Merge pull request SigmaHQ#4117 from alexmcdonald1124/mdatp-integrity-levels

feat: adding integrity level mapping for Microsoft Defender backend

Author: nasbench

tools/sigma/backends/mdatp.py

@@ -89,6 +89,7 @@ def __init__(self, *args, **kwargs):
                 "ParentName": ("InitiatingProcessFileName", self.default_value_mapping),
                 "ParentProcessName": ("InitiatingProcessFileName", self.default_value_mapping),
                 "ParentImage": ("InitiatingProcessFolderPath", self.default_value_mapping),
+                "IntegrityLevel": ("ProcessIntegrityLevel", self.default_value_mapping),
                 "SourceImage": ("InitiatingProcessFolderPath", self.default_value_mapping),
                 "TargetImage": ("FolderPath", self.default_value_mapping),
                 "User": (self.decompose_user, ),