Releases: SigmaHQ/pySigma-backend-insightidr
v0.2.4
pySigma Rapid7 InsightIDR Backend 0.2.3
Updated to work with pySigma 0.11.3.
pySigma Rapid7 InsightIDR Backend 0.2.2
Updated to latest version of pySigma (.10.1), and added pipeline support for firewall and Azure Sign-in (Ingress Authentication) logsources.
pySigma Rapid7 InsightIDR Backend 0.2.1
Corrected backend class attribute so that the built-in InsightIDR pipeline will be used and the Sigma CLI user won't have to specify one in the conversion command.
pySigma Rapid7 InsightIDR Backend 0.2.0
Added output format attributes to backend class, making this release fully compatible with Sigma CLI and plugins, including custom output formats.
pySigma Rapid7 InsightIDR Backend 0.1.9
Updated pySigma to 0.9 and made one small fix to the leql_detection_definition output format.
pySigma Rapid7 InsightIDR Backend 0.1.8
Updated pySigma to 0.8.
pySigma Rapid7 InsightIDR Backend 0.1.7
Updated to pySigma 0.7.
pySigma Rapid7 InsightIDR Backend 0.1.6
Corrected an issue with the backend where incorrect operators could be used in output queries, when the same field name is used across different selection clauses with differing modifiers. This release also includes significantly cleaned up code. Tests were added to ensure consistent functionality. Further, this release is now fully compatible with the latest versions of the core PySigma.
pySigma Rapid7 InsightIDR Backend 0.1.5
This released made the following improvements:
- Added additional tests.
- Set the InsightIDR pipeline as the default/built-in processing pipeline for the InsightIDR backend (no need to specify the pipeline in the script - this will also enable easier usage in Sigma-CLI).
- Added a pipeline processing item to throw a more graceful error if unsupported aggregate function conditions are used.
- Improved filtering/conditions for existing pipeline processing items.
- Improved OR/AND condition logic in the backend (CIDR modifiers were causing issues when linked with ConditionOR or ConditionAND conditions), now grouping will only occur if all values are SigmaString or SigmaNumber values.