Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Updated solution for package creation

This commit is contained in:
v-amolpatil 2022-07-01 17:36:41 +05:30
Родитель 5250930c2d
Коммит e8fb2d8dc0
17 изменённых файлов: 735 добавлений и 12 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

0
Solutions/GoogleCloudPlatformMonitor/Data Connectors/AzureFunctionGCPMonitor/function.json → Solutions/Google Cloud Platform Cloud Monitoring/Data Connectors/AzureFunctionGCPMonitor/function.json
Просмотреть файл

0
Solutions/GoogleCloudPlatformMonitor/Data Connectors/AzureFunctionGCPMonitor/main.py → Solutions/Google Cloud Platform Cloud Monitoring/Data Connectors/AzureFunctionGCPMonitor/main.py
Просмотреть файл

0
Solutions/GoogleCloudPlatformMonitor/Data Connectors/AzureFunctionGCPMonitor/sentinel_connector_async.py → Solutions/Google Cloud Platform Cloud Monitoring/Data Connectors/AzureFunctionGCPMonitor/sentinel_connector_async.py
Просмотреть файл

0
Solutions/GoogleCloudPlatformMonitor/Data Connectors/AzureFunctionGCPMonitor/state_manager.py → Solutions/Google Cloud Platform Cloud Monitoring/Data Connectors/AzureFunctionGCPMonitor/state_manager.py
Просмотреть файл

14
Solutions/GoogleCloudPlatformMonitor/Data Connectors/GCP_Monitor_API_FunctionApp.json → Solutions/Google Cloud Platform Cloud Monitoring/Data Connectors/GCP_Monitor_API_FunctionApp.json
Просмотреть файл

@ -2,8 +2,8 @@
"id": "GCPMonitorDataConnector",
"title": "Google Cloud Platform Cloud Monitoring",
"publisher": "Google",
"descriptionMarkdown": "The Google Cloud Platform Cloud Monitoring data connector provides the capability to ingest [GCP Monitoring metrics](https://cloud.google.com/monitoring/api/metrics_gcp) into Azure Sentinel using the GCP Monitoring API. Refer to [GCP Monitoring API documentation](https://cloud.google.com/monitoring/api/v3) for more information.",
"additionalRequirementBanner": ">This data connector depends on a parser based on a Kusto Function to work as expected [**GCP_MONITORING**](https://aka.ms/sentinel-GCPMonitorDataConnector-parser) which is deployed with the Azure Sentinel Solution.",
"descriptionMarkdown": "The Google Cloud Platform Cloud Monitoring data connector provides the capability to ingest [GCP Monitoring metrics](https://cloud.google.com/monitoring/api/metrics_gcp) into Microsoft Sentinel using the GCP Monitoring API. Refer to [GCP Monitoring API documentation](https://cloud.google.com/monitoring/api/v3) for more information.",
"additionalRequirementBanner": ">This data connector depends on a parser based on a Kusto Function to work as expected [**GCP_MONITORING**](https://aka.ms/sentinel-GCPMonitorDataConnector-parser) which is deployed with the Microsoft Sentinel Solution.",
"graphQueries": [
{
"metricName": "GCP Monitoring logs",
@ -33,7 +33,7 @@
],
"availability": {
"status": 1,
"isPreview": true
"isPreview": false
},
"permissions": {
"resourceProvider": [
@ -72,7 +72,7 @@
"instructionSteps": [
{
"title": "",
"description": ">**NOTE:** This connector uses Azure Functions to connect to the GCP API to pull logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details."
"description": ">**NOTE:** This connector uses Azure Functions to connect to the GCP API to pull logs into Microsoft Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details."
},
{
"title": "",
@ -80,7 +80,7 @@
},
{
"title": "",
"description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**GCP_MONITORING**](https://aka.ms/sentinel-GCPMonitorDataConnector-parser) which is deployed with the Azure Sentinel Solution."
"description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**GCP_MONITORING**](https://aka.ms/sentinel-GCPMonitorDataConnector-parser) which is deployed with the Microsoft Sentinel Solution."
},
{
"title": "",
@ -112,7 +112,7 @@
},
{
"title": "Option 1 - Azure Resource Manager (ARM) Template",
"description": "Use this method for automated deployment of the data connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-GCPMonitorDataConnector-azuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Google Cloud Platform Project Id List**, **Google Cloud Platform Metric Types List**, **Google Cloud Platform Credentials File Content**, **Azure Sentinel Workspace Id**, **Azure Sentinel Shared Key**\n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**.\n5. Click **Purchase** to deploy."
"description": "Use this method for automated deployment of the data connector using an ARM Template.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-GCPMonitorDataConnector-azuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Google Cloud Platform Project Id List**, **Google Cloud Platform Metric Types List**, **Google Cloud Platform Credentials File Content**, **Microsoft Sentinel Workspace Id**, **Microsoft Sentinel Shared Key**\n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**.\n5. Click **Purchase** to deploy."
},
{
"title": "Option 2 - Manual Deployment of Azure Functions",
@ -120,7 +120,7 @@
},
{
"title": "",
"description": "**1. Deploy a Function App**\n\n> **NOTE:** You will need to [prepare VS code](https://docs.microsoft.com/azure/azure-functions/create-first-function-vs-code-python) for Azure function development.\n\n1. Download the [Azure Function App](https://aka.ms/sentinel-GCPMonitorDataConnector-functionapp) file. Extract archive to your local development computer.\n2. Start VS Code. Choose File in the main menu and select Open Folder.\n3. Select the top level folder from extracted files.\n4. Choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose the **Deploy to function app** button.\nIf you aren't already signed in, choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose **Sign in to Azure**\nIf you're already signed in, go to the next step.\n5. Provide the following information at the prompts:\n\n\ta. **Select folder:** Choose a folder from your workspace or browse to one that contains your function app.\n\n\tb. **Select Subscription:** Choose the subscription to use.\n\n\tc. Select **Create new Function App in Azure** (Don't choose the Advanced option)\n\n\td. **Enter a globally unique name for the function app:** Type a name that is valid in a URL path. The name you type is validated to make sure that it's unique in Azure Functions.\n\n\te. **Select a runtime:** Choose Python 3.8.\n\n\tf. Select a location for new resources. For better performance and lower costs choose the same [region](https://azure.microsoft.com/regions/) where Azure Sentinel is located.\n\n6. Deployment will begin. A notification is displayed after your function app is created and the deployment package is applied.\n7. Go to Azure Portal for the Function App configuration."
"description": "**1. Deploy a Function App**\n\n> **NOTE:** You will need to [prepare VS code](https://docs.microsoft.com/azure/azure-functions/create-first-function-vs-code-python) for Azure function development.\n\n1. Download the [Azure Function App](https://aka.ms/sentinel-GCPMonitorDataConnector-functionapp) file. Extract archive to your local development computer.\n2. Start VS Code. Choose File in the main menu and select Open Folder.\n3. Select the top level folder from extracted files.\n4. Choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose the **Deploy to function app** button.\nIf you aren't already signed in, choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose **Sign in to Azure**\nIf you're already signed in, go to the next step.\n5. Provide the following information at the prompts:\n\n\ta. **Select folder:** Choose a folder from your workspace or browse to one that contains your function app.\n\n\tb. **Select Subscription:** Choose the subscription to use.\n\n\tc. Select **Create new Function App in Azure** (Don't choose the Advanced option)\n\n\td. **Enter a globally unique name for the function app:** Type a name that is valid in a URL path. The name you type is validated to make sure that it's unique in Azure Functions.\n\n\te. **Select a runtime:** Choose Python 3.8.\n\n\tf. Select a location for new resources. For better performance and lower costs choose the same [region](https://azure.microsoft.com/regions/) where Microsoft Sentinel is located.\n\n6. Deployment will begin. A notification is displayed after your function app is created and the deployment package is applied.\n7. Go to Azure Portal for the Function App configuration."
},
{
"title": "",

