Ecosyste.ms: Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / SigmaHQ/sigma issues and pull requests

#4780 - Minor fix for ip lookup rule

Pull Request - State: closed - Opened by xiangchen96 3 months ago
Labels: Rules, Windows

#4779 - Update README.md

Pull Request - State: closed - Opened by nasbench 4 months ago
Labels: Maintenance

#4778 - Qemu c2 tunnel

Pull Request - State: closed - Opened by faisalusuf 4 months ago - 1 comment
Labels: Rules, Windows

#4777 - More ip lookup services

Pull Request - State: closed - Opened by xiangchen96 4 months ago - 1 comment
Labels: Rules, 2nd Review Needed, Windows

#4776 - fix links to elatic-homepage in rules-files

Pull Request - State: closed - Opened by security-companion 4 months ago
Labels: Rules, Windows, Maintenance

#4775 - Change action name to sigma-rules-validator to avoid conflict when publishing on GH marketplace

Pull Request - State: closed - Opened by mostafa 4 months ago
Labels: Maintenance

#4774 - fix: fp found in testing

Pull Request - State: closed - Opened by nasbench 4 months ago - 1 comment
Labels: 2nd Review Needed

#4773 - New Rule - proc_creation_macos_susp_download_nscurl.yml

Pull Request - State: closed - Opened by DefenderDaniel 4 months ago

#4772 - Fix path errors

Pull Request - State: closed - Opened by mostafa 4 months ago

#4771 - Add another filter for lsass.exe

Pull Request - State: closed - Opened by frack113 4 months ago
Labels: Rules, 2nd Review Needed

#4770 - Archive New Rule References

Pull Request - State: closed - Opened by github-actions[bot] 4 months ago

#4769 - Fix permission error

Pull Request - State: closed - Opened by mostafa 4 months ago
Labels: Maintenance

#4768 - chore : update workflows action version

Pull Request - State: closed - Opened by frack113 4 months ago
Labels: Maintenance

#4767 - Update rules with windash modifier

Pull Request - State: closed - Opened by frack113 4 months ago - 2 comments
Labels: Rules, Windows

#4766 - New Rule for Suspicious Network Tunneling with QEMU

Pull Request - State: closed - Opened by threatHNTR 4 months ago - 1 comment
Labels: Rules, Windows

#4765 - Update additional rules to use the `cidr` modifier

Pull Request - State: closed - Opened by frack113 4 months ago
Labels: Rules, Windows

#4764 - Update image_load_office_outlook_outlvba_load.yml

Pull Request - State: closed - Opened by kietamin 4 months ago
Labels: Rules, Windows

#4763 - New rules related with Raspberry Robin TTPs

Pull Request - State: open - Opened by swachchhanda000 4 months ago - 7 comments
Labels: Rules, Work In Progress, Author Input Required, Emerging-Threats

#4762 - Fix false positive found in testing

Pull Request - State: closed - Opened by nasbench 4 months ago
Labels: Rules, Windows

#4761 - chore: use CIDR modifier

Pull Request - State: closed - Opened by nasbench 4 months ago
Labels: Rules, Windows

#4760 - Feat: Renamed NirCmd.EXE Execution

Pull Request - State: closed - Opened by X-Junior 4 months ago
Labels: Rules

#4759 - Create Incoming TeamViewer Connection Rules

Pull Request - State: closed - Opened by joshnck 4 months ago - 1 comment
Labels: Rules, Windows

#4758 - Incoming teamviewer connection

Pull Request - State: closed - Opened by joshnck 4 months ago
Labels: Rules, Windows, Linux

#4757 - New Rules: Shell Context Menu Command Tampering

Pull Request - State: closed - Opened by nasbench 4 months ago
Labels: Rules, 2nd Review Needed, Windows

#4756 - New Filter for Remote Thread Creation In Uncommon Target Image

Pull Request - State: closed - Opened by benmontour 4 months ago
Labels: Rules, Windows

#4755 - Updated proc_creation_win_lolbin_susp_atbroker.yml to add exceptions.

