Skip to content

Pull requests: SigmaHQ/sigma

New pull request New
129 Open 4,987 Closed
129 Open 4,987 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

new: 7 Sigma rules — ArcaneDoor / UAT-4356 Cisco ASA campaign (LINE DANCER, LINE RUNNER, LINE VIPER, FIRESTARTER) Review Needed The PR requires review Rules
#6023 opened May 19, 2026 by CrunchyJohnHaven Loading…
1
NEWRULE: AbortHydration MiniPlasma Behaviour (Nightmare Eclipse) Emerging-Threats Review Needed The PR requires review Rules
#6022 opened May 19, 2026 by unresolvedhost Loading…
1
Update the detection logic of Suspicious Start-Process PassThru and added the alias saps Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6021 opened May 18, 2026 by eriknordstrm Loading…
1
New rule to detect RondoDox botnet activity Emerging-Threats Review Needed The PR requires review Rules
#6020 opened May 18, 2026 by marcopedrinazzi Contributor Loading…
fix: reduce false positives across multiple Windows rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6019 opened May 18, 2026 by swachchhanda000 Collaborator Loading…
New detections for AWS IAM privilege escalation Review Needed The PR requires review Rules
#6018 opened May 16, 2026 by privet-username Loading…
new: OpenClaw AI agent family detection rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6017 opened May 16, 2026 by 0xdavidel Loading…
Add Azure Entra ID rules: SP credential addition and admin consent high-risk permission Review Needed The PR requires review Rules
#6016 opened May 16, 2026 by descambiado Loading…
docs: add ATR (Agent Threat Rules) to the list of tools supporting Sigma Maintenance Related to additions and update of the repository features Review Needed The PR requires review
#6015 opened May 16, 2026 by eeee2345 Loading…
Archive New Rule References
#6014 opened May 15, 2026 by github-actions Bot Loading…
update: Potential Netcat Reverse Shell Execution - add nc.openbsd and nc.traditional binary matches Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#6013 opened May 14, 2026 by Bit-ByteBandit Loading…
Add Azure Entra ID identity attack detections (6 rules) Review Needed The PR requires review Rules
#6012 opened May 14, 2026 by descambiado Loading…
fix: Add filter for empty cmd /c argument false positive Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6010 opened May 13, 2026 by PachkaKofe04 Loading…
1
feat: add mini shai-hulud supply-chain malware detection rules Additional Data Needed Author Input Required changes the require information from original author of the rules Emerging-Threats Review Needed The PR requires review Rules Work In Progress Some changes are needed
#6008 opened May 12, 2026 by leogasparini Loading…
5
update: expand LOLBIN file-drop detection coverage Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6007 opened May 11, 2026 by swachchhanda000 Collaborator Loading…
CVE-2026-41940 - cPanel and WHM CRLF authentication bypass detection Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#6006 opened May 10, 2026 by cocopollo Loading…
Add rule for Win connection to suspicious WiFi Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6005 opened May 10, 2026 by privet-username Loading… Sigma-May-Release
6
Add 10 Sigma rules for Atlassian Cloud and Jira audit events Maintenance Related to additions and update of the repository features Review Needed The PR requires review Rules
#6004 opened May 10, 2026 by saakovv Contributor Loading…
Add 7 Sigma rules for 1Password audit events Review Needed The PR requires review Rules
#6002 opened May 10, 2026 by saakovv Contributor Loading…
new: 13 Linux detection rules Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#6001 opened May 10, 2026 by saakovv Contributor Loading…
1 task done
Add modprobe authencesn crypto module detection for CopyFail CVE-2026-31431 exploit Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#6000 opened May 10, 2026 by gkazimiarovich Contributor Loading…
new: 9 Google Workspace detection rules for missing coverage Review Needed The PR requires review Rules
#5999 opened May 9, 2026 by saakovv Contributor Loading…
1 task done
new: 15 Google Cloud Platform audit detection rules for missing coverage Review Needed The PR requires review Rules
#5998 opened May 9, 2026 by saakovv Contributor Loading…
new: 12 GitHub Audit Log detection rules for missing coverage Review Needed The PR requires review Rules
#5997 opened May 9, 2026 by saakovv Contributor Loading…
Saakov-aws Review Needed The PR requires review Rules
#5996 opened May 9, 2026 by saakovv Contributor Loading…
ProTip! Follow long discussions with comments:>50.