Skip to content

Pull requests: SigmaHQ/sigma

New pull request New
94 Open 4,586 Closed
94 Open 4,586 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

Add Sigma rule for detecting API Hooking via auditd syscalls in Linux (T1056.004) Linux Pull request add/update linux related rules Rules
#5551 opened Jul 28, 2025 by AAtashGar Loading…
[New Rule] - Unusual svchost Command Line Parameter Rules Windows Pull request add/update windows related rules
#5550 opened Jul 28, 2025 by Liran017 Loading…
1
update: windowsInstaller com object related rules Rules Windows Pull request add/update windows related rules
#5548 opened Jul 28, 2025 by swachchhanda000 Loading…
5
Add Sigma rule for detecting suspicious Zeek LDAP queries Rules
#5547 opened Jul 28, 2025 by AAtashGar Loading…
1
Suspicious Process Spawning from IIS Worker Process Chain (aka Webshell Indicator) - Covering SharePoint CVE-2025-53770 ToolShell Rules Windows Pull request add/update windows related rules
#5546 opened Jul 26, 2025 by TristanInSec Loading…
6 tasks done
update Potential SharePoint ToolShell CVE-2025-53770 Exploitation Indicators rule Emerging-Threats Rules
#5545 opened Jul 25, 2025 by dan21san Loading…
2
feat: potential dll side-loading attempt by java process Rules Windows Pull request add/update windows related rules
#5544 opened Jul 25, 2025 by swachchhanda000 Loading…
4
Fix: Use correct dash type in Azure cert/cred update rule Rules
#5542 opened Jul 23, 2025 by peterydzynski Loading…
2
feat: execution of robocopy to copy files to or file from file share Rules Windows Pull request add/update windows related rules
#5540 opened Jul 23, 2025 by swachchhanda000 Loading…
4
feat: potential spear-phishing through svg files Ready to Merge Rules Windows Pull request add/update windows related rules
#5538 opened Jul 22, 2025 by swachchhanda000 Loading…
9
New Sigma Rule : AWS GuardDuty Detector Deleted Or Updated Added Rules
#5536 opened Jul 20, 2025 by suKTech24 Loading…
5
fix: GitHub issues 2nd Review Needed PR need a second approval Emerging-Threats Linux Pull request add/update linux related rules Rules Windows Pull request add/update windows related rules
#5533 opened Jul 18, 2025 by swachchhanda000 Loading… Sigma-August-Release
8
Fix more rules 2nd Review Needed PR need a second approval Maintenance Related to additions and update of the repository features Rules Windows Pull request add/update windows related rules
#5532 opened Jul 18, 2025 by swachchhanda000 Loading…
3
Fix: FileFix - Suspicious Child Process from Browser File Upload Abuse Rules Windows Pull request add/update windows related rules Work In Progress Some changes are needed
#5527 opened Jul 16, 2025 by seanthegeek Loading…
8
feat: WinRAR Creating Files in Startup Locations - CVE-2025-6218 Emerging-Threats Rules Windows Pull request add/update windows related rules
#5525 opened Jul 16, 2025 by swachchhanda000 Loading…
Suspicious Use of for Loop with Directory Search in CMD Rules Windows Pull request add/update windows related rules
#5519 opened Jul 10, 2025 by jstnk9 Loading…
13
fix: Office 365 Apps Related False Positives 2nd Review Needed PR need a second approval Rules Windows Pull request add/update windows related rules
#5517 opened Jul 9, 2025 by swachchhanda000 Loading…
11
[New Rule] - Detect NTFS symlink behavior modifications using fsutil command Rules Windows Pull request add/update windows related rules Work In Progress Some changes are needed
#5504 opened Jun 30, 2025 by tsale Loading…
@nasbench
1
feat: Reg shell open command Rules Windows Pull request add/update windows related rules
#5487 opened Jun 17, 2025 by swachchhanda000 Loading…
Update: Suspicious Copy From or To System Directory Rules Windows Pull request add/update windows related rules
#5482 opened Jun 16, 2025 by swachchhanda000 Loading…
6
update: SquiblyTwo Related Rules Rules Windows Pull request add/update windows related rules
#5476 opened Jun 12, 2025 by swachchhanda000 Loading…
4
feat: Renamed Schtasks Execution Rules Windows Pull request add/update windows related rules
#5475 opened Jun 12, 2025 by swachchhanda000 Loading…
7
Process Name Masquerading Linux Pull request add/update linux related rules Rules
#5470 opened Jun 5, 2025 by CheraghiMilad Loading…
Hacktool - Defendnot Execution 2nd Review Needed PR need a second approval Rules Windows Pull request add/update windows related rules
#5469 opened Jun 5, 2025 by swachchhanda000 Loading…
8
fix: make use of enriched auditd fields Linux Pull request add/update linux related rules Rules
#5468 opened Jun 5, 2025 by phantinuss Loading…
ProTip! Updated in the last three days: updated:>2025-07-25.