Ecosyste.ms: Issues
An open API service for providing issue and pull request metadata for open source projects.
GitHub / SigmaHQ/sigma issues and pull requests
#4883 - Bump urllib3 from 1.26.18 to 1.26.19
Pull Request -
State: open - Opened by dependabot[bot] 15 days ago
Labels: Dependencies
#4882 - New Analytics: LocaltoNet tunneling
Pull Request -
State: open - Opened by netgrain 15 days ago
- 1 comment
Labels: Rules, Windows, Linux
#4881 - New Rule: XXD Command Line Obfuscation on Linux
Pull Request -
State: open - Opened by signalblur 16 days ago
Labels: Rules, Linux
#4880 - Compiler Execution Within Kubernetes Containers
Pull Request -
State: open - Opened by signalblur 16 days ago
Labels: Rules
#4879 - Archive New Rule References
Pull Request -
State: open - Opened by github-actions[bot] 18 days ago
#4878 - Create create_remote_thread_win_susp_dialer.yml
Pull Request -
State: open - Opened by prashanthpulisetti 18 days ago
Labels: Rules, Windows
#4877 - Update appframework_django_exceptions.yml
Pull Request -
State: closed - Opened by rafiq-zaman 18 days ago
Labels: Rules
#4876 - xp_cmdshell detection rule improvements
Issue -
State: open - Opened by DFIR-jwedd 22 days ago
- 1 comment
#4875 - False Detections with Invoke-Obfuscation and Null Bytes
Issue -
State: open - Opened by KDot227 24 days ago
- 1 comment
Labels: False-Positive
#4874 - Filter Driver Unloaded Via Fltmc.EXE
Issue -
State: open - Opened by celalettin-turgut 25 days ago
Labels: False-Positive
#4873 - Shorten AV string "Mimikatz" to "mikatz"
Pull Request -
State: closed - Opened by ruppde 27 days ago
- 1 comment
Labels: Rules, Windows
#4872 - Update Rules
Pull Request -
State: open - Opened by nasbench 28 days ago
Labels: Rules, Windows
#4870 - fixing sigma2stix urls in projects section
Pull Request -
State: closed - Opened by himynamesdave 29 days ago
Labels: Maintenance
#4869 - New: Detect Activation of Windows Recall
Pull Request -
State: closed - Opened by ssnkhan 30 days ago
- 1 comment
Labels: Rules, Windows
#4868 - Archive New Rule References
Pull Request -
State: closed - Opened by github-actions[bot] about 1 month ago
#4867 - Promote Older Rules From `experimental` to `test`
Pull Request -
State: closed - Opened by github-actions[bot] about 1 month ago
#4866 - Portmap.io Domain
Pull Request -
State: closed - Opened by Neo23x0 about 1 month ago
- 1 comment
Labels: Rules, Windows
#4865 - Create new rule: proc_creation_macos_tmutil_backup_tampering.yml
Pull Request -
State: closed - Opened by pratinavchandra about 1 month ago
Labels: Rules, MacOS
#4864 - Refactor azure_aad_secops_ca_policy_updatedby_bad_actor.yml to use a map of fields
Pull Request -
State: closed - Opened by cygnetix about 1 month ago
Labels: Rules
#4863 - Create net_connection_win_cloudflared_tunnels
Pull Request -
State: closed - Opened by deFr0ggy about 1 month ago
- 1 comment
Labels: Rules, 2nd Review Needed, Windows
#4862 - Uncommon Target Image For Process Access - PROCESS_ALL_ACCESS
Pull Request -
State: closed - Opened by frack113 about 1 month ago
Labels: Rules, Windows
#4861 - Bump requests from 2.31.0 to 2.32.0
Pull Request -
State: closed - Opened by dependabot[bot] about 1 month ago
- 1 comment
Labels: Dependencies
#4860 - Minor fix for rule regex
Pull Request -
State: closed - Opened by CR-OfirTal about 1 month ago
- 1 comment
Labels: Rules, Windows
#4859 - fix: casing of `Win32_ShadowCopy`
Pull Request -
State: closed - Opened by vburov about 1 month ago
Labels: Rules, Windows
#4858 - Add deprecated csv script
Pull Request -
State: open - Opened by frack113 about 2 months ago
