search

Azure / Azure-Verified-Modules

Azure Verified Modules (AVM) is an initiative to consolidate and set the standards for what a good Infrastructure-as-Code module looks like. Modules will then align to these standards, across languages (Bicep, Terraform etc.) and will then be classified as AVMs and available from their respective language specific registries.
https://aka.ms/AVM
MIT License
317 stars 65 forks source link

[Module Proposal]: `avm-ptn-sentinel-solutions` #760

Open LaurentLesle opened 5 months ago

LaurentLesle commented 5 months ago

Check for previous/existing GitHub issues/module proposals

Check this module doesn't already exist in the module indexes

Bicep or Terraform?

Terraform

Module Classification?

Pattern Module

Module Name

avm-ptn-sentinel-solutions

Module Details

The goals of this module is to propose a simple way to deploy Sentinel community solutions hosted on github

image

The proposed module will map the artefacts hosted into https://github.com/Azure/Azure-Sentinel/tree/master/Solutions

The goal is to propose a simple way to use those solutions by providing a map of the solutions to deploy in the workspace

solutions = {
 "Azure Activity" = {
   // Custom solution parameters
 }
 "Azure DDos Protection" = {}
 ...
}

The module will then map the yaml and json into native azurerm or azapi calls. image

Mapping identified so far

entry point (matadata and files to parse):
 -> Data/Solution_*.json

hunting rules
 -> azurerm/sentinel_alert_nrt
 -> azurerm/sentinel_metadata

data connectors
 -> azapi/Microsoft.SecurityInsights/dataConnectors@2023-02-01-preview
 -> azurerm/sentinel_metadata

Analytic Rules
 -> kind = Scheduled
 -> azurerm/sentinel_alert_rule_scheduled

 -> kind = NRT
 -> azurerm/sentinel_alert_rule_nrt

Do you want to be the owner of this module?

Yes

Module Owner's GitHub Username (handle)

LaurentLesle

(Optional) Secondary Module Owner's GitHub Username (handle)

No response

microsoft-github-policy-service[bot] commented 5 months ago

@LaurentLesle, thanks for volunteering to be a module owner!

Please don't start the development just yet!

The AVM core team will review this module proposal and respond to you first. Thank you!

prjelesi commented 5 months ago

Hi @LaurentLesle

Thanks for requesting/proposing to be an AVM module owner!

We just want to confirm you agree to the below pages that define what module ownership means:

Team Definitions & RACI Shared Specification (Bicep & Terraform) Module Support Any questions or clarifications needed, let us know!

If you agree, please just reply to this issue with the exact sentence below (as this helps with our automation 👍):

"I CONFIRM I WISH TO OWN THIS AVM MODULE AND UNDERSTAND THE REQUIREMENTS AND DEFINITION OF A MODULE OWNER"

Thanks,

The AVM Core Team

LaurentLesle commented 5 months ago

"I CONFIRM I WISH TO OWN THIS AVM MODULE AND UNDERSTAND THE REQUIREMENTS AND DEFINITION OF A MODULE OWNER"

prjelesi commented 5 months ago

Hi @LaurentLesle , updated to ptn module as we agree.

Thanks for confirming that you wish to own this AVM module and understand the related requirements and responsibilities!

Before starting development, please ensure ALL the following requirements are met.

Please use the following values explicitly as provided in the module index page:

For your module: ModuleName - for naming your module TelemetryIdPrefix - for your module's telemetry For your module's repository: Repo name and folder path are defined in RepoURL Create GitHub teams for module owners and contributors and grant them permissions as outlined here. Grant permissions for the AVM core team and PG teams on your GitHub repo as described here. Check if this module exists in the other IaC language. If so, collaborate with the other owner for consistency. 👍

You can now start the development of this module! ✅ Happy coding! 🎉

Please respond to this comment and request a review from the AVM core team once your module is ready to be published! Please include a link pointing to your PR, once available. 🙏

Any further questions or clarifications needed, let us know!

Thanks,

The AVM Core Team

cshea-msft commented 2 months ago

Hey @LaurentLesle if you need some assistance in building this out myself and another engineer were looking to create the pattern. feel free to reach out! thanks,

LaurentLesle commented 2 months ago

Happy to organise a demo. I made good progress. Keen to get feedback on the approach

On Mon, 17 Jun 2024 at 21:31, Charles J Shea @.***> wrote:

Hey @LaurentLesle https://github.com/LaurentLesle if you need some assistance in building this out myself and another engineer were looking to create the pattern. feel free to reach out! thanks,

— Reply to this email directly, view it on GitHub https://github.com/Azure/Azure-Verified-Modules/issues/760#issuecomment-2173407023 or unsubscribe https://github.com/notifications/unsubscribe-auth/ABD4AEA5LMQ47CPP5FPWLYDZH3QMZBFKMF2HI4TJMJ2XIZLTS2BKK5TBNR2WLJDUOJ2WLJDOMFWWLO3UNBZGKYLEL5YGC4TUNFRWS4DBNZ2F6YLDORUXM2LUPGBKK5TBNR2WLJDUOJ2WLJDOMFWWLLTXMF2GG2C7MFRXI2LWNF2HTAVFOZQWY5LFUVUXG43VMWSG4YLNMWVXI2DSMVQWIX3UPFYGLAVFOZQWY5LFVI2TSMZWGUYDQMZZGSSG4YLNMWUWQYLTL5WGCYTFNSBKK5TBNR2WLKRVHEZTMNJTGEZDAM5ENZQW2ZNJNBQXGX3MMFRGK3ECUV3GC3DVMWVDMMBUHEZDKMZSGU4KI3TBNVS2S2DBONPWYYLCMVWKY43VMJVGKY3UL52HS4DFVREXG43VMVBW63LNMVXHJJTUN5YGSY3TSWBKI5DZOBS2U4TFOBXXG2LUN5ZHTJLWMFWHKZNJGY3DAMRRGE2TONUCUR2HS4DFUVUXG43VMWSXMYLMOVS2UMRRHE4TGOBZGAYDTAVEOR4XAZNFNRQWEZLMUV3GC3DVMWVDKOJTGY2TAOBTHE2IFJDUPFYGLJLMMFRGK3FFOZQWY5LFVI2TSMZWGUZTCMRQGOBKI5DZOBS2K3DBMJSWZJLWMFWHKZNKGYYDIOJSGUZTENJYU52HE2LHM5SXFJTDOJSWC5DF . You are receiving this email because you were mentioned.

Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub .