v0.4.0 - Azure Monitor Pipeline & Code Refactoring

🚀 Release Notes

🌟 Major Changes

🛡️ Microsoft XDR Pipeline (formerly Microsoft 365 Defender)

• 🔄 Microsoft 365 Defender pipeline renamed to Microsoft XDR
• ⚠️ Users should migrate to the new Microsoft XDR pipeline

🆕 Azure Monitor Pipeline (NEW!)

• 🧪 New Azure Monitor pipeline introduced (alpha status)
• 🗃️ Supports field mappings for SecurityEvents and SigninLogs tables
• 📊 All 698 Azure Monitor tables supported in final queries

🔍 Enhanced Sentinel ASIM Pipeline (Beta)

• 🔑 Additional field mappings added (beta status)

📈 Expanded Table Support

• Microsoft XDR: 38 tables
• Sentinel ASIM: 8 tables
• Azure Monitor: 698 tables

🏗️ Codebase Refactoring

• 🧱 Improved organization and structure
• 🔄 Better sharing of components across pipelines

✨ New Features

🎛️ Custom Table Name Support

• 🆕 Set custom table names with query_table parameter
• 🐍 Configurable via YAML or Python

🔀 Flexible Rule Category Handling

• 🚫 "Unsupported rule category" error suppressed when the following conditions are met:
  • Rule category is absent or category not in mappings.py for each pippeline
• A valid table is supplied via query_table param

🛠️ Technical Improvements

📜 Table Generation Scripts

• 🤖 New scripts in utils folder
• 🔄 Auto-populate valid tables and field schema in tables.py for each pipeline

🗺️ Field Mappings

• 🔨 Ongoing improvements for all pipelines

📊 Rule-to-Table Mapping

• 🚧 Work in progress on advanced mapping methods

📚 Documentation

• 📝 Updated README with query_table usage
• 💡 New examples for YAML and Python implementations
• FAQ/Troubleshooting section

⚠️ Deprecation Notices

• 🚫 Microsoft 365 Defender pipeline is deprecated
• 🔜 Users should migrate to Microsoft XDR pipeline

🔮 Future Work

• 🔍 Expanding field mappings across pipelines
• 🧠 Developing sophisticated rule-to-table mapping
• 🔧 Refining Azure Monitor and Sentinel ASIM pipelines

📘 Please refer to the updated README for detailed usage instructions and examples of the new features.