Zircolite

v3.7.5 Feature

This release adds 2 notable features for engineering teams evaluating rollout.

Published 4d SIEM & Threat Detection

✓ No known CVEs patched

✓ No known CVEs patched in this version

Topics

auditd detection dfir dfir-automation dfir-tools evtx

+9 more

evtxtract forensics forensics-tools logs pysigma python sigma sigma-rules sysmon

Summary

AI summary

Performance improvements in event flattening and special field handling.

Type	Severity	Summary	CVE
Performance
Performance	Medium	Improves event flattening performance by skipping alias/split/transform lookups for common leafs Improves event flattening performance by skipping alias/split/transform lookups for common leafs Source: llm_adapter@2026-05-30 Confidence: low	—
Performance	Low	Improves event flattening speed. Improves event flattening speed. Source: granite4.1:30b@2026-05-30-audit Confidence: low	—
Performance	Low	Precomputes special fields set for faster common leaf handling. Precomputes special fields set for faster common leaf handling. Source: granite4.1:30b@2026-05-30-audit Confidence: low	—

Full changelog

Faster event flattening (#135)
Precomputed "special fields" set so the common leaf skips alias/split/transform lookups (ultra-fast path)

Full Changelog: https://github.com/wagga40/Zircolite/compare/v3.7.1...v3.7.5

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Track Zircolite

Get notified when new releases ship.

About Zircolite

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs