Ecosyste.ms: Issues
An open API service for providing issue and pull request metadata for open source projects.
GitHub / SigmaHQ/sigma issues and pull requests
#4780 - Minor fix for ip lookup rule
Pull Request -
State: closed - Opened by xiangchen96 3 months ago
Labels: Rules, Windows
#4779 - Update README.md
Pull Request -
State: closed - Opened by nasbench 4 months ago
Labels: Maintenance
#4778 - Qemu c2 tunnel
Pull Request -
State: closed - Opened by faisalusuf 4 months ago
- 1 comment
Labels: Rules, Windows
#4777 - More ip lookup services
Pull Request -
State: closed - Opened by xiangchen96 4 months ago
- 1 comment
Labels: Rules, 2nd Review Needed, Windows
#4776 - fix links to elatic-homepage in rules-files
Pull Request -
State: closed - Opened by security-companion 4 months ago
Labels: Rules, Windows, Maintenance
#4775 - Change action name to sigma-rules-validator to avoid conflict when publishing on GH marketplace
Pull Request -
State: closed - Opened by mostafa 4 months ago
Labels: Maintenance
#4774 - fix: fp found in testing
Pull Request -
State: closed - Opened by nasbench 4 months ago
- 1 comment
Labels: 2nd Review Needed
#4773 - New Rule - proc_creation_macos_susp_download_nscurl.yml
Pull Request -
State: closed - Opened by DefenderDaniel 4 months ago
#4772 - Fix path errors
Pull Request -
State: closed - Opened by mostafa 4 months ago
#4771 - Add another filter for lsass.exe
Pull Request -
State: closed - Opened by frack113 4 months ago
Labels: Rules, 2nd Review Needed
#4770 - Archive New Rule References
Pull Request -
State: closed - Opened by github-actions[bot] 4 months ago
#4769 - Fix permission error
Pull Request -
State: closed - Opened by mostafa 4 months ago
Labels: Maintenance
#4768 - chore : update workflows action version
Pull Request -
State: closed - Opened by frack113 4 months ago
Labels: Maintenance
#4767 - Update rules with windash modifier
Pull Request -
State: closed - Opened by frack113 4 months ago
- 2 comments
Labels: Rules, Windows
#4766 - New Rule for Suspicious Network Tunneling with QEMU
Pull Request -
State: closed - Opened by threatHNTR 4 months ago
- 1 comment
Labels: Rules, Windows
#4765 - Update additional rules to use the `cidr` modifier
Pull Request -
State: closed - Opened by frack113 4 months ago
Labels: Rules, Windows
#4764 - Update image_load_office_outlook_outlvba_load.yml
Pull Request -
State: closed - Opened by kietamin 4 months ago
Labels: Rules, Windows
#4763 - New rules related with Raspberry Robin TTPs
Pull Request -
State: open - Opened by swachchhanda000 4 months ago
- 7 comments
Labels: Rules, Work In Progress, Author Input Required, Emerging-Threats
#4762 - Fix false positive found in testing
Pull Request -
State: closed - Opened by nasbench 4 months ago
Labels: Rules, Windows
#4761 - chore: use CIDR modifier
Pull Request -
State: closed - Opened by nasbench 4 months ago
Labels: Rules, Windows
#4760 - Feat: Renamed NirCmd.EXE Execution
Pull Request -
State: closed - Opened by X-Junior 4 months ago
Labels: Rules
#4759 - Create Incoming TeamViewer Connection Rules
Pull Request -
State: closed - Opened by joshnck 4 months ago
- 1 comment
Labels: Rules, Windows
#4758 - Incoming teamviewer connection
Pull Request -
State: closed - Opened by joshnck 4 months ago
Labels: Rules, Windows, Linux
#4757 - New Rules: Shell Context Menu Command Tampering
Pull Request -
State: closed - Opened by nasbench 4 months ago
Labels: Rules, 2nd Review Needed, Windows
#4756 - New Filter for Remote Thread Creation In Uncommon Target Image
Pull Request -
State: closed - Opened by benmontour 4 months ago
Labels: Rules, Windows
#4755 - Updated proc_creation_win_lolbin_susp_atbroker.yml to add exceptions.
