Filter rules by lastModified date #107

pemontto · 2020-09-25T08:57:03Z

Summary of the Pull Request

This PR adds an optional LastModified parameter to the Get-AzSentinelAlertRule function allowing users to filter for rules modified after a specified date/time.

The requirement for this was driven by our CI pipeline beginning to crawl when Sentinel rules get into the mid to high 100's. This PR filters rules before the code starts attempting to pull additional details for each rule (Get-AzSentinelAlertRuleAction).

PR Checklist

By submitting this pull request, I confirm the following:

please fill any appropriate checkboxes, e.g: [X]

Requires documentation to be updated
I've discussed this with core contributors already. If not checked, I'm ready to accept this work might be rejected in favor of a different grand plan. Issue number where discussion took place: #xxx
I have made only one major change in my proposed changes.
I have commented my proposed changes within the code.
I have tested my proposed changes, and have included unit tests where possible.
It is compatible with the MIT License
I have squashed any insignificant commits. (git rebase)

AzSentinel/Public/Get-AzSentinelAlertRule.ps1

pkhabazi · 2020-09-29T12:08:07Z

hi @pemontto thanks for your great contribution, looks really good! I have 2 small change proposal, please let me know how you think about it. can you also please update the branch from the origin development branch so that you have all the commits in your current branch. Thanks again for the great work!

pemontto · 2020-09-29T12:26:37Z

Have changed to the development branch also.

pkhabazi

Thanks for the update @pemontto , merging to dev for next release

* Release '0.6.2' (#31) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * cleaning up * Release Update Incident function (#37) * init release update incident function * cleaning up * updating * updating incident function * code cleanup * Cleaning up and ready for release * updating final docs folder * Release Feature playbook configuration (#33) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * init release for playbook * cleaning up * finishing playbook * adding get alert rule action function * releasing get logic app function * release new- az sen alert action and some codue update * init release playbook function * uppdated gitignore * init release remove azsentinel action rule * fixed compare issue * Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook * updating pester test result * updating readme * updating readme * updated docs and pester test results * restoring version * Fix/smallconflicts (#40) * updating docs * updating examples * updating pipeline * fixing Subscribtion parameter for playbook (#43) * fixing Subscribtion parameter for playbook (#45) * Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50) * fix huntng rule * fixing hunting rule issue * Fix - new-azsentinelalertrule playbook property (#49) * fixing the if statement * fixing the if statement * Feature - get all incidents (#51) * updating get incident * updating get incident function and docs * updating powershell-yaml * updating importmodule error * workaround * removing powershell-yaml depending * fixing logicapp sas token (#52) * Add support for day time periods (#61) * Add missing dot to yml file extension (#59) The Import-AZSentinelAlertRule function is not able to import yml files due to missing dot in the file extension. * adding support for resource provider in set-azsentinel (#69) * New function for enabling and disabling Alert rules (#71) * init release enable and disable function * adding empty test files * updating return message * New feature change the displayName of an alert (#68) * Release Rename Alert rule function * updating rename function * Handle nextLink for Playbooks (#78) When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents. * adding support for alert aggregation (#65) * adding support for alert aggregation, classes created * updaing classes * updated the class and created first rule wih no error * update class and made import function backwards compatible * small changes * tested with import method * updating new function * checking working code, starting cleanup * updating documentation * updating docs and cleaning up * updating build errors * change pester version * updating pester version * Update groupingConfiguration.ps1 (#87) * Fix bug that causes loss of certain incident properties, add option to set incident description (#91) * Feature - Adding support for all alert rule types (#90) * init release * updating docs Co-authored-by: Khabazi <rob5614@robeco.nl> * New Functionality to get alert rule templates provided by Microsoft (#94) Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> * Update/get az sentinel alert rule templates (#95) * udating Get-AzSentinelAlertRuleTemplates * updated Co-authored-by: Khabazi <rob5614@robeco.nl> * Feature/add az sentinel incident comment (#96) * udating Get-AzSentinelAlertRuleTemplates * updated * fixing playbook issue * Add-AzSentinelIncidentComment * release Co-authored-by: Khabazi <rob5614@robeco.nl> * fixing class error (#99) * updating example files, ncluding multi rule yaml file (#104) * Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102) * fixing return issue * fixing playbook issue * init release Get-AzSentinelDataConnector function (#103) * Fix - get-azsentinelhuntingrule updated get and remove function (#106) * fixing hunitng rule get and remove issue * cleaning up * updating filters * Add filtering by lastModified (#107) * updating AggregationKind class and enum (#111) Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com>

* Release '0.6.2' (#31) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * cleaning up * Release Update Incident function (#37) * init release update incident function * cleaning up * updating * updating incident function * code cleanup * Cleaning up and ready for release * updating final docs folder * Release Feature playbook configuration (#33) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * init release for playbook * cleaning up * finishing playbook * adding get alert rule action function * releasing get logic app function * release new- az sen alert action and some codue update * init release playbook function * uppdated gitignore * init release remove azsentinel action rule * fixed compare issue * Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook * updating pester test result * updating readme * updating readme * updated docs and pester test results * restoring version * Fix/smallconflicts (#40) * updating docs * updating examples * updating pipeline * fixing Subscribtion parameter for playbook (#43) * fixing Subscribtion parameter for playbook (#45) * Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50) * fix huntng rule * fixing hunting rule issue * Fix - new-azsentinelalertrule playbook property (#49) * fixing the if statement * fixing the if statement * Feature - get all incidents (#51) * updating get incident * updating get incident function and docs * updating powershell-yaml * updating importmodule error * workaround * removing powershell-yaml depending * fixing logicapp sas token (#52) * Add support for day time periods (#61) * Add missing dot to yml file extension (#59) The Import-AZSentinelAlertRule function is not able to import yml files due to missing dot in the file extension. * adding support for resource provider in set-azsentinel (#69) * New function for enabling and disabling Alert rules (#71) * init release enable and disable function * adding empty test files * updating return message * New feature change the displayName of an alert (#68) * Release Rename Alert rule function * updating rename function * Handle nextLink for Playbooks (#78) When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents. * adding support for alert aggregation (#65) * adding support for alert aggregation, classes created * updaing classes * updated the class and created first rule wih no error * update class and made import function backwards compatible * small changes * tested with import method * updating new function * checking working code, starting cleanup * updating documentation * updating docs and cleaning up * updating build errors * change pester version * updating pester version * Update groupingConfiguration.ps1 (#87) * Fix bug that causes loss of certain incident properties, add option to set incident description (#91) * Feature - Adding support for all alert rule types (#90) * init release * updating docs Co-authored-by: Khabazi <rob5614@robeco.nl> * New Functionality to get alert rule templates provided by Microsoft (#94) Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> * Update/get az sentinel alert rule templates (#95) * udating Get-AzSentinelAlertRuleTemplates * updated Co-authored-by: Khabazi <rob5614@robeco.nl> * Feature/add az sentinel incident comment (#96) * udating Get-AzSentinelAlertRuleTemplates * updated * fixing playbook issue * Add-AzSentinelIncidentComment * release Co-authored-by: Khabazi <rob5614@robeco.nl> * fixing class error (#99) * updating example files, ncluding multi rule yaml file (#104) * Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102) * fixing return issue * fixing playbook issue * init release Get-AzSentinelDataConnector function (#103) * Fix - get-azsentinelhuntingrule updated get and remove function (#106) * fixing hunitng rule get and remove issue * cleaning up * updating filters * Add filtering by lastModified (#107) * updating AggregationKind class and enum (#111) * Release of Import-AzSentinelDataConnector function (#116) * extra check for Import-AzSentinelDataConnector Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com>

* Release '0.6.2' (#31) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * cleaning up * Release Update Incident function (#37) * init release update incident function * cleaning up * updating * updating incident function * code cleanup * Cleaning up and ready for release * updating final docs folder * Release Feature playbook configuration (#33) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * init release for playbook * cleaning up * finishing playbook * adding get alert rule action function * releasing get logic app function * release new- az sen alert action and some codue update * init release playbook function * uppdated gitignore * init release remove azsentinel action rule * fixed compare issue * Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook * updating pester test result * updating readme * updating readme * updated docs and pester test results * restoring version * Fix/smallconflicts (#40) * updating docs * updating examples * updating pipeline * fixing Subscribtion parameter for playbook (#43) * fixing Subscribtion parameter for playbook (#45) * Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50) * fix huntng rule * fixing hunting rule issue * Fix - new-azsentinelalertrule playbook property (#49) * fixing the if statement * fixing the if statement * Feature - get all incidents (#51) * updating get incident * updating get incident function and docs * updating powershell-yaml * updating importmodule error * workaround * removing powershell-yaml depending * fixing logicapp sas token (#52) * Add support for day time periods (#61) * Add missing dot to yml file extension (#59) The Import-AZSentinelAlertRule function is not able to import yml files due to missing dot in the file extension. * adding support for resource provider in set-azsentinel (#69) * New function for enabling and disabling Alert rules (#71) * init release enable and disable function * adding empty test files * updating return message * New feature change the displayName of an alert (#68) * Release Rename Alert rule function * updating rename function * Handle nextLink for Playbooks (#78) When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents. * adding support for alert aggregation (#65) * adding support for alert aggregation, classes created * updaing classes * updated the class and created first rule wih no error * update class and made import function backwards compatible * small changes * tested with import method * updating new function * checking working code, starting cleanup * updating documentation * updating docs and cleaning up * updating build errors * change pester version * updating pester version * Update groupingConfiguration.ps1 (#87) * Fix bug that causes loss of certain incident properties, add option to set incident description (#91) * Feature - Adding support for all alert rule types (#90) * init release * updating docs Co-authored-by: Khabazi <rob5614@robeco.nl> * New Functionality to get alert rule templates provided by Microsoft (#94) Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> * Update/get az sentinel alert rule templates (#95) * udating Get-AzSentinelAlertRuleTemplates * updated Co-authored-by: Khabazi <rob5614@robeco.nl> * Feature/add az sentinel incident comment (#96) * udating Get-AzSentinelAlertRuleTemplates * updated * fixing playbook issue * Add-AzSentinelIncidentComment * release Co-authored-by: Khabazi <rob5614@robeco.nl> * fixing class error (#99) * updating example files, ncluding multi rule yaml file (#104) * Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102) * fixing return issue * fixing playbook issue * init release Get-AzSentinelDataConnector function (#103) * Fix - get-azsentinelhuntingrule updated get and remove function (#106) * fixing hunitng rule get and remove issue * cleaning up * updating filters * Add filtering by lastModified (#107) * updating AggregationKind class and enum (#111) * Release of Import-AzSentinelDataConnector function (#116) * extra check for Import-AzSentinelDataConnector * fixing class issue (#118) Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com>

* Release '0.6.2' (#31) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * cleaning up * Release Update Incident function (#37) * init release update incident function * cleaning up * updating * updating incident function * code cleanup * Cleaning up and ready for release * updating final docs folder * Release Feature playbook configuration (#33) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * init release for playbook * cleaning up * finishing playbook * adding get alert rule action function * releasing get logic app function * release new- az sen alert action and some codue update * init release playbook function * uppdated gitignore * init release remove azsentinel action rule * fixed compare issue * Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook * updating pester test result * updating readme * updating readme * updated docs and pester test results * restoring version * Fix/smallconflicts (#40) * updating docs * updating examples * updating pipeline * fixing Subscribtion parameter for playbook (#43) * fixing Subscribtion parameter for playbook (#45) * Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50) * fix huntng rule * fixing hunting rule issue * Fix - new-azsentinelalertrule playbook property (#49) * fixing the if statement * fixing the if statement * Feature - get all incidents (#51) * updating get incident * updating get incident function and docs * updating powershell-yaml * updating importmodule error * workaround * removing powershell-yaml depending * fixing logicapp sas token (#52) * Add support for day time periods (#61) * Add missing dot to yml file extension (#59) The Import-AZSentinelAlertRule function is not able to import yml files due to missing dot in the file extension. * adding support for resource provider in set-azsentinel (#69) * New function for enabling and disabling Alert rules (#71) * init release enable and disable function * adding empty test files * updating return message * New feature change the displayName of an alert (#68) * Release Rename Alert rule function * updating rename function * Handle nextLink for Playbooks (#78) When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents. * adding support for alert aggregation (#65) * adding support for alert aggregation, classes created * updaing classes * updated the class and created first rule wih no error * update class and made import function backwards compatible * small changes * tested with import method * updating new function * checking working code, starting cleanup * updating documentation * updating docs and cleaning up * updating build errors * change pester version * updating pester version * Update groupingConfiguration.ps1 (#87) * Fix bug that causes loss of certain incident properties, add option to set incident description (#91) * Feature - Adding support for all alert rule types (#90) * init release * updating docs Co-authored-by: Khabazi <rob5614@robeco.nl> * New Functionality to get alert rule templates provided by Microsoft (#94) Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> * Update/get az sentinel alert rule templates (#95) * udating Get-AzSentinelAlertRuleTemplates * updated Co-authored-by: Khabazi <rob5614@robeco.nl> * Feature/add az sentinel incident comment (#96) * udating Get-AzSentinelAlertRuleTemplates * updated * fixing playbook issue * Add-AzSentinelIncidentComment * release Co-authored-by: Khabazi <rob5614@robeco.nl> * fixing class error (#99) * updating example files, ncluding multi rule yaml file (#104) * Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102) * fixing return issue * fixing playbook issue * init release Get-AzSentinelDataConnector function (#103) * Fix - get-azsentinelhuntingrule updated get and remove function (#106) * fixing hunitng rule get and remove issue * cleaning up * updating filters * Add filtering by lastModified (#107) * updating AggregationKind class and enum (#111) * Release of Import-AzSentinelDataConnector function (#116) * extra check for Import-AzSentinelDataConnector * fixing class issue (#118) * New function: Export-AzSentinel (#121) * init code * Release Export-AzSentinel and some small fixes/updates * fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122) * updating Get-AzSentinelAlertRule function and docs (#125) Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com>

