Ecosyste.ms: Issues
An open API service for providing issue and pull request metadata for open source projects.
GitHub / SigmaHQ/sigma issues and pull requests
#4504 - Add Auto Comment Bot For Workflow Results
Pull Request -
State: closed - Opened by nasbench 11 months ago
- 2 comments
Labels: Work In Progress, Maintenance
#4503 - Fixes & Updates
Pull Request -
State: closed - Opened by nasbench 11 months ago
Labels: Rules, 2nd Review Needed, Windows
#4501 - Update proc_creation_win_setspn_spn_enumeration.yml
Pull Request -
State: closed - Opened by EzLucky 12 months ago
Labels: Rules, Windows
#4500 - chore: clarify latest release location in release message
Pull Request -
State: closed - Opened by phantinuss 12 months ago
Labels: Maintenance
#4499 - Packages Releases - "latest"
Issue -
State: closed - Opened by defensivedepth 12 months ago
- 6 comments
Labels: Maintenance
#4498 - Security Software Discovery by Powershell rule updated
Pull Request -
State: closed - Opened by Tuutaans 12 months ago
Labels: Rules, 2nd Review Needed, Windows
#4497 - Add New Rule For Cisco IOS XE Exploitation
Pull Request -
State: closed - Opened by ts-lbf 12 months ago
- 1 comment
Labels: Rules, Emerging-Threats
#4496 - Fix Issue 4495
Pull Request -
State: closed - Opened by frack113 12 months ago
- 1 comment
Labels: Rules, 2nd Review Needed, Windows
#4495 - FN on Potentially Suspicious Findstr.EXE Execution
Issue -
State: closed - Opened by Tuutaans 12 months ago
- 2 comments
Labels: Rules, False-Positive
#4494 - Add CVE-2023-43261 Detection
Pull Request -
State: closed - Opened by ThureinOo 12 months ago
- 1 comment
Labels: Rules, 2nd Review Needed, Emerging-Threats
#4493 - Added a rule which detects manual dumping of LSASS.exe memory using Taskmgr
Pull Request -
State: closed - Opened by swachchhanda000 12 months ago
Labels: Rules, Windows
#4492 - Add CVE-2023-43261 Activity
Pull Request -
State: closed - Opened by ThureinOo 12 months ago
Labels: Rules, Emerging-Threats
#4491 - Rule Updates & Fixes
Pull Request -
State: closed - Opened by nasbench 12 months ago
Labels: Rules, 2nd Review Needed, Windows, Maintenance
#4490 - FP fixes
Pull Request -
State: closed - Opened by phantinuss 12 months ago
Labels: Rules, Windows, Emerging-Threats
#4489 - Add DLL Sideloading of NickelLoader Malware Loader
Pull Request -
State: closed - Opened by ThureinOo 12 months ago
- 12 comments
Labels: Rules, Windows
#4488 - Create registry_event_to_turn_on_script_execution.yml
Pull Request -
State: closed - Opened by ThureinOo 12 months ago
- 4 comments
Labels: Rules, Windows
#4487 - Add registry_event_turn_on_script_execution.yml Rule
Pull Request -
State: closed - Opened by ThureinOo 12 months ago
#4486 - Add registry_event_turn_on_script_execution.yml rule.
