Skip to content

Releases: SigmaHQ/pySigma

pySigma 0.8.4

04 Oct 23:44
@thomaspatzke thomaspatzke
v0.8.4
9d103d2
Compare
Choose a tag to compare
pySigma 0.8.4
  • Improved rule error collection for checking of rules.
Assets 2
Loading

pySigma 0.8.3

04 Oct 22:58
@thomaspatzke thomaspatzke
v0.8.3
0a9090b
Compare
Choose a tag to compare
pySigma 0.8.3
  • Generalized SigmaValidator.validate_rule_collection method into validate_rules
  • Added intrusion sets and malwares to ATT&CK validation
Assets 2
Loading

pySigma 0.8.2

29 Sep 20:40
@thomaspatzke thomaspatzke
v0.8.2
433aef3
Compare
Choose a tag to compare
pySigma 0.8.2

What's Changed

  • Rule validation framework and validators.
  • Fix crash at calling startswith/endswith on empty strings by @alexott in #62

New Contributors

Full Changelog: v0.8.1...v0.8.2

Contributors

alexott
Assets 2
Loading

pySigma 0.8.1

16 Aug 06:57
@thomaspatzke thomaspatzke
v0.8.1
3e14695
Compare
Choose a tag to compare
pySigma 0.8.1

Fixes:

  • Field name condition tracking only adds processing item to tracking set if transformation does change fields.
  • Field name condition matching distinguished for field names and detection items.
  • FieldNameProcessingItemAppliedCondition now checks on field name and detection item processing set depends if a field name or detection item is checked.
Assets 2
Loading

pySigma 0.8.0

10 Aug 22:36
@thomaspatzke thomaspatzke
v0.8.0
535c3a9
Compare
Choose a tag to compare
pySigma 0.8.0
  • Added field name processing conditions that are also applied to the Sigma rule field name list.
  • Breaking change: IncludeFieldCondition and ExcludeFieldCondition are now field name conditions and have to be moved from the detection_item_conditions to the new field_name_conditions list of a processing item.
  • Tracking of applied processing items on field names. Added FieldNameProcessingItemAppliedCondition field name condition that checks if a processing item was applied to a field name.
Assets 2
Loading

pySigma 0.7.3

04 Aug 13:31
@thomaspatzke thomaspatzke
v0.7.3
b0e8dc5
Compare
Choose a tag to compare
pySigma 0.7.3
  • Various bugfixes
  • Fail on deprecated pipe condition syntax
Assets 2
Loading

pySigma 0.7.2

27 Jul 13:12
@thomaspatzke thomaspatzke
v0.7.2
e80082c
Compare
Choose a tag to compare
pySigma 0.7.2
  • Added field name mapping tracking to ProcessingPipeline.field_mappings
  • Added mapping of fields list in Sigma rules
Assets 2
Loading

pySigma 0.7.1

25 Jul 23:31
@thomaspatzke thomaspatzke
v0.7.1
e02311b
Compare
Choose a tag to compare
pySigma 0.7.1

Additional CIDR expression template variables network, netmask and prefixlen.

Assets 2
Loading

pySigma 0.7.0

23 Jul 12:07
@thomaspatzke thomaspatzke
v0.7.0
90f065d
Compare
Choose a tag to compare
pySigma 0.7.0

Change details

  • Centralized string quoting and decision about it into methods.
  • Conditional quoting based on pattern.
  • Improved CIDR matching
    • Consolidated logic into less methods.
    • The class attribute cidr_expression defines an expression for native CIDR matching. If this is not present, the CIDR value is expanded into string wildcard matches that are ORed. The existing expression conversion logic is used in this case.

Breaking changes

  • quotes have to be removed from template strings.
  • only cidr_expression is supporte as class attribute. For the other values that had to be defined previously, defined in-list expressions are used.
Assets 2
Loading

pySigma 0.6.8

21 Jul 13:34
@thomaspatzke thomaspatzke
v0.6.8
a7305c3
Compare
Choose a tag to compare
pySigma 0.6.8

Added parenthesize option to TextQueryBackend.

Assets 2
Loading