Azure-Sentinel/ASIM/deploy/EmptyCustomUnifyingParsers/ASim_NetworkSessionCustom.json

{
  "$schema": "https://schema.management.azure.com/schemas/2019-08-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "Workspace": {
      "type": "string",
      "metadata": {
        "description": "The Microsoft Sentinel workspace into which the function will be deployed. Has to be in the selected Resource Group."
      }
    },
    "WorkspaceRegion": {
      "type": "string",
      "defaultValue": "[resourceGroup().location]",
      "metadata": {
        "description": "The region of the selected workspace. The default value will use the Region selection above."
      }
    }
  },
  "resources": [
    {
      "type": "Microsoft.OperationalInsights/workspaces",
      "apiVersion": "2017-03-15-preview",
      "name": "[parameters('Workspace')]",
      "location": "[parameters('WorkspaceRegion')]",
      "resources": [
        {
          "type": "savedSearches",
          "apiVersion": "2020-08-01",
          "name": "ASim_NetworkSessionCustom",
          "dependsOn": [
            "[concat('Microsoft.OperationalInsights/workspaces/', parameters('Workspace'))]"
          ],
          "properties": {
            "etag": "*",
            "displayName": "ASIM empty NetworkSession custom parser",
            "category": "Security",
            "FunctionAlias": "ASim_NetworkSessionCustom",
            "query": "union ASimEmptyView\n",
            "version": 1,
            "functionParameters": "disabled:bool=False,pack:bool=false"      
          }
        }
      ]
    }
  ]
}