Skip to content

pySigma Google SecOps (Chronicle) Backend v0.1.2

Compare
Choose a tag to compare
@slincoln-aiq slincoln-aiq released this 01 Nov 20:20
· 3 commits to main since this release
v0.1.2
611a276

pySigma Google SecOps (Chronicle) Backend v0.1.2

Major Changes

  • Improved regex handling in UDM searches:
    • Removed unnecessary leading/trailing .* patterns
    • Added proper forward slash escaping
    • Fixed case sensitivity handling

New Features

  • Added field mappings for:
    • Grandparent process fields
    • Common hash algorithm fields outside of Hashes (md5, sha1, sha256, sha512, imphash)

Technical Improvements

  • Fixed NOT operation handling in UDM searches
  • Fixed IN expression conversion for UDM compatibility
  • Improved regex escaping in command line arguments
Assets 2
Loading