What's Changed
- Chore workflow by @frack113 in #5
- Add new modifiers support by @wagga40 (
fieldref,exists,cased) - Remove Python 3.8 support and update workflow and tests by @wagga40
About Correlation rules support
Correlation rules need a timespan field in order to work correctly. For now, there is no simple and generic way to implement it with SQLite. To be honest, given that there are nearly no correlation rules in the official rules repository, I don't think this is a problem at the moment.
Contributors
wagga40 and frack113