Added
- Index mappings for Sumologic
- Malicious cmdlets in
wdatp - QRadar support for keyword searches
- QRadar mapping improvements
- QRadar field selection
- QRadar type regex modifier support
- Elasticsearch keyword field blacklisting with wildcards
- Added dateField configuration parameter in
xpack-watcherbackend - Field mappings in configurations
- Field name mapping for conditional fields
- Value modifiers:
utf16utf16lewideutf16be
Changed
- Improved --backend-config help text
Fixed
- Backend errors in
ala - Slash escaping within
es-dslwildcard queries - QRadar backend config
- QRadar field name and value escaping and handling
- Elasticsearch wildcard detection pattern
- Aggregation on keyword field in
es-dslbackend