From b43b8c80ec4948f005e011e69155634ca4b3bf3d Mon Sep 17 00:00:00 2001 From: Alex Anders Date: Sat, 19 Aug 2023 12:00:34 -0600 Subject: [PATCH 1/7] Updated URI parameters to reflect correct repo. --- .../M365Defender-VulnerabilityManagement/azureDeploy.json | 8 ++++---- .../azureDeployNetworkRestricted.json | 8 ++++---- .../M365Defender-VulnerabilityManagement/main.bicep | 6 +++--- .../mainNetworkRestricted.bicep | 6 +++--- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/DataConnectors/M365Defender-VulnerabilityManagement/azureDeploy.json b/DataConnectors/M365Defender-VulnerabilityManagement/azureDeploy.json index 98612bb1472..0d42b8d1d7d 100644 --- a/DataConnectors/M365Defender-VulnerabilityManagement/azureDeploy.json +++ b/DataConnectors/M365Defender-VulnerabilityManagement/azureDeploy.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.13.1.58284", - "templateHash": "565765809013731276" + "templateHash": "11656124487358224979" } }, "parameters": { @@ -46,14 +46,14 @@ }, "FunctionAppPackageUri": { "type": "string", - "defaultValue": "https://raw.githubusercontent.com/anders-alex/Azure-Sentinel/DataConnector-M365Defender-VulnerabilityManagement/DataConnectors/M365Defender-VulnerabilityManagement/functionPackage.zip", + "defaultValue": "https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/M365Defender-VulnerabilityManagement/functionPackage.zip", "metadata": { "description": "Uri where the Function App package is located. Use default value unless you are hosting the package somewhere else." } }, "DeploymentScriptUri": { "type": "string", - "defaultValue": "https://raw.githubusercontent.com/anders-alex/Azure-Sentinel/DataConnector-M365Defender-VulnerabilityManagement/DataConnectors/M365Defender-VulnerabilityManagement/deploymentScript.ps1", + "defaultValue": "https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/M365Defender-VulnerabilityManagement/deploymentScript.ps1", "metadata": { "description": "Uri where the post deployment script is located. This is used to publish the Function App code after the resources have been deploted. Use default value unless you are hosting the script somewhere else." } @@ -392,7 +392,7 @@ } }, "properties": { - "azPowerShellVersion": "8.3", + "azPowerShellVersion": "10", "retentionInterval": "PT1H", "timeout": "PT5M", "cleanupPreference": "Always", diff --git a/DataConnectors/M365Defender-VulnerabilityManagement/azureDeployNetworkRestricted.json b/DataConnectors/M365Defender-VulnerabilityManagement/azureDeployNetworkRestricted.json index 79035d60b79..f5fa9a063c0 100644 --- a/DataConnectors/M365Defender-VulnerabilityManagement/azureDeployNetworkRestricted.json +++ b/DataConnectors/M365Defender-VulnerabilityManagement/azureDeployNetworkRestricted.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.13.1.58284", - "templateHash": "8888576794211067773" + "templateHash": "3223388678154082447" } }, "parameters": { @@ -53,14 +53,14 @@ }, "FunctionAppPackageUri": { "type": "string", - "defaultValue": "https://raw.githubusercontent.com/anders-alex/Azure-Sentinel/DataConnector-M365Defender-VulnerabilityManagement/DataConnectors/M365Defender-VulnerabilityManagement/functionPackage.zip", + "defaultValue": "https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/M365Defender-VulnerabilityManagement/functionPackage.zip", "metadata": { "description": "Uri where the Function App package is located. Use default value unless you are hosting the package somewhere else." } }, "DeploymentScriptUri": { "type": "string", - "defaultValue": "https://raw.githubusercontent.com/anders-alex/Azure-Sentinel/DataConnector-M365Defender-VulnerabilityManagement/DataConnectors/M365Defender-VulnerabilityManagement/deploymentScript.ps1", + "defaultValue": "https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/M365Defender-VulnerabilityManagement/deploymentScript.ps1", "metadata": { "description": "Uri where the post deployment script is located. This is used to publish the Function App code after the resources have been deploted. Use default value unless you are hosting the script somewhere else." } @@ -736,7 +736,7 @@ } }, "properties": { - "azPowerShellVersion": "8.3", + "azPowerShellVersion": "10", "retentionInterval": "PT1H", "timeout": "PT5M", "cleanupPreference": "Always", diff --git a/DataConnectors/M365Defender-VulnerabilityManagement/main.bicep b/DataConnectors/M365Defender-VulnerabilityManagement/main.bicep index b08166a74e5..4765d4d695f 100644 --- a/DataConnectors/M365Defender-VulnerabilityManagement/main.bicep +++ b/DataConnectors/M365Defender-VulnerabilityManagement/main.bicep @@ -9,9 +9,9 @@ param DeployApplicationInsights bool = true @description('Name for the Applications Insights resource that will be used by the Function App if enabled in the DeployApplicationInsights parameter.') param AppInsightsName string = 'ai-mdvm-${uniqueString(resourceGroup().id)}' @description('Uri where the Function App package is located. Use default value unless you are hosting the package somewhere else.') -param FunctionAppPackageUri string = 'https://raw.githubusercontent.com/anders-alex/Azure-Sentinel/DataConnector-M365Defender-VulnerabilityManagement/DataConnectors/M365Defender-VulnerabilityManagement/functionPackage.zip' +param FunctionAppPackageUri string = 'https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/M365Defender-VulnerabilityManagement/functionPackage.zip' @description('Uri where the post deployment script is located. This is used to publish the Function App code after the resources have been deploted. Use default value unless you are hosting the script somewhere else.') -param DeploymentScriptUri string = 'https://raw.githubusercontent.com/anders-alex/Azure-Sentinel/DataConnector-M365Defender-VulnerabilityManagement/DataConnectors/M365Defender-VulnerabilityManagement/deploymentScript.ps1' +param DeploymentScriptUri string = 'https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/M365Defender-VulnerabilityManagement/deploymentScript.ps1' @description('Name for App Service Plan resource that will be deployed. This is where the Function App will run.') param AppServicePlanName string = 'asp-mdvm-${uniqueString(resourceGroup().id)}' @description('Globally unique name for the Storage Account used by the Function App.') @@ -325,7 +325,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = { } } properties: { - azPowerShellVersion: '8.3' + azPowerShellVersion: '10' retentionInterval: 'PT1H' timeout: 'PT5M' cleanupPreference: 'Always' diff --git a/DataConnectors/M365Defender-VulnerabilityManagement/mainNetworkRestricted.bicep b/DataConnectors/M365Defender-VulnerabilityManagement/mainNetworkRestricted.bicep index bb1cca0a24b..455709834c5 100644 --- a/DataConnectors/M365Defender-VulnerabilityManagement/mainNetworkRestricted.bicep +++ b/DataConnectors/M365Defender-VulnerabilityManagement/mainNetworkRestricted.bicep @@ -11,9 +11,9 @@ param DeployApplicationInsights bool = true @description('Name for the Applications Insights resource that will be used by the Function App if enabled in the DeployApplicationInsights parameter.') param AppInsightsName string = 'ai-mdvm-${uniqueString(resourceGroup().id)}' @description('Uri where the Function App package is located. Use default value unless you are hosting the package somewhere else.') -param FunctionAppPackageUri string = 'https://raw.githubusercontent.com/anders-alex/Azure-Sentinel/DataConnector-M365Defender-VulnerabilityManagement/DataConnectors/M365Defender-VulnerabilityManagement/functionPackage.zip' +param FunctionAppPackageUri string = 'https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/M365Defender-VulnerabilityManagement/functionPackage.zip' @description('Uri where the post deployment script is located. This is used to publish the Function App code after the resources have been deploted. Use default value unless you are hosting the script somewhere else.') -param DeploymentScriptUri string = 'https://raw.githubusercontent.com/anders-alex/Azure-Sentinel/DataConnector-M365Defender-VulnerabilityManagement/DataConnectors/M365Defender-VulnerabilityManagement/deploymentScript.ps1' +param DeploymentScriptUri string = 'https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/M365Defender-VulnerabilityManagement/deploymentScript.ps1' @description('Name for App Service Plan resource that will be deployed. This is where the Function App will run.') param AppServicePlanName string = 'asp-mdvm-${uniqueString(resourceGroup().id)}' @description('Globally unique name for the Storage Account used by the Function App.') @@ -563,7 +563,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = { } } properties: { - azPowerShellVersion: '8.3' + azPowerShellVersion: '10' retentionInterval: 'PT1H' timeout: 'PT5M' cleanupPreference: 'Always' From f42ac74fb5e9cb1ab5b6c31c723e551ae06f7dd7 Mon Sep 17 00:00:00 2001 From: Alex Anders Date: Sat, 19 Aug 2023 12:10:38 -0600 Subject: [PATCH 2/7] Updated readme with new URIs. --- .../M365Defender-VulnerabilityManagement/readme.