-
-
Notifications
You must be signed in to change notification settings - Fork 2.3k
Pull requests: SigmaHQ/sigma
Author
Label
Projects
Milestones
Reviews
Assignee
Sort
Pull requests list
new: Suspicious Process Spawn by CentreStack Portal AppPool
Rules
Windows
Pull request add/update windows related rules
Work In Progress
Some changes are needed
#5263
opened Apr 11, 2025 by
RG9n
Loading…
feat: Suspicious CrushFTP Child Process
Emerging-Threats
Rules
#5261
opened Apr 10, 2025 by
swachchhanda000
Loading…
Sigma rules to detect CVE 2025 29824 and susp BLF File Creation
Emerging-Threats
Rules
Windows
Pull request add/update windows related rules
#5260
opened Apr 10, 2025 by
swachchhanda000
Loading…
Introduce versions of rules for K8s audit log format
Rules
#5259
opened Apr 9, 2025 by
kelnage
Loading…
Add a missing mitre tag to one rule
Rules
Windows
Pull request add/update windows related rules
#5258
opened Apr 9, 2025 by
david-syk
Loading…
feat: Security Event Logging Disabled Via MiniNt Registry Key
Rules
Windows
Pull request add/update windows related rules
#5257
opened Apr 9, 2025 by
swachchhanda000
Loading…
Add rule to detect activation of a Wi-Fi hotspot on Ubuntu systems via NetworkManager, based on syslog.
Linux
Pull request add/update linux related rules
Rules
#5255
opened Apr 7, 2025 by
rahulisationn
Loading…
Add rule to detect makecab staging of LOLBins
Rules
Windows
Pull request add/update windows related rules
#5254
opened Apr 4, 2025 by
alexegorov1
Loading…
New Rules : PowerShell Console History File Access - file_access + proc_creation
Rules
Windows
Pull request add/update windows related rules
#5253
opened Apr 4, 2025 by
EzLucky
Loading…
Modify proc_creation_win_ping_hex_ip.yml to look for hexidemical strings using regex
Rules
Windows
Pull request add/update windows related rules
#5251
opened Apr 2, 2025 by
vasquja
Loading…
Promote Older Rules From
experimental to test
#5249
opened Apr 1, 2025 by
github-actions
bot
Loading…
Added more generic potential HKCU CLSID COM hijacking rule
Rules
Windows
Pull request add/update windows related rules
#5248
opened Mar 29, 2025 by
grimlockx
Loading…
Added more extensions that could be suspicious for Startup Folder
Rules
Windows
Pull request add/update windows related rules
#5246
opened Mar 27, 2025 by
swachchhanda000
Loading…
Rules for Rustdesk
Rules
Windows
Pull request add/update windows related rules
#5245
opened Mar 27, 2025 by
frack113
Loading…
Potential ClickFix Execution Pattern - Registry
Rules
Windows
Pull request add/update windows related rules
#5244
opened Mar 25, 2025 by
swachchhanda000
Loading…
Discovery via registry queries detection
Rules
Windows
Pull request add/update windows related rules
#5243
opened Mar 24, 2025 by
xlazarg
Loading…
Create win_system_possible_ipv6_dns_takeover.yml
2nd Review Needed
PR need a second approval
Rules
Windows
Pull request add/update windows related rules
#5242
opened Mar 22, 2025 by
NinnessOtu
Loading…
Addded rule for LNK Command-Line Padding with Whitespace Characters
Ready to Merge
Rules
Windows
Pull request add/update windows related rules
Add esentutl.exe in potential browser data stealing
Ready to Merge
Rules
Windows
Pull request add/update windows related rules
Added AntiSpywareProduct class enumeration
Ready to Merge
Rules
Windows
Pull request add/update windows related rules
Create azure_ad_cross_tenant_b2b_collab_signin.yml
Rules
#5233
opened Mar 15, 2025 by
whichbuffer
Loading…
Create azure_ad_cross_tenant_user_provisioning.yml
Rules
#5232
opened Mar 15, 2025 by
whichbuffer
Loading…
Added rule to detect clearing of event logs via dotnet class
Ready to Merge
Rules
Windows
Pull request add/update windows related rules
Previous Next
ProTip!
Updated in the last three days: updated:>2025-04-09.