We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Updated Specification (markdown)
refactor: link to new specification repo
Fix of specification of list of maps in detections.
clarify how to read field names of Windows events from EventViewer
new related type
Links to correlations specification
Removed timeframe
clarify when not to use the 'all' value modifier
feat: add windash modifier to spec
fix: renamed specification file https://github.com/SigmaHQ/sigma/issues/2840
fix: remove unsupported `any` keyword
docs: update sigma YAML schema
Added deprecation notice to near operator and reference to correlations draft
clarification: spaces are invalid characters in field names
example for "all of selection*"
reformatting
discourage the "all of them" usage
Add deprecated and unsupported Status
Improved description of escaping
fix: broken link
Addition of "informational" severity level, improved level descriptions.
Better explanation of UTF16
More value modifier explanations
Reworked `level` section
Reworked `level` descriptions
Added new identifier attributes to structure section