* Release '0.6.2' (#31) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * cleaning up * Release Update Incident function (#37) * init release update incident function * cleaning up * updating * updating incident function * code cleanup * Cleaning up and ready for release * updating final docs folder * Release Feature playbook configuration (#33) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * init release for playbook * cleaning up * finishing playbook * adding get alert rule action function * releasing get logic app function * release new- az sen alert action and some codue update * init release playbook function * uppdated gitignore * init release remove azsentinel action rule * fixed compare issue * Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook * updating pester test result * updating readme * updating readme * updated docs and pester test results * restoring version * Fix/smallconflicts (#40) * updating docs * updating examples * updating pipeline * fixing Subscribtion parameter for playbook (#43) * fixing Subscribtion parameter for playbook (#45) * Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50) * fix huntng rule * fixing hunting rule issue * Fix - new-azsentinelalertrule playbook property (#49) * fixing the if statement * fixing the if statement * Feature - get all incidents (#51) * updating get incident * updating get incident function and docs * updating powershell-yaml * updating importmodule error * workaround * removing powershell-yaml depending * fixing logicapp sas token (#52) * Add support for day time periods (#61) * Add missing dot to yml file extension (#59) The Import-AZSentinelAlertRule function is not able to import yml files due to missing dot in the file extension. * adding support for resource provider in set-azsentinel (#69) * New function for enabling and disabling Alert rules (#71) * init release enable and disable function * adding empty test files * updating return message * New feature change the displayName of an alert (#68) * Release Rename Alert rule function * updating rename function * Handle nextLink for Playbooks (#78) When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents. * adding support for alert aggregation (#65) * adding support for alert aggregation, classes created * updaing classes * updated the class and created first rule wih no error * update class and made import function backwards compatible * small changes * tested with import method * updating new function * checking working code, starting cleanup * updating documentation * updating docs and cleaning up * updating build errors * change pester version * updating pester version * Update groupingConfiguration.ps1 (#87) * Fix bug that causes loss of certain incident properties, add option to set incident description (#91) * Feature - Adding support for all alert rule types (#90) * init release * updating docs Co-authored-by: Khabazi <rob5614@robeco.nl> * New Functionality to get alert rule templates provided by Microsoft (#94) Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> * Update/get az sentinel alert rule templates (#95) * udating Get-AzSentinelAlertRuleTemplates * updated Co-authored-by: Khabazi <rob5614@robeco.nl> * Feature/add az sentinel incident comment (#96) * udating Get-AzSentinelAlertRuleTemplates * updated * fixing playbook issue * Add-AzSentinelIncidentComment * release Co-authored-by: Khabazi <rob5614@robeco.nl> * fixing class error (#99) * updating example files, ncluding multi rule yaml file (#104) * Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102) * fixing return issue * fixing playbook issue * init release Get-AzSentinelDataConnector function (#103) * Fix - get-azsentinelhuntingrule updated get and remove function (#106) * fixing hunitng rule get and remove issue * cleaning up * updating filters * Add filtering by lastModified (#107) * updating AggregationKind class and enum (#111) * Release of Import-AzSentinelDataConnector function (#116) * extra check for Import-AzSentinelDataConnector * fixing class issue (#118) * New function: Export-AzSentinel (#121) * init code * Release Export-AzSentinel and some small fixes/updates * fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122) * updating Get-AzSentinelAlertRule function and docs (#125) * Fixing loop error in export function Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com>

* Release '0.6.2' (#31) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * cleaning up * Release Update Incident function (#37) * init release update incident function * cleaning up * updating * updating incident function * code cleanup * Cleaning up and ready for release * updating final docs folder * Release Feature playbook configuration (#33) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * init release for playbook * cleaning up * finishing playbook * adding get alert rule action function * releasing get logic app function * release new- az sen alert action and some codue update * init release playbook function * uppdated gitignore * init release remove azsentinel action rule * fixed compare issue * Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook * updating pester test result * updating readme * updating readme * updated docs and pester test results * restoring version * Fix/smallconflicts (#40) * updating docs * updating examples * updating pipeline * fixing Subscribtion parameter for playbook (#43) * fixing Subscribtion parameter for playbook (#45) * Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50) * fix huntng rule * fixing hunting rule issue * Fix - new-azsentinelalertrule playbook property (#49) * fixing the if statement * fixing the if statement * Feature - get all incidents (#51) * updating get incident * updating get incident function and docs * updating powershell-yaml * updating importmodule error * workaround * removing powershell-yaml depending * fixing logicapp sas token (#52) * Add support for day time periods (#61) * Add missing dot to yml file extension (#59) The Import-AZSentinelAlertRule function is not able to import yml files due to missing dot in the file extension. * adding support for resource provider in set-azsentinel (#69) * New function for enabling and disabling Alert rules (#71) * init release enable and disable function * adding empty test files * updating return message * New feature change the displayName of an alert (#68) * Release Rename Alert rule function * updating rename function * Handle nextLink for Playbooks (#78) When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents. * adding support for alert aggregation (#65) * adding support for alert aggregation, classes created * updaing classes * updated the class and created first rule wih no error * update class and made import function backwards compatible * small changes * tested with import method * updating new function * checking working code, starting cleanup * updating documentation * updating docs and cleaning up * updating build errors * change pester version * updating pester version * Update groupingConfiguration.ps1 (#87) * Fix bug that causes loss of certain incident properties, add option to set incident description (#91) * Feature - Adding support for all alert rule types (#90) * init release * updating docs Co-authored-by: Khabazi <rob5614@robeco.nl> * New Functionality to get alert rule templates provided by Microsoft (#94) Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> * Update/get az sentinel alert rule templates (#95) * udating Get-AzSentinelAlertRuleTemplates * updated Co-authored-by: Khabazi <rob5614@robeco.nl> * Feature/add az sentinel incident comment (#96) * udating Get-AzSentinelAlertRuleTemplates * updated * fixing playbook issue * Add-AzSentinelIncidentComment * release Co-authored-by: Khabazi <rob5614@robeco.nl> * fixing class error (#99) * updating example files, ncluding multi rule yaml file (#104) * Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102) * fixing return issue * fixing playbook issue * init release Get-AzSentinelDataConnector function (#103) * Fix - get-azsentinelhuntingrule updated get and remove function (#106) * fixing hunitng rule get and remove issue * cleaning up * updating filters * Add filtering by lastModified (#107) * updating AggregationKind class and enum (#111) * Release of Import-AzSentinelDataConnector function (#116) * extra check for Import-AzSentinelDataConnector * fixing class issue (#118) * New function: Export-AzSentinel (#121) * init code * Release Export-AzSentinel and some small fixes/updates * fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122) * updating Get-AzSentinelAlertRule function and docs (#125) * modified token expiration logic (#135) Co-authored-by: John Crouch <john.crouch@summit7.us> * fixing small issues (#136) Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us>

* !Deploy Release version 0.6.14 (#137) * Release '0.6.2' (#31) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * cleaning up * Release Update Incident function (#37) * init release update incident function * cleaning up * updating * updating incident function * code cleanup * Cleaning up and ready for release * updating final docs folder * Release Feature playbook configuration (#33) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * init release for playbook * cleaning up * finishing playbook * adding get alert rule action function * releasing get logic app function * release new- az sen alert action and some codue update * init release playbook function * uppdated gitignore * init release remove azsentinel action rule * fixed compare issue * Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook * updating pester test result * updating readme * updating readme * updated docs and pester test results * restoring version * Fix/smallconflicts (#40) * updating docs * updating examples * updating pipeline * fixing Subscribtion parameter for playbook (#43) * fixing Subscribtion parameter for playbook (#45) * Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50) * fix huntng rule * fixing hunting rule issue * Fix - new-azsentinelalertrule playbook property (#49) * fixing the if statement * fixing the if statement * Feature - get all incidents (#51) * updating get incident * updating get incident function and docs * updating powershell-yaml * updating importmodule error * workaround * removing powershell-yaml depending * fixing logicapp sas token (#52) * Add support for day time periods (#61) * Add missing dot to yml file extension (#59) The Import-AZSentinelAlertRule function is not able to import yml files due to missing dot in the file extension. * adding support for resource provider in set-azsentinel (#69) * New function for enabling and disabling Alert rules (#71) * init release enable and disable function * adding empty test files * updating return message * New feature change the displayName of an alert (#68) * Release Rename Alert rule function * updating rename function * Handle nextLink for Playbooks (#78) When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents. * adding support for alert aggregation (#65) * adding support for alert aggregation, classes created * updaing classes * updated the class and created first rule wih no error * update class and made import function backwards compatible * small changes * tested with import method * updating new function * checking working code, starting cleanup * updating documentation * updating docs and cleaning up * updating build errors * change pester version * updating pester version * Update groupingConfiguration.ps1 (#87) * Fix bug that causes loss of certain incident properties, add option to set incident description (#91) * Feature - Adding support for all alert rule types (#90) * init release * updating docs Co-authored-by: Khabazi <rob5614@robeco.nl> * New Functionality to get alert rule templates provided by Microsoft (#94) Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> * Update/get az sentinel alert rule templates (#95) * udating Get-AzSentinelAlertRuleTemplates * updated Co-authored-by: Khabazi <rob5614@robeco.nl> * Feature/add az sentinel incident comment (#96) * udating Get-AzSentinelAlertRuleTemplates * updated * fixing playbook issue * Add-AzSentinelIncidentComment * release Co-authored-by: Khabazi <rob5614@robeco.nl> * fixing class error (#99) * updating example files, ncluding multi rule yaml file (#104) * Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102) * fixing return issue * fixing playbook issue * init release Get-AzSentinelDataConnector function (#103) * Fix - get-azsentinelhuntingrule updated get and remove function (#106) * fixing hunitng rule get and remove issue * cleaning up * updating filters * Add filtering by lastModified (#107) * updating AggregationKind class and enum (#111) * Release of Import-AzSentinelDataConnector function (#116) * extra check for Import-AzSentinelDataConnector * fixing class issue (#118) * New function: Export-AzSentinel (#121) * init code * Release Export-AzSentinel and some small fixes/updates * fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122) * updating Get-AzSentinelAlertRule function and docs (#125) * modified token expiration logic (#135) Co-authored-by: John Crouch <john.crouch@summit7.us> * fixing small issues (#136) Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * fixing issue when switching from subscription * fixing subscription precheck issue * restore Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us>

* !Deploy Release version 0.6.14 (#137) * Release '0.6.2' (#31) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * cleaning up * Release Update Incident function (#37) * init release update incident function * cleaning up * updating * updating incident function * code cleanup * Cleaning up and ready for release * updating final docs folder * Release Feature playbook configuration (#33) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * init release for playbook * cleaning up * finishing playbook * adding get alert rule action function * releasing get logic app function * release new- az sen alert action and some codue update * init release playbook function * uppdated gitignore * init release remove azsentinel action rule * fixed compare issue * Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook * updating pester test result * updating readme * updating readme * updated docs and pester test results * restoring version * Fix/smallconflicts (#40) * updating docs * updating examples * updating pipeline * fixing Subscribtion parameter for playbook (#43) * fixing Subscribtion parameter for playbook (#45) * Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50) * fix huntng rule * fixing hunting rule issue * Fix - new-azsentinelalertrule playbook property (#49) * fixing the if statement * fixing the if statement * Feature - get all incidents (#51) * updating get incident * updating get incident function and docs * updating powershell-yaml * updating importmodule error * workaround * removing powershell-yaml depending * fixing logicapp sas token (#52) * Add support for day time periods (#61) * Add missing dot to yml file extension (#59) The Import-AZSentinelAlertRule function is not able to import yml files due to missing dot in the file extension. * adding support for resource provider in set-azsentinel (#69) * New function for enabling and disabling Alert rules (#71) * init release enable and disable function * adding empty test files * updating return message * New feature change the displayName of an alert (#68) * Release Rename Alert rule function * updating rename function * Handle nextLink for Playbooks (#78) When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents. * adding support for alert aggregation (#65) * adding support for alert aggregation, classes created * updaing classes * updated the class and created first rule wih no error * update class and made import function backwards compatible * small changes * tested with import method * updating new function * checking working code, starting cleanup * updating documentation * updating docs and cleaning up * updating build errors * change pester version * updating pester version * Update groupingConfiguration.ps1 (#87) * Fix bug that causes loss of certain incident properties, add option to set incident description (#91) * Feature - Adding support for all alert rule types (#90) * init release * updating docs Co-authored-by: Khabazi <rob5614@robeco.nl> * New Functionality to get alert rule templates provided by Microsoft (#94) Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> * Update/get az sentinel alert rule templates (#95) * udating Get-AzSentinelAlertRuleTemplates * updated Co-authored-by: Khabazi <rob5614@robeco.nl> * Feature/add az sentinel incident comment (#96) * udating Get-AzSentinelAlertRuleTemplates * updated * fixing playbook issue * Add-AzSentinelIncidentComment * release Co-authored-by: Khabazi <rob5614@robeco.nl> * fixing class error (#99) * updating example files, ncluding multi rule yaml file (#104) * Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102) * fixing return issue * fixing playbook issue * init release Get-AzSentinelDataConnector function (#103) * Fix - get-azsentinelhuntingrule updated get and remove function (#106) * fixing hunitng rule get and remove issue * cleaning up * updating filters * Add filtering by lastModified (#107) * updating AggregationKind class and enum (#111) * Release of Import-AzSentinelDataConnector function (#116) * extra check for Import-AzSentinelDataConnector * fixing class issue (#118) * New function: Export-AzSentinel (#121) * init code * Release Export-AzSentinel and some small fixes/updates * fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122) * updating Get-AzSentinelAlertRule function and docs (#125) * modified token expiration logic (#135) Co-authored-by: John Crouch <john.crouch@summit7.us> * fixing small issues (#136) Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * init test * ready for release Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us>

* Release '0.6.2' (#31) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * cleaning up * Release Update Incident function (#37) * init release update incident function * cleaning up * updating * updating incident function * code cleanup * Cleaning up and ready for release * updating final docs folder * Release Feature playbook configuration (#33) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * init release for playbook * cleaning up * finishing playbook * adding get alert rule action function * releasing get logic app function * release new- az sen alert action and some codue update * init release playbook function * uppdated gitignore * init release remove azsentinel action rule * fixed compare issue * Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook * updating pester test result * updating readme * updating readme * updated docs and pester test results * restoring version * Fix/smallconflicts (#40) * updating docs * updating examples * updating pipeline * fixing Subscribtion parameter for playbook (#43) * fixing Subscribtion parameter for playbook (#45) * Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50) * fix huntng rule * fixing hunting rule issue * Fix - new-azsentinelalertrule playbook property (#49) * fixing the if statement * fixing the if statement * Feature - get all incidents (#51) * updating get incident * updating get incident function and docs * updating powershell-yaml * updating importmodule error * workaround * removing powershell-yaml depending * fixing logicapp sas token (#52) * Add support for day time periods (#61) * Add missing dot to yml file extension (#59) The Import-AZSentinelAlertRule function is not able to import yml files due to missing dot in the file extension. * adding support for resource provider in set-azsentinel (#69) * New function for enabling and disabling Alert rules (#71) * init release enable and disable function * adding empty test files * updating return message * New feature change the displayName of an alert (#68) * Release Rename Alert rule function * updating rename function * Handle nextLink for Playbooks (#78) When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents. * adding support for alert aggregation (#65) * adding support for alert aggregation, classes created * updaing classes * updated the class and created first rule wih no error * update class and made import function backwards compatible * small changes * tested with import method * updating new function * checking working code, starting cleanup * updating documentation * updating docs and cleaning up * updating build errors * change pester version * updating pester version * Update groupingConfiguration.ps1 (#87) * Fix bug that causes loss of certain incident properties, add option to set incident description (#91) * Feature - Adding support for all alert rule types (#90) * init release * updating docs Co-authored-by: Khabazi <rob5614@robeco.nl> * New Functionality to get alert rule templates provided by Microsoft (#94) Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> * Update/get az sentinel alert rule templates (#95) * udating Get-AzSentinelAlertRuleTemplates * updated Co-authored-by: Khabazi <rob5614@robeco.nl> * Feature/add az sentinel incident comment (#96) * udating Get-AzSentinelAlertRuleTemplates * updated * fixing playbook issue * Add-AzSentinelIncidentComment * release Co-authored-by: Khabazi <rob5614@robeco.nl> * fixing class error (#99) * updating example files, ncluding multi rule yaml file (#104) * Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102) * fixing return issue * fixing playbook issue * init release Get-AzSentinelDataConnector function (#103) * Fix - get-azsentinelhuntingrule updated get and remove function (#106) * fixing hunitng rule get and remove issue * cleaning up * updating filters * Add filtering by lastModified (#107) * updating AggregationKind class and enum (#111) * Release of Import-AzSentinelDataConnector function (#116) * extra check for Import-AzSentinelDataConnector * fixing class issue (#118) * New function: Export-AzSentinel (#121) * init code * Release Export-AzSentinel and some small fixes/updates * fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122) * updating Get-AzSentinelAlertRule function and docs (#125) * modified token expiration logic (#135) Co-authored-by: John Crouch <john.crouch@summit7.us> * fixing small issues (#136) * Fixing issue when switching from subscription (#140) * !Deploy Release version 0.6.14 (#137) * Release '0.6.2' (#31) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * cleaning up * Release Update Incident function (#37) * init release update incident function * cleaning up * updating * updating incident function * code cleanup * Cleaning up and ready for release * updating final docs folder * Release Feature playbook configuration (#33) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * init release for playbook * cleaning up * finishing playbook * adding get alert rule action function * releasing get logic app function * release new- az sen alert action and some codue update * init release playbook function * uppdated gitignore * init release remove azsentinel action rule * fixed compare issue * Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook * updating pester test result * updating readme * updating readme * updated docs and pester test results * restoring version * Fix/smallconflicts (#40) * updating docs * updating examples * updating pipeline * fixing Subscribtion parameter for playbook (#43) * fixing Subscribtion parameter for playbook (#45) * Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50) * fix huntng rule * fixing hunting rule issue * Fix - new-azsentinelalertrule playbook property (#49) * fixing the if statement * fixing the if statement * Feature - get all incidents (#51) * updating get incident * updating get incident function and docs * updating powershell-yaml * updating importmodule error * workaround * removing powershell-yaml depending * fixing logicapp sas token (#52) * Add support for day time periods (#61) * Add missing dot to yml file extension (#59) The Import-AZSentinelAlertRule function is not able to import yml files due to missing dot in the file extension. * adding support for resource provider in set-azsentinel (#69) * New function for enabling and disabling Alert rules (#71) * init release enable and disable function * adding empty test files * updating return message * New feature change the displayName of an alert (#68) * Release Rename Alert rule function * updating rename function * Handle nextLink for Playbooks (#78) When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents. * adding support for alert aggregation (#65) * adding support for alert aggregation, classes created * updaing classes * updated the class and created first rule wih no error * update class and made import function backwards compatible * small changes * tested with import method * updating new function * checking working code, starting cleanup * updating documentation * updating docs and cleaning up * updating build errors * change pester version * updating pester version * Update groupingConfiguration.ps1 (#87) * Fix bug that causes loss of certain incident properties, add option to set incident description (#91) * Feature - Adding support for all alert rule types (#90) * init release * updating docs Co-authored-by: Khabazi <rob5614@robeco.nl> * New Functionality to get alert rule templates provided by Microsoft (#94) Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> * Update/get az sentinel alert rule templates (#95) * udating Get-AzSentinelAlertRuleTemplates * updated Co-authored-by: Khabazi <rob5614@robeco.nl> * Feature/add az sentinel incident comment (#96) * udating Get-AzSentinelAlertRuleTemplates * updated * fixing playbook issue * Add-AzSentinelIncidentComment * release Co-authored-by: Khabazi <rob5614@robeco.nl> * fixing class error (#99) * updating example files, ncluding multi rule yaml file (#104) * Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102) * fixing return issue * fixing playbook issue * init release Get-AzSentinelDataConnector function (#103) * Fix - get-azsentinelhuntingrule updated get and remove function (#106) * fixing hunitng rule get and remove issue * cleaning up * updating filters * Add filtering by lastModified (#107) * updating AggregationKind class and enum (#111) * Release of Import-AzSentinelDataConnector function (#116) * extra check for Import-AzSentinelDataConnector * fixing class issue (#118) * New function: Export-AzSentinel (#121) * init code * Release Export-AzSentinel and some small fixes/updates * fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122) * updating Get-AzSentinelAlertRule function and docs (#125) * modified token expiration logic (#135) Co-authored-by: John Crouch <john.crouch@summit7.us> * fixing small issues (#136) Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * fixing issue when switching from subscription * fixing subscription precheck issue * restore Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * Fixing issue with Fusion rules (#143) * MSSP Playbook (#142) * !Deploy Release version 0.6.14 (#137) * Release '0.6.2' (#31) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * cleaning up * Release Update Incident function (#37) * init release update incident function * cleaning up * updating * updating incident function * code cleanup * Cleaning up and ready for release * updating final docs folder * Release Feature playbook configuration (#33) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * init release for playbook * cleaning up * finishing playbook * adding get alert rule action function * releasing get logic app function * release new- az sen alert action and some codue update * init release playbook function * uppdated gitignore * init release remove azsentinel action rule * fixed compare issue * Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook * updating pester test result * updating readme * updating readme * updated docs and pester test results * restoring version * Fix/smallconflicts (#40) * updating docs * updating examples * updating pipeline * fixing Subscribtion parameter for playbook (#43) * fixing Subscribtion parameter for playbook (#45) * Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50) * fix huntng rule * fixing hunting rule issue * Fix - new-azsentinelalertrule playbook property (#49) * fixing the if statement * fixing the if statement * Feature - get all incidents (#51) * updating get incident * updating get incident function and docs * updating powershell-yaml * updating importmodule error * workaround * removing powershell-yaml depending * fixing logicapp sas token (#52) * Add support for day time periods (#61) * Add missing dot to yml file extension (#59) The Import-AZSentinelAlertRule function is not able to import yml files due to missing dot in the file extension. * adding support for resource provider in set-azsentinel (#69) * New function for enabling and disabling Alert rules (#71) * init release enable and disable function * adding empty test files * updating return message * New feature change the displayName of an alert (#68) * Release Rename Alert rule function * updating rename function * Handle nextLink for Playbooks (#78) When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents. * adding support for alert aggregation (#65) * adding support for alert aggregation, classes created * updaing classes * updated the class and created first rule wih no error * update class and made import function backwards compatible * small changes * tested with import method * updating new function * checking working code, starting cleanup * updating documentation * updating docs and cleaning up * updating build errors * change pester version * updating pester version * Update groupingConfiguration.ps1 (#87) * Fix bug that causes loss of certain incident properties, add option to set incident description (#91) * Feature - Adding support for all alert rule types (#90) * init release * updating docs Co-authored-by: Khabazi <rob5614@robeco.nl> * New Functionality to get alert rule templates provided by Microsoft (#94) Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> * Update/get az sentinel alert rule templates (#95) * udating Get-AzSentinelAlertRuleTemplates * updated Co-authored-by: Khabazi <rob5614@robeco.nl> * Feature/add az sentinel incident comment (#96) * udating Get-AzSentinelAlertRuleTemplates * updated * fixing playbook issue * Add-AzSentinelIncidentComment * release Co-authored-by: Khabazi <rob5614@robeco.nl> * fixing class error (#99) * updating example files, ncluding multi rule yaml file (#104) * Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102) * fixing return issue * fixing playbook issue * init release Get-AzSentinelDataConnector function (#103) * Fix - get-azsentinelhuntingrule updated get and remove function (#106) * fixing hunitng rule get and remove issue * cleaning up * updating filters * Add filtering by lastModified (#107) * updating AggregationKind class and enum (#111) * Release of Import-AzSentinelDataConnector function (#116) * extra check for Import-AzSentinelDataConnector * fixing class issue (#118) * New function: Export-AzSentinel (#121) * init code * Release Export-AzSentinel and some small fixes/updates * fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122) * updating Get-AzSentinelAlertRule function and docs (#125) * modified token expiration logic (#135) Co-authored-by: John Crouch <john.crouch@summit7.us> * fixing small issues (#136) Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * init test * ready for release Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us>

