What's new in the IBM Security QRadar Manager for YARA and SIGMA Rules app
Learn about the new features and enhancements in the latest IBM® Security QRadar® Manager for YARA Rules app releases.
Version 2.4.0
- Added the capability to allow synchronizing Sigma rules with public GitHub repositories on a schedule.
- Enabled the use of arrow keys to scroll through options in the selector menu on the GitHub integration page.
- Added a feature to clear the error messages upon receiving new input on the page.
- Fixed a crash that can cause Sigma rules to be rejected upon importing a large number of rules.
- Updated the dependency packages of IBM Security QRadar Manager for YARA and SIGMA Rules app to the latest version.
- Updated the container image to version 4.0.6 to improve security.
Version 2.3.0
- Added the capability to create favorite list of GitHub locations for GitHub integration.
- Added the capability to import and export Sigma configuration overrides.
- Fixed an inconsistency issue of menus and titles in uniform capitalization rules.
- Fixed an issue in Firefox where modal buttons were not vertically aligned correctly.
- Addressed issue where prompt to overwrite was unclear when importing Yara GitHub rules
Version 2.2.0
- Updated requests library to version 2.32.2.
- Fixed an issue where some of the Sigma rules were failing to convert with correct logic.
- Fixed an issue where audit messages were not processed correctly when you save the Sigma override values.
- Added the capability to set a new default field specification for the AQL statement that is returned when you test the result of a Yara or Sigma rule.
- Added a prompt to save work in progress before you exit a page.
Version 2.1.0
- Fixed an issue that was preventing playback of tutorial videos in Chromium and Firefox browsers.
- Added an option to automatically rename the QRadar offense rule that is to be added from a SIGMA rule, if that SIGMA rule name is already in use.
- Added support to define the custom event property in use to resolve a reference to a SIGMA field in the Detection section of a rule, when you convert them from the SIGMA rule to AQL.
- Added support to define the QRadar log source type in use to resolve a reference to a product or a service name, when you convert them from the SIGMA rule to AQL.
Version 2.0.3
- Updated the expired certificate to fix failed validation checks in QRadar.
Version 2.0.2
- Fixed an issue in YARA that prevented the update of the application container when upgrading from a previous version.
- Converted nonfunctional buttons in the tutorial section to images to reduce confusion.
- Parenthesis that is used in the condition statement of Sigma rules are now recognized during the conversion to QRadar AQL.
Version 2.0.1
- Fixed issue in Yara Investigate page where fetching rules in a namespace that was newly deleted would throw a generic application error.
- Fixed issue in Yara Namespace Creation/Edit where buttons in overwrite modal would clip out of the modal rather than compress.
- Fixed issue where Yara GitHub integration would not switch to rule manager after successful import.
- Fixed issue with improper username and IP address resolution during importation of rules from Git.
- Upgraded Dictionary content package from version 1.3.1 to version 1.4.0.