-
-
Notifications
You must be signed in to change notification settings - Fork 2.2k
Issues: SigmaHQ/sigma
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
Add Definition to Auditd susp_activity
Create Pull-Request
issues that should be provided as a pull request
Work In Progress
Some changes are needed
#5142
opened Dec 25, 2024 by
BalsamicSentry
Update WannaCry Ransomware Activity
Create Pull-Request
issues that should be provided as a pull request
#5131
opened Dec 16, 2024 by
nasbench
AWS IAM user login without MFA
Create Pull-Request
issues that should be provided as a pull request
Work In Progress
Some changes are needed
#5074
opened Nov 9, 2024 by
thuya-hacktilizer
Adding sigma rules related to Restic for Data Exfiltration and CleanUpLoader(Oyster Backdoor)
Create Pull-Request
issues that should be provided as a pull request
Work In Progress
Some changes are needed
#5056
opened Oct 20, 2024 by
CTI-Driven
Remove ending spaces from selection in posh_ps_susp_invocation_generic.yml
False-Positive
Issue reporting a false positive with one of the rules
#5034
opened Oct 4, 2024 by
BlakeHensleyy
Wrong filter in " Kerberoasting Activity - Initial Query" rule condition?
False-Positive
Issue reporting a false positive with one of the rules
Work In Progress
Some changes are needed
#5011
opened Sep 17, 2024 by
zambomarcell
Certain Windows commands include two spaces between the process and the parameters which is NOT reflected in related SIGMA rules
False-Positive
Issue reporting a false positive with one of the rules
#4914
opened Jul 13, 2024 by
Koifman
Possible wrong access mask in Mimikatz DC Sync rule
Work In Progress
Some changes are needed
#4895
opened Jul 2, 2024 by
ail4ni
DNS Exfiltration rule
Work In Progress
Some changes are needed
#4889
opened Jun 25, 2024 by
pramodpabbati
False Detections with Invoke-Obfuscation and Null Bytes
False-Positive
Issue reporting a false positive with one of the rules
Work In Progress
Some changes are needed
#4875
opened Jun 9, 2024 by
KDot227
Update of Rare Service Install Detection Rule to use correlation syntax
Work In Progress
Some changes are needed
#4854
opened May 14, 2024 by
Mat0vu
Based on suspicious regedit changes sigma rules
Work In Progress
Some changes are needed
#4542
opened Nov 4, 2023 by
HydraDragonAntivirus
Detect PowerShell w/o PowerShell Execution via RunDLL32 and various other methods
Work In Progress
Some changes are needed
#4197
opened Apr 25, 2023 by
JulianDroste
ProTip!
Mix and match filters to narrow down what you’re looking for.