138 строки
4.9 KiB
JSON
138 строки
4.9 KiB
JSON
{
|
|
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
|
"contentVersion": "1.0.0.0",
|
|
"parameters": {
|
|
"workspaceName": {
|
|
"type": "string"
|
|
},
|
|
"location": {
|
|
"type": "string"
|
|
}
|
|
},
|
|
"variables": {},
|
|
"resources": [
|
|
{
|
|
"type": "Microsoft.Resources/deployments",
|
|
"apiVersion": "2020-10-01",
|
|
"name": "linkedvimFileEventMicrosoftSysmon",
|
|
"properties": {
|
|
"mode": "Incremental",
|
|
"templateLink": {
|
|
"uri": "https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Parsers/ASimFileEvent/ARM/vimFileEventMicrosoftSysmon/vimFileEventMicrosoftSysmon.json",
|
|
"contentVersion": "1.0.0.0"
|
|
},
|
|
"parameters": {
|
|
"Workspace": {
|
|
"value": "[parameters('workspaceName')]"
|
|
},
|
|
"WorkspaceRegion": {
|
|
"value": "[parameters('location')]"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "Microsoft.Resources/deployments",
|
|
"apiVersion": "2020-10-01",
|
|
"name": "linkedvimProcessCreateMicrosoftSysmon",
|
|
"properties": {
|
|
"mode": "Incremental",
|
|
"templateLink": {
|
|
"uri": "https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Parsers/ASimProcessEvent/ARM/vimProcessCreateMicrosoftSysmon/vimProcessCreateMicrosoftSysmon.json",
|
|
"contentVersion": "1.0.0.0"
|
|
},
|
|
"parameters": {
|
|
"Workspace": {
|
|
"value": "[parameters('workspaceName')]"
|
|
},
|
|
"WorkspaceRegion": {
|
|
"value": "[parameters('location')]"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "Microsoft.Resources/deployments",
|
|
"apiVersion": "2020-10-01",
|
|
"name": "linkedvimProcessTerminateMicrosoftSysmon",
|
|
"properties": {
|
|
"mode": "Incremental",
|
|
"templateLink": {
|
|
"uri": "https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Parsers/ASimProcessEvent/ARM/vimProcessTerminateMicrosoftSysmon/vimProcessTerminateMicrosoftSysmon.json",
|
|
"contentVersion": "1.0.0.0"
|
|
},
|
|
"parameters": {
|
|
"Workspace": {
|
|
"value": "[parameters('workspaceName')]"
|
|
},
|
|
"WorkspaceRegion": {
|
|
"value": "[parameters('location')]"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "Microsoft.Resources/deployments",
|
|
"apiVersion": "2020-10-01",
|
|
"name": "linkedvimRegistryEventMicrosoftSysmon",
|
|
"properties": {
|
|
"mode": "Incremental",
|
|
"templateLink": {
|
|
"uri": "https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Parsers/ASimRegistryEvent/ARM/vimRegistryEventMicrosoftSysmon/vimRegistryEventMicrosoftSysmon.json",
|
|
"contentVersion": "1.0.0.0"
|
|
},
|
|
"parameters": {
|
|
"Workspace": {
|
|
"value": "[parameters('workspaceName')]"
|
|
},
|
|
"WorkspaceRegion": {
|
|
"value": "[parameters('location')]"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "Microsoft.Resources/deployments",
|
|
"apiVersion": "2020-10-01",
|
|
"name": "linkedvimDnsMicrosoftSysmon",
|
|
"properties": {
|
|
"mode": "Incremental",
|
|
"templateLink": {
|
|
"uri": "https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Parsers/ASimDns/ARM/vimDnsMicrosoftSysmon/vimDnsMicrosoftSysmon.json",
|
|
"contentVersion": "1.0.0.0"
|
|
},
|
|
"parameters": {
|
|
"Workspace": {
|
|
"value": "[parameters('workspaceName')]"
|
|
},
|
|
"WorkspaceRegion": {
|
|
"value": "[parameters('location')]"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "Microsoft.Resources/deployments",
|
|
"apiVersion": "2020-10-01",
|
|
"name": "linkedASimDnsMicrosoftSysmon",
|
|
"properties": {
|
|
"mode": "Incremental",
|
|
"templateLink": {
|
|
"uri": "https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Parsers/ASimDns/ARM/ASimDnsMicrosoftSysmon/ASimDnsMicrosoftSysmon.json",
|
|
"contentVersion": "1.0.0.0"
|
|
},
|
|
"parameters": {
|
|
"Workspace": {
|
|
"value": "[parameters('workspaceName')]"
|
|
},
|
|
"WorkspaceRegion": {
|
|
"value": "[parameters('location')]"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"outputs": {
|
|
}
|
|
}
|