Ecosyste.ms: Issues
An open API service for providing issue and pull request metadata for open source projects.
GitHub / SigmaHQ/sigma issues and pull requests
#4814 - Add new rule to detect MFA bypass in Cisco Duo
Pull Request -
State: closed - Opened by nikitah4x 6 months ago
Labels: Rules, 2nd Review Needed
#4813 - Add Image to avoid FP
Pull Request -
State: closed - Opened by frack113 6 months ago
Labels: Rules, 2nd Review Needed, Windows
#4812 - FPs with "File Enumeration Via Dir Command"
Issue -
State: closed - Opened by YamatoSecurity 6 months ago
Labels: False-Positive
#4811 - Update proc_creation_lnx_exploit_cve_2024_3094_sshd_child_process.yml
Pull Request -
State: closed - Opened by ruppde 6 months ago
- 1 comment
Labels: Rules, Emerging-Threats
#4810 - Fix references in proc_creation_win_exploit_cve_2017_11882.yml #4804
Pull Request -
State: closed - Opened by TheLawsOfChaos 6 months ago
Labels: Rules, Emerging-Threats
#4809 - Bump idna from 3.4 to 3.7
Pull Request -
State: closed - Opened by dependabot[bot] 6 months ago
- 1 comment
Labels: Dependencies
#4808 - FP Bad practice GPO
Pull Request -
State: closed - Opened by frack113 6 months ago
Labels: Rules, 2nd Review Needed, Windows
#4807 - Update references and tags
Pull Request -
State: closed - Opened by frack113 6 months ago
Labels: Rules, Windows
#4806 - Potential KeyScrambler.exe DLL Side-loading
Pull Request -
State: closed - Opened by swachchhanda000 6 months ago
- 3 comments
Labels: Rules, 2nd Review Needed, Windows
#4805 - fix: FP with chocolatey shimgen tool
Pull Request -
State: closed - Opened by phantinuss 6 months ago
Labels: Rules, Windows
#4804 - Update proc_creation_win_exploit_cve_2017_11882.yml
Pull Request -
State: closed - Opened by TheLawsOfChaos 6 months ago
- 1 comment
Labels: Rules, Author Input Required, Windows
#4803 - Clean useless `.*` in regex
Pull Request -
State: closed - Opened by frack113 6 months ago
- 2 comments
Labels: Rules, 2nd Review Needed, Windows
#4802 - FP Fixes
Pull Request -
State: closed - Opened by phantinuss 6 months ago
Labels: Rules, Windows
#4801 - Pnscan rule creation
Pull Request -
State: closed - Opened by signalblur 6 months ago
- 1 comment
Labels: Rules, 2nd Review Needed, Linux
#4800 - Add rule dns_query_win_mega_nz_via_sysmon
Pull Request -
State: closed - Opened by dan21san 6 months ago
- 1 comment
Labels: Duplicate, Rules, Windows
#4799 - fix: remove invalid slash in `ServiceDll Hijack` rule
Pull Request -
State: closed - Opened by fukusuket 6 months ago
Labels: Rules, Windows
#4798 - Fix hashes
Pull Request -
State: closed - Opened by PiRomant 6 months ago
Labels: Rules, Windows
#4797 - fix: filter PS1 policy check for AppLocker mode
Pull Request -
State: closed - Opened by phantinuss 6 months ago
Labels: Rules, Windows
#4796 - Add rule about the cve-2024-3094
Pull Request -
State: closed - Opened by dan21san 6 months ago
Labels: Rules, Linux
#4795 - Update lnx_shell_clear_cmd_history.yml
Pull Request -
State: closed - Opened by signalblur 6 months ago
- 1 comment
Labels: Rules, 2nd Review Needed, Linux
#4794 - Create proc_creation_lnx_susp_sshd_children.yml
Pull Request -
State: closed - Opened by ruppde 6 months ago
Labels: Rules, 2nd Review Needed, Linux
#4793 - Update lnx_shell_clear_cmd_history.yml
Pull Request -
State: closed - Opened by signalblur 6 months ago
Labels: Rules, Linux
#4792 - Archive New Rule References
Pull Request -
State: closed - Opened by github-actions[bot] 6 months ago
#4791 - Promote Older Rules From `experimental` to `test`
Pull Request -
State: closed - Opened by github-actions[bot] 6 months ago
#4790 - correct the error message and variable name in test_rules.py
Pull Request -
State: closed - Opened by ya0guang 6 months ago
Labels: Maintenance
#4789 - correct a typo in test
Pull Request -
State: closed - Opened by ya0guang 6 months ago
Labels: Maintenance
#4788 - fix: being loaded by wsmprovhost.exe
Pull Request -
State: closed - Opened by phantinuss 6 months ago
Labels: Rules, Windows
#4787 - fix a typo in test_logsource.py
Pull Request -
State: closed - Opened by ya0guang 6 months ago
Labels: Maintenance
#4785 - New Rule: proc_creation_macos_sysctl_discovery.yml
Pull Request -