0
Solutions/GoogleCloudPlatformMonitor/Data Connectors/GCP_Monitor_func.zip → Solutions/Google Cloud Platform Cloud Monitoring/Data Connectors/GCP_Monitor_func.zip
Просмотреть файл

10
Solutions/GoogleCloudPlatformMonitor/Data Connectors/Logo/google_logo.svg → Solutions/Google Cloud Platform Cloud Monitoring/Data Connectors/Logo/google_logo.svg
Просмотреть файл

@ -1,6 +1,6 @@
<svg width="75" height="75" viewBox="0 0 75 75" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M75 38.3612C75 35.8121 74.7892 33.2491 74.3393 30.7413H38.2521V45.1819H58.9176C58.06 49.8393 55.3046 53.9592 51.2699 56.5773V65.9471H63.5989C70.8388 59.4158 75 49.7704 75 38.3612Z" fill="#4285F4"/>
<path d="M38.2521 75C48.5707 75 57.2727 71.6792 63.6129 65.947L51.2839 56.5772C47.8537 58.8646 43.4254 60.1598 38.2661 60.1598C28.2849 60.1598 19.8219 53.5596 16.7853 44.6858H4.06274V54.345C10.5576 67.008 23.7863 75 38.2521 75V75Z" fill="#34A853"/>
<path d="M16.7715 44.6859C15.1688 40.0285 15.1688 34.9853 16.7715 30.328V20.6688H4.06292C-1.3635 31.2649 -1.3635 43.7489 4.06292 54.345L16.7715 44.6859V44.6859Z" fill="#FBBC04"/>
<path d="M38.2521 14.8401C43.7066 14.7575 48.9784 16.7692 52.9287 20.462L63.8519 9.75561C56.9353 3.38964 47.7553 -0.11027 38.2521 -3.63953e-05C23.7863 -3.63953e-05 10.5576 7.99188 4.06274 20.6687L16.7713 30.3279C19.7938 21.4403 28.2708 14.8401 38.2521 14.8401V14.8401Z" fill="#EA4335"/>
<svg width="75" height="75" viewBox="0 0 75 75" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M75 38.3612C75 35.8121 74.7892 33.2491 74.3393 30.7413H38.2521V45.1819H58.9176C58.06 49.8393 55.3046 53.9592 51.2699 56.5773V65.9471H63.5989C70.8388 59.4158 75 49.7704 75 38.3612Z" fill="#4285F4"/>
<path d="M38.2521 75C48.5707 75 57.2727 71.6792 63.6129 65.947L51.2839 56.5772C47.8537 58.8646 43.4254 60.1598 38.2661 60.1598C28.2849 60.1598 19.8219 53.5596 16.7853 44.6858H4.06274V54.345C10.5576 67.008 23.7863 75 38.2521 75V75Z" fill="#34A853"/>
<path d="M16.7715 44.6859C15.1688 40.0285 15.1688 34.9853 16.7715 30.328V20.6688H4.06292C-1.3635 31.2649 -1.3635 43.7489 4.06292 54.345L16.7715 44.6859V44.6859Z" fill="#FBBC04"/>
<path d="M38.2521 14.8401C43.7066 14.7575 48.9784 16.7692 52.9287 20.462L63.8519 9.75561C56.9353 3.38964 47.7553 -0.11027 38.2521 -3.63953e-05C23.7863 -3.63953e-05 10.5576 7.99188 4.06274 20.6687L16.7713 30.3279C19.7938 21.4403 28.2708 14.8401 38.2521 14.8401V14.8401Z" fill="#EA4335"/>
</svg>
Режим "рядом" Свайп Оверлей

