search

Azure / azure-sdk-for-python

This repository is for active development of the Azure SDK for Python. For consumers of the SDK we recommend visiting our public developer docs at https://learn.microsoft.com/python/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-python.
MIT License
4.54k stars 2.76k forks source link

MITRE Techniques not present in GET & LIST - Alert Rules - SecurityInsights #32311

Open ItaloPussi opened 11 months ago

ItaloPussi commented 11 months ago

Is your feature request related to a problem? Please describe. I have a script that runs daily and collects all the use cases created at Sentinel, making some dashboards, and customizing metrics. I've noticed that although having the field "tactics", the field "techniques" from MITRE is not present despite existing in Sentinel and supposedly being available to fetch according to the API Docs¹.

securityInsights.alert_rules.list() securityInsights.alert_rules.get()

Investigating more into the project, I found out that the feature is already implemented but hidden in the pre-release 2.0.0b2 since December 2022 and that the project in Pypi not received a new release since is launching.

Describe the solution you'd like I'd like the MITRE Techniques to be returned as a list, similarly to tactics by officially releasing the pre-release version as a minor.

YalinLi0312 commented 11 months ago

Hi @ItaloPussi , thanks for your contact! We'll investigate ASAP!

github-actions[bot] commented 11 months ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @amirkeren.

0xFustang commented 9 months ago

Would it be possible to add the ability to provide the technique ID through create_or_update operations?

0xFustang commented 4 days ago

@prose-leviathan - Also, the sub techniques are not present (subTechniques in the Sentinel schema)