Azure-Sentinel/Solutions/Veritas NetBackup/Package/createUiDefinition.json

{
  "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
  "handler": "Microsoft.Azure.CreateUIDef",
  "version": "0.1.2-preview",
  "parameters": {
    "config": {
      "isWizard": false,
      "basics": {
        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Veritas%20NetBackup/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Veritas](https://www.veritas.com/) solution for Microsoft Sentinel allows you to analyze NetBackup audit events. The solution uses analytics rules to automatically generate incidents when an abnormal user activity is detected in NetBackup.\n\n**Analytic Rules:** 2\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
        "subscription": {
          "resourceProviders": [
            "Microsoft.OperationsManagement/solutions",
            "Microsoft.OperationalInsights/workspaces/providers/alertRules",
            "Microsoft.Insights/workbooks",
            "Microsoft.Logic/workflows"
          ]
        },
        "location": {
          "metadata": {
            "hidden": "Hiding location, we get it from the log analytics workspace"
          },
          "visible": false
        },
        "resourceGroup": {
          "allowExisting": true
        }
      }
    },
    "basics": [
      {
        "name": "getLAWorkspace",
        "type": "Microsoft.Solutions.ArmApiControl",
        "toolTip": "This filters by workspaces that exist in the Resource Group selected",
        "condition": "[greater(length(resourceGroup().name),0)]",
        "request": {
          "method": "GET",
          "path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]"
        }
      },
      {
        "name": "workspace",
        "type": "Microsoft.Common.DropDown",
        "label": "Workspace",
        "placeholder": "Select a workspace",
        "toolTip": "This dropdown will list only workspace that exists in the Resource Group selected",
        "constraints": {
          "allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]",
          "required": true
        },
        "visible": true
      }
    ],
    "steps": [
      {
        "name": "analytics",
        "label": "Analytics",
        "subLabel": {
          "preValidation": "Configure the analytics",
          "postValidation": "Done"
        },
        "bladeTitle": "Analytics",
        "elements": [
          {
            "name": "analytics-text",
            "type": "Microsoft.Common.TextBlock",
            "options": {
              "text": "This solution installs the following analytic rule templates. After installing the solution, create and enable analytic rules in Manage solution view."
            }
          },
          {
            "name": "analytics-link",
            "type": "Microsoft.Common.TextBlock",
            "options": {
              "link": {
                "label": "Learn more",
                "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-detect-threats-custom?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef"
              }
            }
          },
          {
            "name": "analytic1",
            "type": "Microsoft.Common.Section",
            "label": "Alarming number of anomalies generated in NetBackup",
            "elements": [
              {
                "name": "analytic1-text",
                "type": "Microsoft.Common.TextBlock",
                "options": {
                  "text": "This rule generates an incident when an alarming number of anomalies are generated in the last 15 minutes."
                }
              }
            ]
          },
          {
            "name": "analytic2",
            "type": "Microsoft.Common.Section",
            "label": "Multiple failed attempts of NetBackup login",
            "elements": [
              {
                "name": "analytic2-text",
                "type": "Microsoft.Common.TextBlock",
                "options": {
                  "text": "This rule generates an incident when there are more than 5 failed login attemts for a given host in the last 15 minutes."
                }
              }
            ]
          }
        ]
      }
    ],
    "outputs": {
      "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
      "location": "[location()]",
      "workspace": "[basics('workspace')]"
    }
  }
}