Merge pull request #263 from VirtualMetric:dev

Release 1.5.0

Author: KorayErkan

blog/2025-09-01-release-notes-1.4.0.mdx

@@ -1,11 +1,10 @@
 ---
-slug: /release-notes
 authors: [release-team]
 tags: [release]
 title: Version 1.4.0 Released
 ---
 
-This release introduces powerful new capabilities for Azure integration and data management. With the new **Settings** menu and **Microsoft Stats** dashboard, managing your workspace and monitoring data flow has never been easier. We've expanded our device and target support with **Azure Blob Storage**, **Azure Event Hubs**, **Microsoft Sentinel Data Lake**, and **Elasticsearch**, while enhancing Windows device capabilities with additional log types and pipeline selection options. Important bug fixes improve configuration persistence and content management workflows.
+This release introduces powerful new capabilities for Azure integration and data management. With the new **Settings** menu and **Microsoft Stats** dashboard, managing your workspace and monitoring data flow has never been easier. We've expanded our device and target support with **Azure Blob Storage**, **Azure Event Hubs**, **Microsoft Sentinel data lake**, and **Elasticsearch**, while enhancing Windows device capabilities with additional log types and pipeline selection options. Important bug fixes improve configuration persistence and content management workflows.
 
 {/* truncate  */}
 

blog/2025-10-16-release-notes-1.5.0.mdx

@@ -0,0 +1,11 @@
+---
+authors: [release-team]
+tags: [release]
+title: Version 1.5.0 Released
+---
+
+This release introduces flexible Director configuration management with **Self Managed Director** mode and comprehensive **Linux Agent** monitoring capabilities. The new **Splunk HEC** target integration expands data forwarding options, while important bug fixes improve agent visibility, device management, and user authentication workflows.
+
+{/* truncate  */}
+
+<Include id="release-1.5.0"/>

docs/appendix/log-formats/asim.mdx renamed to docs/appendix/field-formats/asim.mdx

@@ -0,0 +1,37 @@
+---
+pagination_prev: null
+pagination_next: null
+---
+
+# CSL
+
+The Common Security Log (CSL) is a standardized schema used in Microsoft Sentinel. It provides:
+
+**Common Fields**:
+
+|Field Category|Fields|Description|
+|:-:|:--|:--|
+|Base Fields|`TimeGenerated`, `Type`, `TenantId`, `SourceSystem`, `Computer`|Core fields for event identification and source tracking|
+|Identity Fields|`AccountName`, `AccountDomain`, `UserPrincipalName`, `UserId`|User identification and authentication tracking|
+|Network Fields|`SourceIP`, `DestinationIP`, `SourcePort`, `DestinationPort`|Network communication endpoints|
+|Security Fields|`Activity`, `Status`, `ResultType`, `ResultDescription`|Security operation outcomes and status information|
+
+**Schema Categories**:
+
+|Category|Fields|Purpose|
+|:-:|:--|:--|
+|Authentication|`LogonType`, `AuthenticationMethod`, `LogonProcessName`, `ImpersonationLevel`|Track authentication events and access control|
+|Network Session|`Protocol`, `Direction`, `BytesSent`, `BytesReceived`, `Duration`|Monitor network communications and traffic patterns|
+|Process|`ProcessName`, `CommandLine`, `ProcessId`, `ParentProcessName`|Track process creation and execution|
+|File|`FileName`, `FilePath`, `FileHash`, `FileOperation`|Monitor file access and modifications|
+|Registry|`RegistryKey`, `RegistryValueName`, `RegistryValueData`|Track registry changes and access|
+
+**Event Types**:
+
+|Type|Event Classes|Description|
+|--:|:--|:--|
+|Authentication|`SignInLogs`, `AuditLogs`, `AADNonInteractiveUserSignInLogs`|Authentication-related events and outcomes|
+|Security|`SecurityEvent`, `SecurityAlert`, `SecurityIncident`|Security-related events and alerts|
+|Network|`AzureNetworkAnalytics`, `CommonSecurityLog`, `DnsEvents`|Network activity and communications|
+|Identity|`IdentityInfo`, `IdentityDirectoryEvents`, `IdentityLogonEvents`|Identity and directory service events|
+|Endpoint|`DeviceEvents`, `DeviceProcessEvents`, `DeviceFileEvents`|Endpoint detection and response events|