Skip to content

Pull requests: SigmaHQ/sigma

New pull request New
72 Open 4,873 Closed
72 Open 4,873 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

Improved Linux local account discovery detection and false positives Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#5843 opened Jan 20, 2026 by Aadith1422 Loading…
chore: update thor.yml with missing file_change category Maintenance Related to additions and update of the repository features Review Needed The PR requires review
#5842 opened Jan 20, 2026 by swachchhanda000 Draft
New: System Language Discovery via reg.exe Additional Data Needed Author Input Required changes the require information from original author of the rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5840 opened Jan 15, 2026 by marcopedrinazzi Loading…
12
New Email Hiding rule using O365 audit logs, fix typo in Email Forwarding rule Author Input Required changes the require information from original author of the rules Review Needed The PR requires review Rules Threat-Hunting
#5838 opened Jan 14, 2026 by marcopedrinazzi Loading…
9
Vcruntime140 sideloading - fix #5825 Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5837 opened Jan 12, 2026 by swachchhanda000 Loading…
1
fix: adjust rules to reduce false positives reported from VirusTotal Review Needed The PR requires review Rules Threat-Hunting Windows Pull request add/update windows related rules
#5833 opened Jan 9, 2026 by swachchhanda000 Loading…
fix: edr-freeze rules fps analysed from VT Review Needed The PR requires review Rules Threat-Hunting Windows Pull request add/update windows related rules
#5832 opened Jan 9, 2026 by swachchhanda000 Loading…
2
Okta placeholder Rule Review Needed The PR requires review Rules
#5831 opened Jan 9, 2026 by zendannyy Loading…
PUA - MemProcFS Execution for Credential Access Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5829 opened Jan 8, 2026 by swachchhanda000 Loading…
Update proc_creation_lnx_env_shell_invocation.yml so that it covers all the examples given in the referenced link Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#5828 opened Jan 8, 2026 by Zirbo Loading…
2
new: wmic service manipulation Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5827 opened Jan 7, 2026 by swachchhanda000 Loading… Sigma-February-Release
2
update: user shell folders registry modification rules Ready to Merge Rules Windows Pull request add/update windows related rules
#5824 opened Jan 5, 2026 by swachchhanda000 Loading… Sigma-January-Release
Add Ligolo-ng tunneling tool detection Additional Data Needed Author Input Required changes the require information from original author of the rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5818 opened Dec 31, 2025 by SecMab Loading…
4 tasks done
7
Okta Session Impersonation Additional Data Needed Author Input Required changes the require information from original author of the rules Review Needed The PR requires review Rules
#5816 opened Dec 27, 2025 by zendannyy Loading…
14
update: disable autologger session Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5815 opened Dec 26, 2025 by swachchhanda000 Loading…
3
new: Disable credential guard Maintenance Related to additions and update of the repository features Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5814 opened Dec 26, 2025 by swachchhanda000 Loading… Sigma-January-Release
20
new: AMSI Disabled via Registry Modification Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5813 opened Dec 25, 2025 by swachchhanda000 Loading… Sigma-January-Release
8
chore: t1562.001 regression tests Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5812 opened Dec 23, 2025 by swachchhanda000 Draft
new: Vulnerable Driver Blocklist and HVCI Disable via Registry Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5811 opened Dec 22, 2025 by swachchhanda000 Loading… Sigma-January-Release
17
PUA - NSSM Execution Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5810 opened Dec 19, 2025 by swachchhanda000 Loading…
update: internal tools registry tampering Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5808 opened Dec 17, 2025 by swachchhanda000 Loading…
3
chore: add regression test for wmic related rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5807 opened Dec 15, 2025 by swachchhanda000 Loading…
9
Update bitsadmin rules with regresstion tests Rules Windows Pull request add/update windows related rules
#5802 opened Dec 10, 2025 by swachchhanda000 Loading… Sigma-January-Release
12
add: Linux Security Capability Set Via Setfattr Utility Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#5800 opened Dec 8, 2025 by EzLucky Loading…
ci: 🤖 Fix URL for sigma_schema_url Maintenance Related to additions and update of the repository features Review Needed The PR requires review
#5797 opened Dec 7, 2025 by frack113 Loading…
1
@phantinuss
1
ProTip! no:milestone will show everything without a milestone.