-
-
Notifications
You must be signed in to change notification settings - Fork 2.7k
Pull requests: SigmaHQ/sigma
Author
Label
Projects
Milestones
Reviews
Assignee
Sort
Pull requests list
Add rule: potential NTLM authentication coercion tool execution
Review Needed
The PR requires review
Rules
Windows
Pull request add/update windows related rules
#6111
opened Jul 5, 2026 by
ashish-cybersec
Loading…
add: NetSupport Manager RAT cleartext HTTP C2 detection (Zeek)
Review Needed
The PR requires review
Rules
#6110
opened Jul 5, 2026 by
cyberlandji
Loading…
RoguePlanet Exploit Rules
Emerging-Threats
Review Needed
The PR requires review
Rules
#6109
opened Jul 4, 2026 by
st0pp3r
Contributor
Loading…
Add rule for LLM agent indirect prompt injection detection
Review Needed
The PR requires review
Rules
#6108
opened Jul 3, 2026 by
Batina-Jennifer
Loading…
fix: net user rules coverage and deprecate redundant rule
Review Needed
The PR requires review
Rules
Windows
Pull request add/update windows related rules
#6107
opened Jul 3, 2026 by
swachchhanda000
Collaborator
Loading…
Add proxy rule: Base64 Encoded URL In Web Request
Review Needed
The PR requires review
Rules
#6106
opened Jul 3, 2026 by
Usurper-Vladimir
Loading…
Add rule detecting inbound SSH drops on MikroTik WAN
Review Needed
The PR requires review
Rules
#6105
opened Jul 2, 2026 by
OriolesMagic333
Loading…
1 task done
Add rule: indirect command execution via scp.exe
Review Needed
The PR requires review
Rules
Windows
Pull request add/update windows related rules
#6104
opened Jul 2, 2026 by
ashish-cybersec
Loading…
Add rule: arbitrary command execution via git config override
Review Needed
The PR requires review
Rules
Windows
Pull request add/update windows related rules
#6103
opened Jul 2, 2026 by
ashish-cybersec
Loading…
new: wmi activity ntEventLogFile ClearEventLog failed attempts
Review Needed
The PR requires review
Rules
Windows
Pull request add/update windows related rules
#6100
opened Jul 2, 2026 by
swachchhanda000
Collaborator
Loading…
Add detection for PnPUtil driver and device removal activity
Review Needed
The PR requires review
Rules
Windows
Pull request add/update windows related rules
#6099
opened Jul 1, 2026 by
Kvvvvvvvvv
Loading…
Add cross-platform discovery/collection rules
Linux
Pull request add/update linux related rules
MacOS
Pull request add/update macos related rules
Review Needed
The PR requires review
Rules
Windows
Pull request add/update windows related rules
#6095
opened Jun 29, 2026 by
einlamye
Contributor
Loading…
Add Sysinternals tooling and driver/UAC detection rules
Review Needed
The PR requires review
Rules
Windows
Pull request add/update windows related rules
#6094
opened Jun 29, 2026 by
einlamye
Contributor
Loading…
Add Active Directory / Kerberos attack detection rules
Review Needed
The PR requires review
Rules
Windows
Pull request add/update windows related rules
#6093
opened Jun 29, 2026 by
einlamye
Contributor
Loading…
Add ADS abuse and signed-binary LOLBIN detection rules
Review Needed
The PR requires review
Rules
Windows
Pull request add/update windows related rules
#6092
opened Jun 29, 2026 by
einlamye
Contributor
Loading…
Enrich ATT&CK tags (T1654/T1652) and dedupe bcdedit safeboot logic
Review Needed
The PR requires review
Rules
Threat-Hunting
Windows
Pull request add/update windows related rules
#6091
opened Jun 29, 2026 by
einlamye
Contributor
Loading…
rules/windows: add Dev Tunnel hosting or creation process_creation rule
Review Needed
The PR requires review
Rules
Windows
Pull request add/update windows related rules
#6089
opened Jun 28, 2026 by
BL3IP
Loading…
rules: add AWS Secrets Manager BatchGetSecretValue bulk retrieval (T1555.006)
Review Needed
The PR requires review
Rules
#6086
opened Jun 27, 2026 by
adamalizeerj
Loading…
new: Dindoor Backdoor Malware rule
Emerging-Threats
Review Needed
The PR requires review
Rules
#6083
opened Jun 25, 2026 by
marcopedrinazzi
Contributor
Loading…
Add detection for Lynx Ransomware execution flags
Review Needed
The PR requires review
Rules
Windows
Pull request add/update windows related rules
#6082
opened Jun 25, 2026 by
Swarup-Ingale
Loading…
6 tasks done
Add Sigma rule for AWS Bedrock model invocation logging config deletion
Review Needed
The PR requires review
Rules
#6081
opened Jun 25, 2026 by
ahmed-raza-shaikh
Loading…
ci: pin and cache Python dependencies for reproducible builds
Maintenance
Related to additions and update of the repository features
Review Needed
The PR requires review
#6080
opened Jun 24, 2026 by
a0merr
Loading…
new: Remote Management Tool - Ninite Execution From Suspicious Context & improve: End User Consent To Application - context, references, FP guidance
Review Needed
The PR requires review
Rules
Windows
Pull request add/update windows related rules
#6079
opened Jun 23, 2026 by
Lorygold
Loading…
new: Potential Browser Cache Smuggling Payload Extraction
Review Needed
The PR requires review
Rules
Windows
Pull request add/update windows related rules
#6078
opened Jun 23, 2026 by
Tetryl12
Loading…
Add rule for arbitrary file download via msoxmled.exe (LOLBAS)
Author Input Required
changes the require information from original author of the rules
Review Needed
The PR requires review
Rules
Windows
Pull request add/update windows related rules
Work In Progress
Some changes are needed
#6072
opened Jun 21, 2026 by
cor-b
Loading…
Previous Next
ProTip!
Updated in the last three days: updated:>2026-07-02.