Skip to content

announcement

First commit!

Wellcome to Clickdetect blog.

Many SIEM platforms invest significant resources into building functional detection engines. I developed this project independently in my free time. Clickdetect is designed to be a practical, agnostic, and versatile engine for log detection and alerting.

I will update this blog with interesting information about new updates, fixes and usage of clickdetect.

Feel free to update and contrib with clickdetect!

Version 1.14.0 changelog

Changelog

[1.14.0] - 2026-05-25

🚀 Features

  • Add sigma backend system by @souzomain
  • Add opensearch sigma rules backend by @souzomain
  • Add opensearch PPL sigma rules backend by @souzomain
  • (sigma) Add new sigma option to threat all rules discovered as sigma by @souzomain
  • (sigma) Add loki sigma backend support by @souzomain
  • (docs) Add opensearch ppl documentation by @souzomain

🐛 Bug Fixes

  • Fix endpoint mismatch the correct is _ppl not _sql by @souzomain
  • Invalid condition causing rule not load by @souzomain
  • Fixed error while rule is updated with neovim (delete + create) by @souzomain

🗃️ Datasource Changes

  • (datasource) Add opensearch PPL datasource by @souzomain
  • (datasource) Add new option to handle sigma rules in datasource by @souzomain

🔧 Other changes

  • (other) Add uv.lock to the project by @souzomain
by souzo

Version 1.12.0 changelog

Changelog

[1.12.0] - 2026-05-01

🚀 Features

  • Add "risk_score" and "title" to be generated by LLM for better use cases

  • Add "affected_entities" and "recommended_actions" to be generated by clickagentic

🐛 Bug Fixes

  • Clickagentic, fix optional data getting error

  • Fix webhooks templates for clickagentic plugin

📝 Documentation

  • Add new clickagentic fields to plugin documentation. title, risk_score, affected_entities, recommended_action
by souzo