SigmaHQ/sigma
1
0
Fork 0
mirror of https://github.com/SigmaHQ/sigma.git synced 2026-03-27 00:58:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • a15dbdaa05 Merge PR #5832 from @swachchhanda000 - fix: edr-freeze rules FPs analysed from VT master Swachchhanda Shrawan Poudel 2026-03-19 15:11:30 +05:45
  • ec6aa4764f chore: archive new rule references and update cache file create-pull-request/reference-archiver nasbench 2026-03-15 02:20:23 +00:00
  • c2ba39f94b Merge PR #5901 from @phantinuss - bump evtx-baseline version to 0.8.4 phantinuss 2026-03-13 15:04:24 +01:00
  • 3c2407864e Merge PR #5857 from @swachchhanda000 - chore: add missing json logs Swachchhanda Shrawan Poudel 2026-03-03 16:46:07 +05:45
  • 37fe8969ae Merge PR #5890 from @nasbench - chore: archive new rule references and update cache file github-actions[bot] 2026-03-02 13:42:54 +01:00
  • 1aae4b0603 Merge PR #5889 from @phantinuss - Update ATT&CK Heatmap Coverage github-actions[bot] 2026-03-02 13:38:30 +01:00
  • 7a9d4ef690 chore: update coverage SVG create-pull-request/update-heatmap phantinuss 2026-03-02 13:33:57 +01:00
  • ef7fe71701 chore: update ATT&CK heatmap phantinuss 2026-03-01 00:01:04 +00:00
  • b596e1a7d0 Merge PR #5860 from @marcopedrinazzi - Add New Email Forwarding and Hiding Rules Marco Pedrinazzi 2026-03-01 04:16:06 +01:00
  • 084204d06a Merge PR #5845 from @marcopedrinazzi - Add System Language Discovery via Reg.Exe Marco Pedrinazzi 2026-03-01 03:55:40 +01:00
  • 5f5e72cff7 Merge PR #5885 from @djlukic - Add New FP Filters Djordje Lukic 2026-03-01 03:47:59 +01:00
  • 3fb14d9544 Merge PR #5844 from @marcopedrinazzi - Add Inbox Rules Creation Or Update Activity in O365 Marco Pedrinazzi 2026-02-28 14:32:33 +01:00
  • 41c8116d0e Merge PR #5856 from @swachchhanda000 - Add CPL sideloading and Fsquirt entries Swachchhanda Shrawan Poudel 2026-02-28 19:06:29 +05:45
  • 6db81c99bd Merge PR #5716 from @tsale - Add detection rules for abuse of OpenEDR's response feature Kostas 2026-02-28 05:12:49 -08:00
  • 086a362b0f Merge PR #5875 from @Neo23x0 - Fix BloodHound Collection Files Florian Roth 2026-02-28 14:06:13 +01:00
  • dc3880459d Merge PR #5863 from @swachchhanda000 - Add finger.exe to related rules Swachchhanda Shrawan Poudel 2026-02-16 17:35:13 +05:45
  • 28102e58ee fix: add exclusion webshell rule fix-linux-fps Florian Roth 2026-02-13 18:32:29 +01:00
  • 14d11fdda7 Merge PR from @swachchhanda000 - SolarWinds WebHelpDesk RCE Vulnerabilites Exploitation Swachchhanda Shrawan Poudel 2026-02-13 07:21:03 +05:45
  • 1df103ce6d Merge PR #5852 from @nasbench - Open Archive New Rule References github-actions[bot] 2026-02-10 14:48:39 +05:45
  • 02f6d3716d Merge #5851 from @nasbench - Update deprecated csv github-actions[bot] 2026-02-10 14:44:07 +05:45
  • 76f4a42ebb Merge PR #5854 from @swachchhanda000 - Add Notepad++ Infrastructure Abuse Rules Swachchhanda Shrawan Poudel 2026-02-04 16:53:03 +05:45
  • fb37712ca7 Merge PR #5850 from @phantinuss - Update ATT&CK Heatmap Coverage github-actions[bot] 2026-02-03 11:33:49 +01:00
  • 478120e7d2 Merge PR #5814 from @swachchhanda000 - Add New Credential Guard Tampering Rules r2026-01-01 Swachchhanda Shrawan Poudel 2026-01-29 17:37:08 +05:45
  • c6a32d96cf Merge PR #5813 from @swachchhanda000 - Add New AMSI Tampering Rules Swachchhanda Shrawan Poudel 2026-01-29 17:23:48 +05:45
  • 2022e3b420 Merge PR #5802 from @swachchhanda000 - Update Bitsadmin Rules With Regresstion Data Swachchhanda Shrawan Poudel 2026-01-29 17:22:55 +05:45