Pull Request -
State: closed - Opened by ThureinOo 12 months ago
#4485 - chore(deps): bump urllib3 from 1.26.17 to 1.26.18
Pull Request -
State: closed - Opened by dependabot[bot] 12 months ago
Labels: Dependencies
#4484 - FP fixes
Pull Request -
State: closed - Opened by phantinuss 12 months ago
Labels: Rules, Windows, False-Positive Fix
#4482 - Add New Automation Workflows
Pull Request -
State: closed - Opened by nasbench 12 months ago
Labels: Maintenance
#4481 - New Rules for AutoIt3.exe behaving in a way matching the DG infection chain
Pull Request -
State: closed - Opened by mbabinski 12 months ago
- 1 comment
Labels: Rules, Windows, Emerging-Threats
#4480 - chore: Update level information for emerging-threats rules
Pull Request -
State: closed - Opened by frack113 12 months ago
Labels: Rules, Maintenance
#4479 - chore Promote old experimental
Pull Request -
State: closed - Opened by frack113 12 months ago
Labels: Maintenance
#4478 - add winlog-channel to win_codeintegrity_revoked
Pull Request -
State: closed - Opened by security-companion 12 months ago
- 1 comment
#4477 - CoercedPotato activity
Pull Request -
State: closed - Opened by Neo23x0 12 months ago
Labels: Rules, Windows
#4476 - fix: FPs found in testing env
Pull Request -
State: closed - Opened by phantinuss 12 months ago
Labels: Rules, False-Positive Fix
#4475 - chore: re-organize cloud folder and other things
Pull Request -
State: closed - Opened by nasbench 12 months ago
- 1 comment
Labels: Rules, Maintenance
#4474 - Officialize New Conditionals for More Complex Sigmas Rules - For Documentation Purposes Only
Issue -
State: closed - Opened by ish-icarocesar 12 months ago
- 8 comments
#4473 - Reduce broken links in references
Issue -
State: closed - Opened by martinspielmann 12 months ago
- 4 comments
Labels: Maintenance
#4472 - Disable Hypervisor-Protected Code Integrity
Pull Request -
State: closed - Opened by Tuutaans 12 months ago
- 1 comment
Labels: Rules, Windows
#4471 - Updating ATT&CK mapping to proper technique
Pull Request -
State: closed - Opened by jkb-s 12 months ago
#4470 - fix: FPs found in testing environment
Pull Request -
State: closed - Opened by phantinuss 12 months ago
- 1 comment
Labels: Rules, False-Positive Fix
#4469 - chore: add workflows, scripts and documentation for release packages
Pull Request -
State: closed - Opened by phantinuss 12 months ago
Labels: Maintenance
#4468 - chore(deps): bump urllib3 from 1.26.6 to 1.26.17
Pull Request -
State: closed - Opened by dependabot[bot] almost 1 year ago
Labels: Dependencies
#4467 - ScreenConnect rules
Pull Request -
State: closed - Opened by alwashali about 1 year ago
- 3 comments
Labels: Rules, Windows
#4466 - Rule: Renamed Curl Execution
Pull Request -
State: closed - Opened by Neo23x0 about 1 year ago
- 1 comment
#4465 - Suggestion of the rule proc_creation_win_curl_download_direct_ip
Issue -
State: closed - Opened by swachchhanda000 about 1 year ago
- 4 comments
Labels: Rules
#4464 - chore: add threat hunting rules to goodlog tests
Pull Request -
State: closed - Opened by phantinuss about 1 year ago
#4463 - Add New Rules Related To VsCode Tunnel Feature Usage
Pull Request -
State: closed - Opened by citronninja about 1 year ago
Labels: Rules, 2nd Review Needed, Windows
#4462 - fix: FP with unknown process
Pull Request -
State: closed - Opened by phantinuss about 1 year ago
#4461 - Create AWS rule aws_sso_idp_change.yml
Pull Request -
State: closed - Opened by WTFender about 1 year ago
Labels: Rules, 2nd Review Needed, Cloud
#4459 - Questions regarding base64 encoding styles and modifiers
Issue -
State: closed - Opened by L015H4CK about 1 year ago
#4458 - Update lnx_auditd_network_service_scanning.yml
Pull Request -
State: closed - Opened by Mladia about 1 year ago
#4457 - Adding 4 rules from MITRE's Center for Threat Informed Defense
Pull Request -
State: closed - Opened by RobertSchull about 1 year ago
- 1 comment
Labels: Rules, Windows
