Note regarding version 0.18.1: release created for technical reasons (issues with extended README and PyPI), no real changes done to 0.18.0.
Added
- C# backend
- STIX backend
- Options to xpack-watcher backend (action_throttle_period, mail_from acaw, mail_profile and other)
- More generic log sources
- Windows Defender log sources
- Generic DNS query log source
- AppLocker log source
Changed
- Improved backend and configuration descriptions
- Microsoft Defender ATP mapping updated
- Improved handling of wildcards in Elastic backends
Fixed
- Powershell backend: key name was incorrectly added into regular expression
- Grouping issue in Carbon Black backend
- Handling of default field mapping in case field is referenced multiple from a rule
- Code cleanup and various fixes
- Log source mappings in configurations
- Handling of conditional field mappings by Elastic backends