-
-
Notifications
You must be signed in to change notification settings - Fork 2.7k
Pull requests: SigmaHQ/sigma
Author
Label
Projects
Milestones
Reviews
Assignee
Sort
Pull requests list
new: Node.js Package Manager Supply-Chain Execution Hunts (Windows/Linux/macOS)
Linux
Pull request add/update linux related rules
MacOS
Pull request add/update macos related rules
Review Needed
The PR requires review
Rules
Threat-Hunting
Windows
Pull request add/update windows related rules
#6130
opened Jul 12, 2026 by
NikoCosmico01
Loading…
Add process creation rule for hidden local user account creation via net.exe
Review Needed
The PR requires review
Rules
Windows
Pull request add/update windows related rules
#6129
opened Jul 12, 2026 by
KKarishan
Loading…
Add New Rule - Potential OpenSSH Daemon Exploitation Attempt - Client Crash Penalty
Linux
Pull request add/update linux related rules
Review Needed
The PR requires review
Rules
#6127
opened Jul 10, 2026 by
JoseArgento
Loading…
feat: Add Azure application using authentication transfer flow
Additional Data Needed
Author Input Required
changes the require information from original author of the rules
Review Needed
The PR requires review
Rules
#6126
opened Jul 10, 2026 by
gregorywychowaniec-zt
Contributor
Loading…
Add rule: HackTool - PrintSpoofer Execution
Review Needed
The PR requires review
Rules
Windows
Pull request add/update windows related rules
update: multiple regsvr32 rules tuning
Review Needed
The PR requires review
Rules
Windows
Pull request add/update windows related rules
Add Celery worker shell-spawn detection (rev. of #6108)
Linux
Pull request add/update linux related rules
Review Needed
The PR requires review
Rules
new: AWS Cloudtrail S3 bucket Block Public Access settings weakened
Review Needed
The PR requires review
Rules
Add GitHub Rules + Update of github_repo_or_org_transferred
Additional Data Needed
Author Input Required
changes the require information from original author of the rules
Review Needed
The PR requires review
Rules
#6115
opened Jul 6, 2026 by
st0pp3r
Contributor
Loading…
Add rule: potential NTLM authentication coercion tool execution
Review Needed
The PR requires review
Rules
Windows
Pull request add/update windows related rules
#6111
opened Jul 5, 2026 by
ashish-cybersec
Loading…
add: NetSupport Manager RAT cleartext HTTP C2 detection (Zeek)
Review Needed
The PR requires review
Rules
#6110
opened Jul 5, 2026 by
cyberlandji
Loading…
fix: net user rules coverage and deprecate redundant rule
Review Needed
The PR requires review
Rules
Windows
Pull request add/update windows related rules
Add proxy rule: Base64 Encoded URL In Web Request
Review Needed
The PR requires review
Rules
#6106
opened Jul 3, 2026 by
Usurper-Vladimir
Loading…
Add rule detecting inbound SSH drops on MikroTik WAN
Review Needed
The PR requires review
Rules
#6105
opened Jul 2, 2026 by
OriolesMagic333
Loading…
1 task done
Add rule: indirect command execution via scp.exe
Review Needed
The PR requires review
Rules
Windows
Pull request add/update windows related rules
#6104
opened Jul 2, 2026 by
ashish-cybersec
Loading…
Add rule: arbitrary command execution via git config override
Review Needed
The PR requires review
Rules
Windows
Pull request add/update windows related rules
#6103
opened Jul 2, 2026 by
ashish-cybersec
Loading…
Add detection for PnPUtil driver and device removal activity
Review Needed
The PR requires review
Rules
Windows
Pull request add/update windows related rules
#6099
opened Jul 1, 2026 by
Kvvvvvvvvv
Loading…
Add cross-platform discovery/collection rules
Linux
Pull request add/update linux related rules
MacOS
Pull request add/update macos related rules
Review Needed
The PR requires review
Rules
Windows
Pull request add/update windows related rules
#6095
opened Jun 29, 2026 by
einlamye
Contributor
Loading…
Add Sysinternals tooling and driver/UAC detection rules
Review Needed
The PR requires review
Rules
Windows
Pull request add/update windows related rules
#6094
opened Jun 29, 2026 by
einlamye
Contributor
Loading…
Add Active Directory / Kerberos attack detection rules
Review Needed
The PR requires review
Rules
Windows
Pull request add/update windows related rules
#6093
opened Jun 29, 2026 by
einlamye
Contributor
Loading…
Add ADS abuse and signed-binary LOLBIN detection rules
Review Needed
The PR requires review
Rules
Windows
Pull request add/update windows related rules
#6092
opened Jun 29, 2026 by
einlamye
Contributor
Loading…
Enrich ATT&CK tags (T1654/T1652) and dedupe bcdedit safeboot logic
Review Needed
The PR requires review
Rules
Threat-Hunting
Windows
Pull request add/update windows related rules
#6091
opened Jun 29, 2026 by
einlamye
Contributor
Loading…
rules/windows: add Dev Tunnel hosting or creation process_creation rule
Review Needed
The PR requires review
Rules
Windows
Pull request add/update windows related rules
#6089
opened Jun 28, 2026 by
BL3IP
Loading…
rules: add AWS Secrets Manager BatchGetSecretValue bulk retrieval (T1555.006)
Review Needed
The PR requires review
Rules
#6086
opened Jun 27, 2026 by
adamalizeerj
Loading…
Previous Next
ProTip!
Type g p on any issue or pull request to go back to the pull request listing page.