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/DataConnectors/M365Defender-VulnerabilityManagement/readme.md b/DataConnectors/M365Defender-VulnerabilityManagement/readme.md index 2916aa92487..5e278d29605 100644 --- a/DataConnectors/M365Defender-VulnerabilityManagement/readme.md +++ b/DataConnectors/M365Defender-VulnerabilityManagement/readme.md @@ -64,17 +64,17 @@ foreach ($appRole in $appRoles) { ### Non-Network Restricted Deployment No virtual network or Private Endpoints are deployed and public network access to the Function App and Storage Account is unrestricted. The Key Vault is restricted to only allow access from Function App public IP addresses. Use this for test environments or if you prefer to implement network restrictions yourself after deployment. -[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fanders-alex%2FAzure-Sentinel%2FDataConnector-M365Defender-VulnerabilityManagement%2FDataConnectors%2FM365Defender-VulnerabilityManagement%2FazureDeploy.json) +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FDataConnectors%2FM365Defender-VulnerabilityManagement%2FazureDeploy.json) ### Network Restricted Deployment Function App public access is restricted and a virtual network along with the appropriate Private DNS Zones are created to provide out of the box Private Endpoint connectivity between the Function App and its dependencies (Key Vault and Storage Account). -[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fanders-alex%2FAzure-Sentinel%2FDataConnector-M365Defender-VulnerabilityManagement%2FDataConnectors%2FM365Defender-VulnerabilityManagement%2FazureDeployNetworkRestricted.json) +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FDataConnectors%2FM365Defender-VulnerabilityManagement%2FazureDeployNetworkRestricted.json) ### Workbook Deployment A modified version of the Defender for Cloud "Vulnerability Assessment Findings" workbook to include the MDVM data collected by this connector. -[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fanders-alex%2FAzure-Sentinel%2FDataConnector-M365Defender-VulnerabilityManagement%2FDataConnectors%2FM365Defender-VulnerabilityManagement%2Fworkbooks%2FazureDeploy.json) +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FDataConnectors%2FM365Defender-VulnerabilityManagement%2Fworkbooks%2FazureDeploy.json) ![image](https://user-images.githubusercontent.com/50784041/232255325-974cce56-b0ca-41df-827e-f97f65589e33.png) From c2b746dbea51c181c9063cde6b95c93fdc8ac72d Mon Sep 17 00:00:00 2001 From: Alex Anders Date: Sat, 19 Aug 2023 12:58:52 -0600 Subject: [PATCH 3/7] Fixed DCR error. --- .../azureDeploy.json | 46 +++++++++---------- .../azureDeployNetworkRestricted.json | 46 +++++++++---------- .../maintenance/customDcrTables.json | 44 +++++++++--------- .../modules/customDcrTables.bicep | 40 ++++++++-------- .../workbooks/azureDeploy.json | 2 +- 5 files changed, 89 insertions(+), 89 deletions(-) diff --git a/DataConnectors/M365Defender-VulnerabilityManagement/azureDeploy.json b/DataConnectors/M365Defender-VulnerabilityManagement/azureDeploy.json index 0d42b8d1d7d..c4fbe9c1340 100644 --- a/DataConnectors/M365Defender-VulnerabilityManagement/azureDeploy.json +++ b/DataConnectors/M365Defender-VulnerabilityManagement/azureDeploy.