Skip to content

Commit

Permalink
!Deploy Release version 0.6.19 (#166)
Browse files Browse the repository at this point in the history 
* Release '0.6.2' (#31)

* updating get alert and hunting rule function

* updated error handling

* Create Get-PlayBook.ps1

* cleaning up

* Release Update Incident function (#37)

* init release update incident function

* cleaning up

* updating

* updating incident function

* code cleanup

* Cleaning up and ready for release

* updating final docs folder

* Release Feature playbook configuration (#33)

* updating get alert and hunting rule function

* updated error handling

* Create Get-PlayBook.ps1

* init release for playbook

* cleaning up

* finishing playbook

* adding get alert rule action function

* releasing get logic app function

* release new- az sen alert action and some codue update

* init release playbook function

* uppdated gitignore

* init release remove azsentinel action rule

* fixed compare issue

* Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook

* updating pester test result

* updating readme

* updating readme

* updated docs and pester test results

* restoring version

* Fix/smallconflicts (#40)

* updating docs

* updating examples

* updating pipeline

* fixing Subscribtion parameter for playbook (#43)

* fixing Subscribtion parameter for playbook (#45)

* Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50)

* fix huntng rule

* fixing hunting rule issue

* Fix - new-azsentinelalertrule playbook property  (#49)

* fixing the if statement

* fixing the if statement

* Feature - get all incidents (#51)

* updating get incident

* updating get incident function and docs

* updating  powershell-yaml

* updating importmodule error

* workaround

* removing powershell-yaml depending

* fixing logicapp sas token (#52)

* Add support for day time periods (#61)

* Add missing dot to yml file extension (#59)

The Import-AZSentinelAlertRule function is not able to import yml files due
to missing dot in the file extension.

* adding support for resource provider in set-azsentinel (#69)

* New function for enabling and disabling Alert rules (#71)

* init release enable and disable function

* adding empty test files

* updating return message

* New feature change the displayName of an alert (#68)

* Release Rename Alert rule function

* updating rename function

* Handle nextLink for Playbooks (#78)

When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents.

* adding support for alert aggregation (#65)

* adding support for alert aggregation, classes created

* updaing classes

* updated the class and created first rule wih no error

* update class and made import function backwards compatible

* small changes

* tested with import method

* updating new function

* checking working code, starting cleanup

* updating documentation

* updating docs and cleaning up

* updating build errors

* change pester version

* updating pester version

* Update groupingConfiguration.ps1 (#87)

* Fix bug that causes loss of certain incident properties, add option to set incident description (#91)

* Feature - Adding support for all alert rule types (#90)

* init release

* updating docs

Co-authored-by: PKhabazi <[email protected]>

* New Functionality to get alert rule templates provided by Microsoft (#94)

Co-authored-by: Antonio Ramirez <[email protected]>

* Update/get az sentinel alert rule templates (#95)

* udating Get-AzSentinelAlertRuleTemplates

* updated

Co-authored-by: PKhabazi <[email protected]>

* Feature/add az sentinel incident comment (#96)

* udating Get-AzSentinelAlertRuleTemplates

* updated

* fixing playbook issue

* Add-AzSentinelIncidentComment

* release

Co-authored-by: PKhabazi <[email protected]>

* fixing class error (#99)

* updating example files, ncluding multi rule yaml file (#104)

* Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102)

* fixing return issue

* fixing playbook issue

* init release Get-AzSentinelDataConnector function (#103)

* Fix - get-azsentinelhuntingrule updated get and remove function (#106)

* fixing hunitng rule get and remove issue

* cleaning up

* updating filters

* Add filtering by lastModified (#107)

* updating AggregationKind class and enum (#111)

* Release of Import-AzSentinelDataConnector function (#116)

* extra check for Import-AzSentinelDataConnector

* fixing class issue (#118)

* New function: Export-AzSentinel (#121)

* init code

* Release Export-AzSentinel and some small fixes/updates

* fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122)

* updating Get-AzSentinelAlertRule function and docs (#125)

* modified token expiration logic (#135)

Co-authored-by: John Crouch <[email protected]>

* fixing small issues (#136)

* Fixing issue when switching from subscription (#140)

* !Deploy Release version 0.6.14 (#137)

* Release '0.6.2' (#31)

* updating get alert and hunting rule function

* updated error handling

* Create Get-PlayBook.ps1

* cleaning up

* Release Update Incident function (#37)

