-
Notifications
You must be signed in to change notification settings - Fork 478
Insights: elastic/detection-rules
Overview
Could not load contribution data
Please try again later
13 Pull requests merged by 3 people
-
[Rule Tuning] Accepted Default Telnet Port Connection
#3954 merged
Aug 3, 2024 -
[Rule Tuning] Microsoft IIS Service Account Password Dumped
#3935 merged
Aug 2, 2024 -
[Tuning] Executable Bit Set for Potential Persistence Script
#3929 merged
Aug 2, 2024 -
[Rule Tuning] AWS S3 Object Versioning Suspended
#3953 merged
Aug 2, 2024 -
[New Rule] Potential Relay Attack against a Domain Controller
#3928 merged
Aug 2, 2024 -
[Rule Tuning] Sensitive Registry Hive Access via RegBack
#3947 merged
Aug 1, 2024 -
[Rule Tuning] System Binary Moved or Copied
#3933 merged
Aug 1, 2024 -
[New Rule] AWS IAM CompromisedKeyQuarantine Policy Attached to User
#3910 merged
Aug 1, 2024 -
[New Rule] AWS IAM User or Role Created Cloudformation Stack for First Time
#3923 merged
Jul 31, 2024 -
[New Rule] AWS EC2 Instance Console Login via Assumed Role
#3922 merged
Jul 31, 2024 -
[New Rule] AWS EC2 Instance Interaction with IAM Service
#3920 merged
Jul 31, 2024 -
[New Rule] Potential Active Directory Replication User Backdoor
#3014 merged
Jul 31, 2024 -
[Rule Tuning] Removed Endgame from Incompatible Rules
#3931 merged
Jul 31, 2024
15 Pull requests opened by 4 people
-
[New Rule] Openssl Client or Server Activity
#3930 opened
Jul 30, 2024 -
react_sync_rta_updates_3784
#3937 opened
Aug 1, 2024 -
react_sync_rta_updates_3783
#3938 opened
Aug 1, 2024 -
react_sync_rta_updates_3788
#3940 opened
Aug 1, 2024 -
react_sync_rta_updates_3786
#3941 opened
Aug 1, 2024 -
react_sync_rta_updates_3791
#3942 opened
Aug 1, 2024 -
react_sync_rta_updates_3793
#3943 opened
Aug 1, 2024 -
react_sync_rta_updates_3795
#3944 opened
Aug 1, 2024 -
react_sync_rta_updates_3797
#3945 opened
Aug 1, 2024 -
[New Rule] Outlook Home Page Registry Modification
#3946 opened
Aug 1, 2024 -
[Rule Tuning] Simple KQL to EQL Conversion
#3948 opened
Aug 1, 2024 -
[DaC] [FR] Autogenerate Custom Schema
#3949 opened
Aug 1, 2024 -
react_sync_rta_updates_3804
#3951 opened
Aug 2, 2024 -
react_sync_rta_updates_3808
#3952 opened
Aug 2, 2024 -
[DaC] [FR] Ndjson support for action connectors
#3955 opened
Aug 4, 2024
5 Issues closed by 2 people
-
[Bug] flow_denied missing in "Accepted Default Telnet Port Connection" SIEM rule query
#3264 closed
Aug 3, 2024 -
[Bug] Microsoft IIS Service Account Password Dumped doesn't match the command arg
#3807 closed
Aug 2, 2024 -
[Rule Tuning] AWS S3 Object Versioning Suspended
#3950 closed
Aug 2, 2024 -
[Bug] Building wheels failed in self hosted runner [windows]
#3936 closed
Aug 1, 2024 -
[Meta] Explore Detection Opportunities on Active Directory Relay, Spoofing and Coercion Attacks - Part 1
#3544 closed
Jul 30, 2024
3 Issues opened by 3 people
-
[Rule Tuning] Service Path Modification via sc.exe
#3939 opened
Aug 1, 2024 -
[Rule Tuning] Potential Password Spraying of Microsoft 365 User Accounts
#3934 opened
Jul 31, 2024 -
[Rule Tuning] Agent Spoofing - Multiple Hosts Using Same Agent
#3932 opened
Jul 30, 2024
13 Unresolved conversations
Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.
-
[DaC] Beta Release
#3889 commented on
Aug 4, 2024 • 21 new comments -
[New Rule] Active Directory Forced Authentication from Linux Host
#3912 commented on
Jul 29, 2024 • 3 new comments -
[New] Execution via Windows Command Debugging Utility
#3918 commented on
Jul 29, 2024 • 1 new comment -
[Rule Tuning] Attempts to Brute Force a Microsoft 365 User Account
#2278 commented on
Jul 31, 2024 • 0 new comments -
[Bug] O365 Exchange Suspicious Mailbox Right Delegation - False Positives for "NT AUTHORITY\SYSTEM (Microsoft.Exchange.ServiceHost)"
#3702 commented on
Jul 31, 2024 • 0 new comments -
[Rule Tuning] O365 Exchange Suspicious Mailbox Right Delegation
#3446 commented on
Jul 31, 2024 • 0 new comments -
Included logs-o365* index
#2446 commented on
Jul 31, 2024 • 0 new comments -
Global Administrator = Company Administrator
#2404 commented on
Jul 31, 2024 • 0 new comments -
[Rule Tuning] O365 Exchange Suspicious Mailbox Right Delegation
#3775 commented on
Jul 31, 2024 • 0 new comments -
[New Rule] Suspicious New-InboxRule
#3444 commented on
Jul 31, 2024 • 0 new comments -
[Rule Tuning] Suspicious Web Browser Sensitive File Access
#3721 commented on
Aug 2, 2024 • 0 new comments -
[FR] Add `source_updated_at` to Rule Schema as a Build Time Field
#3427 commented on
Aug 1, 2024 • 0 new comments -
react_sync_rta_updates_3548
#3766 commented on
Aug 2, 2024 • 0 new comments