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.13.1.58284", - "templateHash": "11656124487358224979" + "templateHash": "2966709963227969989" } }, "parameters": { @@ -554,7 +554,7 @@ "_generator": { "name": "bicep", "version": "0.13.1.58284", - "templateHash": "18108567286443164898" + "templateHash": "6267106311640858417" } }, "parameters": { @@ -681,7 +681,7 @@ }, { "type": "Microsoft.Insights/dataCollectionRules", - "apiVersion": "2021-09-01-preview", + "apiVersion": "2022-06-01", "name": "[parameters('DataCollectionRuleName')]", "location": "[parameters('LogAnalyticsWorkspaceLocation')]", "properties": { @@ -817,10 +817,6 @@ }, "Custom-MDVMRecommendations_CL": { "columns": [ - { - "name": "activeAlert", - "type": "boolean" - }, { "name": "associatedThreats", "type": "dynamic" @@ -916,6 +912,10 @@ { "name": "transactionId", "type": "string" + }, + { + "name": "activeAlert", + "type": "boolean" } ] }, @@ -1141,10 +1141,6 @@ }, "Custom-MDVMNISTConfigurations_CL": { "columns": [ - { - "name": "configurationNumber", - "type": "int" - }, { "name": "configurationOperator", "type": "string" @@ -1200,6 +1196,10 @@ { "name": "transactionId", "type": "string" + }, + { + "name": "configurationNumber", + "type": "int" } ] } @@ -1306,7 +1306,7 @@ "value": "Analytics" }, "retention": { - "value": 730 + "value": 90 }, "columns": { "value": [ @@ -1437,7 +1437,7 @@ "value": "Analytics" }, "retention": { - "value": 730 + "value": 90 }, "columns": { "value": [ @@ -1588,14 +1588,10 @@ "value": "Analytics" }, "retention": { - "value": 730 + "value": 90 }, "columns": { "value": [ - { - "name": "configurationNumber", - "type": "int" - }, { "name": "configurationOperator", "type": "string" @@ -1651,6 +1647,10 @@ { "name": "transactionId", "type": "string" + }, + { + "name": "configurationNumber", + "type": "int" } ] } @@ -1724,10 +1724,6 @@ }, "columns": { "value": [ - { - "name": "activeAlert", - "type": "boolean" - }, { "name": "associatedThreats", "type": "dynamic" @@ -1823,6 +1819,10 @@ { "name": "transactionId", "type": "string" + }, + { + "name": "activeAlert", + "type": "boolean" } ] } @@ -2221,7 +2221,7 @@ "outputs": { "DcrImmutableId": { "type": "string", - "value": "[reference(resourceId('Microsoft.Insights/dataCollectionRules', parameters('DataCollectionRuleName')), '2021-09-01-preview').immutableId]" + "value": "[reference(resourceId('Microsoft.Insights/dataCollectionRules', parameters('DataCollectionRuleName')), '2022-06-01').immutableId]" }, "DceUri": { "type": "string", diff --git a/DataConnectors/M365Defender-VulnerabilityManagement/azureDeployNetworkRestricted.json b/DataConnectors/M365Defender-VulnerabilityManagement/azureDeployNetworkRestricted.json index f5fa9a063c0..85d8884b936 100644 --- a/DataConnectors/M365Defender-VulnerabilityManagement/azureDeployNetworkRestricted.json +++ b/DataConnectors/M365Defender-VulnerabilityManagement/azureDeployNetworkRestricted.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.13.1.58284", - "templateHash": "3223388678154082447" + "templateHash": "1551223901064792472" } }, "parameters": { @@ -782,7 +782,7 @@ "_generator": { "name": "bicep", "version": "0.13.1.58284", - "templateHash": "18108567286443164898" + "templateHash": "6267106311640858417" } }, "parameters": { @@ -909,7 +909,7 @@ }, { "type": "Microsoft.Insights/dataCollectionRules", - "apiVersion": "2021-09-01-preview", + "apiVersion": "2022-06-01", "name": "[parameters('DataCollectionRuleName')]", "location": "[parameters('LogAnalyticsWorkspaceLocation')]", "properties": { @@ -1045,10 +1045,6 @@ }, "Custom-MDVMRecommendations_CL": { "columns": [ - { - "name": "activeAlert", - "type": "boolean" - }, { "name": "associatedThreats", "type": "dynamic" @@ -1144,6 +1140,10 @@ { "name": "transactionId", "type": "string" + }, + { + "name": "activeAlert", + "type": "boolean" } ] }, @@ -1369,10 +1369,6 @@ }, "Custom-MDVMNISTConfigurations_CL": { "columns": [ - { - "name": "configurationNumber", - "type": "int" - }, { "name": "configurationOperator", "type": "string" @@ -1428,6 +1424,10 @@ { "name": "transactionId", "type": "string" + }, + { + "name": "configurationNumber", + "type": "int" } ] } @@ -1534,7 +1534,7 @@ "value": "Analytics" }, "retention": { - "value": 730 + "value": 90 }, "columns": { "value": [ @@ -1665,7 +1665,7 @@ "value": "Analytics" }, "retention": { - "value": 730 + "value": 90 }, "columns": { "value": [ @@ -1816,14 +1816,10 @@ "value": "Analytics" }, "retention": { - "value": 730 + "value": 90 }, "columns": { "value": [ - { - "name": "configurationNumber", - "type": "int" - }, { "name": "configurationOperator", "type": "string" @@ -1879,6 +1875,10 @@ { "name": "transactionId", "type": "string" + }, + { + "name": "configurationNumber", + "type": "int" } ] } @@ -1952,10 +1952,6 @@ }, "columns": { "value": [ - { - "name": "activeAlert", - "type": "boolean" - }, { "name": "associatedThreats", "type": "dynamic" @@ -2051,6 +2047,10 @@ { "name": "transactionId", "type": "string" + }, + { + "name": "activeAlert", + "type": "boolean" } ] } @@ -2449,7 +2449,7 @@ "outputs": { "DcrImmutableId": { "type": "string", - "value": "[reference(resourceId('Microsoft.Insights/dataCollectionRules', parameters('DataCollectionRuleName')), '2021-09-01-preview').immutableId]" + "value": "[reference(resourceId('Microsoft.Insights/dataCollectionRules', parameters('DataCollectionRuleName')), '2022-06-01').immutableId]" }, "DceUri": { "type": "string", diff --git a/DataConnectors/M365Defender-VulnerabilityManagement/maintenance/customDcrTables.json b/DataConnectors/M365Defender-VulnerabilityManagement/maintenance/customDcrTables.json index c9e2f7896d9..ad7ed771a70 100644 --- a/DataConnectors/M365Defender-VulnerabilityManagement/maintenance/customDcrTables.json +++ b/DataConnectors/M365Defender-VulnerabilityManagement/maintenance/customDcrTables.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.13.1.58284", - "templateHash": "18108567286443164898" + "templateHash": "6267106311640858417" } }, "parameters": { @@ -132,7 +132,7 @@ }, { "type": "Microsoft.Insights/dataCollectionRules", - "apiVersion": "2021-09-01-preview", + "apiVersion": "2022-06-01", "name": "[parameters('DataCollectionRuleName')]", "location": "[parameters('LogAnalyticsWorkspaceLocation')]", "properties": { @@ -268,10 +268,6 @@ }, "Custom-MDVMRecommendations_CL": { "columns": [ - { - "name": "activeAlert", - "type": "boolean" - }, { "name": "associatedThreats", "type": "dynamic" @@ -367,6 +363,10 @@ { "name": "transactionId", "type": "string" + }, + { + "name": "activeAlert", + "type": "boolean" } ] }, @@ -592,10 +592,6 @@ }, "Custom-MDVMNISTConfigurations_CL": { "columns": [ - { - "name": "configurationNumber", - "type": "int" - }, { "name": "configurationOperator", "type": "string" @@ -651,6 +647,10 @@ { "name": "transactionId", "type": "string" + }, + { + "name": "configurationNumber", + "type": "int" } ] } @@ -757,7 +757,7 @@ "value": "Analytics" }, "retention": { - "value": 730 + "value": 90 }, "columns": { "value": [ @@ -888,7 +888,7 @@ "value": "Analytics" }, "retention": { - "value": 730 + "value": 90 }, "columns": { "value": [ @@ -1039,14 +1039,10 @@ "value": "Analytics" }, "retention": { - "value": 730 + "value": 90 }, "columns": { "value": [ - { - "name": "configurationNumber", - "type": "int" - }, { "name": "configurationOperator", "type": "string" @@ -1102,6 +1098,10 @@ { "name": "transactionId", "type": "string" + }, + { + "name": "configurationNumber", + "type": "int" } ] } @@ -1175,10 +1175,6 @@ }, "columns": { "value": [ - { - "name": "activeAlert", - "type": "boolean" - }, { "name": "associatedThreats", "type": "dynamic" @@ -1274,6 +1270,10 @@ { "name": "transactionId", "type": "string" + }, + { + "name": "activeAlert", + "type": "boolean" } ] } @@ -1672,7 +1672,7 @@ "outputs": { "DcrImmutableId": { "type": "string", - "value": "[reference(resourceId('Microsoft.Insights/dataCollectionRules', parameters('DataCollectionRuleName')), '2021-09-01-preview').immutableId]" + "value": "[reference(resourceId('Microsoft.Insights/dataCollectionRules', parameters('DataCollectionRuleName')), '2022-06-01').immutableId]" }, "DceUri": { "type": "string", diff --git a/DataConnectors/M365Defender-VulnerabilityManagement/modules/customDcrTables.bicep b/DataConnectors/M365Defender-VulnerabilityManagement/modules/customDcrTables.bicep index fad3e2be6e0..c90d093c8bd 100644 --- a/DataConnectors/M365Defender-VulnerabilityManagement/modules/customDcrTables.bicep +++ b/DataConnectors/M365Defender-VulnerabilityManagement/modules/customDcrTables.bicep @@ -91,7 +91,7 @@ resource roleAssignmentDcr 'Microsoft.Authorization/roleAssignments@2020-10-01-p } } -resource dcr 'Microsoft.Insights/dataCollectionRules@2021-09-01-preview' = { +resource dcr 'Microsoft.Insights/dataCollectionRules@2022-06-01' = { dependsOn: [ tableMDVMCveKb tableMDVMRecommendations @@ -234,10 +234,6 @@ resource dcr 'Microsoft.Insights/dataCollectionRules@2021-09-01-preview' = { } 'Custom-MDVMRecommendations_CL': { columns: [ - { - name: 'activeAlert' - type: 'boolean' - } { name: 'associatedThreats' type: 'dynamic' @@ -334,6 +330,10 @@ resource