name: New Hunt description: Suggestions and ideas for new hunts title: "[New hunt] Name of hunt" labels: ["Hunt: New", "Team: TRADE"] assignees: [] projects: ["elastic/1268"] body: - type: textarea id: description attributes: label: Description description: "Provide a detailed description of the activity to be detected." placeholder: "Detailed description..." - type: dropdown id: target_huntset attributes: label: Target Huntset description: "Select the target rulset." options: - apm - cross-platform - aws - aws_bedrock - azure - azure_openai - beaconing - cloud_defend - cyberparkpas - ded - dga - endpoint - fim - gcp - github - google_workspace - kubernetes - lmd - o365 - okta - problemchild - linux - macos - ml - network - promotions - threat_intel - windows - other - type: dropdown id: hunt_type attributes: label: Target hunt Type description: "Select the target type." options: - Custom (KQL or Lucene) - Machine Learning - Threshold - Event Correlation (EQL) - Indicator Match - New Terms - ES|QL - OSQuery - type: textarea id: query attributes: label: Query description: "Provide the query for the hunt (optional)." placeholder: "Query..." - type: textarea id: related_issues_prs attributes: label: Related issues or PRs description: "Link any related issues or PRs (optional)." placeholder: "Related issues or PRs..." - type: textarea id: references attributes: label: References description: "List any references (optional)." placeholder: "References..." - type: textarea id: example_data attributes: label: Redacted Example Data description: "Provide a redacted example JSON data from the actual activity." placeholder: "Example JSON data..."