Ecosyste.ms: Issues
An open API service for providing issue and pull request metadata for open source projects.
GitHub / SigmaHQ/sigma issues and pull requests
#4399 - Create file_event_win_create_hidden_directory_via_index_allocation.yml
Pull Request -
State: closed - Opened by Scoubi about 1 year ago
- 2 comments
Labels: Rules, Windows
#4398 - new: Acess File With Common Registry Extention
Pull Request -
State: closed - Opened by frack113 about 1 year ago
- 2 comments
Labels: Rules, Windows
#4397 - Update proc_creation_win_taskkill_execution.yml
Pull Request -
State: closed - Opened by veramine about 1 year ago
- 1 comment
Labels: Rules, 2nd Review Needed, Windows
#4396 - add rule proc_creation_lnx_esxcli_system_enumeration
Pull Request -
State: closed - Opened by kidrek about 1 year ago
- 3 comments
Labels: Rules, Linux
#4395 - chore: Order rules
Pull Request -
State: closed - Opened by frack113 about 1 year ago
- 1 comment
Labels: Rules, Not-Possible, Maintenance
#4394 - new rule proc_creation_lnx_esxcli_system_enumeration
Pull Request -
State: closed - Opened by kidrek about 1 year ago
#4393 - fix: use explicit CIDR notation for loopback
Pull Request -
State: closed - Opened by phantinuss about 1 year ago
#4392 - Add MITRE ATT&CK tags to various rules that were missing them
Pull Request -
State: closed - Opened by tjgeorgen about 1 year ago
Labels: Rules, Windows, Linux
#4391 - chore: remove listing from changelog in PR template
Pull Request -
State: closed - Opened by phantinuss about 1 year ago
#4390 - feat: add/update rules related to CVE-2023-36874
Pull Request -
State: closed - Opened by nasbench about 1 year ago
Labels: Rules, Windows, Emerging-Threats
#4389 - Added ART Test to proc_creation_win_csc_susp_dynamic_compilation.yml
Pull Request -
State: closed - Opened by securepeacock about 1 year ago
Labels: Rules, Windows, Documentation
#4388 - Added ART Test to proc_creation_win_cmdkey_recon.yml
Pull Request -
State: closed - Opened by securepeacock about 1 year ago
Labels: Rules, Windows, Documentation
#4387 - Br4dy5 patch 0
Pull Request -
State: closed - Opened by br4dy5 about 1 year ago
Labels: Rules, Windows
#4386 - Update PULL_REQUEST_TEMPLATE.md - add changelog instead of detailed desc
Pull Request -
State: closed - Opened by phantinuss about 1 year ago
Labels: Maintenance
#4385 - workflow: fix: run sigma check on all rule directories
Pull Request -
State: closed - Opened by phantinuss about 1 year ago
#4384 - Create azure_identity_protectection_anomalous_ip_address.yml
Pull Request -
State: closed - Opened by gleeiamglo about 1 year ago
- 1 comment
Labels: Rules, Cloud
#4383 - Fix typos: tag -> tags
Pull Request -
State: closed - Opened by tjgeorgen about 1 year ago
#4382 - feat: new rules and updates
Pull Request -
State: closed - Opened by nasbench about 1 year ago
Labels: Rules, Windows
#4381 - Refractor registry_set rules
Pull Request -
State: closed - Opened by frack113 about 1 year ago
Labels: Rules, 2nd Review Needed, Windows
#4380 - Lnx container discovery
Pull Request -
State: closed - Opened by SethHanford about 1 year ago
Labels: Rules, 2nd Review Needed, Linux
#4379 - Added two new lolbas rules and slight modifications on existing rules
Pull Request -
State: closed - Opened by swachchhanda000 about 1 year ago
- 2 comments
Labels: Rules
#4378 - Create azure_identity_protectection_anomalous_token.yml
Pull Request -
State: closed - Opened by MarkMorow about 1 year ago
- 6 comments
Labels: Rules, Cloud
#4377 - feat: new rules & updates