dcr 'Microsoft.Insights/dataCollectionRules@2021-09-01-preview' = { name: 'transactionId' type: 'string' } + { + name: 'activeAlert' + type: 'boolean' + } ] } 'Custom-MDVMSecureConfigurationsByDevice_CL': { @@ -558,10 +558,6 @@ resource dcr 'Microsoft.Insights/dataCollectionRules@2021-09-01-preview' = { } 'Custom-MDVMNISTConfigurations_CL': { columns: [ - { - name: 'configurationNumber' - type: 'int' - } { name: 'configurationOperator' type: 'string' @@ -618,6 +614,10 @@ resource dcr 'Microsoft.Insights/dataCollectionRules@2021-09-01-preview' = { name: 'transactionId' type: 'string' } + { + name: 'configurationNumber' + type: 'int' + } ] } } @@ -701,7 +701,7 @@ module tableMDVMCveKb 'lawCustomTable.bicep' = { lawName: split(LogAnalyticsWorkspaceResourceId, '/')[8] tableName: 'MDVMCVEKB_CL' plan: 'Analytics' - retention: 730 + retention: 90 columns: [ { name: 'cvssV3' @@ -770,7 +770,7 @@ module tableMDVMNistCveKb 'lawCustomTable.bicep' = { lawName: split(LogAnalyticsWorkspaceResourceId, '/')[8] tableName: 'MDVMNISTCVEKB_CL' plan: 'Analytics' - retention: 730 + retention: 90 columns: [ { name: 'cveId' @@ -859,12 +859,8 @@ module tableMDVMNistConfigurations 'lawCustomTable.bicep' = { lawName: split(LogAnalyticsWorkspaceResourceId, '/')[8] tableName: 'MDVMNISTConfigurations_CL' plan: 'Analytics' - retention: 730 + retention: 90 columns: [ - { - name: 'configurationNumber' - type: 'int' - } { name: 'configurationOperator' type: 'string' @@ -921,6 +917,10 @@ module tableMDVMNistConfigurations 'lawCustomTable.bicep' = { name: 'transactionId' type: 'string' } + { + name: 'configurationNumber' + type: 'int' + } ] } } @@ -933,10 +933,6 @@ module tableMDVMRecommendations 'lawCustomTable.bicep' = { tableName: 'MDVMRecommendations_CL' plan: 'Analytics' columns: [ - { - name: 'activeAlert' - type: 'boolean' - } { name: 'associatedThreats' type: 'dynamic' @@ -1033,6 +1029,10 @@ module tableMDVMRecommendations 'lawCustomTable.bicep' = { name: 'transactionId' type: 'string' } + { + name: 'activeAlert' + type: 'boolean' + } ] } } diff --git a/DataConnectors/M365Defender-VulnerabilityManagement/workbooks/azureDeploy.json b/DataConnectors/M365Defender-VulnerabilityManagement/workbooks/azureDeploy.json index 83620355f77..ceebc32dec9 100644 --- a/DataConnectors/M365Defender-VulnerabilityManagement/workbooks/azureDeploy.json +++ b/DataConnectors/M365Defender-VulnerabilityManagement/workbooks/azureDeploy.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.13.1.58284", - "templateHash": "12428279436367741536" + "templateHash": "15537029820804678138" } }, "parameters": { From aa31f7233e67c4833c21ce63d52854e5d77ad4d4 Mon Sep 17 00:00:00 2001 From: Alex Anders Date: Sat, 19 Aug 2023 13:34:23 -0600 Subject: [PATCH 4/7] Updates --- .../M365Defender-VulnerabilityManagement/azureDeploy.json | 4 ++-- .../M365Defender-VulnerabilityManagement/main.bicep | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/DataConnectors/M365Defender-VulnerabilityManagement/azureDeploy.json b/DataConnectors/M365Defender-VulnerabilityManagement/azureDeploy.json index c4fbe9c1340..2a764e0ec38 100644 --- a/DataConnectors/M365Defender-VulnerabilityManagement/azureDeploy.json +++ b/DataConnectors/M365Defender-VulnerabilityManagement/azureDeploy.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.13.1.58284", - "templateHash": "2966709963227969989" + "templateHash": "8014592184722027626" } }, "parameters": { @@ -392,7 +392,7 @@ } }, "properties": { - "azPowerShellVersion": "10", + "azPowerShellVersion": "10.0", "retentionInterval": "PT1H", "timeout": "PT5M", "cleanupPreference": "Always", diff --git a/DataConnectors/M365Defender-VulnerabilityManagement/main.bicep b/DataConnectors/M365Defender-VulnerabilityManagement/main.bicep index 4765d4d695f..f3f41a7ec0d 100644 --- a/DataConnectors/M365Defender-VulnerabilityManagement/main.bicep +++ b/DataConnectors/M365Defender-VulnerabilityManagement/main.bicep @@ -325,7 +325,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = { } } properties: { - azPowerShellVersion: '10' + azPowerShellVersion: '10.0' retentionInterval: 'PT1H' timeout: 'PT5M' cleanupPreference: 'Always' From 449b13730089240e85abc129c9ff6b5ccabbfee3 Mon Sep 17 00:00:00 2001 From: Alex Anders Date: Sat, 19 Aug 2023 13:35:17 -0600 Subject: [PATCH 5/7] Updates --- .../azureDeployNetworkRestricted.json | 4 ++-- .../mainNetworkRestricted.bicep | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/DataConnectors/M365Defender-VulnerabilityManagement/azureDeployNetworkRestricted.json b/DataConnectors/M365Defender-VulnerabilityManagement/azureDeployNetworkRestricted.json index 85d8884b936..d74dc466009 100644 --- a/DataConnectors/M365Defender-VulnerabilityManagement/azureDeployNetworkRestricted.json +++ b/DataConnectors/M365Defender-VulnerabilityManagement/azureDeployNetworkRestricted.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.13.1.58284", - "templateHash": "1551223901064792472" + "templateHash": "12632622457290518794" } }, "parameters": { @@ -736,7 +736,7 @@ } }, "properties": { - "azPowerShellVersion": "10", + "azPowerShellVersion": "10.0", "retentionInterval": "PT1H", "timeout": "PT5M", "cleanupPreference": "Always", diff --git a/DataConnectors/M365Defender-VulnerabilityManagement/mainNetworkRestricted.bicep b/DataConnectors/M365Defender-VulnerabilityManagement/mainNetworkRestricted.bicep index 455709834c5..c7eb019a04a 100644 --- a/DataConnectors/M365Defender-VulnerabilityManagement/mainNetworkRestricted.bicep +++ b/DataConnectors/M365Defender-VulnerabilityManagement/mainNetworkRestricted.bicep @@ -563,7 +563,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = { } } properties: { - azPowerShellVersion: '10' + azPowerShellVersion: '10.0' retentionInterval: 'PT1H' timeout: 'PT5M' cleanupPreference: 'Always' From 41382ffeab327f2c53586a3d6541829a9eba7c98 Mon Sep 17 00:00:00 2001 From: Alex Anders Date: Sat, 19 Aug 2023 13:45:19 -0600 Subject: [PATCH 6/7] Updates --- .../azureDeployNetworkRestricted.json | 4 ++-- .../mainNetworkRestricted.bicep | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/DataConnectors/M365Defender-VulnerabilityManagement/azureDeployNetworkRestricted.json b/DataConnectors/M365Defender-VulnerabilityManagement/azureDeployNetworkRestricted.json index d74dc466009..f9ced57d620 100644 --- a/DataConnectors/M365Defender-VulnerabilityManagement/azureDeployNetworkRestricted.json +++ b/DataConnectors/M365Defender-VulnerabilityManagement/azureDeployNetworkRestricted.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.13.1.58284", - "templateHash": "12632622457290518794" + "templateHash": "14438069826156397753" } }, "parameters": { @@ -192,7 +192,7 @@ }, "VirtualNetworkName": { "type": "string", - "defaultValue": "[format('vnet-mdvm-{0}', uniqueString(resourceGroup().id))]", + "defaultValue": "vnet-mdvm", "metadata": { "description": "Name for Virtual Network resource that will be deployed." } diff --git a/DataConnectors/M365Defender-VulnerabilityManagement/mainNetworkRestricted.bicep b/DataConnectors/M365Defender-VulnerabilityManagement/mainNetworkRestricted.bicep index c7eb019a04a..f5c6995994a 100644 --- a/DataConnectors/M365Defender-VulnerabilityManagement/mainNetworkRestricted.bicep +++ b/DataConnectors/M365Defender-VulnerabilityManagement/mainNetworkRestricted.bicep @@ -99,7 +99,7 @@ param LogAnalyticsWorkspaceLocation string @description('Specify a comma separated list of CIDR formatted IP address ranges to restrict connecting to the Function App from (i.e. 192.168.1.0/24,172.16.2.5/32).') param TrustedIPAddressRanges string = '0.0.0.0/0' @description('Name for Virtual Network resource that will be deployed.') -param VirtualNetworkName string = 'vnet-mdvm-${uniqueString(resourceGroup().id)}' +param VirtualNetworkName string = 'vnet-mdvm' @description('Name for Virtual Network resource that will be deployed.') param VirtualNetworkIPAddressPrefix string = '10.0.0.0/16' @description('Azure Resource Id of the Virtual Network to place private endpoints and Function App VNet integration.') From 969a2f567d98662b59c8341da97412504461e75f Mon Sep 17 00:00:00 2001 From: Alex Anders Date: Sat, 19 Aug 2023 13:57:43 -0600 Subject: [PATCH 7/7] Updayes --- .../M365Defender-VulnerabilityManagement/azureDeploy.json | 4 ++-- .../azureDeployNetworkRestricted.json | 4 ++-- .../M365Defender-VulnerabilityManagement/main.bicep | 2 +- .../mainNetworkRestricted.bicep | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/DataConnectors/M365Defender-VulnerabilityManagement/azureDeploy.json b/DataConnectors/M365Defender-VulnerabilityManagement/azureDeploy.json index 2a764e0ec38..47341cbba55 100644 --- a/DataConnectors/M365Defender-VulnerabilityManagement/azureDeploy.json +++ b/DataConnectors/M365Defender-VulnerabilityManagement/azureDeploy.