Added
- Proxy field names to ECS mapping (ecs-proxy) configuration
- False positives metadata to LimaCharlie backend
- Additional aggregation capabilitied for es-dsl backend.
- Azure log analytics rule backend (ala-rule)
- SQL backend
- Splunk Zeek sourcetype mapping config
- sigma2attack script
- Carbon Black backend and configuration
- ArcSight ESM backend
- Elasticsearch detection rule backend
Changed
- Kibana object id is now Sigma rule id if available. Else
the old naming scheme is used. - sigma2misp: replacement of deprecated method usage.
- Various configuration updates
- Extended ArcSight mapping
Fixed
- Fixed aggregation queries for Elastalert backend
- Fixed aggregation queries for es-dsl backend
- Backend and configuration lists are sorted.
- Escaping in ala backend