Skip to content

2.8.0
Compare
Choose a tag to compare
@wagga40 wagga40 released this 06 Jun 09:36
· 111 commits to master since this release
2.8.0
188601f

What's new in v2.8.0 :

⚠️ An ORJSON bug was preventing Zircolite to work in some use case, binaries have been replaced.

  • It is now possible to forward detected events to an ELK stack
  • All events (and not only detected events) can be forwarded with --forwardall. You should note that it works very well with Splunk but can be problematic with ELK because of the automatic type mapping
  • ORJSON has replaced the default JSON Python library. It brings a significant speedup in some cases
  • There are now two files for Zircolite (only one is required), the zircolite.py file is formatted with Black
  • Rules and docs have been updated

Known issues

  • For users with an Apple Silicon computer : please use --noexternal to prevent the use of evtx_dump external binaries

⚠️ Some AV may not like the packaged binaries.
⚠️ The set of tests for windows binaries is far from being exhaustive, please create an issue if you encounter difficulties.

Full Changelog: 2.7.0...2.8.0

Assets 6
Loading