Ecosyste.ms: Issues
An open API service for providing issue and pull request metadata for open source projects.
GitHub / SigmaHQ/sigma issues and pull requests
#5026 - COM Object Hijacking Update
Pull Request -
State: open - Opened by X-Junior 5 days ago
Labels: Rules, Windows
#5025 - Could not compile rule
Issue -
State: closed - Opened by TheDudeasap 6 days ago
- 2 comments
Labels: False-Positive
#5023 - new_rules
Pull Request -
State: open - Opened by saakovv 11 days ago
Labels: Rules
#5022 - some typos
Pull Request -
State: closed - Opened by jaegeral 12 days ago
- 1 comment
Labels: Rules, Windows
#5021 - aws_new_rules
Pull Request -
State: open - Opened by saakovv 13 days ago
- 1 comment
Labels: Rules, Work In Progress, Author Input Required
#5020 - Add detection rule for MeshAgent command execution
Pull Request -
State: closed - Opened by tsale 13 days ago
Labels: Rules, Windows
#5018 - github-new-rules
Pull Request -
State: open - Opened by saakovv 14 days ago
- 1 comment
Labels: Rules, Work In Progress
#5017 - Modify or Delete AWS RDS Cluster
Pull Request -
State: open - Opened by saakovv 14 days ago
Labels: Rules
#5016 - CreateFunctionUrlConfig
Pull Request -
State: open - Opened by saakovv 14 days ago
Labels: Rules
#5015 - DeleteSAMLProvider AWS
Pull Request -
State: open - Opened by saakovv 14 days ago
Labels: Rules
#5013 - remove the dual use tool nmap from "Linux HackTool Execution"
Pull Request -
State: closed - Opened by ruppde 14 days ago
Labels: Rules, Linux
#5012 - Added the string corresponding to "{"alg":" since some token headers start with this
Pull Request -
State: open - Opened by ionsor 16 days ago
- 1 comment
Labels: Rules, Work In Progress, Windows
#5011 - Wrong filter in " Kerberoasting Activity - Initial Query" rule condition?
Issue -
State: open - Opened by zambomarcell 17 days ago
- 2 comments
Labels: Work In Progress, False-Positive
#5010 - sigma rules around using MSI for privilege escalation
Pull Request -
State: open - Opened by sec-hbaer 18 days ago
Labels: Rules, Work In Progress, Windows
#5009 - Archive New Rule References
Pull Request -
State: closed - Opened by github-actions[bot] 19 days ago
#5008 - Update proc_creation_win_hktl_certipy.yml
Pull Request -
State: open - Opened by BlackB0lt 21 days ago
Labels: Rules, Work In Progress, Windows
#5007 - Fix resolve unreachable(404) GitHub URL reference
Pull Request -
State: closed - Opened by fukusuket 21 days ago
Labels: Rules, Windows, Emerging-Threats
#5006 - FP miss the all modifier
Pull Request -
State: closed - Opened by frack113 22 days ago
- 1 comment
Labels: Rules, Emerging-Threats
#5005 - Update lnx_auth_pwnkit_local_privilege_escalation.yml
Pull Request -
State: closed - Opened by bharat-arora-magnet 22 days ago
- 2 comments
Labels: Rules, Linux
#5004 - Create proc_creation_win_code_devtunnel_tunneling.yaml
Pull Request -
State: open - Opened by 0xAnalyst 25 days ago
- 7 comments
Labels: Rules, Work In Progress, 2nd Review Needed, Windows
#5003 - BTunnels Detection for Data Exfiltration
Pull Request -
State: closed - Opened by deFr0ggy 25 days ago
Labels: Rules, Windows
#5002 - feat: more unicode obfuscation
Pull Request -
State: closed - Opened by secDre4mer 28 days ago
- 1 comment
Labels: Rules, Windows
#5001 - New Rule: win_security_gpo_startup_script.yml
Pull Request -
State: closed - Opened by joshnck 29 days ago
Labels: Rules, Windows
#5000 - Add logic to win_security_gpo_scheduledtasks.yml
Pull Request -
State: closed - Opened by joshnck 29 days ago
Labels: Rules, Windows
#4999 - New Rule: win_security_gp_priv_escalation.yml
Pull Request -
State: closed - Opened by joshnck 29 days ago
Labels: Rules, Windows
#4998 - New Rule for Unusual DNS Queries from Windows Scripting Hosts
Pull Request -
