Skip to content

Pull requests: SigmaHQ/sigma

New pull request New
95 Open 4,904 Closed
95 Open 4,904 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

new: Rules for AWS Bedrock LLMJacking Review Needed The PR requires review Rules Threat-Hunting
#5903 opened Mar 13, 2026 by marcopedrinazzi Loading…
feat: Add Evilginx 3.x AiTM detection rules (proxy + webserver) Review Needed The PR requires review Rules
#5902 opened Mar 12, 2026 by CyberLeakWatch Loading…
5 tasks done
update: Important scheduled task manipulation Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5900 opened Mar 11, 2026 by swachchhanda000 Loading…
new: Python Base64 Encoded Inline Command Execution (Windows + Linux) Linux Pull request add/update linux related rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5899 opened Mar 10, 2026 by HueCodes Loading…
Set groups in regular expressions as non capturing Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5898 opened Mar 9, 2026 by FlorianBracq Loading…
1
fix: Split Service Binary in Suspicious Folder into two distinct rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5897 opened Mar 9, 2026 by swachchhanda000 Loading…
Add Azure AD password spray detection via SigninLogs (T1110.003) Review Needed The PR requires review Rules
#5896 opened Mar 8, 2026 by truvineweb Loading…
feat: addition of EDR disabling through mitigation options Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5895 opened Mar 7, 2026 by kurisukun Loading…
new: AppLocker Audit Mode - Application or Script Would Have Been Blo… Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5894 opened Mar 6, 2026 by heyyanu Loading…
4
Rename action from 'codespaces.delete' to 'codespaces.destroy' Ready to Merge Rules
#5893 opened Mar 4, 2026 by st0pp3r Loading… Sigma-March-Release
Add New AppLocker Policy File Tampering Detection Rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5892 opened Mar 3, 2026 by raginx Loading…
new: renamed system binaries execution for dll hijacking attack Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5891 opened Mar 3, 2026 by swachchhanda000 Loading…
1
Add PowerShell AppLocker policy discovery rule Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5887 opened Feb 28, 2026 by Tom3306 Loading…
Add Socat Reverse Shell Detection Rule for Linux Process Creation Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#5886 opened Feb 27, 2026 by nedelcubianca Loading…
1
new: Suspicious Process DNS Query To Known Abused Web Services - clos… Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5884 opened Feb 25, 2026 by heyyanu Loading…
1
fix: remove trailing spaces in selection_hidden and selection_noninteractive Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5883 opened Feb 24, 2026 by heyyanu Loading…
1
1
Added new rule to detect suspicious file dump using print.exe Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5881 opened Feb 23, 2026 by Securityinbits Loading… Sigma-March-Release
10
feat(windows): detect multiple unknown-user failed logons from single source IP Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5880 opened Feb 22, 2026 by Tom3306 Loading…
6 tasks
Add detection rule for PDFClick malware PDC_Update scheduled task persistence Additional Data Needed Author Input Required changes the require information from original author of the rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules Work In Progress Some changes are needed
#5879 opened Feb 21, 2026 by dlogoh Loading…
3
add: Linux Suspicious Setcap Use with All Capabilities Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#5878 opened Feb 20, 2026 by EzLucky Loading…
Add caspol network connection Additional Data Needed Author Input Required changes the require information from original author of the rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5877 opened Feb 20, 2026 by davidljohnson Loading…
1
Refine ld.so.preload modification detection and improve documentation Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#5873 opened Feb 18, 2026 by Aadith1422 Loading…
new: Zillya Antivirus DLL Sideloading Detection Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5872 opened Feb 17, 2026 by ksyeung Loading… Sigma-March-Release
8
Add detection for suspicious DNS parsing/execution chain via Run dial… Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5871 opened Feb 16, 2026 by thredb Loading…
CVE-2026-21509 APT28 Office Exploitation Detection Rules Emerging-Threats Review Needed The PR requires review Rules
#5870 opened Feb 16, 2026 by jaamaal Loading…
ProTip! Type g i on any issue or pull request to go back to the issue listing page.