sigmatools 0.18.1

Note
Original Release Date: Aug 26, 2020
Original Release Author: @thomaspatzke

Warning
Version 0.18.0 that is referenced below could not be retrieved any more at the time of the migration. The specific commit hash of version 0.18.0 is therefore lost.

Note regarding version 0.18.1: release created for technical reasons (issues with extended README and PyPI), no real changes done to 0.18.0.

Added

• C# backend
• STIX backend
• Options to xpack-watcher backend (action_throttle_period, mail_from acaw, mail_profile and other)
• More generic log sources
• Windows Defender log sources
• Generic DNS query log source
• AppLocker log source

Changed

• Improved backend and configuration descriptions
• Microsoft Defender ATP mapping updated
• Improved handling of wildcards in Elastic backends

Fixed

• Powershell backend: key name was incorrectly added into regular expression
• Grouping issue in Carbon Black backend
• Handling of default field mapping in case field is referenced multiple from a rule
• Code cleanup and various fixes
• Log source mappings in configurations
• Handling of conditional field mappings by Elastic backends