Closed OllyNO closed 2 months ago
Hi @OllyNO
Based on the official docs techniques are supported and 2023-02-01-preview seems to be the latest version.
Do you have another reference?
Hi,
Just to clarify; Techniques work, but subtechniques doesn't.
I didn't really have any references other than looking at the json of rules I exported from Sentinel showed api version 2023-12-01-preview. But looking around today I found this:
https://learn.microsoft.com/en-us/rest/api/securityinsights/api-versions
Thank you very much. I will take a look if the tests are all successful after changing to it before I change the default. But in the meantime you can already change the API version using the parameter apiversion
Excellent, thank you!
And thank you for making this script, it's helped us a lot in automating conversion and deployment of analytic rules to multiple workspaces.
Example ARM configuration. Minimum is indeed 2023-12-01-preview
"tactics": [
"Reconnaissance"
],
"techniques": [
"T1589",
"T1592",
"T1598"
],
"subTechniques": [
"T1589.001",
"T1592.001"
]
Implemented in v.2.4.0
Summary of the new feature / enhancement
MITRE subtechniques does not work with API version 2023-02-01-preview. Deploying the same rules but changing API version to 2023-12-01-preview fixes this.
Proposed technical implementation details (optional)
No response