-
Notifications
You must be signed in to change notification settings - Fork 761
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
884d4b3
commit 76d17e1
Showing
2 changed files
with
206 additions
and
0 deletions.
There are no files selected for viewing
186 changes: 186 additions & 0 deletions
186
...Managed identity should be used in function apps/Logic App/mdc-logicapp-MSI-template.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,186 @@ | ||
{ | ||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", | ||
"contentVersion": "1.0.0.0", | ||
"parameters": { | ||
"workflowName": { | ||
"type": "String" | ||
}, | ||
"connectionNamePrefix": { | ||
"defaultValue": "ascassessment", | ||
"type": "String" | ||
}, | ||
|
||
"azureRestAPiVersion": { | ||
"type": "string", | ||
"defaultValue": "api-version=2021-02-01" | ||
|
||
} | ||
}, | ||
"variables": { | ||
"connectionName": "[concat(parameters('connectionNamePrefix'),resourceGroup().location)]" | ||
|
||
}, | ||
"resources": [ | ||
{ | ||
"type": "Microsoft.Web/connections", | ||
"apiVersion": "2016-06-01", | ||
"name": "[variables('connectionName')]", | ||
//"location": "[parameters('connectionLocation')]", | ||
"location": "[resourceGroup().location]", | ||
"kind": "V1", | ||
"properties": { | ||
"displayName": "Microsoft Defender for Cloud Recommendation", | ||
"api": { | ||
"name": "[variables('connectionName')]", | ||
"displayName": "Microsoft Defender for Cloud Recommendation", | ||
"description": "Microsoft Defender for Cloud is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud - whether they're in Azure or not - as well as on premises", | ||
"id": "[subscriptionResourceId('Microsoft.Web/locations/managedApis', resourceGroup().location, 'ascassessment')]", | ||
"type": "Microsoft.Web/locations/managedApis" | ||
}, | ||
"testLinks": [] | ||
} | ||
}, | ||
{ | ||
"type": "Microsoft.Logic/workflows", | ||
"apiVersion": "2017-07-01", | ||
"name": "[parameters('workflowName')]", | ||
"location": "[resourceGroup().location]", | ||
"dependsOn": [ | ||
"[resourceId('Microsoft.Web/connections',variables('connectionName'))]" | ||
], | ||
"identity": { | ||
"type": "SystemAssigned" | ||
}, | ||
"properties": { | ||
"state": "Enabled", | ||
"definition": { | ||
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", | ||
"contentVersion": "1.0.0.0", | ||
"parameters": { | ||
"$connections": { | ||
"defaultValue": {}, | ||
"type": "Object" | ||
}, | ||
"apiversion": { | ||
"defaultValue": "[parameters('azureRestAPiVersion')]", | ||
"type": "String" | ||
}, | ||
"recomendationName": { | ||
"defaultValue": "Managed identity should be used in function apps", | ||
"type": "String" | ||
} | ||
}, | ||
"triggers": { | ||
"When_an_Azure_Security_Center_Recommendation_is_created_or_triggered": { | ||
"type": "ApiConnectionWebhook", | ||
"inputs": { | ||
"body": { | ||
"callback_url": "@{listCallbackUrl()}" | ||
}, | ||
"host": { | ||
"connection": { | ||
"name": "@parameters('$connections')['ascassessment']['connectionId']" | ||
} | ||
}, | ||
"path": "/Microsoft.Security/Assessment/subscribe" | ||
} | ||
} | ||
}, | ||
"actions": { | ||
"Condition_resource_is_in_Azure": { | ||
"actions": { | ||
"Condition_match_recommendation_name": { | ||
"actions": { | ||
|
||
"HTTP_Add_System_Managed_Identity": { | ||
"runAfter": {}, | ||
"type": "Http", | ||
"inputs": { | ||
"authentication": { | ||
"audience": "https://management.azure.com", | ||
"type": "ManagedServiceIdentity" | ||
}, | ||
"body": { | ||
"identity": { | ||
"type": "SystemAssigned" | ||
} | ||
}, | ||
"method": "PATCH", | ||
"uri": "https://management.azure.com/@{triggerBody()?['properties']?['resourceDetails']?['id']}?@{parameters('apiversion')}" | ||
} | ||
} | ||
}, | ||
"runAfter": {}, | ||
"else": { | ||
"actions": { | ||
"Terminate_wrong_recommendation": { | ||
"runAfter": {}, | ||
"type": "Terminate", | ||
"inputs": { | ||
"runError": { | ||
"message": "Recomendation @{triggerBody()?['properties']?['displayName']} does not match with remediation steps. Please select correct remediation" | ||
}, | ||
"runStatus": "Failed" | ||
} | ||
} | ||
} | ||
}, | ||
"expression": { | ||
"and": [ | ||
{ | ||
"equals": [ | ||
"@triggerBody()?['properties']?['displayName']", | ||
"@parameters('recomendationName')" | ||
] | ||
} | ||
] | ||
}, | ||
"type": "If" | ||
} | ||
}, | ||
"runAfter": {}, | ||
"else": { | ||
"actions": { | ||
"Terminate_wrong_cloud": { | ||
"runAfter": {}, | ||
"type": "Terminate", | ||
"inputs": { | ||
"runError": { | ||
"message": "This function is designed to remediate resources in @{triggerBody()?['properties']?['resourceDetails']?['source']}. Please select appropriate remediation process for other clouds" | ||
}, | ||
"runStatus": "Failed" | ||
} | ||
} | ||
} | ||
}, | ||
"expression": { | ||
"and": [ | ||
{ | ||
"equals": [ | ||
"@triggerBody()?['properties']?['resourceDetails']?['source']", | ||
"Azure" | ||
] | ||
} | ||
] | ||
}, | ||
"type": "If" | ||
} | ||
}, | ||
"outputs": {} | ||
}, | ||
"parameters": { | ||
"$connections": { | ||
"value": { | ||
"ascassessment": { | ||
|
||
"connectionId": "[resourceId('Microsoft.Web/connections',variables('connectionName'))]", | ||
"connectionName": "[variables('connectionName')]", | ||
"id": "[subscriptionResourceId('Microsoft.Web/locations/managedApis', resourceGroup().location, 'ascassessment')]" | ||
} | ||
} | ||
} | ||
} | ||
} | ||
} | ||
] | ||
} |
20 changes: 20 additions & 0 deletions
20
...on scripts/Managed identity should be used in function apps/Logic App/readme.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
# Logic Apps sample playbook to remediate | ||
|
||
This sample playbook allows you to remediate TLS verion of Azure Function following "TLS should be updated to the latest version for function apps" Microsoft Defender for Cloud recomendations. | ||
The playbook leverages a "Managed Identity" which needs to be configured after deployment. This "Managed Identity" also requires the appropriate permissions on the resources that you would like to remediate. | ||
|
||
[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fnoendscripting%2FMicrosoft-Defender-for-Cloud%2Fmain%2FRemediation%20scripts%2FTLS%20should%20be%20updated%20to%20the%20latest%20version%20for%20function%20apps%2FLogic%20App%2Fmdc-logicapp-LatestTLS-template.json) | ||
|
||
# Contributing | ||
|
||
This project welcomes contributions and suggestions. Most contributions require you to agree to a | ||
Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us | ||
the rights to use your contribution. For details, visit https://cla.microsoft.com. | ||
|
||
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide | ||
a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions | ||
provided by the bot. You will only need to do this once across all repos using our CLA. | ||
|
||
This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). | ||
For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or | ||
contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. |