Ecosyste.ms: Issues
An open API service for providing issue and pull request metadata for open source projects.
GitHub / SigmaHQ/sigma issues and pull requests
#4711 - Fix some FP in Rundll32 Execution With Uncommon DLL Extension
Pull Request -
State: closed - Opened by xiangchen96 8 months ago
- 2 comments
Labels: Rules, Windows
#4710 - Add ipconfig.io domain
Pull Request -
State: closed - Opened by xiangchen96 8 months ago
Labels: Rules, Windows
#4709 - Create detection_of_responder_tool_in_microsoft_365_defender_logs.yaml
Pull Request -
State: closed - Opened by prashanthpulisetti 8 months ago
- 5 comments
Labels: Rules, Work In Progress, Author Input Required
#4708 - Adding new hosting sites to downloading rules
Issue -
State: closed - Opened by omaramin17 8 months ago
- 3 comments
#4707 - New rules upload
Pull Request -
State: closed - Opened by skaynum 8 months ago
- 5 comments
Labels: Rules, Work In Progress, Windows
#4706 - Updated Sigma2Attack.py Script
Pull Request -
State: closed - Opened by DaveTheResearcher 8 months ago
- 3 comments
Labels: Duplicate
#4705 - New Rule: WMIC Disk and Volume Recon
Pull Request -
State: closed - Opened by slincoln-aiq 8 months ago
Labels: Rules, 2nd Review Needed, Windows
#4704 - Added RDP reg keys for darkgate malware
Pull Request -
State: closed - Opened by slincoln-aiq 8 months ago
Labels: Rules, 2nd Review Needed, Windows
#4703 - Hack tool EventLogCrasher - imphash based detection
Pull Request -
State: closed - Opened by Neo23x0 8 months ago
Labels: Rules, Windows
#4702 - Rules Tuning
Pull Request -
State: closed - Opened by nasbench 8 months ago
- 1 comment
Labels: Rules, 2nd Review Needed, Windows
#4701 - Archive New Rule References
Pull Request -
State: closed - Opened by github-actions[bot] 8 months ago
#4700 - Promote Older Rules From `experimental` to `test`
Pull Request -
State: closed - Opened by github-actions[bot] 8 months ago
#4699 - net_connection_win_rundll32_net_connections.yml leads to false positive via multiple vendors
Issue -
State: closed - Opened by bill-e-ghote 8 months ago
- 4 comments
Labels: False-Positive
#4698 - Added rules that detect possible activities associated with services and modules enumeration
Pull Request -
State: closed - Opened by swachchhanda000 8 months ago
- 4 comments
Labels: Rules, 2nd Review Needed, Windows
#4697 - Small fix
Pull Request -
State: closed - Opened by frack113 8 months ago
- 1 comment
Labels: Rules, Windows
#4696 - chore(deps-dev): bump aiohttp from 3.9.0 to 3.9.2
Pull Request -
State: closed - Opened by dependabot[bot] 8 months ago
- 1 comment
Labels: Dependencies
#4695 - Add OpenCanary Rules
Pull Request -
State: closed - Opened by defensivedepth 8 months ago
- 3 comments
Labels: Rules
#4694 - Authored native Kubernetes Detections
Pull Request -
State: closed - Opened by LAripping 8 months ago
- 6 comments
Labels: Rules, 2nd Review Needed, Maintenance
#4693 - update: removed unnecessary selection part
Pull Request -
State: closed - Opened by qasimqlf 8 months ago
Labels: Rules, Windows
#4692 - New rules related to iexpress.exe and makecab.exe
Pull Request -
State: closed - Opened by jstnk9 8 months ago
- 4 comments
Labels: Rules, Windows
#4691 - fix: updated the wrong image name
Pull Request -
State: closed - Opened by qasimqlf 8 months ago
- 2 comments
Labels: Rules, Windows
#4690 - Update pipe_created_hktl_cobaltstrike_susp_pipe_patterns.yml
Pull Request -
State: closed - Opened by tr0mb1r 8 months ago
Labels: Rules, 2nd Review Needed, Windows
#4689 - Added AttackIQ to README Projects and Products
Pull Request -
State: closed - Opened by slincoln-aiq 8 months ago
Labels: Maintenance
#4687 - update: added missing image names
Pull Request -
State: closed - Opened by qasimqlf 9 months ago
