Reputation: 1
RE: ARM template for deploying a workbook template to Microsoft Sentinel
I am attempting to deploy an ARM Template (execution using PowerShell) for any Analytic Rule to a Microsoft Sentinel instance.
I have been following this link: https://learn.microsoft.com/en-us/azure/azure-monitor/visualize/workbooks-automate#next-steps.
I am struggling with ensuring the Workbook is deployed to the Microsoft Sentinel workbook gallery and NOT the Azure Monitor one.
The link includes a sample ARM template where you can add templateData (JSON code), which represents the workbook you wish to deploy.
properties": { "galleries": [ { "name": "A Workbook Template", "category": "Deployed Templates", "order": 100, "type": "workbook", "resourceType": "Azure Monitor" } ], "templateData": <PASTE-COPIED-WORKBOOK_TEMPLATE_HERE>
I get it working to deploy to the Azure Monitor workbook gallery but not for it to be present in the Microsoft Sentinel one.
Jason
Upvotes: 0
Views: 118
Answers (1)
Reputation: 8018
If you want to deploy the workbook template to Microsoft sentinel instead of Azure Monitor, it all depends on the resource type basically when deploying through an ARM template.
The required type is "type": "Microsoft.SecurityInsights/contenttemplates"
Reference Microsoft community Blog for more detailed information as well as for the complete script.
If still the issue persists with the above approach, you can use the New-azresource PowerShell command with the provided resource type to achieve the requirement.
New-AzResource -ResourceGroupName xxx -ResourceType "Microsoft.SecurityInsights/contenttemplates" `
-ResourceName "$workspaceName/Microsoft.Insights/$workbook" -Location $location `
-PropertyObject @{
galleries = @(
@{
name = $workbook
category = $Category
order = 80
type = "workbook"
resourceType = "Microsoft.OperationalInsights/workspaces/providers"
}
)
templateData = TemplateData
} -ApiVersion "2020-10-01-preview"
Upvotes: 0
Related Questions
- How to deploy my Azure Monitor Workbook in Azure pipeline (yml)
- How to set access restrictions using ARM template?
- Azure ARM Template and PowerShell Module
- Internal server error while deploying an arm template to azure
- Azure ignores site config settings in ARM template
- azure arm template deploying azure key vault extension to a VM
- Errors when Deploying ARM Template
- Issue deploying AzureFunctions to newly created AppService in the same ARM template
- Deploying ARM templates via Azure Runbooks