Skip to content

Pull requests: SigmaHQ/sigma

New pull request New
76 Open 4,887 Closed
76 Open 4,887 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

new: Renamed finger utility Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5863 opened Feb 12, 2026 by swachchhanda000 Loading…
new: SolarWinds WebHelpDesk RCE Vulnerabilites Exploitation Emerging-Threats Review Needed The PR requires review Rules
#5862 opened Feb 11, 2026 by swachchhanda000 Loading…
1
CVE 2026 21509 Emerging-Threats Review Needed The PR requires review Rules
#5861 opened Feb 10, 2026 by jaamaal Loading…
New: mail forwarding and hiding rules via powershell cmdlets Review Needed The PR requires review Rules Threat-Hunting Windows Pull request add/update windows related rules
#5860 opened Feb 10, 2026 by marcopedrinazzi Loading…
Add VBS dropper pattern from recent AgentTesla campaign Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5859 opened Feb 5, 2026 by davidljohnson Loading…
chore: add missing json logs Review Needed The PR requires review
#5857 opened Feb 4, 2026 by swachchhanda000 Loading…
new: Bthprops.Cpl sideloading by fsquirt.exe Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5856 opened Feb 4, 2026 by swachchhanda000 Loading…
new: Possible Malicious New Agent Skill Installed via npx skills Review Needed The PR requires review Rules Threat-Hunting Windows Pull request add/update windows related rules
#5855 opened Feb 3, 2026 by marcopedrinazzi Loading…
1
Improve description and false positives for Linux security tool disablement detection Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#5853 opened Feb 3, 2026 by amittrap Loading…
New Rule: Microsoft Defender For Office Suspicious Lateral Email Review Needed The PR requires review Rules
#5849 opened Jan 31, 2026 by Luke57 Loading…
Improve macOS "Credentials from Password Stores - Keychain" rule MacOS Pull request add/update macos related rules Review Needed The PR requires review Rules
#5848 opened Jan 30, 2026 by Niicolaa Loading…
New rule: suspicious emails delivered in Microsoft 365 Review Needed The PR requires review Rules
#5846 opened Jan 27, 2026 by marcopedrinazzi Loading… Sigma-February-Release
3
New rule system language discovery via reg.exe Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5845 opened Jan 26, 2026 by marcopedrinazzi Loading… Sigma-February-Release
New email hiding rule, fix typo and tags in email forwarding rule (m365 audit logs) Review Needed The PR requires review Rules Threat-Hunting
#5844 opened Jan 26, 2026 by marcopedrinazzi Loading… Sigma-February-Release
Improved Linux local account discovery detection and false positives Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#5843 opened Jan 20, 2026 by Aadith1422 Loading… Sigma-February-Release
Vcruntime140 sideloading - fix #5825 Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5837 opened Jan 12, 2026 by swachchhanda000 Loading…
1
1
fix: adjust rules to reduce false positives reported from VirusTotal Review Needed The PR requires review Rules Threat-Hunting Windows Pull request add/update windows related rules
#5833 opened Jan 9, 2026 by swachchhanda000 Loading…
fix: edr-freeze rules fps analysed from VT Review Needed The PR requires review Rules Threat-Hunting Windows Pull request add/update windows related rules
#5832 opened Jan 9, 2026 by swachchhanda000 Loading… Sigma-February-Release
2
Okta placeholder Rule Review Needed The PR requires review Rules
#5831 opened Jan 9, 2026 by zendannyy Loading…
PUA - MemProcFS Execution for Credential Access Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5829 opened Jan 8, 2026 by swachchhanda000 Loading…
Update proc_creation_lnx_env_shell_invocation.yml so that it covers all the examples given in the referenced link Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#5828 opened Jan 8, 2026 by Zirbo Loading… Sigma-February-Release
2
new: wmic service manipulation Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5827 opened Jan 7, 2026 by swachchhanda000 Loading… Sigma-February-Release
2
Add Ligolo-ng tunneling tool detection Additional Data Needed Author Input Required changes the require information from original author of the rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5818 opened Dec 31, 2025 by SecMab Loading…
4 tasks done
8
update: disable autologger session Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5815 opened Dec 26, 2025 by swachchhanda000 Loading…
3
chore: t1562.001 regression tests Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5812 opened Dec 23, 2025 by swachchhanda000 Draft
ProTip! Follow long discussions with comments:>50.