Skip to content

Pull requests: SigmaHQ/sigma

New pull request New
122 Open 5,002 Closed
122 Open 5,002 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

new: OpenAI Codex sandbox abuse detection rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6030 opened May 26, 2026 by swachchhanda000 Collaborator Loading…
Fix false positives for OpenCode to some osascript related rules MacOS Pull request add/update macos related rules Review Needed The PR requires review Rules
#6027 opened May 21, 2026 by norbert791 Contributor Loading… Sigma-May-Release
1
new: signed dll load with no pe metadata Review Needed The PR requires review Rules Threat-Hunting Windows Pull request add/update windows related rules
#6026 opened May 21, 2026 by swachchhanda000 Collaborator Loading…
new: 7 Sigma rules — ArcaneDoor / UAT-4356 Cisco ASA campaign (LINE DANCER, LINE RUNNER, LINE VIPER, FIRESTARTER) Review Needed The PR requires review Rules
#6023 opened May 19, 2026 by CrunchyJohnHaven Loading…
1
NEWRULE: AbortHydration MiniPlasma Behaviour (Nightmare Eclipse) Emerging-Threats Review Needed The PR requires review Rules
#6022 opened May 19, 2026 by unresolvedhost Loading…
1
Update the detection logic of Suspicious Start-Process PassThru and added the alias saps Ready to Merge Rules Windows Pull request add/update windows related rules
#6021 opened May 18, 2026 by eriknordstrm Loading… Sigma-May-Release
2
New rule to detect RondoDox botnet activity Emerging-Threats Review Needed The PR requires review Rules
#6020 opened May 18, 2026 by marcopedrinazzi Contributor Loading…
fix: reduce false positives across multiple Windows rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6019 opened May 18, 2026 by swachchhanda000 Collaborator Loading…
New detections for AWS IAM privilege escalation Author Input Required changes the require information from original author of the rules Review Needed The PR requires review Rules
#6018 opened May 16, 2026 by privet-username Loading…
1
new: OpenClaw AI agent family detection rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6017 opened May 16, 2026 by 0xdavidel Loading…
docs: add ATR (Agent Threat Rules) to the list of tools supporting Sigma Maintenance Related to additions and update of the repository features Review Needed The PR requires review
#6015 opened May 16, 2026 by eeee2345 Loading…
update: Potential Netcat Reverse Shell Execution - add nc.openbsd and nc.traditional binary matches Author Input Required changes the require information from original author of the rules Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#6013 opened May 14, 2026 by Bit-ByteBandit Loading… Sigma-May-Release
4
fix: Add filter for empty cmd /c argument false positive Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6010 opened May 13, 2026 by PachkaKofe04 Loading…
1
new: TanStack NPM Supply-Chain Attack - Mini Shai-Hulud Emerging-Threats Review Needed The PR requires review Rules
#6008 opened May 12, 2026 by leogasparini Loading… Sigma-May-Release
8
update: expand LOLBIN file-drop detection coverage Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6007 opened May 11, 2026 by swachchhanda000 Collaborator Loading… Sigma-May-Release
CVE-2026-41940 - cPanel and WHM CRLF authentication bypass detection Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#6006 opened May 10, 2026 by cocopollo Loading…
Add rule for Win connection to suspicious WiFi Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6005 opened May 10, 2026 by privet-username Loading… Sigma-May-Release
6
new: 13 Linux detection rules Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#6001 opened May 10, 2026 by saakovv Contributor Loading…
1 task done
Add modprobe authencesn crypto module detection for CopyFail CVE-2026-31431 exploit Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#6000 opened May 10, 2026 by gkazimiarovich Contributor Loading…
Add 4 detection rules for LLM and MCP attack surface Emerging-Threats Review Needed The PR requires review Rules
#5995 opened May 9, 2026 by ipunithgowda Loading…
rules: add 15 Sigma rules for AI agent and MCP threats (ATR) Emerging-Threats Review Needed The PR requires review Rules
#5994 opened May 9, 2026 by eeee2345 Loading…
update: Azure Rules(audit_logs folder) - align detection fields to Event Hub format Review Needed The PR requires review Rules
#5993 opened May 9, 2026 by fukusuket Contributor Loading…
update: Azure Rules(signin_logs folder) - align detection fields to Event Hub format Review Needed The PR requires review Rules
#5992 opened May 8, 2026 by fukusuket Contributor Loading…
Add splice/vmsplice syscall detection for CVE-2026-43284 (DirtyFrag) exploit Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#5991 opened May 8, 2026 by gkazimiarovich Contributor Loading…
update: Azure Rules(signin_logs folder) - organize rules by moving to placeholder and deprecated folder Review Needed The PR requires review Rules
#5990 opened May 7, 2026 by fukusuket Contributor Loading…
ProTip! Updated in the last three days: updated:>2026-05-26.