What's new in the IBM Security QRadar Manager for YARA and SIGMA Rules app

Learn about the new features and enhancements in the latest IBM® Security QRadar® Manager for YARA Rules app releases.

Version 2.4.0

  • Added the capability to allow synchronizing Sigma rules with public GitHub repositories on a schedule.
  • Enabled the use of arrow keys to scroll through options in the selector menu on the GitHub integration page.
  • Added a feature to clear the error messages upon receiving new input on the page.
  • Fixed a crash that can cause Sigma rules to be rejected upon importing a large number of rules.
  • Updated the dependency packages of IBM Security QRadar Manager for YARA and SIGMA Rules app to the latest version.
  • Updated the container image to version 4.0.6 to improve security.

Version 2.3.0

  • Added the capability to create favorite list of GitHub locations for GitHub integration.
  • Added the capability to import and export Sigma configuration overrides.
  • Fixed an inconsistency issue of menus and titles in uniform capitalization rules.
  • Fixed an issue in Firefox where modal buttons were not vertically aligned correctly.
  • Addressed issue where prompt to overwrite was unclear when importing Yara GitHub rules

Version 2.2.0

  • Updated requests library to version 2.32.2.
  • Fixed an issue where some of the Sigma rules were failing to convert with correct logic.
  • Fixed an issue where audit messages were not processed correctly when you save the Sigma override values.
  • Added the capability to set a new default field specification for the AQL statement that is returned when you test the result of a Yara or Sigma rule.
  • Added a prompt to save work in progress before you exit a page.

Version 2.1.0

  • Fixed an issue that was preventing playback of tutorial videos in Chromium and Firefox browsers.
  • Added an option to automatically rename the QRadar offense rule that is to be added from a SIGMA rule, if that SIGMA rule name is already in use.
  • Added support to define the custom event property in use to resolve a reference to a SIGMA field in the Detection section of a rule, when you convert them from the SIGMA rule to AQL.
  • Added support to define the QRadar log source type in use to resolve a reference to a product or a service name, when you convert them from the SIGMA rule to AQL.

Version 2.0.3

  • Updated the expired certificate to fix failed validation checks in QRadar.

Version 2.0.2

  • Fixed an issue in YARA that prevented the update of the application container when upgrading from a previous version.
  • Converted nonfunctional buttons in the tutorial section to images to reduce confusion.
  • Parenthesis that is used in the condition statement of Sigma rules are now recognized during the conversion to QRadar AQL.

Version 2.0.1

  • Fixed issue in Yara Investigate page where fetching rules in a namespace that was newly deleted would throw a generic application error.
  • Fixed issue in Yara Namespace Creation/Edit where buttons in overwrite modal would clip out of the modal rather than compress.
  • Fixed issue where Yara GitHub integration would not switch to rule manager after successful import.
  • Fixed issue with improper username and IP address resolution during importation of rules from Git.
  • Upgraded Dictionary content package from version 1.3.1 to version 1.4.0.