-
Notifications
You must be signed in to change notification settings - Fork 3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #9010 from BlueCycleOps/greynoise-zip
zip and azuredeploy
- Loading branch information
Showing
2 changed files
with
238 additions
and
0 deletions.
There are no files selected for viewing
Binary file added
BIN
+8.98 KB
Solutions/GreyNoiseThreatIntelligence/Data Connectors/GreyNoiseAPISentinelConn.zip
Binary file not shown.
238 changes: 238 additions & 0 deletions
238
...ntelligence/Data Connectors/azuredeploy_Connector_GreyNoiseAPISentinel_AzureFunction.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,238 @@ | ||
{ | ||
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", | ||
"contentVersion": "1.0.0.0", | ||
"parameters": { | ||
"FunctionName": { | ||
"defaultValue": "GreyNoise", | ||
"minLength": 1, | ||
"maxLength": 11, | ||
"type": "string" | ||
}, | ||
"WORKSPACE_ID": { | ||
"type": "string", | ||
"defaultValue": "Workspace ID" | ||
}, | ||
"GREYNOISE_KEY": { | ||
"type": "string", | ||
"defaultValue": "Greynoise API Key" | ||
}, | ||
"TENANT_ID": { | ||
"type": "string", | ||
"defaultValue": "Azure Tenand ID" | ||
}, | ||
"CLIENT_ID": { | ||
"type": "string", | ||
"defaultValue": "Client ID" | ||
}, | ||
"CLIENT_SECRET": { | ||
"type": "string", | ||
"defaultValue": "Client Secret" | ||
}, | ||
"GREYNOISE_CLASSIFICATIONS": { | ||
"type": "string", | ||
"defaultValue": "malicious,unknown" | ||
} | ||
}, | ||
"variables": { | ||
"FunctionName": "[concat(toLower(parameters('FunctionName')), uniqueString(resourceGroup().id))]", | ||
"StorageSuffix": "[environment().suffixes.storage]" | ||
}, | ||
"resources": [ | ||
{ | ||
"type": "Microsoft.Insights/components", | ||
"apiVersion": "2015-05-01", | ||
"name": "[variables('FunctionName')]", | ||
"location": "[resourceGroup().location]", | ||
"kind": "web", | ||
"properties": { | ||
"Application_Type": "web", | ||
"ApplicationId": "[variables('FunctionName')]" | ||
} | ||
}, | ||
|
||
{ | ||
"type": "Microsoft.Storage/storageAccounts", | ||
"apiVersion": "2019-06-01", | ||
"name": "[tolower(variables('FunctionName'))]", | ||
"location": "[resourceGroup().location]", | ||
"sku": { | ||
"name": "Standard_LRS", | ||
"tier": "Standard" | ||
}, | ||
"kind": "StorageV2", | ||
"properties": { | ||
"networkAcls": { | ||
"bypass": "AzureServices", | ||
"virtualNetworkRules": [ | ||
], | ||
"ipRules": [ | ||
], | ||
"defaultAction": "Allow" | ||
}, | ||
"supportsHttpsTrafficOnly": true, | ||
"encryption": { | ||
"services": { | ||
"file": { | ||
"keyType": "Account", | ||
"enabled": true | ||
}, | ||
"blob": { | ||
"keyType": "Account", | ||
"enabled": true | ||
} | ||
}, | ||
"keySource": "Microsoft.Storage" | ||
} | ||
} | ||
}, | ||
{ | ||
"type": "Microsoft.Web/serverfarms", | ||
"apiVersion": "2018-02-01", | ||
"name": "[variables('FunctionName')]", | ||
"location": "[resourceGroup().location]", | ||
"sku": { | ||
"name": "Y1", | ||
"tier": "Dynamic" | ||
}, | ||
"kind": "functionapp,linux", | ||
"properties": { | ||
"name": "[variables('FunctionName')]", | ||
"workerSize": "0", | ||
"workerSizeId": "0", | ||
"numberOfWorkers": "1", | ||
"reserved": true, | ||
"siteConfig": { | ||
"linuxFxVersion": "Python|3.10" | ||
} | ||
} | ||
}, | ||
{ | ||
"type": "Microsoft.Storage/storageAccounts/blobServices", | ||
"apiVersion": "2019-06-01", | ||
"name": "[concat(variables('FunctionName'), '/default')]", | ||
"dependsOn": [ | ||
"[resourceId('Microsoft.Storage/storageAccounts', tolower(variables('FunctionName')))]" | ||
], | ||
"sku": { | ||
"name": "Standard_LRS", | ||
"tier": "Standard" | ||
}, | ||
"properties": { | ||
"cors": { | ||
"corsRules": [ | ||
] | ||
}, | ||
"deleteRetentionPolicy": { | ||
"enabled": false | ||
} | ||
} | ||
}, | ||
{ | ||
"type": "Microsoft.Storage/storageAccounts/fileServices", | ||
"apiVersion": "2019-06-01", | ||
"name": "[concat(variables('FunctionName'), '/default')]", | ||
"dependsOn": [ | ||
"[resourceId('Microsoft.Storage/storageAccounts', tolower(variables('FunctionName')))]" | ||
], | ||
"sku": { | ||
"name": "Standard_LRS", | ||
"tier": "Standard" | ||
}, | ||
"properties": { | ||
"cors": { | ||
"corsRules": [ | ||
] | ||
} | ||
} | ||
}, | ||
{ | ||
