Ecosyste.ms: Issues
An open API service for providing issue and pull request metadata for open source projects.
GitHub / SigmaHQ/sigma issues and pull requests
#4298 - fix: typo in 'related' field
Pull Request -
State: closed - Opened by pH-T over 1 year ago
- 2 comments
Labels: Maintenance
#4297 - feat: Code Integrity Rules Updates
Pull Request -
State: closed - Opened by nasbench over 1 year ago
Labels: Rules, Windows
#4295 - Permiso p0-LUCR-1 (aka GUI-vil)
Pull Request -
State: closed - Opened by danielbohannon over 1 year ago
Labels: Rules, Cloud
#4294 - Permiso p0-LUCR-1 (aka GUI-vil)
Pull Request -
State: closed - Opened by danielbohannon over 1 year ago
Labels: Rules, 2nd Review Needed, Cloud
#4293 - Permiso p0-LUCR-1 (aka GUI-vil)
Pull Request -
State: closed - Opened by danielbohannon over 1 year ago
Labels: Rules, Cloud
#4289 - Update proc_creation_win_persistence_userinitmprlogonscript.yml
Pull Request -
State: closed - Opened by branchnetconsulting over 1 year ago
- 4 comments
Labels: Rules, Windows
#4287 - Change keywords to Message contains
Pull Request -
State: closed - Opened by ZikyHD over 1 year ago
- 5 comments
Labels: Not-Possible
#4279 - FP with proc_creation_win_csc_susp_folder.yml and Ansible
Issue -
State: closed - Opened by Technici4n over 1 year ago
- 5 comments
Labels: False-Positive
#4267 - Add new 2 rules for BlueSky Ransomware and MSSQL Logon Fail
Pull Request -
State: closed - Opened by haodangj over 1 year ago
Labels: Rules, Windows
#4263 - add rule related to linux file integrity
Pull Request -
State: open - Opened by dan21san over 1 year ago
#4262 - Additions to sigma-schema.rx.yml
Pull Request -
State: open - Opened by Neo23x0 over 1 year ago
- 1 comment
Labels: Maintenance
#4261 - Update .yamllint to include indentation rules and quoted-strings rules
Pull Request -
State: closed - Opened by joshnck over 1 year ago
- 3 comments
#4259 - fix: FPs in testing environment
Pull Request -
State: closed - Opened by phantinuss over 1 year ago
Labels: Rules, Windows, False-Positive Fix
#4258 - chore(deps): bump requests from 2.26.0 to 2.31.0
Pull Request -
State: closed - Opened by dependabot[bot] over 1 year ago
Labels: Dependencies
#4257 - chore: update submodule tests/cti
Pull Request -
State: closed - Opened by phantinuss over 1 year ago
#4256 - fix: FP in prod env
Pull Request -
State: closed - Opened by phantinuss over 1 year ago
Labels: Rules, False-Positive Fix
#4255 - fix: fp with goopdate
Pull Request -
State: closed - Opened by nasbench over 1 year ago
Labels: Rules, Windows, False-Positive Fix
#4254 - feat: map antivirus category to Windows Defender logs
Pull Request -
State: closed - Opened by phantinuss over 1 year ago
Labels: Maintenance
#4253 - Just Improve the condition and selection - no logic change
Pull Request -
State: closed - Opened by qasimqlf over 1 year ago
- 2 comments
#4252 - feat: add new rules related to small sieve
Pull Request -
State: closed - Opened by nasbench over 1 year ago
Labels: Rules, Emerging-Threats
#4251 - Create rule for using findstr to find plaintext passwords
Pull Request -
State: closed - Opened by joshnck over 1 year ago
Labels: Rules, Windows
#4250 - fix: issue with wildcard in rule, refactor: new LSASS dump outputs, more
Pull Request -
State: closed - Opened by Neo23x0 over 1 year ago
Labels: Rules, Windows
#4249 - Create image_load_side_load_wwlib.yml
Pull Request -
State: closed - Opened by X-Junior over 1 year ago
Labels: Rules, Windows
#4248 - Fix typo on ET Snake malware filter
Pull Request -
State: closed - Opened by Pooch11 over 1 year ago
Labels: Rules, Windows
#4247 - Update test_logsource.py test_fieldname_case to exclude None type
Pull Request -
State: closed - Opened by joshnck over 1 year ago
- 2 comments
Labels: Maintenance
#4246 - Update proxy_ua_bitsadmin_susp_tld.yml to use proxy field
Pull Request -
State: closed - Opened by Axel-NTT over 1 year ago
- 2 comments
Labels: Rules, 2nd Review Needed, Web, Maintenance
#4245 - Error in proc_creation_win_apt_sofacy.yml?
