v0.10.0

Added

• Extended processing pipelines by query post-processing and output finalization.

⚠️ Breaking Changes ⚠️

• The order of ProcessingPipeline parameters has changed. New elements postprocessing_items and finalizers were added between items and vars.
• The order of ProcessingItem parameters has changed. The identifier is now located after rule_conditions and before detection item and field name conditions.

Please take care of these changes in own projects that initialize ProcessingPipeline or ProcessingItem objects with positional parameters. For better readability and compatibility with further breaking changes it is recommended to use keyword arguments for initialization of these classes.

What's Changed

• Detect modules automatically by @mostafa in #119
• Fix json serialization of SigmaLogSource by @DenizenB in #123
• Include custom attributes in SigmaRule.to_dict() by @DenizenB in #124
• Distinct condition state by @kelnage in #127
• Experimental pipelines by @mostafa in #130
• Add validator autodiscovery instructions in README.md by @Res260 in #117
• Linting with Black by @mostafa in #132
• Apply backend naming convention by @mostafa in #134
• Fix cidr expansion for backends that use custom wildcard char by @DenizenB in #139
• Unhandled placeholders raise SigmaPlaceholderError while conversion.

New Contributors

• @DenizenB made their first contribution in #123

Full Changelog: v0.9.11...v0.10.0