Merge pull request #982 from richlilly2004/ImportPlaybooks
Create Add-PlaybooksToSentinel.ps1
This commit is contained in:
dicolanl
GitHub
Коммит
ffa26aea94
|
|
@ -0,0 +1,3 @@
|
|||
{
|
||||
"powershell.codeFormatting.addWhitespaceAroundPipe": true
|
||||
}
|
||||
|
|
@ -0,0 +1,164 @@
|
|||
<#
|
||||
Add-PlaybooksToSentinel.ps1
|
||||
Authors: Tom Lilly @tlilly2010 (@TheTomLilly), Rich Lilly @richlilly2004 (@richlilly) - Netrix LLC (https://www.netrixllc.com)
|
||||
From https://github.com/Azure/Azure-Sentinel/PLACEHOLDER
|
||||
Last Updated Date: August 18, 2020
|
||||
|
||||
This PowerShell script will enumerate a local Github repository clone of https://github.com/Azure/Azure-Sentinel/Playbook, or a cloud repo can be provided (defaults to Azure/Azure-Sentinel)
|
||||
ask for a multi-select of the playbooks to import and import them.
|
||||
At the time of authoring, additional API authorization will have to be completed, but this is being worked on :)
|
||||
|
||||
Select your Playbooks, Subscription, Resource Group, Username (for assignment)
|
||||
NOTE: If there is a non-standard parameter (ie not playbook name or username, you will prompted for that field entry (ie API key, etc))
|
||||
|
||||
Profit :)
|
||||
|
||||
Reqirements: Local GitHub Repo or URI of online repo, PowerShell Module Az.Resources
|
||||
RepoUri: Specify Github Repo in format https://github.com/<owner>/<repo>/tree/master/<
|
||||
RepoDirectory: Specify local cloned repo, ie C:\Github\Azure-Sentinel\Playbooks
|
||||
Permissions: Contributor on the Resource Group
|
||||
#>
|
||||
#Requires -Module Az.Resources
|
||||
|
||||
[CmdletBinding(DefaultParameterSetName = "CloudRepo")]
|
||||
param (
|
||||
[Parameter(ParameterSetName = "CloudRepo")]
|
||||
[string]
|
||||
$repoUri = "https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks",
|
||||
|
||||
[Parameter(ParameterSetName = "LocalRepo")]
|
||||
[string]
|
||||
$repoDirectory
|
||||
)
|
||||
|
||||
if($PSCmdlet.ParameterSetName -eq "CloudRepo")
|
||||
{
|
||||
$uriArray = $repoUri.Split("/")
|
||||
$gitOwner = $uriArray[3]
|
||||
$gitRepo = $uriArray[4]
|
||||
$gitPath = $uriArray[7]
|
||||
|
||||
$apiUri = "https://api.github.com/repos/$gitOwner/$gitRepo/contents/$gitPath"
|
||||
|
||||
$response = (Invoke-WebRequest $apiUri).Content | ConvertFrom-Json
|
||||
$playbooks = $response| Where-Object {$_.Name -notlike "*.*"} | Select-Object Name | Out-GridView -Title "Select Playbooks to Deploy" -PassThru
|
||||
|
||||
}
|
||||
elseif($PSCmdlet.ParameterSetName -eq "LocalRepo")
|
||||
{
|
||||
$playbooks = Get-ChildItem -LiteralPath $repoDirectory |Where-Object {$_.Name -notlike "*.*"} | Select-Object Name | Out-GridView -Title "Select Playbooks to Deploy" -PassThru
|
||||
}
|
||||
|
||||
Connect-AzAccount
|
||||
|
||||
$subscription = Get-AzSubscription | Out-GridView -Title "Select Subscription to Deploy Playbooks to" -PassThru
|
||||
Select-AzSubscription -SubscriptionName $subscription.Name
|
||||
$rg = Get-AzResourceGroup | Out-GridView -Title "Select Resource Group to Deploy Playbooks to" -PassThru
|
||||
|
||||
$userName = Read-Host -Prompt "Enter the Username to use for API connections"
|
||||
$playbookName = "PLACEHOLDER"
|
||||
|
||||
$armTemplateParameters = New-Object System.Collections.Arraylist
|
||||
|
||||
Write-Host -ForegroundColor Green "Extracting and consolidating all Playbook Parameters"
|
||||
foreach($playbook in $playbooks.Name)
|
||||
{
|
||||
if($PSCmdlet.ParameterSetName -eq "CloudRepo")
|
||||
{
|
||||
$playbookUri = "$apiUri/$playbook"
|
||||
$response = (Invoke-WebRequest $playbookUri).Content | ConvertFrom-Json
|
||||
$templates = ($response |Where-Object {$_.download_url -like "*.json"}).download_url
