale about 1 month ago
Labels: ui-copy

#5886 - [Request][Serverless][8.16] EQL Sequence alert suppression

Issue - State: open - Opened by nastasha-solomon about 1 month ago
Labels: Feature: Rules, Team: Detection Engine, Priority: High, Effort: Small, Docset: Serverless, Docset: ESS, v8.16.0

#5885 - [Request] [Serverless][8.16] Push and overlay display options added to flyout

Issue - State: open - Opened by nastasha-solomon about 1 month ago
Labels: Team: Threat Hunting, Priority: High, Effort: Small, Docset: Serverless, Docset: ESS, v8.16.0

#5884 - [Known Issue][Detection Engine] Alert tags maintain state

Pull Request - State: closed - Opened by nastasha-solomon about 1 month ago - 2 comments
Labels: release-notes, Feature: Alerts, known-issue, Priority: Medium, Effort: Small, v8.14.0, v8.15.0, v8.16.0

#5882 - [bug] Fixes support matrix bug in k8s dashboard doc

Pull Request - State: open - Opened by benironside about 1 month ago - 2 comments
Labels: v8.14.0, v8.15.0, ci:doc-build

#5881 - Endpoint data volume reduction mechanisms [ESS]

Pull Request - State: open - Opened by joepeeples about 1 month ago - 1 comment
Labels: Team: Endpoint, Team: EDR Workflows, Feature: Elastic Defend, Docset: ESS, v8.15.0, v8.16.0

#5880 - [BUG] K8s dashboard doesn't support network event export

Issue - State: open - Opened by benironside about 1 month ago
Labels: bug, v8.13.0, v8.14.0, v8.15.0

#5878 - [Request] Visualizations in alert flyout - technical preview + advanced setting

Issue - State: open - Opened by christineweng about 1 month ago - 1 comment
Labels: Team: Threat Hunting, Feature: Alerts, Priority: High, Effort: Medium, Docset: Serverless, Docset: ESS, v8.16.0

#5877 - [8.x] New rule types support automated response actions (backport #5797)

Pull Request - State: closed - Opened by mergify[bot] about 1 month ago - 2 comments
Labels: backport, conflicts

#5876 - [Detection Rules] Adding Documents for v8.15.6 Pre-Built Detection Rules

Pull Request - State: closed - Opened by protectionsmachine about 1 month ago - 1 comment
Labels: Feature: Prebuilt rules, v8.15.0

#5875 - [Detection Rules] Adding Documents for v8.14.12 Pre-Built Detection Rules

Pull Request - State: closed - Opened by protectionsmachine about 1 month ago - 1 comment
Labels: Feature: Prebuilt rules, v8.14.0

#5874 - [Detection Rules] Adding Documents for v8.13.18 Pre-Built Detection Rules

Pull Request - State: closed - Opened by protectionsmachine about 1 month ago - 1 comment
Labels: Feature: Prebuilt rules, v8.13.0

#5873 - [Detection Rules] Adding Documents for v8.12.23 Pre-Built Detection Rules

Pull Request - State: closed - Opened by protectionsmachine about 1 month ago - 1 comment
Labels: Feature: Prebuilt rules, v8.12.0

#5872 - [Docs IA] Create SIEM section

Issue - State: open - Opened by benironside about 2 months ago
Labels: Project: Docs IA

#5871 - [Serverless][8.16] Logs request during preview rule execution

Pull Request - State: open - Opened by nastasha-solomon about 2 months ago - 3 comments
Labels: Feature: Rules, Team: Detection Engine, Priority: High, Effort: Small, Docset: Serverless, Docset: ESS, ci:doc-build, v8.16.0

#5870 - [DOCS IA] Create a guide to the relationships between Defend, Agent, and Endpoint

Issue - State: open - Opened by benironside about 2 months ago
Labels: Project: Docs IA

#5869 - [DOCS IA] Create more "Getting started" content

Issue - State: open - Opened by benironside about 2 months ago
Labels: Project: Docs IA