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.13.1.58284", - "templateHash": "8014592184722027626" + "templateHash": "11347846636968529735" } }, "parameters": { @@ -394,7 +394,7 @@ "properties": { "azPowerShellVersion": "10.0", "retentionInterval": "PT1H", - "timeout": "PT5M", + "timeout": "PT15M", "cleanupPreference": "Always", "primaryScriptUri": "[parameters('DeploymentScriptUri')]", "arguments": "[format('-PackageUri {0} -SubscriptionId {1} -ResourceGroupName {2} -FunctionAppName {3} -FAScope {4} -UAMIPrincipalId {5}', parameters('FunctionAppPackageUri'), split(subscription().id, '/')[2], resourceGroup().name, parameters('FunctionAppName'), resourceId('Microsoft.Web/sites', parameters('FunctionAppName')), reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('UserAssignedManagedIdentityName')), '2022-01-31-preview').principalId)]" diff --git a/DataConnectors/M365Defender-VulnerabilityManagement/azureDeployNetworkRestricted.json b/DataConnectors/M365Defender-VulnerabilityManagement/azureDeployNetworkRestricted.json index f9ced57d620..7c5786d8995 100644 --- a/DataConnectors/M365Defender-VulnerabilityManagement/azureDeployNetworkRestricted.json +++ b/DataConnectors/M365Defender-VulnerabilityManagement/azureDeployNetworkRestricted.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.13.1.58284", - "templateHash": "14438069826156397753" + "templateHash": "8260351119578024976" } }, "parameters": { @@ -738,7 +738,7 @@ "properties": { "azPowerShellVersion": "10.0", "retentionInterval": "PT1H", - "timeout": "PT5M", + "timeout": "PT15M", "cleanupPreference": "Always", "primaryScriptUri": "[parameters('DeploymentScriptUri')]", "arguments": "[format('-PackageUri {0} -SubscriptionId {1} -ResourceGroupName {2} -FunctionAppName {3} -FAScope {4} -VnetScope {5} -UAMIPrincipalId {6} -RestrictedIPs {7}', parameters('FunctionAppPackageUri'), split(subscription().id, '/')[2], resourceGroup().name, parameters('FunctionAppName'), resourceId('Microsoft.Web/sites', parameters('FunctionAppName')), resourceId('Microsoft.Network/virtualNetworks', parameters('VirtualNetworkName')), reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('UserAssignedManagedIdentityName')), '2022-01-31-preview').principalId, parameters('TrustedIPAddressRanges'))]" diff --git a/DataConnectors/M365Defender-VulnerabilityManagement/main.bicep b/DataConnectors/M365Defender-VulnerabilityManagement/main.bicep index f3f41a7ec0d..620320d7af6 100644 --- a/DataConnectors/M365Defender-VulnerabilityManagement/main.bicep +++ b/DataConnectors/M365Defender-VulnerabilityManagement/main.bicep @@ -327,7 +327,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = { properties: { azPowerShellVersion: '10.0' retentionInterval: 'PT1H' - timeout: 'PT5M' + timeout: 'PT15M' cleanupPreference: 'Always' primaryScriptUri: DeploymentScriptUri arguments: '-PackageUri ${FunctionAppPackageUri} -SubscriptionId ${split(subscription().id, '/')[2]} -ResourceGroupName ${resourceGroup().name} -FunctionAppName ${functionApp.name} -FAScope ${functionApp.id} -UAMIPrincipalId ${userAssignedMi.properties.principalId}' diff --git a/DataConnectors/M365Defender-VulnerabilityManagement/mainNetworkRestricted.bicep b/DataConnectors/M365Defender-VulnerabilityManagement/mainNetworkRestricted.bicep index f5c6995994a..6f067d69e7a 100644 --- a/DataConnectors/M365Defender-VulnerabilityManagement/mainNetworkRestricted.bicep +++ b/DataConnectors/M365Defender-VulnerabilityManagement/mainNetworkRestricted.bicep @@ -565,7 +565,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = { properties: { azPowerShellVersion: '10.0' retentionInterval: 'PT1H' - timeout: 'PT5M' + timeout: 'PT15M' cleanupPreference: 'Always' primaryScriptUri: DeploymentScriptUri arguments: '-PackageUri ${FunctionAppPackageUri} -SubscriptionId ${split(subscription().id, '/')[2]} -ResourceGroupName ${resourceGroup().name} -FunctionAppName ${functionApp.name} -FAScope ${functionApp.id} -VnetScope ${virtualNetwork.id} -UAMIPrincipalId ${userAssignedMi.properties.principalId} -RestrictedIPs ${TrustedIPAddressRanges}'