Skip to content

Commit

Permalink
added new guid to name for ccp poller files only
Browse files Browse the repository at this point in the history
  • Loading branch information
@v-amolpatil
v-amolpatil committed Feb 9, 2025
1 parent 5e3842e commit c4e6df7
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 14 deletions.
4 changes: 4 additions & 0 deletions Tools/Create-Azure-Sentinel-Solution/common/commonFunctions.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2718,6 +2718,10 @@ function PrepareSolutionMetadata($solutionMetadataRawContent, $contentResourceDe
{
$alertRule.entityMappings = @($alertRule.entityMappings);
}
elseif($yamlField -eq "sentinelEntitiesMappings" -and $yaml.$yamlField.length -lt 2)
{
$alertRule.sentinelEntitiesMappings = @($alertRule.sentinelEntitiesMappings);
}
}
}
# Create Alert Rule Resource Object
Expand Down
42 changes: 28 additions & 14 deletions Tools/Create-Azure-Sentinel-Solution/common/createCCPConnector.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -245,6 +245,18 @@ function addWorkspaceParameter($templateResourceObj, $parameterName) {
return $templateResourceObj;
}

function addGuidValueParameter($templateResourceObj) {
$hasParameter = [bool]($templateResourceObj.parameters.PSobject.Properties.name -match "guidValue")
if (!$hasParameter) {
$templateResourceObj.parameters | Add-Member -NotePropertyName "guidValue" -NotePropertyValue ([PSCustomObject] @{
defaultValue = "[[newGuid()]";
type = "string";
})
}

return $templateResourceObj;
}

function Add-NewObjectParameter {
param (
[Parameter(Mandatory = $true)] [PSCustomObject] $TemplateResourceObj,
Expand Down Expand Up @@ -378,30 +390,31 @@ function createCCPConnectorResources($contentResourceDetails, $dataFileMetadata,
$splitNamesBySlash = $dataConnectorName -split '/'
$concatenateParts = @()
$outputString = ''
$guidValue = "parameters('guidValue')"

foreach ($currentName in $splitNamesBySlash) {
if ($currentName.Contains('{{')) {
$placeHolderFieldName = $currentName -replace '{{', '' -replace '}}', ''
$placeHolderMatched = [regex]::Matches($currentName, $placeHolderPatternMatches)
if ($placeHolderMatched.Length -eq $currentName.Length) {
$concatenateParts += "parameters('$($placeHolderFieldName)')"

if ($placeHolderFieldName -like '*workspace*') {
if ($placeHolderFieldName -eq 'workspace') {
$concatenateParts += "parameters('innerWorkspace')"
$templateContentConnections.properties.mainTemplate = addWorkspaceParameter -templateResourceObj $templateContentConnections.properties.mainTemplate -parameterName $($placeHolderFieldName)
} else {
$concatenateParts += "parameters('$($placeHolderFieldName)')"
$templateContentConnections.properties.mainTemplate = addNewParameter -templateResourceObj $templateContentConnections.properties.mainTemplate -parameterName $($placeHolderFieldName) -isSecret $false
}
} else {
$text = $currentName -replace $placeHolderMatched.Value, ''
$concatenateParts += "'/$($text)'"
$parameterNameValue = $placeHolderMatched.Value -replace '{{', '' -replace '}}', ''
$concatenateParts += "parameters('$($parameterNameValue)')"

$templateContentConnections.properties.mainTemplate = addNewParameter -templateResourceObj $templateContentConnections.properties.mainTemplate -parameterName $($parameterNameValue) -isSecret $false
}
} else {
if ($currentName.Count -eq 1 -and $currentName -like '{{') {
$concatenateParts = "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', '$($currentName)')]"
$concatenateParts = "[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', '$($currentName)', $guidValue)]"
} else {
if ($concatenateParts.Count -ge 1) {
# if we have multiple parts in name {{innerWorkspace}}/Microsoft.SecurityInsights/OktaDCV1_{{domainname}}
Expand All @@ -413,27 +426,28 @@ function createCCPConnectorResources($contentResourceDetails, $dataFileMetadata,
}
}
}

if ($concatenateParts.Count -gt 1 -and $concatenateParts -notmatch 'concat') {
$outputString = "[[concat($($concatenateParts -join ', '))]"
$outputString = "[[concat($($concatenateParts -join ', '), $guidValue)]"
} elseif ($concatenateParts.Count -eq 1 -and $concatenateParts[0] -match 'parameters') {
# if we just have parameters('abcwork')
$outputString = "[[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', $($concatenateParts[0]))]"
$outputString = "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', $($concatenateParts[0]), $guidValue)]"
} else {
# if we just have 'abcwork'
$outputString = "[[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', '$($concatenateParts[0])')]"
}

if ($outputString -like "*parameters('workspace')*") {
$outputString = $outputString.Replace("[[", "[")
$outputString = "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', '$($concatenateParts[0])', $guidValue)]"
}

return $outputString
}

function CCPDataConnectorsResource($fileContent) {
if ($fileContent.type -eq "Microsoft.SecurityInsights/dataConnectors") {

# add parameter of guidValue if not present
$templateContentConnections.properties.mainTemplate = addGuidValueParameter -templateResourceObj $templateContentConnections.properties.mainTemplate

# add parameter of innerWorkspace if not present
$templateContentConnections.properties.mainTemplate = addWorkspaceParameter -templateResourceObj $templateContentConnections.properties.mainTemplate -parameterName 'innerWorkspace' -isSecret $false

Write-Host "Processing for CCP Poller file path: $ccpPollerFilePath"
$resourceName = GetDataConnectorPollerResourceName -dataConnectorName $fileContent.name

Expand Down

0 comments on commit c4e6df7

Please sign in to comment.