Merge pull request #39 from f-bader/Fix-RelevantTechniques

f-bader · web-flow · commit 38e77ec49e26 · 2024-08-06T11:13:47.000+02:00
🐛 Rename techniques to relevantTechniques
diff --git a/README.md b/README.md
@@ -174,6 +174,9 @@ This way the following KQL query will be converted...
 
 ## Changelog
 
+### 2.4.2
+ * FIX: Arm to YAML used `techniques` instead of `relevantTechniques`
+
 ### 2.4.1
  * FIX: Handle error if `incidentConfiguration` section is missing from source YAML in `Convert-SentinelARYamlToArm` when using `-DisableIncidentCreation`
 
diff --git a/src/SentinelARConverter.psd1 b/src/SentinelARConverter.psd1
@@ -12,7 +12,7 @@
     RootModule        = 'SentinelARConverter.psm1'
 
     # Version number of this module.
-    ModuleVersion     = '2.4.1'
+    ModuleVersion     = '2.4.2'
 
     # Supported PSEditions
     # CompatiblePSEditions = @()
diff --git a/src/public/Convert-SentinelARArmToYaml.ps1 b/src/public/Convert-SentinelARArmToYaml.ps1
@@ -347,7 +347,7 @@ function Convert-SentinelARArmToYaml {
                     # We must merge all techniques since (relevant)techniques could contain values not preset in subTechniques
                     if ($PropertyName -like "*techniques") {
                         foreach ($value in $AnalyticsRule.$PropertyName) {
-                            $KeyName = "techniques"
+                            $KeyName = "relevantTechniques"
                             $technique = $value -replace "(T\d{4})\.\d{3}", '$1'
                             # Create an empty key
                             if ( -not $AnalyticsRuleCleaned.Contains($KeyName) ) {
diff --git a/tests/Convert-SentinelARArmToYaml.tests.ps1 b/tests/Convert-SentinelARArmToYaml.tests.ps1
@@ -133,8 +133,7 @@ Describe "Convert-SentinelARArmToYaml" {
         }
 
         BeforeEach {
-            $ARMTemplateContent = Get-Content -Path "TestDrive:/$ExampleFileName" -Raw
-            $ARMTemplateContent | Convert-SentinelARArmToYaml -OutFile $convertedExampleFilePath
+            Convert-SentinelARArmToYaml -Filename "TestDrive:/$ExampleFileName" -OutFile $convertedExampleFilePath
         }
 
         It "Properly converts the propertynames" {
@@ -589,7 +588,7 @@ Describe "Simple example tests" {
         It "Merged RelevantTechniques, SubTechniques and Techniques into single property" {
             $converted = Convert-SentinelARArmToYaml -Filename "TestDrive:/Content/TTPWithTacticsNTechniques.json" | ConvertFrom-Yaml
             $converted.subTechniques | Should -Be $null
-            $converted.Techniques -join ", " | Should -Be "T1078.003, T1078.004"
+            $converted.RelevantTechniques -join ", " | Should -Be "T1078.003, T1078.004"
         }
     }
 }
diff --git a/tests/examples/Scheduled.json b/tests/examples/Scheduled.json
@@ -1,4 +1,3 @@
-
 {
     "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
     "contentVersion": "1.0.0.0",
@@ -30,7 +29,9 @@
                 "tactics": [
                     "InitialAccess"
                 ],
-                "techniques": [],
+                "techniques": [
+                    "T1078"
+                ],
                 "alertRuleTemplateName": "2de8abd6-a613-450e-95ed-08e503369fb3",
                 "incidentConfiguration": {
                     "createIncident": true,
@@ -71,4 +72,4 @@
             }
         }
     ]
-}
+}

Original file line number	Diff line number	Diff line change
`@@ -133,8 +133,7 @@ Describe "Convert-SentinelARArmToYaml" {`
`133`	`133`	`}`
`134`	`134`
`135`	`135`	`BeforeEach {`
`136`		`- $ARMTemplateContent = Get-Content -Path "TestDrive:/$ExampleFileName" -Raw`
`137`		`- $ARMTemplateContent \| Convert-SentinelARArmToYaml -OutFile $convertedExampleFilePath`
	`136`	`+ Convert-SentinelARArmToYaml -Filename "TestDrive:/$ExampleFileName" -OutFile $convertedExampleFilePath`
`138`	`137`	`}`
`139`	`138`
`140`	`139`	`It "Properly converts the propertynames" {`
`@@ -589,7 +588,7 @@ Describe "Simple example tests" {`
`589`	`588`	`It "Merged RelevantTechniques, SubTechniques and Techniques into single property" {`
`590`	`589`	`$converted = Convert-SentinelARArmToYaml -Filename "TestDrive:/Content/TTPWithTacticsNTechniques.json" \| ConvertFrom-Yaml`
`591`	`590`	`$converted.subTechniques \| Should -Be $null`
`592`		`- $converted.Techniques -join ", " \| Should -Be "T1078.003, T1078.004"`
	`591`	`+ $converted.RelevantTechniques -join ", " \| Should -Be "T1078.003, T1078.004"`
`593`	`592`	`}`
`594`	`593`	`}`
`595`	`594`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,3 @@`
`1`		`-`
`2`	`1`	`{`
`3`	`2`	`"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",`
`4`	`3`	`"contentVersion": "1.0.0.0",`
`@@ -30,7 +29,9 @@`
`30`	`29`	`"tactics": [`
`31`	`30`	`"InitialAccess"`
`32`	`31`	`],`
`33`		`- "techniques": [],`
	`32`	`+ "techniques": [`
	`33`	`+ "T1078"`
	`34`	`+ ],`
`34`	`35`	`"alertRuleTemplateName": "2de8abd6-a613-450e-95ed-08e503369fb3",`
`35`	`36`	`"incidentConfiguration": {`
`36`	`37`	`"createIncident": true,`
`@@ -71,4 +72,4 @@`
`71`	`72`	`}`
`72`	`73`	`}`
`73`	`74`	`]`
`74`		`-}`
	`75`	`+}`