Skip to content

Issues: SigmaHQ/sigma

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear current search query, filters, and sorts
68 Open 1,132 Closed
68 Open 1,132 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

The DFIR Report Rule Modifications 2nd Review Needed PR need a second approval Emerging-Threats Rules Windows Pull request add/update windows related rules
#5265 opened Apr 16, 2025 by tsale Loading…
new: Suspicious Process Spawn by CentreStack Portal AppPool Ready to Merge Rules Windows Pull request add/update windows related rules
#5263 opened Apr 11, 2025 by RG9n Loading…
6
feat: Suspicious CrushFTP Child Process Author Input Required changes the require information from original author of the rules Emerging-Threats Rules Work In Progress Some changes are needed
#5261 opened Apr 10, 2025 by swachchhanda000 Loading…
4
Sigma rules to detect CVE 2025 29824 and susp BLF File Creation Author Input Required changes the require information from original author of the rules Emerging-Threats Rules Windows Pull request add/update windows related rules Work In Progress Some changes are needed
#5260 opened Apr 10, 2025 by swachchhanda000 Loading…
4
Introduce versions of rules for K8s audit log format Rules
#5259 opened Apr 9, 2025 by kelnage Loading…
feat: Security Event Logging Disabled Via MiniNt Registry Key Rules Windows Pull request add/update windows related rules
#5257 opened Apr 9, 2025 by swachchhanda000 Loading…
Add rule to detect activation of a Wi-Fi hotspot on Ubuntu systems via NetworkManager, based on syslog. Linux Pull request add/update linux related rules Rules
#5255 opened Apr 7, 2025 by rahulisationn Loading…
1
Add rule to detect makecab staging of LOLBins Author Input Required changes the require information from original author of the rules Rules Windows Pull request add/update windows related rules Work In Progress Some changes are needed
#5254 opened Apr 4, 2025 by alexegorov1 Loading…
2
New Rules : PowerShell Console History File Access - file_access + proc_creation Author Input Required changes the require information from original author of the rules Rules Windows Pull request add/update windows related rules Work In Progress Some changes are needed
#5253 opened Apr 4, 2025 by EzLucky Loading…
2
Modify proc_creation_win_ping_hex_ip.yml to look for hexidemical strings using regex Rules Windows Pull request add/update windows related rules
#5251 opened Apr 2, 2025 by vasquja Loading…
1
Added more generic potential HKCU CLSID COM hijacking rule Rules Windows Pull request add/update windows related rules
#5248 opened Mar 29, 2025 by grimlockx Loading…
1
Added more extensions that could be suspicious for Startup Folder Rules Windows Pull request add/update windows related rules
#5246 opened Mar 27, 2025 by swachchhanda000 Loading…
Rules for Rustdesk Rules Windows Pull request add/update windows related rules
#5245 opened Mar 27, 2025 by frack113 Loading…
Potential ClickFix Execution Pattern - Registry Rules Windows Pull request add/update windows related rules
#5244 opened Mar 25, 2025 by swachchhanda000 Loading…
1
Discovery via registry queries detection Rules Windows Pull request add/update windows related rules
#5243 opened Mar 24, 2025 by xlazarg Loading…
2
Create win_system_possible_ipv6_dns_takeover.yml 2nd Review Needed PR need a second approval Rules Windows Pull request add/update windows related rules
#5242 opened Mar 22, 2025 by NinnessOtu Loading…
2
Create azure_ad_cross_tenant_b2b_collab_signin.yml Rules
#5233 opened Mar 15, 2025 by whichbuffer Loading…
Create azure_ad_cross_tenant_user_provisioning.yml Rules
#5232 opened Mar 15, 2025 by whichbuffer Loading…
Lazagne rule update Rules Windows Pull request add/update windows related rules
#5225 opened Mar 6, 2025 by swachchhanda000 Loading… Sigma-March-April-Release
fixed fps in some rules specifically remote thread creation related Author Input Required changes the require information from original author of the rules Rules Windows Pull request add/update windows related rules
#5222 opened Mar 4, 2025 by swachchhanda000 Loading… Sigma-March-April-Release
7
microsoft_sql_dangerous_operations Author Input Required changes the require information from original author of the rules Rules Windows Pull request add/update windows related rules Work In Progress Some changes are needed
#5221 opened Mar 3, 2025 by dan21san Loading… Sigma-March-April-Release
3
Analytic for Signal Desktop sensitive data access Rules Windows Pull request add/update windows related rules
#5220 opened Mar 3, 2025 by netgrain Loading…
Replace CommandLine with real command line arguments Rules Windows Pull request add/update windows related rules
#5219 opened Mar 3, 2025 by nikstuckenbrock Loading… Sigma-March-April-Release
1
Adding rule for detecting recaptcha phish process executions 2nd Review Needed PR need a second approval Rules Windows Pull request add/update windows related rules
#5218 opened Mar 1, 2025 by montysecurity Loading… Sigma-March-April-Release
9
Updated to exclude false positives from common CLI searches like "fin… Author Input Required changes the require information from original author of the rules Rules Windows Pull request add/update windows related rules
#5209 opened Feb 24, 2025 by kagebunsher Loading…
3
ProTip! Mix and match filters to narrow down what you’re looking for.