issues
search
SigmaHQ
/
sigma
Main Sigma Rule Repository
Other
7.84k
stars
2.12k
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Update New Behaviours Okta Admin Console rule
#4890
kelnage
opened
4 hours ago
0
DNS Exfiltration rule
#4889
pramodpabbati
opened
1 day ago
2
Multiple Updates
#4888
nasbench
opened
1 day ago
0
update browser credential sigma rule
#4887
X-Junior
opened
1 day ago
0
Unconstrained delegation
#4886
frack113
opened
3 days ago
0
Create image_load_susp_dotnet_csharp_streamer_rat.yml
#4885
LucaInfoSec
opened
3 days ago
3
XXD Command Line Obfuscation on Linux & Compiler Execution Within Kubernetes Containers & Three Others
#4884
signalblur
opened
5 days ago
0
Bump urllib3 from 1.26.18 to 1.26.19
#4883
dependabot[bot]
closed
6 days ago
1
New Analytics: LocaltoNet tunneling
#4882
netgrain
closed
6 days ago
2
XXD Command Line Obfuscation on Linux & Compiler Execution Within Kubernetes Containers
#4881
signalblur
closed
5 days ago
1
Compiler Execution Within Kubernetes Containers
#4880
signalblur
closed
6 days ago
1
Archive New Rule References
#4879
github-actions[bot]
closed
6 days ago
0
Create create_remote_thread_win_susp_dialer.yml
#4878
prashanthpulisetti
opened
1 week ago
0
Update appframework_django_exceptions.yml
#4877
rafiq-zaman
closed
1 week ago
0
xp_cmdshell detection rule improvements
#4876
DFIR-jwedd
closed
5 hours ago
2
False Detections with Invoke-Obfuscation and Null Bytes
#4875
KDot227
opened
2 weeks ago
2
Filter Driver Unloaded Via Fltmc.EXE
#4874
celalettin-turgut
closed
2 days ago
1
Shorten AV string "Mimikatz" to "mikatz"
#4873
ruppde
closed
2 weeks ago
1
Update Rules
#4872
nasbench
closed
1 day ago
0
fixing sigma2stix urls in projects section
#4870
himynamesdave
closed
3 weeks ago
0
New: Detect Activation of Windows Recall
#4869
ssnkhan
closed
3 weeks ago
1
Archive New Rule References
#4868
github-actions[bot]
closed
3 weeks ago
0
Promote Older Rules From `experimental` to `test`
#4867
github-actions[bot]
closed
3 weeks ago
0
Portmap.io Domain
#4866
Neo23x0
closed
3 weeks ago
1
Create new rule: proc_creation_macos_tmutil_backup_tampering.yml
#4865
pratinavchandra
closed
3 weeks ago
0
Refactor azure_aad_secops_ca_policy_updatedby_bad_actor.yml to use a map of fields
#4864
cygnetix
closed
4 weeks ago
0
Create net_connection_win_cloudflared_tunnels
#4863
deFr0ggy
closed
1 month ago
1
Uncommon Target Image For Process Access - PROCESS_ALL_ACCESS
#4862
frack113
closed
1 month ago
0
Bump requests from 2.31.0 to 2.32.0
#4861
dependabot[bot]
closed
1 month ago
1
Minor fix for rule regex
#4860
CR-OfirTal
closed
1 month ago
1
fix: casing of `Win32_ShadowCopy`
#4859
vburov
closed
1 month ago
0
Add deprecated csv script
#4858
frack113
opened
1 month ago
0
Update proc_creation_win_apt_forest_blizzard_activity.yml
#4857
nischalkhadgi62
closed
1 month ago
2
Remove smart quotes from file_event_win_iphlpapi_dll_sideloading.yml
#4856
jeremyhagan
closed
1 month ago
0
Archive New Rule References
#4855
github-actions[bot]
closed
1 month ago
0
Update of Rare Service Install Detection Rule to use correlation syntax
#4854
Mat0vu
opened
1 month ago
4
feat: small fixes
#4853
nasbench
closed
1 month ago
0
Add rule for Atomic t1040
#4852
frack113
closed
1 month ago
1
Fix FP Forest-Blizzard/proc_creation_win_apt_forest_blizzard_activity
#4851
frack113
closed
1 month ago
0
Cleanup condition writing
#4850
frack113
closed
1 month ago
0
Can I use regular expression in sigma?
#4849
Ron-zs
closed
1 month ago
1
Create proc_creation_win_veeam_cve_2024_29212.yml
#4848
prashanthpulisetti
closed
1 month ago
1
Update test Workflow
#4847
frack113
closed
1 month ago
0
Windows LAPS Credential Dump via Entra ID
#4846
BIitzkrieg
closed
7 hours ago
2
Proxy WebDAV Rule Improvements/New Rule
#4845
ahmedfarou22
closed
1 month ago
0
Atomic T1548.002 Add new registry keys
#4844
frack113
closed
1 month ago
0
Add rule for Redcannary T1562.004
#4843
frack113
closed
1 month ago
0
Archive New Rule References
#4842
github-actions[bot]
closed
1 month ago
0
Promote Older Rules From `experimental` to `test`
#4841
github-actions[bot]
closed
1 month ago
0
Suspicious Browser Launch
#4840
skaynum
closed
1 month ago
0
Next