#5868 - [Security Solution] Document the procedure for creating detection rule exceptions based on runtime fields

Issue - State: open - Opened by andrew-goldstein over 2 years ago - 7 comments
Labels: Feature: Exceptions, Team: Detection Engine

#5867 - Fixes yaml template errors

Pull Request - State: closed - Opened by jmikell821 about 2 months ago - 2 comments
Labels: backport-skip

#5866 - [8.x] Add TheHive connector for cases (backport #5859)

Pull Request - State: open - Opened by mergify[bot] about 2 months ago - 3 comments
Labels: backport, conflicts

#5865 - Document ways to provide multiple tamper protection `--uninstall-token` values

Issue - State: open - Opened by ferullo about 2 months ago - 1 comment
Labels: bug, Team: EDR Workflows, Feature: Elastic Defend, Docset: Serverless, v8.11.0, Docset: ESS, v8.12.0, v8.13.0, v8.14.0, v8.15.0, v8.16.0

#5864 - [Request] [Draft] Document impact of using logsDB for security users

Issue - State: open - Opened by approksiu about 2 months ago - 1 comment

#5863 - [8.16] [serverless] Updates AWS CSPM guides to include agentless option

Pull Request - State: open - Opened by benironside about 2 months ago - 2 comments
Labels: ci:doc-build, v8.16.0

#5862 - [8.15] 8.15.2 Release notes (backport #5843)

Pull Request - State: closed - Opened by mergify[bot] about 2 months ago - 1 comment
Labels: backport

#5861 - [8.x] 8.15.2 Release notes (backport #5843)

Pull Request - State: closed - Opened by mergify[bot] about 2 months ago - 1 comment
Labels: backport

#5860 - [8.x] [8.16] Filtering out cold and frozen data tiers during rule execution (backport #5849)

Pull Request - State: closed - Opened by mergify[bot] about 2 months ago - 1 comment
Labels: backport

#5859 - Add TheHive connector for cases

Pull Request - State: closed - Opened by lcawl about 2 months ago - 2 comments
Labels: Feature: Cases, ci:doc-build, v8.16.0

#5858 - Updates to our templates for clarification

Pull Request - State: closed - Opened by jmikell821 about 2 months ago - 2 comments
Labels: backport-skip

#5857 - [8.x] Fix automated response actions requirements (backport #5852)

Pull Request - State: closed - Opened by mergify[bot] about 2 months ago - 3 comments
Labels: backport, conflicts

#5856 - [8.14] Updates ESS get started page with tutorial links (backport #5854)

Pull Request - State: closed - Opened by mergify[bot] about 2 months ago - 1 comment
Labels: backport

#5855 - [8.15] Updates ESS get started page with tutorial links (backport #5854)

Pull Request - State: closed - Opened by mergify[bot] about 2 months ago - 1 comment
Labels: backport

#5854 - Updates ESS get started page with tutorial links

Pull Request - State: closed - Opened by benironside about 2 months ago - 1 comment
Labels: v8.14.0, v8.15.0

#5853 - Remove feature flag conditionals for serverless custom roles

Pull Request - State: open - Opened by joepeeples about 2 months ago - 3 comments
Labels: backport-skip, Docset: Serverless, ci:doc-build

#5852 - Fix automated response actions requirements

Pull Request - State: closed - Opened by joepeeples about 2 months ago - 2 comments
Labels: Feature: Response actions, Docset: Serverless, Docset: ESS, ci:doc-build, v8.16.0

#5851 - Creates new template for breaking changes

Pull Request - State: closed - Opened by benironside about 2 months ago - 2 comments
Labels: release-notes, backport-skip, breaking-change

#5850 - [8.x] Custom roles & privileges: Revise, reorder, add serverless requirements pages (backport #5779)

Pull Request - State: closed - Opened by mergify[bot] about 2 months ago - 3 comments
Labels: backport, conflicts

#5849 - [8.16] Filtering out cold and frozen data tiers during rule execution

Pull Request - State: closed - Opened by nastasha-solomon about 2 months ago - 3 comments
Labels: Feature: Rules, Team: Detection Engine, Priority: High, Effort: Small, Docset: Serverless, Docset: ESS, v8.16.0