Pull Request - State: closed - Opened by snajafov 4 months ago
Labels: Rules, Windows

#4754 - Update ATT&CK Mapping for Some Rules

Pull Request - State: closed - Opened by qasimqlf 4 months ago
Labels: Rules, Windows

#4753 - Update `Wlrmdr.EXE Uncommon Argument Or Child Process`

Pull Request - State: closed - Opened by defensivedepth 4 months ago
Labels: Rules, Windows

#4752 - Update rules to use the `windash` modifier

Pull Request - State: closed - Opened by frack113 4 months ago - 1 comment
Labels: QA, Rules, Windows, Linux, Emerging-Threats

#4751 - Potential Raspberry Robin CPL Execution Activity

Pull Request - State: closed - Opened by swachchhanda000 4 months ago
Labels: Rules, Emerging-Threats

#4750 - Fix FP in proc_access_win_lsass_memdump.yml

Pull Request - State: closed - Opened by secDre4mer 4 months ago
Labels: Rules, Windows

#4749 - Github New Rules for Secret Scanning and Push Protection Features

Pull Request - State: closed - Opened by faisalusuf 4 months ago
Labels: Rules

#4747 - Archive New Rule References

Pull Request - State: closed - Opened by github-actions[bot] 4 months ago

#4745 - Promote Older Rules From `experimental` to `test`

Pull Request - State: closed - Opened by github-actions[bot] 4 months ago

#4744 - Update two rules involving loading of DLLs with Windows utilities

Pull Request - State: closed - Opened by CrimpSec 4 months ago
Labels: Rules, Windows

#4743 - Increase Coverage For SC Related Rule

Pull Request - State: closed - Opened by nasbench 4 months ago
Labels: Rules, Windows

#4740 - Lazagne Crendential Dumping Tool Detection Rule

Issue - State: open - Opened by cY83rR0H1t 4 months ago - 1 comment

#4739 - Update Multiple Rules to cover the '-' flags along with '/' flags

Pull Request - State: closed - Opened by qasimqlf 4 months ago - 2 comments
Labels: Rules, Windows

#4738 - Some House Cleaning & Fixes

Pull Request - State: closed - Opened by nasbench 4 months ago
Labels: Rules, Windows, Emerging-Threats

#4737 - Bitbucket Detection Rules

Pull Request - State: closed - Opened by faisalusuf 4 months ago
Labels: Rules, 2nd Review Needed

#4736 - Add/Update ScreenConnect RMM Related Rules

Pull Request - State: closed - Opened by RG9n 4 months ago
Labels: Rules, 2nd Review Needed, Windows

#4735 - Slash&Grab Exploitation Related Updates

Pull Request - State: closed - Opened by nasbench 4 months ago
Labels: Rules, 2nd Review Needed, Windows, Emerging-Threats

#4734 - New Rule for AWS GetSigninToken Abuse

Pull Request - State: closed - Opened by clebron23 4 months ago - 3 comments
Labels: Rules, 2nd Review Needed

#4733 - Windows DNS Query to OneLaunch update service

Pull Request - State: closed - Opened by joshnck 4 months ago - 2 comments
Labels: Rules, 2nd Review Needed, Windows

#4732 - ScreenConnect Exploitation Feb 2024

Pull Request - State: closed - Opened by MATTANDERS0N 4 months ago - 13 comments
Labels: Rules, 2nd Review Needed, Emerging-Threats

#4731 - New Rule: `No Suitable Encryption Key Found For Generating Kerberos Ticket`

Pull Request - State: closed - Opened by tr0mb1r 4 months ago
Labels: Rules, Windows

#4730 - New Rule: `Active Directory Certificate Services Denied Certificate Enrollment Request`

Pull Request - State: closed - Opened by tr0mb1r 4 months ago
Labels: Rules, Windows

#4729 - DPRK C2 DNS Indicator Rule

Pull Request - State: closed - Opened by nasbench 5 months ago
Labels: Rules, Emerging-Threats

#4728 - Update Multiple Rules to cover the '-' arguments along with '/' arguments

Pull Request - State: closed - Opened by qasimqlf 5 months ago
Labels: Rules, 2nd Review Needed, Windows