Labels: Rules, Work In Progress, Maintenance
#4857 - Update proc_creation_win_apt_forest_blizzard_activity.yml
Pull Request -
State: closed - Opened by nischalkhadgi62 about 2 months ago
- 2 comments
Labels: Rules, Emerging-Threats
#4856 - Remove smart quotes from file_event_win_iphlpapi_dll_sideloading.yml
Pull Request -
State: closed - Opened by jeremyhagan about 2 months ago
Labels: Rules, Windows
#4855 - Archive New Rule References
Pull Request -
State: closed - Opened by github-actions[bot] about 2 months ago
#4854 - Update of Rare Service Install Detection Rule to use correlation syntax
Issue -
State: open - Opened by Mat0vu about 2 months ago
- 4 comments
Labels: Work In Progress
#4853 - feat: small fixes
Pull Request -
State: closed - Opened by nasbench about 2 months ago
Labels: Rules, Windows
#4852 - Add rule for Atomic t1040
Pull Request -
State: closed - Opened by frack113 about 2 months ago
- 1 comment
Labels: Rules, Windows
#4851 - Fix FP Forest-Blizzard/proc_creation_win_apt_forest_blizzard_activity
Pull Request -
State: closed - Opened by frack113 about 2 months ago
Labels: Rules, Emerging-Threats
#4850 - Cleanup condition writing
Pull Request -
State: closed - Opened by frack113 about 2 months ago
Labels: Rules, Windows
#4849 - Can I use regular expression in sigma?
Issue -
State: closed - Opened by Ron-zs about 2 months ago
- 1 comment
#4848 - Create proc_creation_win_veeam_cve_2024_29212.yml
Pull Request -
State: closed - Opened by prashanthpulisetti about 2 months ago
- 1 comment
Labels: Rules, Windows
#4847 - Update test Workflow
Pull Request -
State: closed - Opened by frack113 about 2 months ago
Labels: Maintenance
#4846 - Windows LAPS Credential Dump via Entra ID
Issue -
State: open - Opened by BIitzkrieg about 2 months ago
- 1 comment
#4845 - Proxy WebDAV Rule Improvements/New Rule
Pull Request -
State: closed - Opened by ahmedfarou22 about 2 months ago
Labels: Rules
#4844 - Atomic T1548.002 Add new registry keys
Pull Request -
State: closed - Opened by frack113 about 2 months ago
Labels: Rules, Windows
#4843 - Add rule for Redcannary T1562.004
Pull Request -
State: closed - Opened by frack113 2 months ago
Labels: Rules, Windows
#4842 - Archive New Rule References
Pull Request -
State: closed - Opened by github-actions[bot] 2 months ago
#4841 - Promote Older Rules From `experimental` to `test`
Pull Request -
State: closed - Opened by github-actions[bot] 2 months ago
#4840 - Suspicious Browser Launch
Pull Request -
State: closed - Opened by skaynum 2 months ago
Labels: Rules, Windows
#4839 - New Rule: RDP Originating From Domain Controller
Pull Request -
State: closed - Opened by joshnck 2 months ago
Labels: Rules, Windows
#4838 - Rule: Access To Windows Outlook Mail Files By Uncommon Application
Pull Request -
State: closed - Opened by frack113 2 months ago
- 1 comment
Labels: Rules, Windows
#4837 - fix: #4820
Pull Request -
State: closed - Opened by nasbench 2 months ago
Labels: Rules, Windows
#4836 - Update AWS Rule to use fieldref modifier instead of contains
Pull Request -
State: closed - Opened by jamesc-grafana 2 months ago
- 1 comment
Labels: Rules, 2nd Review Needed
#4835 - Detects Backdoor Kapeka Via Registry Key
Issue -
State: open - Opened by cY83rR0H1t 2 months ago
#4834 - Network connection from Microsoft Dialer
Pull Request -
State: closed - Opened by CertainlyP 2 months ago
Labels: Rules, 2nd Review Needed, Windows
#4833 - feat: add forest blizzard rules
Pull Request -
State: closed - Opened by nasbench 2 months ago
Labels: Rules, 2nd Review Needed, Emerging-Threats
#4832 - feat: lolbin updates
Pull Request -
