Skip to content

Release history

Zircolite releases

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

Back to tool Latest release

All releases

15 shown

No immediate action
v3.7.6 Maintenance

Multi‑stage Docker build

Open
No immediate action
v3.7.5 Bug fix

Performance improvements

Open
Review required
v3.7.1 New feature

Template append flag

Open
No immediate action
v3.7.0 New feature

Graceful Ctrl+C shutdown

Open
v3.6.3 Bug fix

A patch to the streaming module fixes a runtime error, improving reliability for data pipelines that process continuous streams.

View release on GitHub
v3.6.2 Bug fix

The streaming module was patched to fix a data processing error, improving reliability for high-throughput pipelines.

View release on GitHub
v3.6.1 Bug fix

Log analysis tool adds support for processing partially corrupted or malformed event log data instead of failing on errors, and introduces --strict flag for enforcing strict error handling.

View release on GitHub
v3.6.0 New feature
Notable features
  • Auto-detected timestamp field matching
  • CSV output column stability
View release on GitHub
v3.5.0 New feature
Notable features
  • ZIP/7z archive processing
  • ATT&CK Navigator template
  • SARIF export format
View release on GitHub
v3.3.0 New feature
Notable features
  • Timesketch export shortcut
  • ECS field mappings
  • Incremental result writing
View release on GitHub
v3.2.0 Breaking risk
Breaking changes
  • config/fieldMappings.yaml deprecated in favor of config/config.yaml
Notable features
  • New transform CLI options: --all-transforms, --transform-category, --transform-list
  • UI/UX enhancements
  • Windows and Linux rulesets updated
Full changelog

What's Changed

  • UI/UX : Lot of enhancements in the UI/UX
  • Transforms: New transforms added. Now transforms can be enabled with --all-transforms, --transform-category, --transform-list
  • CSV output: Correct bug #114
  • Config:config/config.yaml is the default/canonical config; config/fieldMappings.yaml is deprecated (still supported, may be removed later). Docs and examples now reference config.yaml
  • Rulesets: Windows and Linux rulesets updated

Full Changelog: https://github.com/wagga40/Zircolite/compare/v3.1.0...v3.2.0

View release on GitHub
v3.1.0 New feature
Notable features
  • Content-based log type detection
  • Multi-format support
  • Rich library UI
View release on GitHub
v3.0.2 Bug fix

Log analysis tool fixes pipeline order and priority handling to correctly process detection rules in the intended sequence.

View release on GitHub
v3.0.1 Bug fix

Initial patch release for version 3.0 fixing oversight by including Linux rulesets in distribution.

View release on GitHub
v3.0.0 New feature
Breaking changes
  • Dropped _full and _pysigma rulesets
  • YAML-only field mappings
  • Config format changed
Notable features
  • Early channel/EventID filtering
  • Python field transforms
  • Rich console UI
View release on GitHub

Beta — feedback welcome: [email protected]