Ecosyste.ms: Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / SigmaHQ/sigma issues and pull requests

#4814 - Add new rule to detect MFA bypass in Cisco Duo

Pull Request - State: closed - Opened by nikitah4x 6 months ago
Labels: Rules, 2nd Review Needed

#4813 - Add Image to avoid FP

Pull Request - State: closed - Opened by frack113 6 months ago
Labels: Rules, 2nd Review Needed, Windows

#4812 - FPs with "File Enumeration Via Dir Command"

Issue - State: closed - Opened by YamatoSecurity 6 months ago
Labels: False-Positive

#4811 - Update proc_creation_lnx_exploit_cve_2024_3094_sshd_child_process.yml

Pull Request - State: closed - Opened by ruppde 6 months ago - 1 comment
Labels: Rules, Emerging-Threats

#4810 - Fix references in proc_creation_win_exploit_cve_2017_11882.yml #4804

Pull Request - State: closed - Opened by TheLawsOfChaos 6 months ago
Labels: Rules, Emerging-Threats

#4809 - Bump idna from 3.4 to 3.7

Pull Request - State: closed - Opened by dependabot[bot] 6 months ago - 1 comment
Labels: Dependencies

#4808 - FP Bad practice GPO

Pull Request - State: closed - Opened by frack113 6 months ago
Labels: Rules, 2nd Review Needed, Windows

#4807 - Update references and tags

Pull Request - State: closed - Opened by frack113 6 months ago
Labels: Rules, Windows

#4806 - Potential KeyScrambler.exe DLL Side-loading

Pull Request - State: closed - Opened by swachchhanda000 6 months ago - 3 comments
Labels: Rules, 2nd Review Needed, Windows

#4805 - fix: FP with chocolatey shimgen tool

Pull Request - State: closed - Opened by phantinuss 6 months ago
Labels: Rules, Windows

#4804 - Update proc_creation_win_exploit_cve_2017_11882.yml

Pull Request - State: closed - Opened by TheLawsOfChaos 6 months ago - 1 comment
Labels: Rules, Author Input Required, Windows

#4803 - Clean useless `.*` in regex

Pull Request - State: closed - Opened by frack113 6 months ago - 2 comments
Labels: Rules, 2nd Review Needed, Windows

#4802 - FP Fixes

Pull Request - State: closed - Opened by phantinuss 6 months ago
Labels: Rules, Windows

#4801 - Pnscan rule creation

Pull Request - State: closed - Opened by signalblur 6 months ago - 1 comment
Labels: Rules, 2nd Review Needed, Linux

#4800 - Add rule dns_query_win_mega_nz_via_sysmon

Pull Request - State: closed - Opened by dan21san 6 months ago - 1 comment
Labels: Duplicate, Rules, Windows

#4799 - fix: remove invalid slash in `ServiceDll Hijack` rule

Pull Request - State: closed - Opened by fukusuket 6 months ago
Labels: Rules, Windows

#4798 - Fix hashes

Pull Request - State: closed - Opened by PiRomant 6 months ago
Labels: Rules, Windows

#4797 - fix: filter PS1 policy check for AppLocker mode

Pull Request - State: closed - Opened by phantinuss 6 months ago
Labels: Rules, Windows

#4796 - Add rule about the cve-2024-3094

Pull Request - State: closed - Opened by dan21san 6 months ago
Labels: Rules, Linux

#4795 - Update lnx_shell_clear_cmd_history.yml

Pull Request - State: closed - Opened by signalblur 6 months ago - 1 comment
Labels: Rules, 2nd Review Needed, Linux

#4794 - Create proc_creation_lnx_susp_sshd_children.yml

Pull Request - State: closed - Opened by ruppde 6 months ago
Labels: Rules, 2nd Review Needed, Linux

#4793 - Update lnx_shell_clear_cmd_history.yml

Pull Request - State: closed - Opened by signalblur 6 months ago
Labels: Rules, Linux

