Skip to content

Pull requests: SigmaHQ/sigma

New pull request New
65 Open 4,838 Closed
65 Open 4,838 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

add: Linux Security Capability Set Via Setfattr Utility Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#5800 opened Dec 8, 2025 by EzLucky Loading…
Update Potential Malicious Usage of CloudTrail System Manager Review Needed The PR requires review Rules
#5799 opened Dec 8, 2025 by nasbench Loading… Sigma-January-Release
fix: aurora fps Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5798 opened Dec 8, 2025 by swachchhanda000 Loading…
2
ci: 🤖 Fix URL for sigma_schema_url Maintenance Related to additions and update of the repository features Ready to Merge Review Needed The PR requires review
#5797 opened Dec 7, 2025 by frack113 Loading…
1
cve-2025-49666 detection rule Additional Data Needed Author Input Required changes the require information from original author of the rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5796 opened Dec 6, 2025 by 17patmaks Loading…
6 tasks done
2
new: CVE-2025-55182 react2shell rules Emerging-Threats Review Needed The PR requires review Rules
#5795 opened Dec 6, 2025 by swachchhanda000 Loading…
@swachchhanda000
7
Add SSH brute force detection rule Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#5792 opened Dec 4, 2025 by LB89-code Draft
2
bugfix: update proc_creation_macos_gui_input_capture.yml - osascript … MacOS Pull request add/update macos related rules Ready to Merge Review Needed The PR requires review Rules
#5791 opened Dec 4, 2025 by Niicolaa Loading… Sigma-January-Release
4
Metadata Updates - Batch 1 Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5790 opened Dec 3, 2025 by nasbench Loading… Sigma-January-Release
@nasbench
fix: Add fps filter observed on ARM-based Windows updates Ready to Merge Rules Windows Pull request add/update windows related rules
#5789 opened Dec 3, 2025 by swachchhanda000 Loading… Sigma-January-Release
15
Recon via RDP Logging Event Ready to Merge Rules Windows Pull request add/update windows related rules
#5788 opened Dec 3, 2025 by swachchhanda000 Loading… Sigma-January-Release
2
Add Detection Rule for Oracle OIM Pre-Auth Authentication Bypass (CVE-2025-61757) Emerging-Threats Review Needed The PR requires review Rules Work In Progress Some changes are needed
#5781 opened Nov 29, 2025 by YxinMiracle Loading…
5
fix: FPs on docker images Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#5780 opened Nov 28, 2025 by marius-benthin Loading… Sigma-January-Release
@nasbench
15
fix: add some filters or tune rules to reduce false positives Ready to Merge Rules Windows Pull request add/update windows related rules
#5778 opened Nov 27, 2025 by swachchhanda000 Loading… Sigma-January-Release
6
feat: more edrfreeze rules Maintenance Related to additions and update of the repository features Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5777 opened Nov 27, 2025 by swachchhanda000 Loading…
1
Added rules related to ArcGIS Server Object Extension abuse Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5774 opened Nov 25, 2025 by mbabinski Loading… Sigma-January-Release
16
feat: Shai-Hulud: The Second Coming Rules Emerging-Threats Linux Pull request add/update linux related rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5772 opened Nov 25, 2025 by swachchhanda000 Loading… Sigma-January-Release
1
add: Linux setcap setuid Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#5771 opened Nov 25, 2025 by EzLucky Loading… Sigma-January-Release
5
Add detection rule for Chaos/Darkside Ransomware style hidden Cmd launching suspicious targets Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5767 opened Nov 20, 2025 by vl43den Loading… Sigma-January-Release
@swachchhanda000
2
Add Correlation Support Work In Progress Some changes are needed
#5759 opened Nov 17, 2025 by nasbench Draft
7 tasks
Sigma-January-Release
@nasbench
Add DPI-based network rule for responder footprints detection Additional Data Needed Author Input Required changes the require information from original author of the rules Review Needed The PR requires review Rules
#5751 opened Nov 11, 2025 by cogResearch Loading…
4
feat: phantom DLL hijacking rules Author Input Required changes the require information from original author of the rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5749 opened Nov 10, 2025 by swachchhanda000 Loading… Sigma-January-Release
@swachchhanda000
6
3 New rules Additional Data Needed Author Input Required changes the require information from original author of the rules Rules Windows Pull request add/update windows related rules
#5747 opened Nov 8, 2025 by louiselalanne Loading…
4
new: bindfltapi.dll execution by suspicious process Rules Windows Pull request add/update windows related rules
#5744 opened Nov 6, 2025 by vl43den Loading…
Feat: susp msix/appX package installation detection Maintenance Related to additions and update of the repository features Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5741 opened Nov 3, 2025 by swachchhanda000 Loading… Sigma-January-Release
@nasbench
8
ProTip! Add no:assignee to see everything that’s not assigned.