GitHub

📌 Overview: This repository contains a collection of Sigma Rules designed to detect various security threats and malicious activities across different log sources. These rules are structured in YAML format and can be converted into SIEM-specific queries using the Sigma framework.

🚀 Contributing: Feel free to contribute by submitting pull requests for new rules, improvements, or corrections.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

About

Uh oh!

Releases

Packages

Name		Name	Last commit message	Last commit date
Latest commit History 10 Commits
AnyDesk Auto-Start Service Creation.yml		AnyDesk Auto-Start Service Creation.yml
Detect Hidden Malicious Commands in Teams Messages.yml		Detect Hidden Malicious Commands in Teams Messages.yml
Detect SessionGopher Execution.yml		Detect SessionGopher Execution.yml
Detect Suspicious Webhook Usage in Teams Messages.yml		Detect Suspicious Webhook Usage in Teams Messages.yml
Detection of LSASS Memory Dump Stored in Defender's Directory.yml		Detection of LSASS Memory Dump Stored in Defender's Directory.yml
Detection of PowerShell Clearing Windows Event Logs using wevtutil.yml		Detection of PowerShell Clearing Windows Event Logs using wevtutil.yml
PowerShell Download OR Execution of AnyDesk.yml		PowerShell Download OR Execution of AnyDesk.yml
PowerShell Encoded Command Execution.yml		PowerShell Encoded Command Execution.yml
PowerShell Shellcode Injection via Windows API.yml		PowerShell Shellcode Injection via Windows API.yml
RDP Resource Redirection Detected.yml		RDP Resource Redirection Detected.yml
README.md		README.md
RemoteApp Execution via RDP.yml		RemoteApp Execution via RDP.yml
ScheduleTask Rule - CLI.yml		ScheduleTask Rule - CLI.yml
Suspicious .rdp File Created by Outlook.yml		Suspicious .rdp File Created by Outlook.yml
Suspicious LNK File Executing CMD.yml		Suspicious LNK File Executing CMD.yml
Suspicious Obfuscated PowerShell Command.yml		Suspicious Obfuscated PowerShell Command.yml
Suspicious Use of Curl to Download AnyDesk.yml		Suspicious Use of Curl to Download AnyDesk.yml
Suspicious mshta.exe Execution with Remote HTA Payload.yml		Suspicious mshta.exe Execution with Remote HTA Payload.yml
User Account Created AND Added to Administrators Group.yml		User Account Created AND Added to Administrators Group.yml

HalaAlnoaim/MySigmaRules

Folders and files

Latest commit

History

Repository files navigation

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Packages