* init release update incident function

* cleaning up

* updating

* updating incident function

* code cleanup

* Cleaning up and ready for release

* updating final docs folder

* Release Feature playbook configuration (#33)

* updating get alert and hunting rule function

* updated error handling

* Create Get-PlayBook.ps1

* init release for playbook

* cleaning up

* finishing playbook

* adding get alert rule action function

* releasing get logic app function

* release new- az sen alert action and some codue update

* init release playbook function

* uppdated gitignore

* init release remove azsentinel action rule

* fixed compare issue

* Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook

* updating pester test result

* updating readme

* updating readme

* updated docs and pester test results

* restoring version

* Fix/smallconflicts (#40)

* updating docs

* updating examples

* updating pipeline

* fixing Subscribtion parameter for playbook (#43)

* fixing Subscribtion parameter for playbook (#45)

* Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50)

* fix huntng rule

* fixing hunting rule issue

* Fix - new-azsentinelalertrule playbook property  (#49)

* fixing the if statement

* fixing the if statement

* Feature - get all incidents (#51)

* updating get incident

* updating get incident function and docs

* updating  powershell-yaml

* updating importmodule error

* workaround

* removing powershell-yaml depending

* fixing logicapp sas token (#52)

* Add support for day time periods (#61)

* Add missing dot to yml file extension (#59)

The Import-AZSentinelAlertRule function is not able to import yml files due
to missing dot in the file extension.

* adding support for resource provider in set-azsentinel (#69)

* New function for enabling and disabling Alert rules (#71)

* init release enable and disable function

* adding empty test files

* updating return message

* New feature change the displayName of an alert (#68)

* Release Rename Alert rule function

* updating rename function

* Handle nextLink for Playbooks (#78)

When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents.

* adding support for alert aggregation (#65)

* adding support for alert aggregation, classes created

* updaing classes

* updated the class and created first rule wih no error

* update class and made import function backwards compatible

* small changes

* tested with import method

* updating new function

* checking working code, starting cleanup

* updating documentation

* updating docs and cleaning up

* updating build errors

* change pester version

* updating pester version

* Update groupingConfiguration.ps1 (#87)

* Fix bug that causes loss of certain incident properties, add option to set incident description (#91)

* Feature - Adding support for all alert rule types (#90)

* init release

* updating docs

Co-authored-by: PKhabazi <[email protected]>

* New Functionality to get alert rule templates provided by Microsoft (#94)

Co-authored-by: Antonio Ramirez <[email protected]>

* Update/get az sentinel alert rule templates (#95)

* udating Get-AzSentinelAlertRuleTemplates

* updated

Co-authored-by: PKhabazi <[email protected]>

* Feature/add az sentinel incident comment (#96)

* udating Get-AzSentinelAlertRuleTemplates

* updated

* fixing playbook issue

* Add-AzSentinelIncidentComment

* release

Co-authored-by: PKhabazi <[email protected]>

* fixing class error (#99)

* updating example files, ncluding multi rule yaml file (#104)

* Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102)

* fixing return issue

* fixing playbook issue

* init release Get-AzSentinelDataConnector function (#103)

* Fix - get-azsentinelhuntingrule updated get and remove function (#106)

* fixing hunitng rule get and remove issue

* cleaning up

* updating filters

* Add filtering by lastModified (#107)

* updating AggregationKind class and enum (#111)

* Release of Import-AzSentinelDataConnector function (#116)

* extra check for Import-AzSentinelDataConnector

* fixing class issue (#118)

* New function: Export-AzSentinel (#121)

* init code

* Release Export-AzSentinel and some small fixes/updates

* fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122)

* updating Get-AzSentinelAlertRule function and docs (#125)

* modified token expiration logic (#135)

Co-authored-by: John Crouch <[email protected]>

* fixing small issues (#136)

Co-authored-by: pemontto <[email protected]>
Co-authored-by: NVolcz <[email protected]>
Co-authored-by: stehod <[email protected]>
Co-authored-by: ThijsLecomte <[email protected]>
Co-authored-by: Jonathan Holtmann <[email protected]>
Co-authored-by: PKhabazi <[email protected]>
Co-authored-by: ramirezversion <[email protected]>
Co-authored-by: Antonio Ramirez <[email protected]>
Co-authored-by: John Crouch <[email protected]>
Co-authored-by: John Crouch <[email protected]>

