Merge branch 'develop' into dependabot/pip/azure-mgmt-network-18.0.0

Author: P4T12ICK

.github/dependabot.yml

@@ -3,6 +3,5 @@ updates:
 - package-ecosystem: pip
   directory: "/"
   schedule:
-    interval: daily
-    time: "14:00"
-  open-pull-requests-limit: 10
+    interval: monthly
+  open-pull-requests-limit: 6

automated_detection_testing/requirements.txt

@@ -8,10 +8,10 @@ attrs==20.3.0
 azure-common==1.1.26
 azure-core==1.11.0
 azure-identity==1.5.0
-azure-mgmt-compute==18.2.0
+azure-mgmt-compute==19.0.0
 azure-mgmt-core==1.2.2
 azure-mgmt-network==18.0.0
-azure-mgmt-resource==15.0.0
+azure-mgmt-resource==16.0.0
 bcrypt==3.2.0
 boto3==1.16.62
 botocore==1.20.0
@@ -30,7 +30,7 @@ gitdb==4.0.5
 GitPython==3.1.14
 identify==1.5.13
 idna==2.8
-importlib-metadata==3.4.0
+importlib-metadata==3.7.0
 Jinja2==2.11.3
 jmespath==0.10.0
 lockfile==0.12.2
@@ -48,7 +48,7 @@ path.py==12.5.0
 pexpect==4.8.0
 pluggy==0.13.1
 pre-commit==2.10.0
-protobuf==3.15.1
+protobuf==3.15.6
 psutil==5.8.0
 ptyprocess==0.7.0
 py==1.10.0
@@ -79,4 +79,4 @@ wcwidth==0.2.5
 wget==3.2
 wrapt==1.12.1
 xmltodict==0.12.0
-zipp==3.4.0
+zipp==3.4.1

bin/jinja2_templates/detection.j2

@@ -32,4 +32,5 @@ tags:
   - {{product}}
   {% endfor -%}
   required_fields:
-  - _time
+  - _time
+  security_domain: {{security_domain}}

bin/newcontent.py

@@ -164,6 +164,34 @@ def detection_wizard(security_content_path,type,TEMPLATE_PATH):
                 },
             ],
         },
+        {
+            # get provider
+            'type': 'list',
+            'message': 'security_domain for detection',
+            'name': 'security_domain',
+            'choices': [
+                {
+                    'name': 'access'
+                },
+                {
+                    'name': 'endpoint'
+                },
+                {
+                    'name': 'network'
+                },
+                {
+                    'name': 'threat'
+                },
+                {
+                    'name': 'identity'
+                },
+                {
+                    'name': 'audit'
+                },
+
+            ],
+            'default': 'endpoint'
+        },
     ]
 
     answers = prompt(questions)
@@ -192,7 +220,7 @@ def detection_wizard(security_content_path,type,TEMPLATE_PATH):
     search= answers['detection_search'] + ' | `' + detection_file_name + '_filter`',
     type=answers['detection_type'], analytic_story_name='UPDATE_STORY_NAME', mitre_attack_id = answers['mitre_attack_ids'],
     kill_chain_phases=answers['kill_chain_phases'], dataset_url='UPDATE_DATASET_URL',
-    products=answers['products'])
+    products=answers['products'], security_domain=answers['security_domain'])
     with open(output_path, 'w', encoding="utf-8") as f:
         f.write(output)
 

requirements.txt

@@ -15,7 +15,7 @@ gitdb==4.0.5
 humanfriendly==9.1
 identify==1.5.13
 idna==2.10
-importlib-metadata==3.4.0
+importlib-metadata==3.7.0
 importlib-resources==5.1.2
 Jinja2==2.11.3
 jsonschema==3.2.0
@@ -25,7 +25,7 @@ nodeenv==1.5.0
 pathlib2==2.3.5
 pre-commit==2.10.0
 prompt-toolkit==1.0.14
-Pygments==2.8.0
+Pygments==2.8.1
 PyInquirer==1.0.3
 pyrsistent==0.17.3
 python-dateutil==2.8.1
@@ -47,4 +47,4 @@ typing==3.7.4.3
 urllib3==1.26.3
 virtualenv==20.4.2
 wcwidth==0.2.5
-zipp==3.4.0
+zipp==3.4.1