sigmatools 0.17.0

Added

• LOGIQ Backend (logiq)
• CarbonBlack backend (carbonblack) and field mappings
• Elasticsearch detection rule backend (es-rule)
• ee-outliers backend
• CrowdStrike backend (crowdstrike)
• Humio backend (humio)
• Aggregations in SQL backend
• SQLite backend (sqlite)
• AWS Cloudtrail ECS mappings
• Overrides
• Zeek configurations for various backends
• Case-insensitive matching for Elasticsearch
• ECS proxy mappings
• RuleName field mapping for Winlogbeat
• sigma2attack tool

Changed

• Improved usage of keyword fields for Elasticsearch-based backends
• Splunk XML backend rule titles from sigma rule instead of file name
• Moved backend option list to --help-backend
• Microsoft Defender ATP schema improvements

Fixed

• Splunx XML rule name is now set to rule title
• Backend list deduplicated
• Wrong escaping of wildcard at end of value when startswith modifier is used.
• Direct execution of tools on Windows systems by addition of script entry points