Skip to content

Pull requests: SigmaHQ/sigma

New pull request New
130 Open 5,021 Closed
130 Open 5,021 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

fix: detect ADSI local user creation in PowerShell rule Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6064 opened Jun 13, 2026 by raylee-hawkins Loading…
1
new: edrchoker qos throttle rate modification rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6063 opened Jun 12, 2026 by swachchhanda000 Collaborator Loading…
9
new: QoS ThrottleRate Set by WMI Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6062 opened Jun 12, 2026 by 0xtamseel Loading…
Add new powershell rule Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6061 opened Jun 11, 2026 by norbert791 Contributor Loading… Sigma-June-Release
1
update: Suspicious User-Agents Related To Recon Tools Ready to Merge Rules
#6055 opened Jun 8, 2026 by potato-20 Loading… Sigma-June-Release
5
new: susp package execution Linux Pull request add/update linux related rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6054 opened Jun 8, 2026 by swachchhanda000 Collaborator Loading…
Add detection rules for CVE-2026-31431 (CopyFail) Emerging-Threats Review Needed The PR requires review Rules
#6052 opened Jun 7, 2026 by tjs24 Loading…
5
Add machine-readable JSON changelog to releases Maintenance Related to additions and update of the repository features Review Needed The PR requires review
#6050 opened Jun 4, 2026 by ni5h4nt Loading…
1
14
Fix remove documentation from references Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6048 opened Jun 3, 2026 by kurisukun Loading… Sigma-June-Release
3
new: AWS SES Account Availability Discovery Via Long-Lived Access Key Review Needed The PR requires review Rules
#6043 opened Jun 2, 2026 by marcopedrinazzi Contributor Loading…
saakov-aws-1 Review Needed The PR requires review Rules
#6042 opened Jun 2, 2026 by saakovv Contributor Loading…
3
new: windows discovery rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6040 opened Jun 2, 2026 by swachchhanda000 Collaborator Loading…
New Rule - Gogs Rebase RCE Argument Injection via Git --exec Flag (Linux) Additional Data Needed Author Input Required changes the require information from original author of the rules Linux Pull request add/update linux related rules Review Needed The PR requires review Rules Work In Progress Some changes are needed
#6039 opened Jun 2, 2026 by WRG-11 Loading…
3
Add HackTool - Gogo Scanner Execution Rule Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6035 opened May 30, 2026 by Aryu-RU Loading…
1
Add detection for Hyper-V VM forced shutdown (ransomware preparation) Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6034 opened May 29, 2026 by viizohh Loading…
1
new: OpenAI Codex sandbox abuse detection rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6030 opened May 26, 2026 by swachchhanda000 Collaborator Loading…
new: signed dll load with no pe metadata Review Needed The PR requires review Rules Threat-Hunting Windows Pull request add/update windows related rules
#6026 opened May 21, 2026 by swachchhanda000 Collaborator Loading… Sigma-June-Release
1
NEWRULE: AbortHydration MiniPlasma Behaviour (Nightmare Eclipse) Emerging-Threats Review Needed The PR requires review Rules
#6022 opened May 19, 2026 by unresolvedhost Loading…
1
Update the detection logic of Suspicious Start-Process PassThru and added the alias saps Ready to Merge Rules Windows Pull request add/update windows related rules
#6021 opened May 18, 2026 by eriknordstrm Loading… Sigma-June-Release
2
New rule to detect RondoDox botnet activity Emerging-Threats Review Needed The PR requires review Rules
#6020 opened May 18, 2026 by marcopedrinazzi Contributor Loading…
New detections for AWS IAM privilege escalation Author Input Required changes the require information from original author of the rules Review Needed The PR requires review Rules
#6018 opened May 16, 2026 by privet-username Loading…
1
new: OpenClaw AI agent family detection rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6017 opened May 16, 2026 by 0xdavidel Loading…
update: Potential Netcat Reverse Shell Execution - add nc.openbsd and nc.traditional binary matches Author Input Required changes the require information from original author of the rules Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#6013 opened May 14, 2026 by Bit-ByteBandit Loading… Sigma-June-Release
4
new: TanStack NPM Supply-Chain Attack - Mini Shai-Hulud Emerging-Threats Review Needed The PR requires review Rules
#6008 opened May 12, 2026 by leogasparini Loading… Sigma-June-Release
8
update: expand LOLBIN file-drop detection coverage Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6007 opened May 11, 2026 by swachchhanda000 Collaborator Loading… Sigma-June-Release
ProTip! Exclude everything labeled bug with -label:bug.