Skip to content

Pull requests: SigmaHQ/sigma

New pull request New
106 Open 4,908 Closed
106 Open 4,908 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

Update Clearing Windows Console History with Extended Coverage Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5918 opened Mar 25, 2026 by eriknordstrm Loading…
New: Azure Sign-In With Axios User Agent Review Needed The PR requires review Rules Threat-Hunting
#5917 opened Mar 25, 2026 by marcopedrinazzi Loading…
New rule: Suspicious Kubernetes enumeration or attack
#5916 opened Mar 25, 2026 by laostmann Loading…
net_dns_wildcard_dns_service Review Needed The PR requires review Rules Threat-Hunting Windows Pull request add/update windows related rules
#5915 opened Mar 24, 2026 by Mahir-Ali-khan Loading…
2
Update win_security_user_driver_loaded.yml Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5914 opened Mar 23, 2026 by netikus Loading…
fix: nsswitch.conf legitimate file path Emerging-Threats False-Positive Fix Pull Request fixes a false positive with one of the rules Review Needed The PR requires review Rules
#5913 opened Mar 23, 2026 by marius-benthin Loading… Sigma-March-Release
Update rule Suspicious File Characteristics Due to Missing Fields to include additional values Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5912 opened Mar 23, 2026 by FlorianBracq Loading…
2
add: Windows Defender Disabled Via SystemSettingsAdminFlows.EXE (T1562.001) Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5911 opened Mar 21, 2026 by CHIRAG-DAMANI-08 Loading…
9
change: right-to-left override Author Input Required changes the require information from original author of the rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5910 opened Mar 20, 2026 by EzLucky Loading…
2
add: Cisco Dot1x Disabled Additional Data Needed Author Input Required changes the require information from original author of the rules Review Needed The PR requires review Rules
#5909 opened Mar 18, 2026 by EzLucky Loading…
1
fix: fps and improve metadata of several Linux rules False-Positive Issue reporting a false positive with one of the rules Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#5908 opened Mar 18, 2026 by swachchhanda000 Loading…
feat: Add new Sigma rules for detecting AI-related social engineering… Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5907 opened Mar 18, 2026 by zeemscript Loading…
Add Iranian APT Operation Epic Fury detection rules (LotAccess Windows RAT) Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5906 opened Mar 16, 2026 by paolocostanzo Loading…
1
fix: notepad++ gup infrastructure abuse fps False-Positive Issue reporting a false positive with one of the rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5905 opened Mar 16, 2026 by swachchhanda000 Loading… Sigma-March-Release
Archive New Rule References
#5904 opened Mar 15, 2026 by github-actions bot Loading…
new: Rules for AWS Bedrock LLMJacking Review Needed The PR requires review Rules Threat-Hunting
#5903 opened Mar 13, 2026 by marcopedrinazzi Loading…
feat: Add Evilginx 3.x AiTM detection rules (proxy + webserver) Review Needed The PR requires review Rules
#5902 opened Mar 12, 2026 by CyberLeakWatch Loading…
5 tasks done
update: Important scheduled task manipulation Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5900 opened Mar 11, 2026 by swachchhanda000 Loading…
new: Python Base64 Encoded Inline Command Execution (Windows + Linux) Linux Pull request add/update linux related rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5899 opened Mar 10, 2026 by HueCodes Loading…
Set groups in regular expressions as non capturing Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5898 opened Mar 9, 2026 by FlorianBracq Loading… Sigma-March-Release
1
fix: Split Service Binary in Suspicious Folder into two distinct rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5897 opened Mar 9, 2026 by swachchhanda000 Loading…
1
Add Azure AD password spray detection via SigninLogs (T1110.003) Review Needed The PR requires review Rules
#5896 opened Mar 8, 2026 by truvineweb Loading…
feat: addition of EDR disabling through mitigation options Author Input Required changes the require information from original author of the rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5895 opened Mar 7, 2026 by kurisukun Loading…
2
new: AppLocker Audit Mode - Application or Script Would Have Been Blo… Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5894 opened Mar 6, 2026 by heyyanu Loading…
4
Rename action from 'codespaces.delete' to 'codespaces.destroy' Ready to Merge Rules
#5893 opened Mar 4, 2026 by st0pp3r Loading… Sigma-March-Release
ProTip! Find all pull requests that aren't related to any open issues with -linked:issue.