Pull Request -
State: closed - Opened by nasbench about 1 year ago
Labels: Rules
#4376 - Add portable gpg.exe detection
Pull Request -
State: closed - Opened by frack113 about 1 year ago
Labels: Rules
#4375 - Create web_apache_webshell.yml
Pull Request -
State: closed - Opened by chancej715 about 1 year ago
- 1 comment
Labels: Duplicate, Rules
#4374 - Added search(-ms)/WebDAV rules
Pull Request -
State: closed - Opened by mbabinski about 1 year ago
Labels: Rules, Windows
#4373 - Fixing 1 service typo in proc_creation_win_susp_service_tamper.yml
Pull Request -
State: closed - Opened by RenaudFrere about 1 year ago
Labels: Rules
#4372 - fix: FP with perfmon.exe
Pull Request -
State: closed - Opened by phantinuss about 1 year ago
#4371 - Create proc_creation_lnx_ssm_agent_abuse.yml
Pull Request -
State: closed - Opened by faisalusuf about 1 year ago
Labels: Rules, Linux
#4370 - correlate event 4625 and 4624
Issue -
State: closed - Opened by Hafzan-250601 about 1 year ago
- 1 comment
#4369 - SSM Agent Abuse Rule
Pull Request -
State: closed - Opened by faisalusuf about 1 year ago
Labels: Rules, Windows
#4368 - Problem of writing a sigma rule
Issue -
State: closed - Opened by Nyk0la5 about 1 year ago
- 1 comment
#4367 - JSON schema for Sigma specification
Pull Request -
State: closed - Opened by mostafa about 1 year ago
- 13 comments
Labels: Maintenance
#4366 - feat: new rules and updates
Pull Request -
State: closed - Opened by nasbench about 1 year ago
Labels: Rules
#4365 - Update lnx_auditd_masquerading_crond.yml
Pull Request -
State: closed - Opened by Mladia about 1 year ago
Labels: Rules, Linux
#4364 - feat: new rules and updates
Pull Request -
State: closed - Opened by nasbench about 1 year ago
Labels: Rules
#4363 - Rule for "gzip -f", atomic red references "gzip -k"
Issue -
State: closed - Opened by Mladia about 1 year ago
- 2 comments
#4362 - add doc
Pull Request -
State: closed - Opened by Ammiir79 about 1 year ago
- 2 comments
#4361 - chore(deps): bump certifi from 2023.5.7 to 2023.7.22
Pull Request -
State: closed - Opened by dependabot[bot] about 1 year ago
Labels: Dependencies
#4360 - fix: FPs in rules
Pull Request -
State: closed - Opened by phantinuss about 1 year ago
#4359 - document
Pull Request -
State: closed - Opened by Ammiir79 about 1 year ago
- 1 comment
#4358 - Add file_event_win_susp_windows_terminal_profile
Pull Request -
State: closed - Opened by frack113 about 1 year ago
Labels: Rules, Windows
#4357 - Hunting smb quic rules
Pull Request -
State: closed - Opened by frack113 about 1 year ago
Labels: Rules, Windows
#4356 - chore(deps-dev): bump aiohttp from 3.8.4 to 3.8.5
Pull Request -
State: closed - Opened by dependabot[bot] about 1 year ago
Labels: Dependencies
#4355 - feat: new rules and updates
Pull Request -
State: closed - Opened by nasbench about 1 year ago
Labels: Rules, Windows
#4354 - Add Sysmon 28-29 rules
Pull Request -
State: closed - Opened by frack113 about 1 year ago
Labels: Rules, Windows
#4353 - chore: update submodule tests/cti
Pull Request -
State: closed - Opened by phantinuss about 1 year ago
#4352 - Add posh_ps_set_acl
Pull Request -
State: closed - Opened by frack113 about 1 year ago
- 2 comments
Labels: Rules, Windows
#4351 - Windows Defender Signature Removal: level from 'medium' to 'high'
Pull Request -
State: closed - Opened by Neo23x0 about 1 year ago
#4350 - Fixed typo in comment
Pull Request -
State: closed - Opened by joshnck about 1 year ago
#4349 - Read event of MsMpEng.exe should be whitelisted
