Sigma Rules List 1 to 100 PDF

4.85 MB / 156 Pages
0 likes
share this pdf Share
DMCA / report this pdf Report
Sigma Rules List 1 to 100

Sigma Rules List 1 to 100

Sigma is a standardized rule syntax which can be converted into many different SIEM-supported syntax formats. The Recorded Future Platform allows clients to access and download Sigma rules developed by Insikt Group for use in their organizations. Sigma Rules List PDF can be download from the link given at the bottom of this page.

The Sigma rules provided by the open-source Sigma project and the custom rules developed by Recorded Future (available to existing clients only) offer a powerful capability to detect and respond to credential harvesting using existing SIEM solutions. When combined with properly configured host-based logging, using tools such as Sysmon, Sigma rules can elevate the ability of an organization to detect and respond to threats with increased accuracy and efficiency.

Sigma Rules List

Rule Title Rule Author Ruleset Name ID Files Undetected Files
Autorun Keys Modification Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton Sigma Integrated Rule Set (GitHub) c654002dc2859e8a2f74ec87ad6ff4deaaf0f42f99603aa964e30ed1b1f01cc1 21401557 53952
Suspicious Run Key from Download Florian Roth Sigma Integrated Rule Set (GitHub) 9bc88dec9bf37149ee55ca532e26602ba2ef11e86aa846ab6e0e461f12768b4c 8252741 5330
Stop Windows Service Jakob Weinzettl, oscd.community Sigma Integrated Rule Set (GitHub) 9afc79c8a56e6e5c4cbd55d203a7dce8efc4ed28aa315b736c842a88b1d3dd0e 6831397 38789
Net.exe Execution Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements) Sigma Integrated Rule Set (GitHub) f1048c602439313e72f67c634350106ba7b709512529457a6f0a5eca6835bc89 6451515 35190
Milum malware detection (WildPressure APT) Ariel Millahuel SOC Prime Threat Detection Marketplace 30fcf3924a898a9d1747e89068ab2990c77ca3914a94aa78466d28a9d9da32bb 6291968 24
Non Interactive PowerShell Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements) Sigma Integrated Rule Set (GitHub) 1c2e4db94ca79f939e94e29c04fb3b71467fc6f5b9c31db34fcce5a2fb3b856f 3991193 105250
Always Install Elevated Windows Installer Teymur Kheirkhabarov (idea), Mangatas Tondang (rule), oscd.community Sigma Integrated Rule Set (GitHub) b7188ffaa64031d83c409b5110885c29570d52a6ba3bacaee0392371cf071016 3025326 55602
File Created with System Process Name Sander Wiebing Sigma Integrated Rule Set (GitHub) e13498937de9343f50c1e8f315ce602aa238e37e21f3dbb15d3403c25afafe3e 2284944 13926
Windows Processes Suspicious Parent Directory vburov Sigma Integrated Rule Set (GitHub) afd546ea5eff265c454f77f6e7641ade6e5a791d79de155fa27d377be1581535 1851752 92
Shade Ransomware (Sysmon detection) Ariel Millahuel SOC Prime Threat Detection Marketplace d8f0141497fc47a78fbf41591174881fdf0e85f2937b08befec5c6273f8867d2 1673840 16
Suspicious desktop.ini Action Maxime Thiebaut (@0xThiebaut) Sigma Integrated Rule Set (GitHub) cdd5a8ff564f3632d9613d1f4925baca8be40a01fe14c7ba3e30f51bf1ff3829 1397422 161
System File Execution Location Anomaly Florian Roth, Patrick Bareiss, Anton Kutepov, oscd.community Sigma Integrated Rule Set (GitHub) 25fc56c1bee673d7ff3edcf371e4d2a36c0af83222da348961b87735c8efa61f 1386967 622
Nibiru detection (Registry event and CommandLine parameters) Ariel Millahuel SOC Prime Threat Detection Marketplace 8bbea961d969188574b7fe958c971caadd38b955cc77f21093d7d5d266e4d697 1147667 54640
File deletion via CMD (via cmdline) Ariel Millahuel SOC Prime Threat Detection Marketplace f9333cf120369debd56e4e238fffa10bdb2a1497c11e08a082befd02f9f3bdf2 923890 9083
Suspicious Svchost Process Florian Roth Sigma Integrated Rule Set (GitHub) a0daa529834b3c5230b4524da005a6b6503e7cb061e298a8f74e0dc1fee0a008 845991 133
Windows PowerShell Web Request James Pemberton / @4A616D6573 Sigma Integrated Rule Set (GitHub) 2637f98feb69311f94822998eb3c8b8d217e6c5767e071536ca54f9da830e236 805020 104
Execution from Suspicious Folder Florian Roth Sigma Integrated Rule Set (GitHub) f8d48ec1128b00975e61e06393f6bb04a1d033a94c556d213b3bcb78a80589d8 643979 5419
Suspect Svchost Activity David Burkett Sigma Integrated Rule Set (GitHub) dc04e64e69f5446c2a31920ee22415626307d5f3d0fb73ad81b9d3301a41000a 568031 87
Direct Autorun Keys Modification Victor Sergeev, Daniil Yugoslavskiy, oscd.community Sigma Integrated Rule Set (GitHub) b5f76af9d8101930af8d4fee71f3a5395b47eff6bb88e581db02bf890242d79b 549037 130
CSRSS.exe spawned from unusual location (possible mimicking) (via cmdline) SOC Prime Team SOC Prime Threat Detection Marketplace c3e407003db6c8b95e5a7dcbea08bddf8b53b265400c2feb32abfa523336257c 531710 11
Swisyn Trojan (Sysmon detection) Ariel Millahuel SOC Prime Threat Detection Marketplace 173f49a095aef2bc0480b5f8a8ae6c2d0e4125f9096d618a3865346b34d726fa 494316 108
Suspicious Program Location with Network Connections Florian Roth Sigma Integrated Rule Set (GitHub) 01b1cc2515aec2562e5e8cd3c88a60677a1acd2d680b289cf67fa493abe433d2 482076 5335
Scheduled Task Creation Florian Roth Sigma Integrated Rule Set (GitHub) 3bc9d14114a6b67367a24df21134d0564d6f08a0ad903d68f9b25e9d8b7f0790 431585 473
Startup Folder File Write Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research) Sigma Integrated Rule Set (GitHub) 56b8c79acb8e444c2b00be5c9d3cb8e33e863ccb3506d635f907a49cd053c84f 323029 118
Executables Started in Suspicious Folder Florian Roth Sigma Integrated Rule Set (GitHub) 934747e347848f3bf5d2222f0c29c4c6e42831b94a6e0ce77ff40017e5f11fd2 318156 2408
Suspicious Program Location Process Starts Florian Roth Sigma Integrated Rule Set (GitHub) c593fd1eac248d2f05a155e6c8ef2682b9022a12bc03104ff8e9e7c40f585268 315071 2406
Execution File Type Other Than .exe Max Altgelt Sigma Integrated Rule Set (GitHub) 2104d1ee1ce64e7aa3dbd368652a54ce160e6a5751019af14601fc8fd1df8086 314199 3369
Possible Applocker Bypass juju4 Sigma Integrated Rule Set (GitHub) b9996fdb64c94bd97526744b8287a3b3b02ac4eceff0980c672209adae0be6e5 264915 225

Sigma Rules List

You can download the Sigma Rules List PDF using the link given below.

Download Sigma Rules List 1 to 100 PDF

Free Download
Welcome to 1PDF!