State: closed - Opened by pratinavchandra 6 months ago
- 2 comments
Labels: Rules, MacOS
#4784 - Create file_event_win_malware_darkgate_autoit3_save_temp.yml
Pull Request -
State: closed - Opened by tomaszdyduch 6 months ago
Labels: Rules, Emerging-Threats
#4783 - Fix FP & Registry Logic
Pull Request -
State: closed - Opened by nasbench 6 months ago
Labels: Rules, Windows, Emerging-Threats
#4782 - New Rule: proc_creation_macos_susp_launchctl_execution.yml
Pull Request -
State: closed - Opened by pratinavchandra 6 months ago
Labels: Rules, MacOS
#4781 - KamiKakaBot Malware Related Rules
Pull Request -
State: closed - Opened by nasbench 6 months ago
Labels: Rules, 2nd Review Needed, Emerging-Threats
#4780 - Minor fix for ip lookup rule
Pull Request -
State: closed - Opened by xiangchen96 6 months ago
Labels: Rules, Windows
#4779 - Update README.md
Pull Request -
State: closed - Opened by nasbench 6 months ago
Labels: Maintenance
#4778 - Qemu c2 tunnel
Pull Request -
State: closed - Opened by faisalusuf 7 months ago
- 1 comment
Labels: Rules, Windows
#4777 - More ip lookup services
Pull Request -
State: closed - Opened by xiangchen96 7 months ago
- 1 comment
Labels: Rules, 2nd Review Needed, Windows
#4776 - fix links to elatic-homepage in rules-files
Pull Request -
State: closed - Opened by security-companion 7 months ago
Labels: Rules, Windows, Maintenance
#4775 - Change action name to sigma-rules-validator to avoid conflict when publishing on GH marketplace
Pull Request -
State: closed - Opened by mostafa 7 months ago
Labels: Maintenance
#4774 - fix: fp found in testing
Pull Request -
State: closed - Opened by nasbench 7 months ago
- 1 comment
Labels: 2nd Review Needed
#4773 - New Rule - proc_creation_macos_susp_download_nscurl.yml
Pull Request -
State: closed - Opened by DefenderDaniel 7 months ago
#4772 - Fix path errors
Pull Request -
State: closed - Opened by mostafa 7 months ago
#4771 - Add another filter for lsass.exe
Pull Request -
State: closed - Opened by frack113 7 months ago
Labels: Rules, 2nd Review Needed
#4770 - Archive New Rule References
Pull Request -
State: closed - Opened by github-actions[bot] 7 months ago
#4769 - Fix permission error
Pull Request -
State: closed - Opened by mostafa 7 months ago
Labels: Maintenance
#4768 - chore : update workflows action version
Pull Request -
State: closed - Opened by frack113 7 months ago
Labels: Maintenance
#4767 - Update rules with windash modifier
Pull Request -
State: closed - Opened by frack113 7 months ago
- 2 comments
Labels: Rules, Windows
#4766 - New Rule for Suspicious Network Tunneling with QEMU
Pull Request -
State: closed - Opened by threatHNTR 7 months ago
- 1 comment
Labels: Rules, Windows
#4765 - Update additional rules to use the `cidr` modifier
Pull Request -
State: closed - Opened by frack113 7 months ago
Labels: Rules, Windows
#4764 - Update image_load_office_outlook_outlvba_load.yml
Pull Request -
State: closed - Opened by kietamin 7 months ago
Labels: Rules, Windows
#4763 - New rules related to Raspberry Robin TTPs
Pull Request -
State: closed - Opened by swachchhanda000 7 months ago
- 7 comments
Labels: Rules, Emerging-Threats
#4762 - Fix false positive found in testing
Pull Request -
State: closed - Opened by nasbench 7 months ago
Labels: Rules, Windows
#4761 - chore: use CIDR modifier
Pull Request -
State: closed - Opened by nasbench 7 months ago
Labels: Rules, Windows
#4760 - Feat: Renamed NirCmd.EXE Execution
Pull Request -
State: closed - Opened by X-Junior 7 months ago
Labels: Rules
#4759 - Create Incoming TeamViewer Connection Rules
Pull Request -
State: closed - Opened by joshnck 7 months ago
- 1 comment
Labels: Rules, Windows
#4758 - Incoming teamviewer connection
Pull Request -
State: closed - Opened by joshnck 7 months ago
Labels: Rules, Windows, Linux
#4757 - New Rules: Shell Context Menu Command Tampering
Pull Request -
State: closed - Opened by nasbench 7 months ago
Labels: Rules, 2nd Review Needed, Windows
#4756 - New Filter for Remote Thread Creation In Uncommon Target Image
Pull Request -
State: closed - Opened by benmontour 7 months ago
Labels: Rules, Windows
#4755 - Updated proc_creation_win_lolbin_susp_atbroker.yml to add exceptions.
