update readme, zip and address var names

Azure · Dec 11, 2024 · 7513a49 · 7513a49
1 parent 8322389
commit 7513a49
Show file tree

Hide file tree

Showing 8 changed files with 53 additions and 57 deletions.
diff --git a/Solutions/IllumioSaaS/Package/3.3.2.zip b/Solutions/IllumioSaaS/Package/3.3.2.zip
diff --git a/Solutions/IllumioSaaS/Package/mainTemplate.json b/Solutions/IllumioSaaS/Package/mainTemplate.json
@@ -1734,18 +1734,14 @@
               "type": "string"
             },
             "FunctionAppName": {
-              "defaultValue": "IllumioSaaS_FunctionAppForPlaybooks",
+              "defaultValue": "IllumioPlaybooksFunctionApp",
               "type": "String",
               "metadata": {
                 "description": "Function app Name"
               }
             }
           },
           "variables": {
-            "hostingPlanName": "[[parameters('FunctionAppName')]",
-            "storageAccountName": "[[parameters('FunctionAppName')]",
-            "functionAppName": "[[parameters('FunctionAppName')]",
-            "applicationInsightsName": "[[parameters('FunctionAppName')]",
             "o365ConnectionName": "[[concat('o365-', parameters('PlaybookName'))]",
             "sentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
             "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/office365')]",
@@ -1787,10 +1783,6 @@
               "location": "[[variables('workspace-location-inline')]",
               "name": "[[parameters('PlaybookName')]",
               "dependsOn": [
-                "[[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]",
-                "[[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]",
-                "[[resourceId('Microsoft.Insights/components', variables('applicationInsightsName'))]",
-                "[[resourceId('Microsoft.Web/sites', variables('functionAppName'))]",
                 "[[resourceId('Microsoft.Web/connections', variables('o365ConnectionName'))]"
               ],
               "properties": {
@@ -2106,6 +2098,15 @@
                   "email": "app-integrations@illumio.com",
                   "tier": "Partner",
                   "link": "https://www.illumio.com/support/support"
+                },
+                "dependencies": {
+                  "criteria": [
+                    {
+                      "kind": "AzureFunction",
+                      "contentId": "[variables('_IllumioSaaS_FunctionAppConnector')]",
+                      "version": "[variables('playbookVersion1')]"
+                    }
+                  ]
                 }
               }
             }
@@ -2173,7 +2174,7 @@
               }
             },
             "FunctionAppName": {
-              "defaultValue": "IllumioPortBlockingApp",
+              "defaultValue": "IllumioPlaybooksFunctionApp",
               "type": "String",
               "metadata": {
                 "description": "Function app Name"
@@ -2195,12 +2196,6 @@
               "apiVersion": "2017-07-01",
               "name": "[[parameters('PlaybookName')]",
               "location": "[[variables('workspace-location-inline')]",
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]",
-                "[[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]",
-                "[[resourceId('Microsoft.Insights/components', variables('applicationInsightsName'))]",
-                "[[resourceId('Microsoft.Web/sites', variables('functionAppName'))]"
-              ],
               "properties": {
                 "state": "Enabled",
                 "definition": {
@@ -2354,6 +2349,15 @@
                   "email": "app-integrations@illumio.com",
                   "tier": "Partner",
                   "link": "https://www.illumio.com/support/support"
+                },
+                "dependencies": {
+                  "criteria": [
+                    {
+                      "kind": "AzureFunction",
+                      "contentId": "[variables('_IllumioSaaS_FunctionAppConnector')]",
+                      "version": "[variables('playbookVersion1')]"
+                    }
+                  ]
                 }
               }
             }
@@ -2417,18 +2421,15 @@
               }
             },
             "FunctionAppName": {
-              "defaultValue": "IllumioQuarantineWorkload",
+              "defaultValue": "IllumioPlaybooksFunctionApp",
               "type": "String",
               "metadata": {
                 "description": "Function app Name"
               }
             }
           },
           "variables": {
-            "hostingPlanName": "[[parameters('FunctionAppName')]",
-            "storageAccountName": "[[variables('functionAppName')]",
             "functionAppName": "[[parameters('FunctionAppName')]",
-            "applicationInsightsName": "[[parameters('FunctionAppName')]",
             "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
             "workspace-name": "[parameters('workspace')]",
             "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
@@ -2439,12 +2440,6 @@
               "apiVersion": "2017-07-01",
               "name": "[[parameters('PlaybookName')]",
               "location": "[[variables('workspace-location-inline')]",
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]",
-                "[[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]",
-                "[[resourceId('Microsoft.Insights/components', variables('applicationInsightsName'))]",
-                "[[resourceId('Microsoft.Web/sites', variables('functionAppName'))]"
-              ],
               "properties": {
                 "state": "Enabled",
                 "definition": {
@@ -2520,6 +2515,15 @@
                   "email": "app-integrations@illumio.com",
                   "tier": "Partner",
                   "link": "https://www.illumio.com/support/support"
+                },
+                "dependencies": {
+                  "criteria": [
+                    {
+                      "kind": "AzureFunction",
+                      "contentId": "[variables('_IllumioSaaS_FunctionAppConnector')]",
+                      "version": "[variables('playbookVersion1')]"
+                    }
+                  ]
                 }
               }
             }