#4456 - Create Headless Browser Accessing Mockbin Service Detection
Pull Request -
State: closed - Opened by BlackB0lt about 1 year ago
- 1 comment
Labels: Duplicate
#4455 - chore: add rules-emerging-threats to goodlog tests
Pull Request -
State: closed - Opened by phantinuss about 1 year ago
#4454 - Create Suspicious_AdFind_Execution.yml
Pull Request -
State: closed - Opened by RobertSchull about 1 year ago
- 1 comment
#4453 - Update file_event_win_webshell_creation_detect.yml
Pull Request -
State: closed - Opened by ThureinOo about 1 year ago
- 2 comments
Labels: Rules, Web
#4452 - AddinUtil LOLBAS Detections
Pull Request -
State: closed - Opened by SILJAEUROPA about 1 year ago
- 3 comments
Labels: Rules, Windows
#4451 - 7fd164ba-126a-4d9c-9392-0d4f7c243df0 should not alert on onenote application itself
Issue -
State: closed - Opened by nekopep about 1 year ago
- 1 comment
Labels: False-Positive
#4446 - Update malware tags
Pull Request -
State: closed - Opened by frack113 about 1 year ago
- 2 comments
Labels: Work In Progress
#4445 - Create azure_pim_role_assigned_outside_of_pim.yml
Pull Request -
State: closed - Opened by MarkMorow about 1 year ago
- 3 comments
Labels: Rules, Cloud
#4444 - Fix False Positive Found In Testing
Pull Request -
State: closed - Opened by redteampanda-ng about 1 year ago
#4443 - Minor additions and false positive fixes
Pull Request -
State: closed - Opened by Neo23x0 about 1 year ago
#4442 - fix: fp found in testing
Pull Request -
State: closed - Opened by nasbench about 1 year ago
Labels: False-Positive Fix
#4441 - question about wildcard and contains condition
Issue -
State: closed - Opened by gen3111620 about 1 year ago
- 1 comment
#4439 - fix: fp found in testing
Pull Request -
State: closed - Opened by nasbench about 1 year ago
#4438 - improve 4d07b1f4-cb00-4470-b9f8-b0191d48ff52 to detect DWservice
Issue -
State: closed - Opened by nekopep about 1 year ago
- 2 comments
Labels: Rules
#4437 - 9be34ad0-b6a7-4fbd-91cf-fc7ec1047f5f fasle positive with cmd.exe /C sc stop
Issue -
State: closed - Opened by nekopep about 1 year ago
- 4 comments
Labels: False-Positive
#4436 - Update proc_creation_win_rundll32_no_params.yml
Pull Request -
State: closed - Opened by GtUGtHGtNDtEUaE about 1 year ago
Labels: Rules, Windows
#4435 - Update add setZeroData option to fsutil
Pull Request -
State: closed - Opened by frack113 about 1 year ago
Labels: Rules, Windows
#4434 - Sigma update rule logic
Pull Request -
State: closed - Opened by wagga40 about 1 year ago
Labels: Rules, Windows
#4433 - New branch
Pull Request -
State: closed - Opened by linhnvhdev about 1 year ago
#4432 - 75bf09fa-1dd7-4d18-9af9-dd9e492562eb False positive with outlook.exe
Issue -
State: closed - Opened by nekopep about 1 year ago
- 2 comments
Labels: False-Positive
#4431 - FP fixes
Pull Request -
State: closed - Opened by phantinuss about 1 year ago
Labels: Rules, False-Positive Fix
#4430 - Re-Work Rules / TODO
Issue -
State: closed - Opened by nasbench about 1 year ago
Labels: Rules, False-Positive
#4429 - Identity Protection remaining updates
Pull Request -
State: closed - Opened by MarkMorow about 1 year ago
- 3 comments
Labels: Rules, Cloud
#4428 - Okta cross-tenant impersonation attack rules
Pull Request -
State: closed - Opened by kelnage about 1 year ago
- 1 comment
Labels: Rules, 2nd Review Needed, Cloud
#4427 - Multiple Fixes & Enhancements
Pull Request -
State: closed - Opened by nasbench about 1 year ago
#4426 - Update rule PowerShell RDP Port
Pull Request -
State: closed - Opened by tuanhxh1 about 1 year ago
- 6 comments
Labels: Work In Progress, Author Input Required, Inactive
#4425 - Add rule : proc_creation_lnx_esxcli_syslog_configuration_altered
Pull Request -
State: closed - Opened by kidrek about 1 year ago
Labels: Rules, Linux
#4424 - Proc creation lnx esxcli user account creation
Pull Request -
State: closed - Opened by kidrek about 1 year ago
Labels: Rules, 2nd Review Needed, Linux
#4423 - Azure AD Identity Protection Rules