До

Ширина:  |  Высота:  |  Размер: 1.0 KiB

После

Ширина:  |  Высота:  |  Размер: 1.0 KiB

0
Solutions/GoogleCloudPlatformMonitor/Data Connectors/azuredeploy_GCP_MONITOR_API_FunctionApp.json → Solutions/Google Cloud Platform Cloud Monitoring/Data Connectors/azuredeploy_GCP_MONITOR_API_FunctionApp.json
Просмотреть файл

0
Solutions/GoogleCloudPlatformMonitor/Data Connectors/host.json → Solutions/Google Cloud Platform Cloud Monitoring/Data Connectors/host.json
Просмотреть файл

0
Solutions/GoogleCloudPlatformMonitor/Data Connectors/proxies.json → Solutions/Google Cloud Platform Cloud Monitoring/Data Connectors/proxies.json
Просмотреть файл

0
Solutions/GoogleCloudPlatformMonitor/Data Connectors/requirements.txt → Solutions/Google Cloud Platform Cloud Monitoring/Data Connectors/requirements.txt
Просмотреть файл

17
Solutions/Google Cloud Platform Cloud Monitoring/Data/Solution_GoogleCloudPlatformMonitor.json Normal file
Просмотреть файл

@ -0,0 +1,17 @@
{
"Name": "Google Cloud Platform Cloud Monitoring",
"Author": "Microsoft - support@microsoft.com",
"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/google_logo.svg\" width=\"75px\" height=\"75px\">",
"Description": "The [Google Cloud Platform](https://cloud.google.com/gcp) Cloud Monitoring data connector provides the capability to ingest [GCP Monitoring metrics](https://cloud.google.com/monitoring/api/metrics_gcp) into Microsoft Sentinel using the GCP Monitoring API. Refer to [GCP Monitoring API documentation](https://cloud.google.com/monitoring/api/v3) for more information. \n \n **Underlying Microsoft Technologies used:**\n\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs: \n \n a. [Azure Monitor HTTP Data Collector API](https://docs.microsoft.com/azure/azure-monitor/logs/data-collector-api) \n \n b. [Azure Functions](https://azure.microsoft.com/services/functions/#overview)",
"Parsers": [
"Parsers/GCP_MONITOR.txt"
],
"Data Connectors": [
"Data Connectors/GCP_Monitor_API_FunctionApp.json"
],
"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Google Cloud Platform Cloud Monitoring",
"Version": "2.0.0",
"Metadata": "SolutionMetadata.json",
"TemplateSpec": true,
"Is1Pconnector": false
}

Двоичные данные
Solutions/Google Cloud Platform Cloud Monitoring/Package/2.0.0.zip Normal file
Просмотреть файл

Двоичный файл не отображается.