#4727 - Refractor 1/all of Condition unique

Pull Request - State: closed - Opened by frack113 5 months ago
Labels: Rules, Windows, Emerging-Threats

#4726 - Create azure_ad_certificate_based_authencation_enabled.yml

Pull Request - State: closed - Opened by cyb3rjy0t 5 months ago - 3 comments
Labels: Rules, Work In Progress, Author Input Required

#4725 - Create azure_ad_new_root_ca_added.yml

Pull Request - State: closed - Opened by cyb3rjy0t 5 months ago - 6 comments
Labels: Rules, 2nd Review Needed

#4724 - Update validate script

Pull Request - State: closed - Opened by mostafa 5 months ago - 9 comments
Labels: Maintenance

#4722 - Archive New Rule References

Pull Request - State: closed - Opened by github-actions[bot] 5 months ago

#4721 - Added user agent related to downloader used by RedCurl APT

Pull Request - State: closed - Opened by MalGamy 5 months ago
Labels: Rules

#4720 - Create file_event_win_suspicious_dll_via_cerber_ransomware.yml

Pull Request - State: closed - Opened by prashanthpulisetti 5 months ago - 3 comments
Labels: Rules, Author Input Required, Windows

#4719 - Update Rules Related To `RunHTMLApplication` Abuse

Pull Request - State: closed - Opened by joshnck 5 months ago - 3 comments
Labels: Rules, 2nd Review Needed, Windows

#4718 - Update ATT&CK Mapping For Some Rules

Pull Request - State: closed - Opened by qasimqlf 5 months ago - 1 comment
Labels: Rules, Emerging-Threats

#4717 - fix: added the missing image condition

Pull Request - State: closed - Opened by qasimqlf 5 months ago
Labels: Rules, Windows

#4716 - Update rule condition

Pull Request - State: closed - Opened by qasimqlf 5 months ago
Labels: Rules, Windows

#4715 - fix: filter in hxtsr rule

Pull Request - State: closed - Opened by Neo23x0 5 months ago - 1 comment
Labels: Rules, Windows

#4714 - Add Rule Covering Exploitation Indicators For CVE 2022-42475

Pull Request - State: closed - Opened by douglasrose75 5 months ago - 2 comments
Labels: Rules

#4713 - feat: update Potential Dead Drop Resolvers rule

Pull Request - State: closed - Opened by X-Junior 5 months ago
Labels: Rules, Windows

#4712 - Add Rule For Anydesk Execution With Known Compromised Certificate

Pull Request - State: closed - Opened by prashanthpulisetti 5 months ago - 2 comments
Labels: Rules, Windows

#4711 - Fix some FP in Rundll32 Execution With Uncommon DLL Extension

Pull Request - State: closed - Opened by xiangchen96 5 months ago - 2 comments
Labels: Rules, Windows

#4710 - Add ipconfig.io domain

Pull Request - State: closed - Opened by xiangchen96 5 months ago
Labels: Rules, Windows

#4709 - Create detection_of_responder_tool_in_microsoft_365_defender_logs.yaml

Pull Request - State: closed - Opened by prashanthpulisetti 5 months ago - 5 comments
Labels: Rules, Work In Progress, Author Input Required

#4708 - Adding new hosting sites to downloading rules

Issue - State: closed - Opened by omaramin17 5 months ago - 3 comments

#4707 - New rules upload

Pull Request - State: closed - Opened by skaynum 5 months ago - 5 comments
Labels: Rules, Work In Progress, Windows

#4706 - Updated Sigma2Attack.py Script

Pull Request - State: closed - Opened by DaveTheResearcher 5 months ago - 3 comments
Labels: Duplicate

#4705 - New Rule: WMIC Disk and Volume Recon

Pull Request - State: closed - Opened by slincoln-aiq 5 months ago
Labels: Rules, 2nd Review Needed, Windows

#4704 - Added RDP reg keys for darkgate malware

Pull Request - State: closed - Opened by slincoln-aiq 5 months ago
Labels: Rules, 2nd Review Needed, Windows

#4703 - Hack tool EventLogCrasher - imphash based detection

Pull Request - State: closed - Opened by Neo23x0 5 months ago
Labels: Rules, Windows

