Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configure diagnostic logs LAW,Bastion and update sentinel ui def #1086

Merged
merged 8 commits into from
Sep 11, 2024
Merged

Configure diagnostic logs LAW,Bastion and update sentinel ui def #1086

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
5226747
testing audit and bastion logs
jayhaddad Sep 9, 2024
2a94b8e
compile bicep
jayhaddad Sep 9, 2024
f4b4040
fix variable used and recompile bicep
jayhaddad Sep 9, 2024
54dbb03
added array for bastion diag settings
jayhaddad Sep 9, 2024
97d9b3b
update ui def for sentinel
jayhaddad Sep 9, 2024
0baf431
tweak ui def
jayhaddad Sep 9, 2024
2e02fb0
tweak ui def
jayhaddad Sep 9, 2024
4d805a4
GitHub Action: Build Bicep to JSON
invalid-email-address Sep 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 14 additions & 1 deletion src/bicep/form/mlz.portal.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -948,7 +948,20 @@
"name": "sentinelOptionalDetailsText",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "Please note further configuration of Sentinel is required to take advantage of threat detection, log retention and response capabilities."
"text": "Please note further configuration of Sentinel is required to take advantage of threat detection, log retention and response capabilities. Please check the following article to determine what regions support Sentinel.",
"link": {
"label": "Learn more about Sentinel regions",
"uri": "https://learn.microsoft.com/en-us/azure/sentinel/geographical-availability-data-residency"
}
}
},
{
"name": "sentinelFeatureAvailability",
"type": "Microsoft.Common.InfoBox",
"options": {
"style": "Info",
"text": "Please check the following article to see what features are available for Sentinel in different Azure environments.",
"uri": "https://learn.microsoft.com/en-us/azure/sentinel/feature-availability"
}
},
{
Expand Down
8 changes: 8 additions & 0 deletions src/bicep/mlz.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -323,6 +323,13 @@ param logStorageSkuName string = 'Standard_GRS'

// REMOTE ACCESS PARAMETERS

param bastionDiagnosticsLogs array = [
{
category: 'BastionAuditLogs'
enabled: true
}
]

@description('When set to "true", provisions Azure Bastion Host only. It defaults to "false".')
param deployBastion bool = false

Expand Down Expand Up @@ -732,6 +739,7 @@ module storage 'modules/storage.bicep' = {
module diagnostics 'modules/diagnostics.bicep' = {
name: 'deploy-resource-diag-${deploymentNameSuffix}'
params: {
bastionDiagnosticsLogs: bastionDiagnosticsLogs
deployBastion: deployBastion
deploymentNameSuffix: deploymentNameSuffix
firewallDiagnosticsLogs: firewallDiagnosticsLogs
Expand Down
99 changes: 95 additions & 4 deletions src/bicep/mlz.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"_generator": {
"name": "bicep",
"version": "0.29.47.4906",
"templateHash": "14639382000576629473"
"templateHash": "15931306768940102159"
}
},
"parameters": {
Expand Down Expand Up @@ -549,6 +549,15 @@
"description": "The Storage Account SKU to use for log storage. It defaults to \"Standard_GRS\". See https://docs.microsoft.com/en-us/rest/api/storagerp/srp_sku_types for valid settings."
}
},
"bastionDiagnosticsLogs": {
"type": "array",
"defaultValue": [
{
"category": "BastionAuditLogs",
"enabled": true
}
]
},
"deployBastion": {
"type": "bool",
"defaultValue": false,
Expand Down Expand Up @@ -7121,6 +7130,9 @@
},
"mode": "Incremental",
"parameters": {
"bastionDiagnosticsLogs": {
"value": "[parameters('bastionDiagnosticsLogs')]"
},
"deployBastion": {
"value": "[parameters('deployBastion')]"
},
Expand Down Expand Up @@ -7171,10 +7183,13 @@
"_generator": {
"name": "bicep",
"version": "0.29.47.4906",
"templateHash": "7558548205011970878"
"templateHash": "13699796498043220180"
}
},
"parameters": {
"bastionDiagnosticsLogs": {
"type": "array"
},
"deployBastion": {
"type": "bool"
},
Expand Down Expand Up @@ -7341,7 +7356,7 @@
"_generator": {
"name": "bicep",
"version": "0.29.47.4906",
"templateHash": "17680455217420763544"
"templateHash": "6318152353890797757"
}
},
"parameters": {
Expand All @@ -7368,7 +7383,12 @@
"properties": {
"workspaceId": "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName'))]",
"storageAccountId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('diagnosticStorageAccountName'))]",
"logs": "[if(equals(environment().name, 'AzureCloud'), createArray(createObject('category', 'Audit', 'enabled', true())), createArray())]",
"logs": [
{
"category": "Audit",
"enabled": true
}
],
"metrics": [
{
"category": "AllMetrics",
Expand Down Expand Up @@ -7781,6 +7801,77 @@
]
}
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2022-09-01",
"name": "[format('deploy-bastion-diags-{0}', parameters('deploymentNameSuffix'))]",
"subscriptionId": "[variables('hub').subscriptionId]",
"resourceGroup": "[variables('hubResourceGroupName')]",
"properties": {
"expressionEvaluationOptions": {
"scope": "inner"
},
"mode": "Incremental",
"parameters": {
"bastionDiagnosticSettingName": {
"value": "[replace(variables('hub').namingConvention.bastionHostPublicIPAddressDiagnosticSetting, parameters('serviceToken'), '')]"
},
"bastionName": {
"value": "[variables('hub').namingConvention.bastionHost]"
},
"bastionStorageAccountId": {
"value": "[parameters('storageAccountResourceIds')[0]]"
},
"logAnalyticsWorkspaceResourceId": {
"value": "[parameters('logAnalyticsWorkspaceResourceId')]"
},
"logs": {
"value": "[parameters('bastionDiagnosticsLogs')]"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.29.47.4906",
"templateHash": "1417962456788904727"
}
},
"parameters": {
"bastionDiagnosticSettingName": {
"type": "string"
},
"bastionName": {
"type": "string"
},
"bastionStorageAccountId": {
"type": "string"
},
"logAnalyticsWorkspaceResourceId": {
"type": "string"
},
"logs": {
"type": "array"
}
},
"resources": [
{
"type": "Microsoft.Insights/diagnosticSettings",
"apiVersion": "2017-05-01-preview",
"scope": "[format('Microsoft.Network/bastionHosts/{0}', parameters('bastionName'))]",
"name": "[parameters('bastionDiagnosticSettingName')]",
"properties": {
"storageAccountId": "[parameters('bastionStorageAccountId')]",
"workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]",
"logs": "[parameters('logs')]"
}
}
]
}
}
}
]
}
Expand Down
24 changes: 24 additions & 0 deletions src/bicep/modules/bastion-diagnostics.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
/*
Copyright (c) Microsoft Corporation.
Licensed under the MIT License.
*/

