From 0008956bc991ddb8a4927fdf346c6a03c9538425 Mon Sep 17 00:00:00 2001 From: Pierre Audonnet Date: Sat, 12 Apr 2025 14:44:29 -0400 Subject: [PATCH 01/15] Update deployui.json --- Deploy/deployui.json | 44 +++++++++++++++++++++++++------------------- 1 file changed, 25 insertions(+), 19 deletions(-) diff --git a/Deploy/deployui.json b/Deploy/deployui.json index 8ce2667..b66be3d 100644 --- a/Deploy/deployui.json +++ b/Deploy/deployui.json @@ -474,24 +474,6 @@ "uri": "https://learn.microsoft.com/defender-cloud-apps/api-introduction#api-url-structure" } } - }, - { - "name": "mdcaApi", - "type": "Microsoft.Common.TextBox", - "label": "Microsoft Defender for Cloud Apps API", - "placeholder": "*.*.portal.cloudappsecurity.com", - "defaultValue": "", - "toolTip": "Microsoft Defender for Cloud Apps API Endpoint", - "constraints": { - "required": true, - "validations": [ - { - "regex": "(^(?![hH][tT][tT][pP][sS]?:\/\/)).*", - "message": "Enter only the hostname, such as org.region.cloudappsecurity.com, do not include the https:// prefix." - } - ] - }, - "visible": true } ] }, @@ -566,6 +548,28 @@ "validations": [] }, "visible": "[steps('additionalStep').advanced.showAdvanced]" + }, + { + "name": "storageAccountAllowBlobPublicAccess", + "type": "Microsoft.Common.Toggle", + "label": "Allow blob public access for the storage account", + "defaultValue": true, + "toolTip": "Set the allowBlobPublicAccess property on the storage account.", + "constraints": { + "required": true + }, + "visible": "[steps('additionalStep').advanced.showAdvanced]" + }, + { + "name": "storageAccountPublicNetworkAccess", + "type": "Microsoft.Common.Toggle", + "label": "Allow public network access for the storage account", + "defaultValue": true, + "toolTip": "Set the publicNetworkAccess property on the storage account.", + "constraints": { + "required": true + }, + "visible": "[steps('additionalStep').advanced.showAdvanced]" } ], "visible": true @@ -580,11 +584,13 @@ "STATConnectorName": "[coalesce(steps('namingStep').customNaming.statConnectorName, 'SentinelTriageAssistantv2')]", "STATConnectorDisplayName": "[coalesce(steps('namingStep').customNaming.statConnectorDisplayName, 'STAT v2')]", "storageAccountType": "Standard_LRS", + "storageAccountAllowBlobPublicAccess": "[coalesce(steps('additionalStep').advanced.storageAccountAllowBlobPublicAccess],true)]", + "storageAccountPublicNetworkAccess": "[coalesce(steps('additionalStep').advanced.storageAccountPublicNetworkAccess],true)]", + "MDCAEndpoint":"-", "FunctionPackage": "[coalesce(steps('additionalStep').advanced.functionPackage, 'https://github.com/briandelmsft/STAT-Function/releases/download/v2.1.0/stat.zip')]", "MSGraphEndpoint": "[coalesce(steps('apiStep').customApi.graphApi,'graph.microsoft.com')]", "M365Endpoint": "[coalesce(steps('apiStep').customApi.m365Api,'api.security.microsoft.com')]", "MDEEndpoint": "[coalesce(steps('apiStep').customApi.mdeApi,'api.securitycenter.microsoft.com')]", - "MDCAEndpoint": "[steps('apiStep').mdcaApi]", "LogAnalyticsEndpoint": "[coalesce(steps('apiStep').customApi.laApi,'api.loganalytics.io')]", "AzureResourceManagerEndpoint": "[coalesce(steps('apiStep').customApi.armApi,'management.azure.com')]", "ServicePrincipalClientId": "[coalesce(steps('identityStep').spId.clientId,steps('identityStep').userId.clientId, 'none')]", From 94709a42822f964a2e5aaa22e7b175418f1c7b16 Mon Sep 17 00:00:00 2001 From: Pierre Audonnet Date: Sat, 12 Apr 2025 14:52:55 -0400 Subject: [PATCH 02/15] Update statdeploy.json --- Deploy/statdeploy.json | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/Deploy/statdeploy.json b/Deploy/statdeploy.json index ccd9afe..caa46f3 100644 --- a/Deploy/statdeploy.json +++ b/Deploy/statdeploy.json @@ -134,6 +134,11 @@ "apiVersion": "2022-05-01", "name": "[variables('storageAccountName')]", "location": "[parameters('location')]", + "properties": + { + "allowBlobPublicAccess": [parameters('storageAccountAllowBlobPublicAccess')], + "publicNetworkAccess": "[parameters('storageAccountPublicNetworkAccess')]" + } "sku": { "name": "[parameters('storageAccountType')]" }, @@ -379,4 +384,4 @@ ], "outputs": { } -} \ No newline at end of file +} From 6eadb06d75b818f2884d64a19ec82332c4281b94 Mon Sep 17 00:00:00 2001 From: Pierre Audonnet Date: Sat, 12 Apr 2025 14:55:45 -0400 Subject: [PATCH 03/15] Update deployui.json --- Deploy/deployui.json | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Deploy/deployui.json b/Deploy/deployui.json index b66be3d..7044469 100644 --- a/Deploy/deployui.json +++ b/Deploy/deployui.json @@ -564,11 +564,12 @@ "name": "storageAccountPublicNetworkAccess", "type": "Microsoft.Common.Toggle", "label": "Allow public network access for the storage account", - "defaultValue": true, + "defaultValue": "Enabled", "toolTip": "Set the publicNetworkAccess property on the storage account.", "constraints": { "required": true }, + "value": "[if(equals(parameters('storageAccountPublicNetworkAccess'), true), 'Enabled', 'Disabled')]", "visible": "[steps('additionalStep').advanced.showAdvanced]" } ], @@ -585,7 +586,7 @@ "STATConnectorDisplayName": "[coalesce(steps('namingStep').customNaming.statConnectorDisplayName, 'STAT v2')]", "storageAccountType": "Standard_LRS", "storageAccountAllowBlobPublicAccess": "[coalesce(steps('additionalStep').advanced.storageAccountAllowBlobPublicAccess],true)]", - "storageAccountPublicNetworkAccess": "[coalesce(steps('additionalStep').advanced.storageAccountPublicNetworkAccess],true)]", + "storageAccountPublicNetworkAccess": "[coalesce(steps('additionalStep').advanced.storageAccountPublicNetworkAccess],'Enabled')]", "MDCAEndpoint":"-", "FunctionPackage": "[coalesce(steps('additionalStep').advanced.functionPackage, 'https://github.com/briandelmsft/STAT-Function/releases/download/v2.1.0/stat.zip')]", "MSGraphEndpoint": "[coalesce(steps('apiStep').customApi.graphApi,'graph.microsoft.com')]", From f6384eb5edbf12ecf8197a00db683006e4e0aba2 Mon Sep 17 00:00:00 2001 From: Pierre Audonnet Date: Sat, 12 Apr 2025 15:00:44 -0400 Subject: [PATCH 04/15] Update deployui.json --- Deploy/deployui.json | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/Deploy/deployui.json b/Deploy/deployui.json index 7044469..1088feb 100644 --- a/Deploy/deployui.json +++ b/Deploy/deployui.json @@ -564,12 +564,11 @@ "name": "storageAccountPublicNetworkAccess", "type": "Microsoft.Common.Toggle", "label": "Allow public network access for the storage account", - "defaultValue": "Enabled", - "toolTip": "Set the publicNetworkAccess property on the storage account.", + "defaultValue": true, + "toolTip": "Control the publicNetworkAccess property on the storage account.", "constraints": { "required": true }, - "value": "[if(equals(parameters('storageAccountPublicNetworkAccess'), true), 'Enabled', 'Disabled')]", "visible": "[steps('additionalStep').advanced.showAdvanced]" } ], @@ -586,7 +585,7 @@ "STATConnectorDisplayName": "[coalesce(steps('namingStep').customNaming.statConnectorDisplayName, 'STAT v2')]", "storageAccountType": "Standard_LRS", "storageAccountAllowBlobPublicAccess": "[coalesce(steps('additionalStep').advanced.storageAccountAllowBlobPublicAccess],true)]", - "storageAccountPublicNetworkAccess": "[coalesce(steps('additionalStep').advanced.storageAccountPublicNetworkAccess],'Enabled')]", + "storageAccountPublicNetworkAccess": "[if(equals(parameters('storageAccountPublicNetworkAccess'), true), 'Enabled', 'Disabled')]", "MDCAEndpoint":"-", "FunctionPackage": "[coalesce(steps('additionalStep').advanced.functionPackage, 'https://github.com/briandelmsft/STAT-Function/releases/download/v2.1.0/stat.zip')]", "MSGraphEndpoint": "[coalesce(steps('apiStep').customApi.graphApi,'graph.microsoft.com')]", From 01cdf4d8821259066454db7fb5d0342b2359a846 Mon Sep 17 00:00:00 2001 From: Pierre Audonnet Date: Sat, 12 Apr 2025 15:02:08 -0400 Subject: [PATCH 05/15] Update statdeploy.json --- Deploy/statdeploy.