* Release '0.6.2' (#31) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * cleaning up * Release Update Incident function (#37) * init release update incident function * cleaning up * updating * updating incident function * code cleanup * Cleaning up and ready for release * updating final docs folder * Release Feature playbook configuration (#33) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * init release for playbook * cleaning up * finishing playbook * adding get alert rule action function * releasing get logic app function * release new- az sen alert action and some codue update * init release playbook function * uppdated gitignore * init release remove azsentinel action rule * fixed compare issue * Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook * updating pester test result * updating readme * updating readme * updated docs and pester test results * restoring version * Fix/smallconflicts (#40) * updating docs * updating examples * updating pipeline * fixing Subscribtion parameter for playbook (#43) * fixing Subscribtion parameter for playbook (#45) * Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50) * fix huntng rule * fixing hunting rule issue * Fix - new-azsentinelalertrule playbook property (#49) * fixing the if statement * fixing the if statement * Feature - get all incidents (#51) * updating get incident * updating get incident function and docs * updating powershell-yaml * updating importmodule error * workaround * removing powershell-yaml depending * fixing logicapp sas token (#52) * Add support for day time periods (#61) * Add missing dot to yml file extension (#59) The Import-AZSentinelAlertRule function is not able to import yml files due to missing dot in the file extension. * adding support for resource provider in set-azsentinel (#69) * New function for enabling and disabling Alert rules (#71) * init release enable and disable function * adding empty test files * updating return message * New feature change the displayName of an alert (#68) * Release Rename Alert rule function * updating rename function * Handle nextLink for Playbooks (#78) When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents. * adding support for alert aggregation (#65) * adding support for alert aggregation, classes created * updaing classes * updated the class and created first rule wih no error * update class and made import function backwards compatible * small changes * tested with import method * updating new function * checking working code, starting cleanup * updating documentation * updating docs and cleaning up * updating build errors * change pester version * updating pester version * Update groupingConfiguration.ps1 (#87) * Fix bug that causes loss of certain incident properties, add option to set incident description (#91) * Feature - Adding support for all alert rule types (#90) * init release * updating docs Co-authored-by: Khabazi <rob5614@robeco.nl> * New Functionality to get alert rule templates provided by Microsoft (#94) Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> * Update/get az sentinel alert rule templates (#95) * udating Get-AzSentinelAlertRuleTemplates * updated Co-authored-by: Khabazi <rob5614@robeco.nl> * Feature/add az sentinel incident comment (#96) * udating Get-AzSentinelAlertRuleTemplates * updated * fixing playbook issue * Add-AzSentinelIncidentComment * release Co-authored-by: Khabazi <rob5614@robeco.nl> * fixing class error (#99) * updating example files, ncluding multi rule yaml file (#104) * Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102) * fixing return issue * fixing playbook issue * init release Get-AzSentinelDataConnector function (#103) * Fix - get-azsentinelhuntingrule updated get and remove function (#106) * fixing hunitng rule get and remove issue * cleaning up * updating filters * Add filtering by lastModified (#107) * updating AggregationKind class and enum (#111) * Release of Import-AzSentinelDataConnector function (#116) * extra check for Import-AzSentinelDataConnector * fixing class issue (#118) * New function: Export-AzSentinel (#121) * init code * Release Export-AzSentinel and some small fixes/updates * fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122) * updating Get-AzSentinelAlertRule function and docs (#125) * modified token expiration logic (#135) Co-authored-by: John Crouch <john.crouch@summit7.us> * fixing small issues (#136) * Fixing issue when switching from subscription (#140) * !Deploy Release version 0.6.14 (#137) * Release '0.6.2' (#31) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * cleaning up * Release Update Incident function (#37) * init release update incident function * cleaning up * updating * updating incident function * code cleanup * Cleaning up and ready for release * updating final docs folder * Release Feature playbook configuration (#33) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * init release for playbook * cleaning up * finishing playbook * adding get alert rule action function * releasing get logic app function * release new- az sen alert action and some codue update * init release playbook function * uppdated gitignore * init release remove azsentinel action rule * fixed compare issue * Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook * updating pester test result * updating readme * updating readme * updated docs and pester test results * restoring version * Fix/smallconflicts (#40) * updating docs * updating examples * updating pipeline * fixing Subscribtion parameter for playbook (#43) * fixing Subscribtion parameter for playbook (#45) * Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50) * fix huntng rule * fixing hunting rule issue * Fix - new-azsentinelalertrule playbook property (#49) * fixing the if statement * fixing the if statement * Feature - get all incidents (#51) * updating get incident * updating get incident function and docs * updating powershell-yaml * updating importmodule error * workaround * removing powershell-yaml depending * fixing logicapp sas token (#52) * Add support for day time periods (#61) * Add missing dot to yml file extension (#59) The Import-AZSentinelAlertRule function is not able to import yml files due to missing dot in the file extension. * adding support for resource provider in set-azsentinel (#69) * New function for enabling and disabling Alert rules (#71) * init release enable and disable function * adding empty test files * updating return message * New feature change the displayName of an alert (#68) * Release Rename Alert rule function * updating rename function * Handle nextLink for Playbooks (#78) When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents. * adding support for alert aggregation (#65) * adding support for alert aggregation, classes created * updaing classes * updated the class and created first rule wih no error * update class and made import function backwards compatible * small changes * tested with import method * updating new function * checking working code, starting cleanup * updating documentation * updating docs and cleaning up * updating build errors * change pester version * updating pester version * Update groupingConfiguration.ps1 (#87) * Fix bug that causes loss of certain incident properties, add option to set incident description (#91) * Feature - Adding support for all alert rule types (#90) * init release * updating docs Co-authored-by: Khabazi <rob5614@robeco.nl> * New Functionality to get alert rule templates provided by Microsoft (#94) Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> * Update/get az sentinel alert rule templates (#95) * udating Get-AzSentinelAlertRuleTemplates * updated Co-authored-by: Khabazi <rob5614@robeco.nl> * Feature/add az sentinel incident comment (#96) * udating Get-AzSentinelAlertRuleTemplates * updated * fixing playbook issue * Add-AzSentinelIncidentComment * release Co-authored-by: Khabazi <rob5614@robeco.nl> * fixing class error (#99) * updating example files, ncluding multi rule yaml file (#104) * Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102) * fixing return issue * fixing playbook issue * init release Get-AzSentinelDataConnector function (#103) * Fix - get-azsentinelhuntingrule updated get and remove function (#106) * fixing hunitng rule get and remove issue * cleaning up * updating filters * Add filtering by lastModified (#107) * updating AggregationKind class and enum (#111) * Release of Import-AzSentinelDataConnector function (#116) * extra check for Import-AzSentinelDataConnector * fixing class issue (#118) * New function: Export-AzSentinel (#121) * init code * Release Export-AzSentinel and some small fixes/updates * fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122) * updating Get-AzSentinelAlertRule function and docs (#125) * modified token expiration logic (#135) Co-authored-by: John Crouch <john.crouch@summit7.us> * fixing small issues (#136) Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * fixing issue when switching from subscription * fixing subscription precheck issue * restore Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * Fixing issue with Fusion rules (#143) * MSSP Playbook (#142) * !Deploy Release version 0.6.14 (#137) * Release '0.6.2' (#31) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * cleaning up * Release Update Incident function (#37) * init release update incident function * cleaning up * updating * updating incident function * code cleanup * Cleaning up and ready for release * updating final docs folder * Release Feature playbook configuration (#33) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * init release for playbook * cleaning up * finishing playbook * adding get alert rule action function * releasing get logic app function * release new- az sen alert action and some codue update * init release playbook function * uppdated gitignore * init release remove azsentinel action rule * fixed compare issue * Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook * updating pester test result * updating readme * updating readme * updated docs and pester test results * restoring version * Fix/smallconflicts (#40) * updating docs * updating examples * updating pipeline * fixing Subscribtion parameter for playbook (#43) * fixing Subscribtion parameter for playbook (#45) * Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50) * fix huntng rule * fixing hunting rule issue * Fix - new-azsentinelalertrule playbook property (#49) * fixing the if statement * fixing the if statement * Feature - get all incidents (#51) * updating get incident * updating get incident function and docs * updating powershell-yaml * updating importmodule error * workaround * removing powershell-yaml depending * fixing logicapp sas token (#52) * Add support for day time periods (#61) * Add missing dot to yml file extension (#59) The Import-AZSentinelAlertRule function is not able to import yml files due to missing dot in the file extension. * adding support for resource provider in set-azsentinel (#69) * New function for enabling and disabling Alert rules (#71) * init release enable and disable function * adding empty test files * updating return message * New feature change the displayName of an alert (#68) * Release Rename Alert rule function * updating rename function * Handle nextLink for Playbooks (#78) When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents. * adding support for alert aggregation (#65) * adding support for alert aggregation, classes created * updaing classes * updated the class and created first rule wih no error * update class and made import function backwards compatible * small changes * tested with import method * updating new function * checking working code, starting cleanup * updating documentation * updating docs and cleaning up * updating build errors * change pester version * updating pester version * Update groupingConfiguration.ps1 (#87) * Fix bug that causes loss of certain incident properties, add option to set incident description (#91) * Feature - Adding support for all alert rule types (#90) * init release * updating docs Co-authored-by: Khabazi <rob5614@robeco.nl> * New Functionality to get alert rule templates provided by Microsoft (#94) Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> * Update/get az sentinel alert rule templates (#95) * udating Get-AzSentinelAlertRuleTemplates * updated Co-authored-by: Khabazi <rob5614@robeco.nl> * Feature/add az sentinel incident comment (#96) * udating Get-AzSentinelAlertRuleTemplates * updated * fixing playbook issue * Add-AzSentinelIncidentComment * release Co-authored-by: Khabazi <rob5614@robeco.nl> * fixing class error (#99) * updating example files, ncluding multi rule yaml file (#104) * Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102) * fixing return issue * fixing playbook issue * init release Get-AzSentinelDataConnector function (#103) * Fix - get-azsentinelhuntingrule updated get and remove function (#106) * fixing hunitng rule get and remove issue * cleaning up * updating filters * Add filtering by lastModified (#107) * updating AggregationKind class and enum (#111) * Release of Import-AzSentinelDataConnector function (#116) * extra check for Import-AzSentinelDataConnector * fixing class issue (#118) * New function: Export-AzSentinel (#121) * init code * Release Export-AzSentinel and some small fixes/updates * fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122) * updating Get-AzSentinelAlertRule function and docs (#125) * modified token expiration logic (#135) Co-authored-by: John Crouch <john.crouch@summit7.us> * fixing small issues (#136) Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * init test * ready for release Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * fix bug 145 Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us>

