issues
search
SigmaHQ
/
sigma
Main Sigma Rule Repository
Other
8.19k
stars
2.17k
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
COM Object Hijacking Update
#5026
X-Junior
opened
20 hours ago
0
Could not compile rule
#5025
TheDudeasap
closed
2 days ago
2
new_rules
#5023
saakovv
opened
6 days ago
0
some typos
#5022
jaegeral
closed
1 week ago
1
aws_new_rules
#5021
saakovv
opened
1 week ago
1
Add detection rule for MeshAgent command execution
#5020
tsale
closed
1 week ago
0
github-new-rules
#5018
saakovv
opened
1 week ago
1
Modify or Delete AWS RDS Cluster
#5017
saakovv
opened
1 week ago
0
CreateFunctionUrlConfig
#5016
saakovv
opened
1 week ago
0
DeleteSAMLProvider AWS
#5015
saakovv
opened
1 week ago
0
remove the dual use tool nmap from "Linux HackTool Execution"
#5013
ruppde
closed
1 week ago
0
Added the string corresponding to "{"alg":" since some token headers start with this
#5012
ionsor
opened
1 week ago
1
Wrong filter in " Kerberoasting Activity - Initial Query" rule condition?
#5011
zambomarcell
opened
1 week ago
2
sigma rules around using MSI for privilege escalation
#5010
sec-hbaer
opened
1 week ago
0
Archive New Rule References
#5009
github-actions[bot]
closed
1 week ago
0
Update proc_creation_win_hktl_certipy.yml
#5008
BlackB0lt
opened
2 weeks ago
0
Fix resolve unreachable(404) GitHub URL reference
#5007
fukusuket
closed
2 weeks ago
0
FP miss the all modifier
#5006
frack113
closed
2 weeks ago
1
Update lnx_auth_pwnkit_local_privilege_escalation.yml
#5005
bharat-arora-magnet
closed
2 weeks ago
2
Create proc_creation_win_code_devtunnel_tunneling.yaml
#5004
0xAnalyst
opened
2 weeks ago
7
BTunnels Detection for Data Exfiltration
#5003
deFr0ggy
closed
2 weeks ago
0
feat: more unicode obfuscation
#5002
secDre4mer
closed
3 weeks ago
1
New Rule: win_security_gpo_startup_script.yml
#5001
joshnck
closed
3 weeks ago
0
Add logic to win_security_gpo_scheduledtasks.yml
#5000
joshnck
closed
3 weeks ago
0
New Rule: win_security_gp_priv_escalation.yml
#4999
joshnck
closed
3 weeks ago
0
New Rule for Unusual DNS Queries from Windows Scripting Hosts
#4998
joshnck
closed
3 weeks ago
2
PowerShell Web Access
#4997
MHaggis
closed
3 weeks ago
0
Sigma yaml nesting question
#4996
djlukic
closed
3 weeks ago
1
feat: check for processes deleting themselves
#4995
secDre4mer
closed
3 weeks ago
0
Sigma FP fixes
#4994
djlukic
opened
3 weeks ago
5
Fix Issues
#4993
nasbench
closed
3 weeks ago
0
Archive New Rule References
#4992
github-actions[bot]
closed
3 weeks ago
0
Promote Older Rules From `experimental` to `test`
#4991
github-actions[bot]
closed
3 weeks ago
0
Add rule net_connection_win_anydesk_incoming_connection
#4990
dan21san
closed
3 weeks ago
0
Installation of 'elasticsearch' backend plugin not working for sigma cli
#4989
v1p3r0u5
closed
1 month ago
2
Add Sigma rule for CVE-2024-38063 IPv6 memory corruption detection
#4988
zenzue
opened
1 month ago
1
MacOS rule filter for wifivelocityd false positives
#4987
peterydzynski
closed
1 month ago
5
Sigma rules FP fixes
#4986
djlukic
closed
1 month ago
2
feat: add more groups used for LDAP reconnaissance
#4985
secDre4mer
closed
1 month ago
0
Certificate Exported in Microsoft-Windows-Folder Redirection/Operational
#4984
djlukic
closed
1 month ago
5
Add Rule: `Task Scheduler DLL Loaded By Application Located In Potentially Suspicious Location`
#4983
swachchhanda000
closed
3 weeks ago
0
Update old rules services/scheduled task tampering
#4982
X-Junior
closed
1 month ago
0
Event Action data missing apostrophes
#4981
djlukic
closed
1 month ago
5
Update dns_query_win_remote_access_software_domains_non_browsers.yml
#4980
Mahir-Ali-khan
closed
2 weeks ago
0
Renamed ZOHO Dctask64 Execution is creating 30.000 alerts / hour in Security Onion
#4979
Carlos-mb
closed
1 month ago
8
Add Rule: `Multi Factor Authentication Disabled For User Account`
#4978
cyb3rjy0t
closed
1 month ago
0
Add Rule: `User Risk and MFA Registration Policy Updated`
#4977
cyb3rjy0t
closed
1 month ago
0
Create azure_mfa_device_added_or_modified.yml
#4976
cyb3rjy0t
closed
1 month ago
1
experimental gtfobin shell breakout detections
#4975
Murphy0801
closed
3 weeks ago
2
New Rule: Potentially Suspicious Rundll32.EXE Execution of UDL File
#4974
tsale
closed
1 month ago
1
Next