* fixing issue when switching from subscription

* fixing subscription precheck issue

* restore

Co-authored-by: pemontto <[email protected]>
Co-authored-by: NVolcz <[email protected]>
Co-authored-by: stehod <[email protected]>
Co-authored-by: ThijsLecomte <[email protected]>
Co-authored-by: Jonathan Holtmann <[email protected]>
Co-authored-by: PKhabazi <[email protected]>
Co-authored-by: ramirezversion <[email protected]>
Co-authored-by: Antonio Ramirez <[email protected]>
Co-authored-by: John Crouch <[email protected]>
Co-authored-by: John Crouch <[email protected]>

* Fixing issue with Fusion rules (#143)

* MSSP Playbook (#142)

* !Deploy Release version 0.6.14 (#137)

* Release '0.6.2' (#31)

* updating get alert and hunting rule function

* updated error handling

* Create Get-PlayBook.ps1

* cleaning up

* Release Update Incident function (#37)

* init release update incident function

* cleaning up

* updating

* updating incident function

* code cleanup

* Cleaning up and ready for release

* updating final docs folder

* Release Feature playbook configuration (#33)

* updating get alert and hunting rule function

* updated error handling

* Create Get-PlayBook.ps1

* init release for playbook

* cleaning up

* finishing playbook

* adding get alert rule action function

* releasing get logic app function

* release new- az sen alert action and some codue update

* init release playbook function

* uppdated gitignore

* init release remove azsentinel action rule

* fixed compare issue

* Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook

* updating pester test result

* updating readme

* updating readme

* updated docs and pester test results

* restoring version

* Fix/smallconflicts (#40)

* updating docs

* updating examples

* updating pipeline

* fixing Subscribtion parameter for playbook (#43)

* fixing Subscribtion parameter for playbook (#45)

* Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50)

* fix huntng rule

* fixing hunting rule issue

* Fix - new-azsentinelalertrule playbook property  (#49)

* fixing the if statement

* fixing the if statement

* Feature - get all incidents (#51)

* updating get incident

* updating get incident function and docs

* updating  powershell-yaml

* updating importmodule error

* workaround

* removing powershell-yaml depending

* fixing logicapp sas token (#52)

* Add support for day time periods (#61)

* Add missing dot to yml file extension (#59)

The Import-AZSentinelAlertRule function is not able to import yml files due
to missing dot in the file extension.

* adding support for resource provider in set-azsentinel (#69)

* New function for enabling and disabling Alert rules (#71)

* init release enable and disable function

* adding empty test files

* updating return message

* New feature change the displayName of an alert (#68)

* Release Rename Alert rule function

* updating rename function

* Handle nextLink for Playbooks (#78)

When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents.

* adding support for alert aggregation (#65)

* adding support for alert aggregation, classes created

* updaing classes

* updated the class and created first rule wih no error

* update class and made import function backwards compatible

* small changes

* tested with import method

* updating new function

* checking working code, starting cleanup

* updating documentation

* updating docs and cleaning up

* updating build errors

* change pester version

* updating pester version

* Update groupingConfiguration.ps1 (#87)

* Fix bug that causes loss of certain incident properties, add option to set incident description (#91)

* Feature - Adding support for all alert rule types (#90)

* init release

* updating docs

Co-authored-by: PKhabazi <[email protected]>

* New Functionality to get alert rule templates provided by Microsoft (#94)

Co-authored-by: Antonio Ramirez <[email protected]>

* Update/get az sentinel alert rule templates (#95)

* udating Get-AzSentinelAlertRuleTemplates

* updated

Co-authored-by: PKhabazi <[email protected]>

* Feature/add az sentinel incident comment (#96)

* udating Get-AzSentinelAlertRuleTemplates

* updated

* fixing playbook issue

* Add-AzSentinelIncidentComment

* release

Co-authored-by: PKhabazi <[email protected]>

* fixing class error (#99)

* updating example files, ncluding multi rule yaml file (#104)

* Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102)

* fixing return issue

* fixing playbook issue

* init release Get-AzSentinelDataConnector function (#103)

* Fix - get-azsentinelhuntingrule updated get and remove function (#106)

* fixing hunitng rule get and remove issue

* cleaning up

* updating filters

* Add filtering by lastModified (#107)

* updating AggregationKind class and enum (#111)

* Release of Import-AzSentinelDataConnector function (#116)

* extra check for Import-AzSentinelDataConnector

* fixing class issue (#118)

* New function: Export-AzSentinel (#121)

* init code

* Release Export-AzSentinel and some small fixes/updates

* fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122)

* updating Get-AzSentinelAlertRule function and docs (#125)

