Pysigma-backend-kusto

Support for the ParentImage Field!

* The pipeline and backend now support the argument `transform_parent_image` (bool, defaults to True)
* If set, this will map the `ParentImage` Sysmon field to `InitiatingProcessParentFileName` M365 field, and extract the parent process name from the full path as the value for all supported rule categories *except* process_creation.
* This is because the Microsoft 365 Defender table schema does not have a InitiatingProcessParentFolderPath field where the entire path can be used. Previously, having the ParentImage field in a rule would cause an invalid field error for non-process_creation rules.
* For usage and more information, see [the README](https://github.com/AttackIQ/pySigma-backend-microsoft365defender/blob/main/README.md#pipeline--backend-args-new-in-020)

- Changed backend negation logic to fix 7 issue
- Changed backend `parenthesize` attribute to `True` to fix 8 issue
- README and formatting edits

- Fixed an issue where a condition was being applied to a whole rule rather than individual detection items, causing issues when using generic field mappings (fixes 2 )
- Fixed Python v3.11 regex compatibility, moved the case-insensitive global flag to the beginning of registry pipeline regexes (fixes 3 )
- General whitespace/readability edits
- Changed Poetry installation github action

First release of pysigma-backend-microsoft365defender. Includes the following:

* Pipeline and backend classes to convert Sigma rules to Microsoft Advanced Hunting Queries in KQL
* Rule support for product=windows and the following categories
* process_creation
* image_load
* network_connection
* file_access, file_change, file_delete, file_event, file_rename
* registry_add, registry_delete, registry_event, registry_set
* Custom transformation to split User field into separate domain and user fields, if applicable
* Custom transformation to create new fields from Hashes field based on algorithm and value