Pull Request -
State: closed - Opened by snajafov 4 months ago
Labels: Rules, Windows
#4754 - Update ATT&CK Mapping for Some Rules
Pull Request -
State: closed - Opened by qasimqlf 4 months ago
Labels: Rules, Windows
#4753 - Update `Wlrmdr.EXE Uncommon Argument Or Child Process`
Pull Request -
State: closed - Opened by defensivedepth 4 months ago
Labels: Rules, Windows
#4752 - Update rules to use the `windash` modifier
Pull Request -
State: closed - Opened by frack113 4 months ago
- 1 comment
Labels: QA, Rules, Windows, Linux, Emerging-Threats
#4751 - Potential Raspberry Robin CPL Execution Activity
Pull Request -
State: closed - Opened by swachchhanda000 4 months ago
Labels: Rules, Emerging-Threats
#4750 - Fix FP in proc_access_win_lsass_memdump.yml
Pull Request -
State: closed - Opened by secDre4mer 4 months ago
Labels: Rules, Windows
#4749 - Github New Rules for Secret Scanning and Push Protection Features
Pull Request -
State: closed - Opened by faisalusuf 4 months ago
Labels: Rules
#4748 - Suspicious Process DNS Query Known Abuse Web Services
Issue -
State: open - Opened by cY83rR0H1t 4 months ago
#4747 - Archive New Rule References
Pull Request -
State: closed - Opened by github-actions[bot] 4 months ago
#4745 - Promote Older Rules From `experimental` to `test`
Pull Request -
State: closed - Opened by github-actions[bot] 4 months ago
#4744 - Update two rules involving loading of DLLs with Windows utilities
Pull Request -
State: closed - Opened by CrimpSec 4 months ago
Labels: Rules, Windows
#4743 - Increase Coverage For SC Related Rule
Pull Request -
State: closed - Opened by nasbench 4 months ago
Labels: Rules, Windows
#4742 - CVE-2023-1389 Unauthenticated Command Injection Vulnerability
Issue -
State: open - Opened by cY83rR0H1t 4 months ago
#4741 - Hacktool Evil-Winrm Tool Detection via Powershell event ID
Issue -
State: open - Opened by cY83rR0H1t 4 months ago
#4740 - Lazagne Crendential Dumping Tool Detection Rule
Issue -
State: open - Opened by cY83rR0H1t 4 months ago
- 1 comment
#4739 - Update Multiple Rules to cover the '-' flags along with '/' flags
Pull Request -
State: closed - Opened by qasimqlf 4 months ago
- 2 comments
Labels: Rules, Windows
#4738 - Some House Cleaning & Fixes
Pull Request -
State: closed - Opened by nasbench 4 months ago
Labels: Rules, Windows, Emerging-Threats
#4737 - Bitbucket Detection Rules
Pull Request -
State: closed - Opened by faisalusuf 4 months ago
Labels: Rules, 2nd Review Needed
#4736 - Add/Update ScreenConnect RMM Related Rules
Pull Request -
State: closed - Opened by RG9n 4 months ago
Labels: Rules, 2nd Review Needed, Windows
#4735 - Slash&Grab Exploitation Related Updates
Pull Request -
State: closed - Opened by nasbench 4 months ago
Labels: Rules, 2nd Review Needed, Windows, Emerging-Threats
#4734 - New Rule for AWS GetSigninToken Abuse
Pull Request -
State: closed - Opened by clebron23 4 months ago
- 3 comments
Labels: Rules, 2nd Review Needed
#4733 - Windows DNS Query to OneLaunch update service
Pull Request -
State: closed - Opened by joshnck 4 months ago
- 2 comments
Labels: Rules, 2nd Review Needed, Windows
#4732 - ScreenConnect Exploitation Feb 2024
Pull Request -
State: closed - Opened by MATTANDERS0N 4 months ago
- 13 comments
Labels: Rules, 2nd Review Needed, Emerging-Threats
#4731 - New Rule: `No Suitable Encryption Key Found For Generating Kerberos Ticket`
Pull Request -
State: closed - Opened by tr0mb1r 4 months ago
Labels: Rules, Windows
#4730 - New Rule: `Active Directory Certificate Services Denied Certificate Enrollment Request`
Pull Request -
State: closed - Opened by tr0mb1r 4 months ago
Labels: Rules, Windows
#4729 - DPRK C2 DNS Indicator Rule
Pull Request -
State: closed - Opened by nasbench 5 months ago
