v0.2.10

What's Changed

• add: certificate-based authentication in XDR by @WildDogOne in #22
• imp: XDR rate limiting and server errors from Microsoft Graph API by @0xFustang in #34

Note

The documentation was updated accordingly.

Full Changelog: v0.2.9...v0.2.10

v0.2.9

What's Changed

• fix: query_period_groups by @WildDogOne in #29
• fix: empty alert prefix in Sentinel causing failures by @0xFustang in #33
• add: validation for Query Perdiod in XDR Backend by @WildDogOne in #32

Full Changelog: v0.2.8...v0.2.9

v0.2.8

What's Changed

• fix: entity mapping issues for Sigma by @0xFustang in #28

Full Changelog: v0.2.7...v0.2.8

v0.2.7

What's Changed

• add: ability to state the field mappings in Microsoft Sentinel per Sigma rules by @0xFustang in #26
• add: ignore_export_error custom field option for raw rules by @0xFustang in #27

Full Changelog: v0.2.6...v0.2.7

v0.2.6

What's Changed

• fix: raise an exit code 1 when export fails by @0xFustang in #23
• fix: MSSP feature for MS XDR and Sentinel by @0xFustang in #24

Full Changelog: v0.2.5...v0.2.6

v0.2.5

What's Changed

• add: comply with the rate limiting in Graph API by @0xFustang in #21

Full Changelog: v0.2.4...v0.2.5

v0.2.4

What's Changed

• Bump PySigma to v0.11.17 to fix the issues with pyparsing

• Updated Microsoft XDR: provide the ability to set the query_period time to a set of rules based on the Sigma log sources

     ```toml
     [platforms.microsoft_xdr.rule_parameters.query_period_groups.windows_image_load]
    category = "image_load"
    product = "windows"
    "query_period" = "1h"
    ```
  

• Update Microsoft Sentinel: provide some rule custom fields for query_period and query_frequency

Full Changelog: v0.2.3...v0.2.4

v0.2.3

What's Changed

• add: MSSP mode in Microsoft XDR by @0xFustang in #19

Full Changelog: v0.2.2...v0.2.3

v0.2.2

What's Changed

• upd: Improve the export feature using Microsoft Sentinel in MSSP mode by @0xFustang in #18

Full Changelog: v0.2.1...v0.2.2

v0.2.1

What's Changed

• fix: Bugs in Microsoft Sentinel by @0xFustang in #16

• imp: Microsoft Sentinel export process by @0xFustang in #17

  • Ability to export rules to a restricted list of Microsoft Sentinel workspaces (--mssp and --export mode)
  • When possible, add the MITRE ATT&CK tactics and techniques to the rule
  • Add new environment variables to override the authentication mode for Microsoft Sentinel and Microsoft XDR

Full Changelog: v0.2.0...v0.2.1