#4702 - Rules Tuning

Pull Request - State: closed - Opened by nasbench 5 months ago - 1 comment
Labels: Rules, 2nd Review Needed, Windows

#4701 - Archive New Rule References

Pull Request - State: closed - Opened by github-actions[bot] 5 months ago

#4700 - Promote Older Rules From `experimental` to `test`

Pull Request - State: closed - Opened by github-actions[bot] 5 months ago

#4699 - net_connection_win_rundll32_net_connections.yml leads to false positive via multiple vendors

Issue - State: closed - Opened by bill-e-ghote 5 months ago - 4 comments
Labels: False-Positive

#4698 - Added rules that detect possible activities associated with services and modules enumeration

Pull Request - State: closed - Opened by swachchhanda000 5 months ago - 4 comments
Labels: Rules, 2nd Review Needed, Windows

#4697 - Small fix

Pull Request - State: closed - Opened by frack113 5 months ago - 1 comment
Labels: Rules, Windows

#4696 - chore(deps-dev): bump aiohttp from 3.9.0 to 3.9.2

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago - 1 comment
Labels: Dependencies

#4695 - Add OpenCanary Rules

Pull Request - State: closed - Opened by defensivedepth 5 months ago - 3 comments
Labels: Rules

#4694 - Authored native Kubernetes Detections

Pull Request - State: closed - Opened by LAripping 5 months ago - 6 comments
Labels: Rules, 2nd Review Needed, Maintenance

#4693 - update: removed unnecessary selection part

Pull Request - State: closed - Opened by qasimqlf 5 months ago
Labels: Rules, Windows

#4692 - New rules related to iexpress.exe and makecab.exe

Pull Request - State: closed - Opened by jstnk9 5 months ago - 4 comments
Labels: Rules, Windows

#4691 - fix: updated the wrong image name

Pull Request - State: closed - Opened by qasimqlf 5 months ago - 2 comments
Labels: Rules, Windows

#4690 - Update pipe_created_hktl_cobaltstrike_susp_pipe_patterns.yml

Pull Request - State: closed - Opened by tr0mb1r 5 months ago
Labels: Rules, 2nd Review Needed, Windows

#4689 - Added AttackIQ to README Projects and Products

Pull Request - State: closed - Opened by slincoln-aiq 5 months ago
Labels: Maintenance

#4687 - update: added missing image names

Pull Request - State: closed - Opened by qasimqlf 5 months ago - 3 comments
Labels: Rules, Emerging-Threats

#4686 - Create proc_creation_win_hktl_sharpmove.yml

Pull Request - State: closed - Opened by CrimpSec 6 months ago
Labels: Rules, Windows

#4685 - Create HackTool-EDRSilencer-Execution.yml

Pull Request - State: closed - Opened by t-pol 6 months ago
Labels: Rules, 2nd Review Needed, Windows

#4684 - fix: several FPs

Pull Request - State: closed - Opened by phantinuss 6 months ago
Labels: Rules, 2nd Review Needed, Windows

#4683 - Excessive requests from Go-http-client/1.1

Issue - State: closed - Opened by cherdt 6 months ago - 3 comments

#4682 - New: CodePage modification via MODE to Russian language

Pull Request - State: closed - Opened by jstnk9 6 months ago - 2 comments
Labels: Rules, Windows

#4681 - Add Missing Ref & Tags

Pull Request - State: closed - Opened by nasbench 6 months ago
Labels: Rules, Windows, Linux, Maintenance

#4680 - Add miningocean.org mining pools

Pull Request - State: closed - Opened by xiangchen96 6 months ago
Labels: Rules, 2nd Review Needed, Windows

#4679 - Suspicious unsigned DLL Loaded by RunDLL32/RegSvr32

Pull Request - State: closed - Opened by swachchhanda000 6 months ago
Labels: Rules, 2nd Review Needed, Windows

#4678 - Added and updatd pikabot related rules

Pull Request - State: closed - Opened by swachchhanda000 6 months ago - 1 comment
Labels: Rules, Emerging-Threats