* modified token expiration logic (#135)

Co-authored-by: John Crouch <[email protected]>

* fixing small issues (#136)

Co-authored-by: pemontto <[email protected]>
Co-authored-by: NVolcz <[email protected]>
Co-authored-by: stehod <[email protected]>
Co-authored-by: ThijsLecomte <[email protected]>
Co-authored-by: Jonathan Holtmann <[email protected]>
Co-authored-by: PKhabazi <[email protected]>
Co-authored-by: ramirezversion <[email protected]>
Co-authored-by: Antonio Ramirez <[email protected]>
Co-authored-by: John Crouch <[email protected]>
Co-authored-by: John Crouch <[email protected]>

* init test

* ready for release

Co-authored-by: pemontto <[email protected]>
Co-authored-by: NVolcz <[email protected]>
Co-authored-by: stehod <[email protected]>
Co-authored-by: ThijsLecomte <[email protected]>
Co-authored-by: Jonathan Holtmann <[email protected]>
Co-authored-by: PKhabazi <[email protected]>
Co-authored-by: ramirezversion <[email protected]>
Co-authored-by: Antonio Ramirez <[email protected]>
Co-authored-by: John Crouch <[email protected]>
Co-authored-by: John Crouch <[email protected]>

* Prevent null reference of non-required argument; fixes #148 (#149)

* !Deploy Release Version 0.6.16 (#146)

* Release '0.6.2' (#31)

* updating get alert and hunting rule function

* updated error handling

* Create Get-PlayBook.ps1

* cleaning up

* Release Update Incident function (#37)

* init release update incident function

* cleaning up

* updating

* updating incident function

* code cleanup

* Cleaning up and ready for release

* updating final docs folder

* Release Feature playbook configuration (#33)

* updating get alert and hunting rule function

* updated error handling

* Create Get-PlayBook.ps1

* init release for playbook

* cleaning up

* finishing playbook

* adding get alert rule action function

* releasing get logic app function

* release new- az sen alert action and some codue update

* init release playbook function

* uppdated gitignore

* init release remove azsentinel action rule

* fixed compare issue

* Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook

* updating pester test result

* updating readme

* updating readme

* updated docs and pester test results

* restoring version

* Fix/smallconflicts (#40)

* updating docs

* updating examples

* updating pipeline

* fixing Subscribtion parameter for playbook (#43)

* fixing Subscribtion parameter for playbook (#45)

* Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50)

* fix huntng rule

* fixing hunting rule issue

* Fix - new-azsentinelalertrule playbook property  (#49)

* fixing the if statement

* fixing the if statement

* Feature - get all incidents (#51)

* updating get incident

* updating get incident function and docs

* updating  powershell-yaml

* updating importmodule error

* workaround

* removing powershell-yaml depending

* fixing logicapp sas token (#52)

* Add support for day time periods (#61)

* Add missing dot to yml file extension (#59)

The Import-AZSentinelAlertRule function is not able to import yml files due
to missing dot in the file extension.

* adding support for resource provider in set-azsentinel (#69)

* New function for enabling and disabling Alert rules (#71)

* init release enable and disable function

* adding empty test files

* updating return message

* New feature change the displayName of an alert (#68)

* Release Rename Alert rule function

* updating rename function

* Handle nextLink for Playbooks (#78)

When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents.

* adding support for alert aggregation (#65)

* adding support for alert aggregation, classes created

* updaing classes

* updated the class and created first rule wih no error

* update class and made import function backwards compatible

* small changes

* tested with import method

* updating new function

* checking working code, starting cleanup

* updating documentation

* updating docs and cleaning up

* updating build errors

* change pester version

* updating pester version

* Update groupingConfiguration.ps1 (#87)

* Fix bug that causes loss of certain incident properties, add option to set incident description (#91)

* Feature - Adding support for all alert rule types (#90)

* init release

* updating docs

Co-authored-by: PKhabazi <[email protected]>

* New Functionality to get alert rule templates provided by Microsoft (#94)

Co-authored-by: Antonio Ramirez <[email protected]>

* Update/get az sentinel alert rule templates (#95)

* udating Get-AzSentinelAlertRuleTemplates

* updated

Co-authored-by: PKhabazi <[email protected]>

* Feature/add az sentinel incident comment (#96)

* udating Get-AzSentinelAlertRuleTemplates

* updated

* fixing playbook issue

* Add-AzSentinelIncidentComment

* release

Co-authored-by: PKhabazi <[email protected]>

* fixing class error (#99)