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Deploy/statdeploy.json b/Deploy/statdeploy.json index caa46f3..2ce890d 100644 --- a/Deploy/statdeploy.json +++ b/Deploy/statdeploy.json @@ -136,7 +136,7 @@ "location": "[parameters('location')]", "properties": { - "allowBlobPublicAccess": [parameters('storageAccountAllowBlobPublicAccess')], + "allowBlobPublicAccess": "[parameters('storageAccountAllowBlobPublicAccess')]", "publicNetworkAccess": "[parameters('storageAccountPublicNetworkAccess')]" } "sku": { From 53ba71824be4763de519cb9aee67413432509bb9 Mon Sep 17 00:00:00 2001 From: Pierre Audonnet Date: Sat, 12 Apr 2025 15:02:52 -0400 Subject: [PATCH 06/15] Update statdeploy.json --- Deploy/statdeploy.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Deploy/statdeploy.json b/Deploy/statdeploy.json index 2ce890d..3a04eee 100644 --- a/Deploy/statdeploy.json +++ b/Deploy/statdeploy.json @@ -138,7 +138,7 @@ { "allowBlobPublicAccess": "[parameters('storageAccountAllowBlobPublicAccess')]", "publicNetworkAccess": "[parameters('storageAccountPublicNetworkAccess')]" - } + }, "sku": { "name": "[parameters('storageAccountType')]" }, From 77c0e9a12aa028bf5d52716c23c9f15562c5f6eb Mon Sep 17 00:00:00 2001 From: Pierre Audonnet Date: Sat, 12 Apr 2025 15:05:35 -0400 Subject: [PATCH 07/15] Update statdeploy.json --- Deploy/statdeploy.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Deploy/statdeploy.json b/Deploy/statdeploy.json index 3a04eee..3643a7f 100644 --- a/Deploy/statdeploy.json +++ b/Deploy/statdeploy.json @@ -134,8 +134,7 @@ "apiVersion": "2022-05-01", "name": "[variables('storageAccountName')]", "location": "[parameters('location')]", - "properties": - { + "properties": { "allowBlobPublicAccess": "[parameters('storageAccountAllowBlobPublicAccess')]", "publicNetworkAccess": "[parameters('storageAccountPublicNetworkAccess')]" }, From fd380abd33400d38431aeffff4b75f62a5c0d3db Mon Sep 17 00:00:00 2001 From: Pierre Audonnet Date: Sat, 12 Apr 2025 15:07:41 -0400 Subject: [PATCH 08/15] Update statdeploy.json --- Deploy/statdeploy.json | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Deploy/statdeploy.json b/Deploy/statdeploy.json index 3643a7f..ce0dc88 100644 --- a/Deploy/statdeploy.json +++ b/Deploy/statdeploy.json @@ -116,6 +116,12 @@ }, "BasicSamplePlaybookName": { "type": "string" + }, + "storageAccountAllowBlobPublicAccess": { + "type": "bool" + }, + "storageAccountPublicNetworkAccess": { + "type": "string" } }, "variables": { From f8de6c758ab57beaf4843909c207949d4ba675d6 Mon Sep 17 00:00:00 2001 From: Pierre Audonnet Date: Sat, 12 Apr 2025 15:13:08 -0400 Subject: [PATCH 09/15] Update deployui.json --- Deploy/deployui.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Deploy/deployui.json b/Deploy/deployui.json index 1088feb..7035346 100644 --- a/Deploy/deployui.json +++ b/Deploy/deployui.json @@ -551,7 +551,7 @@ }, { "name": "storageAccountAllowBlobPublicAccess", - "type": "Microsoft.Common.Toggle", + "type": "Microsoft.Common.CheckBox", "label": "Allow blob public access for the storage account", "defaultValue": true, "toolTip": "Set the allowBlobPublicAccess property on the storage account.", @@ -562,7 +562,7 @@ }, { "name": "storageAccountPublicNetworkAccess", - "type": "Microsoft.Common.Toggle", + "type": "Microsoft.Common.CheckBox", "label": "Allow public network access for the storage account", "defaultValue": true, "toolTip": "Control the publicNetworkAccess property on the storage account.", From ae0f48072a1bfb097b2cd042a5aead76f09e919d Mon Sep 17 00:00:00 2001 From: Pierre Audonnet Date: Sat, 12 Apr 2025 15:14:16 -0400 Subject: [PATCH 10/15] Update