Added * Extended processing pipelines by query post-processing and output finalization.
⚠️ Breaking Changes ⚠️ * The order of *ProcessingPipeline* parameters has changed. New elements *postprocessing_items* and *finalizers* were added between *items* and *vars*. * The order of *ProcessingItem* parameters has changed. The *identifier* is now located after *rule_conditions* and before detection item and field name conditions.
Please take care of these changes in own projects that initialize *ProcessingPipeline* or *ProcessingItem* objects with positional parameters. For better readability and compatibility with further breaking changes it is recommended to use keyword arguments for initialization of these classes.
What's Changed * Detect modules automatically by mostafa in https://github.com/SigmaHQ/pySigma/pull/119 * Fix json serialization of SigmaLogSource by DenizenB in https://github.com/SigmaHQ/pySigma/pull/123 * Include custom attributes in SigmaRule.to_dict() by DenizenB in https://github.com/SigmaHQ/pySigma/pull/124 * Distinct condition state by kelnage in https://github.com/SigmaHQ/pySigma/pull/127 * Experimental pipelines by mostafa in https://github.com/SigmaHQ/pySigma/pull/130 * Add validator autodiscovery instructions in README.md by Res260 in https://github.com/SigmaHQ/pySigma/pull/117 * Linting with Black by mostafa in https://github.com/SigmaHQ/pySigma/pull/132 * Apply backend naming convention by mostafa in https://github.com/SigmaHQ/pySigma/pull/134 * Fix cidr expansion for backends that use custom wildcard char by DenizenB in https://github.com/SigmaHQ/pySigma/pull/139 * Unhandled placeholders raise SigmaPlaceholderError while conversion.
New Contributors * DenizenB made their first contribution in https://github.com/SigmaHQ/pySigma/pull/123
Fixed: placeholder value list transformation now allows to use wildcards in replacement values.
0.9.10
Not secure
* Case-sensitive matches with `cased` modifier. * Backend base class stores last used processing pipeline in `last_processing_pipeline` object variable for further usage, e.g. checking if particular processing items were applied.