- 3 comments
Labels: Rules, Emerging-Threats
#4686 - Create proc_creation_win_hktl_sharpmove.yml
Pull Request -
State: closed - Opened by CrimpSec 9 months ago
Labels: Rules, Windows
#4685 - Create HackTool-EDRSilencer-Execution.yml
Pull Request -
State: closed - Opened by t-pol 9 months ago
Labels: Rules, 2nd Review Needed, Windows
#4684 - fix: several FPs
Pull Request -
State: closed - Opened by phantinuss 9 months ago
Labels: Rules, 2nd Review Needed, Windows
#4683 - Excessive requests from Go-http-client/1.1
Issue -
State: closed - Opened by cherdt 9 months ago
- 3 comments
#4682 - New: CodePage modification via MODE to Russian language
Pull Request -
State: closed - Opened by jstnk9 9 months ago
- 2 comments
Labels: Rules, Windows
#4681 - Add Missing Ref & Tags
Pull Request -
State: closed - Opened by nasbench 9 months ago
Labels: Rules, Windows, Linux, Maintenance
#4680 - Add miningocean.org mining pools
Pull Request -
State: closed - Opened by xiangchen96 9 months ago
Labels: Rules, 2nd Review Needed, Windows
#4679 - Suspicious unsigned DLL Loaded by RunDLL32/RegSvr32
Pull Request -
State: closed - Opened by swachchhanda000 9 months ago
Labels: Rules, 2nd Review Needed, Windows
#4678 - Added and updatd pikabot related rules
Pull Request -
State: closed - Opened by swachchhanda000 9 months ago
- 1 comment
Labels: Rules, Emerging-Threats
#4677 - Create proc_creation_win_medusa_ransomware_wmic.yml
Pull Request -
State: closed - Opened by prashanthpulisetti 9 months ago
- 1 comment
Labels: Duplicate, Rules, Emerging-Threats
#4676 - registry_set_medusa_Ransomware_disabling_of_uac_via_registry_modification.yml
Pull Request -
State: closed - Opened by prashanthpulisetti 9 months ago
- 2 comments
Labels: Duplicate, Rules, Windows
#4675 - Feat: New Emerging Threat Rules For Peach Sandstorm APT
Pull Request -
State: closed - Opened by X-Junior 9 months ago
Labels: Rules, Emerging-Threats
#4674 - Hacktool execution
Pull Request -
State: closed - Opened by Neo23x0 9 months ago
- 1 comment
Labels: Rules, 2nd Review Needed, Windows
#4673 - docs: broken link
Pull Request -
State: closed - Opened by Neo23x0 9 months ago
Labels: Rules, Windows
#4672 - Update proc_creation_win_wmic_recon_system_info.yml
Pull Request -
State: closed - Opened by tr0mb1r 9 months ago
- 1 comment
Labels: Rules, 2nd Review Needed, Windows
#4671 - Archive New Rule References
Pull Request -
State: closed - Opened by github-actions[bot] 9 months ago
#4670 - update proc_creation_win_findstr_lnk.yml
Pull Request -
State: closed - Opened by meiliumeiliu 9 months ago
- 1 comment
Labels: Rules, Author Input Required, Windows
#4669 - Logsources, lack of machine readable definition of log sources (and additional requirements)
Issue -
State: closed - Opened by MrSeccubus 9 months ago
- 4 comments
#4668 - Update registry_set_persistence_mycomputer.yml
Pull Request -
State: closed - Opened by joshnck 9 months ago
- 2 comments
Labels: Rules, 2nd Review Needed, Windows
#4667 - Fixes #4666 - sigma-logsource-checker tries to parse non-yml files
Pull Request -
State: closed - Opened by MrSeccubus 9 months ago
- 1 comment
Labels: Maintenance
#4666 - `documentations/tools/sigma-logsource-checker.py` is broken
Issue -
State: closed - Opened by MrSeccubus 9 months ago
- 1 comment
#4665 - Add Rule CPL Load From Non Default Location
Pull Request -
State: closed - Opened by Tuutaans 9 months ago
Labels: Rules, 2nd Review Needed, Windows
#4664 - Create win_security_wfp_edr_blocked.yml
Pull Request -
State: closed - Opened by danielgottt 9 months ago
Labels: Rules, 2nd Review Needed, Windows
#4663 - Update: Disable Windows Defender Features Addition
Pull Request -
State: closed - Opened by slincoln-aiq 9 months ago
Labels: Rules, Windows
#4662 - Add Rule Covering New Persistence Technique Using RegisterAppRestart AppCompat Layer
Pull Request -
State: closed - Opened by nasbench 9 months ago
Labels: Rules, Windows
#4661 - Suspicious forfiles Child process
Pull Request -
State: closed - Opened by Tuutaans 9 months ago
- 2 comments
Labels: Rules, 2nd Review Needed, Windows
#4660 - Update registry_set_persistence_shim_database_uncommon_location.yml
Pull Request -
State: closed - Opened by grumo35 9 months ago
- 3 comments
Labels: Rules, Windows
#4659 - Reduce `Remote PowerShell Session (PS Classic)` Level
Pull Request -
State: closed - Opened by nasbench 9 months ago
Labels: Rules, Windows
#4658 - Update README.md
Pull Request -
State: closed - Opened by nasbench 9 months ago
Labels: Maintenance
#4657 - Add pySigma_validators_sigmaHQ validator to workflow
Pull Request -
State: closed - Opened by frack113 9 months ago
- 2 comments
Labels: Rules, Work In Progress, MacOS, Maintenance
#4656 - Upgrade promote_rules_status to pySigma
Pull Request -
State: closed - Opened by frack113 9 months ago
Labels: Maintenance
#4655 - Create detection_rule_cve-2023_038831.yml
Pull Request -
State: closed - Opened by aungmyatthuw01f 9 months ago
- 4 comments
Labels: Rules, Work In Progress, Emerging-Threats
#4654 - fix: hardcoded removal of c: should be replace with ?:
Pull Request -
State: closed - Opened by qasimqlf 9 months ago
Labels: Rules, 2nd Review Needed, Windows
#4652 - Archive New Rule References
Pull Request -
State: closed - Opened by github-actions[bot] 9 months ago
#4651 - Promote Older Rules From `experimental` to `test`
Pull Request -
State: closed - Opened by github-actions[bot] 9 months ago
#4650 - Process Creation Cmdline Matches Patterns Observed in Pikabot Infections (with variations)
Pull Request -
State: closed - Opened by ahouspan 9 months ago
- 5 comments
Labels: Rules, 2nd Review Needed, Emerging-Threats
#4649 - new: System Information Discovery Using System_Profiler
Pull Request -
State: closed - Opened by slincoln-aiq 9 months ago
Labels: Rules, 2nd Review Needed, MacOS
#4648 - Create proc_creation_win_pua_edr_silencer.yml
Pull Request -
State: closed - Opened by danielgottt 9 months ago
- 1 comment
Labels: Rules, 2nd Review Needed, Windows
#4647 - Rule devel
Pull Request -
State: closed - Opened by Neo23x0 9 months ago
Labels: Rules, 2nd Review Needed, Windows
#4646 - fix: updated the wrong image name
Pull Request -
State: closed - Opened by qasimqlf 9 months ago
Labels: Rules, 2nd Review Needed, Windows
#4645 - Update: System Information Discovery Using Ioreg
Pull Request -
State: closed - Opened by slincoln-aiq 9 months ago
Labels: Rules, 2nd Review Needed, MacOS
#4644 - fix: missing commandline condition
Pull Request -
State: closed - Opened by qasimqlf 9 months ago
Labels: Rules, Windows
#4643 - Adding dotnet-trace lolbin
Pull Request -
State: closed - Opened by bohops 9 months ago
Labels: Rules, 2nd Review Needed, Windows
#4642 - Rule updated and added
Pull Request -
State: closed - Opened by Tuutaans 9 months ago
Labels: Rules, Windows
#4641 - Rule updated and added
Pull Request -
State: closed - Opened by Tuutaans 9 months ago
- 4 comments
Labels: Rules, Windows
#4640 - New: Configure System Integrity Protection (SIP) Enumeration
Pull Request -
State: closed - Opened by jstnk9 9 months ago
- 1 comment
Labels: Rules, MacOS
#4639 - Detection of Rhysida Ransomware
Issue -
State: open - Opened by nischalkhadgi62 9 months ago
- 1 comment
Labels: Work In Progress
#4638 - Create win_security_nofilter_privesc_tool_usage.yml
Pull Request -
State: closed - Opened by st0pp3r 10 months ago
- 1 comment
Labels: Rules, 2nd Review Needed, Windows
#4637 - Question: what is the best way to structure pipelines.yml files?
