v0.4.0

What's Changed

• Support lists of maps in detections by @bradleyjkemp in #18
  This required changing some of the types used to represent Sigma rules and so is a breaking change for any users relying on these types. If you don't inspect the contents of the ParseRule output, this shouldn't affect your usage.

Full Changelog: v0.3.5...v0.4.0

v0.3.5

Implements the re and cidr search modifiers

Full Changelog: v0.3.4...v0.3.5

v0.3.4

Changelog

• e9793ce Handle invalid yml files in InferFileType
• fe36bd7 Add special case to comparator to handle null

v0.3.3

What's Changed

• Add Nested Field support to Sigma Evaluations by @liamn in #13

Full Changelog: v0.3.2...v0.3.3

v0.3.2

Changelog

• 64e9cc8 Fix parsing of SearchIdentifiers starting with Not/And/Or

v0.3.1

What's Changed

• Fix aggregations where the threshold is 0 by @bradleyjkemp in #11
• Fix aggregations using <= and >= operators by @bradleyjkemp in #12

Full Changelog: v0.3.0...v0.3.1

v0.3.0

What's Changed

• Add preliminary support for placeholder expansion by @bradleyjkemp in #10

Full Changelog: v0.2.8...v0.3.0

v0.2.8

Changelog

• 0534a75 Export a function to obtain values from an event based on fieldmappings (#8)

v0.2.7

What's Changed

• Make Rule Level a supported Top Level field by @liamn in #7

New Contributors

• @liamn made their first contribution in #7

Full Changelog: v0.2.6...v0.2.7

v0.2.6

Changelog

3df6a9a Fix parser bug that prevented 'x and y and z' from parsing