From bdc762a762b12da986f3a6793235e0198dff78a6 Mon Sep 17 00:00:00 2001 From: Stephen Ball Date: Tue, 24 Oct 2023 09:37:32 -0400 Subject: [PATCH 1/5] Update Tanium README and build script for v3 --- Solutions/Tanium/README.md | 13 ++++ Solutions/Tanium/build_solution.sh | 99 +++++------------------------- 2 files changed, 30 insertions(+), 82 deletions(-) diff --git a/Solutions/Tanium/README.md b/Solutions/Tanium/README.md index c1cb595d1ab..3fea522e6a2 100644 --- a/Solutions/Tanium/README.md +++ b/Solutions/Tanium/README.md @@ -27,6 +27,19 @@ Prerequisites: - Install make `brew install make` - Install arm-ttk in powershell: https://github.com/Azure/arm-ttk +Ensure that you add arm-ttk to your powershell profile e.g. + +``` +(in powershell) + +> New-Item -Type File -Path $PROFILE -Force +> vim $PROFILE + +(in that file add:) + +Import-Module /full/path/to/import/module/for/arm-ttk +``` + Building a solution: 1. Clone the https://github.com/Tanium/Azure-Sentinel repo diff --git a/Solutions/Tanium/build_solution.sh b/Solutions/Tanium/build_solution.sh index 96b8d7144fd..790ca872e0c 100755 --- a/Solutions/Tanium/build_solution.sh +++ b/Solutions/Tanium/build_solution.sh @@ -2,12 +2,6 @@ set -Eeuo pipefail -# globals -_TOOL_DIRECTORY="Tools/Create-Azure-Sentinel-Solution/V2" -_SH_TOOL_DIRECTORY="./$_TOOL_DIRECTORY" -_INPUT_DIRECTORY="$_SH_TOOL_DIRECTORY/input" -_REBUILD=0 - _msg() { echo >&2 -e "${1-}" } @@ -39,40 +33,16 @@ _die() { exit "$code" } -report_failure() { - declare log=$1 - grep Failed "$log" - grep -E 'Errors.*:.*[A-Z]' -A10 "$log" || true -} - build_solution() { _msg "๐Ÿ— Building Tanium Sentinel solution" - pwsh -Command "$_TOOL_DIRECTORY/createSolutionV2.ps1" -} - -build_failed() { - grep -qm1 '^Failed' "$1" -} - -report_success() { - declare log=$1 - - _msg_success "๐ŸŽ‰ Build success" - - _msg < "$logfile" - post_build_cleanup "$tmpdir" - if build_failed "$logfile"; then - report_failure "$logfile" - _die "Detected a build failure" - fi - report_success "$logfile" ) } From 75623f240702499e2dd92b77a893c1a74a1b542b Mon Sep 17 00:00:00 2001 From: Stephen Ball Date: Tue, 24 Oct 2023 09:44:19 -0400 Subject: [PATCH 2/5] Remove superfluous echo and typo --- Solutions/Tanium/check_build.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Solutions/Tanium/check_build.sh b/Solutions/Tanium/check_build.sh index adaec26e623..fd128137be6 100755 --- a/Solutions/Tanium/check_build.sh +++ b/Solutions/Tanium/check_build.sh @@ -77,7 +77,6 @@ compare_contents() { } show_diff_commands() { - echo "$previous" _msg "\nTo diff mainTemplate.json:" _msg " check_build.sh diff mainTemplate.json" _msg "\nTo diff createUiDefinition.json:" @@ -101,7 +100,7 @@ show_manual_check_steps() { 2. Validate maintemplate.json: - Validate mainTemplate.json by deploying the template in portal. Follow these steps to deploy in portal: + Validate mainTemplate.json by deploying the template in portal. Follow these steps to deploy in portal: โ€ข Open up https://aka.ms/AzureSentinelPrP which launches the Azure portal with the needed private preview flags. โ€ข Go to "Deploy a Custom Template" on the portal From 140b6c5f69505e73c1e10b88fd5c5b6b17b86c22 Mon Sep 17 00:00:00 2001 From: Stephen Ball Date: Tue, 24 Oct 2023 10:49:56 -0400 Subject: [PATCH 3/5] Clarify steps in the build solution script --- Solutions/Tanium/build_solution.sh | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/Solutions/Tanium/build_solution.sh b/Solutions/Tanium/build_solution.sh index 790ca872e0c..d42133b9e2a 100755 --- a/Solutions/Tanium/build_solution.sh +++ b/Solutions/Tanium/build_solution.sh @@ -23,7 +23,9 @@ _msg_success() { } _shout() { + _msg echo >&2 "$(tput bold)${*}$(tput sgr0)" + _msg } _die() { @@ -34,8 +36,8 @@ _die() { } build_solution() { - _msg "๐Ÿ— Building Tanium Sentinel solution" - _msg "๐Ÿค– Sorry but the V3 script requires user interaction" + _msg "๐Ÿค– Sorry but the V3 build script requires user interaction" + _msg "" _msg "Run this command to