Pysigma-backend-kusto

What's Changed
* Update microsoft365defender.py by adonm in https://github.com/AttackIQ/pySigma-backend-microsoft365defender/pull/19
* Ignores the "Initiated" field in network connections as for endpoints almost all events are outbound
* Increased pinned `certifi` dependency version

New Contributors
* adonm made their first contribution in https://github.com/AttackIQ/pySigma-backend-microsoft365defender/pull/19

**Full Changelog**: https://github.com/AttackIQ/pySigma-backend-microsoft365defender/compare/v0.2.4...v0.2.5

- Fixed issue 13 where '*' character was being escaped incorrectly CommandLine strings
- Fixed issue 14 where Sigma schema wildcards ('*', '?') in the middle of a string would create nonsense queries
- Since KQL does not use wildcards, anytime a wildcard value is seen inside a string (not at the beginning or end) from the Sigma Rule, we now split it by the wildcard and use a `contains` for each substring.
- Example: a CommandLine field with a value of `advfirewall firewall add rule name=Dropbox dir=in action=allow "program=?:\Program Files (x86)\Dropbox\Client\Dropbox.exe" enable=yes profile=Any` will be converted to `(ProcessCommandLine contains "advfirewall firewall add rule name=Dropbox dir=in action=allow \"program=" and ProcessCommandLine contains ":\\Program Files (x86)\\Dropbox\\Client\\Dropbox.exe\" enable=yes profile=Any")`

- Fixed issue 11 by adding more verbose error handling and hash algorithm parsing in 'Hashes' field
- Loosened pySigma pinned version to allow compatibility with pySigma >= 0.11.0

- Increased supported pySigma version to `>= 0.9.0, <= 0.10.6`

- Pinned `certifi` version to `2023.07.22` to fix [CVE-2023-37920](https://github.com/advisories/GHSA-xqr8-7jwr-rhp7/dependabot)

Support for the ParentImage Field!

* The pipeline and backend now support the argument `transform_parent_image` (bool, defaults to True)
* If set, this will map the `ParentImage` Sysmon field to `InitiatingProcessParentFileName` M365 field, and extract the parent process name from the full path as the value for all supported rule categories *except* process_creation.
* This is because the Microsoft 365 Defender table schema does not have a InitiatingProcessParentFolderPath field where the entire path can be used. Previously, having the ParentImage field in a rule would cause an invalid field error for non-process_creation rules.
* For usage and more information, see [the README](https://github.com/AttackIQ/pySigma-backend-microsoft365defender/blob/main/README.md#pipeline--backend-args-new-in-020)