Pull Request -
State: closed - Opened by snajafov 7 months ago
Labels: Rules, Windows
#4754 - Update ATT&CK Mapping for Some Rules
Pull Request -
State: closed - Opened by qasimqlf 7 months ago
Labels: Rules, Windows
#4753 - Update `Wlrmdr.EXE Uncommon Argument Or Child Process`
Pull Request -
State: closed - Opened by defensivedepth 7 months ago
Labels: Rules, Windows
#4752 - Update rules to use the `windash` modifier
Pull Request -
State: closed - Opened by frack113 7 months ago
- 1 comment
Labels: QA, Rules, Windows, Linux, Emerging-Threats
#4751 - Potential Raspberry Robin CPL Execution Activity
Pull Request -
State: closed - Opened by swachchhanda000 7 months ago
Labels: Rules, Emerging-Threats
#4750 - Fix FP in proc_access_win_lsass_memdump.yml
Pull Request -
State: closed - Opened by secDre4mer 7 months ago
Labels: Rules, Windows
#4749 - Github New Rules for Secret Scanning and Push Protection Features
Pull Request -
State: closed - Opened by faisalusuf 7 months ago
Labels: Rules
#4748 - Suspicious Process DNS Query Known Abuse Web Services
Issue -
State: open - Opened by cY83rR0H1t 7 months ago
#4747 - Archive New Rule References
Pull Request -
State: closed - Opened by github-actions[bot] 7 months ago
#4745 - Promote Older Rules From `experimental` to `test`
Pull Request -
State: closed - Opened by github-actions[bot] 7 months ago
#4744 - Update two rules involving loading of DLLs with Windows utilities
Pull Request -
State: closed - Opened by CrimpSec 7 months ago
Labels: Rules, Windows
#4743 - Increase Coverage For SC Related Rule
Pull Request -
State: closed - Opened by nasbench 7 months ago
Labels: Rules, Windows
#4742 - CVE-2023-1389 Unauthenticated Command Injection Vulnerability
Issue -
State: open - Opened by cY83rR0H1t 7 months ago
#4741 - Hacktool Evil-Winrm Tool Detection via Powershell event ID
Issue -
State: open - Opened by cY83rR0H1t 7 months ago
#4740 - Lazagne Crendential Dumping Tool Detection Rule
Issue -
State: open - Opened by cY83rR0H1t 7 months ago
- 1 comment
#4739 - Update Multiple Rules to cover the '-' flags along with '/' flags
Pull Request -
State: closed - Opened by qasimqlf 7 months ago
- 2 comments
Labels: Rules, Windows
#4738 - Some House Cleaning & Fixes
Pull Request -
State: closed - Opened by nasbench 7 months ago
Labels: Rules, Windows, Emerging-Threats
#4737 - Bitbucket Detection Rules
Pull Request -
State: closed - Opened by faisalusuf 7 months ago
Labels: Rules, 2nd Review Needed
#4736 - Add/Update ScreenConnect RMM Related Rules
Pull Request -
State: closed - Opened by RG9n 7 months ago
Labels: Rules, 2nd Review Needed, Windows
#4735 - Slash&Grab Exploitation Related Updates
Pull Request -
State: closed - Opened by nasbench 7 months ago
Labels: Rules, 2nd Review Needed, Windows, Emerging-Threats
#4734 - New Rule for AWS GetSigninToken Abuse
Pull Request -
State: closed - Opened by clebron23 7 months ago
- 3 comments
Labels: Rules, 2nd Review Needed
#4733 - Windows DNS Query to OneLaunch update service
Pull Request -
State: closed - Opened by joshnck 7 months ago
- 2 comments
Labels: Rules, 2nd Review Needed, Windows