#5848 - Known Issues + Access requirements for Crowdstrike Connector

Pull Request - State: open - Opened by joepeeples about 2 months ago - 2 comments
Labels: bug, Team: EDR Workflows, Feature: Response actions, known-issue, Docset: Serverless, Docset: ESS, v8.15.0, ci:doc-build, v8.16.0

#5847 - [8.x] New `is` operator option for blocklist Windows signatures (backport #5780)

Pull Request - State: closed - Opened by mergify[bot] about 2 months ago - 3 comments
Labels: backport, conflicts

#5846 - [8.x] SentinelOne bidirectional `processes`, `kill-process`, and detection rule updates [ESS] (backport #5735)

Pull Request - State: closed - Opened by mergify[bot] about 2 months ago - 2 comments
Labels: backport, conflicts

#5845 - [8.x] [DE Team][8.16] Case system action being added for rules (backport #5703)

Pull Request - State: closed - Opened by mergify[bot] about 2 months ago - 3 comments
Labels: backport

#5844 - [Request] logs request during preview rule execution

Issue - State: open - Opened by vitaliidm about 2 months ago
Labels: Team: Detection Engine, Priority: High, Docset: Serverless, Docset: ESS, v8.16.0

#5843 - 8.15.2 Release notes

Pull Request - State: closed - Opened by nastasha-solomon about 2 months ago - 1 comment
Labels: release-notes, Priority: High, Effort: Medium, v8.15.0, v8.16.0, v8.15.2

#5842 - 8.15.2 Release notes

Issue - State: closed - Opened by nastasha-solomon about 2 months ago
Labels: release-notes, Priority: High, Effort: Medium, v8.15.2

#5841 - Edit enhancement and internal request templates

Issue - State: closed - Opened by jmikell821 about 2 months ago

#5840 - [Detection Rules] Adding Documents for v8.15.5 Pre-Built Detection Rules

Pull Request - State: closed - Opened by protectionsmachine about 2 months ago - 1 comment
Labels: Feature: Prebuilt rules, v8.15.0

#5839 - [Detection Rules] Adding Documents for v8.14.11 Pre-Built Detection Rules

Pull Request - State: closed - Opened by protectionsmachine about 2 months ago - 1 comment
Labels: Feature: Prebuilt rules, v8.14.0

#5838 - [Detection Rules] Adding Documents for v8.13.17 Pre-Built Detection Rules

Pull Request - State: closed - Opened by protectionsmachine about 2 months ago - 1 comment
Labels: Feature: Prebuilt rules, v8.13.0

#5837 - [Detection Rules] Adding Documents for v8.12.22 Pre-Built Detection Rules

Pull Request - State: closed - Opened by protectionsmachine about 2 months ago - 1 comment
Labels: Feature: Prebuilt rules, v8.12.0

#5836 - New Entity Analytics Entity Store and update to Entity Analytics Dashboard

Issue - State: open - Opened by joedatlive about 2 months ago
Labels: enhancement, Feature: Entity Analytics, Priority: Medium, Effort: Large, Docset: Serverless, Docset: ESS, Team: Entity Analytics, v8.16.0

#5835 - Update .backportrc.json

Pull Request - State: closed - Opened by jmikell821 about 2 months ago - 2 comments
Labels: backport-skip

#5834 - Update .mergify.yml for `8.16`

Pull Request - State: closed - Opened by jmikell821 about 2 months ago - 3 comments
Labels: backport-skip

#5833 - [Internal Request] breaking changes template

Issue - State: closed - Opened by benironside about 2 months ago

#5832 - [BUG] Correct the "Get started" page with tutorial links

Issue - State: closed - Opened by jmikell821 2 months ago
Labels: bug, v8.14.0, v8.15.0, v8.16.0

#5831 - [[DO NOT MERGE ]] Update latest doc

Pull Request - State: closed - Opened by shashank-elastic 2 months ago - 1 comment
Labels: backport-skip

