Updated Sigma Rules List for 2025 with Examples

Discover the updated Sigma Rules List for 2025, providing essential detection and response capabilities to enhance your organization's security posture. Learn common rule creation mistakes and how to avoid them.

Sigma Rules List: Sigma represents a standardized rule syntax that can be translated into various formats accepted by SIEM systems. Through the Recorded Future Platform, clients can easily access and download Sigma rules curated by the Insikt Group to fortify their organizations with improved security measures.

The Sigma rules available through the open-source Sigma project, alongside the custom rules developed by Recorded Future, extend significant capabilities aimed at detecting and managing credential harvesting leveraging existing SIEM solutions. When implemented with well-configured host-based logging tools, such as Sysmon, Sigma rules can greatly enhance an organization’s ability to accurately detect and respond to threats with higher efficiency. Below is the Sigma Rules List.

Sigma Rules List

Rule TitleRule AuthorRuleset NameIDFilesUndetected Files
Autorun Keys ModificationVictor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim SheltonSigma Integrated Rule Set (GitHub)View ID
2140155753952
Suspicious Run Key from DownloadFlorian RothSigma Integrated Rule Set (GitHub)View ID82527415330
Stop Windows ServiceJakob Weinzettl, oscd.communitySigma Integrated Rule Set (GitHub)View ID683139738789
Net.exe ExecutionMichael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements)Sigma Integrated Rule Set (GitHub)View ID645151535190
Milum malware detection (WildPressure APT)Ariel MillahuelSOC Prime Threat Detection MarketplaceView ID629196824
Non Interactive PowerShellRoberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements)Sigma Integrated Rule Set (GitHub)View ID3991193105250
Always Install Elevated Windows InstallerTeymur Kheirkhabarov (idea), Mangatas Tondang (rule), oscd.communitySigma Integrated Rule Set (GitHub)View ID302532655602
File Created with System Process NameSander WiebingSigma Integrated Rule Set (GitHub)View ID228494413926
Windows Processes Suspicious Parent DirectoryvburovSigma Integrated Rule Set (GitHub)View ID185175292
Shade Ransomware (Sysmon detection)Ariel MillahuelSOC Prime Threat Detection MarketplaceView ID167384016
Suspicious desktop.ini ActionMaxime Thiebaut (@0xThiebaut)Sigma Integrated Rule Set (GitHub)View ID1397422161
System File Execution Location AnomalyFlorian Roth, Patrick Bareiss, Anton Kutepov, oscd.communitySigma Integrated Rule Set (GitHub)View ID1386967622
Nibiru detection (Registry event and CommandLine parameters)Ariel MillahuelSOC Prime Threat Detection MarketplaceView ID114766754640
File deletion via CMD (via cmdline)Ariel MillahuelSOC Prime Threat Detection MarketplaceView ID9238909083
Suspicious Svchost ProcessFlorian RothSigma Integrated Rule Set (GitHub)View ID845991133
Windows PowerShell Web RequestJames Pemberton / @4A616D6573Sigma Integrated Rule Set (GitHub)View ID805020104
Execution from Suspicious FolderFlorian RothSigma Integrated Rule Set (GitHub)View ID6439795419
Suspect Svchost ActivityDavid BurkettSigma Integrated Rule Set (GitHub)View ID56803187
Direct Autorun Keys ModificationVictor Sergeev, Daniil Yugoslavskiy, oscd.communitySigma Integrated Rule Set (GitHub)View ID549037130
CSRSS.exe spawned from unusual location (possible mimicking) (via cmdline)SOC Prime TeamSOC Prime Threat Detection MarketplaceView ID53171011
Swisyn Trojan (Sysmon detection)Ariel MillahuelSOC Prime Threat Detection MarketplaceView ID494316108
Suspicious Program Location with Network ConnectionsFlorian RothSigma Integrated Rule Set (GitHub)View ID4820765335
Scheduled Task CreationFlorian RothSigma Integrated Rule Set (GitHub)View ID431585473
Startup Folder File WriteRoberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research)Sigma Integrated Rule Set (GitHub)View ID323029118
Executables Started in Suspicious FolderFlorian RothSigma Integrated Rule Set (GitHub)View ID3181562408
Suspicious Program Location Process StartsFlorian RothSigma Integrated Rule Set (GitHub)View ID3150712406
Execution File Type Other Than .exeMax AltgeltSigma Integrated Rule Set (GitHub)View ID3141993369
Possible Applocker Bypassjuju4Sigma Integrated Rule Set (GitHub)View ID264915225
Sigma Rules List

Common Mistakes in Creating Sigma Rules

Here are some frequent mistakes people make when creating Sigma rules, along with examples to illustrate.

1. Ignoring Case Sensitivity

Strings in Sigma rules are generally case insensitive, except when they utilize a regex pattern. New rule creators may accidentally make errors that prevent the rule from functioning as intended.

2. Misusing Backslashes

Another frequent issue is the incorrect use of backslashes for escaping strings. This is particularly relevant in regex use.

The rule creation guide offers solutions to avoid these errors. For example, single backslashes, like in the string C:WindowsSystem32cmd.exe, do not require escaping and should be treated as a simple string value. Defenders should avoid writing it as "C:WindowsSystem32cmd.exe" with additional escapes.

3. Logical Errors from Operator Misuse

When defining selection criteria and conditions for rule triggers, it is crucial to understand how expressions are evaluated. Combining multiple criteria using OR when logic implies AND may result in false alerts. This can become particularly complex when multiple conditions are combined.

For further reading: Check out Pradhan Mantri Kaushal Vikas Yojana Courses List PDF 2025 | PMKVY Course Fee and Job Roles

9 thoughts on “Updated Sigma Rules List for 2025 with Examples”

  1. Girls are the only to give birth to those rocking and though boy
    But I don't think you are anything more than an asshole 🥱

  2. the biggest losers in this world is girls/ they can't live without boys/the can't do anything without boys/ i think they are just for enjoying of boys/reply if you are agree

Comments are closed.