* !Deploy Release Version 0.6.16 (#146) * Release '0.6.2' (#31) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * cleaning up * Release Update Incident function (#37) * init release update incident function * cleaning up * updating * updating incident function * code cleanup * Cleaning up and ready for release * updating final docs folder * Release Feature playbook configuration (#33) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * init release for playbook * cleaning up * finishing playbook * adding get alert rule action function * releasing get logic app function * release new- az sen alert action and some codue update * init release playbook function * uppdated gitignore * init release remove azsentinel action rule * fixed compare issue * Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook * updating pester test result * updating readme * updating readme * updated docs and pester test results * restoring version * Fix/smallconflicts (#40) * updating docs * updating examples * updating pipeline * fixing Subscribtion parameter for playbook (#43) * fixing Subscribtion parameter for playbook (#45) * Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50) * fix huntng rule * fixing hunting rule issue * Fix - new-azsentinelalertrule playbook property (#49) * fixing the if statement * fixing the if statement * Feature - get all incidents (#51) * updating get incident * updating get incident function and docs * updating powershell-yaml * updating importmodule error * workaround * removing powershell-yaml depending * fixing logicapp sas token (#52) * Add support for day time periods (#61) * Add missing dot to yml file extension (#59) The Import-AZSentinelAlertRule function is not able to import yml files due to missing dot in the file extension. * adding support for resource provider in set-azsentinel (#69) * New function for enabling and disabling Alert rules (#71) * init release enable and disable function * adding empty test files * updating return message * New feature change the displayName of an alert (#68) * Release Rename Alert rule function * updating rename function * Handle nextLink for Playbooks (#78) When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents. * adding support for alert aggregation (#65) * adding support for alert aggregation, classes created * updaing classes * updated the class and created first rule wih no error * update class and made import function backwards compatible * small changes * tested with import method * updating new function * checking working code, starting cleanup * updating documentation * updating docs and cleaning up * updating build errors * change pester version * updating pester version * Update groupingConfiguration.ps1 (#87) * Fix bug that causes loss of certain incident properties, add option to set incident description (#91) * Feature - Adding support for all alert rule types (#90) * init release * updating docs Co-authored-by: Khabazi <rob5614@robeco.nl> * New Functionality to get alert rule templates provided by Microsoft (#94) Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> * Update/get az sentinel alert rule templates (#95) * udating Get-AzSentinelAlertRuleTemplates * updated Co-authored-by: Khabazi <rob5614@robeco.nl> * Feature/add az sentinel incident comment (#96) * udating Get-AzSentinelAlertRuleTemplates * updated * fixing playbook issue * Add-AzSentinelIncidentComment * release Co-authored-by: Khabazi <rob5614@robeco.nl> * fixing class error (#99) * updating example files, ncluding multi rule yaml file (#104) * Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102) * fixing return issue * fixing playbook issue * init release Get-AzSentinelDataConnector function (#103) * Fix - get-azsentinelhuntingrule updated get and remove function (#106) * fixing hunitng rule get and remove issue * cleaning up * updating filters * Add filtering by lastModified (#107) * updating AggregationKind class and enum (#111) * Release of Import-AzSentinelDataConnector function (#116) * extra check for Import-AzSentinelDataConnector * fixing class issue (#118) * New function: Export-AzSentinel (#121) * init code * Release Export-AzSentinel and some small fixes/updates * fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122) * updating Get-AzSentinelAlertRule function and docs (#125) * modified token expiration logic (#135) Co-authored-by: John Crouch <john.crouch@summit7.us> * fixing small issues (#136) * Fixing issue when switching from subscription (#140) * !Deploy Release version 0.6.14 (#137) * Release '0.6.2' (#31) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * cleaning up * Release Update Incident function (#37) * init release update incident function * cleaning up * updating * updating incident function * code cleanup * Cleaning up and ready for release * updating final docs folder * Release Feature playbook configuration (#33) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * init release for playbook * cleaning up * finishing playbook * adding get alert rule action function * releasing get logic app function * release new- az sen alert action and some codue update * init release playbook function * uppdated gitignore * init release remove azsentinel action rule * fixed compare issue * Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook * updating pester test result * updating readme * updating readme * updated docs and pester test results * restoring version * Fix/smallconflicts (#40) * updating docs * updating examples * updating pipeline * fixing Subscribtion parameter for playbook (#43) * fixing Subscribtion parameter for playbook (#45) * Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50) * fix huntng rule * fixing hunting rule issue * Fix - new-azsentinelalertrule playbook property (#49) * fixing the if statement * fixing the if statement * Feature - get all incidents (#51) * updating get incident * updating get incident function and docs * updating powershell-yaml * updating importmodule error * workaround * removing powershell-yaml depending * fixing logicapp sas token (#52) * Add support for day time periods (#61) * Add missing dot to yml file extension (#59) The Import-AZSentinelAlertRule function is not able to import yml files due to missing dot in the file extension. * adding support for resource provider in set-azsentinel (#69) * New function for enabling and disabling Alert rules (#71) * init release enable and disable function * adding empty test files * updating return message * New feature change the displayName of an alert (#68) * Release Rename Alert rule function * updating rename function * Handle nextLink for Playbooks (#78) When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents. * adding support for alert aggregation (#65) * adding support for alert aggregation, classes created * updaing classes * updated the class and created first rule wih no error * update class and made import function backwards compatible * small changes * tested with import method * updating new function * checking working code, starting cleanup * updating documentation * updating docs and cleaning up * updating build errors * change pester version * updating pester version * Update groupingConfiguration.ps1 (#87) * Fix bug that causes loss of certain incident properties, add option to set incident description (#91) * Feature - Adding support for all alert rule types (#90) * init release * updating docs Co-authored-by: Khabazi <rob5614@robeco.nl> * New Functionality to get alert rule templates provided by Microsoft (#94) Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> * Update/get az sentinel alert rule templates (#95) * udating Get-AzSentinelAlertRuleTemplates * updated Co-authored-by: Khabazi <rob5614@robeco.nl> * Feature/add az sentinel incident comment (#96) * udating Get-AzSentinelAlertRuleTemplates * updated * fixing playbook issue * Add-AzSentinelIncidentComment * release Co-authored-by: Khabazi <rob5614@robeco.nl> * fixing class error (#99) * updating example files, ncluding multi rule yaml file (#104) * Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102) * fixing return issue * fixing playbook issue * init release Get-AzSentinelDataConnector function (#103) * Fix - get-azsentinelhuntingrule updated get and remove function (#106) * fixing hunitng rule get and remove issue * cleaning up * updating filters * Add filtering by lastModified (#107) * updating AggregationKind class and enum (#111) * Release of Import-AzSentinelDataConnector function (#116) * extra check for Import-AzSentinelDataConnector * fixing class issue (#118) * New function: Export-AzSentinel (#121) * init code * Release Export-AzSentinel and some small fixes/updates * fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122) * updating Get-AzSentinelAlertRule function and docs (#125) * modified token expiration logic (#135) Co-authored-by: John Crouch <john.crouch@summit7.us> * fixing small issues (#136) Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * fixing issue when switching from subscription * fixing subscription precheck issue * restore Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * Fixing issue with Fusion rules (#143) * MSSP Playbook (#142) * !Deploy Release version 0.6.14 (#137) * Release '0.6.2' (#31) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * cleaning up * Release Update Incident function (#37) * init release update incident function * cleaning up * updating * updating incident function * code cleanup * Cleaning up and ready for release * updating final docs folder * Release Feature playbook configuration (#33) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * init release for playbook * cleaning up * finishing playbook * adding get alert rule action function * releasing get logic app function * release new- az sen alert action and some codue update * init release playbook function * uppdated gitignore * init release remove azsentinel action rule * fixed compare issue * Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook * updating pester test result * updating readme * updating readme * updated docs and pester test results * restoring version * Fix/smallconflicts (#40) * updating docs * updating examples * updating pipeline * fixing Subscribtion parameter for playbook (#43) * fixing Subscribtion parameter for playbook (#45) * Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50) * fix huntng rule * fixing hunting rule issue * Fix - new-azsentinelalertrule playbook property (#49) * fixing the if statement * fixing the if statement * Feature - get all incidents (#51) * updating get incident * updating get incident function and docs * updating powershell-yaml * updating importmodule error * workaround * removing powershell-yaml depending * fixing logicapp sas token (#52) * Add support for day time periods (#61) * Add missing dot to yml file extension (#59) The Import-AZSentinelAlertRule function is not able to import yml files due to missing dot in the file extension. * adding support for resource provider in set-azsentinel (#69) * New function for enabling and disabling Alert rules (#71) * init release enable and disable function * adding empty test files * updating return message * New feature change the displayName of an alert (#68) * Release Rename Alert rule function * updating rename function * Handle nextLink for Playbooks (#78) When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents. * adding support for alert aggregation (#65) * adding support for alert aggregation, classes created * updaing classes * updated the class and created first rule wih no error * update class and made import function backwards compatible * small changes * tested with import method * updating new function * checking working code, starting cleanup * updating documentation * updating docs and cleaning up * updating build errors * change pester version * updating pester version * Update groupingConfiguration.ps1 (#87) * Fix bug that causes loss of certain incident properties, add option to set incident description (#91) * Feature - Adding support for all alert rule types (#90) * init release * updating docs Co-authored-by: Khabazi <rob5614@robeco.nl> * New Functionality to get alert rule templates provided by Microsoft (#94) Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> * Update/get az sentinel alert rule templates (#95) * udating Get-AzSentinelAlertRuleTemplates * updated Co-authored-by: Khabazi <rob5614@robeco.nl> * Feature/add az sentinel incident comment (#96) * udating Get-AzSentinelAlertRuleTemplates * updated * fixing playbook issue * Add-AzSentinelIncidentComment * release Co-authored-by: Khabazi <rob5614@robeco.nl> * fixing class error (#99) * updating example files, ncluding multi rule yaml file (#104) * Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102) * fixing return issue * fixing playbook issue * init release Get-AzSentinelDataConnector function (#103) * Fix - get-azsentinelhuntingrule updated get and remove function (#106) * fixing hunitng rule get and remove issue * cleaning up * updating filters * Add filtering by lastModified (#107) * updating AggregationKind class and enum (#111) * Release of Import-AzSentinelDataConnector function (#116) * extra check for Import-AzSentinelDataConnector * fixing class issue (#118) * New function: Export-AzSentinel (#121) * init code * Release Export-AzSentinel and some small fixes/updates * fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122) * updating Get-AzSentinelAlertRule function and docs (#125) * modified token expiration logic (#135) Co-authored-by: John Crouch <john.crouch@summit7.us> * fixing small issues (#136) Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * init test * ready for release Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * fix bug 145 Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * Prevent null reference of non-required argument; fixes #148 Co-authored-by: Pouyan Khabazi <pkhabazi@outlook.com> Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us>