92
Solutions/Google Cloud Platform Cloud Monitoring/Package/createUiDefinition.json Normal file
Просмотреть файл

@ -0,0 +1,92 @@
{
"$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
"handler": "Microsoft.Azure.CreateUIDef",
"version": "0.1.2-preview",
"parameters": {
"config": {
"isWizard": false,
"basics": {
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/google_logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Google Cloud Platform](https://cloud.google.com/gcp) Cloud Monitoring data connector provides the capability to ingest [GCP Monitoring metrics](https://cloud.google.com/monitoring/api/metrics_gcp) into Microsoft Sentinel using the GCP Monitoring API. Refer to [GCP Monitoring API documentation](https://cloud.google.com/monitoring/api/v3) for more information. \n \n **Underlying Microsoft Technologies used:**\n\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs: \n \n a. [Azure Monitor HTTP Data Collector API](https://docs.microsoft.com/azure/azure-monitor/logs/data-collector-api) \n \n b. [Azure Functions](https://azure.microsoft.com/services/functions/#overview)\n\n**Data Connectors:** 1, **Parsers:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"subscription": {
"resourceProviders": [
"Microsoft.OperationsManagement/solutions",
"Microsoft.OperationalInsights/workspaces/providers/alertRules",
"Microsoft.Insights/workbooks",
"Microsoft.Logic/workflows"
]
},
"location": {
"metadata": {
"hidden": "Hiding location, we get it from the log analytics workspace"
},
"visible": false
},
"resourceGroup": {
"allowExisting": true
}
}
},
"basics": [
{
"name": "getLAWorkspace",
"type": "Microsoft.Solutions.ArmApiControl",
"toolTip": "This filters by workspaces that exist in the Resource Group selected",
"condition": "[greater(length(resourceGroup().name),0)]",
"request": {
"method": "GET",
"path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]"
}
},
{
"name": "workspace",
"type": "Microsoft.Common.DropDown",
"label": "Workspace",
"placeholder": "Select a workspace",
"toolTip": "This dropdown will list only workspace that exists in the Resource Group selected",
"constraints": {
"allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]",
"required": true
},
"visible": true
}
],
"steps": [
{
"name": "dataconnectors",
"label": "Data Connectors",
"bladeTitle": "Data Connectors",
"elements": [
{
"name": "dataconnectors1-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "This Solution installs the data connector for Google Cloud Platform Cloud Monitoring. You can get Google Cloud Platform Cloud Monitoring custom log data in your Microsoft Sentinel workspace. Configure and enable this data connector in the Data Connector gallery after this Solution deploys. This data connector creates custom log table(s) GCP_MONITORING_CL in your Microsoft Sentinel / Azure Log Analytics workspace."
}
},
{
"name": "dataconnectors-parser-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "The Solution installs a parser that transforms the ingested data into Microsoft Sentinel normalized format. The normalized format enables better correlation of different types of data from different data sources to drive end-to-end outcomes seamlessly in security monitoring, hunting, incident investigation and response scenarios in Microsoft Sentinel."
}
},
{
"name": "dataconnectors-link2",
"type": "Microsoft.Common.TextBlock",
"options": {
"link": {
"label": "Learn more about connecting data sources",
"uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
}
}
}
]
}
],
"outputs": {
"workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
"location": "[location()]",
"workspace": "[basics('workspace')]"
}
}
}

