From 851193d8b2b23a108627dae2344bc50c217fefcc Mon Sep 17 00:00:00 2001
From: Pouyan Khabazi <pkhabazi@outlook.com>
Date: Thu, 22 Oct 2020 09:55:37 +0200
Subject: [PATCH] !Deploy Release version 0.6.13 (#127)

* Release '0.6.2' (#31)

* updating get alert and hunting rule function

* updated error handling

* Create Get-PlayBook.ps1

* cleaning up

* Release Update Incident function (#37)

* init release update incident function

* cleaning up

* updating

* updating incident function

* code cleanup

* Cleaning up and ready for release

* updating final docs folder

* Release Feature playbook configuration (#33)

* updating get alert and hunting rule function

* updated error handling

* Create Get-PlayBook.ps1

* init release for playbook

* cleaning up

* finishing playbook

* adding get alert rule action function

* releasing get logic app function

* release new- az sen alert action and some codue update

* init release playbook function

* uppdated gitignore

* init release remove azsentinel action rule

* fixed compare issue

* Merge branch 'development' of github.com:wortell/AZSentinel into feature/playbook

* updating pester test result

* updating readme

* updating readme

* updated docs and pester test results

* restoring version

* Fix/smallconflicts (#40)

* updating docs

* updating examples

* updating pipeline

* fixing Subscribtion parameter for playbook (#43)

* fixing Subscribtion parameter for playbook (#45)

* Fix- get-Azsentinalhuntingrule - Cannot validate argument on parameter "Property" (#50)

* fix huntng rule

* fixing hunting rule issue

* Fix - new-azsentinelalertrule playbook property  (#49)

* fixing the if statement

* fixing the if statement

* Feature - get all incidents (#51)

* updating get incident

* updating get incident function and docs

* updating  powershell-yaml

* updating importmodule error

* workaround

* removing powershell-yaml depending

* fixing logicapp sas token (#52)

* Add support for day time periods (#61)

* Add missing dot to yml file extension (#59)

The Import-AZSentinelAlertRule function is not able to import yml files due
to missing dot in the file extension.

* adding support for resource provider in set-azsentinel (#69)

* New function for enabling and disabling Alert rules (#71)

* init release enable and disable function

* adding empty test files

* updating return message

* New feature change the displayName of an alert (#68)

* Release Rename Alert rule function

* updating rename function

* Handle nextLink for Playbooks (#78)

When retrieving playbooks not all are being returned. Code copied from Issue #35 Retrieving all incidents.

* adding support for alert aggregation (#65)

* adding support for alert aggregation, classes created

* updaing classes

* updated the class and created first rule wih no error

* update class and made import function backwards compatible

* small changes

* tested with import method

* updating new function

* checking working code, starting cleanup

* updating documentation

* updating docs and cleaning up

* updating build errors

* change pester version

* updating pester version

* Update groupingConfiguration.ps1 (#87)

* Fix bug that causes loss of certain incident properties, add option to set incident description (#91)

* Feature - Adding support for all alert rule types (#90)

* init release

* updating docs

Co-authored-by: Khabazi <rob5614@robeco.nl>

* New Functionality to get alert rule templates provided by Microsoft (#94)

Co-authored-by: Antonio Ramirez <ramireza@ryanair.com>

* Update/get az sentinel alert rule templates (#95)

* udating Get-AzSentinelAlertRuleTemplates

* updated

Co-authored-by: Khabazi <rob5614@robeco.nl>

* Feature/add az sentinel incident comment (#96)

* udating Get-AzSentinelAlertRuleTemplates

* updated

* fixing playbook issue

* Add-AzSentinelIncidentComment

* release

Co-authored-by: Khabazi <rob5614@robeco.nl>

* fixing class error (#99)

* updating example files, ncluding multi rule yaml file (#104)

* Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102)

* fixing return issue

* fixing playbook issue

* init release Get-AzSentinelDataConnector function (#103)

* Fix - get-azsentinelhuntingrule updated get and remove function (#106)

* fixing hunitng rule get and remove issue

* cleaning up

* updating filters

* Add filtering by lastModified (#107)

* updating AggregationKind class and enum (#111)

* Release of Import-AzSentinelDataConnector function (#116)

* extra check for Import-AzSentinelDataConnector

* fixing class issue (#118)

* New function: Export-AzSentinel (#121)

* init code

* Release Export-AzSentinel and some small fixes/updates

* fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (#122)

* updating Get-AzSentinelAlertRule function and docs (#125)

* Fixing loop error in export function

Co-authored-by: pemontto <939704+pemontto@users.noreply.github.com>
Co-authored-by: NVolcz <niklas.volcz@gmail.com>
Co-authored-by: stehod <34159548+stehod@users.noreply.github.com>
Co-authored-by: ThijsLecomte <42153270+ThijsLecomte@users.noreply.github.com>
Co-authored-by: Jonathan Holtmann <holtmann@usc.edu>
Co-authored-by: Khabazi <rob5614@robeco.nl>
Co-authored-by: ramirezversion <34833071+ramirezversion@users.noreply.github.com>
Co-authored-by: Antonio Ramirez <ramireza@ryanair.com>
---
 AzSentinel/Public/Export-AzSentinel.ps1 | 38 ++++++++++++++++---------
 1 file changed, 24 insertions(+), 14 deletions(-)

diff --git a/AzSentinel/Public/Export-AzSentinel.ps1 b/AzSentinel/Public/Export-AzSentinel.ps1
index 7bd5f29..e21a841 100644
--- a/AzSentinel/Public/Export-AzSentinel.ps1
+++ b/AzSentinel/Public/Export-AzSentinel.ps1
@@ -94,13 +94,18 @@ function Export-AzSentinel {
             $rules = Get-AzSentinelAlertRule @arguments
             if ($rules) {
                 $output = @{
-                    Scheduled                         = @()
-                    Fusion                            = @()
-                    MLBehaviorAnalytics               = @()
-                    MicrosoftSecurityIncidentCreation = @()
-                }
-                $rules.Kind | ForEach-Object {
-                    $output.$_ += $rules | Where-Object kind -eq $_
+                    Scheduled                         = @(
+                        $rules | Where-Object kind -eq Scheduled
+                    )
+                    Fusion                            = @(
+                        $rules | Where-Object kind -eq Fusion
+                    )
+                    MLBehaviorAnalytics               = @(
+                        $rules | Where-Object kind -eq MLBehaviorAnalytics
+                    )
+                    MicrosoftSecurityIncidentCreation = @(
+                        $rules | Where-Object kind -eq MicrosoftSecurityIncidentCreation
+                    )
                 }
 
                 try {
@@ -156,13 +161,18 @@ function Export-AzSentinel {
 
             if ($templates) {
                 $output = @{
-                    Scheduled                         = @()
-                    Fusion                            = @()
-                    MLBehaviorAnalytics               = @()
-                    MicrosoftSecurityIncidentCreation = @()
-                }
-                $templates.Kind | ForEach-Object {
-                    $output.$_ += $templates | Where-Object kind -eq $_
+                    Scheduled                         = @(
+                        $templates | Where-Object kind -eq Scheduled
+                    )
+                    Fusion                            = @(
+                        $templates | Where-Object kind -eq Fusion
+                    )
+                    MLBehaviorAnalytics               = @(
+                        $templates | Where-Object kind -eq MLBehaviorAnalytics
+                    )
+                    MicrosoftSecurityIncidentCreation = @(
+                        $templates | Where-Object kind -eq MicrosoftSecurityIncidentCreation
+                    )
                 }
 
                 try {