Azure-Sentinel/deploy.json

{
    "properties": {
        "immutableId": "dcr-921991fa23a644c599ed829572aa35b5",
        "dataSources": {
            "windowsEventLogs": [
                {
                    "streams": [
                        "Microsoft-WindowsEvent"
                    ],
                    "xPathQueries": [
                        "ForwardedEvents!*"
                    ],
                    "name": "eventLogsDataSource"
                }
            ]
        },
        "destinations": {
            "logAnalytics": [
                {
                    "workspaceResourceId": "/subscriptions/78ffdd91-611e-402f-8a7e-7ab0b209b7c6/resourceGroups/3pdatasample/providers/Microsoft.OperationalInsights/workspaces/3p-test-customdata",
                    "workspaceId": "6b57e303-6aa4-4f18-b3ba-b2f816756897",
                    "name": "DataCollectionEvent"
                }
            ]
        },
        "dataFlows": [
            {
                "streams": [
                    "Microsoft-WindowsEvent"
                ],
                "destinations": [
                    "DataCollectionEvent"
                ]
            }
        ],
        "provisioningState": "Succeeded"
    },
    "location": "eastus2",
    "tags": {},
    "kind": "Windows",
    "id": "/subscriptions/de5fb112-5d5d-42d4-a9ea-5f3b1359c6a6/resourceGroups/yuvalnaor-rg/providers/Microsoft.Insights/dataCollectionRules/sysmon-flow",
    "name": "sysmon-flow",
    "type": "Microsoft.Insights/dataCollectionRules",
    "etag": "\"f7012089-0000-0200-0000-6124bf910000\"",
    "systemData": {
        "createdBy": "t-yuvalnaor@microsoft.com",
        "createdByType": "User",
        "createdAt": "2021-08-24T09:44:49.4703581Z",
        "lastModifiedBy": "t-yuvalnaor@microsoft.com",
        "lastModifiedByType": "User",
        "lastModifiedAt": "2021-08-24T09:44:49.4703581Z"
    }
}