sigmatools 0.20

Note
Original Release Date: Aug 14, 2021
Original Release Author: @thomaspatzke

Added

• Devo backend
• Fields selection added to SQL backend
• Linux/MacOS support for MDATP backend
• Output results as generic YAML/JSON
• Hash normalization option (hash_normalize) for Elasticsearch wildcard handling
• ALA AWS Cloudtrail and Azure mappings
• Logrhytm backend
• Splunk Data Models backend
• Further log sources used in open source Sigma ruleset
• CarbonBlack EDR backend
• Elastic EQL backend
• Additional conversion selection filters
• Filter negation
• Specifiy table in SQL backend
• Generic registry event log source
• Chronicle backend

Changed

• Elastic Watcher backend populates name attribute instead of title.
• One item list optimization.
• Updated Winlogbeat mapping
• Generic mapping for Powershell backend

Fixed

• Elastalert multi output file
• Fixed duplicate output in ElastAlert backend
• Escaping in Graylog backend
• es-rule ndjson output
• Various fixes of known bugs