Releases: wagga40/Zircolite
v2.20.0
v2.20.0
What's Changed
- Add direct support for native Sigma rules with pySigma 🥳 :
python3 zircolite.py -e samples.evtx -r schtasks.yml
- Add conditional imports to limit error for functionalities not used : requirements.txt / requirements.full.txt by @wagga40 in #75
- Add option groups to improve help readability by @wagga40 in #75
- Correct typo in docs by @wagga40 in #75
- Add a simple mechanism to control external binaries by @wagga40 in #75
- Update docs and rules by @wagga40 in #75
- Update docs for pysigma and installation by @wagga40 in #72
- [Snyk] Security upgrade aiohttp from 3.8.6 to 3.9.2 by @wagga40 in #73
- [Snyk] Security upgrade orjson from 3.9.7 to 3.9.15 by @wagga40 in #74
Full Changelog: 2.10.0...2.20.0
2.10.0
What's Changed
- Add CSV and JSON Array logs support by @wagga40 in #70
- Docs have been reworked and available in a dedicated website
- Some code refactoring
Full Changelog: 2.9.10...2.10.0
2.9.10
What's Changed
- Add field alias and field splitting (Hash/hashes in Sysmon) by @wagga40 in #58
- Add the ability to specify the index when forwarding to splunk #61 by @wagga40 in #62
- Update Mitre Att&ck (c) reference table by @wagga40 in #63
- Add options : delimiter for CSV, stop recursion, file pattern by @wagga40 in #65
Full Changelog: 2.9.9...2.9.10
2.9.9
What's new in v2.9.9 :
- Add timestamp try for rotten evtx files by @ZikyHD in #46
- Add xxhash with events by @ZikyHD in #45
- Add initial support for Evtxtract logs by @wagga40 in #53
- Add initial support for XML logs by @wagga40
Full Changelog: 2.9.7...2.9.9
2.9.7
What's new in v2.9.7 :
- Updated EVTX_dump binaries (0.8) with MacOS Apple Silicon Support
- Added missing 'informational' rule level in the Mini-Gui
Full Changelog: 2.9.6...2.9.7
2.9.6
What's new in v2.9.6 :
- isolate invidvidual line parsing errors by @conitrade-as in #36
- ensure None values do not crash SQLite regex UDF by @conitrade-as in #37
- minor spelling error by @AndrewRathbun in #38
New Contributors
- @conitrade-as made their first contribution in #36
Full Changelog: 2.9.5...2.9.6
Known issues
- For users with an Apple Silicon computer : please use
--noexternal
to prevent the use ofevtx_dump
external binaries
2.9.5
What's new in v2.9.5 :
- A Mitre Att&ck © Matrix view is now available in the Mini-Gui. You can use the web component in your own app by checking here
- You can update rules with
-U
an--update-rules
. This feature use the new auto-updated default rules repository - Some bugs with browser detection is the Mini-Gui have been solved
Known issues
- For users with an Apple Silicon computer : please use
--noexternal
to prevent the use ofevtx_dump
external binaries
Full Changelog: 2.9.1...2.9.5
2.9.1
What's new in v2.9.1 :
- Fix a bug with 2.9.0 when using multiple rulesets
Known issues
- For users with an Apple Silicon computer : please use
--noexternal
to prevent the use ofevtx_dump
external binaries
2.9.0
What's new in v2.9.0 :
- The mini-GUI now includes a timeline view check the screenshot here
- You can now use multiple rulesets by using
--ruleset
or-r
multiple times - Correct a bug with CSV output
- Correct a bug with the
--limit
parameter - Removed embedded version related code and formatting. Please use DFIR-ORC if you want an embedded version (docs here).
Known issues
- For users with an Apple Silicon computer : please use
--noexternal
to prevent the use ofevtx_dump
external binaries
2.8.1
What's new in v2.8.1 :
- This release correct a bug where it was not possible to use time filtering
Known issues
- For users with an Apple Silicon computer : please use
--noexternal
to prevent the use ofevtx_dump
external binaries
Full Changelog: 2.8.0...2.8.1