param bastionDiagnosticSettingName string
param bastionName string
param bastionStorageAccountId string
param logAnalyticsWorkspaceResourceId string
param logs array

resource bastionHost 'Microsoft.Network/bastionHosts@2021-02-01' existing = {
name: bastionName
}

resource diagnostics 'Microsoft.Insights/diagnosticSettings@2017-05-01-preview' = {
scope: bastionHost
name: bastionDiagnosticSettingName
properties: {
storageAccountId: bastionStorageAccountId
workspaceId: logAnalyticsWorkspaceResourceId
logs: logs
}
}
13 changes: 13 additions & 0 deletions src/bicep/modules/diagnostics.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ Licensed under the MIT License.

targetScope = 'subscription'

param bastionDiagnosticsLogs array
param deployBastion bool
param deploymentNameSuffix string
param firewallDiagnosticsLogs array
Expand Down Expand Up @@ -122,3 +123,15 @@ module keyvaultDiagnostics '../modules/key-vault-diagnostics.bicep' = {
logs: keyVaultDiagnosticLogs
}
}

module bastionDiagnostics '../modules/bastion-diagnostics.bicep' = {
name: 'deploy-bastion-diags-${deploymentNameSuffix}'
scope: resourceGroup(hub.subscriptionId, hubResourceGroupName)
params: {
bastionDiagnosticSettingName: replace(hub.namingConvention.bastionHostPublicIPAddressDiagnosticSetting, serviceToken, '')
bastionName: hub.namingConvention.bastionHost
bastionStorageAccountId: storageAccountResourceIds[0]
logAnalyticsWorkspaceResourceId: logAnalyticsWorkspaceResourceId
logs: bastionDiagnosticsLogs
}
}
4 changes: 2 additions & 2 deletions src/bicep/modules/log-analytics-diagnostic-setting.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,12 +23,12 @@ resource diagnosticSetting 'Microsoft.Insights/diagnosticSettings@2017-05-01-pre
properties: {
workspaceId: logAnalyticsWorkspace.id
storageAccountId: stg.id
logs: environment().name == 'AzureCloud' ? [
logs: [
{
category: 'Audit'
enabled: true
}
] : []
]
metrics: [
{
category: 'AllMetrics'
Expand Down