599
Solutions/Google Cloud Platform Cloud Monitoring/Package/mainTemplate.json Normal file
Просмотреть файл

@ -0,0 +1,599 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"author": "Microsoft - support@microsoft.com",
"comments": "Solution template for Google Cloud Platform Cloud Monitoring"
},
"parameters": {
"location": {
"type": "string",
"minLength": 1,
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`. We instead use the `workspace-location` which is derived from the LA workspace"
}
},
"workspace-location": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]"
}
},
"workspace": {
"defaultValue": "",
"type": "string",
"metadata": {
"description": "Workspace name for Log Analytics where Microsoft Sentinel is setup"
}
}
},
"variables": {
"solutionId": "azuresentinel.azure-sentinel-solution-gcpmonitoring",
"_solutionId": "[variables('solutionId')]",
"email": "support@microsoft.com",
"_email": "[variables('email')]",
"parserVersion1": "1.0.0",
"parserContentId1": "GCP_MONITOR-Parser",
"_parserContentId1": "[variables('parserContentId1')]",
"parserName1": "Google Cloud Platform Cloud Monitoring Data Parser",
"_parserName1": "[concat(parameters('workspace'),'/',variables('parserName1'))]",
"parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]",
"_parserId1": "[variables('parserId1')]",
"parserTemplateSpecName1": "[concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId1')))]",
"workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
"uiConfigId1": "GCPMonitorDataConnector",
"_uiConfigId1": "[variables('uiConfigId1')]",
"dataConnectorContentId1": "GCPMonitorDataConnector",
"_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
"dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
"_dataConnectorId1": "[variables('dataConnectorId1')]",
"dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1')))]",
"dataConnectorVersion1": "1.0.0"
},
"resources": [
{
"type": "Microsoft.Resources/templateSpecs",
"apiVersion": "2021-05-01",
"name": "[variables('parserTemplateSpecName1')]",
"location": "[parameters('workspace-location')]",
"tags": {
"hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
"hidden-sentinelContentType": "Parser"
},
"properties": {
"description": "GCP_MONITOR Data Parser with template",
"displayName": "GCP_MONITOR Data Parser template"
}
},
{
"type": "Microsoft.Resources/templateSpecs/versions",
"apiVersion": "2021-05-01",
"name": "[concat(variables('parserTemplateSpecName1'),'/',variables('parserVersion1'))]",
"location": "[parameters('workspace-location')]",
"tags": {
"hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
"hidden-sentinelContentType": "Parser"
},
"dependsOn": [
"[resourceId('Microsoft.Resources/templateSpecs', variables('parserTemplateSpecName1'))]"
],
"properties": {
"description": "GCP_MONITOR Data Parser with template version 2.0.0",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('parserVersion1')]",
"parameters": {},
"variables": {},
"resources": [
{
"name": "[variables('_parserName1')]",
"apiVersion": "2020-08-01",
"type": "Microsoft.OperationalInsights/workspaces/savedSearches",
"location": "[parameters('workspace-location')]",
"properties": {
"eTag": "*",
"displayName": "Google Cloud Platform Cloud Monitoring Data Parser",
"category": "Samples",
"functionAlias": "GCP_MONITOR",
"query": "\nGCP_MONITORING_CL\r\n| extend EventVendor = 'GCP'\r\n| extend EventProduct = 'Cloud Monitoring'\r\n| project-rename MetricLabelsInstanceName=metric_labels_instance_name_s,\r\n MetricType=metric_type_s,\r\n ResourceType=resource_type_s,\r\n ResourceLabelsProjectId=resource_labels_project_id_s,\r\n ResourceLabelsInstanceId=resource_labels_instance_id_s,\r\n ResourceLabelsZone=resource_labels_zone_s,\r\n MetricKind=metricKind_s,\r\n ValueType=valueType_s,\r\n IntervalStartTime=interval_startTime_t,\r\n IntervalEndTime=interval_endTime_t,\r\n ValueInt64Value=value_int64Value_d\r\n",
"version": 1,
"tags": [
{
"name": "description",
"value": "Google Cloud Platform Cloud Monitoring Data Parser"
}
]
}
},
{
"type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
"apiVersion": "2022-01-01-preview",
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('_parserId1'),'/'))))]",
"dependsOn": [
"[variables('_parserName1')]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]",
"contentId": "[variables('_parserContentId1')]",
"kind": "Parser",
"version": "[variables('parserVersion1')]",
"source": {
"name": "Google Cloud Platform Cloud Monitoring",
"kind": "Solution",
"sourceId": "[variables('_solutionId')]"
},
"author": {
"name": "Microsoft",
"email": "[variables('_email')]"
},
"support": {
"name": "Microsoft Corporation",
"email": "support@microsoft.com",
"tier": "Microsoft",
"link": "https://support.microsoft.com"
}
}
}
]
}
}
},
{
"type": "Microsoft.OperationalInsights/workspaces/savedSearches",
"apiVersion": "2021-06-01",
"name": "[variables('_parserName1')]",
"location": "[parameters('workspace-location')]",
"properties": {
"eTag": "*",
"displayName": "Google Cloud Platform Cloud Monitoring Data Parser",
"category": "Samples",
"functionAlias": "GCP_MONITOR",
"query": "\nGCP_MONITORING_CL\r\n| extend EventVendor = 'GCP'\r\n| extend EventProduct = 'Cloud Monitoring'\r\n| project-rename MetricLabelsInstanceName=metric_labels_instance_name_s,\r\n MetricType=metric_type_s,\r\n ResourceType=resource_type_s,\r\n ResourceLabelsProjectId=resource_labels_project_id_s,\r\n ResourceLabelsInstanceId=resource_labels_instance_id_s,\r\n ResourceLabelsZone=resource_labels_zone_s,\r\n MetricKind=metricKind_s,\r\n ValueType=valueType_s,\r\n IntervalStartTime=interval_startTime_t,\r\n IntervalEndTime=interval_endTime_t,\r\n ValueInt64Value=value_int64Value_d\r\n",
"version": 1
}
},
{
"type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
"apiVersion": "2022-01-01-preview",
"location": "[parameters('workspace-location')]",
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('_parserId1'),'/'))))]",
"dependsOn": [
"[variables('_parserId1')]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]",
"contentId": "[variables('_parserContentId1')]",
"kind": "Parser",
"version": "[variables('parserVersion1')]",
"source": {
"kind": "Solution",
"name": "Google Cloud Platform Cloud Monitoring",
"sourceId": "[variables('_solutionId')]"
},
"author": {
"name": "Microsoft",
"email": "[variables('_email')]"
},
"support": {
"name": "Microsoft Corporation",
"email": "support@microsoft.com",
"tier": "Microsoft",
"link": "https://support.microsoft.com"
