v0.2.0
·
44 commits
to main
since this release
What's Changed
- Add support for reading credentials from a file for Microsoft Defender by @WildDogOne in #9
- changing to use - instead of _ for SigmaV2 by @WildDogOne in #11
- Better logging by @WildDogOne and @0xFustang in #13
- Adopt the Kusto backend by @0xFustang in #15
Breaking Changes
In this merge we're adopting Sigma backend pySigma-backend-kusto for Microsoft Sentinel and Microsoft XDR. We also bring some code consistency and some minor bugs fixed in the Microsoft XDR backend.
Breaking Changes
We are renaming azure to microsoft_sentinel and microsoft_defender to microsoft_xdr which implies a change in the CLI argument and in the droid configuration:
[platforms]
[platforms.microsoft_sentinel]
...
[platforms.microsoft_sentinel.pipelines.windows_process_creation]
...
[platforms.microsoft_xdr]
...
[platforms.microsoft_xdr.pipelines.windows_process_creation]
...Also, we changed the argument -sm/--sentinel-mde to -sx/--sentinel-xdr.
Fixed bug
- Inability to use the default authentication with Microsoft XDR
- Using Microsoft Sentinel platform through Microsoft XDR rules was broken
Full Changelog: v0.1.5...v0.2.0
Contributors
WildDogOne and 0xFustang