Issues
- 3
- 1
Can I use regular expression in sigma?
#4849 opened by Ron-zs - 1
Windows LAPS Credential Dump via Entra ID
#4846 opened by BIitzkrieg - 1
ADS Zone.Identifier Deleted By Uncommon Application when installing PuTTy latest version
#4820 opened by essadek - 0
Detects Backdoor Kapeka Via Registry Key
#4835 opened by cY83rR0H1t - 1
DPAPI backup keys Theft and Export related activities
#4821 opened by CTI-Driven - 0
FPs with "File Enumeration Via Dir Command"
#4812 opened by YamatoSecurity - 0
Suspicious Process DNS Query Known Abuse Web Services
#4748 opened by cY83rR0H1t - 0
- 0
- 1
Lazagne Crendential Dumping Tool Detection Rule
#4740 opened by cY83rR0H1t - 3
Adding new hosting sites to downloading rules
#4708 opened by omaramin17 - 4
net_connection_win_rundll32_net_connections.yml leads to false positive via multiple vendors
#4699 opened by bill-e-ghote - 3
Excessive requests from Go-http-client/1.1
#4683 opened by cherdt - 4
Logsources, lack of machine readable definition of log sources (and additional requirements)
#4669 opened by MrSeccubus - 1
- 1
Detection of Rhysida Ransomware
#4639 opened by nischalkhadgi62 - 2
c8b00925-926c-47e3-beea-298fd563728e Possible incorrect field/value pairing
#4572 opened by Blackmore-Robert - 1
1de68c67-af5c-4097-9c85-fe5578e09e67 issue
#4584 opened by swachchhanda000 - 0
ADFS Database Named Pipe Connection
#4587 opened by celalettin-turgut - 2
proc_creation_win_susp_bad_opsec_sacrificial_processes Chrome Installer False Positives
#4613 opened by AaronS97 - 3
Adding Mitre Detection ID to Rule Tags
#4622 opened by AdmU3 - 6
- 3
- 2
- 2
- 2
- 6
FP With Rule c649a6c7-cd8c-4a78-9c04-000fc76df954
#4520 opened by mezzofix - 2
Typo in readme
#4554 opened by vj-codes - 1
Bad Opsec Defaults Sacrificial Processes
#4571 opened by celalettin-turgut - 6
Packages Releases - "latest"
#4499 opened by defensivedepth - 0
Re-Work Rules / TODO
#4430 opened by nasbench - 2
FN on Potentially Suspicious Findstr.EXE Execution
#4495 opened by Tuutaans - 4
- 2
- 4
Reduce broken links in references
#4473 opened by martinspielmann - 8
Officialize New Conditionals for More Complex Sigmas Rules - For Documentation Purposes Only
#4474 opened by ish-icarocesar - 6
Very weak hash based rules are trivial to bypass
#4348 opened by scudette - 0
Questions regarding base64 encoding styles and modifiers
#4459 opened by L015H4CK - 1
7fd164ba-126a-4d9c-9392-0d4f7c243df0 should not alert on onenote application itself
#4451 opened by nekopep - 1
False positive for e3845023-ca9a-4024-b2b2-5422156d5527 and C:\WINDOWS\System32\poqexec.exe
#4448 opened by nekopep - 1
a21bcd7e-38ec-49ad-b69a-9ea17e69509e has a lot false positive related to office and webbrowsers
#4449 opened by nekopep - 1
question about wildcard and contains condition
#4441 opened by gen3111620 - 2
- 4
- 2
Rule under the wrong folder
#4404 opened by ag-michael - 1
correlate event 4625 and 4624
#4370 opened by Hafzan-250601 - 1
Problem of writing a sigma rule
#4368 opened by Nyk0la5 - 2
Rule for "gzip -f", atomic red references "gzip -k"
#4363 opened by Mladia - 4
Read event of MsMpEng.exe should be whitelisted
#4349 opened by nekopep