-
-
Notifications
You must be signed in to change notification settings - Fork 2.6k
Pull requests: SigmaHQ/sigma
Author
Label
Projects
Milestones
Reviews
Assignee
Sort
Pull requests list
New detections for AWS IAM privilege escalation
Review Needed
The PR requires review
Rules
#6018
opened May 16, 2026 by
privet-username
Loading…
new: OpenClaw AI agent family detection rules
Review Needed
The PR requires review
Rules
Windows
Pull request add/update windows related rules
#6017
opened May 16, 2026 by
0xdavidel
Loading…
Add Azure Entra ID rules: SP credential addition and admin consent high-risk permission
Review Needed
The PR requires review
Rules
#6016
opened May 16, 2026 by
descambiado
Loading…
docs: add ATR (Agent Threat Rules) to the list of tools supporting Sigma
Maintenance
Related to additions and update of the repository features
Review Needed
The PR requires review
#6015
opened May 16, 2026 by
eeee2345
Loading…
update: Potential Netcat Reverse Shell Execution - add nc.openbsd and nc.traditional binary matches
Linux
Pull request add/update linux related rules
Review Needed
The PR requires review
Rules
#6013
opened May 14, 2026 by
Bit-ByteBandit
Loading…
Add Azure Entra ID identity attack detections (6 rules)
Review Needed
The PR requires review
Rules
#6012
opened May 14, 2026 by
descambiado
Loading…
fix: Add filter for empty cmd /c argument false positive
Review Needed
The PR requires review
Rules
Windows
Pull request add/update windows related rules
#6010
opened May 13, 2026 by
PachkaKofe04
Loading…
feat: add mini shai-hulud supply-chain malware detection rules
Additional Data Needed
Author Input Required
changes the require information from original author of the rules
Emerging-Threats
Review Needed
The PR requires review
Rules
Work In Progress
Some changes are needed
#6008
opened May 12, 2026 by
leogasparini
Loading…
update: expand LOLBIN file-drop detection coverage
Review Needed
The PR requires review
Rules
Windows
Pull request add/update windows related rules
#6007
opened May 11, 2026 by
swachchhanda000
Collaborator
Loading…
CVE-2026-41940 - cPanel and WHM CRLF authentication bypass detection
Linux
Pull request add/update linux related rules
Review Needed
The PR requires review
Rules
#6006
opened May 10, 2026 by
cocopollo
Loading…
Add rule for Win connection to suspicious WiFi
Review Needed
The PR requires review
Rules
Windows
Pull request add/update windows related rules
Add 10 Sigma rules for Atlassian Cloud and Jira audit events
Maintenance
Related to additions and update of the repository features
Review Needed
The PR requires review
Rules
#6004
opened May 10, 2026 by
saakovv
Contributor
Loading…
Add 7 Sigma rules for 1Password audit events
Review Needed
The PR requires review
Rules
#6002
opened May 10, 2026 by
saakovv
Contributor
Loading…
new: 13 Linux detection rules
Linux
Pull request add/update linux related rules
Review Needed
The PR requires review
Rules
#6001
opened May 10, 2026 by
saakovv
Contributor
Loading…
1 task done
Add modprobe authencesn crypto module detection for CopyFail CVE-2026-31431 exploit
Linux
Pull request add/update linux related rules
Review Needed
The PR requires review
Rules
#6000
opened May 10, 2026 by
gkazimiarovich
Contributor
Loading…
new: 9 Google Workspace detection rules for missing coverage
Review Needed
The PR requires review
Rules
#5999
opened May 9, 2026 by
saakovv
Contributor
Loading…
1 task done
new: 15 Google Cloud Platform audit detection rules for missing coverage
Review Needed
The PR requires review
Rules
#5998
opened May 9, 2026 by
saakovv
Contributor
Loading…
new: 12 GitHub Audit Log detection rules for missing coverage
Review Needed
The PR requires review
Rules
#5997
opened May 9, 2026 by
saakovv
Contributor
Loading…
Saakov-aws
Review Needed
The PR requires review
Rules
#5996
opened May 9, 2026 by
saakovv
Contributor
Loading…
Add 4 detection rules for LLM and MCP attack surface
Emerging-Threats
Review Needed
The PR requires review
Rules
#5995
opened May 9, 2026 by
ipunithgowda
Loading…
rules: add 15 Sigma rules for AI agent and MCP threats (ATR)
Emerging-Threats
Review Needed
The PR requires review
Rules
#5994
opened May 9, 2026 by
eeee2345
Loading…
update: Azure Rules(The PR requires review
Rules
audit_logs folder) - align detection fields to Event Hub format
Review Needed
#5993
opened May 9, 2026 by
fukusuket
Contributor
Loading…
update: Azure Rules(The PR requires review
Rules
signin_logs folder) - align detection fields to Event Hub format
Review Needed
#5992
opened May 8, 2026 by
fukusuket
Contributor
Loading…
Add splice/vmsplice syscall detection for CVE-2026-43284 (DirtyFrag) exploit
Linux
Pull request add/update linux related rules
Review Needed
The PR requires review
Rules
#5991
opened May 8, 2026 by
gkazimiarovich
Contributor
Loading…
Previous Next
ProTip!
Add no:assignee to see everything that’s not assigned.