Skip to content

Releases: Big-Comfy/deadair

Release list

v0.3.4

Choose a tag to compare

@Big-Comfy Big-Comfy released this 05 Jul 23:29

v0.3.4 tightens the first-run experience and the MSSP/operator story.

  • Rewrote the docs so SOC engineers and detection engineers can see the tool's job immediately: enabled detections mapped to the telemetry they depend on, with dead rules, impaired rules, source health, and unused telemetry called out separately.
  • Added an MSSP lab GIF recorded from the Docker-backed simulated fleet artifacts.
  • Added the Docker-backed MSSP lab workflow for a five-instance fleet with healthy tenants, bad credentials, an unreachable tenant, redacted reports, downtime handling, schema drift, and exporter metrics.
  • Fixed scan --rule for single pretty-printed JSON rule files.
  • Removed the unsound truncated-lookback impairment check and tightened lag attribution so lag-blind-window names the specific laggy source.
  • serve --redact now redacts fleet instance names before logging per-instance scan failures.

Supported backends remain Elastic Security 8.x and OpenSearch Security Analytics 2.x.

v0.3.3

Choose a tag to compare

@Big-Comfy Big-Comfy released this 05 Jul 14:58

Finds the detection rules in your SIEM that are running blind — dead, impaired, or fed by unused telemetry. Elastic Security and OpenSearch Security Analytics; single deployment or multi-tenant fleet. See README and CHANGELOG.