deployui.json --- Deploy/deployui.json | 6 ------ 1 file changed, 6 deletions(-) diff --git a/Deploy/deployui.json b/Deploy/deployui.json index 7035346..0e658f4 100644 --- a/Deploy/deployui.json +++ b/Deploy/deployui.json @@ -555,9 +555,6 @@ "label": "Allow blob public access for the storage account", "defaultValue": true, "toolTip": "Set the allowBlobPublicAccess property on the storage account.", - "constraints": { - "required": true - }, "visible": "[steps('additionalStep').advanced.showAdvanced]" }, { @@ -566,9 +563,6 @@ "label": "Allow public network access for the storage account", "defaultValue": true, "toolTip": "Control the publicNetworkAccess property on the storage account.", - "constraints": { - "required": true - }, "visible": "[steps('additionalStep').advanced.showAdvanced]" } ], From a6e44870754d54e1fa825281a9bdbea781bfcdbc Mon Sep 17 00:00:00 2001 From: Pierre Audonnet Date: Sat, 12 Apr 2025 15:16:43 -0400 Subject: [PATCH 11/15] Update deployui.json --- Deploy/deployui.json | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Deploy/deployui.json b/Deploy/deployui.json index 0e658f4..37c96f6 100644 --- a/Deploy/deployui.json +++ b/Deploy/deployui.json @@ -554,6 +554,7 @@ "type": "Microsoft.Common.CheckBox", "label": "Allow blob public access for the storage account", "defaultValue": true, + "constraints": {}, "toolTip": "Set the allowBlobPublicAccess property on the storage account.", "visible": "[steps('additionalStep').advanced.showAdvanced]" }, @@ -562,6 +563,7 @@ "type": "Microsoft.Common.CheckBox", "label": "Allow public network access for the storage account", "defaultValue": true, + "constraints": {}, "toolTip": "Control the publicNetworkAccess property on the storage account.", "visible": "[steps('additionalStep').advanced.showAdvanced]" } From df2bb8148ed68c43a75bd0887fbc67d54b8dbe1f Mon Sep 17 00:00:00 2001 From: Pierre Audonnet Date: Sat, 12 Apr 2025 15:21:35 -0400 Subject: [PATCH 12/15] Update deployui.json --- Deploy/deployui.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Deploy/deployui.json b/Deploy/deployui.json index 37c96f6..28894cc 100644 --- a/Deploy/deployui.json +++ b/Deploy/deployui.json @@ -580,8 +580,8 @@ "STATConnectorName": "[coalesce(steps('namingStep').customNaming.statConnectorName, 'SentinelTriageAssistantv2')]", "STATConnectorDisplayName": "[coalesce(steps('namingStep').customNaming.statConnectorDisplayName, 'STAT v2')]", "storageAccountType": "Standard_LRS", - "storageAccountAllowBlobPublicAccess": "[coalesce(steps('additionalStep').advanced.storageAccountAllowBlobPublicAccess],true)]", - "storageAccountPublicNetworkAccess": "[if(equals(parameters('storageAccountPublicNetworkAccess'), true), 'Enabled', 'Disabled')]", + "storageAccountAllowBlobPublicAccess": "[if(equals(steps('additionalStep').advanced.storageAccountAllowBlobPublicAccess), true), true, false)]", + "storageAccountPublicNetworkAccess": "[if(equals(steps('additionalStep').advanced.storageAccountPublicNetworkAccess), true), 'Enabled', 'Disabled')]", "MDCAEndpoint":"-", "FunctionPackage": "[coalesce(steps('additionalStep').advanced.functionPackage, 'https://github.com/briandelmsft/STAT-Function/releases/download/v2.1.0/stat.zip')]", "MSGraphEndpoint": "[coalesce(steps('apiStep').customApi.graphApi,'graph.microsoft.com')]", From ea7c58881f356054945cfee48831adf9d2768532 Mon Sep 17 00:00:00 2001 From: Pierre Audonnet Date: Sat, 12 Apr 2025 15:24:03 -0400 Subject: [PATCH 13/15] Update deployui.json --- Deploy/deployui.