Issue -
State: open - Opened by L015H4CK over 1 year ago
- 1 comment
Labels: Rules, Windows, False-Positive
#4244 - New Windows rule: Password Policy Enumerated
Pull Request -
State: closed - Opened by YamatoSecurity over 1 year ago
Labels: Rules, Windows
#4243 - Create proc_creation_win_cloudflared_execution.yml
Pull Request -
State: closed - Opened by blueteam0ps over 1 year ago
Labels: Rules, Windows
#4242 - feat: updates and new rules
Pull Request -
State: closed - Opened by nasbench over 1 year ago
Labels: Rules, Windows, False-Positive Fix, Emerging-Threats
#4241 - Error in proc_creation_win_tscon_rdp_redirect.yml?
Issue -
State: closed - Opened by L015H4CK over 1 year ago
- 3 comments
Labels: Rules, Windows, False-Positive
#4240 - fix: FP with CheckPoint SmartConsole
Pull Request -
State: closed - Opened by phantinuss over 1 year ago
- 4 comments
Labels: Rules, Windows, False-Positive Fix
#4239 - Add rule: rules/windows/file/file_event/file_event_win_cve_2023_27363…
Pull Request -
State: closed - Opened by greg-workspace over 1 year ago
- 3 comments
Labels: Rules, Windows, Emerging-Threats
#4238 - Create okta_detect_suspicious_push_challenge.yml
Pull Request -
State: closed - Opened by austinsonger over 1 year ago
- 5 comments
Labels: Rules, Work In Progress, Cloud, Correlation-Rules-To-Migrate
#4237 - Create [Draft] okta_detect_repeated_user_rejections.yml
Pull Request -
State: closed - Opened by austinsonger over 1 year ago
- 2 comments
Labels: Author Input Required
#4236 - update "Suspicious Export-PfxCertificate" rule
Pull Request -
State: closed - Opened by YamatoSecurity over 1 year ago
Labels: Rules, 2nd Review Needed, Windows
#4235 - New rule: Failed DNS Zone Transfer
Pull Request -
State: open - Opened by YamatoSecurity over 1 year ago
- 1 comment
Labels: Rules, 2nd Review Needed, Windows
#4234 - new rule: Certificate Exported
Pull Request -
State: closed - Opened by YamatoSecurity over 1 year ago
- 2 comments
Labels: Rules, Windows
#4233 - Permissions granted over a Cloud Service Account
Pull Request -
State: closed - Opened by TheEis4Extra over 1 year ago
- 3 comments
Labels: Rules, Work In Progress, Author Input Required, Cloud
#4232 - Extended the coverage of existing defender tampering related rules
Pull Request -
State: open - Opened by swachchhanda000 over 1 year ago
- 8 comments
Labels: Rules, Work In Progress, Windows
#4231 - feat: new rules related to snake malware
Pull Request -
State: closed - Opened by nasbench over 1 year ago
Labels: Rules, Windows, Emerging-Threats
#4230 - Create image_load_side_load_robform.yml
Pull Request -
State: closed - Opened by X-Junior over 1 year ago
Labels: Rules, Windows
#4229 - feat: new rules, updates and goofy guineapig stuff
Pull Request -
State: closed - Opened by nasbench over 1 year ago
Labels: Rules, Windows, Emerging-Threats
#4228 - Create proc_creation_win_odbcconf_sus_child_process.yml
Pull Request -
State: closed - Opened by cyb3rjy0t over 1 year ago
Labels: Rules, Windows
#4227 - Review Web logsource
Pull Request -
State: closed - Opened by frack113 over 1 year ago
Labels: Bug, Rules, 2nd Review Needed
#4226 - Create proc_creation_win_odbcconf_dll_execution.yml
Pull Request -
State: closed - Opened by cyb3rjy0t over 1 year ago
- 1 comment
Labels: Duplicate
#4225 - Create okta_fastpass_phishing_detection.yml
Pull Request -
State: closed - Opened by austinsonger over 1 year ago
Labels: Rules, 2nd Review Needed, Cloud
#4224 - System Informer incorrectly classified
Issue -
State: closed - Opened by jxy-s over 1 year ago
- 9 comments
Labels: False-Positive
#4223 - Potential Homoglyph Attack Rules
Pull Request -
State: closed - Opened by mbabinski over 1 year ago
