Changelog

Synapse-Microsoft-Defender Changelog

NEXTVERS - 2025-MM-DD

Features and Enhancements

  • Updated microsoft.defender.ti.articles to set the media:news:body property with the body text.

v2.0.0 - 2025-05-16

Automatic Migrations

  • Migrated all legacy media:news:url properties created by Synapse-Microsoft-Defender to the new Microsoft Defender TI URL format.

Features and Enhancements

  • Updated the media:news:url property to use the new Microsoft Defender TI URL format.

v1.1.0 - 2025-03-07

Features and Enhancements

  • Updated microsoft.defender.ti.pdns to handle cases where the declared response types were not correct for A and AAAA records.

  • Updated microsoft.defender.ti.articles, microsoft.defender.ti.profiles, microsoft.defender.ti.ssl.search, and microsoft.defender.ti.whois.search, to populate the it:exec:query:synuser properties.

  • Added new endpoints section in command help to document the endpoints used by each command, accessible via the --help flag.

v1.0.0 - 2025-01-17

Automatic Migrations

  • Migrated all inet:ssl:cert created by Synapse-Microsoft-Defender to inet:tls:servercert nodes. The migrated inet:ssl:cert nodes are removed by this migration if they don’t have any other meta:source -(seen)> edges.

  • Migrated all proj:ticket nodes created by Synapse-Microsoft-Defender to use the :id property instead of the deprecated :ext:id property. These nodes are only migrated if they have the Synapse-Microsoft-Defender meta:source -(seen)> edge.

Features and Enhancements

  • Added --no-hosts option to the microsoft.defender.ti.ssl.search command to retrieve/query hosts related to the returned SSL certificates.

  • Updated Power-Up to make inet:tls:servercert nodes instead of deprecated inet:ssl:cert nodes.

  • Updated commands that accept inet:ssl:cert nodes as inputs to accept inet:tls:servercert nodes instead.

  • Updated Power-Up to use the :id property instead of deprecated :ext:id property.

  • Updated deprecated $lib.list() usage to JSON style syntax.

v0.6.0 - 2024-12-12

NOTE: This release is a BETA preview and may be subject to change!

Features and Enhancements

  • Added microsoft.defender.ti.profiles command to retrieve/query threat actor and tool profiles from Microsoft Defender TI.

v0.5.0 - 2024-09-17

NOTE: This release is a BETA preview and may be subject to change!

Features and Enhancements

  • Add IPv4 support to microsoft.defender.ti.whois and microsoft.defender.ti.whois.history.

v0.4.0 - 2024-04-01

NOTE: This release is a BETA preview and may be subject to change!

Features and Enhancements

  • Add microsoft.defender.ti.reputation command which allows users to enrich an FQDN with reputation data from Microsoft Defender TI.

v0.3.1 - 2024-03-13

NOTE: This release is a BETA preview and may be subject to change!

Bugfixes

  • Fix broken link in microsoft.defender.ti.ssl.search help.

v0.3.0 - 2024-03-06

NOTE: This release is a BETA preview and may be subject to change!

Features and Enhancements

  • Update $lib.bytes usage with $lib.axon APIs.

Bugfixes

  • Use alert/incident creation time for :detected property.

  • Set :created and :updated on proj:ticket nodes created from alerts and incidents.

v0.2.1 - 2024-02-20

NOTE: This release is a BETA preview and may be subject to change!

Features and Enhancements

  • Update deprecated $lib.dict() usage to JSON style syntax.

v0.2.0 - 2024-02-06

NOTE: This release is a BETA preview and may be subject to change!

Features and Enhancements

  • Add a workaround to retry unexpected HTTP 400 errors from the Microsoft Defender TI backend.

Bugfixes

  • Clarify warning message for unsupported DNS record types.

v0.1.0 - 2024-01-05

NOTE: This release is a BETA preview and may be subject to change!

Features and Enhancements

  • Initial release of the Synapse-Microsoft-Defender Power-Up