SigmaHQ / sigma

Main Sigma Rule Repository

SigmaHQ/sigma Issues

Update WannaCry Ransomware Activity
Updated 11 days ago
Intergritylevel
Closed 25 days ago2
Intergritylevel
Closed a month ago5
Intergritylevel
Closed a month ago
Adding sigma rules related to Restic for Data Exfiltration and CleanUpLoader(Oyster Backdoor)
Updated a month ago
AWS IAM user login without MFA
Updated a month ago1
Correct aggregation for ElastAlert backend
Closed a month ago3
The "Data" field in "filter_main_local_ips" is are mapped to "param3" with winlogbeat
Closed 2 months ago1
Remove ending spaces from selection in posh_ps_susp_invocation_generic.yml
Updated 3 months ago1
Could not compile rule
Closed 3 months ago2
Wrong filter in " Kerberoasting Activity - Initial Query" rule condition?
Updated 3 months ago2
Sigma yaml nesting question
Closed 4 months ago1
Add tuning for `Potential Commandline Obfuscation Using Unicode Characters`
Closed 4 months ago1
registry_set_persistence_search_order.yml objects to non-Windows COM objects in general
Closed 4 months ago2
Possible wrong access mask in Mimikatz DC Sync rule
Updated 4 months ago3
Installation of 'elasticsearch' backend plugin not working for sigma cli
Closed 4 months ago2
Certificate Exported in Microsoft-Windows-Folder Redirection/Operational
Closed 4 months ago5
Event Action data missing apostrophes
Closed 4 months ago5
Renamed ZOHO Dctask64 Execution is creating 30.000 alerts / hour in Security Onion
Closed 4 months ago8
Possible wrong detection of MacOS Startup Items
Closed 5 months ago4
Rules detected as threats by Windows Defender
Closed 5 months ago2
Rule compile issue - wrong filter names or wrong condition - rule "Potential DLL Sideloading Of DbgModel.DLL"
Closed 5 months ago2
Certain Windows commands include two spaces between the process and the parameters which is NOT reflected in related SIGMA rules
Updated 5 months ago7
Detects Backdoor Kapeka Via Registry Key
Closed 6 months ago1
Symantec vs. Disable Windows Defender Functionalities Via Registry Keys
Closed 6 months ago1
False Detections with Invoke-Obfuscation and Null Bytes
Updated 6 months ago2
DNS Exfiltration rule
Updated 6 months ago2
xp_cmdshell detection rule improvements
Closed 6 months ago2
Windows LAPS Credential Dump via Entra ID
Closed 6 months ago2
DPAPI backup keys Theft and Export related activities
Closed 6 months ago2
CVE-2023-1389 Unauthenticated Command Injection Vulnerability
Closed 6 months ago1
Detection of Rhysida Ransomware
Closed 6 months ago2
Hacktool Evil-Winrm Tool Detection via Powershell event ID
Closed 6 months ago1
Lazagne Crendential Dumping Tool Detection Rule
Closed 6 months ago2
Filter Driver Unloaded Via Fltmc.EXE
Closed 6 months ago1
Update of Rare Service Install Detection Rule to use correlation syntax
Updated 7 months ago4
Can I use regular expression in sigma?
Closed 8 months ago1
ADS Zone.Identifier Deleted By Uncommon Application when installing PuTTy latest version
Closed 8 months ago1
FPs with "File Enumeration Via Dir Command"
Closed 8 months ago
Suspicious Process DNS Query Known Abuse Web Services
Updated 10 months ago
Adding new hosting sites to downloading rules
Closed a year ago3
net_connection_win_rundll32_net_connections.yml leads to false positive via multiple vendors
Closed a year ago4
Excessive requests from Go-http-client/1.1
Closed a year ago3
Logsources, lack of machine readable definition of log sources (and additional requirements)
Closed a year ago4
`documentations/tools/sigma-logsource-checker.py` is broken
Closed a year ago1
1de68c67-af5c-4097-9c85-fe5578e09e67 issue
Closed a year ago1
ADFS Database Named Pipe Connection
Closed a year ago
proc_creation_win_susp_bad_opsec_sacrificial_processes Chrome Installer False Positives
Closed a year ago2
Adding Mitre Detection ID to Rule Tags
Closed a year ago3
False positive: File Download From Browser Process Via Inline Link
Closed a year ago6