#4732 - ScreenConnect Exploitation Feb 2024
Pull Request -
State: closed - Opened by MATTANDERS0N 7 months ago
- 13 comments
Labels: Rules, 2nd Review Needed, Emerging-Threats
#4731 - New Rule: `No Suitable Encryption Key Found For Generating Kerberos Ticket`
Pull Request -
State: closed - Opened by tr0mb1r 7 months ago
Labels: Rules, Windows
#4730 - New Rule: `Active Directory Certificate Services Denied Certificate Enrollment Request`
Pull Request -
State: closed - Opened by tr0mb1r 7 months ago
Labels: Rules, Windows
#4729 - DPRK C2 DNS Indicator Rule
Pull Request -
State: closed - Opened by nasbench 8 months ago
Labels: Rules, Emerging-Threats
#4728 - Update Multiple Rules to cover the '-' arguments along with '/' arguments
Pull Request -
State: closed - Opened by qasimqlf 8 months ago
Labels: Rules, 2nd Review Needed, Windows
#4727 - Refractor 1/all of Condition unique
Pull Request -
State: closed - Opened by frack113 8 months ago
Labels: Rules, Windows, Emerging-Threats
#4726 - Create azure_ad_certificate_based_authencation_enabled.yml
Pull Request -
State: closed - Opened by cyb3rjy0t 8 months ago
- 3 comments
Labels: Rules, Work In Progress, Author Input Required
#4725 - Create azure_ad_new_root_ca_added.yml
Pull Request -
State: closed - Opened by cyb3rjy0t 8 months ago
- 6 comments
Labels: Rules, 2nd Review Needed
#4724 - Update validate script
Pull Request -
State: closed - Opened by mostafa 8 months ago
- 9 comments
Labels: Maintenance
#4722 - Archive New Rule References
Pull Request -
State: closed - Opened by github-actions[bot] 8 months ago
#4721 - Added user agent related to downloader used by RedCurl APT
Pull Request -
State: closed - Opened by MalGamy 8 months ago
Labels: Rules
#4720 - Create file_event_win_suspicious_dll_via_cerber_ransomware.yml
Pull Request -
State: closed - Opened by prashanthpulisetti 8 months ago
- 3 comments
Labels: Rules, Author Input Required, Windows
#4719 - Update Rules Related To `RunHTMLApplication` Abuse
Pull Request -
State: closed - Opened by joshnck 8 months ago
- 3 comments
Labels: Rules, 2nd Review Needed, Windows
#4718 - Update ATT&CK Mapping For Some Rules
Pull Request -
State: closed - Opened by qasimqlf 8 months ago
- 1 comment
Labels: Rules, Emerging-Threats
#4717 - fix: added the missing image condition
Pull Request -
State: closed - Opened by qasimqlf 8 months ago
Labels: Rules, Windows
#4716 - Update rule condition
Pull Request -
State: closed - Opened by qasimqlf 8 months ago
Labels: Rules, Windows
#4715 - fix: filter in hxtsr rule
Pull Request -
State: closed - Opened by Neo23x0 8 months ago
- 1 comment
Labels: Rules, Windows
#4714 - Add Rule Covering Exploitation Indicators For CVE 2022-42475
Pull Request -
State: closed - Opened by douglasrose75 8 months ago
- 2 comments
Labels: Rules
#4713 - feat: update Potential Dead Drop Resolvers rule
Pull Request -
State: closed - Opened by X-Junior 8 months ago
Labels: Rules, Windows
#4712 - Add Rule For Anydesk Execution With Known Compromised Certificate
Pull Request -
State: closed - Opened by prashanthpulisetti 8 months ago
- 2 comments
Labels: Rules, Windows