SigmaHQ/sigma 0.14

Sigma Release 0.14

on GitHub

Added

• sigma-similarity tool
• LimaCharlie backend
• Default configurations for some backends that are used if no configuration is passed
• Regular expression support for es-dsl backend (propagates to backends derived from this like elastalert-dsl)
• Value modifiers:
  • startswith
  • endswith

Changed

• Removal of line breaks in elastalert output
• Searches not bound to fields are restricted to keyword fields in es-qs backend
• Graylog backend now based on es-qs backend

Fixed

• Removed ProcessCommandLine mapping for Windows Security EventID 4688 in generic
  process creation log source configuration