Skip to content

Pull requests: SigmaHQ/sigma

New pull request New
96 Open 4,598 Closed
96 Open 4,598 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

[New Rule] - Password Never Expires Set via WMI 2nd Review Needed PR need a second approval Rules Windows Pull request add/update windows related rules
#5568 opened Jul 30, 2025 by Koifman Loading…
3
[New Rule] - Registry Manipulation via WMI Stdregprov 2nd Review Needed PR need a second approval Rules Windows Pull request add/update windows related rules
#5567 opened Jul 30, 2025 by Koifman Loading…
5
Create Suspicious UI Automation Named Pipe Creation Rules Windows Pull request add/update windows related rules
#5560 opened Jul 29, 2025 by prashanthpulisetti Loading…
chore: bump pySigma-validators-sigmahq to 0.10 Maintenance Related to additions and update of the repository features Review Needed The PR requires review
#5557 opened Jul 29, 2025 by phantinuss Loading…
Create UI Automation Core DLL Loading Detection Rules Windows Pull request add/update windows related rules
#5555 opened Jul 29, 2025 by prashanthpulisetti Loading…
3
Add Sigma rule for detecting API Hooking via auditd syscalls in Linux (T1056.004) Linux Pull request add/update linux related rules Rules
#5551 opened Jul 28, 2025 by AAtashGar Loading…
[New Rule] - Unusual svchost Command Line Parameter Rules Windows Pull request add/update windows related rules
#5550 opened Jul 28, 2025 by Liran017 Loading…
8
update: windowsInstaller com object related rules Rules Windows Pull request add/update windows related rules
#5548 opened Jul 28, 2025 by swachchhanda000 Loading…
5
Add Sigma rule for detecting suspicious Zeek LDAP queries Rules
#5547 opened Jul 28, 2025 by AAtashGar Loading…
1
Suspicious Process Spawning from IIS Worker Process Chain (aka Webshell Indicator) - Covering SharePoint CVE-2025-53770 ToolShell Rules Windows Pull request add/update windows related rules
#5546 opened Jul 26, 2025 by TristanInSec Loading…
6 tasks done
2
feat: potential dll side-loading attempt by java process 2nd Review Needed PR need a second approval Rules Windows Pull request add/update windows related rules
#5544 opened Jul 25, 2025 by swachchhanda000 Loading…
4
Fix: Use correct dash type in Azure cert/cred update rule Rules
#5542 opened Jul 23, 2025 by peterydzynski Loading…
4
feat: execution of robocopy to copy files to or file from file share 2nd Review Needed PR need a second approval Rules Windows Pull request add/update windows related rules
#5540 opened Jul 23, 2025 by swachchhanda000 Loading…
4
New Sigma Rule : AWS GuardDuty Detector Deleted Or Updated Added Rules
#5536 opened Jul 20, 2025 by suKTech24 Loading…
7
fix: GitHub issues 2nd Review Needed PR need a second approval Emerging-Threats Linux Pull request add/update linux related rules Rules Windows Pull request add/update windows related rules
#5533 opened Jul 18, 2025 by swachchhanda000 Loading… Sigma-August-Release
8
Fix more rules 2nd Review Needed PR need a second approval Maintenance Related to additions and update of the repository features Rules Windows Pull request add/update windows related rules
#5532 opened Jul 18, 2025 by swachchhanda000 Loading…
3
Fix: FileFix - Suspicious Child Process from Browser File Upload Abuse Rules Windows Pull request add/update windows related rules Work In Progress Some changes are needed
#5527 opened Jul 16, 2025 by seanthegeek Loading…
8
feat: WinRAR Creating Files in Startup Locations - CVE-2025-6218 Emerging-Threats Rules Windows Pull request add/update windows related rules
#5525 opened Jul 16, 2025 by swachchhanda000 Loading…
Suspicious Use of for Loop with Directory Search in CMD Rules Windows Pull request add/update windows related rules
#5519 opened Jul 10, 2025 by jstnk9 Loading…
13
fix: Office 365 Apps Related False Positives 2nd Review Needed PR need a second approval Rules Windows Pull request add/update windows related rules
#5517 opened Jul 9, 2025 by swachchhanda000 Loading…
11
[New Rule] - Detect NTFS symlink behavior modifications using fsutil command Rules Windows Pull request add/update windows related rules Work In Progress Some changes are needed
#5504 opened Jun 30, 2025 by tsale Loading…
@nasbench
1
feat: Reg shell open command Rules Windows Pull request add/update windows related rules
#5487 opened Jun 17, 2025 by swachchhanda000 Loading…
Update: Suspicious Copy From or To System Directory 2nd Review Needed PR need a second approval Rules Windows Pull request add/update windows related rules
#5482 opened Jun 16, 2025 by swachchhanda000 Loading…
6
update: SquiblyTwo Related Rules Rules Windows Pull request add/update windows related rules
#5476 opened Jun 12, 2025 by swachchhanda000 Loading…
4
feat: Renamed Schtasks Execution 2nd Review Needed PR need a second approval Rules Windows Pull request add/update windows related rules
#5475 opened Jun 12, 2025 by swachchhanda000 Loading…
7
ProTip! Follow long discussions with comments:>50.