- 3 comments
Labels: Rules, Windows
#4222 - feat: new rule related to possible solidpdfcreator.dll sideloading
Pull Request -
State: closed - Opened by X-Junior over 1 year ago
Labels: Rules, 2nd Review Needed, Windows
#4221 - New rule: process explorer driver drop
Pull Request -
State: closed - Opened by Neo23x0 over 1 year ago
#4220 - more backstab hashes
Pull Request -
State: closed - Opened by Neo23x0 over 1 year ago
#4219 - Imphash and some minor changes
Pull Request -
State: closed - Opened by Neo23x0 over 1 year ago
Labels: Rules, Windows
#4218 - feat: updates and new rules related to fin7
Pull Request -
State: closed - Opened by nasbench over 1 year ago
- 1 comment
#4217 - Create net_connection_win_notion.yml
Pull Request -
State: closed - Opened by m4nbat over 1 year ago
Labels: Rules, Windows
#4216 - fix: remove erroneous whitespace
Pull Request -
State: closed - Opened by phantinuss over 1 year ago
#4215 - Rule error - Suspicious Base64 User Agent
Issue -
State: closed - Opened by b-ingr over 1 year ago
- 3 comments
Labels: Bug, Rules, Work In Progress
#4214 - feat: add new rules related to coldsteel
Pull Request -
State: closed - Opened by nasbench over 1 year ago
Labels: Rules, Windows, Emerging-Threats
#4213 - Proc creation susp curl fileupload modified
Pull Request -
State: closed - Opened by kidrek over 1 year ago
- 2 comments
Labels: Rules, Windows, Linux, False-Positive Fix
#4212 - net_connection_win_google_api_non_browser_access.yml
Pull Request -
State: closed - Opened by m4nbat over 1 year ago
Labels: Rules, Windows
#4211 - refactor: use `'|all'` instead of using `all of` for a single selector.
Pull Request -
State: closed - Opened by fukusuket over 1 year ago
Labels: Maintenance
#4210 - fix: delete value-modifier in Search-Identifier
Pull Request -
State: closed - Opened by fukusuket over 1 year ago
#4209 - Create microsoft365_susp_email_forwarding.yml
Pull Request -
State: closed - Opened by cyb3rjy0t over 1 year ago
- 3 comments
Labels: Rules, Cloud
#4208 - Update win_defender_disabled.yml
Pull Request -
State: closed - Opened by securepeacock over 1 year ago
#4207 - Create net_connection_win_winlogon_net_connections.yml
Pull Request -
State: closed - Opened by securepeacock over 1 year ago
Labels: Rules, 2nd Review Needed, Windows
#4206 - corrected eventSource on aws_enum_buckets.yml file
Pull Request -
State: closed - Opened by muratogul over 1 year ago
#4205 - chore: move rules to new folders
Pull Request -
State: closed - Opened by nasbench over 1 year ago
Labels: Maintenance
#4204 - Rubeus for PWSH and FP fixes
Pull Request -
State: closed - Opened by phantinuss over 1 year ago
#4203 - Update aws_enum_buckets.yml
Pull Request -
State: closed - Opened by mogulrh over 1 year ago
- 3 comments
#4202 - use relative paths in rules test
Pull Request -
State: closed - Opened by phantinuss over 1 year ago
#4201 - fix web_cve_2021_26858_iis_rce.yml (all of -> "|all")
Pull Request -
State: closed - Opened by bluet over 1 year ago
#4200 - feat: update test_rules.py
Pull Request -
State: closed - Opened by nasbench over 1 year ago
- 1 comment
Labels: Rules, Windows, Maintenance
#4199 - fix: modify PaperCut exploitation rule condition
Pull Request -
State: closed - Opened by fukusuket over 1 year ago
- 2 comments
#4198 - Fix FPs found in testing env
Pull Request -
State: closed - Opened by phantinuss over 1 year ago
Labels: Rules, Windows, False-Positive Fix
#4197 - Detect PowerShell w/o PowerShell Execution via RunDLL32 and various other methods
Issue -
State: open - Opened by JulianDroste over 1 year ago
- 3 comments
#4196 - feat: small updates
Pull Request -
State: closed - Opened by nasbench over 1 year ago