  • e77233ab2f Merge PR #5824 from @swachchhanda000 - Update User Shell Folders Registry Modification Rules Swachchhanda Shrawan Poudel 2026-01-29 17:08:46 +05:45
  • a4ddc7a414 Merge PR #5842 from @swachchhanda000 - chore: update thor.yml with missing file_change category Swachchhanda Shrawan Poudel 2026-01-29 14:10:27 +05:45
  • 3d8c650ba2 Merge PR #5811 from @swachchhanda000 - Add New Vulnerable Driver Blocklist and HVCI Tampering Based Rules Swachchhanda Shrawan Poudel 2026-01-27 04:38:42 +05:45
  • 092b852af3 Merge PR #5767 from @vl43den - Add Cmd Launched with Hidden Start Flags to Suspicious Targets Vladan Sekulic 2026-01-26 20:02:52 +01:00
  • d5188c36a1 Merge PR #5487 from @swachchhanda000 - Update Registry Shell Open Related Rules Swachchhanda Shrawan Poudel 2026-01-24 23:39:59 +05:45
  • 77f4b0b2ec Merge PR #5741 from @swachchhanda000 - Add Splunk Rules for MSIX/AppX Swachchhanda Shrawan Poudel 2026-01-24 21:49:41 +05:45
  • c0af81c9d2 Merge PR #5823 from @darses - Update DNS Query to External Service Interaction Domains Chris 2026-01-24 12:37:27 +01:00
  • 30aebbb65c Merge PR #5834 from @MATTANDERS0N - Add Devcon and KDU Execution Rules Matt Anderson 2026-01-24 05:36:29 -06:00
  • 01b23770b8 Merge PR #5826 from @marcopedrinazzi - Add New OpenCanary Rules Marco Pedrinazzi 2026-01-24 12:32:10 +01:00
  • ad3a650641 Merge PR #5476 from @swachchhanda000 - Update SquiblyTwo Related Rules Swachchhanda Shrawan Poudel 2026-01-24 17:10:13 +05:45
  • 222a2e2992 Merge PR #5749 from @swachchhanda000 - Update Phantom DLL hijacking Rules Swachchhanda Shrawan Poudel 2026-01-24 16:49:15 +05:45
  • 076da17939 Merge PR #5771 from @EzLucky - Add and Update Setcap Related Rules EzLucky 2026-01-24 11:51:42 +01:00
  • e443d5cbf8 Merge PR #5839 from @nasbench - Archive new rule references and update cache file github-actions[bot] 2026-01-17 13:03:58 +01:00
  • 6fe7343bf7 Merge PR #5822 from @EzLucky - fix: spelling errors in description and filename EzLucky 2026-01-05 08:16:17 +01:00
  • c5e6d0ecd5 Merge PR #5820 from @nasbench - Update deprecated csv github-actions[bot] 2026-01-01 12:23:20 +01:00
  • 8afdcc4321 Merge PR #5821 from @nasbench - Archive new rule references and update cache file github-actions[bot] 2026-01-01 12:22:51 +01:00
  • 1cfdf4f82e Merge PR #5819 from @phantinuss - Update ATT&CK Heatmap Coverage github-actions[bot] 2026-01-01 12:00:53 +01:00
  • c8b1a0ff67 Merge PR #5805 from @swachchhanda000 - Add regression tests for curl-related rules Swachchhanda Shrawan Poudel 2025-12-25 20:50:48 +05:45
  • b61d83beef Merge PR #5790 from @nasbench - Metadata Updates Nasreddine Bencherchali 2025-12-24 17:50:21 +01:00
  • 2952d630a4 Merge PR #5774 from @mbabinski - Added rules related to ArcGIS Server Object Extension abuse Micah Babinski 2025-12-21 09:07:30 -08:00
  • da971a6f28 Merge PR #5809 from @phantinuss - bump evtx-baseline version to 0.8.3 phantinuss 2025-12-21 18:02:45 +01:00
  • 6d581764e7 Merge PR #5806 from @nasbench - Archive New Rule References github-actions[bot] 2025-12-15 16:42:14 +01:00
  • 685194383b Merge PR #5804 from @swachchhanda000 - enhance rules related with file download from file sharing websites Swachchhanda Shrawan Poudel 2025-12-12 08:04:27 +05:45
  • c5b881019a Merge PR #5777 from @swachchhanda000 - feat: more edrfreeze rules Swachchhanda Shrawan Poudel 2025-12-10 20:14:38 +05:45