* updating example files, ncluding multi rule yaml file (#104)

* Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102)

* fixing return issue

* fixing playbook issue

* init release Get-AzSentinelDataConnector function (#103)

* Fix - get-azsentinelhuntingrule updated get and remove function (#106)

* fixing hunitng rule get and remove issue

* cleaning up

* updating filters

* Add filtering by lastModified (#107)

* updating AggregationKind class and enum (#111)

* Release of Import-AzSentinelDataConnector function (#116)

* extra check for Import-AzSentinelDataConnector

* fixing class issue (#118)

* New function: Export-AzSentinel (#121)

* init code

* Release Export-AzSentinel and some small fixes/updates

* fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122)

* updating Get-AzSentinelAlertRule function and docs (#125)

* modified token expiration logic (#135)

Co-authored-by: John Crouch <[email protected]>

* fixing small issues (#136)

* Fixing issue when switching from subscription (#140)

* !Deploy Release version 0.6.14 (#137)

* Release '0.6.2' (#31)

* updating get alert and hunting rule function

* updated error handling

* Create Get-PlayBook.ps1

* cleaning up

* Release Update Incident function (#37)

* init release update incident function

* cleaning up

* updating

* updating incident function

* code cleanup

* Cleaning up and ready for release

* updating final docs folder

* Release Feature playbook configuration (#33)

* updating get alert and hunting rule function

* updated error handling

* Create Get-PlayBook.ps1

* init release for playbook

* cleaning up

* finishing playbook

* adding get alert rule action function

* releasing get logic app function

* release new- az sen alert action and some codue update

* init release playbook function

* uppdated gitignore

* init release remove azsentinel action rule

* fixed compare issue

* Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook

* updating pester test result

* updating readme

* updating readme

* updated docs and pester test results

* restoring version

* Fix/smallconflicts (#40)

* updating docs

* updating examples

* updating pipeline

* fixing Subscribtion parameter for playbook (#43)

* fixing Subscribtion parameter for playbook (#45)

* Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50)

* fix huntng rule

* fixing hunting rule issue

* Fix - new-azsentinelalertrule playbook property  (#49)

* fixing the if statement

* fixing the if statement

* Feature - get all incidents (#51)

* updating get incident

* updating get incident function and docs

* updating  powershell-yaml

* updating importmodule error

* workaround

* removing powershell-yaml depending

* fixing logicapp sas token (#52)

* Add support for day time periods (#61)

* Add missing dot to yml file extension (#59)

The Import-AZSentinelAlertRule function is not able to import yml files due
to missing dot in the file extension.

* adding support for resource provider in set-azsentinel (#69)

* New function for enabling and disabling Alert rules (#71)

* init release enable and disable function

* adding empty test files

* updating return message

* New feature change the displayName of an alert (#68)

* Release Rename Alert rule function

* updating rename function

* Handle nextLink for Playbooks (#78)

When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents.

* adding support for alert aggregation (#65)

* adding support for alert aggregation, classes created

* updaing classes

* updated the class and created first rule wih no error

* update class and made import function backwards compatible

* small changes

* tested with import method

* updating new function

* checking working code, starting cleanup

* updating documentation

* updating docs and cleaning up

* updating build errors

* change pester version

* updating pester version

* Update groupingConfiguration.ps1 (#87)

* Fix bug that causes loss of certain incident properties, add option to set incident description (#91)

* Feature - Adding support for all alert rule types (#90)

* init release

* updating docs

Co-authored-by: PKhabazi <[email protected]>

* New Functionality to get alert rule templates provided by Microsoft (#94)

Co-authored-by: Antonio Ramirez <[email protected]>

* Update/get az sentinel alert rule templates (#95)

* udating Get-AzSentinelAlertRuleTemplates

* updated

Co-authored-by: PKhabazi <[email protected]>

* Feature/add az sentinel incident comment (#96)

* udating Get-AzSentinelAlertRuleTemplates

* updated

* fixing playbook issue

* Add-AzSentinelIncidentComment

* release

Co-authored-by: PKhabazi <[email protected]>

* fixing class error (#99)

* updating example files, ncluding multi rule yaml file (#104)

* Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102)

* fixing return issue

* fixing playbook issue

* init release Get-AzSentinelDataConnector function (#103)

* Fix - get-azsentinelhuntingrule updated get and remove function (#106)

* fixing hunitng rule get and remove issue

* cleaning up

* updating filters

* Add filtering by lastModified (#107)

