Update azuredeploy.json
Made KeyVault managed connection with the predefined Keyvault name
This commit is contained in:
eerus
GitHub
Родитель
0d4a8fabf9
Коммит
3fdcfd398b
|
|
@ -1,194 +1,195 @@
|
|||
{
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "1.0.0.0",
|
||||
"metadata": {
|
||||
"title": "Cohesity Close Helios Incident Playbook",
|
||||
"description": "This playbook closes the corresponding Helios ticket.",
|
||||
"prerequisites": "Install this Azure function configuration",
|
||||
"postDeployment": "Authorize all connections",
|
||||
"prerequisitesDeployTemplateFile": "None",
|
||||
"lastUpdateTime": "2022-12-23T11:50:00.000Z",
|
||||
"entities": [ "Malware" ],
|
||||
"tags": [ "Cohesity DataHawk", "SOAR", "Threat Response" ],
|
||||
"support": {
|
||||
"tier": "community",
|
||||
"armtemplate": "Generated from https://github.com/Azure/Azure-Sentinel/tree/master/Tools/Playbook-ARM-Template-Generator"
|
||||
},
|
||||
"author": {
|
||||
"name": "Cohesity"
|
||||
}
|
||||
},
|
||||
"parameters": {
|
||||
"PlaybookName": {
|
||||
"defaultValue": "My_Cohesity_Close_Helios_Incident",
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"variables": {
|
||||
"MicrosoftSentinelConnectionName": "[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
|
||||
"KeyvaultConnectionName": "[concat('Keyvault-', parameters('PlaybookName'))]"
|
||||
},
|
||||
"resources": [{
|
||||
"properties": {
|
||||
"provisioningState": "Succeeded",
|
||||
"state": "Enabled",
|
||||
"definition": {
|
||||
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
|
||||
"contentVersion": "1.0.0.0",
|
||||
"parameters": {
|
||||
"$connections": {
|
||||
"defaultValue": {},
|
||||
"type": "Object"
|
||||
}
|
||||
},
|
||||
"triggers": {
|
||||
"Microsoft_Sentinel_incident": {
|
||||
"type": "ApiConnectionWebhook",
|
||||
"inputs": {
|
||||
"body": {
|
||||
"callback_url": "@{listCallbackUrl()}"
|
||||
},
|
||||
"host": {
|
||||
"connection": {
|
||||
"name": "@parameters('$connections')['azuresentinel']['connectionId']"
|
||||
}
|
||||
},
|
||||
"path": "/incident-creation"
|
||||
}
|
||||
}
|
||||
},
|
||||
"actions": {
|
||||
"Get_secret": {
|
||||
"runAfter": {
|
||||
"Initialize_HelioID": [
|
||||
"Succeeded"
|
||||
]
|
||||
},
|
||||
"type": "ApiConnection",
|
||||
"inputs": {
|
||||
"host": {
|
||||
"connection": {
|
||||
"name": "@parameters('$connections')['keyvault']['connectionId']"
|
||||
}
|
||||
},
|
||||
"method": "get",
|
||||
"path": "/secrets/@{encodeURIComponent('ApiKey')}/value"
|
||||
}
|
||||
},
|
||||
"HTTP": {
|
||||
"runAfter": {
|
||||
"Get_secret": [
|
||||
"Succeeded"
|
||||
]
|
||||
},
|
||||
"type": "Http",
|
||||
"inputs": {
|
||||
"body": {
|
||||
"status": "kSuppressed"
|
||||
},
|
||||
"headers": {
|
||||
"Content-Type": "application/json",
|
||||
"apiKey": "@body('Get_secret')?['value']"
|
||||
},
|
||||
"method": "Patch",
|
||||
"uri": "https://helios.cohesity.com/mcm/alerts/@{variables('helioID')}"
|
||||
}
|
||||
},
|
||||
"Initialize_Description": {
|
||||
"runAfter": {},
|
||||
"type": "InitializeVariable",
|
||||
"inputs": {
|
||||
"variables": [{
|
||||
"name": "description",
|
||||
"type": "string",
|
||||
"value": "@triggerBody()?['object']?['properties']?['description']"
|
||||
}]
|
||||
}
|
||||
},
|
||||
"Initialize_HelioID": {
|
||||
"runAfter": {
|
||||
"Initialize_Description": [
|
||||
"Succeeded"
|
||||
]
|
||||
},
|
||||
"type": "InitializeVariable",
|
||||
"inputs": {
|
||||
"variables": [{
|
||||
"name": "helioID",
|
||||
"type": "string",
|
||||
"value": "@{split(variables('description'), 'Helios ID: ')[1]}"
|
||||
}]
|
||||
}
|
||||
}
|
||||
},
|
||||
"outputs": {}
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "1.0.0.0",
|
||||
"parameters": {
|
||||
"PlaybookName": {
|
||||
"defaultValue": "My_Cohesity_Close_Helios_Incident",
|
