From e22d52956c799810aa9be324637b67a56a004fb0 Mon Sep 17 00:00:00 2001 From: Brian Delaney <68655382+briandelmsft@users.noreply.github.com> Date: Wed, 28 May 2025 09:01:08 -0400 Subject: [PATCH 1/7] Update ServicePrincipalIdentity.json --- Function/ServicePrincipalIdentity.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Function/ServicePrincipalIdentity.json b/Function/ServicePrincipalIdentity.json index 71ef7a2..34b02d4 100644 --- a/Function/ServicePrincipalIdentity.json +++ b/Function/ServicePrincipalIdentity.json @@ -109,7 +109,7 @@ "clientAffinityEnabled": true, "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('STATFunctionName'))]", "siteConfig": { - "linuxFxVersion": "PYTHON|3.10", + "linuxFxVersion": "PYTHON|3.12", "appSettings": [ { "name": "AzureWebJobsStorage", @@ -224,4 +224,4 @@ "value": "[reference(resourceId('Microsoft.Web/sites', parameters('STATFunctionName'))).defaultHostName]" } } -} \ No newline at end of file +} From c773be44aebce0f9b65e78d02102bac9a8ea3237 Mon Sep 17 00:00:00 2001 From: Brian Delaney <68655382+briandelmsft@users.noreply.github.com> Date: Wed, 28 May 2025 09:02:10 -0400 Subject: [PATCH 2/7] Update SystemIdentity.json --- Function/SystemIdentity.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Function/SystemIdentity.json b/Function/SystemIdentity.json index 3554a67..f4f94bd 100644 --- a/Function/SystemIdentity.json +++ b/Function/SystemIdentity.json @@ -97,7 +97,7 @@ "clientAffinityEnabled": true, "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('STATFunctionName'))]", "siteConfig": { - "linuxFxVersion": "PYTHON|3.10", + "linuxFxVersion": "PYTHON|3.12", "appSettings": [ { "name": "AzureWebJobsStorage", @@ -204,4 +204,4 @@ "value": "[reference(resourceId('Microsoft.Web/sites', parameters('STATFunctionName'))).defaultHostName]" } } -} \ No newline at end of file +} From 31bfd3289bf0b9b73baa11eec93759885bf07dea Mon Sep 17 00:00:00 2001 From: Brian Delaney <68655382+briandelmsft@users.noreply.github.com> Date: Wed, 28 May 2025 09:02:21 -0400 Subject: [PATCH 3/7] Update UserAssignedIdentity.json --- Function/UserAssignedIdentity.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Function/UserAssignedIdentity.json b/Function/UserAssignedIdentity.json index a3c7d1b..332c780 100644 --- a/Function/UserAssignedIdentity.json +++ b/Function/UserAssignedIdentity.json @@ -109,7 +109,7 @@ "clientAffinityEnabled": true, "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('STATFunctionName'))]", "siteConfig": { - "linuxFxVersion": "PYTHON|3.10", + "linuxFxVersion": "PYTHON|3.12", "appSettings": [ { "name": "AzureWebJobsStorage", @@ -220,4 +220,4 @@ "value": "[reference(resourceId('Microsoft.Web/sites', parameters('STATFunctionName'))).defaultHostName]" } } -} \ No newline at end of file +} From 838b7572c291240bb7f2c63933df92d70ff68284 Mon Sep 17 00:00:00 2001 From: Brian Delaney Date: Mon, 28 Jul 2025 20:34:25 -0400 Subject: [PATCH 4/7] Added permissions for email entity enrichment --- Deploy/GrantPermissions.