}
}
},
{
"type": "Microsoft.Resources/templateSpecs",
"apiVersion": "2021-05-01",
"name": "[variables('dataConnectorTemplateSpecName1')]",
"location": "[parameters('workspace-location')]",
"tags": {
"hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
"hidden-sentinelContentType": "DataConnector"
},
"properties": {
"description": "Google Cloud Platform Cloud Monitoring data connector with template",
"displayName": "Google Cloud Platform Cloud Monitoring template"
}
},
{
"type": "Microsoft.Resources/templateSpecs/versions",
"apiVersion": "2021-05-01",
"name": "[concat(variables('dataConnectorTemplateSpecName1'),'/',variables('dataConnectorVersion1'))]",
"location": "[parameters('workspace-location')]",
"tags": {
"hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
"hidden-sentinelContentType": "DataConnector"
},
"dependsOn": [
"[resourceId('Microsoft.Resources/templateSpecs', variables('dataConnectorTemplateSpecName1'))]"
],
"properties": {
"description": "Google Cloud Platform Cloud Monitoring data connector with template version 2.0.0",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('dataConnectorVersion1')]",
"parameters": {},
"variables": {},
"resources": [
{
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
"apiVersion": "2021-03-01-preview",
"type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
"location": "[parameters('workspace-location')]",
"kind": "GenericUI",
"properties": {
"connectorUiConfig": {
"id": "[variables('_uiConfigId1')]",
"title": "Google Cloud Platform Cloud Monitoring (using Azure Function)",
"publisher": "Google",
"descriptionMarkdown": "The Google Cloud Platform Cloud Monitoring data connector provides the capability to ingest [GCP Monitoring metrics](https://cloud.google.com/monitoring/api/metrics_gcp) into Microsoft Sentinel using the GCP Monitoring API. Refer to [GCP Monitoring API documentation](https://cloud.google.com/monitoring/api/v3) for more information.",
"additionalRequirementBanner": ">This data connector depends on a parser based on a Kusto Function to work as expected [**GCP_MONITORING**](https://aka.ms/sentinel-GCPMonitorDataConnector-parser) which is deployed with the Microsoft Sentinel Solution.",
"graphQueries": [
{
"metricName": "GCP Monitoring logs",
"legend": "GCP_MONITORING_CL",
"baseQuery": "GCP_MONITORING_CL"
}
],
"sampleQueries": [
{
"description": "All GCP Monitoring logs",
"query": "GCP_MONITORING_CL\n| sort by TimeGenerated desc"
}
],
"dataTypes": [
{
"name": "GCP_MONITORING_CL",
"lastDataReceivedQuery": "GCP_MONITORING_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
}
],
"connectivityCriterias": [
{
"type": "IsConnectedQuery",
"value": [
"GCP_MONITORING_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(1d)"
]
}
],
"availability": {
"status": 1,
"isPreview": false
},
"permissions": {
"resourceProvider": [
{
"provider": "Microsoft.OperationalInsights/workspaces",
"permissionsDisplayText": "read and write permissions on the workspace are required.",
"providerDisplayName": "Workspace",
"scope": "Workspace",
"requiredPermissions": {
"write": true,
"read": true,
"delete": true
}
},
{
"provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
"permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
"providerDisplayName": "Keys",
"scope": "Workspace",
"requiredPermissions": {
"action": true
}
}
],
"customs": [
{
"name": "Microsoft.Web/sites permissions",
"description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)."
},
{
"name": "GCP service account",
"description": "GCP service account with permissions to read Cloud Monitoring metrics is required for GCP Monitoring API (required *Monitoring Viewer* role). Also json file with service account key is required. See the documentation to learn more about [creating service account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) and [creating service account key](https://cloud.google.com/iam/docs/creating-managing-service-account-keys)."
}
]
},
"instructionSteps": [
{
"description": ">**NOTE:** This connector uses Azure Functions to connect to the GCP API to pull logs into Microsoft Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details."
},
{
"description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App."
},
{
"description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**GCP_MONITORING**](https://aka.ms/sentinel-GCPMonitorDataConnector-parser) which is deployed with the Microsoft Sentinel Solution."
},
{
"description": "**STEP 1 - Configuring GCP and obtaining credentials**\n\n1. [Create service account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) with Monitoring Viewer role and [get service account key json file](https://cloud.google.com/iam/docs/creating-managing-service-account-keys).\n\n2. Prepare the list of GCP projects to get metrics from. [Learn more about GCP projects](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy).\n\n3. Prepare the list of [GCP metric types](https://cloud.google.com/monitoring/api/metrics_gcp)"
},
{
"description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the data connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as Azure Blob Storage connection string and container name, readily available.",
"instructions": [
{
"parameters": {
"fillWith": [
"WorkspaceId"
],
"label": "Workspace ID"
},
"type": "CopyableLabel"
},
{
"parameters": {
"fillWith": [
"PrimaryKey"
],
"label": "Primary Key"
},
"type": "CopyableLabel"
}
]
},
{
"description": "Use this method for automated deployment of the data connector using an ARM Template.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-GCPMonitorDataConnector-azuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Google Cloud Platform Project Id List**, **Google Cloud Platform Metric Types List**, **Google Cloud Platform Credentials File Content**, **Microsoft Sentinel Workspace Id**, **Microsoft Sentinel Shared Key**\n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**.\n5. Click **Purchase** to deploy.",
"title": "Option 1 - Azure Resource Manager (ARM) Template"
},
{
"description": "Use the following step-by-step instructions to deploy the data connector manually with Azure Functions (Deployment via Visual Studio Code).",
"title": "Option 2 - Manual Deployment of Azure Functions"
},
{