Issue -
State: open - Opened by DaviChavesPinheiro 10 months ago
- 1 comment
#4636 - Fix: Enable LM Hash Storage - ProcCreation
Pull Request -
State: closed - Opened by slincoln-aiq 10 months ago
Labels: Rules, Windows
#4635 - fix: updated the wrong condition of all
Pull Request -
State: closed - Opened by qasimqlf 10 months ago
Labels: Rules, Windows
#4634 - Add Detection of RDP Session Reconnaissance Activity
Pull Request -
State: closed - Opened by ThureinOo 10 months ago
- 4 comments
Labels: Duplicate, Rules, Windows
#4633 - New: Suspicious Desktop Background Change Using Reg.exe
Pull Request -
State: closed - Opened by slincoln-aiq 10 months ago
- 1 comment
Labels: Rules, Windows
#4632 - Filtering FP in pipe_created_hktl_efspotato.yml
Pull Request -
State: closed - Opened by tr0mb1r 10 months ago
Labels: Rules, 2nd Review Needed, Windows
#4631 - feat: add rules related to CISA `aa23-347a` advisory
Pull Request -
State: closed - Opened by nasbench 10 months ago
Labels: Rules, Windows, Emerging-Threats
#4630 - Use `expand` modifier to tranform placeholders
Pull Request -
State: closed - Opened by mostafa 10 months ago
- 2 comments
Labels: Rules, Windows
#4629 - Archive New Rule References
Pull Request -
State: closed - Opened by github-actions[bot] 10 months ago
#4628 - New: Detect Creation of Cloudflared Quick Tunnels
Pull Request -
State: closed - Opened by ssnkhan 10 months ago
- 5 comments
Labels: Rules, 2nd Review Needed, Windows
#4627 - fix: filter both program file folders
Pull Request -
State: closed - Opened by phantinuss 10 months ago
Labels: Rules, Windows
#4626 - Detect tar usage for data archiving on windows
Pull Request -
State: closed - Opened by AdmU3 10 months ago
Labels: Rules, Windows
#4625 - Sigma tactics organizer
Pull Request -
State: open - Opened by dan21san 10 months ago
- 2 comments
Labels: Work In Progress, Maintenance
#4623 - Consolidation of archiving sigma rules related to windows process under one single rule for MITRE T1560.001, DS0009
Pull Request -
State: closed - Opened by AdmU3 10 months ago
- 2 comments
Labels: Rules, Work In Progress, Author Input Required, Windows
#4622 - Adding Mitre Detection ID to Rule Tags
Issue -
State: closed - Opened by AdmU3 10 months ago
- 3 comments
#4621 - Add New GCP / Google Workspace Related Rules
Pull Request -
State: closed - Opened by zestsg 10 months ago
Labels: Rules
#4620 - False positive: File Download From Browser Process Via Inline Link
Issue -
State: closed - Opened by ptvoinfo 10 months ago
- 6 comments
Labels: False-Positive
#4619 - Update net_connection_win_office_susp_ports.yml
Pull Request -
State: closed - Opened by mcdave2k1 10 months ago
Labels: Rules, Windows
#4618 - add new webex binary
Pull Request -
State: closed - Opened by ruppde 10 months ago
Labels: Rules, Windows
#4617 - Fixed the typo in process name
Pull Request -
State: closed - Opened by GtUGtHGtNDtEUaE 10 months ago
Labels: Rules, Windows
#4616 - nkjkjhkj
Pull Request -
State: closed - Opened by GtUGtHGtNDtEUaE 10 months ago
Labels: Rules, Windows
#4615 - Update WMIC Discovery Rule + New System Discovery Rules For MacOS
Pull Request -
State: closed - Opened by jstnk9 10 months ago
- 6 comments
Labels: Rules, Windows, MacOS
#4614 - feat: updates for multiple rules 4-12-2023
Pull Request -
State: closed - Opened by X-Junior 10 months ago
Labels: Rules, 2nd Review Needed, Windows
#4613 - proc_creation_win_susp_bad_opsec_sacrificial_processes Chrome Installer False Positives
Issue -
State: closed - Opened by AaronS97 10 months ago
- 2 comments
Labels: False-Positive
#4612 - Update sigma-schema.json
Pull Request -
State: closed - Opened by nasbench 10 months ago
Labels: 2nd Review Needed, Maintenance
#4611 - Promote Older Rules From `experimental` to `test`
Pull Request -
State: closed - Opened by github-actions[bot] 10 months ago
Labels: 2nd Review Needed
#4610 - chore: use different branch to avoid override
Pull Request -
State: closed - Opened by nasbench 10 months ago
Labels: Maintenance
#4609 - Add more pySigma tests to CI
Pull Request -
State: closed - Opened by frack113 10 months ago
Labels: 2nd Review Needed, Maintenance