Skip to content

Pull requests: elastic/detection-rules

New pull request New
57 Open 4,035 Closed
57 Open 4,035 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

Add 13 new Kubernetes detection rules (audit + runtime gaps) backport: auto community
#6128 opened May 10, 2026 by saakovv Loading…
8 tasks done
1
New Rules: 15 GitHub detection gaps from internal audit coverage anal… backport: auto community
#6127 opened May 10, 2026 by saakovv Loading…
3 tasks done
1
New Rules: Linux detection gaps identified from Falco coverage analysis backport: auto community Domain: Cloud Domain: Endpoint Integration: Google Workspace OS: Linux
#6125 opened May 10, 2026 by saakovv Loading…
1
1
New Rules: 15 Google Workspace detection gaps (identity, exfiltration, impact) backport: auto community Domain: Cloud Integration: Google Workspace
#6123 opened May 10, 2026 by saakovv Loading…
8 tasks done
1
1
[New] 15 GCP detection rules for IAM, KMS, networking, and data exfil… backport: auto community Domain: Cloud Integration: GCP GCP related rules
#6121 opened May 10, 2026 by saakovv Loading…
4 tasks done
1
1
[New] 15 AWS CloudTrail detection rules covering IAM, EC2, and org-level security gaps backport: auto community Domain: Cloud Integration: AWS AWS related rules
#6119 opened May 10, 2026 by saakovv Loading…
4 tasks done
1
1
Update release-drafter/release-drafter action to v7 backport: auto community
#6115 opened May 9, 2026 by elastic-renovate-prod Bot Loading…
1 task
Update peter-evans/create-pull-request action to v8 backport: auto community
#6114 opened May 9, 2026 by elastic-renovate-prod Bot Loading…
1 task
Update mshick/add-pr-comment action to v3 backport: auto community
#6113 opened May 8, 2026 by elastic-renovate-prod Bot Loading…
1 task
Update fjogeleit/http-request-action action to v2 backport: auto community
#6112 opened May 8, 2026 by elastic-renovate-prod Bot Loading…
1 task
Update dependency setuptools to v82 backport: auto community
#6111 opened May 8, 2026 by elastic-renovate-prod Bot Loading…
1 task
Update dependency pre-commit to v4 backport: auto community
#6110 opened May 8, 2026 by elastic-renovate-prod Bot Loading…
1 task
Update dependency eql to v1 backport: auto community
#6108 opened May 8, 2026 by elastic-renovate-prod Bot Loading…
1 task
Update elastic/docs-actions digest to e53c90b backport: auto community
#6107 opened May 8, 2026 by elastic-renovate-prod Bot Loading…
1 task
[New] Potential cPanel WHM CRLF Authentication Bypass (CVE-2026-41940) backport: auto Domain: Network Rule: New Proposal for new rule
#6102 opened May 7, 2026 by eric-forte-elastic Contributor Loading…
5 tasks
@eric-forte-elastic
18
[Rule Tuning] Suspicious macOS MS Office Child Process backport: auto Domain: Endpoint OS: macOS Rule: Tuning tweaking or tuning an existing rule
#6101 opened May 7, 2026 by shashank-elastic Contributor Loading…
1 of 5 tasks
@shashank-elastic
2
[New] EKS Control Plane Logging Disabled backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#6100 opened May 7, 2026 by Samirbous Contributor Loading…
@Samirbous
1
[New] Kubernetes CoreDNS or Kube-DNS Configuration Modified backport: auto Integration: Kubernetes Kubernetes Integration Rule: New Proposal for new rule
#6099 opened May 7, 2026 by Samirbous Contributor Loading…
@Samirbous
1
[New] Kubernetes Ephemeral Container Added to Pod backport: auto Domain: Containers Integration: Kubernetes Kubernetes Integration Rule: New Proposal for new rule
#6098 opened May 7, 2026 by Samirbous Contributor Loading…
@Samirbous
1
[Rule Tuning] First-Time FortiGate Administrator Login backport: auto Domain: Network Rule: Tuning tweaking or tuning an existing rule
#6095 opened May 6, 2026 by eric-forte-elastic Contributor Loading…
5 tasks
1
@eric-forte-elastic
9
[New] Kubernetes Static Pod Manifest File Access backport: auto Domain: Containers Domain: Endpoint Integration: Auditd Manager Integration: Cloud Defend Cloud Defend Integration OS: Linux Rule: New Proposal for new rule
#6094 opened May 6, 2026 by Samirbous Contributor Loading…
@Samirbous
7
[New] EKS Access Entry Granted Cluster Admin Policy backport: auto Domain: Cloud Integration: AWS AWS related rules Rule: New Proposal for new rule
#6091 opened May 6, 2026 by Samirbous Contributor Loading…
@Samirbous
1
[New] EKS Authentication Configuration Modified backport: auto Integration: Kubernetes Kubernetes Integration Rule: New Proposal for new rule
#6090 opened May 6, 2026 by Samirbous Contributor Loading…
@Samirbous
1
[New] Kubernetes API Request Impersonating Privileged Identity backport: auto Integration: Kubernetes Kubernetes Integration Rule: New Proposal for new rule
#6085 opened May 5, 2026 by Samirbous Contributor Loading…
@Samirbous
1
[New] Kubernetes Client Certificate Signing Request Created or Approved backport: auto Integration: Kubernetes Kubernetes Integration Rule: New Proposal for new rule
#6084 opened May 5, 2026 by Samirbous Contributor Loading…
@Samirbous
1
ProTip! Mix and match filters to narrow down what you’re looking for.