Skip to content

Issues: SigmaHQ/sigma

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear current search query, filters, and sorts
40 Open 66 Closed
40 Open 66 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

feat: Suspicious CrushFTP Child Process Author Input Required changes the require information from original author of the rules Emerging-Threats Rules Work In Progress Some changes are needed
#5261 opened Apr 10, 2025 by swachchhanda000 Loading…
4
Sigma rules to detect CVE 2025 29824 and susp BLF File Creation Author Input Required changes the require information from original author of the rules Emerging-Threats Rules Windows Pull request add/update windows related rules Work In Progress Some changes are needed
#5260 opened Apr 10, 2025 by swachchhanda000 Loading…
4
Add rule to detect makecab staging of LOLBins Author Input Required changes the require information from original author of the rules Rules Windows Pull request add/update windows related rules Work In Progress Some changes are needed
#5254 opened Apr 4, 2025 by alexegorov1 Loading…
2
New Rules : PowerShell Console History File Access - file_access + proc_creation Author Input Required changes the require information from original author of the rules Rules Windows Pull request add/update windows related rules Work In Progress Some changes are needed
#5253 opened Apr 4, 2025 by EzLucky Loading…
2
microsoft_sql_dangerous_operations Author Input Required changes the require information from original author of the rules Rules Windows Pull request add/update windows related rules Work In Progress Some changes are needed
#5221 opened Mar 3, 2025 by dan21san Loading… Sigma-March-April-Release
3
Automatically update heatmap json when new rule is pushed to master. Author Input Required changes the require information from original author of the rules Maintenance Related to additions and update of the repository features Work In Progress Some changes are needed
#5213 opened Feb 26, 2025 by JrOrOneEquals1 Loading…
3
Fixed fps and added coverage for ARM based windows dotnet paths Rules Windows Pull request add/update windows related rules Work In Progress Some changes are needed
#5208 opened Feb 24, 2025 by swachchhanda000 Loading… Sigma-March-April-Release
8
Update proc_creation_win_reg_windows_defender_tamper.yml Author Input Required changes the require information from original author of the rules Rules Windows Pull request add/update windows related rules Work In Progress Some changes are needed
#5148 opened Dec 31, 2024 by MalGamy12 Draft
3
Add Definition to Auditd susp_activity Create Pull-Request issues that should be provided as a pull request Work In Progress Some changes are needed
#5142 opened Dec 25, 2024 by BalsamicSentry
@nasbench
1
Proc creation lnx webshell detection Author Input Required changes the require information from original author of the rules Linux Pull request add/update linux related rules Rules Work In Progress Some changes are needed
#5128 opened Dec 13, 2024 by CheraghiMilad Draft
4
Some paths added Author Input Required changes the require information from original author of the rules Linux Pull request add/update linux related rules Rules Work In Progress Some changes are needed
#5120 opened Dec 10, 2024 by CheraghiMilad Draft
4
Add rule for insert or remove rootkit Author Input Required changes the require information from original author of the rules Linux Pull request add/update linux related rules Rules Work In Progress Some changes are needed
#5114 opened Dec 8, 2024 by CheraghiMilad Loading…
9
Add rule for device driver discovery Author Input Required changes the require information from original author of the rules Linux Pull request add/update linux related rules Rules Work In Progress Some changes are needed
#5113 opened Dec 8, 2024 by CheraghiMilad Loading…
2
Proc creation lnx exfiltration data via sftp protocol (winscp tool) Linux Pull request add/update linux related rules Rules Work In Progress Some changes are needed
#5096 opened Nov 29, 2024 by CheraghiMilad Loading…
3
Update proc_creation_win_findstr_security_keyword_lookup.yml Rules Windows Pull request add/update windows related rules Work In Progress Some changes are needed
#5085 opened Nov 20, 2024 by MalGamy12 Loading…
Detects the immediate execution of Python web servers (e.g., http.server) via the command line interface (CLI) Linux Pull request add/update linux related rules Rules Work In Progress Some changes are needed
#5079 opened Nov 13, 2024 by mlakri Loading…
AWS IAM user login without MFA Create Pull-Request issues that should be provided as a pull request Work In Progress Some changes are needed
#5074 opened Nov 9, 2024 by thuya-hacktilizer
@nasbench
1
Create Suspicious_Access_Attempt_to_the_cert Windows_Share_Possible_C… Rules Windows Pull request add/update windows related rules Work In Progress Some changes are needed
#5073 opened Nov 7, 2024 by NinnessOtu Loading…
4
This is a proposal for SUID Enumeration Using Find Author Input Required changes the require information from original author of the rules Linux Pull request add/update linux related rules Rules Work In Progress Some changes are needed
#5071 opened Nov 4, 2024 by mlakri Draft
3
Create microsoft365_teams_guest_rmm_deployment.yml Author Input Required changes the require information from original author of the rules Rules Work In Progress Some changes are needed
#5066 opened Nov 1, 2024 by prashanthpulisetti Loading…
12
Adding sigma rules related to Restic for Data Exfiltration and CleanUpLoader(Oyster Backdoor) Create Pull-Request issues that should be provided as a pull request Work In Progress Some changes are needed
#5056 opened Oct 20, 2024 by CTI-Driven
@nasbench
Create proc_creation_win_reg_add_AutoAdminLogon_key.yml Rules Windows Pull request add/update windows related rules Work In Progress Some changes are needed
#5053 opened Oct 16, 2024 by Mahir-Ali-khan Loading…
3
Update Suspicious Double Extension File Execution Rules Rules Windows Pull request add/update windows related rules Work In Progress Some changes are needed
#5030 opened Oct 1, 2024 by MalGamy12 Loading…
@nasbench
2
aws_new_rules Author Input Required changes the require information from original author of the rules Rules Work In Progress Some changes are needed
#5021 opened Sep 21, 2024 by saakovv Loading…
9
github-new-rules Rules Work In Progress Some changes are needed
#5018 opened Sep 20, 2024 by saakovv Loading…
@nasbench
6
ProTip! no:milestone will show everything without a milestone.