Release 1.2.1 improves Sysmon-to-uberAgent conversion accuracy and extends compatibility through uberAgent 8.0. This release adds broader automated test coverage, refines rule and grouping semantics, and improves handling for several Sysmon conditions and fields, including OriginalFileName mapping and newer event support.
It also includes fixes for query generation and edge cases around include/exclude logic, nested rules, repeated fields, and version handling. Overall, the converter is now more reliable for real-world Sysmon configurations while producing output that more closely matches expected uberAgent behavior.