diff --git a/Solutions/IllumioSaaS/Playbooks/Illumio-Get-Ven-Details/README.md b/Solutions/IllumioSaaS/Playbooks/Illumio-Get-Ven-Details/README.md
@@ -15,6 +15,10 @@ This playbook can be configured to respond to Microsoft Sentinel alerts.
 5. This is sent out as an email.
 
 # To deploy, follow the below link 
+Deploy the function app first:
+[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fillumio-shield%2FAzure-Sentinel%2Frefs%2Fheads%2Fillumio-sentinel-playbooks-v2%2FSolutions%2FIllumioSaaS%2FPlaybooks%2FCustomConnector%2FIllumioSaaS_FunctionAppConnector%2Fazuredeploy.json)
+
+Deploy logic app next:
 [![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Frefs%2Fheads%2Fmaster%2FSolutions%2FIllumioSaaS%2FPlaybooks%2FIllumio-Get-Ven-Details%2Fazuredeploy.json)
 
 

diff --git a/Solutions/IllumioSaaS/Playbooks/Illumio-Get-Ven-Details/azuredeploy.json b/Solutions/IllumioSaaS/Playbooks/Illumio-Get-Ven-Details/azuredeploy.json
@@ -44,18 +44,14 @@
             "type": "string"
         },
         "FunctionAppName": {
-            "defaultValue": "IllumioSaaS_FunctionAppForPlaybooks",
+            "defaultValue": "IllumioPlaybooksFunctionApp",
             "type": "String",
             "metadata": {
                 "description": "Function app Name"
             }
         }
     },
     "variables": {        
-        "hostingPlanName": "[parameters('FunctionAppName')]",
-        "storageAccountName": "[parameters('FunctionAppName')]",
-        "functionAppName": "[parameters('FunctionAppName')]",
-        "applicationInsightsName": "[parameters('FunctionAppName')]",
         "o365ConnectionName": "[concat('o365-', parameters('PlaybookName'))]",
         "sentinelConnectionName": "[concat('azuresentinel-', parameters('PlaybookName'))]"
     },
@@ -91,11 +87,7 @@
             "apiVersion": "2017-07-01",
             "location": "[resourceGroup().location]",
             "name": "[parameters('PlaybookName')]",
-            "dependsOn": [
-                "[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]",
-                "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]",
-                "[resourceId('Microsoft.Insights/components', variables('applicationInsightsName'))]",
-                "[resourceId('Microsoft.Web/sites', variables('functionAppName'))]",
+            "dependsOn": [            
                 "[resourceId('Microsoft.Web/connections', variables('o365ConnectionName'))]"
             ],
             "properties": {

diff --git a/Solutions/IllumioSaaS/Playbooks/Illumio-Port-Blocking-Switch/README.md b/Solutions/IllumioSaaS/Playbooks/Illumio-Port-Blocking-Switch/README.md
@@ -51,6 +51,10 @@ If false, it skips object creation/modification steps and only provides a summar
 
 
 # To deploy, follow the below link 
+Deploy the function app first:
+[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fillumio-shield%2FAzure-Sentinel%2Frefs%2Fheads%2Fillumio-sentinel-playbooks-v2%2FSolutions%2FIllumioSaaS%2FPlaybooks%2FCustomConnector%2FIllumioSaaS_FunctionAppConnector%2Fazuredeploy.json)
+
+Deploy logic app next:
 [![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Frefs%2Fheads%2Fmaster%2FSolutions%2FIllumioSaaS%2FPlaybooks%2FIllumio-Port-Blocking-Switch%2Fazuredeploy.json)
 
