SigmaHQ/sigma 0.12

Sigma tool release 0.12

on GitHub

Added

• Usage of Channel field in ELK Windows configuration
• Fields to mappings
• xpack-watcher actions index and webhook
• Config for Winlogbeat 7.x
• Value modifiers
  • contains
  • alt
  • base64
  • base64offset
  • re
• Regular expression support with value modifier re

Changed

• Warning/error messages
• Sumologic value cleaning
• Explicit OR for Elasticsearch query strings
• Listing of available configurations on missing configuration error

Fixed

• Conditions in es-dsl backend
• Sumologic handling of null values
• Ignore timeframe detection keyword in all/any of conditions