Issue -
State: closed - Opened by nekopep about 1 year ago
- 4 comments
Labels: False-Positive
#4348 - Very weak hash based rules are trivial to bypass
Issue -
State: closed - Opened by scudette about 1 year ago
- 6 comments
#4347 - Update README.md
Pull Request -
State: closed - Opened by frack113 about 1 year ago
Labels: Maintenance
#4346 - feat: new rules related to CVE-2023-36884
Pull Request -
State: closed - Opened by X-Junior about 1 year ago
Labels: Rules, Windows, Emerging-Threats
#4345 - Update posh_ps_get_adcomputer
Pull Request -
State: closed - Opened by frack113 about 1 year ago
Labels: Rules, Windows
#4344 - Redcannary t1070 008
Pull Request -
State: closed - Opened by frack113 about 1 year ago
- 1 comment
Labels: Rules, Windows
#4343 - Add proc_creation_win_findstr_susp_parent
Pull Request -
State: closed - Opened by frack113 about 1 year ago
Labels: Rules, Windows
#4342 - fix: FP found in-the-wild
Pull Request -
State: closed - Opened by frack113 about 1 year ago
- 1 comment
Labels: Rules, Windows, False-Positive Fix
#4340 - fix: FPs found in testing env
Pull Request -
State: closed - Opened by phantinuss about 1 year ago
Labels: Rules, Windows
#4339 - Add posh_ps_reg_query_registry
Pull Request -
State: closed - Opened by frack113 over 1 year ago
Labels: Rules, Windows
#4338 - fix: `Renamed Plink Execution` rule selection logical condition
Pull Request -
State: closed - Opened by fukusuket over 1 year ago
- 1 comment
#4337 - fix: FP found in-the-wild
Pull Request -
State: closed - Opened by phantinuss over 1 year ago
- 2 comments
Labels: Rules, Windows, False-Positive Fix
#4336 - Create posh_pm_susp_netfirewallrule_reco.yml
Pull Request -
State: closed - Opened by securepeacock over 1 year ago
- 1 comment
Labels: Rules, Windows
#4335 - fix: FP found with excel
Pull Request -
State: closed - Opened by phantinuss over 1 year ago
#4334 - Update net_dns_wannacry_killswitch_domain.yml
Pull Request -
State: closed - Opened by securepeacock over 1 year ago
#4333 - Update proc_creation_win_nltest_recon.yml
Pull Request -
State: closed - Opened by securepeacock over 1 year ago
#4332 - Fix 404 links
Pull Request -
State: closed - Opened by ryanplasma over 1 year ago
Labels: Maintenance
#4331 - Fix Zero Networks Blog 404s
Pull Request -
State: closed - Opened by ryanplasma over 1 year ago
Labels: Rules, Maintenance
#4330 - Update proc_creation_win_pua_adfind_susp_usage.yml
Pull Request -
State: closed - Opened by securepeacock over 1 year ago
#4329 - Update proc_creation_win_curl_susp_download.yml
Pull Request -
State: closed - Opened by securepeacock over 1 year ago
#4328 - feat: new rules & updates
Pull Request -
State: closed - Opened by nasbench over 1 year ago
- 1 comment
Labels: Rules, Windows
#4327 - Update win_security_iso_mount.yml
Pull Request -
State: closed - Opened by securepeacock over 1 year ago
#4326 - Update file_event_win_iso_file_mount.yml
Pull Request -
State: closed - Opened by securepeacock over 1 year ago
- 1 comment
#4325 - Add alterix to Projects or Products that use Sigma
Pull Request -
State: closed - Opened by mtnmunuklu over 1 year ago
- 1 comment
Labels: Maintenance
#4324 - Update main readme
Pull Request -
State: closed - Opened by mtnmunuklu over 1 year ago
#4323 - Update proc_creation_win_lolbin_rundll32_installscreensaver.yml
Pull Request -
State: closed - Opened by securepeacock over 1 year ago
#4322 - Update win_system_service_install_remote_access_software.yml
Pull Request -
