🔍

Detection Rules — Sigma

Community-driven Sigma detection rules for SIEM and XDR platforms. Filter by severity level, status, and target product to find relevant rules for Windows, Linux, Azure, and cloud environments. Accelerate threat detection engineering.

Total Sigma Rules

3,737

104 stable · 3633 in test/experimental

Critical + High

1,886

174 critical · 1712 high

By Level

critical

174

high

1.7k

medium

1.5k

low

338

informational

🔍 Sigma Detection Rules3,737 results

Click row to view YAML · MITRE links clickable

🔍

MITRE

3,737 rules

Page 1 / 75 · 1–50 of 3,737

Level	Title	Product / Category	MITRE Techniques	Status	Modified
critical	▸CobaltStrike Named Pipe Pattern Regex	windows / pipe_created	T1055	test	2026-06-18
critical	▸Webshell Remote Command Execution	linux	T1505.003	test	2025-12-05
critical	▸Potential Dtrack RAT Activity	windows / process_creation	T1490	stable	2025-11-03
critical	▸HackTool - Windows Credential Editor (WCE) Execution	windows / process_creation	T1003.001	test	2025-10-21
critical	▸Mint Sandstorm - ManageEngine Suspicious Process Execution	windows / process_creation	—	test	2025-10-19
critical	▸Mint Sandstorm - AsperaFaspex Suspicious Process Execution	windows / process_creation	—	test	2025-10-19
critical	▸Turla Group Commands May 2020	windows / process_creation	T1059.001 T1053.005 T1027	test	2025-10-19
critical	▸WannaCry Ransomware Activity	windows / process_creation	T1210 T1083 T1222.001 T1486	test	2025-10-18
critical	▸Potential SharePoint ToolShell CVE-2025-53770 Exploitation - File Create	windows / file_event	T1190	experimental	2025-07-24
critical	▸TrustedPath UAC Bypass Pattern	windows / process_creation	T1548.002	test	2025-06-17
critical	▸WCE wceaux.dll Access	windows	T1003	test	2025-01-30
critical	▸HackTool - Dumpert Process Dumper Execution	windows / process_creation	T1003.001	test	2025-01-22
critical	▸Exploiting CVE-2019-1388	windows / process_creation	T1068	stable	2024-12-01
critical	▸Potential CVE-2021-41379 Exploitation Attempt	windows / process_creation	T1068	test	2024-12-01
critical	▸Hacktool Execution - Imphash	windows / process_creation	T1588.002 T1003	test	2024-11-23
critical	▸HackTool - SysmonEOP Execution	windows / process_creation	T1068	test	2024-11-23
critical	▸Malicious DLL Load By Compromised 3CXDesktopApp	windows / image_load	—	test	2024-11-23
critical	▸Antivirus Exploitation Framework Detection	antivirus	T1203 T1219.002	stable	2024-11-02
critical	▸Antivirus Ransomware Detection	antivirus	T1486	test	2024-11-02
critical	▸Antivirus Password Dumper Detection	antivirus	T1003 T1558 T1003.001 T1003.002	stable	2024-11-02
critical	▸HackTool - QuarksPwDump Dump File	windows / file_event	T1003.002	test	2024-06-27
critical	▸HackTool - Mimikatz Kirbi File Creation	windows / file_event	T1558	test	2024-06-27
critical	▸HackTool - Inveigh Execution Artefacts	windows / file_event	T1219.002	test	2024-06-27
critical	▸FlowCloud Registry Markers	windows / registry_event	T1112	test	2024-03-20
critical	▸HackTool - BabyShark Agent Default URL Pattern	proxy	T1071.001	test	2024-02-15
critical	▸Antivirus PrinterNightmare CVE-2021-34527 Exploit Detection	antivirus	T1055	stable	2023-10-23
critical	▸OceanLotus Registry Activity	windows / registry_event	T1112	test	2023-09-28
critical	▸Leviathan Registry Key Activity	windows / registry_event	T1547.001	test	2023-09-19
critical	▸CVE-2021-31979 CVE-2021-33771 Exploits	windows / registry_set	T1566 T1203	test	2023-08-17
critical	▸HackTool - Koh Default Named Pipe	windows / pipe_created	T1528 T1134.001	test	2023-08-07
critical	▸HackTool - DiagTrackEoP Default Named Pipe	windows / pipe_created	—	test	2023-08-07
critical	▸HackTool - Credential Dumping Tools Named Pipe Created	windows / pipe_created	T1003.001 T1003.002 T1003.004 T1003.005	test	2023-08-07
critical	▸Malicious Named Pipe Created	windows / pipe_created	T1055	test	2023-08-07
critical	▸PrinterNightmare Mimikatz Driver Name	windows / registry_event	T1204	test	2023-06-12
critical	▸Qakbot Rundll32 Exports Execution	windows / process_creation	—	test	2023-05-30
critical	▸HackTool - Dumpert Process Dumper Default File	windows / file_event	T1003.001	test	2023-05-09
critical	▸ProxyLogon Reset Virtual Directories Based On IIS Log	webserver	T1190	test	2023-05-08
critical	▸Moriya Rootkit File Created	windows / file_event	T1543.003	test	2023-05-05
critical	▸Mailbox Export to Exchange Webserver	windows	T1505.003	test	2023-04-30
critical	▸Rorschach Ransomware Execution Activity	windows / process_creation	T1059.003 T1059.001	test	2023-04-22
critical	▸HackTool - Rubeus Execution	windows / process_creation	T1003 T1558.003 T1550.003	stable	2023-04-20
critical	▸Silence.EDA Detection	windows / ps_script	T1059.001 T1071.004 T1572 T1529	test	2023-04-03
critical	▸CVE-2023-23397 Exploitation Attempt	windows	—	test	2023-03-22
critical	▸APT31 Judgement Panda Activity	windows / process_creation	T1003.001 T1560.001	test	2023-03-10
critical	▸Lazarus Group Activity	windows / process_creation	T1059	test	2023-03-10
critical	▸Greenbug Espionage Group Indicators	windows / process_creation	T1059.001 T1105 T1036.005	test	2023-03-09
critical	▸EvilNum APT Golden Chickens Deployment Via OCX Files	windows / process_creation	T1218.011	test	2023-03-09
critical	▸APT27 - Emissary Panda Activity	windows / process_creation	T1574.001	test	2023-03-09
critical	▸HAFNIUM Exchange Exploitation Activity	windows / process_creation	T1546 T1053	test	2023-03-09
critical	▸Equation Group DLL_U Export Function Load	windows / process_creation	T1218.011	stable	2023-03-09