State: closed - Opened by nasbench 2 months ago
Labels: Rules, Windows
#4831 - Kapeka backdoor sigma rules
Pull Request -
State: open - Opened by swachchhanda000 2 months ago
Labels: Rules, Work In Progress, Emerging-Threats
#4830 - LOLBAS wbadmin rule
Pull Request -
State: closed - Opened by frack113 2 months ago
Labels: Rules, Windows
#4829 - Add Network Connection Initiated By RegAsm.EXE
Pull Request -
State: closed - Opened by frack113 2 months ago
Labels: Rules, 2nd Review Needed, Windows
#4828 - build(deps-dev): bump aiohttp from 3.9.0 to 3.9.4
Pull Request -
State: closed - Opened by dependabot[bot] 2 months ago
- 1 comment
Labels: Dependencies
#4827 - New analytic for python pth files
Pull Request -
State: closed - Opened by netgrain 3 months ago
- 3 comments
Labels: Rules, 2nd Review Needed, Linux
#4826 - feat: add rule CVE-2024-3400
Pull Request -
State: closed - Opened by nasbench 3 months ago
Labels: Rules, 2nd Review Needed, Maintenance, Emerging-Threats
#4825 - New analytic for CVE-2024-3400
Pull Request -
State: closed - Opened by netgrain 3 months ago
Labels: Rules, 2nd Review Needed, Emerging-Threats
#4824 - New rule - proc_creation_win_pua_netscan.yml
Pull Request -
State: closed - Opened by dan21san 3 months ago
Labels: Rules, 2nd Review Needed, Windows
#4823 - Update proc_creation_macos_xattr_gatekeeper_bypass.yml
Pull Request -
State: closed - Opened by pratinavchandra 3 months ago
- 2 comments
Labels: Rules, MacOS
#4822 - New Rule - net_connection_lnx_susp_malware_callback_port.yml
Pull Request -
State: closed - Opened by hasselj 3 months ago
- 1 comment
Labels: Rules, Linux
#4821 - DPAPI backup keys Theft and Export related activities
Issue -
State: open - Opened by CTI-Driven 3 months ago
- 1 comment
#4820 - ADS Zone.Identifier Deleted By Uncommon Application when installing PuTTy latest version
Issue -
State: closed - Opened by essadek 3 months ago
- 1 comment
Labels: False-Positive
#4819 - fix: explicitly escape `{` to make it clear that it is a literal
Pull Request -
State: closed - Opened by fukusuket 3 months ago
- 1 comment
Labels: Rules, Windows
#4818 - Suspicious keyscrambler child process
Pull Request -
State: closed - Opened by swachchhanda000 3 months ago
Labels: Rules, Windows
#4816 - Archive New Rule References
Pull Request -
State: closed - Opened by github-actions[bot] 3 months ago
#4815 - feat : new malware UA
Pull Request -
State: closed - Opened by X-Junior 3 months ago
Labels: Rules
#4814 - Add new rule to detect MFA bypass in Cisco Duo
Pull Request -
State: closed - Opened by nikitah4x 3 months ago
Labels: Rules, 2nd Review Needed
#4813 - Add Image to avoid FP
Pull Request -
State: closed - Opened by frack113 3 months ago
Labels: Rules, 2nd Review Needed, Windows
#4812 - FPs with "File Enumeration Via Dir Command"
Issue -
State: closed - Opened by YamatoSecurity 3 months ago
Labels: False-Positive
#4811 - Update proc_creation_lnx_exploit_cve_2024_3094_sshd_child_process.yml
Pull Request -
State: closed - Opened by ruppde 3 months ago
- 1 comment
Labels: Rules, Emerging-Threats
#4810 - Fix references in proc_creation_win_exploit_cve_2017_11882.yml #4804
Pull Request -
State: closed - Opened by TheLawsOfChaos 3 months ago
Labels: Rules, Emerging-Threats
#4809 - Bump idna from 3.4 to 3.7
Pull Request -
State: closed - Opened by dependabot[bot] 3 months ago
- 1 comment
Labels: Dependencies
#4808 - FP Bad practice GPO
Pull Request -
State: closed - Opened by frack113 3 months ago
Labels: Rules, 2nd Review Needed, Windows
#4807 - Update references and tags
Pull Request -
State: closed - Opened by frack113 3 months ago
