Skip to content

Pull requests: SigmaHQ/sigma

New pull request New
121 Open 4,986 Closed
121 Open 4,986 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

Archive New Rule References
#6014 opened May 15, 2026 by github-actions Bot Loading…
update: Potential Netcat Reverse Shell Execution - add nc.openbsd and nc.traditional binary matches Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#6013 opened May 14, 2026 by Bit-ByteBandit Loading…
Add Azure Entra ID identity attack detections (6 rules) Review Needed The PR requires review Rules
#6012 opened May 14, 2026 by descambiado Loading…
fix: Add filter for empty cmd /c argument false positive Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6010 opened May 13, 2026 by PachkaKofe04 Loading…
1
feat: add mini shai-hulud supply-chain malware detection rules Additional Data Needed Author Input Required changes the require information from original author of the rules Emerging-Threats Review Needed The PR requires review Rules Work In Progress Some changes are needed
#6008 opened May 12, 2026 by leogasparini Loading…
4
update: expand LOLBIN file-drop detection coverage Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6007 opened May 11, 2026 by swachchhanda000 Collaborator Loading…
CVE-2026-41940 - cPanel and WHM CRLF authentication bypass detection Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#6006 opened May 10, 2026 by cocopollo Loading…
Add rule for Win connection to suspicious WiFi Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6005 opened May 10, 2026 by privet-username Loading… Sigma-May-Release
6
Add 10 Sigma rules for Atlassian Cloud and Jira audit events Maintenance Related to additions and update of the repository features Review Needed The PR requires review Rules
#6004 opened May 10, 2026 by saakovv Contributor Loading…
Add 7 Sigma rules for 1Password audit events Review Needed The PR requires review Rules
#6002 opened May 10, 2026 by saakovv Contributor Loading…
new: 13 Linux detection rules Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#6001 opened May 10, 2026 by saakovv Contributor Loading…
1 task done
Add modprobe authencesn crypto module detection for CopyFail CVE-2026-31431 exploit Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#6000 opened May 10, 2026 by gkazimiarovich Contributor Loading…
new: 9 Google Workspace detection rules for missing coverage Review Needed The PR requires review Rules
#5999 opened May 9, 2026 by saakovv Contributor Loading…
1 task done
new: 15 Google Cloud Platform audit detection rules for missing coverage Review Needed The PR requires review Rules
#5998 opened May 9, 2026 by saakovv Contributor Loading…
new: 12 GitHub Audit Log detection rules for missing coverage Review Needed The PR requires review Rules
#5997 opened May 9, 2026 by saakovv Contributor Loading…
Saakov-aws Review Needed The PR requires review Rules
#5996 opened May 9, 2026 by saakovv Contributor Loading…
Add 4 detection rules for LLM and MCP attack surface Emerging-Threats Review Needed The PR requires review Rules
#5995 opened May 9, 2026 by ipunithgowda Loading…
rules: add 15 Sigma rules for AI agent and MCP threats (ATR) Emerging-Threats Review Needed The PR requires review Rules
#5994 opened May 9, 2026 by eeee2345 Loading…
update: Azure Rules(audit_logs folder) - align detection fields to Event Hub format Review Needed The PR requires review Rules
#5993 opened May 9, 2026 by fukusuket Contributor Loading…
update: Azure Rules(signin_logs folder) - align detection fields to Event Hub format Review Needed The PR requires review Rules
#5992 opened May 8, 2026 by fukusuket Contributor Loading…
Add splice/vmsplice syscall detection for CVE-2026-43284 (DirtyFrag) exploit Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#5991 opened May 8, 2026 by gkazimiarovich Contributor Loading…
update: Azure Rules(signin_logs folder) - organize rules by moving to placeholder and deprecated folder Review Needed The PR requires review Rules
#5990 opened May 7, 2026 by fukusuket Contributor Loading…
fix: reduce false positives across multiple Windows rules False-Positive Fix Pull Request fixes a false positive with one of the rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5989 opened May 7, 2026 by swachchhanda000 Collaborator Loading…
new: add DAEMON Tools Lite supply chain attack detection rules Emerging-Threats Review Needed The PR requires review Rules
#5988 opened May 6, 2026 by swachchhanda000 Collaborator Loading…
5
update: Azure Rules(activity_logs folder) - align detection fields to Event Hub format Review Needed The PR requires review Rules
#5987 opened May 5, 2026 by fukusuket Contributor Loading…
2
ProTip! Adding no:label will show everything without a label.