  • cce4545c10 Merge PR #5801 from @toheeb-orelope - add Invoke-DNSExfiltrator Toheeb Ajala Husain 2025-12-10 14:15:19 +00:00
  • 6af6ad8ef7 Merge PR #5803 from @swachchhanda000 - chore: ci: regression test id consistency check Swachchhanda Shrawan Poudel 2025-12-10 14:42:22 +05:45
  • 13aae8c1ea Merge PR #5795 from @swachchhanda000 - Add new rules for CVE-2025-55182 / React2Shell Swachchhanda Shrawan Poudel 2025-12-10 07:58:14 +05:45
  • cf3cbf8089 Merge PR #5799 from @nasbench - Update logic to use errorCode instead for better mapping and accuracy Nasreddine Bencherchali 2025-12-09 10:17:50 +01:00
  • cf4f13bcd5 Update aws_cloudtrail_ssm_malicious_usage.yml update-aws Nasreddine Bencherchali 2025-12-08 16:01:24 +01:00
  • f05a8c4d94 Merge PR #5788 from @swachchhanda000 - Recon via RDP Logging Event Swachchhanda Shrawan Poudel 2025-12-09 08:48:59 +05:45
  • f7f61a9f95 Merge PR #5789 from @swachchhanda000 - Add fps filter observed on ARM-based Windows updates Swachchhanda Shrawan Poudel 2025-12-09 08:29:51 +05:45
  • f58b44eb16 Merge #5798 from @swachchhanda000 - fix: aurora fps Swachchhanda Shrawan Poudel 2025-12-09 08:21:14 +05:45
  • 57c71b3b8a Merge PR #5778 from @swachchhanda000 - fix: add some filters or tune rules to reduce false positives Swachchhanda Shrawan Poudel 2025-12-09 08:15:03 +05:45
  • ed2650a0eb Merge PR #5791 from @Niicolaa - fix: add correct osascript path Niicolaa 2025-12-09 03:18:04 +01:00
  • 5656c48a97 Merge PR #5793 from @nasbench - Rename Auditd Folder Entries and update SYSCALL field Nasreddine Bencherchali 2025-12-08 16:03:55 +01:00
  • 0490e31eb5 Merge PR #5674 from @skaynum - Add HTML File Opened From Download Folder skaynum 2025-12-05 03:22:04 +03:00
  • 0aa29891df Merge PR #5782 from @Koifman - Add Github Self-Hosted Runner Execution Koifman 2025-12-04 01:55:53 +02:00
  • d9c93074d4 Merge PR #5785 from @RiqTam - Update Certutil download rules Álex 2025-12-03 00:12:45 -06:00
  • 8e1b7815bb Merge PR #5784 from @frack113 - Fix setup-python version in workflows frack113 2025-12-02 11:29:54 +01:00
  • 58f6aa51e5 Merge PR #5783 from @phantinuss - Update ATT&CK Heatmap Coverage github-actions[bot] 2025-12-01 16:56:17 +01:00
  • 3565dee3eb Merge PR #5536 from @suKTech24 - Add AWS GuardDuty Detector Deleted Or Updated r2025-12-01 suKTech24 2025-11-28 20:33:03 +11:00
  • 0a6d929974 Merge PR #5482 from @swachchhanda000 - Update Suspicious Copy From or To System Directory Swachchhanda Shrawan Poudel 2025-11-28 04:29:35 +05:45
  • 1821bcbb00 Merge PR #5475 from @swachchhanda000 - Add Renamed Schtasks Execution Swachchhanda Shrawan Poudel 2025-11-28 04:04:13 +05:45
  • 3e9318e23f Merge PR #5763 from @swachchhanda000 - Update ClickFix/FileFix related rules Swachchhanda Shrawan Poudel 2025-11-28 03:45:25 +05:45
  • 238e6f070f Merge PR #5707 from @YxinMiracle - Add Grixba Malware Reconnaissance Activity YxinMiracle 2025-11-28 05:36:53 +08:00
  • 3cbce7d48c Merge PR #5776 from @phantinuss - bump validator version 0.20 phantinuss 2025-11-26 19:07:10 +01:00
  • b09cbc3083 Merge PR #5724 from @darses - update DNS Query to External Service Interaction Domains Chris 2025-11-26 11:52:21 +01:00
  • c141859b83 Merge PR #5775 from @swachchhanda000 - Restructure regression testing data directory Swachchhanda Shrawan Poudel 2025-11-26 15:53:11 +05:45
  • 5f57f9e816 Merge PR #5766 from @SethHanford - Update Potential Container Discovery Via Inodes Listing Seth Hanford 2025-11-25 10:29:32 -05:00