Labels: Rules, Windows
#4806 - Potential KeyScrambler.exe DLL Side-loading
Pull Request -
State: closed - Opened by swachchhanda000 3 months ago
- 3 comments
Labels: Rules, 2nd Review Needed, Windows
#4805 - fix: FP with chocolatey shimgen tool
Pull Request -
State: closed - Opened by phantinuss 3 months ago
Labels: Rules, Windows
#4804 - Update proc_creation_win_exploit_cve_2017_11882.yml
Pull Request -
State: closed - Opened by TheLawsOfChaos 3 months ago
- 1 comment
Labels: Rules, Author Input Required, Windows
#4803 - Clean useless `.*` in regex
Pull Request -
State: closed - Opened by frack113 3 months ago
- 2 comments
Labels: Rules, 2nd Review Needed, Windows
#4802 - FP Fixes
Pull Request -
State: closed - Opened by phantinuss 3 months ago
Labels: Rules, Windows
#4801 - Pnscan rule creation
Pull Request -
State: closed - Opened by signalblur 3 months ago
- 1 comment
Labels: Rules, 2nd Review Needed, Linux
#4800 - Add rule dns_query_win_mega_nz_via_sysmon
Pull Request -
State: closed - Opened by dan21san 3 months ago
- 1 comment
Labels: Duplicate, Rules, Windows
#4799 - fix: remove invalid slash in `ServiceDll Hijack` rule
Pull Request -
State: closed - Opened by fukusuket 3 months ago
Labels: Rules, Windows
#4798 - Fix hashes
Pull Request -
State: closed - Opened by PiRomant 3 months ago
Labels: Rules, Windows
#4797 - fix: filter PS1 policy check for AppLocker mode
Pull Request -
State: closed - Opened by phantinuss 3 months ago
Labels: Rules, Windows
#4796 - Add rule about the cve-2024-3094
Pull Request -
State: closed - Opened by dan21san 3 months ago
Labels: Rules, Linux
#4795 - Update lnx_shell_clear_cmd_history.yml
Pull Request -
State: closed - Opened by signalblur 3 months ago
- 1 comment
Labels: Rules, 2nd Review Needed, Linux
#4794 - Create proc_creation_lnx_susp_sshd_children.yml
Pull Request -
State: closed - Opened by ruppde 3 months ago
Labels: Rules, 2nd Review Needed, Linux
#4793 - Update lnx_shell_clear_cmd_history.yml
Pull Request -
State: closed - Opened by signalblur 3 months ago
Labels: Rules, Linux
#4792 - Archive New Rule References
Pull Request -
State: closed - Opened by github-actions[bot] 3 months ago
#4791 - Promote Older Rules From `experimental` to `test`
Pull Request -
State: closed - Opened by github-actions[bot] 3 months ago
#4790 - correct the error message and variable name in test_rules.py
Pull Request -
State: closed - Opened by ya0guang 3 months ago
Labels: Maintenance
#4789 - correct a typo in test
Pull Request -
State: closed - Opened by ya0guang 3 months ago
Labels: Maintenance
#4788 - fix: being loaded by wsmprovhost.exe
Pull Request -
State: closed - Opened by phantinuss 3 months ago
Labels: Rules, Windows
#4787 - fix a typo in test_logsource.py
Pull Request -
State: closed - Opened by ya0guang 3 months ago
Labels: Maintenance
#4785 - New Rule: proc_creation_macos_sysctl_discovery.yml
Pull Request -
State: closed - Opened by pratinavchandra 3 months ago
- 2 comments
Labels: Rules, MacOS
#4784 - Create file_event_win_malware_darkgate_autoit3_save_temp.yml
Pull Request -
State: closed - Opened by tomaszdyduch 3 months ago
Labels: Rules, Emerging-Threats
#4783 - Fix FP & Registry Logic
Pull Request -
State: closed - Opened by nasbench 3 months ago
Labels: Rules, Windows, Emerging-Threats
#4782 - New Rule: proc_creation_macos_susp_launchctl_execution.yml
Pull Request -
State: closed - Opened by pratinavchandra 3 months ago
Labels: Rules, MacOS
#4781 - KamiKakaBot Malware Related Rules
Pull Request -
State: closed - Opened by nasbench 3 months ago
Labels: Rules, 2nd Review Needed, Emerging-Threats