Pull Request -
State: closed - Opened by MarkMorow about 1 year ago
- 3 comments
Labels: Rules, Cloud
#4422 - Update proc_creation_win_rar_compression_with_password.yml
Pull Request -
State: closed - Opened by ThureinOo about 1 year ago
- 1 comment
Labels: Author Input Required
#4421 - Update proc_creation_win_rar_compression_with_password.yml
Pull Request -
State: closed - Opened by ThureinOo about 1 year ago
#4420 - New rules for LOLBAS Msedgewebview2
Pull Request -
State: closed - Opened by frack113 about 1 year ago
- 1 comment
Labels: Rules, Windows
#4419 - New: file_delete_win_delete_zone_transfert_ads
Pull Request -
State: closed - Opened by frack113 about 1 year ago
- 1 comment
Labels: Rules, Windows
#4418 - Update proc_creation_win_netsh_port_forwarding.yml
Pull Request -
State: closed - Opened by securepeacock about 1 year ago
#4417 - Update web_sql_injection_in_access_logs.yml
Pull Request -
State: closed - Opened by ThureinOo about 1 year ago
- 5 comments
Labels: Rules, 2nd Review Needed, Web
#4416 - Update web_sql_injection_in_access_logs.yml
Pull Request -
State: closed - Opened by ThureinOo about 1 year ago
- 1 comment
Labels: Rules, 2nd Review Needed, Web
#4415 - Update web_xss_in_access_logs.yml
Pull Request -
State: closed - Opened by ThureinOo about 1 year ago
- 1 comment
Labels: Rules, Author Input Required, Web
#4414 - Update to Qakbot Uninstaller rule
Pull Request -
State: closed - Opened by Neo23x0 about 1 year ago
Labels: Rules, Windows
#4413 - Added detection rule for DllRegisterServer export function load
Pull Request -
State: closed - Opened by netgrain about 1 year ago
- 6 comments
Labels: Rules, Windows
#4412 - fix: filter events that cannot be investigated anyway
Pull Request -
State: closed - Opened by phantinuss about 1 year ago
- 1 comment
Labels: Rules, False-Positive Fix
#4411 - made changes in web detection
Pull Request -
State: closed - Opened by ThureinOo about 1 year ago
- 1 comment
Labels: Work In Progress, Author Input Required
#4410 - Update web_sql_injection_in_access_logs.yml
Pull Request -
State: closed - Opened by ThureinOo about 1 year ago
- 1 comment
#4409 - Update web_path_traversal_exploitation_attempt.yml
Pull Request -
State: closed - Opened by ThureinOo about 1 year ago
Labels: Rules, Web
#4408 - Qakbot uninstaller
Pull Request -
State: closed - Opened by Neo23x0 about 1 year ago
- 4 comments
Labels: Rules, Windows, Emerging-Threats
#4407 - Added detection rule for CVE-2023-38831 campaign
Pull Request -
State: closed - Opened by netgrain about 1 year ago
- 1 comment
Labels: Duplicate
#4406 - feat: rules update
Pull Request -
State: closed - Opened by nasbench about 1 year ago
Labels: Rules, Windows
#4405 - Update proc_creation_win_lolbin_diskshadow.yml
Pull Request -
State: closed - Opened by cyb3rjy0t about 1 year ago
Labels: Rules, Windows
#4404 - Rule under the wrong folder
Issue -
State: open - Opened by ag-michael about 1 year ago
- 1 comment
Labels: Work In Progress
#4404 - Rule under the wrong folder
Issue -
State: closed - Opened by ag-michael about 1 year ago
- 2 comments
#4403 - Update proc_creation_win_cmd_mklink_osk_cmd.yml
Pull Request -
State: closed - Opened by tropChaud about 1 year ago
- 1 comment
#4403 - Update proc_creation_win_cmd_mklink_osk_cmd.yml
Pull Request -
State: closed - Opened by tropChaud about 1 year ago
- 1 comment
#4402 - Create microsoft365_disabling_mfa.yml
Pull Request -
State: open - Opened by cyb3rjy0t about 1 year ago
- 1 comment
Labels: Rules, Work In Progress, Cloud
#4402 - Create microsoft365_disabling_mfa.yml
Pull Request -
State: closed - Opened by cyb3rjy0t about 1 year ago
- 2 comments
Labels: Rules, Work In Progress, Cloud
#4401 - Add New O365 Related Rules
Pull Request -
State: open - Opened by cyb3rjy0t about 1 year ago
Labels: Rules, Work In Progress, Cloud
#4400 - fix: FP with visio.exe
Pull Request -
State: closed - Opened by phantinuss about 1 year ago
Labels: Rules, Windows, False-Positive Fix