#4792 - Archive New Rule References

Pull Request - State: closed - Opened by github-actions[bot] 6 months ago

#4791 - Promote Older Rules From `experimental` to `test`

Pull Request - State: closed - Opened by github-actions[bot] 6 months ago

#4790 - correct the error message and variable name in test_rules.py

Pull Request - State: closed - Opened by ya0guang 6 months ago
Labels: Maintenance

#4789 - correct a typo in test

Pull Request - State: closed - Opened by ya0guang 6 months ago
Labels: Maintenance

#4788 - fix: being loaded by wsmprovhost.exe

Pull Request - State: closed - Opened by phantinuss 6 months ago
Labels: Rules, Windows

#4787 - fix a typo in test_logsource.py

Pull Request - State: closed - Opened by ya0guang 6 months ago
Labels: Maintenance

#4785 - New Rule: proc_creation_macos_sysctl_discovery.yml

Pull Request - State: closed - Opened by pratinavchandra 6 months ago - 2 comments
Labels: Rules, MacOS

#4784 - Create file_event_win_malware_darkgate_autoit3_save_temp.yml

Pull Request - State: closed - Opened by tomaszdyduch 6 months ago
Labels: Rules, Emerging-Threats

#4783 - Fix FP & Registry Logic

Pull Request - State: closed - Opened by nasbench 6 months ago
Labels: Rules, Windows, Emerging-Threats

#4782 - New Rule: proc_creation_macos_susp_launchctl_execution.yml

Pull Request - State: closed - Opened by pratinavchandra 6 months ago
Labels: Rules, MacOS

#4781 - KamiKakaBot Malware Related Rules

Pull Request - State: closed - Opened by nasbench 6 months ago
Labels: Rules, 2nd Review Needed, Emerging-Threats

#4780 - Minor fix for ip lookup rule

Pull Request - State: closed - Opened by xiangchen96 6 months ago
Labels: Rules, Windows

#4779 - Update README.md

Pull Request - State: closed - Opened by nasbench 6 months ago
Labels: Maintenance

#4778 - Qemu c2 tunnel

Pull Request - State: closed - Opened by faisalusuf 7 months ago - 1 comment
Labels: Rules, Windows

#4777 - More ip lookup services

Pull Request - State: closed - Opened by xiangchen96 7 months ago - 1 comment
Labels: Rules, 2nd Review Needed, Windows

#4776 - fix links to elatic-homepage in rules-files

Pull Request - State: closed - Opened by security-companion 7 months ago
Labels: Rules, Windows, Maintenance

#4775 - Change action name to sigma-rules-validator to avoid conflict when publishing on GH marketplace

Pull Request - State: closed - Opened by mostafa 7 months ago
Labels: Maintenance

#4774 - fix: fp found in testing

Pull Request - State: closed - Opened by nasbench 7 months ago - 1 comment
Labels: 2nd Review Needed

#4773 - New Rule - proc_creation_macos_susp_download_nscurl.yml

Pull Request - State: closed - Opened by DefenderDaniel 7 months ago

#4772 - Fix path errors

Pull Request - State: closed - Opened by mostafa 7 months ago

#4771 - Add another filter for lsass.exe

Pull Request - State: closed - Opened by frack113 7 months ago
Labels: Rules, 2nd Review Needed

#4770 - Archive New Rule References

Pull Request - State: closed - Opened by github-actions[bot] 7 months ago

#4769 - Fix permission error

Pull Request - State: closed - Opened by mostafa 7 months ago
Labels: Maintenance

#4768 - chore : update workflows action version

Pull Request - State: closed - Opened by frack113 7 months ago
Labels: Maintenance

#4767 - Update rules with windash modifier

Pull Request - State: closed - Opened by frack113 7 months ago - 2 comments
Labels: Rules, Windows

#4766 - New Rule for Suspicious Network Tunneling with QEMU

Pull Request - State: closed - Opened by threatHNTR 7 months ago - 1 comment
Labels: Rules, Windows

#4765 - Update additional rules to use the `cidr` modifier

Pull Request - State: closed - Opened by frack113 7 months ago
Labels: Rules, Windows

#4764 - Update image_load_office_outlook_outlvba_load.yml

Pull Request - State: closed - Opened by kietamin 7 months ago
Labels: Rules, Windows

#4763 - New rules related to Raspberry Robin TTPs

Pull Request - State: closed - Opened by swachchhanda000 7 months ago - 7 comments
Labels: Rules, Emerging-Threats

#4762 - Fix false positive found in testing

Pull Request - State: closed - Opened by nasbench 7 months ago
Labels: Rules, Windows

#4761 - chore: use CIDR modifier

Pull Request - State: closed - Opened by nasbench 7 months ago
Labels: Rules, Windows

#4760 - Feat: Renamed NirCmd.EXE Execution

Pull Request - State: closed - Opened by X-Junior 7 months ago
Labels: Rules

#4759 - Create Incoming TeamViewer Connection Rules

Pull Request - State: closed - Opened by joshnck 7 months ago - 1 comment
Labels: Rules, Windows

#4758 - Incoming teamviewer connection

Pull Request - State: closed - Opened by joshnck 7 months ago
Labels: Rules, Windows, Linux

#4757 - New Rules: Shell Context Menu Command Tampering

Pull Request - State: closed - Opened by nasbench 7 months ago
Labels: Rules, 2nd Review Needed, Windows

#4756 - New Filter for Remote Thread Creation In Uncommon Target Image

Pull Request - State: closed - Opened by benmontour 7 months ago
Labels: Rules, Windows

#4755 - Updated proc_creation_win_lolbin_susp_atbroker.yml to add exceptions.

Pull Request - State: closed - Opened by snajafov 7 months ago
Labels: Rules, Windows

#4754 - Update ATT&CK Mapping for Some Rules

Pull Request - State: closed - Opened by qasimqlf 7 months ago
Labels: Rules, Windows

#4753 - Update `Wlrmdr.EXE Uncommon Argument Or Child Process`

Pull Request - State: closed - Opened by defensivedepth 7 months ago
Labels: Rules, Windows

#4752 - Update rules to use the `windash` modifier

Pull Request - State: closed - Opened by frack113 7 months ago - 1 comment
Labels: QA, Rules, Windows, Linux, Emerging-Threats

#4751 - Potential Raspberry Robin CPL Execution Activity

Pull Request - State: closed - Opened by swachchhanda000 7 months ago
Labels: Rules, Emerging-Threats

#4750 - Fix FP in proc_access_win_lsass_memdump.yml

Pull Request - State: closed - Opened by secDre4mer 7 months ago
Labels: Rules, Windows

#4749 - Github New Rules for Secret Scanning and Push Protection Features

Pull Request - State: closed - Opened by faisalusuf 7 months ago
Labels: Rules

#4747 - Archive New Rule References

Pull Request - State: closed - Opened by github-actions[bot] 7 months ago

#4745 - Promote Older Rules From `experimental` to `test`

Pull Request - State: closed - Opened by github-actions[bot] 7 months ago

#4744 - Update two rules involving loading of DLLs with Windows utilities

Pull Request - State: closed - Opened by CrimpSec 7 months ago
Labels: Rules, Windows

#4743 - Increase Coverage For SC Related Rule

Pull Request - State: closed - Opened by nasbench 7 months ago
Labels: Rules, Windows

#4740 - Lazagne Crendential Dumping Tool Detection Rule

Issue - State: open - Opened by cY83rR0H1t 7 months ago - 1 comment

#4739 - Update Multiple Rules to cover the '-' flags along with '/' flags

Pull Request - State: closed - Opened by qasimqlf 7 months ago - 2 comments
Labels: Rules, Windows

#4738 - Some House Cleaning & Fixes

Pull Request - State: closed - Opened by nasbench 7 months ago
Labels: Rules, Windows, Emerging-Threats

#4737 - Bitbucket Detection Rules

Pull Request - State: closed - Opened by faisalusuf 7 months ago
Labels: Rules, 2nd Review Needed

#4736 - Add/Update ScreenConnect RMM Related Rules

Pull Request - State: closed - Opened by RG9n 7 months ago
Labels: Rules, 2nd Review Needed, Windows