Labels: Rules, Windows
#4195 - Modified rule to detect every possible way of rdrleakdiag execution
Pull Request -
State: closed - Opened by swachchhanda000 over 1 year ago
- 1 comment
Labels: Rules, 2nd Review Needed, Windows
#4194 - fix: adding executable bit
Pull Request -
State: closed - Opened by phantinuss over 1 year ago
#4193 - fix: explicitly escape `{` to make it clear that it is a literal
Pull Request -
State: closed - Opened by fukusuket over 1 year ago
- 3 comments
#4192 - typo in wevtutil image name
Pull Request -
State: closed - Opened by 0xv1n over 1 year ago
- 1 comment
Labels: Rules, Windows
#4191 - feat: new rules and folder restructure
Pull Request -
State: closed - Opened by nasbench over 1 year ago
Labels: Rules, Windows, Maintenance, Emerging-Threats
#4190 - Added support when flag is called another way while executing xsl…
Pull Request -
State: closed - Opened by swachchhanda000 over 1 year ago
Labels: Rules, 2nd Review Needed, Windows
#4189 - Update Script Block Text When Run Phant0m Script
Pull Request -
State: closed - Opened by tuanhxh1 over 1 year ago
- 1 comment
Labels: Rules, 2nd Review Needed, Windows
#4188 - feat: update firewall rules event ids
Pull Request -
State: closed - Opened by nasbench over 1 year ago
Labels: Rules, Windows
#4187 - feat: new rules related to queuejumper
Pull Request -
State: closed - Opened by nasbench over 1 year ago
Labels: Rules, Windows
#4186 - Remove duplicate references & add duplicate reference test
Pull Request -
State: closed - Opened by tjgeorgen over 1 year ago
Labels: 2nd Review Needed, Maintenance
#4185 - feat: add emerging-threat rules related to mint-sandstorm
Pull Request -
State: closed - Opened by nasbench over 1 year ago
Labels: Rules, Windows, Emerging-Threats
#4184 - Added new rule that identifies the creation of a scheduled job by usi…
Pull Request -
State: closed - Opened by swachchhanda000 over 1 year ago
- 2 comments
Labels: Rules, 2nd Review Needed, Windows
#4183 - fix: FPs from different environments
Pull Request -
State: closed - Opened by phantinuss over 1 year ago
Labels: Rules, Windows, False-Positive Fix
#4182 - Correct rule description in web_apache_segfault.yml
Pull Request -
State: closed - Opened by knarph over 1 year ago
- 1 comment
#4181 - feat: update rule description: aws_ecs_task_definition_backdoor
Pull Request -
State: closed - Opened by erickatwork over 1 year ago
- 1 comment
Labels: Rules, 2nd Review Needed, Cloud
#4179 - remove duplicate reference urls
Pull Request -
State: closed - Opened by tjgeorgen over 1 year ago
#4178 - feat: new rules and updates
Pull Request -
State: closed - Opened by nasbench over 1 year ago
Labels: Rules, Windows
#4177 - feat: new hktl rules
Pull Request -
State: closed - Opened by pH-T over 1 year ago
- 2 comments
Labels: Rules, Windows
#4176 - feat: new rule related to possible libvlc.dll sideloading
Pull Request -
State: closed - Opened by X-Junior over 1 year ago
Labels: Rules, Windows
#4175 - fix: image name
Pull Request -
State: closed - Opened by qasimqlf over 1 year ago
#4174 - chore: rename folders
Pull Request -
State: closed - Opened by nasbench over 1 year ago
#4173 - Suspicious mail forwarding in O365 audit logs
Pull Request -
State: closed - Opened by cyb3rjy0t over 1 year ago
- 1 comment
Labels: Author Input Required
#4172 - Create proc_creation_win_rundll32_ext_drive.yml
Pull Request -
State: closed - Opened by angelovioletti over 1 year ago
- 7 comments
Labels: Rules, Windows
#4171 - d7326048-328b-4d5e-98af-86e84b17c765 Powershell FP
Pull Request -
State: closed - Opened by frack113 over 1 year ago
- 1 comment
Labels: Rules, Windows, False-Positive Fix