Msatp with alerts for release/4.0.x

stix_shifter_modules/msatp/configuration/config.json

@@ -1,7 +1,8 @@
 {
     "connection": {
         "type": {
-            "displayName": "Microsoft Defender for Endpoint"
+            "displayName": "Microsoft Defender for Endpoint",
+            "group": "azure"
         },
         "host": {
             "type": "text",
@@ -24,11 +25,29 @@
         "selfSignedCert": {
             "type": "password",
             "optional": true
+        },
+        "options": {
+          "includeAlerts": {
+            "type": "boolean",
+            "default": false
+          },
+          "includeHostOs": {
+            "type": "boolean",
+            "default": false
+          },
+          "includeNetworkInfo": {
+            "type": "boolean",
+            "default": false
+          },
+          "retainOriginal": {
+            "type": "boolean",
+            "default": false
+          }
         }
     },
     "configuration": {
         "auth": {
-            "type" : "fields",
+            "type": "fields",
             "tenant": {
                 "type": "password"
             },

stix_shifter_modules/msatp/configuration/lang_en.json

@@ -1,13 +1,13 @@
 {
     "connection": {
         "host": {
-            "label": "Management IP address or Hostname",
+            "label": "Management IP address or hostname",
             "placeholder": "192.168.1.10",
-            "description": "Specify the IP address or  hostname of the data source so that IBM Cloud Pak for Security can communicate with it"
+            "description": "Specify the IP address or hostname of the data source"
         },
         "port": {
             "label": "Host Port",
-            "description": "Set the port number that is associated with the Host name or IP"
+            "description": "Set the port number that is associated with the hostname or IP address"
         },
         "help": {
             "label": "Need additional help?",
@@ -20,6 +20,24 @@
         "sni": {
             "label": "Server Name Indicator",
             "description": "The Server Name Indicator (SNI) enables a separate hostname to be provided for SSL authentication"
+        },
+        "options": {
+            "includeAlerts": {
+                "label": "Join events with Alerts?",
+                "description": "With this feature enabled every event will be searched for correlated alerts in the DeviceAlertsEvent table and the alert data will be included in the results. Keep in mind that this feature will add API CPU consumption."
+            },
+            "includeHostOs": {
+                "label": "Join events with Host OS info?",
+                "description": "With this feature enabled every event will include also the device OS details from the DeviceInfo table. Keep in mind that this feature will add API CPU consumption."
+            },
+            "includeNetworkInfo": {
+                "label": "Join events with Device Network info?",
+                "description": "With this feature enabled every event will include also the active network adapters IP and MAC addresses of the device at the time of the event from the DeviceNetworkInfo table. Keep in mind that this feature will add API CPU consumption."
+            },
+            "retainOriginal": {
+                "label": "Keep the original json payload before translation base64 encoded as original_ref?",
+                "description": "Setting this to true will encode the original json results from the EDR before they are translated to STIX and put them in an artifact object referenced as original_ref from x-oca-event. This is helpful if critical data is missing in the final translation."
+            }
         }
     },
     "configuration": {