#4735 - Slash&Grab Exploitation Related Updates

Pull Request - State: closed - Opened by nasbench 7 months ago
Labels: Rules, 2nd Review Needed, Windows, Emerging-Threats

#4734 - New Rule for AWS GetSigninToken Abuse

Pull Request - State: closed - Opened by clebron23 7 months ago - 3 comments
Labels: Rules, 2nd Review Needed

#4733 - Windows DNS Query to OneLaunch update service

Pull Request - State: closed - Opened by joshnck 7 months ago - 2 comments
Labels: Rules, 2nd Review Needed, Windows

#4732 - ScreenConnect Exploitation Feb 2024

Pull Request - State: closed - Opened by MATTANDERS0N 7 months ago - 13 comments
Labels: Rules, 2nd Review Needed, Emerging-Threats

#4731 - New Rule: `No Suitable Encryption Key Found For Generating Kerberos Ticket`

Pull Request - State: closed - Opened by tr0mb1r 7 months ago
Labels: Rules, Windows

#4730 - New Rule: `Active Directory Certificate Services Denied Certificate Enrollment Request`

Pull Request - State: closed - Opened by tr0mb1r 7 months ago
Labels: Rules, Windows

#4729 - DPRK C2 DNS Indicator Rule

Pull Request - State: closed - Opened by nasbench 8 months ago
Labels: Rules, Emerging-Threats

#4728 - Update Multiple Rules to cover the '-' arguments along with '/' arguments

Pull Request - State: closed - Opened by qasimqlf 8 months ago
Labels: Rules, 2nd Review Needed, Windows

#4727 - Refractor 1/all of Condition unique

Pull Request - State: closed - Opened by frack113 8 months ago
Labels: Rules, Windows, Emerging-Threats

#4726 - Create azure_ad_certificate_based_authencation_enabled.yml

Pull Request - State: closed - Opened by cyb3rjy0t 8 months ago - 3 comments
Labels: Rules, Work In Progress, Author Input Required

#4725 - Create azure_ad_new_root_ca_added.yml

Pull Request - State: closed - Opened by cyb3rjy0t 8 months ago - 6 comments
Labels: Rules, 2nd Review Needed

#4724 - Update validate script

Pull Request - State: closed - Opened by mostafa 8 months ago - 9 comments
Labels: Maintenance

#4722 - Archive New Rule References

Pull Request - State: closed - Opened by github-actions[bot] 8 months ago

#4721 - Added user agent related to downloader used by RedCurl APT

Pull Request - State: closed - Opened by MalGamy 8 months ago
Labels: Rules

#4720 - Create file_event_win_suspicious_dll_via_cerber_ransomware.yml

Pull Request - State: closed - Opened by prashanthpulisetti 8 months ago - 3 comments
Labels: Rules, Author Input Required, Windows

#4719 - Update Rules Related To `RunHTMLApplication` Abuse

Pull Request - State: closed - Opened by joshnck 8 months ago - 3 comments
Labels: Rules, 2nd Review Needed, Windows

#4718 - Update ATT&CK Mapping For Some Rules

Pull Request - State: closed - Opened by qasimqlf 8 months ago - 1 comment
Labels: Rules, Emerging-Threats

#4717 - fix: added the missing image condition

Pull Request - State: closed - Opened by qasimqlf 8 months ago
Labels: Rules, Windows

#4716 - Update rule condition

Pull Request - State: closed - Opened by qasimqlf 8 months ago
Labels: Rules, Windows

#4715 - fix: filter in hxtsr rule

Pull Request - State: closed - Opened by Neo23x0 8 months ago - 1 comment
Labels: Rules, Windows

#4714 - Add Rule Covering Exploitation Indicators For CVE 2022-42475

Pull Request - State: closed - Opened by douglasrose75 8 months ago - 2 comments
Labels: Rules

#4713 - feat: update Potential Dead Drop Resolvers rule

Pull Request - State: closed - Opened by X-Junior 8 months ago
Labels: Rules, Windows

#4712 - Add Rule For Anydesk Execution With Known Compromised Certificate

Pull Request - State: closed - Opened by prashanthpulisetti 8 months ago - 2 comments
Labels: Rules, Windows