New Backend, Updated Backends, Bugfix - Githubissues

AttackIQ / SigmAIQ

A pySigma wrapper and langchain toolkit for automatic rule creation/translation

https://attackiq.com

GNU Lesser General Public License v2.1

66 stars 9 forks source link

New Backend, Updated Backends, Bugfix #1

Closed slincoln-aiq closed 1 year ago

slincoln-aiq commented 1 year ago

New Backend

Added support for the Cortex XDR Backend!

Updated Backend Versions

Updated the following backends to the latest version
- pysigma-backend-carbonblack: v0.1.2 -> v0.1.4
- pysigma-backend-elasticsearch: v1.0.3 -> v1.0.5
- pysigma-backend-qradar-aql: v0.1.3 -> v0.1.4
- pysigma-backend-sentinelone: v0.1.1 -> v0.1.2

Bugfixes

Fixed incorrect relative path of Splunk ES Correlation Search template
- Custom output format "stanza" now works as intended, and will generated a savedsearches.conf file for a correlation search based on the output of the Splunk backend and Sigma Rule description/tags.