Skip to content

Pull requests: SigmaHQ/sigma

New pull request New
133 Open 4,989 Closed
133 Open 4,989 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

Add detection rules for React2Shell Pre-Auth RCE (CVE-2025-55182) Linux Pull request add/update linux related rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6031 opened May 26, 2026 by gloambit Loading…
1
new: OpenAI Codex sandbox abuse detection rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6030 opened May 26, 2026 by swachchhanda000 Collaborator Loading…
Fix false positives for OpenCode to some osascript related rules MacOS Pull request add/update macos related rules Review Needed The PR requires review Rules
#6027 opened May 21, 2026 by norbert791 Contributor Loading… Sigma-May-Release
1
new: signed dll load with no pe metadata Review Needed The PR requires review Rules Threat-Hunting Windows Pull request add/update windows related rules
#6026 opened May 21, 2026 by swachchhanda000 Collaborator Loading…
Add Azure Entra ID identity boundary expansion rules (3 rules) Additional Data Needed Author Input Required changes the require information from original author of the rules Review Needed The PR requires review Rules
#6025 opened May 20, 2026 by descambiado Loading…
3
Add detection: Entra ID Temporary Access Pass creation (T1556.006) Additional Data Needed Author Input Required changes the require information from original author of the rules Review Needed The PR requires review Rules Work In Progress Some changes are needed
#6024 opened May 19, 2026 by descambiado Loading…
3
new: 7 Sigma rules — ArcaneDoor / UAT-4356 Cisco ASA campaign (LINE DANCER, LINE RUNNER, LINE VIPER, FIRESTARTER) Review Needed The PR requires review Rules
#6023 opened May 19, 2026 by CrunchyJohnHaven Loading…
1
NEWRULE: AbortHydration MiniPlasma Behaviour (Nightmare Eclipse) Emerging-Threats Review Needed The PR requires review Rules
#6022 opened May 19, 2026 by unresolvedhost Loading…
1
Update the detection logic of Suspicious Start-Process PassThru and added the alias saps Ready to Merge Rules Windows Pull request add/update windows related rules
#6021 opened May 18, 2026 by eriknordstrm Loading… Sigma-May-Release
2
New rule to detect RondoDox botnet activity Emerging-Threats Review Needed The PR requires review Rules
#6020 opened May 18, 2026 by marcopedrinazzi Contributor Loading…
fix: reduce false positives across multiple Windows rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6019 opened May 18, 2026 by swachchhanda000 Collaborator Loading…
New detections for AWS IAM privilege escalation Review Needed The PR requires review Rules
#6018 opened May 16, 2026 by privet-username Loading…
new: OpenClaw AI agent family detection rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6017 opened May 16, 2026 by 0xdavidel Loading…
Add Azure Entra ID rules: SP credential addition and admin consent high-risk permission Additional Data Needed Author Input Required changes the require information from original author of the rules Review Needed The PR requires review Rules
#6016 opened May 16, 2026 by descambiado Loading…
1
docs: add ATR (Agent Threat Rules) to the list of tools supporting Sigma Maintenance Related to additions and update of the repository features Review Needed The PR requires review
#6015 opened May 16, 2026 by eeee2345 Loading…
update: Potential Netcat Reverse Shell Execution - add nc.openbsd and nc.traditional binary matches Author Input Required changes the require information from original author of the rules Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#6013 opened May 14, 2026 by Bit-ByteBandit Loading… Sigma-May-Release
4
Add Azure Entra ID identity attack detections (6 rules) Additional Data Needed Author Input Required changes the require information from original author of the rules Review Needed The PR requires review Rules
#6012 opened May 14, 2026 by descambiado Loading…
3
fix: Add filter for empty cmd /c argument false positive Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6010 opened May 13, 2026 by PachkaKofe04 Loading…
1
new: TanStack NPM Supply-Chain Attack - Mini Shai-Hulud Emerging-Threats Review Needed The PR requires review Rules
#6008 opened May 12, 2026 by leogasparini Loading… Sigma-May-Release
8
update: expand LOLBIN file-drop detection coverage Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6007 opened May 11, 2026 by swachchhanda000 Collaborator Loading… Sigma-May-Release
CVE-2026-41940 - cPanel and WHM CRLF authentication bypass detection Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#6006 opened May 10, 2026 by cocopollo Loading…
Add rule for Win connection to suspicious WiFi Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#6005 opened May 10, 2026 by privet-username Loading… Sigma-May-Release
6
Add 10 Sigma rules for Atlassian Cloud and Jira audit events Maintenance Related to additions and update of the repository features Review Needed The PR requires review Rules
#6004 opened May 10, 2026 by saakovv Contributor Loading…
Add 7 Sigma rules for 1Password audit events Review Needed The PR requires review Rules
#6002 opened May 10, 2026 by saakovv Contributor Loading…
new: 13 Linux detection rules Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#6001 opened May 10, 2026 by saakovv Contributor Loading…
1 task done
ProTip! Follow long discussions with comments:>50.