issues
search
SigmaHQ
/
sigma
Main Sigma Rule Repository
Other
7.84k
stars
2.12k
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
New Rule: RDP Originating From Domain Controller
#4839
joshnck
closed
1 month ago
0
Rule: Access To Windows Outlook Mail Files By Uncommon Application
#4838
frack113
closed
1 month ago
1
fix: #4820
#4837
nasbench
closed
2 months ago
0
Update AWS Rule to use fieldref modifier instead of contains
#4836
jamesc-grafana
closed
2 months ago
1
Detects Backdoor Kapeka Via Registry Key
#4835
cY83rR0H1t
opened
2 months ago
0
Network connection from Microsoft Dialer
#4834
CertainlyP
closed
2 months ago
0
feat: add forest blizzard rules
#4833
nasbench
closed
2 months ago
0
feat: lolbin updates
#4832
nasbench
closed
2 months ago
0
Kapeka backdoor sigma rules
#4831
swachchhanda000
opened
2 months ago
0
LOLBAS wbadmin rule
#4830
frack113
closed
1 month ago
0
Add Network Connection Initiated By RegAsm.EXE
#4829
frack113
closed
2 months ago
0
build(deps-dev): bump aiohttp from 3.9.0 to 3.9.4
#4828
dependabot[bot]
closed
2 months ago
1
New analytic for python pth files
#4827
netgrain
closed
2 months ago
3
feat: add rule CVE-2024-3400
#4826
nasbench
closed
2 months ago
0
New analytic for CVE-2024-3400
#4825
netgrain
closed
2 months ago
0
New rule - proc_creation_win_pua_netscan.yml
#4824
dan21san
closed
2 months ago
0
Update proc_creation_macos_xattr_gatekeeper_bypass.yml
#4823
pratinavchandra
closed
2 months ago
2
New Rule - net_connection_lnx_susp_malware_callback_port.yml
#4822
hasselj
closed
1 month ago
1
DPAPI backup keys Theft and Export related activities
#4821
CTI-Driven
closed
3 days ago
2
ADS Zone.Identifier Deleted By Uncommon Application when installing PuTTy latest version
#4820
essadek
closed
2 months ago
1
fix: explicitly escape `{` to make it clear that it is a literal
#4819
fukusuket
closed
2 months ago
1
Suspicious keyscrambler child process
#4818
swachchhanda000
closed
1 month ago
0
Archive New Rule References
#4816
github-actions[bot]
closed
2 months ago
0
feat : new malware UA
#4815
X-Junior
closed
2 months ago
0
Add new rule to detect MFA bypass in Cisco Duo
#4814
nikitah4x
closed
2 months ago
0
Add Image to avoid FP
#4813
frack113
closed
2 months ago
0
FPs with "File Enumeration Via Dir Command"
#4812
YamatoSecurity
closed
2 months ago
0
Update proc_creation_lnx_exploit_cve_2024_3094_sshd_child_process.yml
#4811
ruppde
closed
2 months ago
1
Fix references in proc_creation_win_exploit_cve_2017_11882.yml #4804
#4810
TheLawsOfChaos
closed
2 months ago
0
Bump idna from 3.4 to 3.7
#4809
dependabot[bot]
closed
2 months ago
1
FP Bad practice GPO
#4808
frack113
closed
2 months ago
0
Update references and tags
#4807
frack113
closed
2 months ago
0
Potential KeyScrambler.exe DLL Side-loading
#4806
swachchhanda000
closed
2 months ago
3
fix: FP with chocolatey shimgen tool
#4805
phantinuss
closed
2 months ago
0
Update proc_creation_win_exploit_cve_2017_11882.yml
#4804
TheLawsOfChaos
closed
2 months ago
1
Clean useless `.*` in regex
#4803
frack113
closed
2 months ago
2
FP Fixes
#4802
phantinuss
closed
2 months ago
0
Pnscan rule creation
#4801
signalblur
closed
2 months ago
1
Add rule dns_query_win_mega_nz_via_sysmon
#4800
dan21san
closed
2 months ago
1
fix: remove invalid slash in `ServiceDll Hijack` rule
#4799
fukusuket
closed
2 months ago
0
Fix hashes
#4798
PiRomant
closed
2 months ago
0
fix: filter PS1 policy check for AppLocker mode
#4797
phantinuss
closed
2 months ago
0
Add rule about the cve-2024-3094
#4796
dan21san
closed
2 months ago
0
Update lnx_shell_clear_cmd_history.yml
#4795
signalblur
closed
2 months ago
1
Create proc_creation_lnx_susp_sshd_children.yml
#4794
ruppde
closed
2 months ago
0
Update lnx_shell_clear_cmd_history.yml
#4793
signalblur
closed
2 months ago
0
Archive New Rule References
#4792
github-actions[bot]
closed
2 months ago
0
Promote Older Rules From `experimental` to `test`
#4791
github-actions[bot]
closed
2 months ago
0
correct the error message and variable name in test_rules.py
#4790
ya0guang
closed
2 months ago
0
correct a typo in test
#4789
ya0guang
closed
2 months ago
0
Previous
Next