diff --git a/Solutions/IllumioSaaS/Package/3.3.2.zip b/Solutions/IllumioSaaS/Package/3.3.2.zip index 95c2be9eb3..ce5b93517a 100644 Binary files a/Solutions/IllumioSaaS/Package/3.3.2.zip and b/Solutions/IllumioSaaS/Package/3.3.2.zip differ diff --git a/Solutions/IllumioSaaS/Package/mainTemplate.json b/Solutions/IllumioSaaS/Package/mainTemplate.json index be8282df44..02afa932d7 100644 --- a/Solutions/IllumioSaaS/Package/mainTemplate.json +++ b/Solutions/IllumioSaaS/Package/mainTemplate.json @@ -1734,7 +1734,7 @@ "type": "string" }, "FunctionAppName": { - "defaultValue": "IllumioSaaS_FunctionAppForPlaybooks", + "defaultValue": "IllumioPlaybooksFunctionApp", "type": "String", "metadata": { "description": "Function app Name" @@ -1742,10 +1742,6 @@ } }, "variables": { - "hostingPlanName": "[[parameters('FunctionAppName')]", - "storageAccountName": "[[parameters('FunctionAppName')]", - "functionAppName": "[[parameters('FunctionAppName')]", - "applicationInsightsName": "[[parameters('FunctionAppName')]", "o365ConnectionName": "[[concat('o365-', parameters('PlaybookName'))]", "sentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]", "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/office365')]", @@ -1787,10 +1783,6 @@ "location": "[[variables('workspace-location-inline')]", "name": "[[parameters('PlaybookName')]", "dependsOn": [ - "[[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]", - "[[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]", - "[[resourceId('Microsoft.Insights/components', variables('applicationInsightsName'))]", - "[[resourceId('Microsoft.Web/sites', variables('functionAppName'))]", "[[resourceId('Microsoft.Web/connections', variables('o365ConnectionName'))]" ], "properties": { @@ -2106,6 +2098,15 @@ "email": "app-integrations@illumio.com", "tier": "Partner", "link": "https://www.illumio.com/support/support" + }, + "dependencies": { + "criteria": [ + { + "kind": "AzureFunction", + "contentId": "[variables('_IllumioSaaS_FunctionAppConnector')]", + "version": "[variables('playbookVersion1')]" + } + ] } } } @@ -2173,7 +2174,7 @@ } }, "FunctionAppName": { - "defaultValue": "IllumioPortBlockingApp", + "defaultValue": "IllumioPlaybooksFunctionApp", "type": "String", "metadata": { "description": "Function app Name" @@ -2195,12 +2196,6 @@ "apiVersion": "2017-07-01", "name": "[[parameters('PlaybookName')]", "location": "[[variables('workspace-location-inline')]", - "dependsOn": [ - "[[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]", - "[[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]", - "[[resourceId('Microsoft.Insights/components', variables('applicationInsightsName'))]", - "[[resourceId('Microsoft.Web/sites', variables('functionAppName'))]" - ], "properties": { "state": "Enabled", "definition": { @@ -2354,6 +2349,15 @@ "email": "app-integrations@illumio.com", "tier": "Partner", "link": "https://www.illumio.com/support/support" + }, + "dependencies": { + "criteria": [ + { + "kind": "AzureFunction", + "contentId": "[variables('_IllumioSaaS_FunctionAppConnector')]", + "version": "[variables('playbookVersion1')]" + } + ] } } } @@ -2417,7 +2421,7 @@ } }, "FunctionAppName": { - "defaultValue": "IllumioQuarantineWorkload", + "defaultValue": "IllumioPlaybooksFunctionApp", "type": "String", "metadata": { "description": "Function app Name" @@ -2425,10 +2429,7 @@ } }, "variables": { - "hostingPlanName": "[[parameters('FunctionAppName')]", - "storageAccountName": "[[variables('functionAppName')]", "functionAppName": "[[parameters('FunctionAppName')]", - "applicationInsightsName": "[[parameters('FunctionAppName')]", "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]", "workspace-name": "[parameters('workspace')]", "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]" @@ -2439,12 +2440,6 @@ "apiVersion": "2017-07-01", "name": "[[parameters('PlaybookName')]", "location": "[[variables('workspace-location-inline')]", - "dependsOn": [ - "[[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]", - "[[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]", - "[[resourceId('Microsoft.Insights/components', variables('applicationInsightsName'))]", - "[[resourceId('Microsoft.Web/sites', variables('functionAppName'))]" - ], "properties": { "state": "Enabled", "definition": { @@ -2520,6 +2515,15 @@ "email": "app-integrations@illumio.com", "tier": "Partner", "link": "https://www.illumio.com/support/support" + }, + "dependencies": { + "criteria": [ + { + "kind": "AzureFunction", + "contentId": "[variables('_IllumioSaaS_FunctionAppConnector')]", + "version": "[variables('playbookVersion1')]" + } + ] } } } diff --git a/Solutions/IllumioSaaS/Playbooks/Illumio-Get-Ven-Details/README.md b/Solutions/IllumioSaaS/Playbooks/Illumio-Get-Ven-Details/README.md index e914d74174..5679ebc020 100644 --- a/Solutions/IllumioSaaS/Playbooks/Illumio-Get-Ven-Details/README.md +++ b/Solutions/IllumioSaaS/Playbooks/Illumio-Get-Ven-Details/README.md @@ -15,6 +15,10 @@ This playbook can be configured to respond to Microsoft Sentinel alerts. 5. This is sent out as an email. # To deploy, follow the below link +Deploy the function app first: +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fillumio-shield%2FAzure-Sentinel%2Frefs%2Fheads%2Fillumio-sentinel-playbooks-v2%2FSolutions%2FIllumioSaaS%2FPlaybooks%2FCustomConnector%2FIllumioSaaS_FunctionAppConnector%2Fazuredeploy.json) + +Deploy logic app next: [![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Frefs%2Fheads%2Fmaster%2FSolutions%2FIllumioSaaS%2FPlaybooks%2FIllumio-Get-Ven-Details%2Fazuredeploy.json) diff --git a/Solutions/IllumioSaaS/Playbooks/Illumio-Get-Ven-Details/azuredeploy.json b/Solutions/IllumioSaaS/Playbooks/Illumio-Get-Ven-Details/azuredeploy.json index 33e8fa4fae..78d935fa27 100644 --- a/Solutions/IllumioSaaS/Playbooks/Illumio-Get-Ven-Details/azuredeploy.json +++ b/Solutions/IllumioSaaS/Playbooks/Illumio-Get-Ven-Details/azuredeploy.json @@ -44,7 +44,7 @@ "type": "string" }, "FunctionAppName": { - "defaultValue": "IllumioSaaS_FunctionAppForPlaybooks", + "defaultValue": "IllumioPlaybooksFunctionApp", "type": "String", "metadata": { "description": "Function app Name" @@ -52,10 +52,6 @@ } }, "variables": { - "hostingPlanName": "[parameters('FunctionAppName')]", - "storageAccountName": "[parameters('FunctionAppName')]", - "functionAppName": "[parameters('FunctionAppName')]", - "applicationInsightsName": "[parameters('FunctionAppName')]", "o365ConnectionName": "[concat('o365-', parameters('PlaybookName'))]", "sentinelConnectionName": "[concat('azuresentinel-', parameters('PlaybookName'))]" }, @@ -91,11 +87,7 @@ "apiVersion": "2017-07-01", "location": "[resourceGroup().location]", "name": "[parameters('PlaybookName')]", - "dependsOn": [ - "[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]", - "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]", - "[resourceId('Microsoft.Insights/components', variables('applicationInsightsName'))]", - "[resourceId('Microsoft.Web/sites', variables('functionAppName'))]", + "dependsOn": [ "[resourceId('Microsoft.Web/connections', variables('o365ConnectionName'))]" ], "properties": { diff --git a/Solutions/IllumioSaaS/Playbooks/Illumio-Port-Blocking-Switch/README.md b/Solutions/IllumioSaaS/Playbooks/Illumio-Port-Blocking-Switch/README.md index b3e4cbc56c..189058fb3f 100644 --- a/Solutions/IllumioSaaS/Playbooks/Illumio-Port-Blocking-Switch/README.md +++ b/Solutions/IllumioSaaS/Playbooks/Illumio-Port-Blocking-Switch/README.md @@ -51,6 +51,10 @@ If false, it skips object creation/modification steps and only provides a summar # To deploy, follow the below link +Deploy the function app first: +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fillumio-shield%2FAzure-Sentinel%2Frefs%2Fheads%2Fillumio-sentinel-playbooks-v2%2FSolutions%2FIllumioSaaS%2FPlaybooks%2FCustomConnector%2FIllumioSaaS_FunctionAppConnector%2Fazuredeploy.json) + +Deploy logic app next: [![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Frefs%2Fheads%2Fmaster%2FSolutions%2FIllumioSaaS%2FPlaybooks%2FIllumio-Port-Blocking-Switch%2Fazuredeploy.json) diff --git a/Solutions/IllumioSaaS/Playbooks/Illumio-Port-Blocking-Switch/azuredeploy.json