v0.11.18

What's Changed

• Fix: TextQueryBackend chained correlation rules by @m4dh4t in #293
• Added new transformation for creating new fields from Hashes field by @slincoln-aiq in #294
• Fix: Allow also Number in Backend Class-Names by @andurin in #295
• Pass backend options to pipeline by @thomaspatzke in #296

Full Changelog: v0.11.17...v0.11.18

v0.11.17

What's Changed

• Remove optional fields validator by @frack113 in #281
• String pattern to regular expression conversion by @thomaspatzke in #287
• Introduced interpret_special option to ReplaceStringTransformation by @thomaspatzke in #288
• fix compat with pyparsing 3.2 by @branchvincent in #289
• Python 3.8 EOL by @frack113 in #286
• Additional escape characters in SigmaString.to_regex() by @thomaspatzke in #291
• Allow special characters in startswith, endswith, and contains expressions by @thomaspatzke in #292

New Contributors

• @branchvincent made their first contribution in #289

Full Changelog: v0.11.16...v0.11.17

v0.11.16

What's Changed

• Fix Correlation rules finalization by @m4dh4t in #278
• Remove optional fields validator by @frack113 in #281
• Preserve placeholder in ReplaceStringTransformation by @thomaspatzke in #285
• String pattern to regular expression conversion by @thomaspatzke in #287
• Introduced interpret_special option to ReplaceStringTransformation by @thomaspatzke in #288

New Contributors

• @m4dh4t made their first contribution in #278

Full Changelog: v0.11.14...v0.11.16

v0.11.15

Ignore this release, it's incomplete. Use v0.11.16 instead!

v0.11.14

What's Changed

• Implement Correlation rules log source condition by @kelnage in #274
• RuleContainsFieldCondition/contains_field by @thomaspatzke in #276

Full Changelog: v0.11.13...v0.11.14

v0.11.13

Reversion of Breaking Change

This release reverts a breaking change from v0.11.12 that restricted ReplaceStringTransformation/replace_string to plain SigmaString parts. The old behavior is often used by backends to remove unneeded wildcards. The transformation now allows to switch the behavior to plain string parts with the skip_special option that is disabled by default.

What's Changed

• Taking into account Specification V2 by @frack113 in #269
• Fix ReplaceStringTransformation and SigmaString plain string conversion by @thomaspatzke in #273

Full Changelog: v0.11.12...v0.11.13

v0.11.12

Breaking Change

This release introduced a breaking change with the ReplaceStringTransformation/replace_string that restricts replacements to plain SigmaString parts to fix an issue. The fix is reverted in the pySigma release v0.11.13 and allows to swithc to the new behavior. Therefore, it is highly recommended to use the new release to implement pipelines.

What's Changed

• Nested processing pipelines by @thomaspatzke in #270

Full Changelog: v0.11.11...v0.11.12

v0.11.11

What's Changed

• Add list as tuple in validator configuration by @frack113 in #256
• feat: add mitre d3fend namespace by @nasbench in #255
• Update SigmaLogSource class by @frack113 in #258
• Update Mitre to v15.1 by @frack113 in #263
• Fix: restricted ReplaceStringTransformation/replace_string to plain string parts by @thomaspatzke in #268
• Fix: too many backslashes dropped in regular expressions by @thomaspatzke in #267
• Add set_custom_attribute transformation and tests by @kelnage in #260
• Small typo fixes and additions by @nasbench in #259

Full Changelog: v0.11.10...v0.11.11

v0.11.10

What's Changed

• Allow SigmaRuleTag objects to be compared with their string represent… by @Res260 in #247
• Fix type hints for conversion base by @nikstuckenbrock in #240
• update tags to use dashes by @nasbench in #248
• Fixes #241 - Pipeline Resolving Issue by @nasbench in #252
• add new validator - DanglingCondition by @nasbench in #253
• Some update to the validators by @frack113 in #250
• Added search variable to aggregation template in correlation queries

New Contributors

• @marcelkwaschny made their first contribution in #243
• @nikstuckenbrock made their first contribution in #240

Full Changelog: v0.11.9...v0.11.10

v0.11.9

What's Changed

• Add em dash, en dash and horizontal bar to windash modifier by @martinspielmann in #233
• Remove useless sigmahq validator by @frack113 in #234
• Resolve directory for pipelines by @Res260 in #238
• Fix bug when applying a filter to multiple rules by @cccs-cs in #237
• Fix: FieldnameLogosurceValidator raised exception on correlation rules

New Contributors

• @martinspielmann made their first contribution in #233
• @cccs-cs made their first contribution in #237

Full Changelog: v0.11.8...v0.11.9