"description": "**1. Deploy a Function App**\n\n> **NOTE:** You will need to [prepare VS code](https://docs.microsoft.com/azure/azure-functions/create-first-function-vs-code-python) for Azure function development.\n\n1. Download the [Azure Function App](https://aka.ms/sentinel-GCPMonitorDataConnector-functionapp) file. Extract archive to your local development computer.\n2. Start VS Code. Choose File in the main menu and select Open Folder.\n3. Select the top level folder from extracted files.\n4. Choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose the **Deploy to function app** button.\nIf you aren't already signed in, choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose **Sign in to Azure**\nIf you're already signed in, go to the next step.\n5. Provide the following information at the prompts:\n\n\ta. **Select folder:** Choose a folder from your workspace or browse to one that contains your function app.\n\n\tb. **Select Subscription:** Choose the subscription to use.\n\n\tc. Select **Create new Function App in Azure** (Don't choose the Advanced option)\n\n\td. **Enter a globally unique name for the function app:** Type a name that is valid in a URL path. The name you type is validated to make sure that it's unique in Azure Functions.\n\n\te. **Select a runtime:** Choose Python 3.8.\n\n\tf. Select a location for new resources. For better performance and lower costs choose the same [region](https://azure.microsoft.com/regions/) where Microsoft Sentinel is located.\n\n6. Deployment will begin. A notification is displayed after your function app is created and the deployment package is applied.\n7. Go to Azure Portal for the Function App configuration."
},
{
"description": "**2. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following application settings individually, with their respective string values (case-sensitive): \n\t\tGCP_PROJECT_ID\n\t\tGCP_METRICS\n\t\tGCP_CREDENTIALS_FILE_CONTENT\n\t\tWORKSPACE_ID\n\t\tSHARED_KEY\n\t\tlogAnalyticsUri (Optional)\n - Use logAnalyticsUri to override the log analytics API endpoint for dedicated cloud. For example, for public cloud, leave the value empty; for Azure GovUS cloud environment, specify the value in the following format: `https://WORKSPACE_ID.ods.opinsights.azure.us`. \n4. Once all application settings have been entered, click **Save**."
}
]
}
}
},
{
"type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
"apiVersion": "2022-01-01-preview",
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
"properties": {
"parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
"contentId": "[variables('_dataConnectorContentId1')]",
"kind": "DataConnector",
"version": "[variables('dataConnectorVersion1')]",
"source": {
"kind": "Solution",
"name": "Google Cloud Platform Cloud Monitoring",
"sourceId": "[variables('_solutionId')]"
},
"author": {
"name": "Microsoft",
"email": "[variables('_email')]"
},
"support": {
"name": "Microsoft Corporation",
"email": "support@microsoft.com",
"tier": "Microsoft",
"link": "https://support.microsoft.com"
}
}
}
]
}
}
},
{
"type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
"apiVersion": "2022-01-01-preview",
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
"dependsOn": [
"[variables('_dataConnectorId1')]"
],
"location": "[parameters('workspace-location')]",
"properties": {
"parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
"contentId": "[variables('_dataConnectorContentId1')]",
"kind": "DataConnector",
"version": "[variables('dataConnectorVersion1')]",
"source": {
"kind": "Solution",
"name": "Google Cloud Platform Cloud Monitoring",
"sourceId": "[variables('_solutionId')]"
},
"author": {
"name": "Microsoft",
"email": "[variables('_email')]"
},
"support": {
"name": "Microsoft Corporation",
"email": "support@microsoft.com",
"tier": "Microsoft",
"link": "https://support.microsoft.com"
}
}
},
{
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
"apiVersion": "2021-03-01-preview",
"type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
"location": "[parameters('workspace-location')]",
"kind": "GenericUI",
"properties": {
"connectorUiConfig": {
"title": "Google Cloud Platform Cloud Monitoring (using Azure Function)",
"publisher": "Google",
"descriptionMarkdown": "The Google Cloud Platform Cloud Monitoring data connector provides the capability to ingest [GCP Monitoring metrics](https://cloud.google.com/monitoring/api/metrics_gcp) into Microsoft Sentinel using the GCP Monitoring API. Refer to [GCP Monitoring API documentation](https://cloud.google.com/monitoring/api/v3) for more information.",
"graphQueries": [
{
"metricName": "GCP Monitoring logs",
"legend": "GCP_MONITORING_CL",
"baseQuery": "GCP_MONITORING_CL"
}
],
"dataTypes": [
{
"name": "GCP_MONITORING_CL",
"lastDataReceivedQuery": "GCP_MONITORING_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
}
],
"connectivityCriterias": [
{
"type": "IsConnectedQuery",
"value": [
"GCP_MONITORING_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(1d)"
]
}
],
"sampleQueries": [
{
"description": "All GCP Monitoring logs",
"query": "GCP_MONITORING_CL\n| sort by TimeGenerated desc"
}
],
"availability": {
"status": 1,
"isPreview": false
},
"permissions": {
"resourceProvider": [
{
"provider": "Microsoft.OperationalInsights/workspaces",
"permissionsDisplayText": "read and write permissions on the workspace are required.",
"providerDisplayName": "Workspace",
"scope": "Workspace",
"requiredPermissions": {
"write": true,
"read": true,
"delete": true
}
},
{
"provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
"permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
"providerDisplayName": "Keys",
"scope": "Workspace",
"requiredPermissions": {
"action": true
}
}
],
"customs": [
{
"name": "Microsoft.Web/sites permissions",
"description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)."
},
{
"name": "GCP service account",
"description": "GCP service account with permissions to read Cloud Monitoring metrics is required for GCP Monitoring API (required *Monitoring Viewer* role). Also json file with service account key is required. See the documentation to learn more about [creating service account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) and [creating service account key](https://cloud.google.com/iam/docs/creating-managing-service-account-keys)."
}
]
},
"instructionSteps": [
{
"description": ">**NOTE:** This connector uses Azure Functions to connect to the GCP API to pull logs into Microsoft Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details."
},
{
"description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App."
},
{
