Skip to content

Pull requests: SigmaHQ/sigma

New pull request New
119 Open 4,937 Closed
119 Open 4,937 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

Add detection for PowerShell shellcode injection via reflection chain Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5962 opened Apr 24, 2026 by AJ-Jeffreys Draft
new: CVE-2026-41651 Pack2TheRoot detection rules and generic Linux LPE coverage Emerging-Threats Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#5960 opened Apr 24, 2026 by swachchhanda000 Collaborator Loading…
new: Browser External Extensions Silent Install Detection (Windows, macOS, Linux) Linux Pull request add/update linux related rules MacOS Pull request add/update macos related rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5958 opened Apr 23, 2026 by Fz0x00 Loading…
new: Browser Extension Force Install via Policy Detection (Windows, macOS, Linux) Linux Pull request add/update linux related rules MacOS Pull request add/update macos related rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5957 opened Apr 23, 2026 by Fz0x00 Loading…
new: Native Messaging Host Registration Detection for Windows, macOS and Linux Linux Pull request add/update linux related rules MacOS Pull request add/update macos related rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5956 opened Apr 23, 2026 by Fz0x00 Loading…
new: Remote Debugging Detection for Linux and macOS (Chromium + Firefox) Linux Pull request add/update linux related rules MacOS Pull request add/update macos related rules Review Needed The PR requires review Rules
#5955 opened Apr 23, 2026 by Fz0x00 Loading…
Add MITRE ATT&CK T1059 reference to powercat.yml Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5953 opened Apr 23, 2026 by Sanskar-bot Loading…
Enhance description and references for PowerShell rule Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5952 opened Apr 23, 2026 by Sanskar-bot Loading…
rules: detect CVE-2026-41651 (Pack2TheRoot) PackageKit LPE exploitation Emerging-Threats Review Needed The PR requires review Rules
#5950 opened Apr 22, 2026 by sammonsempes Loading…
new: Chromium --load-extension Detection for Linux and macOS Linux Pull request add/update linux related rules MacOS Pull request add/update macos related rules Review Needed The PR requires review Rules
#5949 opened Apr 22, 2026 by Fz0x00 Loading…
new: add new rules for several AD related hacktools Linux Pull request add/update linux related rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5945 opened Apr 22, 2026 by swachchhanda000 Collaborator Loading…
NEWRULE: ProxyExecution with ConfigurationRemotingServer (DSCourier) Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5944 opened Apr 21, 2026 by unresolvedhost Loading…
new: sigma rule for CVE-2026-33829 exploitation via Windows Snipping Tool ms-screensketch URI handler Emerging-Threats Review Needed The PR requires review Rules
#5942 opened Apr 20, 2026 by swachchhanda000 Collaborator Loading… Sigma-April-Release
7
new: RedSun Execution Indicators Emerging-Threats Review Needed The PR requires review Rules
#5941 opened Apr 17, 2026 by swachchhanda000 Collaborator Loading…
4
New rule: Suspicious DNS Query to Known Exfil Domain or Uncommon TLD … Review Needed The PR requires review Rules
#5940 opened Apr 17, 2026 by lanceterminal Loading…
2
chore: set specific subtechnique and author format in fortigate rules Review Needed The PR requires review Rules
#5937 opened Apr 15, 2026 by marcopedrinazzi Contributor Loading…
Adding XXE Injection Detection Rule Review Needed The PR requires review Rules
#5936 opened Apr 14, 2026 by Vijay-Kishore-A Loading…
4
New Rule: M365 Exchange BEC Behavioral Indicators Review Needed The PR requires review Rules
#5934 opened Apr 13, 2026 by lanceterminal Loading…
2
Update net_dns_external_service_interaction_domains.yml Review Needed The PR requires review Rules
#5933 opened Apr 11, 2026 by Mahir-Ali-khan Contributor Loading…
1
new: EvilTokens PhaaS phishing detection via email security gat… Emerging-Threats Review Needed The PR requires review Rules
#5930 opened Apr 4, 2026 by uniqu3-us3r Loading…
new: AWS CloudTrail General Discovery and Reconnaissance API Calls Review Needed The PR requires review Rules
#5929 opened Apr 1, 2026 by uniqu3-us3r Loading…
new: RegPwn CVE-2026-24291 rules Emerging-Threats Review Needed The PR requires review Rules
#5919 opened Mar 27, 2026 by swachchhanda000 Collaborator Loading…
7
Update Clearing Windows Console History with Extended Coverage Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5918 opened Mar 25, 2026 by eriknordstrm Loading…
1
New: Azure Sign-In With Axios User Agent Review Needed The PR requires review Rules Threat-Hunting
#5917 opened Mar 25, 2026 by marcopedrinazzi Contributor Loading… Sigma-April-Release
5
new: Potential Kubernetes Enumeration Activity
#5916 opened Mar 25, 2026 by uniqu3-us3r Loading… Sigma-April-Release
10
ProTip! Updated in the last three days: updated:>2026-04-23.