adding AzureActivity and AzureAD templates

2020-12-04 13:32:48 +01:00 · 2020-12-04 13:32:48 +01:00 · 96237321e4
--- a/Tools/ARM-Templates/AnalyticsRules/README.md
+++ b/Tools/ARM-Templates/AnalyticsRules/README.md
@ -1,6 +1,10 @@
 # Azure Sentinel Analytics Rules sample ARM templates
-The templates in this folder allow you to create analytics rules in Azure Sentinel. You can try them with the following links:
+The templates in this folder allow you to create analytics rules in Azure Sentinel. 
 ***DISCLAIMER:*** *as of today, these templates can be used only for first time deployment and not for updates. We are working to add update support soon.*
 You can try them with the following links:
 | Rule Type | Deploy |
 | :---| :---|
--- a/Tools/ARM-Templates/DataConnectors/AzureAD/AzureAD.json
+++ b/Tools/ARM-Templates/DataConnectors/AzureAD/AzureAD.json
@ -0,0 +1,33 @@
 {
    "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "workspaceId": {
            "type": "string",
            "metadata": {
                "description": "Workspace name for Log Analytics where Sentinel is setup"
            }
        }
    },
    "resources": [
        {
            "type": "microsoft.aadiam/diagnosticSettings",
            "apiVersion": "2017-04-01",
            "name": "setByARM",
            "properties": {
                "workspaceId": "[parameters('workspaceId')]",
                "logs": [
                    {
                        "category": "SignInLogs",
                        "enabled": true
                    },
                    {
                        "category": "AuditLogs",
                        "enabled": true
                    }
                ],
                 "metrics": []
            }
        }
    ]
 }
--- a/Tools/ARM-Templates/DataConnectors/AzureAD/README.md
+++ b/Tools/ARM-Templates/DataConnectors/AzureAD/README.md
@ -0,0 +1,11 @@
 # Azure Active Directory connector template
 Author: Javier Soriano
 This template enables the Azure AD connector on your Sentinel workspace. 
 Azure Active Directory Audit/SignIn logs - requires permissions at tenant scope. Be aware that your executing User or SPN needs Owner rights on tenant scope for this operation, can be added with following CLI
 `az role assignment create --role Owner --scope "/" --assignee {13ece749-d0a0-46cf-8000-b2552b520631}#>`
 [![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fjaviersoriano%2FAzure-Sentinel%2Fjavier-arm%2FTools%2FARM-Templates%2FDataConnectors%2FAzureAD%2FAzureAD.json)
--- a/Tools/ARM-Templates/DataConnectors/AzureActivity/AzureActivity.json
+++ b/Tools/ARM-Templates/DataConnectors/AzureActivity/AzureActivity.json
@ -0,0 +1,41 @@
 {
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "workspaceName": {
            "type": "string",
            "metadata": {
                "description": "Workspace name for Log Analytics where Sentinel is setup"
            }
        },
        "subscriptionId": {
            "type": "string",
            "defaultValue": "[subscription().subscriptionId]",
            "metadata": {
                "description": "Subscription ID to monitor"
            }
        },
         "location": {
            "type": "string",
            "defaultValue": "[resourceGroup().location]",
            "metadata": {
                "description": "Location for all resources."
            }
        }
    },
    "functions": [],
    "variables": {},
    "resources": [
        {
            "type": "Microsoft.OperationalInsights/workspaces/dataSources",
            "apiVersion": "2020-03-01-preview",
            "location": "[parameters('location')]",
            "name": "[concat(parameters('workspaceName'), '/', replace(parameters('subscriptionId'),'-', ''))]",
            "kind": "AzureActivityLog",
            "properties": {
                "linkedResourceId": "[concat('/subscriptions/', parameters('subscriptionId'), '/providers/microsoft.insights/eventtypes/management')]"
            }
        }        
    ],
    "outputs": {}
 }
--- a/Tools/ARM-Templates/DataConnectors/AzureActivity/README.md
+++ b/Tools/ARM-Templates/DataConnectors/AzureActivity/README.md
@ -0,0 +1,7 @@
 # Azure Activity connector template
 Author: Javier Soriano
 This template enables the Azure Activity connector on your Sentinel workspace.
 [![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fjaviersoriano%2FAzure-Sentinel%2Fjavier-arm%2FTools%2FARM-Templates%2FDataConnectors%2FAzureActivity%2FAzureActivity.json)
--- a/Tools/ARM-Templates/DataConnectors/README.md
+++ b/Tools/ARM-Templates/DataConnectors/README.md
@ -1,6 +1,10 @@
 # Azure Sentinel Data Connector sample ARM templates
-The templates in this folder allow you to onboard data connectors in Azure Sentinel. You can try them with the following links:
+The templates in this folder allow you to onboard data connectors in Azure Sentinel. 
 ***DISCLAIMER:*** *as of today, these templates can be used only for first time deployment and not for updates. We are working to add update support soon.*
 You can try them with the following links:
 | Data Connector | Deploy |
 | :---| :---|