* updating AggregationKind class and enum (#111)

* Release of Import-AzSentinelDataConnector function (#116)

* extra check for Import-AzSentinelDataConnector

* fixing class issue (#118)

* New function: Export-AzSentinel (#121)

* init code

* Release Export-AzSentinel and some small fixes/updates

* fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122)

* updating Get-AzSentinelAlertRule function and docs (#125)

* modified token expiration logic (#135)

Co-authored-by: John Crouch <[email protected]>

* fixing small issues (#136)

Co-authored-by: pemontto <[email protected]>
Co-authored-by: NVolcz <[email protected]>
Co-authored-by: stehod <[email protected]>
Co-authored-by: ThijsLecomte <[email protected]>
Co-authored-by: Jonathan Holtmann <[email protected]>
Co-authored-by: PKhabazi <[email protected]>
Co-authored-by: ramirezversion <[email protected]>
Co-authored-by: Antonio Ramirez <[email protected]>
Co-authored-by: John Crouch <[email protected]>
Co-authored-by: John Crouch <[email protected]>

* fixing issue when switching from subscription

* fixing subscription precheck issue

* restore

Co-authored-by: pemontto <[email protected]>
Co-authored-by: NVolcz <[email protected]>
Co-authored-by: stehod <[email protected]>
Co-authored-by: ThijsLecomte <[email protected]>
Co-authored-by: Jonathan Holtmann <[email protected]>
Co-authored-by: PKhabazi <[email protected]>
Co-authored-by: ramirezversion <[email protected]>
Co-authored-by: Antonio Ramirez <[email protected]>
Co-authored-by: John Crouch <[email protected]>
Co-authored-by: John Crouch <[email protected]>

* Fixing issue with Fusion rules (#143)

* MSSP Playbook (#142)

* !Deploy Release version 0.6.14 (#137)

* Release '0.6.2' (#31)

* updating get alert and hunting rule function

* updated error handling

* Create Get-PlayBook.ps1

* cleaning up

* Release Update Incident function (#37)

* init release update incident function

* cleaning up

* updating

* updating incident function

* code cleanup

* Cleaning up and ready for release

* updating final docs folder

* Release Feature playbook configuration (#33)

* updating get alert and hunting rule function

* updated error handling

* Create Get-PlayBook.ps1

* init release for playbook

* cleaning up

* finishing playbook

* adding get alert rule action function

* releasing get logic app function

* release new- az sen alert action and some codue update

* init release playbook function

* uppdated gitignore

* init release remove azsentinel action rule

* fixed compare issue

* Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook

* updating pester test result

* updating readme

* updating readme

* updated docs and pester test results

* restoring version

* Fix/smallconflicts (#40)

* updating docs

* updating examples

* updating pipeline

* fixing Subscribtion parameter for playbook (#43)

* fixing Subscribtion parameter for playbook (#45)

* Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50)

* fix huntng rule

* fixing hunting rule issue

* Fix - new-azsentinelalertrule playbook property  (#49)

* fixing the if statement

* fixing the if statement

* Feature - get all incidents (#51)

* updating get incident

* updating get incident function and docs

* updating  powershell-yaml

* updating importmodule error

* workaround

* removing powershell-yaml depending

* fixing logicapp sas token (#52)

* Add support for day time periods (#61)

* Add missing dot to yml file extension (#59)

The Import-AZSentinelAlertRule function is not able to import yml files due
to missing dot in the file extension.

* adding support for resource provider in set-azsentinel (#69)

* New function for enabling and disabling Alert rules (#71)

* init release enable and disable function

* adding empty test files

* updating return message

* New feature change the displayName of an alert (#68)

* Release Rename Alert rule function

* updating rename function

* Handle nextLink for Playbooks (#78)

When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents.

* adding support for alert aggregation (#65)

* adding support for alert aggregation, classes created

* updaing classes

* updated the class and created first rule wih no error

* update class and made import function backwards compatible

* small changes

* tested with import method

* updating new function

* checking working code, starting cleanup

* updating documentation

* updating docs and cleaning up

* updating build errors

* change pester version

* updating pester version

* Update groupingConfiguration.ps1 (#87)

* Fix bug that causes loss of certain incident properties, add option to set incident description (#91)

* Feature - Adding support for all alert rule types (#90)

* init release

* updating docs

Co-authored-by: PKhabazi <[email protected]>

* New Functionality to get alert rule templates provided by Microsoft (#94)

Co-authored-by: Antonio Ramirez <[email protected]>

* Update/get az sentinel alert rule templates (#95)

* udating Get-AzSentinelAlertRuleTemplates

* updated

Co-authored-by: PKhabazi <[email protected]>

* Feature/add az sentinel incident comment (#96)

* udating Get-AzSentinelAlertRuleTemplates

* updated

* fixing playbook issue

* Add-AzSentinelIncidentComment

* release

Co-authored-by: PKhabazi <[email protected]>

* fixing class error (#99)

* updating example files, ncluding multi rule yaml file (#104)

* Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102)

* fixing return issue

* fixing playbook issue

* init release Get-AzSentinelDataConnector function (#103)

* Fix - get-azsentinelhuntingrule updated get and remove function (#106)

* fixing hunitng rule get and remove issue

* cleaning up

* updating filters

* Add filtering by lastModified (#107)

* updating AggregationKind class and enum (#111)

* Release of Import-AzSentinelDataConnector function (#116)

* extra check for Import-AzSentinelDataConnector

* fixing class issue (#118)

* New function: Export-AzSentinel (#121)

* init code

* Release Export-AzSentinel and some small fixes/updates

* fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122)

* updating Get-AzSentinelAlertRule function and docs (#125)

* modified token expiration logic (#135)

Co-authored-by: John Crouch <[email protected]>

* fixing small issues (#136)

Co-authored-by: pemontto <[email protected]>
Co-authored-by: NVolcz <[email protected]>
Co-authored-by: stehod <[email protected]>
Co-authored-by: ThijsLecomte <[email protected]>
Co-authored-by: Jonathan Holtmann <[email protected]>
Co-authored-by: PKhabazi <[email protected]>
Co-authored-by: ramirezversion <[email protected]>
Co-authored-by: Antonio Ramirez <[email protected]>
Co-authored-by: John Crouch <[email protected]>
Co-authored-by: John Crouch <[email protected]>

* init test

* ready for release

Co-authored-by: pemontto <[email protected]>
Co-authored-by: NVolcz <[email protected]>
Co-authored-by: stehod <[email protected]>
Co-authored-by: ThijsLecomte <[email protected]>
Co-authored-by: Jonathan Holtmann <[email protected]>
Co-authored-by: PKhabazi <[email protected]>
Co-authored-by: ramirezversion <[email protected]>
Co-authored-by: Antonio Ramirez <[email protected]>
Co-authored-by: John Crouch <[email protected]>
Co-authored-by: John Crouch <[email protected]>

* fix bug 145

Co-authored-by: pemontto <[email protected]>
Co-authored-by: NVolcz <[email protected]>
Co-authored-by: stehod <[email protected]>
Co-authored-by: ThijsLecomte <[email protected]>
Co-authored-by: Jonathan Holtmann <[email protected]>
Co-authored-by: PKhabazi <[email protected]>
Co-authored-by: ramirezversion <[email protected]>
Co-authored-by: Antonio Ramirez <[email protected]>
Co-authored-by: John Crouch <[email protected]>
Co-authored-by: John Crouch <[email protected]>

* Prevent null reference of non-required argument; fixes #148

Co-authored-by: Pouyan Khabazi <[email protected]>
Co-authored-by: pemontto <[email protected]>
Co-authored-by: NVolcz <[email protected]>
Co-authored-by: stehod <[email protected]>
Co-authored-by: ThijsLecomte <[email protected]>
Co-authored-by: Jonathan Holtmann <[email protected]>
Co-authored-by: PKhabazi <[email protected]>
Co-authored-by: ramirezversion <[email protected]>
Co-authored-by: Antonio Ramirez <[email protected]>
Co-authored-by: John Crouch <[email protected]>
Co-authored-by: John Crouch <[email protected]>

* Add support for FileHash entity (#147)

* update enums folder name (#156)

* Updating alertrule output format (#157)

* adding support for AlertRuleTemplate property (#160)

* Follow official api schema (#162)

* Update groupingConfiguration.ps1

* Update Import-AzSentinelAlertRule.ps1

* Support importing raw rule configuration

This update makes it possible to import a rule without nesting it within "Scheduled", "analytics", "fusion", "MLBehaviorAnalytics" or "MicrosoftSecurityIncidentCreation"

* Update Import-AzSentinelAlertRule.ps1

* Update Import-AzSentinelAlertRule.ps1

Added backwards compatibility support, fix for non-nested settings files (row 133), and added some verbose logging.