State: closed - Opened by umairqamar over 1 year ago
Labels: Rules, Windows
#4321 - FP fix + typo fix
Pull Request -
State: closed - Opened by phantinuss over 1 year ago
Labels: Rules, Windows, Maintenance, False-Positive Fix
#4320 - Update proc_creation_win_renamed_binary.yml
Pull Request -
State: closed - Opened by securepeacock over 1 year ago
#4319 - Update tags
Pull Request -
State: closed - Opened by frack113 over 1 year ago
- 1 comment
Labels: Maintenance
#4318 - feat: add rules related to Barracuda ESG exploitation
Pull Request -
State: closed - Opened by nasbench over 1 year ago
- 2 comments
Labels: Rules, Windows, Emerging-Threats
#4317 - Detect FortiOS & FortiProxy - Heap buffer overflow in sslvpn pre-authentication
Issue -
State: closed - Opened by serpaldom over 1 year ago
- 2 comments
Labels: Rules, Web
#4316 - Added rules to detect lolbas provlaunch.exe and also filter on legitimate system non-wmiprvse processes loading WMI modules
Pull Request -
State: closed - Opened by swachchhanda000 over 1 year ago
- 3 comments
Labels: Rules
#4315 - Update proc_creation_win_wmic_process_creation.yml
Pull Request -
State: closed - Opened by securepeacock over 1 year ago
#4314 - New Rule added
Pull Request -
State: closed - Opened by faisalusuf over 1 year ago
- 1 comment
Labels: Duplicate, Rules, Cloud
#4313 - Remote Access Software + RustDesk domains; typo fix
Pull Request -
State: closed - Opened by Neo23x0 over 1 year ago
Labels: Rules, Windows
#4312 - Create image_load_side_load_waveedit.yml
Pull Request -
State: closed - Opened by X-Junior over 1 year ago
Labels: Rules, Windows
#4311 - proc_creation_win_lolbin_gpscript Fix svchost FP
Pull Request -
State: closed - Opened by frack113 over 1 year ago
Labels: Rules, Windows, False-Positive Fix
#4310 - fix: fp found in testing
Pull Request -
State: closed - Opened by nasbench over 1 year ago
Labels: Rules, Windows, False-Positive Fix
#4309 - Add new rules related to abuse of electron applications
Pull Request -
State: closed - Opened by frack113 over 1 year ago
Labels: Rules, Windows
#4308 - Okta MFA Fatigue
Pull Request -
State: closed - Opened by kaelo7 over 1 year ago
- 1 comment
Labels: Rules, Cloud, Correlation-Rules-To-Migrate
#4307 - chore: fix date field and add fp filter
Pull Request -
State: closed - Opened by nasbench over 1 year ago
Labels: Rules, Windows, False-Positive Fix
#4306 - Error in proc_creation_win_sdbinst_shim_persistence?
Issue -
State: closed - Opened by L015H4CK over 1 year ago
- 1 comment
#4305 - Create proc_creation_win_sndvol_susp_child_processes.yml
Pull Request -
State: closed - Opened by X-Junior over 1 year ago
Labels: Rules, Windows
#4304 - multiple dll sideloading rules
Pull Request -
State: closed - Opened by X-Junior over 1 year ago
Labels: Rules, Windows
#4303 - rule: LibSSH exploitation CVE-2023-2283
Pull Request -
State: closed - Opened by Neo23x0 over 1 year ago
Labels: Rules, Linux, Emerging-Threats
#4302 - Update proc_creation_win_browsers_msedge_arbitrary_download cli
Pull Request -
State: closed - Opened by frack113 over 1 year ago
- 1 comment
Labels: Duplicate
#4301 - ClickOnce rule added
Pull Request -
State: closed - Opened by tr0mb1r over 1 year ago
Labels: Rules, Windows
#4300 - Create proc_creation_macos_usage_of_jamf.yml
Pull Request -
State: closed - Opened by gr00T0x over 1 year ago
- 4 comments
Labels: Rules, MacOS
#4299 - Potential PSFactoryBuffer COM Hijacking
Pull Request -
State: closed - Opened by jstnk9 over 1 year ago
Labels: Rules, Windows