perform the build:" _msg "" _msg " (cd ../.. && pwsh ./Tools/Create-Azure-Sentinel-Solution/V3/createSolutionV3.ps1)" @@ -43,6 +45,7 @@ build_solution() { _msg "At the prompt type in: ./Solutions/Tanium/Data" _msg "" _msg "e.g. Enter solution data file path : ./Solutions/Tanium/Data" + _msg "" } move_tanium_package_directory_to_temporary_location() { @@ -70,6 +73,7 @@ post_build_cleanup() { } check-command() { + _msg " ๐Ÿ”ง checking $1" if ! command -v "$1" >/dev/null; then _die "$1 command not found: please brew install ${2-:$1}" fi @@ -84,6 +88,7 @@ check-matching-playbook-declarations() { playbook_json_files=$(find Solutions/Tanium/Playbooks -name "azuredeploy.json" | sort | sed -e 's|Solutions/Tanium/||') declared_playbook_json_files=$(jq -r ".Playbooks[]" Solutions/Tanium/Data/Solution_Tanium.json | sort) + _msg " ๐Ÿ•ต๏ธ checking that playbook json files are all declared in the manifest" # comm -23 : omit lines in common and lines only in the second file undeclared_playbook_json_files=$(comm -23 <(echo "$playbook_json_files") <(echo "$declared_playbook_json_files")) if [[ -n "$undeclared_playbook_json_files" ]]; then @@ -95,6 +100,7 @@ check-matching-playbook-declarations() { exit 1 fi + _msg " ๐Ÿ•ต๏ธ checking that all playbooks declared in the manifest have playbook json files" # comm -13 : omit lines in common and lines only in the first file missing_playbook_json_files=$(comm -13 <(echo "$playbook_json_files") <(echo "$declared_playbook_json_files")) if [[ -n "$missing_playbook_json_files" ]]; then @@ -108,9 +114,11 @@ check-matching-playbook-declarations() { } check-prerequisites() { + _msg "๐Ÿงฐ checking prerequisites" check-command "jq" check-command "git" check-command "pwsh" "powershell" + _msg "๐Ÿงพ checking the package manifest" check-matching-playbook-declarations } @@ -137,9 +145,10 @@ main() { shift done + _shout "Checking prerequisites" check-prerequisites _shout "Building Solution" - build_solution | tee /dev/tty > "$logfile" + build_solution ) } From 085532a664647257015f732de713e87eab424fe4 Mon Sep 17 00:00:00 2001 From: Stephen Ball Date: Tue, 24 Oct 2023 11:03:37 -0400 Subject: [PATCH 4/5] Check for arm-ttk module in powershell --- Solutions/Tanium/build_solution.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Solutions/Tanium/build_solution.sh b/Solutions/Tanium/build_solution.sh index d42133b9e2a..eb16b26ef5c 100755 --- a/Solutions/Tanium/build_solution.sh +++ b/Solutions/Tanium/build_solution.sh @@ -79,6 +79,13 @@ check-command() { fi } +check-arm-ttk() { + _msg " ๐Ÿ”ง checking arm-ttk module in powershell" + if ! pwsh -c Get-Module arm-ttk | grep -q arm-ttk; then + _die "arm-ttk module not found in your powershell" + fi +} + check-matching-playbook-declarations() { local playbook_json_files local declared_playbook_json_files @@ -118,6 +125,7 @@ check-prerequisites() { check-command "jq" check-command "git" check-command "pwsh" "powershell" + check-arm-ttk _msg "๐Ÿงพ checking the package manifest" check-matching-playbook-declarations } From 4c43ae85e6ab039c2498fc55c03e2a3cc3423ddf Mon Sep 17 00:00:00 2001 From: Stephen Ball Date: Tue, 24 Oct 2023 11:23:47 -0400 Subject: [PATCH 5/5] Clarify ignorable error --- Solutions/Tanium/build_solution.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Solutions/Tanium/build_solution.sh b/Solutions/Tanium/build_solution.sh index eb16b26ef5c..d5f913fcbec 100755 --- a/Solutions/Tanium/build_solution.sh +++ b/Solutions/Tanium/build_solution.sh @@ -46,6 +46,10 @@ build_solution() { _msg "" _msg "e.g. Enter solution data file path : ./Solutions/Tanium/Data" _msg "" + _msg "---" + _msg "NOTE: Property: \"id\" must use one of the following expressions for an resourceId property is an IGNORABLE error" + _msg "Citation: https://github.com/Azure/Azure-Sentinel/tree/e92286da7d185c99c6d30c2cb8c86bbeca1a99ba/Tools/Create-Azure-Sentinel-Solution/V3#arm-ttk-failue-for-contentproductid-id-issues" + _msg "" } move_tanium_package_directory_to_temporary_location() {