What's new in the IBM Security QRadar Manager for YARA and SIGMA Rules app

Learn about the new features and enhancements in the latest IBM® Security QRadar® Manager for YARA Rules app releases.

Version 2.4.1

The YARA and SIGMA Rules application now supports IBM Security QRadar Update Package 15 (UP15). This update addresses compatibility issues caused by changes to the Log Source API in UP15, ensuring the application continues to function correctly in UP15 environments.

Added the capability to allow synchronizing Sigma rules with public GitHub repositories on a schedule.
Enabled the use of arrow keys to scroll through options in the selector menu on the GitHub integration page.
Added a feature to clear the error messages upon receiving new input on the page.
Fixed a crash that can cause Sigma rules to be rejected upon importing a large number of rules.
Updated the dependency packages of IBM Security QRadar Manager for YARA and SIGMA Rules app to the latest version.
Updated the container image to version 4.0.6 to improve security.

Added the capability to create favorite list of GitHub locations for GitHub integration.
Added the capability to import and export Sigma configuration overrides.
Fixed an inconsistency issue of menus and titles in uniform capitalization rules.
Fixed an issue in Firefox where modal buttons were not vertically aligned correctly.
Addressed issue where prompt to overwrite was unclear when importing Yara GitHub rules

Updated requests library to version 2.32.2.
Fixed an issue where some of the Sigma rules were failing to convert with correct logic.
Fixed an issue where audit messages were not processed correctly when you save the Sigma override values.
Added the capability to set a new default field specification for the AQL statement that is returned when you test the result of a Yara or Sigma rule.
Added a prompt to save work in progress before you exit a page.

Fixed an issue that was preventing playback of tutorial videos in Chromium and Firefox browsers.
Added an option to automatically rename the QRadar offense rule that is to be added from a SIGMA rule, if that SIGMA rule name is already in use.
Added support to define the custom event property in use to resolve a reference to a SIGMA field in the Detection section of a rule, when you convert them from the SIGMA rule to AQL.
Added support to define the QRadar log source type in use to resolve a reference to a product or a service name, when you convert them from the SIGMA rule to AQL.

Fixed an issue in YARA that prevented the update of the application container when upgrading from a previous version.
Converted nonfunctional buttons in the tutorial section to images to reduce confusion.
Parenthesis that is used in the condition statement of Sigma rules are now recognized during the conversion to QRadar AQL.

Fixed issue in Yara Investigate page where fetching rules in a namespace that was newly deleted would throw a generic application error.
Fixed issue in Yara Namespace Creation/Edit where buttons in overwrite modal would clip out of the modal rather than compress.
Fixed issue where Yara GitHub integration would not switch to rule manager after successful import.
Fixed issue with improper username and IP address resolution during importation of rules from Git.
Upgraded Dictionary content package from version 1.3.1 to version 1.4.0.