#5830 - Revises 8.x-8.x upgrade guide

Pull Request - State: open - Opened by natasha-moore-elastic 2 months ago - 2 comments
Labels: Feature: Upgrading, Priority: Medium, v8.10.0, Effort: Small, v8.11.0, Docset: ESS, v8.12.0, v8.13.0, v8.14.0, v8.15.0, v8.16.0

#5829 - [[DO NOT MERGE ]] Update latest doc

Pull Request - State: closed - Opened by shashank-elastic 2 months ago - 2 comments
Labels: backport-skip

#5828 - Remove Development Rules from 8.12 security docs

Pull Request - State: closed - Opened by shashank-elastic 2 months ago - 2 comments

#5827 - Issue 4008 812

Pull Request - State: closed - Opened by shashank-elastic 2 months ago - 3 comments
Labels: backport-skip

#5826 - Remove Development Rules from 8.13 security docs

Pull Request - State: closed - Opened by shashank-elastic 2 months ago - 1 comment

#5825 - Remove Development Rules from 8.14 security docs

Pull Request - State: closed - Opened by shashank-elastic 2 months ago - 1 comment

#5824 - Remove Development Rules from 8.15 security docs

Pull Request - State: closed - Opened by shashank-elastic 2 months ago - 1 comment

#5823 - Updates readme with note about known issues template

Pull Request - State: closed - Opened by benironside 2 months ago - 3 comments
Labels: backport-skip

#5821 - LLM performance matrix Serverless IA update

Pull Request - State: closed - Opened by benironside 2 months ago - 3 comments
Labels: backport-skip, ci:doc-build

#5820 - Delete known-issue.yaml template

Pull Request - State: closed - Opened by benironside 2 months ago - 2 comments
Labels: backport-skip

#5819 - Permissions for alert suppression in machine learning rules

Pull Request - State: open - Opened by joepeeples 2 months ago - 2 comments
Labels: Feature: Alerts, Feature: Rules, Feature: Machine Learning, Team: Detection Engine, Docset: Serverless, Docset: ESS, v8.15.0, ci:doc-build, v8.16.0

#5818 - [Serverless Docs IA] LLM performance matrix IA update

Issue - State: closed - Opened by jmikell821 2 months ago
Labels: Docset: Serverless, Project: Docs IA

#5817 - Update kspm-get-started.asciidoc

Pull Request - State: open - Opened by Camilleli 2 months ago - 1 comment

#5816 - [8.14] Updates refs to LLMs (backport #5806)

Pull Request - State: closed - Opened by mergify[bot] 2 months ago - 3 comments
Labels: backport, conflicts

#5815 - [8.15] Updates refs to LLMs (backport #5806)

Pull Request - State: closed - Opened by mergify[bot] 2 months ago - 3 comments
Labels: backport, conflicts

#5814 - [BUG] - Inconsistency in Elastic Defend quarantine path

Issue - State: open - Opened by kvv2021 2 months ago
Labels: bug, documentation, Feature: Elastic Defend, Effort: Small, Docset: Serverless, Docset: ESS, v8.14.0, v8.15.0, v8.16.0

#5813 - Spaces in serverless

Pull Request - State: open - Opened by joepeeples 2 months ago - 2 comments
Labels: backport-skip, Docset: Serverless, Docset: ESS, ci:doc-build

#5812 - [8.10] Fixes "Enrol"/"Enroll" typo (backport #5805)

Pull Request - State: closed - Opened by mergify[bot] 2 months ago - 2 comments
Labels: backport, conflicts

#5811 - [8.11] Fixes "Enrol"/"Enroll" typo (backport #5805)

Pull Request - State: closed - Opened by mergify[bot] 2 months ago - 2 comments
Labels: backport, conflicts

#5810 - [8.12] Fixes "Enrol"/"Enroll" typo (backport #5805)

Pull Request - State: closed - Opened by mergify[bot] 2 months ago - 3 comments
Labels: backport, conflicts

