Skip to content

Pull requests: SigmaHQ/sigma

New pull request New
61 Open 4,843 Closed
61 Open 4,843 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

Improve DNS Exfiltration detection logic for Invoke-DNSExfiltrator (#… Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5801 opened Dec 9, 2025 by toheeb-orelope Loading…
1
1
add: Linux Security Capability Set Via Setfattr Utility Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#5800 opened Dec 8, 2025 by EzLucky Loading…
Update Potential Malicious Usage of CloudTrail System Manager Review Needed The PR requires review Rules
#5799 opened Dec 8, 2025 by nasbench Loading… Sigma-January-Release
ci: 🤖 Fix URL for sigma_schema_url Maintenance Related to additions and update of the repository features Ready to Merge Review Needed The PR requires review
#5797 opened Dec 7, 2025 by frack113 Loading…
1
cve-2025-49666 detection rule Additional Data Needed Author Input Required changes the require information from original author of the rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5796 opened Dec 6, 2025 by 17patmaks Loading…
6 tasks done
2
new: CVE-2025-55182 react2shell rules Emerging-Threats Review Needed The PR requires review Rules
#5795 opened Dec 6, 2025 by swachchhanda000 Loading…
@swachchhanda000
7
Add SSH brute force detection rule Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#5792 opened Dec 4, 2025 by LB89-code Draft
2
Metadata Updates - Batch 1 Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5790 opened Dec 3, 2025 by nasbench Loading… Sigma-January-Release
@nasbench
Add Detection Rule for Oracle OIM Pre-Auth Authentication Bypass (CVE-2025-61757) Emerging-Threats Review Needed The PR requires review Rules Work In Progress Some changes are needed
#5781 opened Nov 29, 2025 by YxinMiracle Loading…
5
fix: FPs on docker images Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#5780 opened Nov 28, 2025 by marius-benthin Loading… Sigma-January-Release
@nasbench
15
feat: more edrfreeze rules Maintenance Related to additions and update of the repository features Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5777 opened Nov 27, 2025 by swachchhanda000 Loading…
1
Added rules related to ArcGIS Server Object Extension abuse Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5774 opened Nov 25, 2025 by mbabinski Loading… Sigma-January-Release
16
feat: Shai-Hulud: The Second Coming Rules Emerging-Threats Linux Pull request add/update linux related rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5772 opened Nov 25, 2025 by swachchhanda000 Loading… Sigma-January-Release
1
add: Linux setcap setuid Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#5771 opened Nov 25, 2025 by EzLucky Loading… Sigma-January-Release
5
Add detection rule for Chaos/Darkside Ransomware style hidden Cmd launching suspicious targets Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5767 opened Nov 20, 2025 by vl43den Loading… Sigma-January-Release
@swachchhanda000
2
Add Correlation Support Work In Progress Some changes are needed
#5759 opened Nov 17, 2025 by nasbench Draft
7 tasks
Sigma-January-Release
@nasbench
Add DPI-based network rule for responder footprints detection Additional Data Needed Author Input Required changes the require information from original author of the rules Review Needed The PR requires review Rules
#5751 opened Nov 11, 2025 by cogResearch Loading…
4
feat: phantom DLL hijacking rules Author Input Required changes the require information from original author of the rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5749 opened Nov 10, 2025 by swachchhanda000 Loading… Sigma-January-Release
@swachchhanda000
6
3 New rules Additional Data Needed Author Input Required changes the require information from original author of the rules Rules Windows Pull request add/update windows related rules
#5747 opened Nov 8, 2025 by louiselalanne Loading…
4
new: bindfltapi.dll execution by suspicious process Rules Windows Pull request add/update windows related rules
#5744 opened Nov 6, 2025 by vl43den Loading…
Feat: susp msix/appX package installation detection Maintenance Related to additions and update of the repository features Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5741 opened Nov 3, 2025 by swachchhanda000 Loading… Sigma-January-Release
@nasbench
8
API_Hooking_detection Linux Pull request add/update linux related rules Rules
#5739 opened Nov 2, 2025 by AAtashGar Loading…
1
Add detection rules for abuse of OpenEDR's response features Author Input Required changes the require information from original author of the rules Rules Windows Pull request add/update windows related rules
#5716 opened Oct 22, 2025 by tsale Loading…
9
macOS process create detections related to Bluenoroff macOS intrusion MacOS Pull request add/update macos related rules Rules
#5700 opened Oct 17, 2025 by stuartjash Loading…
1
add detection rule for suspicious use of BrowserCore.exe in PRT extra… Author Input Required changes the require information from original author of the rules Rules Windows Pull request add/update windows related rules Work In Progress Some changes are needed
#5676 opened Oct 3, 2025 by e0909 Loading…
12
ProTip! Type g i on any issue or pull request to go back to the issue listing page.