Skip to content

Pull requests: SigmaHQ/sigma

New pull request New
139 Open 5,003 Closed
139 Open 5,003 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

fix: Vim GTFOBin Abuse - Linux Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#6051 opened Jun 5, 2026 by EzLucky Contributor Loading…
2
Add machine-readable JSON changelog to releases Maintenance Related to additions and update of the repository features Review Needed The PR requires review
#6050 opened Jun 4, 2026 by ni5h4nt Loading…
1
2
new: curl ntlm hash leak attempt Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6049 opened Jun 4, 2026 by swachchhanda000 Collaborator Loading…
Fix remove documentation from references Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6048 opened Jun 3, 2026 by kurisukun Loading…
1
fix: 7Zip Compressing Dump Files - add missing 7zr.exe OriginalFileName coverage Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6047 opened Jun 3, 2026 by Nullbyte0x Loading…
1
docs: improve README and CONTRIBUTING with updated links, resources and contributor guidance Maintenance Related to additions and update of the repository features Review Needed The PR requires review
#6046 opened Jun 3, 2026 by swachchhanda000 Collaborator Loading…
chore: revert greetings first-interaction action to v1 Maintenance Related to additions and update of the repository features Review Needed The PR requires review
#6045 opened Jun 3, 2026 by swachchhanda000 Collaborator Loading…
new: AWS SES Account Availability Discovery Via Long-Lived Access Key Review Needed The PR requires review Rules
#6043 opened Jun 2, 2026 by marcopedrinazzi Contributor Loading…
1
saakov-aws-1 Review Needed The PR requires review Rules
#6042 opened Jun 2, 2026 by saakovv Contributor Loading…
3
new: lsass netlogon crash cve-2026-41089 Emerging-Threats Review Needed The PR requires review Rules
#6041 opened Jun 2, 2026 by swachchhanda000 Collaborator Loading…
3
new: windows discovery rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6040 opened Jun 2, 2026 by swachchhanda000 Collaborator Loading…
New Rule - Gogs Rebase RCE Argument Injection via Git --exec Flag (Linux) Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#6039 opened Jun 2, 2026 by WRG-11 Loading…
1
Fix eventlog clear false-positive filter scope Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6038 opened Jun 1, 2026 by srkyn Loading…
1
Update ATT&CK Heatmap Coverage
#6037 opened Jun 1, 2026 by github-actions Bot Loading…
Add HackTool - Gogo Scanner Execution Rule Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6035 opened May 30, 2026 by Aryu-RU Loading…
1
Add detection for Hyper-V VM forced shutdown (ransomware preparation) Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6034 opened May 29, 2026 by viizohh Loading…
1
new: OpenAI Codex sandbox abuse detection rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6030 opened May 26, 2026 by swachchhanda000 Collaborator Loading…
Fix false positives for OpenCode to some osascript related rules MacOS Pull request add/update macos related rules Review Needed The PR requires review Rules
#6027 opened May 21, 2026 by norbert791 Contributor Loading… Sigma-May-Release
1
new: signed dll load with no pe metadata Review Needed The PR requires review Rules Threat-Hunting Windows Pull request add/update windows related rules
#6026 opened May 21, 2026 by swachchhanda000 Collaborator Loading…
new: 7 Sigma rules — ArcaneDoor / UAT-4356 Cisco ASA campaign (LINE DANCER, LINE RUNNER, LINE VIPER, FIRESTARTER) Review Needed The PR requires review Rules
#6023 opened May 19, 2026 by CrunchyJohnHaven Loading…
1
NEWRULE: AbortHydration MiniPlasma Behaviour (Nightmare Eclipse) Emerging-Threats Review Needed The PR requires review Rules
#6022 opened May 19, 2026 by unresolvedhost Loading…
1
Update the detection logic of Suspicious Start-Process PassThru and added the alias saps Ready to Merge Rules Windows Pull request add/update windows related rules
#6021 opened May 18, 2026 by eriknordstrm Loading… Sigma-May-Release
2
New rule to detect RondoDox botnet activity Emerging-Threats Review Needed The PR requires review Rules
#6020 opened May 18, 2026 by marcopedrinazzi Contributor Loading…
fix: reduce false positives across multiple Windows rules False-Positive Fix Pull Request fixes a false positive with one of the rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6019 opened May 18, 2026 by swachchhanda000 Collaborator Loading…
New detections for AWS IAM privilege escalation Author Input Required changes the require information from original author of the rules Review Needed The PR requires review Rules
#6018 opened May 16, 2026 by privet-username Loading…
1
ProTip! no:milestone will show everything without a milestone.