A UI for exploring and learning about Elastic Security Detection Rules.
The explorer is publically available at https://elastic.github.io/detection-rules-explorer. It is updated daily with the latest published rules.
Elastic detection rules are included from these Elastic packages:
- Prebuilt Security Detection Rules
- Domain Generated Algorithm Detection
- Living off the Land Attack Detection
- Lateral Movement Detection
- Data Exfiltration Detection
The site is built with GitHub Pages, Next.js and Elastic EUI, based on the Elastic's Next.js EUI Starter.
To run the local development environment:
- Get going with node:
nvm use- Get the latest rules:
npm run prebuild- Start the development server:
npm run devFrom there, open http://localhost:3000 with your browser to see the result. It will hot reload as you make changes to the site code.
There are two branches in this repository:
- main- stores the source code for the site
- gh-pages- stores the compiled site source for publishing
On merge to main, a Github action (at .github/workflows/gh-pages.yml) will build the site and push it to the gh-pages branch. From there, another Github action (auto-configured by Github) will publish the updates to the internet at https://elastic.github.io/detection-rules-explorer.
To learn more about Next.js, take a look at the following resources:
- Next.js Documentation - learn about Next.js features and API.
- Learn Next.js - an interactive Next.js tutorial.
- Elastic Next.js Starter - on which this repo was originally based.
- Elastic EUI Documentation - Elastic's react component library.