"description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**GCP_MONITORING**](https://aka.ms/sentinel-GCPMonitorDataConnector-parser) which is deployed with the Microsoft Sentinel Solution."
},
{
"description": "**STEP 1 - Configuring GCP and obtaining credentials**\n\n1. [Create service account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) with Monitoring Viewer role and [get service account key json file](https://cloud.google.com/iam/docs/creating-managing-service-account-keys).\n\n2. Prepare the list of GCP projects to get metrics from. [Learn more about GCP projects](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy).\n\n3. Prepare the list of [GCP metric types](https://cloud.google.com/monitoring/api/metrics_gcp)"
},
{
"description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the data connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as Azure Blob Storage connection string and container name, readily available.",
"instructions": [
{
"parameters": {
"fillWith": [
"WorkspaceId"
],
"label": "Workspace ID"
},
"type": "CopyableLabel"
},
{
"parameters": {
"fillWith": [
"PrimaryKey"
],
"label": "Primary Key"
},
"type": "CopyableLabel"
}
]
},
{
"description": "Use this method for automated deployment of the data connector using an ARM Template.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-GCPMonitorDataConnector-azuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Google Cloud Platform Project Id List**, **Google Cloud Platform Metric Types List**, **Google Cloud Platform Credentials File Content**, **Microsoft Sentinel Workspace Id**, **Microsoft Sentinel Shared Key**\n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**.\n5. Click **Purchase** to deploy.",
"title": "Option 1 - Azure Resource Manager (ARM) Template"
},
{
"description": "Use the following step-by-step instructions to deploy the data connector manually with Azure Functions (Deployment via Visual Studio Code).",
"title": "Option 2 - Manual Deployment of Azure Functions"
},
{
"description": "**1. Deploy a Function App**\n\n> **NOTE:** You will need to [prepare VS code](https://docs.microsoft.com/azure/azure-functions/create-first-function-vs-code-python) for Azure function development.\n\n1. Download the [Azure Function App](https://aka.ms/sentinel-GCPMonitorDataConnector-functionapp) file. Extract archive to your local development computer.\n2. Start VS Code. Choose File in the main menu and select Open Folder.\n3. Select the top level folder from extracted files.\n4. Choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose the **Deploy to function app** button.\nIf you aren't already signed in, choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose **Sign in to Azure**\nIf you're already signed in, go to the next step.\n5. Provide the following information at the prompts:\n\n\ta. **Select folder:** Choose a folder from your workspace or browse to one that contains your function app.\n\n\tb. **Select Subscription:** Choose the subscription to use.\n\n\tc. Select **Create new Function App in Azure** (Don't choose the Advanced option)\n\n\td. **Enter a globally unique name for the function app:** Type a name that is valid in a URL path. The name you type is validated to make sure that it's unique in Azure Functions.\n\n\te. **Select a runtime:** Choose Python 3.8.\n\n\tf. Select a location for new resources. For better performance and lower costs choose the same [region](https://azure.microsoft.com/regions/) where Microsoft Sentinel is located.\n\n6. Deployment will begin. A notification is displayed after your function app is created and the deployment package is applied.\n7. Go to Azure Portal for the Function App configuration."
},
{
"description": "**2. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following application settings individually, with their respective string values (case-sensitive): \n\t\tGCP_PROJECT_ID\n\t\tGCP_METRICS\n\t\tGCP_CREDENTIALS_FILE_CONTENT\n\t\tWORKSPACE_ID\n\t\tSHARED_KEY\n\t\tlogAnalyticsUri (Optional)\n - Use logAnalyticsUri to override the log analytics API endpoint for dedicated cloud. For example, for public cloud, leave the value empty; for Azure GovUS cloud environment, specify the value in the following format: `https://WORKSPACE_ID.ods.opinsights.azure.us`. \n4. Once all application settings have been entered, click **Save**."
}
],
"id": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_uiConfigId1'))]",
"additionalRequirementBanner": ">This data connector depends on a parser based on a Kusto Function to work as expected [**GCP_MONITORING**](https://aka.ms/sentinel-GCPMonitorDataConnector-parser) which is deployed with the Microsoft Sentinel Solution."
}
}
},
{
"type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
"apiVersion": "2022-01-01-preview",
"location": "[parameters('workspace-location')]",
"properties": {
"version": "2.0.0",
"kind": "Solution",
"contentSchemaVersion": "2.0.0",
"contentId": "[variables('_solutionId')]",
"parentId": "[variables('_solutionId')]",
"source": {
"kind": "Solution",
"name": "Google Cloud Platform Cloud Monitoring",
"sourceId": "[variables('_solutionId')]"
},
"author": {
"name": "Microsoft",
"email": "[variables('_email')]"
},
"support": {
"name": "Microsoft Corporation",
"email": "support@microsoft.com",
"tier": "Microsoft",
"link": "https://support.microsoft.com"
},
"dependencies": {
"operator": "AND",
"criteria": [
{
"kind": "Parser",
"contentId": "[variables('_parserContentId1')]",
"version": "[variables('parserVersion1')]"
},
{
"kind": "DataConnector",
"contentId": "[variables('_dataConnectorContentId1')]",
"version": "[variables('dataConnectorVersion1')]"
}
]
},
"firstPublishDate": "2022-07-01",
"providers": [
"Google"
],
"categories": {
"domains": [
"Cloud Provider"
]
}
},
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('_solutionId'))]"
}
],
"outputs": {}
}

0
Solutions/GoogleCloudPlatformMonitor/Parsers/GCP_MONITOR.txt → Solutions/Google Cloud Platform Cloud Monitoring/Parsers/GCP_MONITOR.txt
Просмотреть файл

15
Solutions/Google Cloud Platform Cloud Monitoring/SolutionMetadata.json Normal file
Просмотреть файл

@ -0,0 +1,15 @@
{
"publisherId": "azuresentinel",
"offerId": "azure-sentinel-solution-gcpmonitoring",
"firstPublishDate": "2022-07-01",
"providers": ["Google"],
"categories": {
"domains" : ["Cloud Provider"]
},
"support": {
"name": "Microsoft Corporation",
"email": "support@microsoft.com",
"tier": "Microsoft",
"link": "https://support.microsoft.com"
}
}