Labels: Rules, Emerging-Threats
#4728 - Update Multiple Rules to cover the '-' arguments along with '/' arguments
Pull Request -
State: closed - Opened by qasimqlf 5 months ago
Labels: Rules, 2nd Review Needed, Windows
#4727 - Refractor 1/all of Condition unique
Pull Request -
State: closed - Opened by frack113 5 months ago
Labels: Rules, Windows, Emerging-Threats
#4726 - Create azure_ad_certificate_based_authencation_enabled.yml
Pull Request -
State: closed - Opened by cyb3rjy0t 5 months ago
- 3 comments
Labels: Rules, Work In Progress, Author Input Required
#4725 - Create azure_ad_new_root_ca_added.yml
Pull Request -
State: closed - Opened by cyb3rjy0t 5 months ago
- 6 comments
Labels: Rules, 2nd Review Needed
#4724 - Update validate script
Pull Request -
State: closed - Opened by mostafa 5 months ago
- 9 comments
Labels: Maintenance
#4722 - Archive New Rule References
Pull Request -
State: closed - Opened by github-actions[bot] 5 months ago
#4721 - Added user agent related to downloader used by RedCurl APT
Pull Request -
State: closed - Opened by MalGamy 5 months ago
Labels: Rules
#4720 - Create file_event_win_suspicious_dll_via_cerber_ransomware.yml
Pull Request -
State: closed - Opened by prashanthpulisetti 5 months ago
- 3 comments
Labels: Rules, Author Input Required, Windows
#4719 - Update Rules Related To `RunHTMLApplication` Abuse
Pull Request -
State: closed - Opened by joshnck 5 months ago
- 3 comments
Labels: Rules, 2nd Review Needed, Windows
#4718 - Update ATT&CK Mapping For Some Rules
Pull Request -
State: closed - Opened by qasimqlf 5 months ago
- 1 comment
Labels: Rules, Emerging-Threats
#4717 - fix: added the missing image condition
Pull Request -
State: closed - Opened by qasimqlf 5 months ago
Labels: Rules, Windows
#4716 - Update rule condition
Pull Request -
State: closed - Opened by qasimqlf 5 months ago
Labels: Rules, Windows
#4715 - fix: filter in hxtsr rule
Pull Request -
State: closed - Opened by Neo23x0 5 months ago
- 1 comment
Labels: Rules, Windows
#4714 - Add Rule Covering Exploitation Indicators For CVE 2022-42475
Pull Request -
State: closed - Opened by douglasrose75 5 months ago
- 2 comments
Labels: Rules
#4713 - feat: update Potential Dead Drop Resolvers rule
Pull Request -
State: closed - Opened by X-Junior 5 months ago
Labels: Rules, Windows
#4712 - Add Rule For Anydesk Execution With Known Compromised Certificate
Pull Request -
State: closed - Opened by prashanthpulisetti 5 months ago
- 2 comments
Labels: Rules, Windows
#4711 - Fix some FP in Rundll32 Execution With Uncommon DLL Extension
Pull Request -
State: closed - Opened by xiangchen96 5 months ago
- 2 comments
Labels: Rules, Windows
#4710 - Add ipconfig.io domain
Pull Request -
State: closed - Opened by xiangchen96 5 months ago
Labels: Rules, Windows
#4709 - Create detection_of_responder_tool_in_microsoft_365_defender_logs.yaml
Pull Request -
State: closed - Opened by prashanthpulisetti 5 months ago
- 5 comments
Labels: Rules, Work In Progress, Author Input Required
#4708 - Adding new hosting sites to downloading rules
Issue -
State: closed - Opened by omaramin17 5 months ago
- 3 comments
#4707 - New rules upload
Pull Request -
State: closed - Opened by skaynum 5 months ago
- 5 comments
Labels: Rules, Work In Progress, Windows
#4706 - Updated Sigma2Attack.py Script
Pull Request -
State: closed - Opened by DaveTheResearcher 5 months ago
- 3 comments
Labels: Duplicate
#4705 - New Rule: WMIC Disk and Volume Recon
Pull Request -
State: closed - Opened by slincoln-aiq 5 months ago
Labels: Rules, 2nd Review Needed, Windows
#4704 - Added RDP reg keys for darkgate malware
Pull Request -
State: closed - Opened by slincoln-aiq 5 months ago
Labels: Rules, 2nd Review Needed, Windows
