Issues: SigmaHQ/sigma
Issues list
Adding sigma rules related to Restic for Data Exfiltration and CleanUpLoader(Oyster Backdoor)
#5056
opened Oct 20, 2024 by
CTI-Driven
Remove ending spaces from selection in posh_ps_susp_invocation_generic.yml
False-Positive
Issue reporting a false positive with one of the rules
#5034
opened Oct 4, 2024 by
BlakeHensleyy
Wrong filter in " Kerberoasting Activity - Initial Query" rule condition?
False-Positive
Issue reporting a false positive with one of the rules
Work In Progress
Some changes are needed
#5011
opened Sep 17, 2024 by
zambomarcell
Certain Windows commands include two spaces between the process and the parameters which is NOT reflected in related SIGMA rules
False-Positive
Issue reporting a false positive with one of the rules
#4914
opened Jul 13, 2024 by
Koifman
Possible wrong access mask in Mimikatz DC Sync rule
Work In Progress
Some changes are needed
#4895
opened Jul 2, 2024 by
ail4ni
DNS Exfiltration rule
Work In Progress
Some changes are needed
#4889
opened Jun 25, 2024 by
pramodpabbati
False Detections with Invoke-Obfuscation and Null Bytes
False-Positive
Issue reporting a false positive with one of the rules
Work In Progress
Some changes are needed
#4875
opened Jun 9, 2024 by
KDot227
Update of Rare Service Install Detection Rule to use correlation syntax
Work In Progress
Some changes are needed
#4854
opened May 14, 2024 by
Mat0vu
Based on suspicious regedit changes sigma rules
Work In Progress
Some changes are needed
#4542
opened Nov 4, 2023 by
HydraDragonAntivirus
Detect PowerShell w/o PowerShell Execution via RunDLL32 and various other methods
Work In Progress
Some changes are needed
#4197
opened Apr 25, 2023 by
JulianDroste
ProTip!
Adding no:label will show everything without a label.