|
||||
}
|
||||
elseif($PSCmdlet.ParameterSetName -eq "LocalRepo")
|
||||
{
|
||||
$templates = (Get-ChildItem "$repoDirectory\$($playbook)\*.json" | Select-Object -ExpandProperty VersionInfo).FileName
|
||||
}
|
||||
|
||||
foreach($template in $templates)
|
||||
{
|
||||
if($PSCmdlet.ParameterSetName -eq "CloudRepo")
|
||||
{
|
||||
$templateObj = Invoke-WebRequest $template | ConvertFrom-Json
|
||||
}
|
||||
elseif($PSCmdlet.ParameterSetName -eq "LocalRepo")
|
||||
{
|
||||
$templateObj = Get-Content $template | ConvertFrom-Json
|
||||
}
|
||||
|
||||
$params = $templateObj.parameters | Get-Member -MemberType NoteProperty | Select-Object Name
|
||||
Write-Host "Sentinel Workbook: $($playbook)"
|
||||
Write-Host "Parameters: $($params.Name)"
|
||||
|
||||
foreach($param in $params.Name)
|
||||
{
|
||||
$armTemplateParameters.Add($param) | Out-Null
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Write-Host -ForegroundColor Green "Populating values for Playbook Parameters"
|
||||
$armTemplateParametersUnique = $armTemplateParameters | Select-Object -Unique
|
||||
|
||||
foreach($armTemplateParameter in $armTemplateParametersUnique)
|
||||
{
|
||||
try {
|
||||
$paramValue = (Get-Variable $armTemplateParameter -ErrorAction Stop).Value
|
||||
}
|
||||
catch {
|
||||
Write-Host -ForegroundColor Red "Unable to find value for parameter $armTemplateParameter"
|
||||
$paramValue = Read-Host "Please enter a value for parameter $armTemplateParameter"
|
||||
New-Variable -Name $armTemplateParameter -Value $paramValue
|
||||
}
|
||||
}
|
||||
|
||||
Write-Host -ForegroundColor Green "Deploying Playbooks"
|
||||
foreach($playbook in $playbooks.Name)
|
||||
{
|
||||
if($PSCmdlet.ParameterSetName -eq "CloudRepo")
|
||||
{
|
||||
$playbookUri = "$apiUri/$playbook"
|
||||
$response = (Invoke-WebRequest $playbookUri).Content | ConvertFrom-Json
|
||||
$templates = ($response |Where-Object {$_.download_url -like "*.json"}).download_url
|
||||
}
|
||||
elseif($PSCmdlet.ParameterSetName -eq "LocalRepo")
|
||||
{
|
||||
$templates = (Get-ChildItem "$repoDirectory\$($playbook)\*.json" | Select-Object -ExpandProperty VersionInfo).FileName
|
||||
}
|
||||
|
||||
Set-Variable -Name "PlaybookName" -Value $playbook
|
||||
|
||||
foreach($template in $templates)
|
||||
{
|
||||
if($PSCmdlet.ParameterSetName -eq "CloudRepo")
|
||||
{
|
||||
$templateObj = Invoke-WebRequest $template | ConvertFrom-Json
|
||||
}
|
||||
elseif($PSCmdlet.ParameterSetName -eq "LocalRepo")
|
||||
{
|
||||
$templateObj = Get-Content $template | ConvertFrom-Json
|
||||
}
|
||||
|
||||
$params = $templateObj.parameters | Get-Member -MemberType NoteProperty | Select-Object Name
|
||||
Write-Host "Sentinel Workbook: $($playbook)"
|
||||
Write-Host "Parameters: $($params.Name)"
|
||||
|
||||
$templateParamTable = @{}
|
||||
|
||||
foreach($param in $params.Name)
|
||||
{
|
||||
$paramValue = (Get-Variable -Name $param).Value
|
||||
$templateParamTable.Add($param,$paramValue)
|
||||
}
|
||||
|
||||
Write-Host -ForegroundColor Yellow "Deploying Playbook $playbook"
|
||||
if($PSCmdlet.ParameterSetName -eq "CloudRepo")
|
||||
{
|
||||
New-AzResourceGroupDeployment -Name "SentinelPlaybook-$($playbook)" -ResourceGroupName $rg.ResourceGroupName -TemplateUri $template -TemplateParameterObject $templateParamTable
|
||||
|
||||
}
|
||||
elseif($PSCmdlet.ParameterSetName -eq "LocalRepo")
|
||||
{
|
||||
New-AzResourceGroupDeployment -Name "SentinelPlaybook-$($playbook)" -ResourceGroupName $rg.ResourceGroupName -TemplateFile $template -TemplateParameterObject $templateParamTable
|
||||
}
|
||||
}
|
||||
}
|
||||
Загрузка…
Ссылка в новой задаче