Skip to content

Pull requests: SigmaHQ/sigma

New pull request New
112 Open 4,924 Closed
112 Open 4,924 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

new: RedSun Execution Indicators Emerging-Threats Review Needed The PR requires review Rules
#5941 opened Apr 17, 2026 by swachchhanda000 Collaborator Loading…
3
New rule: Suspicious DNS Query to Known Exfil Domain or Uncommon TLD … Review Needed The PR requires review Rules
#5940 opened Apr 17, 2026 by lanceterminal Loading…
chore: changed file extension from yaml to yml in opencanary rules Ready to Merge Rules
#5938 opened Apr 16, 2026 by marcopedrinazzi Contributor Loading… Sigma-April-Release
1
chore: set specific subtechnique and author format in fortigate rules Review Needed The PR requires review Rules
#5937 opened Apr 15, 2026 by marcopedrinazzi Contributor Loading…
Adding XXE Injection Detection Rule Review Needed The PR requires review Rules
#5936 opened Apr 14, 2026 by Vijay-Kishore-A Loading…
4
New Rule: M365 Exchange BEC Behavioral Indicators Review Needed The PR requires review Rules
#5934 opened Apr 13, 2026 by lanceterminal Loading…
Update net_dns_external_service_interaction_domains.yml Review Needed The PR requires review Rules
#5933 opened Apr 11, 2026 by Mahir-Ali-khan Contributor Loading…
1
Add Exchange inbox rule external forwarding and suppression detection (M365) Review Needed The PR requires review Rules
#5931 opened Apr 8, 2026 by lanceterminal Loading…
new: EvilTokens PhaaS phishing detection via email security gat… Emerging-Threats Review Needed The PR requires review Rules
#5930 opened Apr 4, 2026 by uniqu3-us3r Loading…
new: AWS CloudTrail General Discovery and Reconnaissance API Calls Review Needed The PR requires review Rules
#5929 opened Apr 1, 2026 by uniqu3-us3r Loading…
Hacktool - NetExec Execution Ready to Merge Rules Windows Pull request add/update windows related rules
#5922 opened Mar 30, 2026 by CHIRAG-DAMANI-08 Loading… Sigma-April-Release
11
new: RegPwn CVE-2026-24291 rules Emerging-Threats Review Needed The PR requires review Rules
#5919 opened Mar 27, 2026 by swachchhanda000 Collaborator Loading…
7
Update Clearing Windows Console History with Extended Coverage Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5918 opened Mar 25, 2026 by eriknordstrm Loading…
1
New: Azure Sign-In With Axios User Agent Review Needed The PR requires review Rules Threat-Hunting
#5917 opened Mar 25, 2026 by marcopedrinazzi Contributor Loading… Sigma-April-Release
5
new: Potential Kubernetes Enumeration Activity
#5916 opened Mar 25, 2026 by uniqu3-us3r Loading… Sigma-April-Release
9
DNS Query to Wildcard DNS Services Review Needed The PR requires review Rules Threat-Hunting Windows Pull request add/update windows related rules
#5915 opened Mar 24, 2026 by Mahir-Ali-khan Contributor Loading… Sigma-April-Release
7
Update rule Suspicious File Characteristics Due to Missing Fields to include additional values Question Review Needed The PR requires review Rules Windows Pull request add/update windows related rules Work In Progress Some changes are needed
#5912 opened Mar 23, 2026 by FlorianBracq Contributor Loading…
4
add: Windows Defender Disabled Via SystemSettingsAdminFlows.EXE (T1562.001) Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5911 opened Mar 21, 2026 by CHIRAG-DAMANI-08 Loading…
9
add: Cisco Dot1x Disabled Review Needed The PR requires review Rules
#5909 opened Mar 18, 2026 by EzLucky Contributor Loading…
4
fix: fps and improve metadata of several Linux rules False-Positive Issue reporting a false positive with one of the rules Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#5908 opened Mar 18, 2026 by swachchhanda000 Collaborator Loading…
feat: Add new Sigma rules for detecting AI-related social engineering… Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5907 opened Mar 18, 2026 by zeemscript Loading…
1
fix: notepad++ gup infrastructure abuse fps False-Positive Issue reporting a false positive with one of the rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5905 opened Mar 16, 2026 by swachchhanda000 Collaborator Loading… Sigma-April-Release
Archive New Rule References
#5904 opened Mar 15, 2026 by github-actions bot Loading…
new: Rules for AWS Bedrock LLMJacking Review Needed The PR requires review Rules Threat-Hunting
#5903 opened Mar 13, 2026 by marcopedrinazzi Contributor Loading…
feat: Add Evilginx 3.x AiTM detection rules (proxy + webserver) Review Needed The PR requires review Rules
#5902 opened Mar 12, 2026 by CyberLeakWatch Loading…
5 tasks done
ProTip! What’s not been updated in a month: updated:<2026-03-19.