v1.1.4

What's Changed

• Fix: Added postprocessing pipelines to README by @andurin in #92
• Build(deps-dev): Bump pytest-cov from 5.0.0 to 6.0.0 by @dependabot in #93
• Add ES|QL siem_rule_ndjson template by @Mat0vu in #94
• Improve siem_rule_ndjson postprocessing pipeline in README by @Mat0vu in #96
• Feat: elastalert backend by @kurisukun in #95

New Contributors

• @kurisukun made their first contribution in #95

Full Changelog: v1.1.3...v1.1.4

v1.1.3

What's Changed

• Defines 2 more fields in the Elastic K8S Integration by @LAripping in #79
• Fix: ES|QL index and metadata states by @m4dh4t in #77
• Fix: ES|QL correlations AttributeError and field existence by @m4dh4t in #82
• Update dependabot.yml by @andurin in #83
• Build(deps-dev): Bump pylint from 2.17.7 to 3.3.1 by @dependabot in #84
• Build(deps-dev): Bump pytest from 7.4.4 to 8.3.3 by @dependabot in #85
• Build(deps-dev): Bump pytest-cov from 4.1.0 to 5.0.0 by @dependabot in #86
• Build(deps-dev): Bump coverage from 6.5.0 to 7.6.4 by @dependabot in #87
• Fix ES|QL siem_rule_ndjson Detection Rule Import into Kibana by @Mat0vu in #88
• Build(deps): Bump pysigma from 0.11.17 to 0.11.18 by @dependabot in #89
• Fix: EQL Double quotation issue by @andurin in #90
• Version Bump by @andurin in #91

New Contributors

• @dependabot made their first contribution in #84
• @Mat0vu made their first contribution in #88

Full Changelog: v1.1.2...v1.1.3

v1.1.2

What's Changed

• Fix: Feature not supported on fieldref modifier by @andurin in #64
• Completes integration of kubernetes pipeline by @LAripping in #68
• Feat: Add Elastic Security rules and Kibana saved object support for ES|QL by @m4dh4t in #67
• Enabling Index selection for SIEM NDJSON Policies by @WildDogOne in #69

New Contributors

• @m4dh4t made their first contribution in #67
• @WildDogOne made their first contribution in #69

Full Changelog: v1.1.1...v1.1.2

v1.1.1

What's Changed

• Fix 'or' based handling of windash and base64 modifier
• Add escape too all ':' in cidr for ipv6 by @gregorywychowaniec-zt in #60
• Fix language and type typo for EQL by @webhead404 in #61
• Update mapping for Imphash by @dfiredit1337 in #63

New Contributors

• @gregorywychowaniec-zt made their first contribution in #60
• @webhead404 made their first contribution in #61
• @dfiredit1337 made their first contribution in #63

Full Changelog: v1.1.0...v1.1.1

v1.1.0

What's Changed

• Add user.name mapping by @defensivedepth in #47
• Update Kubernetes Logsource by @nasbench in #51
• Escape CIDR IPV6 by @frack113 in #54
• Chore update by @frack113 in #55
• ES|QL backend with correlation support by @thomaspatzke in #56
• Fix invalid escape sequence by @cospirho in #58

New Contributors

• @cospirho made their first contribution in #58

Full Changelog: v1.0.12...v1.1.0

v1.0.12

What's Changed

• Kubernetes pipeline (audit logs) by @LAripping in #42
• build: 📦 Update dependencies to pySigma 0.11 by @frack113 in #44
• Fixed issues with query strings containing spaces and/or wildcards for Lucene Backend by @Koen1999 in #43

New Contributors

• @LAripping made their first contribution in #42
• @Koen1999 made their first contribution in #43

Full Changelog: v1.0.10...v1.0.12

v1.0.10

What's Changed

• fix: add elasticsearch to the allowed backends in the pipeline config by @nasbench in #37
• Update poetry by @frack113 in #38
• Updates for EQL support by @defensivedepth in #39
• feat: add parsing of Mitre Att&ck tags into threat obj by @rkokkelk in #40

New Contributors

• @nasbench made their first contribution in #37
• @frack113 made their first contribution in #38
• @defensivedepth made their first contribution in #39
• @rkokkelk made their first contribution in #40

Full Changelog: v1.0.9...v1.0.10

v1.0.9

Fixed autodiscovery of backends

v1.0.8

New in this release:

• EQL Backend

v1.0.7

Fixed pipeline backend restrictions.