* Release '0.6.2' (#31) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * cleaning up * Release Update Incident function (#37) * init release update incident function * cleaning up * updating * updating incident function * code cleanup * Cleaning up and ready for release * updating final docs folder * Release Feature playbook configuration (#33) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * init release for playbook * cleaning up * finishing playbook * adding get alert rule action function * releasing get logic app function * release new- az sen alert action and some codue update * init release playbook function * uppdated gitignore * init release remove azsentinel action rule * fixed compare issue * Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook * updating pester test result * updating readme * updating readme * updated docs and pester test results * restoring version * Fix/smallconflicts (#40) * updating docs * updating examples * updating pipeline * fixing Subscribtion parameter for playbook (#43) * fixing Subscribtion parameter for playbook (#45) * Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50) * fix huntng rule * fixing hunting rule issue * Fix - new-azsentinelalertrule playbook property (#49) * fixing the if statement * fixing the if statement * Feature - get all incidents (#51) * updating get incident * updating get incident function and docs * updating powershell-yaml * updating importmodule error * workaround * removing powershell-yaml depending * fixing logicapp sas token (#52) * Add support for day time periods (#61) * Add missing dot to yml file extension (#59) The Import-AZSentinelAlertRule function is not able to import yml files due to missing dot in the file extension. * adding support for resource provider in set-azsentinel (#69) * New function for enabling and disabling Alert rules (#71) * init release enable and disable function * adding empty test files * updating return message * New feature change the displayName of an alert (#68) * Release Rename Alert rule function * updating rename function * Handle nextLink for Playbooks (#78) When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents. * adding support for alert aggregation (#65) * adding support for alert aggregation, classes created * updaing classes * updated the class and created first rule wih no error * update class and made import function backwards compatible * small changes * tested with import method * updating new function * checking working code, starting cleanup * updating documentation * updating docs and cleaning up * updating build errors * change pester version * updating pester version * Update groupingConfiguration.ps1 (#87) * Fix bug that causes loss of certain incident properties, add option to set incident description (#91) * Feature - Adding support for all alert rule types (#90) * init release * updating docs Co-authored-by: Khabazi <rob5614@robeco.nl> * New Functionality to get alert rule templates provided by Microsoft (#94) Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> * Update/get az sentinel alert rule templates (#95) * udating Get-AzSentinelAlertRuleTemplates * updated Co-authored-by: Khabazi <rob5614@robeco.nl> * Feature/add az sentinel incident comment (#96) * udating Get-AzSentinelAlertRuleTemplates * updated * fixing playbook issue * Add-AzSentinelIncidentComment * release Co-authored-by: Khabazi <rob5614@robeco.nl> * fixing class error (#99) * updating example files, ncluding multi rule yaml file (#104) * Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102) * fixing return issue * fixing playbook issue * init release Get-AzSentinelDataConnector function (#103) * Fix - get-azsentinelhuntingrule updated get and remove function (#106) * fixing hunitng rule get and remove issue * cleaning up * updating filters * Add filtering by lastModified (#107) * updating AggregationKind class and enum (#111) * Release of Import-AzSentinelDataConnector function (#116) * extra check for Import-AzSentinelDataConnector * fixing class issue (#118) * New function: Export-AzSentinel (#121) * init code * Release Export-AzSentinel and some small fixes/updates * fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122) * updating Get-AzSentinelAlertRule function and docs (#125) * modified token expiration logic (#135) Co-authored-by: John Crouch <john.crouch@summit7.us> * fixing small issues (#136) * Fixing issue when switching from subscription (#140) * !Deploy Release version 0.6.14 (#137) * Release '0.6.2' (#31) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * cleaning up * Release Update Incident function (#37) * init release update incident function * cleaning up * updating * updating incident function * code cleanup * Cleaning up and ready for release * updating final docs folder * Release Feature playbook configuration (#33) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * init release for playbook * cleaning up * finishing playbook * adding get alert rule action function * releasing get logic app function * release new- az sen alert action and some codue update * init release playbook function * uppdated gitignore * init release remove azsentinel action rule * fixed compare issue * Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook * updating pester test result * updating readme * updating readme * updated docs and pester test results * restoring version * Fix/smallconflicts (#40) * updating docs * updating examples * updating pipeline * fixing Subscribtion parameter for playbook (#43) * fixing Subscribtion parameter for playbook (#45) * Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50) * fix huntng rule * fixing hunting rule issue * Fix - new-azsentinelalertrule playbook property (#49) * fixing the if statement * fixing the if statement * Feature - get all incidents (#51) * updating get incident * updating get incident function and docs * updating powershell-yaml * updating importmodule error * workaround * removing powershell-yaml depending * fixing logicapp sas token (#52) * Add support for day time periods (#61) * Add missing dot to yml file extension (#59) The Import-AZSentinelAlertRule function is not able to import yml files due to missing dot in the file extension. * adding support for resource provider in set-azsentinel (#69) * New function for enabling and disabling Alert rules (#71) * init release enable and disable function * adding empty test files * updating return message * New feature change the displayName of an alert (#68) * Release Rename Alert rule function * updating rename function * Handle nextLink for Playbooks (#78) When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents. * adding support for alert aggregation (#65) * adding support for alert aggregation, classes created * updaing classes * updated the class and created first rule wih no error * update class and made import function backwards compatible * small changes * tested with import method * updating new function * checking working code, starting cleanup * updating documentation * updating docs and cleaning up * updating build errors * change pester version * updating pester version * Update groupingConfiguration.ps1 (#87) * Fix bug that causes loss of certain incident properties, add option to set incident description (#91) * Feature - Adding support for all alert rule types (#90) * init release * updating docs Co-authored-by: Khabazi <rob5614@robeco.nl> * New Functionality to get alert rule templates provided by Microsoft (#94) Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> * Update/get az sentinel alert rule templates (#95) * udating Get-AzSentinelAlertRuleTemplates * updated Co-authored-by: Khabazi <rob5614@robeco.nl> * Feature/add az sentinel incident comment (#96) * udating Get-AzSentinelAlertRuleTemplates * updated * fixing playbook issue * Add-AzSentinelIncidentComment * release Co-authored-by: Khabazi <rob5614@robeco.nl> * fixing class error (#99) * updating example files, ncluding multi rule yaml file (#104) * Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102) * fixing return issue * fixing playbook issue * init release Get-AzSentinelDataConnector function (#103) * Fix - get-azsentinelhuntingrule updated get and remove function (#106) * fixing hunitng rule get and remove issue * cleaning up * updating filters * Add filtering by lastModified (#107) * updating AggregationKind class and enum (#111) * Release of Import-AzSentinelDataConnector function (#116) * extra check for Import-AzSentinelDataConnector * fixing class issue (#118) * New function: Export-AzSentinel (#121) * init code * Release Export-AzSentinel and some small fixes/updates * fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122) * updating Get-AzSentinelAlertRule function and docs (#125) * modified token expiration logic (#135) Co-authored-by: John Crouch <john.crouch@summit7.us> * fixing small issues (#136) Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * fixing issue when switching from subscription * fixing subscription precheck issue * restore Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * Fixing issue with Fusion rules (#143) * MSSP Playbook (#142) * !Deploy Release version 0.6.14 (#137) * Release '0.6.2' (#31) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * cleaning up * Release Update Incident function (#37) * init release update incident function * cleaning up * updating * updating incident function * code cleanup * Cleaning up and ready for release * updating final docs folder * Release Feature playbook configuration (#33) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * init release for playbook * cleaning up * finishing playbook * adding get alert rule action function * releasing get logic app function * release new- az sen alert action and some codue update * init release playbook function * uppdated gitignore * init release remove azsentinel action rule * fixed compare issue * Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook * updating pester test result * updating readme * updating readme * updated docs and pester test results * restoring version * Fix/smallconflicts (#40) * updating docs * updating examples * updating pipeline * fixing Subscribtion parameter for playbook (#43) * fixing Subscribtion parameter for playbook (#45) * Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50) * fix huntng rule * fixing hunting rule issue * Fix - new-azsentinelalertrule playbook property (#49) * fixing the if statement * fixing the if statement * Feature - get all incidents (#51) * updating get incident * updating get incident function and docs * updating powershell-yaml * updating importmodule error * workaround * removing powershell-yaml depending * fixing logicapp sas token (#52) * Add support for day time periods (#61) * Add missing dot to yml file extension (#59) The Import-AZSentinelAlertRule function is not able to import yml files due to missing dot in the file extension. * adding support for resource provider in set-azsentinel (#69) * New function for enabling and disabling Alert rules (#71) * init release enable and disable function * adding empty test files * updating return message * New feature change the displayName of an alert (#68) * Release Rename Alert rule function * updating rename function * Handle nextLink for Playbooks (#78) When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents. * adding support for alert aggregation (#65) * adding support for alert aggregation, classes created * updaing classes * updated the class and created first rule wih no error * update class and made import function backwards compatible * small changes * tested with import method * updating new function * checking working code, starting cleanup * updating documentation * updating docs and cleaning up * updating build errors * change pester version * updating pester version * Update groupingConfiguration.ps1 (#87) * Fix bug that causes loss of certain incident properties, add option to set incident description (#91) * Feature - Adding support for all alert rule types (#90) * init release * updating docs Co-authored-by: Khabazi <rob5614@robeco.nl> * New Functionality to get alert rule templates provided by Microsoft (#94) Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> * Update/get az sentinel alert rule templates (#95) * udating Get-AzSentinelAlertRuleTemplates * updated Co-authored-by: Khabazi <rob5614@robeco.nl> * Feature/add az sentinel incident comment (#96) * udating Get-AzSentinelAlertRuleTemplates * updated * fixing playbook issue * Add-AzSentinelIncidentComment * release Co-authored-by: Khabazi <rob5614@robeco.nl> * fixing class error (#99) * updating example files, ncluding multi rule yaml file (#104) * Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102) * fixing return issue * fixing playbook issue * init release Get-AzSentinelDataConnector function (#103) * Fix - get-azsentinelhuntingrule updated get and remove function (#106) * fixing hunitng rule get and remove issue * cleaning up * updating filters * Add filtering by lastModified (#107) * updating AggregationKind class and enum (#111) * Release of Import-AzSentinelDataConnector function (#116) * extra check for Import-AzSentinelDataConnector * fixing class issue (#118) * New function: Export-AzSentinel (#121) * init code * Release Export-AzSentinel and some small fixes/updates * fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122) * updating Get-AzSentinelAlertRule function and docs (#125) * modified token expiration logic (#135) Co-authored-by: John Crouch <john.crouch@summit7.us> * fixing small issues (#136) Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * init test * ready for release Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * Prevent null reference of non-required argument; fixes #148 (#149) * !Deploy Release Version 0.6.16 (#146) * Release '0.6.2' (#31) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * cleaning up * Release Update Incident function (#37) * init release update incident function * cleaning up * updating * updating incident function * code cleanup * Cleaning up and ready for release * updating final docs folder * Release Feature playbook configuration (#33) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * init release for playbook * cleaning up * finishing playbook * adding get alert rule action function * releasing get logic app function * release new- az sen alert action and some codue update * init release playbook function * uppdated gitignore * init release remove azsentinel action rule * fixed compare issue * Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook * updating pester test result * updating readme * updating readme * updated docs and pester test results * restoring version * Fix/smallconflicts (#40) * updating docs * updating examples * updating pipeline * fixing Subscribtion parameter for playbook (#43) * fixing Subscribtion parameter for playbook (#45) * Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50) * fix huntng rule * fixing hunting rule issue * Fix - new-azsentinelalertrule playbook property (#49) * fixing the if statement * fixing the if statement * Feature - get all incidents (#51) * updating get incident * updating get incident function and docs * updating powershell-yaml * updating importmodule error * workaround * removing powershell-yaml depending * fixing logicapp sas token (#52) * Add support for day time periods (#61) * Add missing dot to yml file extension (#59) The Import-AZSentinelAlertRule function is not able to import yml files due to missing dot in the file extension. * adding support for resource provider in set-azsentinel (#69) * New function for enabling and disabling Alert rules (#71) * init release enable and disable function * adding empty test files * updating return message * New feature change the displayName of an alert (#68) * Release Rename Alert rule function * updating rename function * Handle nextLink for Playbooks (#78) When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents. * adding support for alert aggregation (#65) * adding support for alert aggregation, classes created * updaing classes * updated the class and created first rule wih no error * update class and made import function backwards compatible * small changes * tested with import method * updating new function * checking working code, starting cleanup * updating documentation * updating docs and cleaning up * updating build errors * change pester version * updating pester version * Update groupingConfiguration.ps1 (#87) * Fix bug that causes loss of certain incident properties, add option to set incident description (#91) * Feature - Adding support for all alert rule types (#90) * init release * updating docs Co-authored-by: Khabazi <rob5614@robeco.nl> * New Functionality to get alert rule templates provided by Microsoft (#94) Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> * Update/get az sentinel alert rule templates (#95) * udating Get-AzSentinelAlertRuleTemplates * updated Co-authored-by: Khabazi <rob5614@robeco.nl> * Feature/add az sentinel incident comment (#96) * udating Get-AzSentinelAlertRuleTemplates * updated * fixing playbook issue * Add-AzSentinelIncidentComment * release Co-authored-by: Khabazi <rob5614@robeco.nl> * fixing class error (#99) * updating example files, ncluding multi rule yaml file (#104) * Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102) * fixing return issue * fixing playbook issue * init release Get-AzSentinelDataConnector function (#103) * Fix - get-azsentinelhuntingrule updated get and remove function (#106) * fixing hunitng rule get and remove issue * cleaning up * updating filters * Add filtering by lastModified (#107) * updating AggregationKind class and enum (#111) * Release of Import-AzSentinelDataConnector function (#116) * extra check for Import-AzSentinelDataConnector * fixing class issue (#118) * New function: Export-AzSentinel (#121) * init code * Release Export-AzSentinel and some small fixes/updates * fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122) * updating Get-AzSentinelAlertRule function and docs (#125) * modified token expiration logic (#135) Co-authored-by: John Crouch <john.crouch@summit7.us> * fixing small issues (#136) * Fixing issue when switching from subscription (#140) * !Deploy Release version 0.6.14 (#137) * Release '0.6.2' (#31) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * cleaning up * Release Update Incident function (#37) * init release update incident function * cleaning up * updating * updating incident function * code cleanup * Cleaning up and ready for release * updating final docs folder * Release Feature playbook configuration (#33) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * init release for playbook * cleaning up * finishing playbook * adding get alert rule action function * releasing get logic app function * release new- az sen alert action and some codue update * init release playbook function * uppdated gitignore * init release remove azsentinel action rule * fixed compare issue * Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook * updating pester test result * updating readme * updating readme * updated docs and pester test results * restoring version * Fix/smallconflicts (#40) * updating docs * updating examples * updating pipeline * fixing Subscribtion parameter for playbook (#43) * fixing Subscribtion parameter for playbook (#45) * Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50) * fix huntng rule * fixing hunting rule issue * Fix - new-azsentinelalertrule playbook property (#49) * fixing the if statement * fixing the if statement * Feature - get all incidents (#51) * updating get incident * updating get incident function and docs * updating powershell-yaml * updating importmodule error * workaround * removing powershell-yaml depending * fixing logicapp sas token (#52) * Add support for day time periods (#61) * Add missing dot to yml file extension (#59) The Import-AZSentinelAlertRule function is not able to import yml files due to missing dot in the file extension. * adding support for resource provider in set-azsentinel (#69) * New function for enabling and disabling Alert rules (#71) * init release enable and disable function * adding empty test files * updating return message * New feature change the displayName of an alert (#68) * Release Rename Alert rule function * updating rename function * Handle nextLink for Playbooks (#78) When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents. * adding support for alert aggregation (#65) * adding support for alert aggregation, classes created * updaing classes * updated the class and created first rule wih no error * update class and made import function backwards compatible * small changes * tested with import method * updating new function * checking working code, starting cleanup * updating documentation * updating docs and cleaning up * updating build errors * change pester version * updating pester version * Update groupingConfiguration.ps1 (#87) * Fix bug that causes loss of certain incident properties, add option to set incident description (#91) * Feature - Adding support for all alert rule types (#90) * init release * updating docs Co-authored-by: Khabazi <rob5614@robeco.nl> * New Functionality to get alert rule templates provided by Microsoft (#94) Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> * Update/get az sentinel alert rule templates (#95) * udating Get-AzSentinelAlertRuleTemplates * updated Co-authored-by: Khabazi <rob5614@robeco.nl> * Feature/add az sentinel incident comment (#96) * udating Get-AzSentinelAlertRuleTemplates * updated * fixing playbook issue * Add-AzSentinelIncidentComment * release Co-authored-by: Khabazi <rob5614@robeco.nl> * fixing class error (#99) * updating example files, ncluding multi rule yaml file (#104) * Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102) * fixing return issue * fixing playbook issue * init release Get-AzSentinelDataConnector function (#103) * Fix - get-azsentinelhuntingrule updated get and remove function (#106) * fixing hunitng rule get and remove issue * cleaning up * updating filters * Add filtering by lastModified (#107) * updating AggregationKind class and enum (#111) * Release of Import-AzSentinelDataConnector function (#116) * extra check for Import-AzSentinelDataConnector * fixing class issue (#118) * New function: Export-AzSentinel (#121) * init code * Release Export-AzSentinel and some small fixes/updates * fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122) * updating Get-AzSentinelAlertRule function and docs (#125) * modified token expiration logic (#135) Co-authored-by: John Crouch <john.crouch@summit7.us> * fixing small issues (#136) Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * fixing issue when switching from subscription * fixing subscription precheck issue * restore Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * Fixing issue with Fusion rules (#143) * MSSP Playbook (#142) * !Deploy Release version 0.6.14 (#137) * Release '0.6.2' (#31) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * cleaning up * Release Update Incident function (#37) * init release update incident function * cleaning up * updating * updating incident function * code cleanup * Cleaning up and ready for release * updating final docs folder * Release Feature playbook configuration (#33) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * init release for playbook * cleaning up * finishing playbook * adding get alert rule action function * releasing get logic app function * release new- az sen alert action and some codue update * init release playbook function * uppdated gitignore * init release remove azsentinel action rule * fixed compare issue * Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook * updating pester test result * updating readme * updating readme * updated docs and pester test results * restoring version * Fix/smallconflicts (#40) * updating docs * updating examples * updating pipeline * fixing Subscribtion parameter for playbook (#43) * fixing Subscribtion parameter for playbook (#45) * Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50) * fix huntng rule * fixing hunting rule issue * Fix - new-azsentinelalertrule playbook property (#49) * fixing the if statement * fixing the if statement * Feature - get all incidents (#51) * updating get incident * updating get incident function and docs * updating powershell-yaml * updating importmodule error * workaround * removing powershell-yaml depending * fixing logicapp sas token (#52) * Add support for day time periods (#61) * Add missing dot to yml file extension (#59) The Import-AZSentinelAlertRule function is not able to import yml files due to missing dot in the file extension. * adding support for resource provider in set-azsentinel (#69) * New function for enabling and disabling Alert rules (#71) * init release enable and disable function * adding empty test files * updating return message * New feature change the displayName of an alert (#68) * Release Rename Alert rule function * updating rename function * Handle nextLink for Playbooks (#78) When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents. * adding support for alert aggregation (#65) * adding support for alert aggregation, classes created * updaing classes * updated the class and created first rule wih no error * update class and made import function backwards compatible * small changes * tested with import method * updating new function * checking working code, starting cleanup * updating documentation * updating docs and cleaning up * updating build errors * change pester version * updating pester version * Update groupingConfiguration.ps1 (#87) * Fix bug that causes loss of certain incident properties, add option to set incident description (#91) * Feature - Adding support for all alert rule types (#90) * init release * updating docs Co-authored-by: Khabazi <rob5614@robeco.nl> * New Functionality to get alert rule templates provided by Microsoft (#94) Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> * Update/get az sentinel alert rule templates (#95) * udating Get-AzSentinelAlertRuleTemplates * updated Co-authored-by: Khabazi <rob5614@robeco.nl> * Feature/add az sentinel incident comment (#96) * udating Get-AzSentinelAlertRuleTemplates * updated * fixing playbook issue * Add-AzSentinelIncidentComment * release Co-authored-by: Khabazi <rob5614@robeco.nl> * fixing class error (#99) * updating example files, ncluding multi rule yaml file (#104) * Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102) * fixing return issue * fixing playbook issue * init release Get-AzSentinelDataConnector function (#103) * Fix - get-azsentinelhuntingrule updated get and remove function (#106) * fixing hunitng rule get and remove issue * cleaning up * updating filters * Add filtering by lastModified (#107) * updating AggregationKind class and enum (#111) * Release of Import-AzSentinelDataConnector function (#116) * extra check for Import-AzSentinelDataConnector * fixing class issue (#118) * New function: Export-AzSentinel (#121) * init code * Release Export-AzSentinel and some small fixes/updates * fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122) * updating Get-AzSentinelAlertRule function and docs (#125) * modified token expiration logic (#135) Co-authored-by: John Crouch <john.crouch@summit7.us> * fixing small issues (#136) Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * init test * ready for release Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * fix bug 145 Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * Prevent null reference of non-required argument; fixes #148 Co-authored-by: Pouyan Khabazi <pkhabazi@outlook.com> Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * Add support for FileHash entity (#147) * update enums folder name (#156) Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> Co-authored-by: Luke Fritz <lukefritz@gmail.com>

