issues
search
SigmaHQ
/
sigma
Main Sigma Rule Repository
Other
8.4k
stars
2.21k
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
update ESXCLI reference docs after broadcom acquisition of VMWare
#5086
AlbinoGazelle
closed
1 day ago
3
Update proc_creation_win_findstr_security_keyword_lookup.yml
#5085
MalGamy12
opened
2 days ago
0
Update registry_set_persistence_com_hijacking_builtin.yml
#5084
MalGamy12
opened
3 days ago
0
Correct aggregation for ElastAlert backend
#5083
spvcxsh1p
opened
4 days ago
2
Added ordinal of ShellExec_RunDLL
#5082
swachchhanda000
opened
6 days ago
5
Detect RTLO extension spoofing, MITRE T1036.002 in File-Events
#5081
cod3nym
closed
3 days ago
1
Archive New Rule References
#5080
github-actions[bot]
closed
4 days ago
0
Detects the immediate execution of Python web servers (e.g., http.server) via the command line interface (CLI)
#5079
mlakri
opened
1 week ago
0
This rule detects the deletion of existing Auditd rules
#5078
mlakri
closed
1 week ago
1
Create net_connection_win_susp_azurefd_connection.yml
#5077
IsaacDunham
closed
4 days ago
0
fix: FPs with Google Updater Uninstall Script
#5076
Neo23x0
closed
1 week ago
0
Update proc_creation_win_expand_cabinet_files.yml
#5075
MalGamy12
closed
4 days ago
0
AWS IAM user login without MFA
#5074
thuya-hacktilizer
opened
1 week ago
1
Create Suspicious_Access_Attempt_to_the_cert Windows_Share_Possible_C…
#5073
NinnessOtu
opened
2 weeks ago
2
RightToLeft Obfuscation - PowerShell
#5072
FilipPwn
opened
2 weeks ago
1
This is a proposal for SUID Enumeration Using Find
#5071
mlakri
opened
2 weeks ago
2
Susp rdp outlook parent
#5070
Neo23x0
closed
2 weeks ago
0
Add more imgaes to the rule (proc_creation_lnx_omigod_scx_runasprovider_executeshellcommand)
#5069
CheraghiMilad
opened
2 weeks ago
1
Update 3 rules in category/antivirus
#5068
ruppde
closed
2 weeks ago
1
add missing links
#5067
nasbench
closed
2 weeks ago
0
Create microsoft365_teams_guest_rmm_deployment.yml
#5066
prashanthpulisetti
opened
3 weeks ago
4
Promote Older Rules From `experimental` to `test`
#5065
github-actions[bot]
closed
3 weeks ago
0
Update net_dns_pua_cryptocoin_mining_xmr.yml
#5064
Koifman
closed
2 weeks ago
0
Create file_event_win_susp_outlook_rdp.yml
#5063
Neo23x0
closed
3 weeks ago
1
Update README.md - Add Security Onion
#5062
defensivedepth
closed
3 weeks ago
0
Add new rule Email Forwarding Rule - Exchange
#5061
dan21san
closed
4 days ago
1
Update proc_creation_win_schtasks_env_folder.yml
#5060
MalGamy12
closed
3 weeks ago
0
Converted Auditd rules
#5059
defensivedepth
opened
1 month ago
0
Added Fake CAPTCHA Campaign new rules
#5058
ahmedfarou22
closed
2 weeks ago
2
Create win_security_access_to_browser_credential_files.yml
#5057
Koifman
closed
3 weeks ago
2
Adding sigma rules related to Restic for Data Exfiltration and CleanUpLoader(Oyster Backdoor)
#5056
CTI-Driven
opened
1 month ago
0
feat: update multiple rules
#5055
X-Junior
closed
4 weeks ago
0
Update App Role Added based on Microsoft description
#5054
gregorywychowaniec-zt
closed
1 day ago
5
Create proc_creation_win_reg_add_AutoAdminLogon_key.yml
#5053
Mahir-Ali-khan
opened
1 month ago
0
Update rule Powershell Exfiltration Over SMTP considering the attachm…
#5052
dan21san
closed
3 weeks ago
0
Archive New Rule References
#5051
github-actions[bot]
closed
3 weeks ago
0
detect vacuuming of journald as clearing syslog
#5050
wieso-itzi
opened
1 month ago
0
update images of Proc creation lnx local groups
#5049
CheraghiMilad
closed
1 month ago
0
Proc creation lnx os credential dumping 2
#5048
CheraghiMilad
closed
1 month ago
0
Update proc_creation_win_run_from_zip.yml
#5047
CheraghiMilad
opened
1 month ago
1
Add Suspicius Setup16 Parent
#5046
frack113
opened
1 month ago
0
The "Data" field in "filter_main_local_ips" is are mapped to "param3" with winlogbeat
#5045
zambomarcell
closed
1 month ago
1
add new rule for os credential dumping in linux
#5044
CheraghiMilad
closed
1 month ago
0
Adjust 'Python Spawning Pretty TTY' to detect ways to circumvent detection
#5042
wieso-itzi
closed
2 weeks ago
4
Update win_security_register_new_logon_process_by_rubeus.yml
#5041
Koifman
opened
1 month ago
0
add SuspDCSyncTraffic from MS Defender
#5040
ruppde
closed
1 month ago
0
update rule with new images
#5039
CheraghiMilad
closed
1 month ago
0
add: RustiveDump, NativeDump pattern, fix: NanoDump pattern
#5038
Neo23x0
closed
1 month ago
0
Update registry_set_windows_defender_tamper.yml
#5037
MalGamy12
closed
1 month ago
0
Add the Azure connected machine agent
#5036
dan21san
closed
1 month ago
0
Next