 

diff --git a/Solutions/IllumioSaaS/Playbooks/Illumio-Port-Blocking-Switch/azuredeploy.json b/Solutions/IllumioSaaS/Playbooks/Illumio-Port-Blocking-Switch/azuredeploy.json
@@ -39,7 +39,7 @@
             }
         },
         "FunctionAppName": {
-            "defaultValue": "IllumioPortBlockingApp",
+            "defaultValue": "IllumioPlaybooksFunctionApp",
             "type": "String",
             "metadata": {
                 "description": "Function app Name"
@@ -58,12 +58,6 @@
             "apiVersion": "2017-07-01",
             "name": "[parameters('PlaybookName')]",
             "location": "[resourceGroup().location]",
-            "dependsOn": [
-                "[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]",
-                "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]",
-                "[resourceId('Microsoft.Insights/components', variables('applicationInsightsName'))]",
-                "[resourceId('Microsoft.Web/sites', variables('functionAppName'))]"
-            ],
             "properties": {
                 "state": "Enabled",
                 "definition": {
@@ -195,6 +189,7 @@
                 },
                 "parameters": {
                     "$connections": {
+                        "value": {}
                     }
                 }
             }

diff --git a/Solutions/IllumioSaaS/Playbooks/Illumio-Quarantine-Workload/README.md b/Solutions/IllumioSaaS/Playbooks/Illumio-Quarantine-Workload/README.md
@@ -10,5 +10,11 @@ Playbooks are collections of procedures that can be run from Microsoft Sentinel.
 2. The payload should contain workload hostname/s and label/s. 
 3. Function app is called with the above payload which makes a call to the PCE and applies labels to the workloads mentioned in payload. 
 
-# To deploy, follow the below link 
-[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fillumio-shield%2FAzure-Sentinel%2Frefs%2Fheads%2Fillumio-sentinel-playbooks-v2%2FSolutions%2FIllumioSaaS%2FPlaybooks%2FIllumio-Quarantine-Workload%2Fazuredeploy.json)
+# To deploy, follow the below steps
+
+Deploy the function app first
+[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fillumio-shield%2FAzure-Sentinel%2Frefs%2Fheads%2Fillumio-sentinel-playbooks-v2%2FSolutions%2FIllumioSaaS%2FPlaybooks%2FCustomConnector%2FIllumioSaaS_FunctionAppConnector%2Fazuredeploy.json)
+
+
+Deploy the logic app next:
+[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fillumio-shield%2FAzure-Sentinel%2Frefs%2Fheads%2Fillumio-sentinel-playbooks-v2%2FSolutions%2FIllumioSaaS%2FPlaybooks%2FIllumio-Quarantine-Workload%2Fazuredeploy.json)
diff --git a/Solutions/IllumioSaaS/Playbooks/Illumio-Quarantine-Workload/azuredeploy.json b/Solutions/IllumioSaaS/Playbooks/Illumio-Quarantine-Workload/azuredeploy.json
@@ -39,31 +39,22 @@
             }
         },
         "FunctionAppName": {
-            "defaultValue": "IllumioQuarantineWorkload",
+            "defaultValue": "IllumioPlaybooksFunctionApp",
             "type": "String",
             "metadata": {
                 "description": "Function app Name"
             }
         }
     },
     "variables": {
-        "hostingPlanName": "[parameters('FunctionAppName')]",
-        "storageAccountName": "[variables('functionAppName')]",
-        "functionAppName": "[parameters('FunctionAppName')]",
-        "applicationInsightsName": "[parameters('FunctionAppName')]"
+        "functionAppName": "[parameters('FunctionAppName')]"
     },
     "resources": [
         {
             "type": "Microsoft.Logic/workflows",
             "apiVersion": "2017-07-01",
             "name": "[parameters('PlaybookName')]",
             "location": "[resourceGroup().location]",
-            "dependsOn": [
-                "[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]",
-                "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]",
-                "[resourceId('Microsoft.Insights/components', variables('applicationInsightsName'))]",
-                "[resourceId('Microsoft.Web/sites', variables('functionAppName'))]"
-            ],
             "properties": {
                 "state": "Enabled",
                 "definition": {
@@ -117,7 +108,7 @@
                 },
                 "parameters": {
                     "$connections": {
-                        "defaultValue": {}
+                        "value": {}
                     }
                 }
             }