* Release '0.6.2' (#31) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * cleaning up * Release Update Incident function (#37) * init release update incident function * cleaning up * updating * updating incident function * code cleanup * Cleaning up and ready for release * updating final docs folder * Release Feature playbook configuration (#33) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * init release for playbook * cleaning up * finishing playbook * adding get alert rule action function * releasing get logic app function * release new- az sen alert action and some codue update * init release playbook function * uppdated gitignore * init release remove azsentinel action rule * fixed compare issue * Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook * updating pester test result * updating readme * updating readme * updated docs and pester test results * restoring version * Fix/smallconflicts (#40) * updating docs * updating examples * updating pipeline * fixing Subscribtion parameter for playbook (#43) * fixing Subscribtion parameter for playbook (#45) * Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50) * fix huntng rule * fixing hunting rule issue * Fix - new-azsentinelalertrule playbook property (#49) * fixing the if statement * fixing the if statement * Feature - get all incidents (#51) * updating get incident * updating get incident function and docs * updating powershell-yaml * updating importmodule error * workaround * removing powershell-yaml depending * fixing logicapp sas token (#52) * Add support for day time periods (#61) * Add missing dot to yml file extension (#59) The Import-AZSentinelAlertRule function is not able to import yml files due to missing dot in the file extension. * adding support for resource provider in set-azsentinel (#69) * New function for enabling and disabling Alert rules (#71) * init release enable and disable function * adding empty test files * updating return message * New feature change the displayName of an alert (#68) * Release Rename Alert rule function * updating rename function * Handle nextLink for Playbooks (#78) When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents. * adding support for alert aggregation (#65) * adding support for alert aggregation, classes created * updaing classes * updated the class and created first rule wih no error * update class and made import function backwards compatible * small changes * tested with import method * updating new function * checking working code, starting cleanup * updating documentation * updating docs and cleaning up * updating build errors * change pester version * updating pester version * Update groupingConfiguration.ps1 (#87) * Fix bug that causes loss of certain incident properties, add option to set incident description (#91) * Feature - Adding support for all alert rule types (#90) * init release * updating docs Co-authored-by: Khabazi <rob5614@robeco.nl> * New Functionality to get alert rule templates provided by Microsoft (#94) Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> * Update/get az sentinel alert rule templates (#95) * udating Get-AzSentinelAlertRuleTemplates * updated Co-authored-by: Khabazi <rob5614@robeco.nl> * Feature/add az sentinel incident comment (#96) * udating Get-AzSentinelAlertRuleTemplates * updated * fixing playbook issue * Add-AzSentinelIncidentComment * release Co-authored-by: Khabazi <rob5614@robeco.nl> * fixing class error (#99) * updating example files, ncluding multi rule yaml file (#104) * Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102) * fixing return issue * fixing playbook issue * init release Get-AzSentinelDataConnector function (#103) * Fix - get-azsentinelhuntingrule updated get and remove function (#106) * fixing hunitng rule get and remove issue * cleaning up * updating filters * Add filtering by lastModified (#107) * updating AggregationKind class and enum (#111) * Release of Import-AzSentinelDataConnector function (#116) * extra check for Import-AzSentinelDataConnector * fixing class issue (#118) * New function: Export-AzSentinel (#121) * init code * Release Export-AzSentinel and some small fixes/updates * fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122) * updating Get-AzSentinelAlertRule function and docs (#125) * modified token expiration logic (#135) Co-authored-by: John Crouch <john.crouch@summit7.us> * fixing small issues (#136) * Fixing issue when switching from subscription (#140) * !Deploy Release version 0.6.14 (#137) * Release '0.6.2' (#31) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * cleaning up * Release Update Incident function (#37) * init release update incident function * cleaning up * updating * updating incident function * code cleanup * Cleaning up and ready for release * updating final docs folder * Release Feature playbook configuration (#33) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * init release for playbook * cleaning up * finishing playbook * adding get alert rule action function * releasing get logic app function * release new- az sen alert action and some codue update * init release playbook function * uppdated gitignore * init release remove azsentinel action rule * fixed compare issue * Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook * updating pester test result * updating readme * updating readme * updated docs and pester test results * restoring version * Fix/smallconflicts (#40) * updating docs * updating examples * updating pipeline * fixing Subscribtion parameter for playbook (#43) * fixing Subscribtion parameter for playbook (#45) * Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50) * fix huntng rule * fixing hunting rule issue * Fix - new-azsentinelalertrule playbook property (#49) * fixing the if statement * fixing the if statement * Feature - get all incidents (#51) * updating get incident * updating get incident function and docs * updating powershell-yaml * updating importmodule error * workaround * removing powershell-yaml depending * fixing logicapp sas token (#52) * Add support for day time periods (#61) * Add missing dot to yml file extension (#59) The Import-AZSentinelAlertRule function is not able to import yml files due to missing dot in the file extension. * adding support for resource provider in set-azsentinel (#69) * New function for enabling and disabling Alert rules (#71) * init release enable and disable function * adding empty test files * updating return message * New feature change the displayName of an alert (#68) * Release Rename Alert rule function * updating rename function * Handle nextLink for Playbooks (#78) When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents. * adding support for alert aggregation (#65) * adding support for alert aggregation, classes created * updaing classes * updated the class and created first rule wih no error * update class and made import function backwards compatible * small changes * tested with import method * updating new function * checking working code, starting cleanup * updating documentation * updating docs and cleaning up * updating build errors * change pester version * updating pester version * Update groupingConfiguration.ps1 (#87) * Fix bug that causes loss of certain incident properties, add option to set incident description (#91) * Feature - Adding support for all alert rule types (#90) * init release * updating docs Co-authored-by: Khabazi <rob5614@robeco.nl> * New Functionality to get alert rule templates provided by Microsoft (#94) Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> * Update/get az sentinel alert rule templates (#95) * udating Get-AzSentinelAlertRuleTemplates * updated Co-authored-by: Khabazi <rob5614@robeco.nl> * Feature/add az sentinel incident comment (#96) * udating Get-AzSentinelAlertRuleTemplates * updated * fixing playbook issue * Add-AzSentinelIncidentComment * release Co-authored-by: Khabazi <rob5614@robeco.nl> * fixing class error (#99) * updating example files, ncluding multi rule yaml file (#104) * Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102) * fixing return issue * fixing playbook issue * init release Get-AzSentinelDataConnector function (#103) * Fix - get-azsentinelhuntingrule updated get and remove function (#106) * fixing hunitng rule get and remove issue * cleaning up * updating filters * Add filtering by lastModified (#107) * updating AggregationKind class and enum (#111) * Release of Import-AzSentinelDataConnector function (#116) * extra check for Import-AzSentinelDataConnector * fixing class issue (#118) * New function: Export-AzSentinel (#121) * init code * Release Export-AzSentinel and some small fixes/updates * fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122) * updating Get-AzSentinelAlertRule function and docs (#125) * modified token expiration logic (#135) Co-authored-by: John Crouch <john.crouch@summit7.us> * fixing small issues (#136) Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * fixing issue when switching from subscription * fixing subscription precheck issue * restore Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * Fixing issue with Fusion rules (#143) * MSSP Playbook (#142) * !Deploy Release version 0.6.14 (#137) * Release '0.6.2' (#31) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * cleaning up * Release Update Incident function (#37) * init release update incident function * cleaning up * updating * updating incident function * code cleanup * Cleaning up and ready for release * updating final docs folder * Release Feature playbook configuration (#33) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * init release for playbook * cleaning up * finishing playbook * adding get alert rule action function * releasing get logic app function * release new- az sen alert action and some codue update * init release playbook function * uppdated gitignore * init release remove azsentinel action rule * fixed compare issue * Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook * updating pester test result * updating readme * updating readme * updated docs and pester test results * restoring version * Fix/smallconflicts (#40) * updating docs * updating examples * updating pipeline * fixing Subscribtion parameter for playbook (#43) * fixing Subscribtion parameter for playbook (#45) * Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50) * fix huntng rule * fixing hunting rule issue * Fix - new-azsentinelalertrule playbook property (#49) * fixing the if statement * fixing the if statement * Feature - get all incidents (#51) * updating get incident * updating get incident function and docs * updating powershell-yaml * updating importmodule error * workaround * removing powershell-yaml depending * fixing logicapp sas token (#52) * Add support for day time periods (#61) * Add missing dot to yml file extension (#59) The Import-AZSentinelAlertRule function is not able to import yml files due to missing dot in the file extension. * adding support for resource provider in set-azsentinel (#69) * New function for enabling and disabling Alert rules (#71) * init release enable and disable function * adding empty test files * updating return message * New feature change the displayName of an alert (#68) * Release Rename Alert rule function * updating rename function * Handle nextLink for Playbooks (#78) When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents. * adding support for alert aggregation (#65) * adding support for alert aggregation, classes created * updaing classes * updated the class and created first rule wih no error * update class and made import function backwards compatible * small changes * tested with import method * updating new function * checking working code, starting cleanup * updating documentation * updating docs and cleaning up * updating build errors * change pester version * updating pester version * Update groupingConfiguration.ps1 (#87) * Fix bug that causes loss of certain incident properties, add option to set incident description (#91) * Feature - Adding support for all alert rule types (#90) * init release * updating docs Co-authored-by: Khabazi <rob5614@robeco.nl> * New Functionality to get alert rule templates provided by Microsoft (#94) Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> * Update/get az sentinel alert rule templates (#95) * udating Get-AzSentinelAlertRuleTemplates * updated Co-authored-by: Khabazi <rob5614@robeco.nl> * Feature/add az sentinel incident comment (#96) * udating Get-AzSentinelAlertRuleTemplates * updated * fixing playbook issue * Add-AzSentinelIncidentComment * release Co-authored-by: Khabazi <rob5614@robeco.nl> * fixing class error (#99) * updating example files, ncluding multi rule yaml file (#104) * Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102) * fixing return issue * fixing playbook issue * init release Get-AzSentinelDataConnector function (#103) * Fix - get-azsentinelhuntingrule updated get and remove function (#106) * fixing hunitng rule get and remove issue * cleaning up * updating filters * Add filtering by lastModified (#107) * updating AggregationKind class and enum (#111) * Release of Import-AzSentinelDataConnector function (#116) * extra check for Import-AzSentinelDataConnector * fixing class issue (#118) * New function: Export-AzSentinel (#121) * init code * Release Export-AzSentinel and some small fixes/updates * fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122) * updating Get-AzSentinelAlertRule function and docs (#125) * modified token expiration logic (#135) Co-authored-by: John Crouch <john.crouch@summit7.us> * fixing small issues (#136) Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * init test * ready for release Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * Prevent null reference of non-required argument; fixes #148 (#149) * !Deploy Release Version 0.6.16 (#146) * Release '0.6.2' (#31) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * cleaning up * Release Update Incident function (#37) * init release update incident function * cleaning up * updating * updating incident function * code cleanup * Cleaning up and ready for release * updating final docs folder * Release Feature playbook configuration (#33) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * init release for playbook * cleaning up * finishing playbook * adding get