v0.11.9

What's Changed

• Add em dash, en dash and horizontal bar to windash modifier by @martinspielmann in #233
• Remove useless sigmahq validator by @frack113 in #234
• Resolve directory for pipelines by @Res260 in #238
• Fix bug when applying a filter to multiple rules by @cccs-cs in #237
• Fix: FieldnameLogosurceValidator raised exception on correlation rules

New Contributors

• @martinspielmann made their first contribution in #233
• @cccs-cs made their first contribution in #237

Full Changelog: v0.11.8...v0.11.9

v0.11.8

What's Changed

• Fix links in Plugin System doc by @alexott in #232
• Fixed escaping of regular expression metacharacters in RegexTransformation.
• Added ContainsWildcardCondition/contains_wildcard detection item condition.

Full Changelog: v0.11.7...v0.11.8

v0.11.7

What's Changed

• [Sigma Filters] Introducing Sigma Filters (Sigma Defeats) by @sifex in #226
• Added FieldFunctionTransformation class to perform programmatic transformation by @alexott in #218
• feat: Load custom field in the logsource by @frack113 in #215
• Add name field logsource validator by @frack113 in #228

Full Changelog: v0.11.6...v0.11.7

v0.11.6

What's Changed

• Apply pipelines to correlation rules also by @Mat0vu in #221
• Added ConvertTypeTransformation (convert_type) by @thomaspatzke

New Contributors

• @Mat0vu made their first contribution in #221

Full Changelog: v0.11.5...v0.11.6

v0.11.5

What's Changed

• Enable AddCondition to add negated conditions by @kelnage in #205
• fixing typo by @joshnck in #203
• Ignore detections with leading underscore "_" in "of" condition pattern matching by @thomaspatzke in #207
• Introduction of rule taxonomy attribute and processing condition by @thomaspatzke in #208
• fixed typo by @joshnck in #209
• added fix to return modified date field by @rciplinskas in #210
• Added processing extensions and conditions by @thomaspatzke in #211
  • RuleAttributeCondition (rule_attribute)
  • RuleTagCondition (tag)
  • RegexTransformation (regex, transforms string into (optionally case-insensitive) regular expression)
  • IsNullCondition (is_null)
  • SetValueTransformation (set_value)
  • AddFieldTransformation (add_field, add field(s) to rule field list)
  • RemoveFieldTransformation (remove_field, remove field(s) from rule field list)
  • SetFieldTransformation (set_field, replaces rule field list)
  • RuleProcessingStateCondition, DetectionItemProcessingStateCondition and FieldNameProcessingStateCondition (processing_state)
• Added eq_expression to TextQueryBaseBackend by @thomaspatzke in #212

New Contributors

• @joshnck made their first contribution in #203
• @rciplinskas made their first contribution in #210

Full Changelog: v0.11.4...v0.11.5

v0.11.4

What's Changed

• Update to v14.1 by @frack113 in #193
• Update poetry dependencies by @frack113 in #189
• Updated documentation for importing validators by @d3vzer0 in #190
• Fix type hints in validator code to use SigmaRuleBase instead of Sigm… by @Res260 in #195
• Fix NamespaceTagValidator by @frack113 in #196
• Add operator to SigmaStatus and SigmaLevel by @frack113 in #194
• Chore : Cleanup Readme by @frack113 in #200
• Fix missing fields in to_dict() methods by @nzedler in #197
• Add __hash__ function to SigmaLevel & SigmaStatus by @kelnage in #204
• Correlation query typing phase, query expressions by @thomaspatzke in #206:
  • Added typing phase to correlation query generation.
  • Added query expressions that allow to generate further query parts around the generated query, e.g. specification of the data source like from <source> | <query>
  • Added possibility to pass arbitrary parameters to convert_correlation_search that are passed to the string format context.
  • Correlation multi-rule search query and typing query postprocessing.
  • Fix: missing aliasing in backend correlation support only raises errors if aliases appear in rule.

New Contributors

• @d3vzer0 made their first contribution in #190
• @nzedler made their first contribution in #197

Full Changelog: v0.11.3...v0.11.4

v0.11.3

What's Changed

• Updated packaging and jinja2 pinned versions by @slincoln-aiq in #188
• Validators are now aware about correlation rule and pass if not applicable on these.
• Fixed duplicate file name validator detecting multiple rules in a single file as issue.

Full Changelog: v0.11.2...v0.11.3

v0.11.2

• Improved error handling
• Refactoring

v0.11.1

What's Changed

• Remove pip Warning in is_installed by @frack113 in #184
• Fix typos and type hints in SigmaCollection by @Res260 in #187
• Added MapStringTransformation/map_string transformation.
• Added get_output_rules() and get_unreferenced_rules() methods to SigmaCollection.
• Backend correlation without referenced rules expressions.

Full Changelog: v0.11.0...v0.11.1

v0.11.0

What's Changed

• Added Sigma correlation rule and conversion support by @thomaspatzke
• Add SigmaRelated by @frack113 in #164
• Updated README.md to link to the new uberAgent backend. by @svnscha in #163
• Add more validators by @frack113 in #165
• Check author and title in SigmaRule Class by @frack113 in #166
• Fixes syntax warning in types.py, plus small fixes in comments by @alexott in #168
• Add Summiting the Pyramid v1.0.0 tags by @frack113 in #170
• Release 0.10.9 by @frack113 in #171
• Chore: small fix by @frack113 in #172
• Poetry update by @frack113 in #176
• Add missing ClassVar by @frack113 in #175
• Update title length check by @frack113 in #174
• Add more coverage tests by @frack113 in #177
• Add more tests coverage by @frack113 in #178
• Add upgrade plugins by @frack113 in #181
• Add more coverage by @frack113 in #180

New Contributors

• @svnscha made their first contribution in #163

Full Changelog: v0.10.8...v0.11.0