||||
"type": "String"
|
||||
}
|
||||
},
|
||||
"variables": {
|
||||
"MicrosoftSentinelConnectionName": "[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
|
||||
"KeyvaultConnectionName": "[concat('Keyvault-', parameters('PlaybookName'))]"
|
||||
},
|
||||
"resources": [
|
||||
{
|
||||
"type": "Microsoft.Logic/workflows",
|
||||
"apiVersion": "2017-07-01",
|
||||
"name": "[parameters('PlaybookName')]",
|
||||
"location": "[resourceGroup().location]",
|
||||
"dependsOn": [
|
||||
"[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
|
||||
"[resourceId('Microsoft.Web/connections', variables('KeyvaultConnectionName'))]"
|
||||
],
|
||||
"tags": {
|
||||
"hidden-SentinelTemplateName": "Cohesity_Close_Helios_Incident",
|
||||
"hidden-SentinelTemplateVersion": "1.0"
|
||||
},
|
||||
"identity": {
|
||||
"type": "SystemAssigned"
|
||||
},
|
||||
"properties": {
|
||||
"provisioningState": "Succeeded",
|
||||
"state": "Enabled",
|
||||
"definition": {
|
||||
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
|
||||
"contentVersion": "1.0.0.0",
|
||||
"parameters": {
|
||||
"$connections": {
|
||||
"defaultValue": {},
|
||||
"type": "Object"
|
||||
}
|
||||
},
|
||||
"triggers": {
|
||||
"Microsoft_Sentinel_incident": {
|
||||
"type": "ApiConnectionWebhook",
|
||||
"inputs": {
|
||||
"body": {
|
||||
"callback_url": "@{listCallbackUrl()}"
|
||||
},
|
||||
"parameters": {
|
||||
"$connections": {
|
||||
"value": {
|
||||
"azuresentinel": {
|
||||
"connectionId": "[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
|
||||
"connectionName": "[variables('MicrosoftSentinelConnectionName')]",
|
||||
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/Azuresentinel')]",
|
||||
"connectionProperties": {
|
||||
"authentication": {
|
||||
"type": "ManagedServiceIdentity"
|
||||
}
|
||||
}
|
||||
},
|
||||
"keyvault": {
|
||||
"connectionId": "[resourceId('Microsoft.Web/connections', variables('KeyvaultConnectionName'))]",
|
||||
"connectionName": "[variables('KeyvaultConnectionName')]",
|
||||
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/Keyvault')]"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"name": "[parameters('PlaybookName')]",
|
||||
"type": "Microsoft.Logic/workflows",
|
||||
"location": "[resourceGroup().location]",
|
||||
"tags": {
|
||||
"hidden-SentinelTemplateName": "Cohesity_Close_Helios_Incident",
|
||||
"hidden-SentinelTemplateVersion": "1.0"
|
||||
},
|
||||
"identity": {
|
||||
"type": "SystemAssigned"
|
||||
},
|
||||
"apiVersion": "2017-07-01",
|
||||
"dependsOn": [
|
||||
"[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
|
||||
"[resourceId('Microsoft.Web/connections', variables('KeyvaultConnectionName'))]"
|
||||
]
|
||||
},
|
||||
{
|
||||
"type": "Microsoft.Web/connections",
|
||||
"apiVersion": "2016-06-01",
|
||||
"name": "[variables('MicrosoftSentinelConnectionName')]",
|
||||
"location": "[resourceGroup().location]",
|
||||
"kind": "V1",
|
||||
"properties": {
|
||||
"displayName": "[variables('MicrosoftSentinelConnectionName')]",
|
||||
"customParameterValues": {},
|
||||
"parameterValueType": "Alternative",
|
||||
"api": {
|
||||
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/Azuresentinel')]"
|
||||
}
|
||||
"host": {
|
||||
"connection": {
|
||||
"name": "@parameters('$connections')['azuresentinel']['connectionId']"
|
||||
}
|
||||
},
|
||||
"path": "/incident-creation"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "Microsoft.Web/connections",
|
||||
"apiVersion": "2016-06-01",
|
||||
"name": "[variables('KeyvaultConnectionName')]",
|
||||
"location": "[resourceGroup().location]",
|
||||
"kind": "V1",
|
||||
"properties": {
|
||||
"displayName": "[variables('KeyvaultConnectionName')]",
|
||||
"customParameterValues": {},
|
||||
"api": {
|
||||
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/Keyvault')]"