#5809 - [8.13] Fixes "Enrol"/"Enroll" typo (backport #5805)

Pull Request - State: closed - Opened by mergify[bot] 2 months ago - 3 comments
Labels: backport, conflicts

#5808 - [8.14] Fixes "Enrol"/"Enroll" typo (backport #5805)

Pull Request - State: closed - Opened by mergify[bot] 2 months ago - 2 comments
Labels: backport, conflicts

#5807 - [8.15] Fixes "Enrol"/"Enroll" typo (backport #5805)

Pull Request - State: closed - Opened by mergify[bot] 2 months ago - 3 comments
Labels: backport, conflicts

#5803 - [8.13] Adds Elastic Endpoint command reference (backport #5778)

Pull Request - State: closed - Opened by mergify[bot] 2 months ago - 2 comments
Labels: backport, conflicts

#5802 - [8.14] Adds Elastic Endpoint command reference (backport #5778)

Pull Request - State: closed - Opened by mergify[bot] 2 months ago - 2 comments
Labels: backport, conflicts

#5801 - [8.15] Adds Elastic Endpoint command reference (backport #5778)

Pull Request - State: closed - Opened by mergify[bot] 2 months ago - 2 comments
Labels: backport, conflicts

#5800 - Stub page: Endpoint data volume reduction mechanisms

Pull Request - State: closed - Opened by joepeeples 2 months ago - 2 comments
Labels: Team: Endpoint, Team: EDR Workflows, Feature: Elastic Defend, Docset: Serverless, Docset: ESS, ci:doc-build, v8.16.0

#5797 - New rule types support automated response actions

Pull Request - State: closed - Opened by joepeeples 2 months ago - 3 comments
Labels: Team: EDR Workflows, Feature: Rules, Feature: Elastic Defend, Feature: Response actions, Feature: Rule Actions, Docset: Serverless, Docset: ESS, ci:doc-build, v8.16.0

#5796 - Update serverless billing docs with ingest & retention size calculations

Pull Request - State: closed - Opened by joepeeples 2 months ago - 3 comments
Labels: backport-skip, Docset: Serverless, ci:doc-build

#5785 - [BUG] `All` Kibana privileges don't grant Security / Elastic Defend features by default

Issue - State: open - Opened by joepeeples 2 months ago - 2 comments
Labels: bug, Team: EDR Workflows, Feature: Elastic Defend, Effort: Small, Docset: Serverless, Docset: ESS, v8.14.0, v8.15.0, v8.16.0

#5783 - Clarify Kibana xpack.alerting.rules.run.alerts.max setting

Issue - State: open - Opened by approksiu 2 months ago
Labels: enhancement, Team: Detections/Response, Feature: Rules, Effort: Small, Docset: Serverless, Docset: ESS, v8.12.0, v8.13.0, v8.14.0, v8.15.0, v8.16.0

#5781 - 7.17.24 Release Notes

Issue - State: closed - Opened by nastasha-solomon 2 months ago - 2 comments
Labels: release-notes, Priority: High, Effort: Small, v7.17.24

#5780 - New `is` operator option for blocklist Windows signatures

Pull Request - State: closed - Opened by joepeeples 2 months ago - 5 comments
Labels: enhancement, Team: EDR Workflows, Feature: Elastic Defend, Docset: Serverless, Docset: ESS, ci:doc-build, v8.16.0

#5779 - Custom roles & privileges: Revise, reorder, add serverless requirements pages

Pull Request - State: closed - Opened by joepeeples 2 months ago - 4 comments
Labels: Team: Docs, Docset: Serverless, Docset: ESS, ci:doc-build, v8.16.0, breaking-change

#5773 - Clarify wildcard escaping rules for Endpoint alert exceptions, trusted apps, and event filters

Issue - State: open - Opened by ferullo 2 months ago - 3 comments
Labels: bug, enhancement, Team: Docs, Team: Endpoint, Team: EDR Workflows, Team: Detection Engine, Effort: Medium, Docset: Serverless, Docset: ESS