🐞 Bug Fixes
Section titled “🐞 Bug Fixes”Fix sigma operator directory handling to load all rules
Section titled “Fix sigma operator directory handling to load all rules”Feb 3, 2026 · @mavam, @claude · #5715
The sigma operator now correctly loads all rules when given a directory containing multiple Sigma rule files. Previously, only the last processed rule file would be retained because the rules collection was being cleared on every recursive directory traversal.
sigma "/path/to/sigma/rules"All rules found in the directory and its subdirectories will now be loaded and used to match against input events.