|
||||
}
|
||||
},
|
||||
"actions": {
|
||||
"Get_secret": {
|
||||
"runAfter": {
|
||||
"Initialize_HelioID": [
|
||||
"Succeeded"
|
||||
]
|
||||
},
|
||||
"type": "ApiConnection",
|
||||
"inputs": {
|
||||
"host": {
|
||||
"connection": {
|
||||
"name": "@parameters('$connections')['keyvault']['connectionId']"
|
||||
}
|
||||
},
|
||||
"method": "get",
|
||||
"path": "/secrets/@{encodeURIComponent('ApiKey')}/value"
|
||||
}
|
||||
},
|
||||
"HTTP": {
|
||||
"runAfter": {
|
||||
"Get_secret": [
|
||||
"Succeeded"
|
||||
]
|
||||
},
|
||||
"type": "Http",
|
||||
"inputs": {
|
||||
"body": {
|
||||
"status": "kSuppressed"
|
||||
},
|
||||
"headers": {
|
||||
"Content-Type": "application/json",
|
||||
"apiKey": "@body('Get_secret')?['value']"
|
||||
},
|
||||
"method": "Patch",
|
||||
"uri": "https://helios.cohesity.com/mcm/alerts/@{variables('helioID')}"
|
||||
}
|
||||
},
|
||||
"Initialize_Description": {
|
||||
"runAfter": {},
|
||||
"type": "InitializeVariable",
|
||||
"inputs": {
|
||||
"variables": [
|
||||
{
|
||||
"name": "description",
|
||||
"type": "string",
|
||||
"value": "@triggerBody()?['object']?['properties']?['description']"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"Initialize_HelioID": {
|
||||
"runAfter": {
|
||||
"Initialize_Description": [
|
||||
"Succeeded"
|
||||
]
|
||||
},
|
||||
"type": "InitializeVariable",
|
||||
"inputs": {
|
||||
"variables": [
|
||||
{
|
||||
"name": "helioID",
|
||||
"type": "string",
|
||||
"value": "@{split(variables('description'), 'Helios ID: ')[1]}"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
},
|
||||
"outputs": {}
|
||||
},
|
||||
"parameters": {
|
||||
"$connections": {
|
||||
"value": {
|
||||
"azuresentinel": {
|
||||
"connectionId": "[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
|
||||
"connectionName": "[variables('MicrosoftSentinelConnectionName')]",
|
||||
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/Azuresentinel')]",
|
||||
"connectionProperties": {
|
||||
"authentication": {
|
||||
"type": "ManagedServiceIdentity"
|
||||
}
|
||||
}
|
||||
},
|
||||
"keyvault": {
|
||||
"connectionId": "[resourceId('Microsoft.Web/connections', variables('KeyvaultConnectionName'))]",
|
||||
"connectionName": "[variables('KeyvaultConnectionName')]",
|
||||
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/Keyvault')]",
|
||||
"connectionProperties": {
|
||||
"authentication": {
|
||||
"type": "ManagedServiceIdentity"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "Microsoft.Web/connections",
|
||||
"apiVersion": "2016-06-01",
|
||||
"name": "[variables('MicrosoftSentinelConnectionName')]",
|
||||
"location": "[resourceGroup().location]",
|
||||
"kind": "V1",
|
||||
"properties": {
|
||||
"displayName": "[variables('MicrosoftSentinelConnectionName')]",
|
||||
"customParameterValues": {},
|
||||
"parameterValueType": "Alternative",
|
||||
"api": {
|
||||
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/Azuresentinel')]"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "Microsoft.Web/connections",
|
||||
"apiVersion": "2016-06-01",
|
||||
"name": "[variables('KeyvaultConnectionName')]",
|
||||
"location": "[resourceGroup().location]",
|
||||
"kind": "V1",
|
||||
"properties": {
|
||||
"customParameterValues": {},
|
||||
"api": {
|
||||
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/Keyvault')]",
|
||||
"type": "Microsoft.Web/locations/managedApis"
|
||||
},
|
||||
"parameterValueType": "Alternative",
|
||||
"alternativeParameterValues": {
|
||||
"vaultName": "[concat('cohesitypro', uniqueString(resourceGroup().id))]"
|
||||
},
|
||||
"nonSecretParameterValues": {
|
||||
"vaultName": "[concat('cohesitypro', uniqueString(resourceGroup().id))]"
|
||||
},
|
||||
"displayName": "[variables('KeyvaultConnectionName')]"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче