sigma
sigma copied to clipboard
SigmaHQ
Main Sigma Rule Repository
### Summary of the Pull Request ### Changelog update: Suspicious Non-Browser Network Communication With Reddit API update: Suspicious Windows Service Tampering update: COM Object Hijacking Via Modification Of Default System...
### Summary of the Pull Request Updating the `azure_app_role_added` rule that generates false positives when adding roles to users. With the Microsoft documentation in the rule description, it is indicated...
### Summary of the Pull Request Detects the modification of registry values DefaultUserName,DefaultPassword and AutoAdminLogon to enable automatic logon. Attacker use this technique to achieve persistence. ### Changelog ### Example...
### Summary of the Pull Request This PR update the cache file used to save already archived references with newly archived results ### Changelog chore: archive new rule references and...
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "github-actions[bot] avatar"){kind=avatar}
…ent flag ### Summary of the Pull Request Updating the `posh_ps_send_mailmessage` rule by considering the `Attachments` flag according to the documentation. The rule wants to detect exfiltration, so I suggest...
### Summary of the Pull Request Add 'journalctl --vacuum' to the CommandLine Contains selection in order to also detect the deletion of system logs via the command 'journalctl' with either...
add a two images (tar and Compress-Archive) to rule. ### Summary of the Pull Request Add two images (tar and Compress-Archive) to rule for enhancing detection rate. ### Changelog ###...
### Summary of the Pull Request setup16.exe as lolbin https://www.hexacorn.com/blog/2024/10/12/the-sweet16-the-oldbin-lolbin-called-setup16-exe/ Potential Command Line Path Traversal Evasion Attempt cover by Rule_Id 1327381e-6ab0-4f38-b583-4c1b8346a56b setup16 NEED a `.lst` file but as I don't...
When examining the Exfiltration Over Alternative Protocol technique, an attacker can use the scp command in Linux to dump OS credentials. According to the log generated by Sysmon for Linux,...
### Summary of the Pull Request The detection rule which aims to detect the spawning of a Python Pretty TTY (example: python3 -c 'import pty;pty.spawn("/bin/bash")') can be avoided by attackers...