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Deploy/deployui.json b/Deploy/deployui.json index 28894cc..072c2b1 100644 --- a/Deploy/deployui.json +++ b/Deploy/deployui.json @@ -580,8 +580,8 @@ "STATConnectorName": "[coalesce(steps('namingStep').customNaming.statConnectorName, 'SentinelTriageAssistantv2')]", "STATConnectorDisplayName": "[coalesce(steps('namingStep').customNaming.statConnectorDisplayName, 'STAT v2')]", "storageAccountType": "Standard_LRS", - "storageAccountAllowBlobPublicAccess": "[if(equals(steps('additionalStep').advanced.storageAccountAllowBlobPublicAccess), true), true, false)]", - "storageAccountPublicNetworkAccess": "[if(equals(steps('additionalStep').advanced.storageAccountPublicNetworkAccess), true), 'Enabled', 'Disabled')]", + "storageAccountAllowBlobPublicAccess": "[if(equals(steps('additionalStep').advanced.storageAccountAllowBlobPublicAccess, true), true, false)]", + "storageAccountPublicNetworkAccess": "[if(equals(steps('additionalStep').advanced.storageAccountPublicNetworkAccess, true), 'Enabled', 'Disabled')]", "MDCAEndpoint":"-", "FunctionPackage": "[coalesce(steps('additionalStep').advanced.functionPackage, 'https://github.com/briandelmsft/STAT-Function/releases/download/v2.1.0/stat.zip')]", "MSGraphEndpoint": "[coalesce(steps('apiStep').customApi.graphApi,'graph.microsoft.com')]", From b6510dfc5911b5274b6b082669fd0d617fbe13a6 Mon Sep 17 00:00:00 2001 From: Pierre Audonnet Date: Sat, 12 Apr 2025 19:52:08 -0400 Subject: [PATCH 14/15] Update deployui.json --- Deploy/deployui.json | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/Deploy/deployui.json b/Deploy/deployui.json index 072c2b1..5244699 100644 --- a/Deploy/deployui.json +++ b/Deploy/deployui.json @@ -553,19 +553,10 @@ "name": "storageAccountAllowBlobPublicAccess", "type": "Microsoft.Common.CheckBox", "label": "Allow blob public access for the storage account", - "defaultValue": true, + "defaultValue": false, "constraints": {}, "toolTip": "Set the allowBlobPublicAccess property on the storage account.", "visible": "[steps('additionalStep').advanced.showAdvanced]" - }, - { - "name": "storageAccountPublicNetworkAccess", - "type": "Microsoft.Common.CheckBox", - "label": "Allow public network access for the storage account", - "defaultValue": true, - "constraints": {}, - "toolTip": "Control the publicNetworkAccess property on the storage account.", - "visible": "[steps('additionalStep').advanced.showAdvanced]" } ], "visible": true @@ -581,7 +572,6 @@ "STATConnectorDisplayName": "[coalesce(steps('namingStep').customNaming.statConnectorDisplayName, 'STAT v2')]", "storageAccountType": "Standard_LRS", "storageAccountAllowBlobPublicAccess": "[if(equals(steps('additionalStep').advanced.storageAccountAllowBlobPublicAccess, true), true, false)]", - "storageAccountPublicNetworkAccess": "[if(equals(steps('additionalStep').advanced.storageAccountPublicNetworkAccess, true), 'Enabled', 'Disabled')]", "MDCAEndpoint":"-", "FunctionPackage": "[coalesce(steps('additionalStep').advanced.functionPackage, 'https://github.com/briandelmsft/STAT-Function/releases/download/v2.1.0/stat.zip')]", "MSGraphEndpoint": "[coalesce(steps('apiStep').customApi.graphApi,'graph.microsoft.com')]", From 25b7ea97038e2e833127432140d303283ef9b82b Mon Sep 17 00:00:00 2001 From: Pierre Audonnet Date: Sat, 12 Apr 2025 19:53:07 -0400 Subject: [PATCH 15/15] Update statdeploy.json --- Deploy/statdeploy.json | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/Deploy/statdeploy.json b/Deploy/statdeploy.json index ce0dc88..b1befad 100644 --- a/Deploy/statdeploy.json +++ b/Deploy/statdeploy.json @@ -119,9 +119,6 @@ }, "storageAccountAllowBlobPublicAccess": { "type": "bool" - }, - "storageAccountPublicNetworkAccess": { - "type": "string" } }, "variables": { @@ -141,8 +138,7 @@ "name": "[variables('storageAccountName')]", "location": "[parameters('location')]", "properties": { - "allowBlobPublicAccess": "[parameters('storageAccountAllowBlobPublicAccess')]", - "publicNetworkAccess": "[parameters('storageAccountPublicNetworkAccess')]" + "allowBlobPublicAccess": "[parameters('storageAccountAllowBlobPublicAccess')]" }, "sku": { "name": "[parameters('storageAccountType')]"