Skip to content

Pull requests: SigmaHQ/sigma

New pull request New
137 Open 5,025 Closed
137 Open 5,025 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

new: Remote Management Tool - Ninite Execution From Suspicious Context & improve: End User Consent To Application - context, references, FP guidance Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6079 opened Jun 23, 2026 by Lorygold Loading…
new: Potential Browser Cache Smuggling Payload Extraction Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6078 opened Jun 23, 2026 by Tetryl12 Loading…
Add APT36/SideCopy detection rules: CrimsonRAT persistence, XenoRAT task, mshta index.php chain Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6076 opened Jun 23, 2026 by Pyhroff Loading…
Add and update anti virus rules Review Needed The PR requires review Rules
#6075 opened Jun 22, 2026 by ruppde Contributor Loading…
5
Add rule for arbitrary file download via msoxmled.exe (LOLBAS) Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6072 opened Jun 21, 2026 by cor-b Loading…
Add Process Execution From Shared Memory Directory Rule Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#6071 opened Jun 20, 2026 by stanlee786 Loading…
Add Deno child process and non-mail IMAP detections Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6065 opened Jun 14, 2026 by anpa1200 Loading…
fix: detect ADSI local user creation in PowerShell rule Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6064 opened Jun 13, 2026 by raylee-hawkins Loading…
1
new: edrchoker qos throttle rate modification rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6063 opened Jun 12, 2026 by swachchhanda000 Collaborator Loading…
9
new: EDRChoker QoS ThrottleRate Set by WMI Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6062 opened Jun 12, 2026 by 0xtamseel Loading…
Add new powershell rule Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6061 opened Jun 11, 2026 by norbert791 Contributor Loading… Sigma-June-Release
4
update: Suspicious User-Agents Related To Recon Tools Ready to Merge Rules
#6055 opened Jun 8, 2026 by potato-20 Loading… Sigma-June-Release
5
new: susp package execution Linux Pull request add/update linux related rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6054 opened Jun 8, 2026 by swachchhanda000 Collaborator Loading…
Add detection rules for CVE-2026-31431 (CopyFail) Emerging-Threats Review Needed The PR requires review Rules
#6052 opened Jun 7, 2026 by tjs24 Loading…
5
Add machine-readable JSON changelog to releases Maintenance Related to additions and update of the repository features Review Needed The PR requires review
#6050 opened Jun 4, 2026 by ni5h4nt Loading…
1
14
Fix remove documentation from references Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6048 opened Jun 3, 2026 by kurisukun Loading… Sigma-June-Release
3
new: AWS SES Account Availability Discovery Via Long-Lived Access Key Review Needed The PR requires review Rules
#6043 opened Jun 2, 2026 by marcopedrinazzi Contributor Loading…
saakov-aws-1 Review Needed The PR requires review Rules
#6042 opened Jun 2, 2026 by saakovv Contributor Loading…
3
new: windows discovery rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6040 opened Jun 2, 2026 by swachchhanda000 Collaborator Loading…
New Rule - Gogs Rebase RCE Argument Injection via Git --exec Flag (Linux) Additional Data Needed Author Input Required changes the require information from original author of the rules Linux Pull request add/update linux related rules Review Needed The PR requires review Rules Work In Progress Some changes are needed
#6039 opened Jun 2, 2026 by WRG-11 Loading…
3
Add HackTool - Gogo Scanner Execution Rule Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6035 opened May 30, 2026 by Aryu-RU Loading…
1
Add detection for Hyper-V VM forced shutdown (ransomware preparation) Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6034 opened May 29, 2026 by viizohh Loading…
1
new: OpenAI Codex sandbox abuse detection rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6030 opened May 26, 2026 by swachchhanda000 Collaborator Loading…
new: signed dll load with no pe metadata Review Needed The PR requires review Rules Threat-Hunting Windows Pull request add/update windows related rules
#6026 opened May 21, 2026 by swachchhanda000 Collaborator Loading… Sigma-June-Release
1
NEWRULE: AbortHydration MiniPlasma Behaviour (Nightmare Eclipse) Emerging-Threats Review Needed The PR requires review Rules
#6022 opened May 19, 2026 by unresolvedhost Loading…
1
ProTip! Follow long discussions with comments:>50.