#4703 - Hack tool EventLogCrasher - imphash based detection
Pull Request -
State: closed - Opened by Neo23x0 5 months ago
Labels: Rules, Windows
#4702 - Rules Tuning
Pull Request -
State: closed - Opened by nasbench 5 months ago
- 1 comment
Labels: Rules, 2nd Review Needed, Windows
#4701 - Archive New Rule References
Pull Request -
State: closed - Opened by github-actions[bot] 5 months ago
#4700 - Promote Older Rules From `experimental` to `test`
Pull Request -
State: closed - Opened by github-actions[bot] 5 months ago
#4699 - net_connection_win_rundll32_net_connections.yml leads to false positive via multiple vendors
Issue -
State: closed - Opened by bill-e-ghote 5 months ago
- 4 comments
Labels: False-Positive
#4698 - Added rules that detect possible activities associated with services and modules enumeration
Pull Request -
State: closed - Opened by swachchhanda000 5 months ago
- 4 comments
Labels: Rules, 2nd Review Needed, Windows
#4697 - Small fix
Pull Request -
State: closed - Opened by frack113 5 months ago
- 1 comment
Labels: Rules, Windows
#4696 - chore(deps-dev): bump aiohttp from 3.9.0 to 3.9.2
Pull Request -
State: closed - Opened by dependabot[bot] 5 months ago
- 1 comment
Labels: Dependencies
#4695 - Add OpenCanary Rules
Pull Request -
State: closed - Opened by defensivedepth 5 months ago
- 3 comments
Labels: Rules
#4694 - Authored native Kubernetes Detections
Pull Request -
State: closed - Opened by LAripping 5 months ago
- 6 comments
Labels: Rules, 2nd Review Needed, Maintenance
#4693 - update: removed unnecessary selection part
Pull Request -
State: closed - Opened by qasimqlf 5 months ago
Labels: Rules, Windows
#4692 - New rules related to iexpress.exe and makecab.exe
Pull Request -
State: closed - Opened by jstnk9 5 months ago
- 4 comments
Labels: Rules, Windows
#4691 - fix: updated the wrong image name
Pull Request -
State: closed - Opened by qasimqlf 5 months ago
- 2 comments
Labels: Rules, Windows
#4690 - Update pipe_created_hktl_cobaltstrike_susp_pipe_patterns.yml
Pull Request -
State: closed - Opened by tr0mb1r 5 months ago
Labels: Rules, 2nd Review Needed, Windows
#4689 - Added AttackIQ to README Projects and Products
Pull Request -
State: closed - Opened by slincoln-aiq 5 months ago
Labels: Maintenance
#4687 - update: added missing image names
Pull Request -
State: closed - Opened by qasimqlf 5 months ago
- 3 comments
Labels: Rules, Emerging-Threats
#4686 - Create proc_creation_win_hktl_sharpmove.yml
Pull Request -
State: closed - Opened by CrimpSec 6 months ago
Labels: Rules, Windows
#4685 - Create HackTool-EDRSilencer-Execution.yml
Pull Request -
State: closed - Opened by t-pol 6 months ago
Labels: Rules, 2nd Review Needed, Windows
#4684 - fix: several FPs
Pull Request -
State: closed - Opened by phantinuss 6 months ago
Labels: Rules, 2nd Review Needed, Windows
#4683 - Excessive requests from Go-http-client/1.1
Issue -
State: closed - Opened by cherdt 6 months ago
- 3 comments
#4682 - New: CodePage modification via MODE to Russian language
Pull Request -
State: closed - Opened by jstnk9 6 months ago
- 2 comments
Labels: Rules, Windows
#4681 - Add Missing Ref & Tags
Pull Request -
State: closed - Opened by nasbench 6 months ago
Labels: Rules, Windows, Linux, Maintenance
#4680 - Add miningocean.org mining pools
Pull Request -
State: closed - Opened by xiangchen96 6 months ago
Labels: Rules, 2nd Review Needed, Windows
#4679 - Suspicious unsigned DLL Loaded by RunDLL32/RegSvr32
Pull Request -
State: closed - Opened by swachchhanda000 6 months ago
Labels: Rules, 2nd Review Needed, Windows
#4678 - Added and updatd pikabot related rules
Pull Request -
State: closed - Opened by swachchhanda000 6 months ago
- 1 comment
Labels: Rules, Emerging-Threats