Highlights
A big connectivity & extensibility release: six new log sources, two new parsers, and a plugin system that can now register parsers and adapters.
New source adapters
- Kubernetes — pod logs via
kubectl - Windows Event Log — JSON export + live tailing
- S3 / object storage — via the
awsCLI - Syslog listener — UDP/TCP (RFC 3164 & 5424)
- AWS CloudWatch Logs
- GCP Cloud Logging
New parsers
- logfmt (
key=value) with format auto-detection - CEF / LEEF for security appliances (firewalls, IDS/IPS, etc.)
Plugins
- Plugins can now register custom parsers and source adapters, in addition to rules and PII patterns.
Improvements
- New source-adapter registry as a single source of truth
- Extracted
HttpPollingAdapterbase for HTTP-based sources - Structured xlsx log parsing (header-row detection, typed columns)
- Fixed a German-phone-number PII false positive on date/time fragments
- Full test coverage for the stdin and tail adapters (945 tests total)
Docs
- Corrected README inaccuracies (rule operators, built-in rule IDs/severities, PII pattern list, LLM API-key env vars)
- Added a troubleshooting note explaining why scans only appear in the dashboard with
--track-errors
Full changelog: v0.5.0...v0.6.0