b/Solutions/IllumioSaaS/Playbooks/Illumio-Port-Blocking-Switch/azuredeploy.json index cd4e4efd2d..83efced65b 100644 --- a/Solutions/IllumioSaaS/Playbooks/Illumio-Port-Blocking-Switch/azuredeploy.json +++ b/Solutions/IllumioSaaS/Playbooks/Illumio-Port-Blocking-Switch/azuredeploy.json @@ -39,7 +39,7 @@ } }, "FunctionAppName": { - "defaultValue": "IllumioPortBlockingApp", + "defaultValue": "IllumioPlaybooksFunctionApp", "type": "String", "metadata": { "description": "Function app Name" @@ -58,12 +58,6 @@ "apiVersion": "2017-07-01", "name": "[parameters('PlaybookName')]", "location": "[resourceGroup().location]", - "dependsOn": [ - "[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]", - "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]", - "[resourceId('Microsoft.Insights/components', variables('applicationInsightsName'))]", - "[resourceId('Microsoft.Web/sites', variables('functionAppName'))]" - ], "properties": { "state": "Enabled", "definition": { @@ -195,6 +189,7 @@ }, "parameters": { "$connections": { + "value": {} } } } diff --git a/Solutions/IllumioSaaS/Playbooks/Illumio-Quarantine-Workload/README.md b/Solutions/IllumioSaaS/Playbooks/Illumio-Quarantine-Workload/README.md index 19fcbcf09a..99065dc816 100644 --- a/Solutions/IllumioSaaS/Playbooks/Illumio-Quarantine-Workload/README.md +++ b/Solutions/IllumioSaaS/Playbooks/Illumio-Quarantine-Workload/README.md @@ -10,5 +10,11 @@ Playbooks are collections of procedures that can be run from Microsoft Sentinel. 2. The payload should contain workload hostname/s and label/s. 3. Function app is called with the above payload which makes a call to the PCE and applies labels to the workloads mentioned in payload. -# To deploy, follow the below link -[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fillumio-shield%2FAzure-Sentinel%2Frefs%2Fheads%2Fillumio-sentinel-playbooks-v2%2FSolutions%2FIllumioSaaS%2FPlaybooks%2FIllumio-Quarantine-Workload%2Fazuredeploy.json) +# To deploy, follow the below steps + +Deploy the function app first +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fillumio-shield%2FAzure-Sentinel%2Frefs%2Fheads%2Fillumio-sentinel-playbooks-v2%2FSolutions%2FIllumioSaaS%2FPlaybooks%2FCustomConnector%2FIllumioSaaS_FunctionAppConnector%2Fazuredeploy.json) + + +Deploy the logic app next: +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fillumio-shield%2FAzure-Sentinel%2Frefs%2Fheads%2Fillumio-sentinel-playbooks-v2%2FSolutions%2FIllumioSaaS%2FPlaybooks%2FIllumio-Quarantine-Workload%2Fazuredeploy.json) \ No newline at end of file diff --git a/Solutions/IllumioSaaS/Playbooks/Illumio-Quarantine-Workload/azuredeploy.json b/Solutions/IllumioSaaS/Playbooks/Illumio-Quarantine-Workload/azuredeploy.json index c755609149..b0745bd5d3 100644 --- a/Solutions/IllumioSaaS/Playbooks/Illumio-Quarantine-Workload/azuredeploy.json +++ b/Solutions/IllumioSaaS/Playbooks/Illumio-Quarantine-Workload/azuredeploy.json @@ -39,7 +39,7 @@ } }, "FunctionAppName": { - "defaultValue": "IllumioQuarantineWorkload", + "defaultValue": "IllumioPlaybooksFunctionApp", "type": "String", "metadata": { "description": "Function app Name" @@ -47,10 +47,7 @@ } }, "variables": { - "hostingPlanName": "[parameters('FunctionAppName')]", - "storageAccountName": "[variables('functionAppName')]", - "functionAppName": "[parameters('FunctionAppName')]", - "applicationInsightsName": "[parameters('FunctionAppName')]" + "functionAppName": "[parameters('FunctionAppName')]" }, "resources": [ { @@ -58,12 +55,6 @@ "apiVersion": "2017-07-01", "name": "[parameters('PlaybookName')]", "location": "[resourceGroup().location]", - "dependsOn": [ - "[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]", - "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]", - "[resourceId('Microsoft.Insights/components', variables('applicationInsightsName'))]", - "[resourceId('Microsoft.Web/sites', variables('functionAppName'))]" - ], "properties": { "state": "Enabled", "definition": { @@ -117,7 +108,7 @@ }, "parameters": { "$connections": { - "defaultValue": {} + "value": {} } } }