"type": "Microsoft.Web/sites", | ||
"apiVersion": "2018-11-01", | ||
"name": "[variables('FunctionName')]", | ||
"location": "[resourceGroup().location]", | ||
"dependsOn": [ | ||
"[resourceId('Microsoft.Storage/storageAccounts', tolower(variables('FunctionName')))]", | ||
"[resourceId('Microsoft.Web/serverfarms', variables('FunctionName'))]", | ||
"[resourceId('Microsoft.Insights/components', variables('FunctionName'))]" | ||
], | ||
"kind": "functionapp,linux", | ||
"identity": { | ||
"type": "SystemAssigned" | ||
}, | ||
"properties": { | ||
"name": "[variables('FunctionName')]", | ||
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('FunctionName'))]", | ||
"httpsOnly": true, | ||
"clientAffinityEnabled": true, | ||
"alwaysOn": true, | ||
"reserved": true, | ||
"siteConfig": { | ||
"linuxFxVersion": "Python|3.10" | ||
} | ||
}, | ||
"resources": [ | ||
{ | ||
"apiVersion": "2018-11-01", | ||
"type": "config", | ||
"name": "appsettings", | ||
"dependsOn": [ | ||
"[concat('Microsoft.Web/sites/', variables('FunctionName'))]" | ||
], | ||
"properties": { | ||
"FUNCTIONS_EXTENSION_VERSION": "~4", | ||
"FUNCTIONS_WORKER_RUNTIME": "python", | ||
"APPINSIGHTS_INSTRUMENTATIONKEY": "[reference(resourceId('Microsoft.insights/components', variables('FunctionName')), '2015-05-01').InstrumentationKey]", | ||
"APPLICATIONINSIGHTS_CONNECTION_STRING": "[reference(resourceId('microsoft.insights/components', variables('FunctionName')), '2015-05-01').ConnectionString]", | ||
"AzureWebJobsStorage": "[concat('DefaultEndpointsProtocol=https;AccountName=', toLower(variables('FunctionName')),';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts', toLower(variables('FunctionName'))), '2019-06-01').keys[0].value, ';EndpointSuffix=',toLower(variables('StorageSuffix')))]", | ||
"WEBSITE_CONTENTAZUREFILECONNECTIONSTRING": "[concat('DefaultEndpointsProtocol=https;AccountName=', toLower(variables('FunctionName')),';AccountKey=', listKeys(resourceId('Microsoft.Storage/storageAccounts', toLower(variables('FunctionName'))), '2019-06-01').keys[0].value, ';EndpointSuffix=',toLower(variables('StorageSuffix')))]", | ||
"WEBSITE_CONTENTSHARE": "[toLower(variables('FunctionName'))]", | ||
"WORKSPACE_ID": "[parameters('WORKSPACE_ID')]", | ||
"GREYNOISE_KEY": "[parameters('GREYNOISE_KEY')]", | ||
"TENANT_ID": "[parameters('TENANT_ID')]", | ||
"CLIENT_ID": "[parameters('CLIENT_ID')]", | ||
"CLIENT_SECRET": "[parameters('CLIENT_SECRET')]", | ||
"GREYNOISE_CLASSIFICATIONS": "[parameters('GREYNOISE_CLASSIFICATIONS')]", | ||
"WEBSITE_RUN_FROM_PACKAGE": "https://github.com/Azure/Azure-Sentinel/raw/db458a54839b084eac0e70bbe6e2a41f34f37e2b/Solutions/GreyNoiseThreatIntelligence/Data%20Connectors/GreyNoiseAPISentinelConn.zip" | ||
} | ||
} | ||
] | ||
}, | ||
{ | ||
"type": "Microsoft.Storage/storageAccounts/blobServices/containers", | ||
"apiVersion": "2019-06-01", | ||
"name": "[concat(variables('FunctionName'), '/default/azure-webjobs-hosts')]", | ||
"dependsOn": [ | ||
"[resourceId('Microsoft.Storage/storageAccounts/blobServices', variables('FunctionName'), 'default')]", | ||
"[resourceId('Microsoft.Storage/storageAccounts', variables('FunctionName'))]" | ||
], | ||
"properties": { | ||
"publicAccess": "None" | ||
} | ||
}, | ||
{ | ||
"type": "Microsoft.Storage/storageAccounts/blobServices/containers", | ||
"apiVersion": "2019-06-01", | ||
"name": "[concat(variables('FunctionName'), '/default/azure-webjobs-secrets')]", | ||
"dependsOn": [ | ||
"[resourceId('Microsoft.Storage/storageAccounts/blobServices', variables('FunctionName'), 'default')]", | ||
"[resourceId('Microsoft.Storage/storageAccounts', variables('FunctionName'))]" | ||
], | ||
"properties": { | ||
"publicAccess": "None" | ||
} | ||
}, | ||
{ | ||
"type": "Microsoft.Storage/storageAccounts/fileServices/shares", | ||
"apiVersion": "2019-06-01", | ||
"name": "[concat(variables('FunctionName'), '/default/', tolower(variables('FunctionName')))]", | ||
"dependsOn": [ | ||
"[resourceId('Microsoft.Storage/storageAccounts/fileServices', variables('FunctionName'), 'default')]", | ||
"[resourceId('Microsoft.Storage/storageAccounts', variables('FunctionName'))]" | ||
], | ||
"properties": { | ||
"shareQuota": 5120 | ||
} | ||
} | ||
] | ||
} | ||
|