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Deploy/GrantPermissions.ps1 b/Deploy/GrantPermissions.ps1 index e151bd4..a674b25 100644 --- a/Deploy/GrantPermissions.ps1 +++ b/Deploy/GrantPermissions.ps1 @@ -166,6 +166,7 @@ Set-APIPermissions -MSIName $STATIdentityName -AppId "00000003-0000-0000-c000-00 Set-APIPermissions -MSIName $STATIdentityName -AppId "8ee8fdad-f234-4243-8f3b-15c294843740" -PermissionName "AdvancedHunting.Read.All" Set-APIPermissions -MSIName $STATIdentityName -AppId "00000003-0000-0000-c000-000000000000" -PermissionName "IdentityRiskyUser.Read.All" Set-APIPermissions -MSIName $STATIdentityName -AppId "00000003-0000-0000-c000-000000000000" -PermissionName "IdentityRiskEvent.Read.All" +Set-APIPermissions -MSIName $STATIdentityName -AppId "00000003-0000-0000-c000-000000000000" -PermissionName "SecurityAnalyzedMessage.Read.All" #Not supported in GCC/GCC High/DoD #Triage-Content Sample if ( $PSBoundParameters.ContainsKey('SampleLogicAppName') ) { From 2044ababd7632051d84f13a2faae2ac1bd49cbaf Mon Sep 17 00:00:00 2001 From: Brian Delaney Date: Mon, 28 Jul 2025 20:35:09 -0400 Subject: [PATCH 5/7] Added MDTI read permissions for future release due to license changes --- Deploy/GrantPermissions.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Deploy/GrantPermissions.ps1 b/Deploy/GrantPermissions.ps1 index a674b25..0643c7c 100644 --- a/Deploy/GrantPermissions.ps1 +++ b/Deploy/GrantPermissions.ps1 @@ -167,6 +167,7 @@ Set-APIPermissions -MSIName $STATIdentityName -AppId "8ee8fdad-f234-4243-8f3b-15 Set-APIPermissions -MSIName $STATIdentityName -AppId "00000003-0000-0000-c000-000000000000" -PermissionName "IdentityRiskyUser.Read.All" Set-APIPermissions -MSIName $STATIdentityName -AppId "00000003-0000-0000-c000-000000000000" -PermissionName "IdentityRiskEvent.Read.All" Set-APIPermissions -MSIName $STATIdentityName -AppId "00000003-0000-0000-c000-000000000000" -PermissionName "SecurityAnalyzedMessage.Read.All" #Not supported in GCC/GCC High/DoD +Set-APIPermissions -MSIName $STATIdentityName -AppId "00000003-0000-0000-c000-000000000000" -PermissionName "ThreatIntelligence.Read.All" #Not supported in GCC/GCC High/DoD #Triage-Content Sample if ( $PSBoundParameters.ContainsKey('SampleLogicAppName') ) { From af0166b9c5052f9a013b14fde69dcbdf4eecd829 Mon Sep 17 00:00:00 2001 From: Brian Delaney Date: Mon, 28 Jul 2025 20:44:16 -0400 Subject: [PATCH 6/7] Remove app service plan deployment, #498 --- Deploy/statdeploy.json | 18 ------------------ Function/ServicePrincipalIdentity.json | 1 - Function/SystemIdentity.json | 1 - Function/UserAssignedIdentity.json | 1 - 4 files changed, 21 deletions(-) diff --git a/Deploy/statdeploy.json b/Deploy/statdeploy.json index 48f4bbe..75565ea 100644 --- a/Deploy/statdeploy.json +++ b/Deploy/statdeploy.json @@ -135,28 +135,12 @@ "allowBlobPublicAccess": false } }, - { - "type": "Microsoft.Web/serverfarms", - "apiVersion": "2021-02-01", - "name": "[variables('functionName')]", - "location": "[parameters('location')]", - "sku": { - "name": "Y1", - "tier": "Dynamic", - "size": "Y1", - "family": "Y" - }, - "properties": { - "reserved": true - } - }, { "condition": "[equals(parameters('identityType'), 'sp')]", "apiVersion": "2019-10-01", "name": "STATFunctionSP", "type": "Microsoft.Resources/deployments", "dependsOn": [ - "[resourceId('Microsoft.Web/serverfarms', variables('functionName'))]", "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]" ], "properties": { @@ -229,7 +213,6 @@ "name": "STATFunctionSystemId", "type": "Microsoft.Resources/deployments", "dependsOn": [ - "[resourceId('Microsoft.Web/serverfarms', variables('functionName'))]", "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]" ], "properties": { @@ -296,7 +279,6 @@ "name": "STATFunctionUser", "type": "Microsoft.Resources/deployments", "dependsOn": [ - "[resourceId('Microsoft.Web/serverfarms', variables('functionName'))]", "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]" ], "properties": { diff --git a/Function/ServicePrincipalIdentity.json b/Function/ServicePrincipalIdentity.json index 34b02d4..dba466f 100644 --- a/Function/ServicePrincipalIdentity.json +++ b/Function/ServicePrincipalIdentity.json @@ -107,7 +107,6 @@ "reserved": true, "httpsOnly": true, "clientAffinityEnabled": true, - "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('STATFunctionName'))]", "siteConfig": { "linuxFxVersion": "PYTHON|3.12", "appSettings": [ diff --git a/Function/SystemIdentity.json b/Function/SystemIdentity.json index f4f94bd..48cc697 100644 --- a/Function/SystemIdentity.json +++ b/Function/SystemIdentity.json @@ -95,7 +95,6 @@ "reserved": true, "httpsOnly": true, "clientAffinityEnabled": true, - "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('STATFunctionName'))]", "siteConfig": { "linuxFxVersion": "PYTHON|3.12", "appSettings": [ diff --git a/Function/UserAssignedIdentity.json b/Function/UserAssignedIdentity.json index 332c780..89b6964 100644 --- a/Function/UserAssignedIdentity.json +++ b/Function/UserAssignedIdentity.json @@ -107,7 +107,6 @@ "reserved": true, "httpsOnly": true, "clientAffinityEnabled": true, - "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('STATFunctionName'))]", "siteConfig": { "linuxFxVersion": "PYTHON|3.12", "appSettings": [ From 2c0b1bd8d7fffa768bc1e6c2772cb7ffd2a355c8 Mon Sep 17 00:00:00 2001 From: Brian Delaney Date: Tue, 16 Dec 2025 20:46:22 -0500 Subject: [PATCH 7/7] New package version --- Deploy/deployui.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Deploy/deployui.json b/Deploy/deployui.json index da65714..217045e 100644 --- a/Deploy/deployui.json +++ b/Deploy/deployui.json @@ -516,7 +516,7 @@ "type": "Microsoft.Common.TextBox", "label": "STAT Function ZIP Package", "placeholder": "", - "defaultValue": "https://github.com/briandelmsft/STAT-Function/releases/download/v2.2.0/stat.zip", + "defaultValue": "https://github.com/briandelmsft/STAT-Function/releases/download/v2.3.0/stat.zip", "toolTip": "Full path to the STAT Function ZIP deployment package", "constraints": { "required": true, @@ -550,7 +550,7 @@ "STATConnectorName": "[coalesce(steps('namingStep').customNaming.statConnectorName, 'SentinelTriageAssistantv2')]", "STATConnectorDisplayName": "[coalesce(steps('namingStep').customNaming.statConnectorDisplayName, 'STAT v2')]", "storageAccountType": "Standard_LRS", - "FunctionPackage": "[coalesce(steps('additionalStep').advanced.functionPackage, 'https://github.com/briandelmsft/STAT-Function/releases/download/v2.2.0/stat.zip')]", + "FunctionPackage": "[coalesce(steps('additionalStep').advanced.functionPackage, 'https://github.com/briandelmsft/STAT-Function/releases/download/v2.3.0/stat.zip')]", "MSGraphEndpoint": "[coalesce(steps('apiStep').customApi.graphApi,'graph.microsoft.com')]", "M365Endpoint": "[coalesce(steps('apiStep').customApi.m365Api,'api.security.microsoft.com')]", "MDEEndpoint": "[coalesce(steps('apiStep').customApi.mdeApi,'api.securitycenter.microsoft.com')]",