* fixing playbook reference (#163)

* Add Office 365 Data Connector (#154)

Co-authored-by: pemontto <[email protected]>
Co-authored-by: NVolcz <[email protected]>
Co-authored-by: stehod <[email protected]>
Co-authored-by: ThijsLecomte <[email protected]>
Co-authored-by: Jonathan Holtmann <[email protected]>
Co-authored-by: PKhabazi <[email protected]>
Co-authored-by: ramirezversion <[email protected]>
Co-authored-by: Antonio Ramirez <[email protected]>
Co-authored-by: John Crouch <[email protected]>
Co-authored-by: John Crouch <[email protected]>
Co-authored-by: Luke Fritz <[email protected]>
Co-authored-by: Anton Wadström <[email protected]>
Co-authored-by: wez3 <[email protected]>
  • Loading branch information
@pkhabazi @pemontto
@NVolcz @stehod @ThijsLecomte @jholtmann @ramirezversion @john-crouch @lukiffer @wadstromtech @wez3
13 people authored Dec 30, 2020
1 parent 0f179eb commit 2ee2e9f
Show file tree
Hide file tree
Showing 2 changed files with 96 additions and 0 deletions.
88 changes: 88 additions & 0 deletions AzSentinel/Public/Import-AzSentinelDataConnector.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -193,6 +193,94 @@ function Import-AzSentinelDataConnector {
}
}

# Office365 connector
foreach ($item in $connectors.Office365) {
if (-Not (Get-Member -InputObject $item -Name "tenantId" -MemberType Properties)) {
Write-Error "TenantId missing"
break
}

if ($null -ne $enabledDataConnectors){
$office365 = $enabledDataConnectors | Where-Object { $_.kind -eq "Office365" -and $_.properties.tenantId -eq $item.tenantId }
}
else {
$office365
}
$skip = $false

if ($null -ne $office365) {
if ($office365) {
Write-Host "Office365 is already enabled on tenant '$($office365.properties.tenantId)'"
$skip = $true
}
else {
$connectorBody = @{
id = $office365.id
name = $office365.name
etag = $office365.etag
type = 'Microsoft.SecurityInsights/dataConnectors'
kind = 'Office365'
properties = @{
tenantId = $item.tenantId
dataTypes = @{
exchange = @{
state = $item.exchange_state
}
sharepoint = @{
state = $item.sharepoint_state
}
teams = @{
state = $item.teams_state
}
}
}
}
}
}
else {
$guid = (New-Guid).Guid

$connectorBody = @{
id = "$script:Workspace/providers/Microsoft.SecurityInsights/dataConnectors/$guid"
name = $guid
type = 'Microsoft.SecurityInsights/dataConnectors'
kind = 'Office365'
properties = @{
tenantId = $item.tenantId
dataTypes = @{
exchange = @{
state = $item.exchange_state
}
sharepoint = @{
state = $item.sharepoint_state
}
teams = @{
state = $item.teams_state
}
}
}
}
}

if ($skip -eq $false) {
# Enable or update Office365 with http put method
$uri = "$script:baseUri/providers/Microsoft.SecurityInsights/dataConnectors/$($connectorBody.name)?api-version=2020-01-01"

try {
$result = Invoke-webrequest -Uri $uri -Method Put -Headers $script:authHeader -Body ($connectorBody | ConvertTo-Json -Depth 4 -EnumsAsStrings)

Write-Host "Successfully enabled Office365 with status: $($result.StatusDescription) for tenant '$($item.tenantId)'"

}
catch {
$errorReturn = $_
$errorResult = ($errorReturn | ConvertFrom-Json ).error
Write-Verbose $_
Write-Error "Unable to invoke webrequest with error message: $($errorResult.message)" -ErrorAction Stop
}
}
}

#ThreatIntelligenceTaxii
foreach ($item in $connectors.ThreatIntelligenceTaxii) {
if ($enabledDataConnectors){
Expand Down
8 changes: 8 additions & 0 deletions examples/DataConnectors.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,14 @@
"subscriptionId": "ebdab2f1-0b79-4181-a70d-82f0ff39243e"
}
],
"Office365": [
{
"exchange_state": "Enabled",
"sharepoint_state": "Enabled",
"teams_state": "Enabled",
"tenantId": "ebdab2f1-0b79-4181-a70d-82f0ff39243e"
}
],
"ThreatIntelligenceTaxii": [
{
"friendlyName": "testserver",
Expand Down

0 comments on commit 2ee2e9f

Please sign in to comment.