Skip to content
Navigation Menu
Toggle navigation
Sign in
Appearance settings
Platform
AI CODE CREATION
GitHub Copilot
Write better code with AI
GitHub Spark
Build and deploy intelligent apps
GitHub Models
Manage and compare prompts
MCP Registry
New
Discover and integrate external tools
DEVELOPER WORKFLOWS
Actions
Automate any workflow
Codespaces
Instant dev environments
Issues
Plan and track work
Code Review
Manage code changes
APPLICATION SECURITY
GitHub Advanced Security
Find and fix vulnerabilities
Code security
Secure your code as you build
Secret protection
Stop leaks before they start
EXPLORE
Why GitHub
Documentation
Blog
Changelog
Marketplace
View all features
Solutions
BY COMPANY SIZE
Enterprises
Small and medium teams
Startups
Nonprofits
BY USE CASE
App Modernization
DevSecOps
DevOps
CI/CD
View all use cases
BY INDUSTRY
Healthcare
Financial services
Manufacturing
Government
View all industries
View all solutions
Resources
EXPLORE BY TOPIC
AI
Software Development
DevOps
Security
View all topics
EXPLORE BY TYPE
Customer stories
Events & webinars
Ebooks & reports
Business insights
GitHub Skills
SUPPORT & SERVICES
Documentation
Customer support
Community forum
Trust center
Partners
Open Source
COMMUNITY
GitHub Sponsors
Fund open source developers
PROGRAMS
Security Lab
Maintainer Community
Accelerator
Archive Program
REPOSITORIES
Topics
Trending
Collections
Enterprise
ENTERPRISE SOLUTIONS
Enterprise platform
AI-powered developer platform
AVAILABLE ADD-ONS
GitHub Advanced Security
Enterprise-grade security features
Copilot for Business
Enterprise-grade AI features
Premium Support
Enterprise-grade 24/7 support
Pricing
Search or jump to...
Search code, repositories, users, issues, pull requests...
Search syntax tips
Provide feedback
Saved searches
Use saved searches to filter your results more quickly
Sign in
Sign up
Appearance settings
Resetting focus
You signed in with another tab or window.
Reload
to refresh your session.
You signed out in another tab or window.
Reload
to refresh your session.
You switched accounts on another tab or window.
Reload
to refresh your session.
Dismiss alert
{{ message }}
elastic
/
detection-rules
Public
Notifications
You must be signed in to change notification settings
Fork
605
Star
2.4k
Code
Issues
177
Pull requests
55
Actions
Security
Uh oh!
There was an error while loading.
Please reload this page
.
Insights
Additional navigation options
Code
Issues
Pull requests
Actions
Security
Insights
Commits
Branch selector
main
User selector
DefSecSentinel
Datepicker
All time
Commit History
Commits on Apr 24, 2025
[Tuning] Update DPRK ByBit Hunting Queries (#4645)
Show description for 84966f0
DefSecSentinel
and
terrancedejesus
authored
84966f0
Copy full SHA for 84966f0
Commits on Apr 22, 2025
[Deprecate] LaunchDaemon Creation or Modification and Immediate Loading (#4547)
DefSecSentinel
authored
c80319d
Copy full SHA for c80319d
Commits on Apr 21, 2025
[Tuning] MacOS DR Tuning PR (#4546)
Show description for 4ef7245
DefSecSentinel
and
shashank-elastic
authored
4ef7245
Copy full SHA for 4ef7245
Commits on Apr 3, 2025
[New] Unusual Network Connection to Suspicious Top Level Domain (#4563)
DefSecSentinel
authored
753e8d8
Copy full SHA for 753e8d8
[New] Unusual Network Connection to Suspicious Web Service (#4569)
Show description for d4b2a35
3 people
authored
d4b2a35
Copy full SHA for d4b2a35
Commits on May 11, 2024
[Tuning] MacOS Comprehensive Detection Rule Tuning (#3435)
Show description for 1fb58e1
6 people
authored
1fb58e1
Copy full SHA for 1fb58e1
Commits on Dec 8, 2023
Create new_meta.md (#3305)
Show description for 10f00a3
DefSecSentinel
and
Mikaayenson
authored
10f00a3
Copy full SHA for 10f00a3
Commits on Oct 27, 2023
[Tuning] Access to Stored Browser Credentials (#3066)
Show description for 6400bb3
DefSecSentinel
and
Aegrah
authored
6400bb3
Copy full SHA for 6400bb3
Commits on Jul 28, 2022
[Rule Tuning] MacOS Installer Package Net Event (#2193)
Show description for 998afcf
DefSecSentinel
and
imays11
authored
998afcf
Copy full SHA for 998afcf
Commits on Jul 25, 2022
[New Rule] File made Immutable by Chattr (#2161)
Show description for c222d45
DefSecSentinel
authored
c222d45
Copy full SHA for c222d45
[New Rule] Chkconfig Service Add (#2159)
Show description for 146f59f
DefSecSentinel
authored
146f59f
Copy full SHA for 146f59f
[New Rule] Suspcious Etc File Creation (#2160)
Show description for 1746897
DefSecSentinel
authored
1746897
Copy full SHA for 1746897
Commits on Jul 22, 2022
[Rule Tuning] Remove File Quarantine Attribute (#2129)
DefSecSentinel
authored
d6527af
Copy full SHA for d6527af
[New Rule] Hidden so file (#2131)
Show description for 98d93bc
DefSecSentinel
and
Samirbous
authored
98d93bc
Copy full SHA for 98d93bc
Commits on Jul 13, 2022
[New Rule] Dynamic Linker Copy (#2099)
Show description for 9995558
DefSecSentinel
authored
9995558
Copy full SHA for 9995558
[New Rule] Tc BPF Filter (#2091)
Show description for 58ad082
DefSecSentinel
authored
58ad082
Copy full SHA for 58ad082
[New Rule] Insmod kernel module load (#2093)
Show description for d7d0466
DefSecSentinel
authored
d7d0466
Copy full SHA for d7d0466
Commits on May 17, 2022
[Rule Tuning] Update Rule Name: Suspicious Network Connection Attempt Sequence by Root (#1983)
Show description for d12f45c
DefSecSentinel
authored
d12f45c
Copy full SHA for d12f45c
Commits on Mar 29, 2022
Linux Shell Evasion Rule Tuning (#1878)
Show description for bcec8a4
DefSecSentinel
and
brokensound77
authored
bcec8a4
Copy full SHA for bcec8a4
Commits on Feb 9, 2022
Prep for creation of 8.2 branch (#1762)
DefSecSentinel
authored
e0dda91
Copy full SHA for e0dda91
Commits on Jan 25, 2022
MacOS FolderActionScripts Process List Update (#1723)
Show description for b564fa1
DefSecSentinel
and
w0rk3r
authored
b564fa1
Copy full SHA for b564fa1
MacOS Launch Daemon Creation Rule - Query Fix (#1722)
Show description for cfd4d43
DefSecSentinel
authored
cfd4d43
Copy full SHA for cfd4d43
You can’t perform that action at this time.
