Update readme, zip location + API

Playbooks/Save-NamedLocations/azuredeploy.json

@@ -21,6 +21,12 @@
         "AAD_ApplicationSecret": {
             "defaultValue": "Application Secret of application",
             "type": "string"
+        },
+        "workspaceKey": {
+            "type": "securestring"
+        },
+        "workspaceID": {
+            "type": "string"
         }
     },
     "variables": {
@@ -28,7 +34,7 @@
         "hostingPlanName": "[concat(parameters('PlaybookName'),'hostingPlan')]",
         "siteName": "[concat(parameters('PlaybookName'),'fnct')]",
         "storageName":"[concat('deploy', uniqueString(resourceGroup().id))]",
-        "packageURL":"https://github.com/ThijsLecomte/ARM-Templates/blob/master/Get-NamedLocations/CidrIpRange.zip?raw=true",
+        "packageURL":"https://github.com/Azure/Azure-Sentinel/master/Playbooks/Save-NamedLocations/CidrIpRange.zip?raw=true",
         "sites_CidrIpRange_externalid" : "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/',resourceGroup().name, '/providers/Microsoft.Web/sites/', variables('siteName') )]",
         "Sentinel_LogName": "sentinel_namedLocations"
     },
@@ -122,7 +128,11 @@
             "location": "[resourceGroup().location]",
             "properties": {
                 "displayName": "[parameters('UserName')]",
-                "customParameterValues": {},
+                "parameterValues": {
+                    "username":"[parameters('workspaceID')]",
+                    "password":"[parameters('workspaceKey')]"
+                },
+                
                 "api": {
                     "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azureloganalyticsdatacollector')]"
                 }

Playbooks/Save-NamedLocations/readme.md

@@ -5,6 +5,13 @@ This Playbook will retrieve the Named Locations from Azure Active Directory Cond
 These named locations can be used in hunting queries.
 
 An app registration should be created with permissions: Policy.Read.All.
-The API Connection to the Log Analytics Workspace should be updated with the Workspace ID and key after deploying this.
 
-This playbook uses an Azure Function to convert CIDR ranges to IP-addresses.
+This playbook uses an Azure Function to convert CIDR ranges to IP-addresses.
+The function is deployed from the zip file which can be found in this repo.
+
+<a href="https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FPlaybooks%2Save-NamedLocations%2Fazuredeploy.json" target="_blank">
+    <img src="https://aka.ms/deploytoazurebutton"/>
+</a>
+<a href="https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FPlaybooks%2FSave-NamedLocations%2Fazuredeploy.json" target="_blank">
+<img src="https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/1-CONTRIBUTION-GUIDE/images/deploytoazuregov.png"/>
+</a>