State: closed - Opened by joshnck 29 days ago
- 2 comments
Labels: Rules, Windows
#4994 - Sigma FP fixes
Pull Request -
State: open - Opened by djlukic about 1 month ago
- 3 comments
Labels: Rules, Work In Progress, Windows
#4993 - Fix Issues
Pull Request -
State: closed - Opened by nasbench about 1 month ago
Labels: Rules
#4992 - Archive New Rule References
Pull Request -
State: closed - Opened by github-actions[bot] about 1 month ago
#4991 - Promote Older Rules From `experimental` to `test`
Pull Request -
State: closed - Opened by github-actions[bot] about 1 month ago
#4990 - Add rule net_connection_win_anydesk_incoming_connection
Pull Request -
State: closed - Opened by dan21san about 1 month ago
Labels: Rules, Windows
#4989 - Installation of 'elasticsearch' backend plugin not working for sigma cli
Issue -
State: closed - Opened by v1p3r0u5 about 1 month ago
- 2 comments
#4988 - Add Sigma rule for CVE-2024-38063 IPv6 memory corruption detection
Pull Request -
State: open - Opened by zenzue about 1 month ago
- 1 comment
Labels: Rules, Work In Progress, Author Input Required, Emerging-Threats
#4987 - MacOS rule filter for wifivelocityd false positives
Pull Request -
State: closed - Opened by peterydzynski about 1 month ago
- 5 comments
Labels: Rules, MacOS
#4986 - Sigma rules FP fixes
Pull Request -
State: closed - Opened by djlukic about 1 month ago
- 2 comments
Labels: Rules, Windows
#4985 - feat: add more groups used for LDAP reconnaissance
Pull Request -
State: closed - Opened by secDre4mer about 1 month ago
Labels: Rules, Windows
#4984 - Certificate Exported in Microsoft-Windows-Folder Redirection/Operational
Issue -
State: closed - Opened by djlukic about 1 month ago
- 5 comments
Labels: False-Positive
#4983 - Add Rule: `Task Scheduler DLL Loaded By Application Located In Potentially Suspicious Location`
Pull Request -
State: closed - Opened by swachchhanda000 about 1 month ago
Labels: Rules, Windows
#4982 - Update old rules services/scheduled task tampering
Pull Request -
State: closed - Opened by X-Junior about 1 month ago
Labels: Rules, Windows
#4981 - Event Action data missing apostrophes
Issue -
State: closed - Opened by djlukic about 1 month ago
- 5 comments
Labels: False-Positive
#4980 - Update dns_query_win_remote_access_software_domains_non_browsers.yml
Pull Request -
State: closed - Opened by Mahir-Ali-khan about 1 month ago
Labels: Rules, Windows
#4979 - Renamed ZOHO Dctask64 Execution is creating 30.000 alerts / hour in Security Onion
Issue -
State: closed - Opened by Carlos-mb about 1 month ago
- 8 comments
Labels: False-Positive
#4978 - Add Rule: `Multi Factor Authentication Disabled For User Account`
Pull Request -
State: closed - Opened by cyb3rjy0t about 2 months ago
Labels: Rules, Cloud
#4977 - Add Rule: `User Risk and MFA Registration Policy Updated`
Pull Request -
State: closed - Opened by cyb3rjy0t about 2 months ago
Labels: Rules, Cloud
#4976 - Create azure_mfa_device_added_or_modified.yml
Pull Request -
State: closed - Opened by cyb3rjy0t about 2 months ago
- 1 comment
Labels: Duplicate, Rules, Cloud
#4975 - experimental gtfobin shell breakout detections
Pull Request -
State: closed - Opened by Murphy0801 about 2 months ago
- 2 comments
Labels: Rules, Linux
#4974 - New Rule: Potentially Suspicious Rundll32.EXE Execution of UDL File
Pull Request -
State: closed - Opened by tsale about 2 months ago
- 1 comment
Labels: Rules, Windows
#4973 - Small fix
Pull Request -
State: closed - Opened by frack113 about 2 months ago
Labels: Rules, Windows
#4972 - registry_set_persistence_search_order.yml objects to non-Windows COM objects in general
Issue -
State: closed - Opened by MsdnUsrSince1994 about 2 months ago
- 2 comments
Labels: False-Positive
#4971 - Add Rule: proc_creation_win_renamed_ssh.yml
Pull Request -
State: open - Opened by omaramin17 about 2 months ago
Labels: Rules, Author Input Required, Windows
#4970 - Archive New Rule References
Pull Request -
State: closed - Opened by github-actions[bot] about 2 months ago
#4969 - Add Rule: `Potential File Override/Append Via SET Command`
Pull Request -
State: closed - Opened by Mahir-Ali-khan about 2 months ago
- 9 comments
Labels: Rules, Windows
#4968 - Detect Execution of BCP Utility
Pull Request -
State: closed - Opened by Mahir-Ali-khan about 2 months ago
- 1 comment
Labels: Rules, Windows
#4967 - Fix `Powershell Token Obfuscation - Powershell` - Revert accidental change introduced in #4950
Pull Request -
State: closed - Opened by nasbench about 2 months ago
Labels: Rules, Windows
#4966 - Add tuning for `Potential Commandline Obfuscation Using Unicode Characters`
Issue -
State: closed - Opened by nasbench about 2 months ago
- 1 comment
Labels: False-Positive
#4965 - Add Rule: `Driver Added To Disallowed Images In HVCI - Registry`
Pull Request -
State: closed - Opened by omaramin17 about 2 months ago
- 1 comment
Labels: Rules, Windows
#4964 - Changed to not use `Lookahead` regex
Pull Request -
State: closed - Opened by fukusuket about 2 months ago
- 5 comments
Labels: Rules, Windows
#4963 - Fix `Startup Item File Created - MacOS`
Pull Request -
State: closed - Opened by nasbench about 2 months ago
Labels: Rules, MacOS
#4962 - Possible wrong detection of MacOS Startup Items
Issue -
State: closed - Opened by sebastianrath about 2 months ago
- 4 comments
Labels: False-Positive
#4961 - Contribute Sigma Rules from Personal Repository to Main Sigma Repository
Pull Request -
State: closed - Opened by tsale about 2 months ago
- 5 comments
Labels: Rules, Windows
#4960 - Update unreachable references
Pull Request -
State: closed - Opened by fukusuket about 2 months ago
Labels: Rules, Windows, Linux, Emerging-Threats
#4959 - freeze workflow to pySigma 0.11.9
Pull Request -
State: closed - Opened by frack113 about 2 months ago
Labels: Maintenance
#4958 - Update unreachable references
Pull Request -
State: closed - Opened by fukusuket about 2 months ago
Labels: Rules, Windows
#4957 - Token obfuscation regex fix
Pull Request -
State: closed - Opened by peterydzynski about 2 months ago
- 4 comments
Labels: Rules, Windows, Maintenance
#4956 - Use native datetime.date
Pull Request -
State: closed - Opened by frack113 about 2 months ago
Labels: Maintenance
#4955 - Tuning for agentexecutor.exe commands
Pull Request -
State: closed - Opened by joshnck about 2 months ago
Labels: Rules, Windows
#4954 - Updates to multiple rules to cover cloudflare workers/pages
Pull Request -
State: closed - Opened by omaramin17 about 2 months ago
- 3 comments
Labels: Rules, Windows
#4952 - Additional tuning for image_load_side_load_dbgmodel.yml
Pull Request -
State: closed - Opened by joshnck about 2 months ago
Labels: Rules, Windows
#4951 - Add Rule: `Hidden Flag Set On File/Directory Via Chflags - MacOS`
Pull Request -
State: closed - Opened by omaramin17 about 2 months ago
Labels: Rules, MacOS
#4950 - Comply With V2 Spec Changes
Pull Request -
State: closed - Opened by nasbench 2 months ago
Labels: Rules, Windows, Linux, MacOS, Emerging-Threats
#4949 - Add Rule: proc_creation_macos_susp_hdiutil_mount.yml
Pull Request -
State: closed - Opened by omaramin17 2 months ago
Labels: Rules, MacOS
#4948 - Add Rule: `Data Export From MSSQL Table Via BCP.EXE`
Pull Request -
State: closed - Opened by omaramin17 2 months ago
Labels: Rules, Windows
#4947 - Add Rule: `DNS Query To Put.io - DNS Client`
Pull Request -
State: closed - Opened by omaramin17 2 months ago
Labels: Rules, Windows
#4946 - Suspicious Process Masquerading as Svchost
Pull Request -
State: closed - Opened by swachchhanda000 2 months ago
- 3 comments
Labels: Rules, Windows
#4945 - Update of the fields for EventId 5145
Pull Request -
State: closed - Opened by GtUGtHGtNDtEUaE 2 months ago
Labels: Rules, Windows
#4944 - added expand modifier to placeholder rule
Pull Request -
State: closed - Opened by YamatoSecurity 2 months ago
Labels: Rules, Windows
#4943 - Archive New Rule References
Pull Request -
State: closed - Opened by github-actions[bot] 2 months ago
#4942 - Promote Older Rules From `experimental` to `test`
Pull Request -
State: closed - Opened by github-actions[bot] 2 months ago
#4941 - Addition of rule to cover registry events related to Specula
Pull Request -
State: closed - Opened by dbertho 2 months ago
- 4 comments
Labels: Rules, Windows
#4940 - Update unreachable references `blog.menasec[.]net`
Pull Request -
State: closed - Opened by fukusuket 2 months ago
- 2 comments
Labels: Rules, Windows, Emerging-Threats
#4939 - Winscp rule from Akira Ransomware report
Pull Request -
State: open - Opened by frack113 2 months ago
- 1 comment
Labels: Rules, Work In Progress, Windows
#4938 - Add CVE-2024-37085 detection rules
Pull Request -
State: closed - Opened by frack113 2 months ago
Labels: Rules, Emerging-Threats
#4937 - Multiple Updates
Pull Request -
State: closed - Opened by nasbench 2 months ago
Labels: Rules, Windows
#4936 - FIN7 : proc_creation_win_fin7_exploitation_indicators
Pull Request -
State: closed - Opened by Alex-Walston 2 months ago
Labels: Rules, Emerging-Threats
#4935 - Add iis configuration rules
Pull Request -
State: open - Opened by frack113 2 months ago
Labels: Rules, Windows, Maintenance
#4934 - Update and add new `file_access` rules
Pull Request -
State: closed - Opened by X-Junior 2 months ago
Labels: Rules, Windows
#4933 - New Rule : Create Remote Thread In Shell Application
Pull Request -
State: closed - Opened by fornotes 2 months ago
Labels: Rules, Windows
#4932 - Upgrade test_logsource.py
Pull Request -
State: closed - Opened by frack113 2 months ago
- 1 comment
Labels: Rules, Work In Progress, Windows, Maintenance
#4931 - Add some GitHub audit detection rules
Pull Request -
State: closed - Opened by romain-gaillard 2 months ago
Labels: Rules
#4930 - fix: issue with filter selector
Pull Request -
State: closed - Opened by Neo23x0 2 months ago
Labels: Rules, Windows
#4929 - New rule to detect pbpaste LOOBin execution on macOS
Pull Request -
State: closed - Opened by DefenderDaniel 2 months ago
Labels: Rules, MacOS
#4928 - Fix FPs from testing
Pull Request -
State: closed - Opened by nasbench 2 months ago
Labels: Rules, Windows
#4927 - fix optional selection name for issue 4926
Pull Request -
State: closed - Opened by frack113 2 months ago
- 1 comment
Labels: Rules, Windows
#4926 - Rule compile issue - wrong filter names or wrong condition - rule "Potential DLL Sideloading Of DbgModel.DLL"
Issue -
State: closed - Opened by smitstephan 2 months ago
- 2 comments
#4925 - Rules detected as threats by Windows Defender
Issue -
State: closed - Opened by Alex-C-github 3 months ago
- 2 comments
#4924 - Update file_event_win_anydesk_artefact.yml
Pull Request -
State: closed - Opened by fornotes 3 months ago
- 2 comments
Labels: Rules, Windows
#4923 - Remove test cover by pySigma-validators-sigmahq 0.7.0
Pull Request -
State: closed - Opened by frack113 3 months ago
Labels: Maintenance
#4922 - Add detected actions to github_disable_high_risk_configuration.yml
Pull Request -
State: closed - Opened by romain-gaillard 3 months ago
Labels: Rules
#4921 - Add detected action to github_secret_scanning_feature_disabled.yml
Pull Request -
State: closed - Opened by romain-gaillard 3 months ago
Labels: Rules
#4920 - Moved Two File Event Rules Under File Access
Pull Request -
State: closed - Opened by fornotes 3 months ago
- 2 comments
Labels: Rules, Windows