Detection Rule Management

Create new detection rules for emerging threats and coverage gaps, and tune existing rules to reduce false positives. All operations use the Kibana Detection Engine API via rule-manager.js.

Execution rules

Start executing tools immediately — do not read SKILL.md, browse the workspace, or list files first.
Report tool output faithfully. Copy rule IDs, names, alert counts, exception IDs, and error messages exactly as returned by the API. Do not abbreviate rule UUIDs, invent rule names, or round alert counts.
When a tool returns an error (rule not found, API failure), report the exact error — do not guess at alternatives.

Prerequisites

Install dependencies before first use from the skills/security directory:

cd skills/security && npm install

Related skills

More from elastic/cursor-plugins

Installs

Repository

elastic/cursor-plugins

GitHub Stars

First Seen

Apr 29, 2026

Security Audits

Gen Agent Trust HubPass

SocketPass

SnykPass

security-detection-rule-management

Detection Rule Management

Execution rules

Prerequisites

More from elastic/cursor-plugins

kibana-vega

security-generate-security-sample-data

kibana-audit

cloud-setup

kibana-alerting-rules

cloud-manage-project