46 строки
1.4 KiB
JSON
46 строки
1.4 KiB
JSON
{
|
|
"$schema": "https://schema.management.azure.com/schemas/2019-08-01/deploymentTemplate.json#",
|
|
"contentVersion": "1.0.0.0",
|
|
"parameters": {
|
|
"Workspace": {
|
|
"type": "string",
|
|
"metadata": {
|
|
"description": "The Microsoft Sentinel workspace into which the function will be deployed. Has to be in the selected Resource Group."
|
|
}
|
|
},
|
|
"WorkspaceRegion": {
|
|
"type": "string",
|
|
"defaultValue": "[resourceGroup().location]",
|
|
"metadata": {
|
|
"description": "The region of the selected workspace. The default value will use the Region selection above."
|
|
}
|
|
}
|
|
},
|
|
"resources": [
|
|
{
|
|
"type": "Microsoft.OperationalInsights/workspaces",
|
|
"apiVersion": "2017-03-15-preview",
|
|
"name": "[parameters('Workspace')]",
|
|
"location": "[parameters('WorkspaceRegion')]",
|
|
"resources": [
|
|
{
|
|
"type": "savedSearches",
|
|
"apiVersion": "2020-08-01",
|
|
"name": "ASimEmptyView",
|
|
"dependsOn": [
|
|
"[concat('Microsoft.OperationalInsights/workspaces/', parameters('Workspace'))]"
|
|
],
|
|
"properties": {
|
|
"etag": "*",
|
|
"displayName": "Web Session ASIM filtering parser",
|
|
"category": "Security",
|
|
"FunctionAlias": "ASimEmptyView",
|
|
"query": "datatable (EventType:string) []\n",
|
|
"version": 1
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|