Skip to content

v0.4.1 - New LLM Tool, pySigma version upgrade
Compare
Choose a tag to compare
@slincoln-aiq slincoln-aiq released this 17 May 17:36
· 11 commits to master since this release
v0.4.1
06621bf

What's Changed

  • New LLM tool added to convert a SIEM/Product query into a Sigma Rule (a.k.a reverse conversion)
  • Default LLM models have been updated from gpt-3.5-turbo to gpt-4o
  • Rule Creation prompt has been updated
    • Ensures better rules are created when user asks about threat group, malware activity
    • Schema URL given to prompt and instructed to look it up if LLM is unsure of correct schema for rule output
      • The Sigma Schema is already provided in the prompt, but this just gives it all the context it would need if required
    • Created rules should now include the original author and related rule IDs if rules were used as context for creating the new rule. This is to ensure the detection rule license is enforced
  • pySigma core version increased to v0.10.10. Backend and pipeline versions were increased to their maximum allowed versions for this pySigma version.

Upcoming

  • pySigma will be updated to at least v0.11.3. Backends and pipelines will be updated to the latest allowed version with this change.
  • This will also allow us to update langchain and the LLM libraries to the latest versions, due to a conflict with the packaging dependency pinned versions in langchain and pysigma that was fixed in pysigma 0.11.3.

Full Changelog: v0.3.0...v0.4.0

Assets 2
Loading