First off, thank you for considering contributing to Sigma! Your help is invaluable in keeping this project up-to-date and useful for the community.
The following guidelines will help you understand how to contribute effectively.
If you find a false positive or would like to propose a new detection rule idea but do not have the time to create one, please create a new issue on the GitHub repository by selecting one of the available templates.
-
Fork the SigmaHQ repository and clone your fork to your local machine.
-
Create a new branch for your changes:
git checkout -b your-feature-branch
- Make your changes, and test them:
python tests/test_logsource.py
python tests/test_rules.py
- Once the test is successful, commit the changes to your branch:
git add .
git commit -m "Your commit message"
- Push your changes to your fork:
git push origin your-feature-branch
- Create a new Pull Request (PR) against the upstream repository:
- Go to the Sigma repository on GitHub
- Click the "New Pull Request" button
- Choose your fork and your feature branch
- Add a clear and descriptive title and a detailed description of your changes
- Submit the Pull Request
To update or contribute a new rule please make sure to follow the guidelines in the SigmaHQ conventions document. Consider installing the VsCode Sigma Extension for auto completion and quality of life features.
Thank you for contributing to Sigma! 🧙♂️