  • 66e091c08c Merge PR #5770 from @EzLucky - Update MITRE Attack mapping for Linux Capabilities Discovery EzLucky 2025-11-25 16:23:51 +01:00
  • 2cb7375c6b Merge PR #5719 from @nasbench - Add regression test CI, data and simulation links Nasreddine Bencherchali 2025-11-25 16:00:53 +01:00
  • 23a375bfa6 Merge PR #5762 from @HullaBrian - Unsigned .node File Load Jonathan Beierle 2025-11-25 04:03:05 -08:00
  • 5a2885c310 Merge PR #5627 from @tsale - Filename with Embedded Base64 Commands Kostas 2025-11-24 06:33:42 -08:00
  • 9d58e38bbc Merge PR #5769 from @nasbench - fix keywords rule and remove the fields field Nasreddine Bencherchali 2025-11-24 09:54:29 +01:00
  • bbbfb67ab0 Merge PR #5669 from @JasonPhang98 - Extend Atomic MacOS Stealer - FileGrabber Rules JasonPhang98 2025-11-24 10:52:52 +08:00
  • 37024247ae Merge PR #5761 from @swachchhanda000 - feat: Suspicious Kerberos ticket request via CLI Swachchhanda Shrawan Poudel 2025-11-23 21:12:40 +05:45
  • 0d7658fb3a Merge PR #5717 from @tropChaud - Add and Enhance Windows Default Domain GPO & RDP Tampering Rules IntelScott 2025-11-23 09:51:08 -05:00
  • 5121401b01 Merge PR #5652 from @swachchhanda000 - Abuse of WerFaultSecure for PPL Tampering Swachchhanda Shrawan Poudel 2025-11-23 20:00:17 +05:45
  • 8c50909141 Merge PR #5746 from @deftoner - improve logsource format Javier Bruno 2025-11-21 04:13:42 -07:00
  • f448a13ce7 Merge PR #5591 from @swachchhanda000 - Registry Modifications through VBScripts Swachchhanda Shrawan Poudel 2025-11-21 16:39:19 +05:45
  • 1da888c779 Merge PR #5725 from @Koifman - RDP Enable or Disable via Win32_TerminalServiceSetting WMI Class Koifman 2025-11-21 11:26:45 +02:00
  • 4ac67452f1 Merge PR #5218 from @montysecurity - Suspicious ClickFix/FileFix Execution Pattern montysecurity 2025-11-21 02:08:59 -06:00
  • 64ba98e044 Merge PR #5662 from @swachchhanda000 - Cisco ASA/FP SSL VPN Exploit (CVE-2025-20333 / CVE-2025-20362) Swachchhanda Shrawan Poudel 2025-11-21 13:06:30 +05:45
  • e0bb355b3f Merge PR #5550 from @Liran017 - Unusual svchost Command Line Parameter Liran Ravich 2025-11-21 09:15:47 +02:00
  • 55e61044ff Merge PR #5519 from @jstnk9 - Suspicious Use of for Loop with Directory Search in CMD jstnk9 2025-11-21 07:41:45 +01:00
  • ec14452cfe Merge PR #5764 from @nasbench - Revise rule creation section in README Nasreddine Bencherchali 2025-11-19 12:48:39 +01:00
  • fe509498a5 Merge PR #5760 from @swachchhanda000 - Update README and fix a typo Swachchhanda Shrawan Poudel 2025-11-17 15:29:35 +05:45
  • ddcccfe4d3 Merge PR #5757 from @nasbench - Clone #5504 Nasreddine Bencherchali 2025-11-17 07:38:57 +01:00
  • 4f40da1108 Update labeler.yml add-correlations-support Nasreddine Bencherchali 2025-11-17 01:43:34 +01:00
  • d973dcb068 Create README.md Nasreddine Bencherchali 2025-11-17 01:29:55 +01:00
  • c2f1eb41bc Merge PR #5756 from @phantinuss - add a check for duplicate IDs over all rules that ever existed phantinuss 2025-11-13 14:22:02 +01:00
  • 3d59e82504 Merge PR #5748 from @swachchhanda000 - feat: add new CLSID for COM Hijacking detection Swachchhanda Shrawan Poudel 2025-11-13 10:03:01 +05:45
  • 47171af68a Merge PR #5601 from @swachchhanda000 - fix: add filters on registry rules Swachchhanda Shrawan Poudel 2025-11-13 09:55:26 +05:45
  • 799acec38b Merge PR #5742 from @SethHanford - fix problematic regex with OR condition Seth Hanford 2025-11-12 07:38:23 -05:00
  • 6503f15149 Merge PR #5754 from @phantinuss - chore: ci: fix greeter part 2 phantinuss 2025-11-12 11:59:34 +01:00