name: New Rule description: Suggestions and ideas for new rules title: "[New Rule] Name of rule" labels: ["Rule: New", "Team: TRADE"] assignees: [] projects: ["elastic/1268"] body: - type: textarea id: description attributes: label: Description description: "Provide a detailed description of the activity to be detected." placeholder: "Detailed description..." - type: dropdown id: target_ruleset attributes: label: Target Ruleset description: "Select the target rulset." options: - apm - cross-platform - aws - aws_bedrock - azure - azure_openai - beaconing - cloud_defend - cyberparkpas - ded - dga - endpoint - fim - gcp - github - google_workspace - kubernetes - lmd - o365 - okta - problemchild - linux - macos - ml - network - promotions - threat_intel - windows - other - type: dropdown id: rule_type attributes: label: Target Rule Type description: "Select the target type." options: - Custom (KQL or Lucene) - Machine Learning - Threshold - Event Correlation (EQL) - Indicator Match - New Terms - ES|QL - type: input id: ecs_version attributes: label: Tested ECS Version description: "Specify the tested ECS version." placeholder: "x.x.x" - type: textarea id: query attributes: label: Query description: "Provide the query for the rule (optional)." placeholder: "Query..." - type: textarea id: new_fields attributes: label: New fields required in ECS/data sources for this rule? description: "List any new fields required in ECS or data sources for this rule (optional)." placeholder: "New fields..." - type: textarea id: related_issues_prs attributes: label: Related issues or PRs description: "Link any related issues or PRs (optional)." placeholder: "Related issues or PRs..." - type: textarea id: references attributes: label: References description: "List any references (optional)." placeholder: "References..." - type: textarea id: example_data attributes: label: Redacted Example Data description: "Provide a redacted example JSON data from the actual activity." placeholder: "Example JSON data..."