alert rule action function * releasing get logic app function * release new- az sen alert action and some codue update * init release playbook function * uppdated gitignore * init release remove azsentinel action rule * fixed compare issue * Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook * updating pester test result * updating readme * updating readme * updated docs and pester test results * restoring version * Fix/smallconflicts (#40) * updating docs * updating examples * updating pipeline * fixing Subscribtion parameter for playbook (#43) * fixing Subscribtion parameter for playbook (#45) * Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50) * fix huntng rule * fixing hunting rule issue * Fix - new-azsentinelalertrule playbook property (#49) * fixing the if statement * fixing the if statement * Feature - get all incidents (#51) * updating get incident * updating get incident function and docs * updating powershell-yaml * updating importmodule error * workaround * removing powershell-yaml depending * fixing logicapp sas token (#52) * Add support for day time periods (#61) * Add missing dot to yml file extension (#59) The Import-AZSentinelAlertRule function is not able to import yml files due to missing dot in the file extension. * adding support for resource provider in set-azsentinel (#69) * New function for enabling and disabling Alert rules (#71) * init release enable and disable function * adding empty test files * updating return message * New feature change the displayName of an alert (#68) * Release Rename Alert rule function * updating rename function * Handle nextLink for Playbooks (#78) When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents. * adding support for alert aggregation (#65) * adding support for alert aggregation, classes created * updaing classes * updated the class and created first rule wih no error * update class and made import function backwards compatible * small changes * tested with import method * updating new function * checking working code, starting cleanup * updating documentation * updating docs and cleaning up * updating build errors * change pester version * updating pester version * Update groupingConfiguration.ps1 (#87) * Fix bug that causes loss of certain incident properties, add option to set incident description (#91) * Feature - Adding support for all alert rule types (#90) * init release * updating docs Co-authored-by: Khabazi <rob5614@robeco.nl> * New Functionality to get alert rule templates provided by Microsoft (#94) Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> * Update/get az sentinel alert rule templates (#95) * udating Get-AzSentinelAlertRuleTemplates * updated Co-authored-by: Khabazi <rob5614@robeco.nl> * Feature/add az sentinel incident comment (#96) * udating Get-AzSentinelAlertRuleTemplates * updated * fixing playbook issue * Add-AzSentinelIncidentComment * release Co-authored-by: Khabazi <rob5614@robeco.nl> * fixing class error (#99) * updating example files, ncluding multi rule yaml file (#104) * Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102) * fixing return issue * fixing playbook issue * init release Get-AzSentinelDataConnector function (#103) * Fix - get-azsentinelhuntingrule updated get and remove function (#106) * fixing hunitng rule get and remove issue * cleaning up * updating filters * Add filtering by lastModified (#107) * updating AggregationKind class and enum (#111) * Release of Import-AzSentinelDataConnector function (#116) * extra check for Import-AzSentinelDataConnector * fixing class issue (#118) * New function: Export-AzSentinel (#121) * init code * Release Export-AzSentinel and some small fixes/updates * fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122) * updating Get-AzSentinelAlertRule function and docs (#125) * modified token expiration logic (#135) Co-authored-by: John Crouch <john.crouch@summit7.us> * fixing small issues (#136) * Fixing issue when switching from subscription (#140) * !Deploy Release version 0.6.14 (#137) * Release '0.6.2' (#31) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * cleaning up * Release Update Incident function (#37) * init release update incident function * cleaning up * updating * updating incident function * code cleanup * Cleaning up and ready for release * updating final docs folder * Release Feature playbook configuration (#33) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * init release for playbook * cleaning up * finishing playbook * adding get alert rule action function * releasing get logic app function * release new- az sen alert action and some codue update * init release playbook function * uppdated gitignore * init release remove azsentinel action rule * fixed compare issue * Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook * updating pester test result * updating readme * updating readme * updated docs and pester test results * restoring version * Fix/smallconflicts (#40) * updating docs * updating examples * updating pipeline * fixing Subscribtion parameter for playbook (#43) * fixing Subscribtion parameter for playbook (#45) * Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50) * fix huntng rule * fixing hunting rule issue * Fix - new-azsentinelalertrule playbook property (#49) * fixing the if statement * fixing the if statement * Feature - get all incidents (#51) * updating get incident * updating get incident function and docs * updating powershell-yaml * updating importmodule error * workaround * removing powershell-yaml depending * fixing logicapp sas token (#52) * Add support for day time periods (#61) * Add missing dot to yml file extension (#59) The Import-AZSentinelAlertRule function is not able to import yml files due to missing dot in the file extension. * adding support for resource provider in set-azsentinel (#69) * New function for enabling and disabling Alert rules (#71) * init release enable and disable function * adding empty test files * updating return message * New feature change the displayName of an alert (#68) * Release Rename Alert rule function * updating rename function * Handle nextLink for Playbooks (#78) When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents. * adding support for alert aggregation (#65) * adding support for alert aggregation, classes created * updaing classes * updated the class and created first rule wih no error * update class and made import function backwards compatible * small changes * tested with import method * updating new function * checking working code, starting cleanup * updating documentation * updating docs and cleaning up * updating build errors * change pester version * updating pester version * Update groupingConfiguration.ps1 (#87) * Fix bug that causes loss of certain incident properties, add option to set incident description (#91) * Feature - Adding support for all alert rule types (#90) * init release * updating docs Co-authored-by: Khabazi <rob5614@robeco.nl> * New Functionality to get alert rule templates provided by Microsoft (#94) Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> * Update/get az sentinel alert rule templates (#95) * udating Get-AzSentinelAlertRuleTemplates * updated Co-authored-by: Khabazi <rob5614@robeco.nl> * Feature/add az sentinel incident comment (#96) * udating Get-AzSentinelAlertRuleTemplates * updated * fixing playbook issue * Add-AzSentinelIncidentComment * release Co-authored-by: Khabazi <rob5614@robeco.nl> * fixing class error (#99) * updating example files, ncluding multi rule yaml file (#104) * Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102) * fixing return issue * fixing playbook issue * init release Get-AzSentinelDataConnector function (#103) * Fix - get-azsentinelhuntingrule updated get and remove function (#106) * fixing hunitng rule get and remove issue * cleaning up * updating filters * Add filtering by lastModified (#107) * updating AggregationKind class and enum (#111) * Release of Import-AzSentinelDataConnector function (#116) * extra check for Import-AzSentinelDataConnector * fixing class issue (#118) * New function: Export-AzSentinel (#121) * init code * Release Export-AzSentinel and some small fixes/updates * fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122) * updating Get-AzSentinelAlertRule function and docs (#125) * modified token expiration logic (#135) Co-authored-by: John Crouch <john.crouch@summit7.us> * fixing small issues (#136) Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * fixing issue when switching from subscription * fixing subscription precheck issue * restore Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * Fixing issue with Fusion rules (#143) * MSSP Playbook (#142) * !Deploy Release version 0.6.14 (#137) * Release '0.6.2' (#31) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * cleaning up * Release Update Incident function (#37) * init release update incident function * cleaning up * updating * updating incident function * code cleanup * Cleaning up and ready for release * updating final docs folder * Release Feature playbook configuration (#33) * updating get alert and hunting rule function * updated error handling * Create Get-PlayBook.ps1 * init release for playbook * cleaning up * finishing playbook * adding get alert rule action function * releasing get logic app function * release new- az sen alert action and some codue update * init release playbook function * uppdated gitignore * init release remove azsentinel action rule * fixed compare issue * Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook * updating pester test result * updating readme * updating readme * updated docs and pester test results * restoring version * Fix/smallconflicts (#40) * updating docs * updating examples * updating pipeline * fixing Subscribtion parameter for playbook (#43) * fixing Subscribtion parameter for playbook (#45) * Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50) * fix huntng rule * fixing hunting rule issue * Fix - new-azsentinelalertrule playbook property (#49) * fixing the if statement * fixing the if statement * Feature - get all incidents (#51) * updating get incident * updating get incident function and docs * updating powershell-yaml * updating importmodule error * workaround * removing powershell-yaml depending * fixing logicapp sas token (#52) * Add support for day time periods (#61) * Add missing dot to yml file extension (#59) The Import-AZSentinelAlertRule function is not able to import yml files due to missing dot in the file extension. * adding support for resource provider in set-azsentinel (#69) * New function for enabling and disabling Alert rules (#71) * init release enable and disable function * adding empty test files * updating return message * New feature change the displayName of an alert (#68) * Release Rename Alert rule function * updating rename function * Handle nextLink for Playbooks (#78) When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents. * adding support for alert aggregation (#65) * adding support for alert aggregation, classes created * updaing classes * updated the class and created first rule wih no error * update class and made import function backwards compatible * small changes * tested with import method * updating new function * checking working code, starting cleanup * updating documentation * updating docs and cleaning up * updating build errors * change pester version * updating pester version * Update groupingConfiguration.ps1 (#87) * Fix bug that causes loss of certain incident properties, add option to set incident description (#91) * Feature - Adding support for all alert rule types (#90) * init release * updating docs Co-authored-by: Khabazi <rob5614@robeco.nl> * New Functionality to get alert rule templates provided by Microsoft (#94) Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> * Update/get az sentinel alert rule templates (#95) * udating Get-AzSentinelAlertRuleTemplates * updated Co-authored-by: Khabazi <rob5614@robeco.nl> * Feature/add az sentinel incident comment (#96) * udating Get-AzSentinelAlertRuleTemplates * updated * fixing playbook issue * Add-AzSentinelIncidentComment * release Co-authored-by: Khabazi <rob5614@robeco.nl> * fixing class error (#99) * updating example files, ncluding multi rule yaml file (#104) * Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102) * fixing return issue * fixing playbook issue * init release Get-AzSentinelDataConnector function (#103) * Fix - get-azsentinelhuntingrule updated get and remove function (#106) * fixing hunitng rule get and remove issue * cleaning up * updating filters * Add filtering by lastModified (#107) * updating AggregationKind class and enum (#111) * Release of Import-AzSentinelDataConnector function (#116) * extra check for Import-AzSentinelDataConnector * fixing class issue (#118) * New function: Export-AzSentinel (#121) * init code * Release Export-AzSentinel and some small fixes/updates * fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122) * updating Get-AzSentinelAlertRule function and docs (#125) * modified token expiration logic (#135) Co-authored-by: John Crouch <john.crouch@summit7.us> * fixing small issues (#136) Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * init test * ready for release Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * fix bug 145 Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * Prevent null reference of non-required argument; fixes #148 Co-authored-by: Pouyan Khabazi <pkhabazi@outlook.com> Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> * Add support for FileHash entity (#147) * update enums folder name (#156) * Updating alertrule output format (#157) * adding support for AlertRuleTemplate property (#160) Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com> Co-authored-by: NVolcz <niklas.volcz@gmail.com> Co-authored-by: stehod <34159548+stehod@users.noreply.github.com> Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com> Co-authored-by: Jonathan Holtmann <holtmann@usc.edu> Co-authored-by: Khabazi <rob5614@robeco.nl> Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com> Co-authored-by: Antonio Ramirez <ramireza@ryanair.com> Co-authored-by: John Crouch <50185606+john-crouch@users.noreply.github.com> Co-authored-by: John Crouch <john.crouch@summit7.us> Co-authored-by: Luke Fritz <lukefritz@gmail.com>