Elastic Contributor Program: How to make security contributions

At Elastic, we understand the value of our community. Community is at the core of what we do and who we are as a company. In an effort to recognize Elastic community contributors around the world, we launched the Elastic Contributor Program in September of this year.

The goal of this program is to encourage knowledge transfer within the Elastic community and build friendly competition around contributions. In this blog post, we’ll walk through ways in which you can contribute to the Elastic Security community and how to submit your contributions to our program for potential reward. 

Contribute to the public rules repo

We believe in security through openness, not obscurity. For that reason, Elastic Security released a public GitHub repository where free rules are developed in the open. We welcome contributions from the community and believe this is a unique opportunity to share our collective knowledge, collaborate with each other, and solve security problems together as a community.

To start sharing your rule logic, check out elastic/detection-rules on GitHub. We have detailed instructions there for navigating the repository, forking and cloning, and creating a rule. We include a command line tool for bulk editing the files and to make creating new rules easier.


When you’re ready to add a new rule to the repository, run python -m detection_rules create-rule, and you’ll be prompted for the required metadata. We recommend using the CLI when possible, as it reduces copy-and-paste errors that happen when reusing contents from a TOML file from another rule or template.

When your rule is in a good state, you can run the command python -m detection_rules test to locally perform unit tests, which validate syntax, schema usage, etc. Then, create the pull request and someone on our Intelligence & Analytics team will review the contribution. If we request any changes, we’ll work with you to make the recommended changes. 

If you have a good idea for a rule, but want to collaborate with us on the idea or get feedback, feel free to create a New Rule issue. We look forward to collaborating with you!

The latest information is always in the repo — be sure to check out the contributor guidelines and philosophy docs. Or, watch the webinar for a deeper dive.

elastic-contributor-program-detection-rules.png

Other ways to contribute

There are numerous ways to get involved in the Elastic Security community! Share your security use case in a blog or through a virtual meetup. You can also write a tutorial, record a video, or organize and host events. If writing or speaking isn’t your thing, no problem! We can work with you to create, promote, or present content around your story. 

You can also validate the work of your peers that have contributed to the Elastic Contributor Program and receive credit for doing so. These are just some of the many possibilities — be sure to check out our contributor webpage for more information.

Earn credit for your contributions

Visit the Elastic Contributor Program portal to start earning points for your contributions. There are six primary contribution types: event organization, presentation, written content, video, translation, and code. If you are submitting contributions made to the detection rules repo, be sure to select code as your contribution type.

If you are on the leaderboard for your region, you have a chance to win prizes and be recognized as a top contributor. We recognize top contributors with things like training subscriptions, event tickets, virtual badges, and more.

Check out our blog post to learn how to use the Elastic Contributor Program portal and start submitting your security contributions today! We’ll see you on the leaderboard.