Merge pull request #43 from f-bader/bugfix-powershell-yaml

Bugfix for powershell-yaml 0.4.8 - 0.4.10

README.md

@@ -4,6 +4,11 @@
 
 [![PSGallery Version](https://img.shields.io/powershellgallery/v/SentinelARConverter.svg?style=flat&logo=powershell&label=PSGallery%20Version)](https://www.powershellgallery.com/packages/SentinelARConverter) [![PSGallery Downloads](https://img.shields.io/powershellgallery/dt/SentinelARConverter.svg?style=flat&logo=powershell&label=PSGallery%20Downloads)](https://www.powershellgallery.com/packages/SentinelARConverter)
 
+> [!WARNING]  
+> The [powershell-yaml](https://github.com/cloudbase/powershell-yaml) module which is used by the Sentinel Analytics Rule converter had some breaking changes starting in version 0.4.8.
+> It is recommended to update to at least v0.4.11 of powershell-yaml or to update to the latest SentinelARConverter (>=2.4.3) which contains workarounds for known bugs.
+> Avoid using powershell-yaml in the version 0.4.8 and 0.4.9 as there are other bugs.
+
 ## Installation
 
 ```PowerShell

src/SentinelARConverter.psd1

@@ -12,7 +12,7 @@
     RootModule        = 'SentinelARConverter.psm1'
 
     # Version number of this module.
-    ModuleVersion     = '2.4.2'
+    ModuleVersion     = '2.4.3'
 
     # Supported PSEditions
     # CompatiblePSEditions = @()

src/public/Convert-SentinelARArmToYaml.ps1

@@ -136,6 +136,11 @@ function Convert-SentinelARArmToYaml {
 
         #region common
 
+        $PowerShellYAMLModuleVersion = Get-Module -Name powershell-yaml | Select-Object -ExpandProperty Version
+        if ( $PowerShellYAMLModuleVersion -ge [version]"0.4.8" -and $PowerShellYAMLModuleVersion -le [version]"0.4.9" ) {
+            Write-Warning "The powershell-yaml module version $($PowerShellYAMLModuleVersion) has known issues. Please update to the latest version of the module."
+        }
+
         if ($PsCmdlet.ParameterSetName -ne "Pipeline" ) {
             try {
                 if (-not (Test-Path $Filename)) {
@@ -368,6 +373,10 @@ function Convert-SentinelARArmToYaml {
                 }
             }
 
+            # Bugfix for broken powershell-yaml - https://github.com/cloudbase/powershell-yaml/issues/177
+            if ( $PowerShellYAMLModuleVersion -ge [version]"0.4.8" -and $PowerShellYAMLModuleVersion -le [version]"0.4.10" ) {
+                $AnalyticsRuleCleaned = $AnalyticsRuleCleaned | ConvertTo-Json -Depth 99 | ConvertFrom-Json
+            }
             # Convert the PowerShell object to YAML
             $AnalyticsRuleYAML = $AnalyticsRuleCleaned | ConvertTo-Yaml
 

src/public/Convert-SentinelARYamlToArm.ps1

@@ -144,6 +144,11 @@ function Convert-SentinelARYamlToArm {
 
     end {
 
+        $PowerShellYAMLModuleVersion = Get-Module -Name powershell-yaml | Select-Object -ExpandProperty Version
+        if ( $PowerShellYAMLModuleVersion -ge [version]"0.4.8" -and $PowerShellYAMLModuleVersion -le [version]"0.4.9" ) {
+            Write-Warning "The powershell-yaml module version $($PowerShellYAMLModuleVersion) has known issues. Please update to the latest version of the module."
+        }
+
         try {
             # Use parsed pipeline data if no file was specified (default)
             if ($PsCmdlet.ParameterSetName -eq "Pipeline") {

tests/Convert-SentinelARArmToYaml.tests.ps1

@@ -590,6 +590,14 @@ Describe "Simple example tests" {
             $converted.subTechniques | Should -Be $null
             $converted.relevantTechniques -join ", " | Should -Be "T1078.003, T1078.004"
         }
+        It "Converts eventGroupingSettings correctly" {
+            $converted = Convert-SentinelARArmToYaml -Filename "TestDrive:/Content/Scheduled.json" | ConvertFrom-Yaml
+            $converted.eventGroupingSettings.aggregationKind | Should -Be "SingleAlert"
+        }
+        It "Converts incidentConfiguration correctly" {
+            $converted = Convert-SentinelARArmToYaml -Filename "TestDrive:/Content/Scheduled.json" | ConvertFrom-Yaml
+            $converted.incidentConfiguration.createIncident | Should -Be $true
+        }
     }
 }