JSON compareHide
compare mode:
side-by-side
line-by-line
version left: 4.0.1 4.0.0 3.0.0 2.0.0 1.0.0
version right: 4.1.0 4.0.1 4.0.0 3.0.0 2.0.0 1.0.0
@@ -1,11 +1,11 @@
1
{
2
-
"displayName": "Deploy export to Log Analytics workspace for Azure Security Center data",
3
"policyType": "BuiltIn",
4
"mode": "All",
5
-
"description": "Enable export to Log Analytics workspace of Azure Security Center data. This policy deploys an export to Log Analytics workspace configuration with your conditions and target workspace on the assigned scope. To deploy this policy on newly created subscriptions, open the Compliance tab, select the relevant non-compliant assignment and create a remediation task.",
6
"metadata": {
7
-
"version": "4.0.1",
8
"category": "Security Center"
9
},
10
"parameters": {
11
"resourceGroupName": {
@@ -48,9 +48,11 @@
48
"Secure score controls",
49
"Regulatory compliance",
50
"Overall secure score - snapshot",
51
"Secure score controls - snapshot",
52
-
"Regulatory compliance - snapshot"
53
],
54
"defaultValue": [
55
"Security recommendations",
56
"Security alerts",
@@ -58,9 +60,11 @@
58
"Secure score controls",
59
"Regulatory compliance",
60
"Overall secure score - snapshot",
61
"Secure score controls - snapshot",
62
-
"Regulatory compliance - snapshot"
63
]
64
},
65
"recommendationNames": {
66
"type": "Array",
@@ -273,8 +277,32 @@
273
"value": "[current('dataType')]",
274
"equals": "Regulatory compliance - snapshot"
275
}
276
]
277
}
278
]
279
}
280
},
@@ -355,9 +383,11 @@
355
"Secure score controls": "SecureScoreControls",
356
"Regulatory compliance": "RegulatoryComplianceAssessment",
357
"Overall secure score - snapshot": "SecureScoresSnapshot",
358
"Secure score controls - snapshot": "SecureScoreControlsSnapshot",
359
-
"Regulatory compliance - snapshot": "RegulatoryComplianceAssessmentSnapshot"
360
},
361
"alertSeverityMap": {
362
"High": "high",
363
"Medium": "medium",
@@ -475,9 +505,11 @@
475
"Secure score controls": "[variables('ruleSetsForSecureScoreControlsObj')]",
476
"Regulatory compliance": "[variables('ruleSetsForSecureRegulatoryComplianceObj')]",
477
"Overall secure score - snapshot": null,
478
"Secure score controls - snapshot": "[variables('ruleSetsForSecureScoreControlsObj')]",
479
-
"Regulatory compliance - snapshot": "[variables('ruleSetsForSecureRegulatoryComplianceObj')]"
480
},
481
"sourcesWithoutSubAssessments": {
482
"copy": [
483
{
1
{
2
+
"displayName": "Deploy export to Log Analytics workspace for Microsoft Defender for Cloud data",
3
"policyType": "BuiltIn",
4
"mode": "All",
5
+
"description": "Enable export to Log Analytics workspace of Microsoft Defender for Cloud data. This policy deploys an export to Log Analytics workspace configuration with your conditions and target workspace on the assigned scope. To deploy this policy on newly created subscriptions, open the Compliance tab, select the relevant non-compliant assignment and create a remediation task.",
6
"metadata": {
7
+
"version": "4.1. 0",
8
"category": "Security Center"
9
},
10
"parameters": {
11
"resourceGroupName": {
48
"Secure score controls",
49
"Regulatory compliance",
50
"Overall secure score - snapshot",
51
"Secure score controls - snapshot",
52
+
"Regulatory compliance - snapshot",
53
+
"Security recommendations - snapshot",
54
+
"Security findings - snapshot"
55
],
56
"defaultValue": [
57
"Security recommendations",
58
"Security alerts",
60
"Secure score controls",
61
"Regulatory compliance",
62
"Overall secure score - snapshot",
63
"Secure score controls - snapshot",
64
+
"Regulatory compliance - snapshot",
65
+
"Security recommendations - snapshot",
66
+
"Security findings - snapshot"
67
]
68
},
69
"recommendationNames": {
70
"type": "Array",
277
"value": "[current('dataType')]",
278
"equals": "Regulatory compliance - snapshot"
279
}
280
]
281
+
},
282
+
{
283
+
"allOf": [
284
+
{
285
+
"field": "Microsoft.Security/automations/sources[*].eventSource",
286
+
"equals": "AssessmentsSnapshot"
287
+
},
288
+
{
289
+
"value": "[current('dataType')]",
290
+
"equals": "Security recommendations - snapshot"
291
+
}
292
+
]
293
+
},
294
+
{
295
+
"allOf": [
296
+
{
297
+
"field": "Microsoft.Security/automations/sources[*].eventSource",
298
+
"equals": "SubAssessmentsSnapshot"
299
+
},
300
+
{
301
+
"value": "[current('dataType')]",
302
+
"equals": "Security findings - snapshot"
303
+
}
304
+
]
305
}
306
]
307
}
308
},
383
"Secure score controls": "SecureScoreControls",
384
"Regulatory compliance": "RegulatoryComplianceAssessment",
385
"Overall secure score - snapshot": "SecureScoresSnapshot",
386
"Secure score controls - snapshot": "SecureScoreControlsSnapshot",
387
+
"Regulatory compliance - snapshot": "RegulatoryComplianceAssessmentSnapshot",
388
+
"Security recommendations - snapshot": "AssessmentsSnapshot",
389
+
"Security findings - snapshot": "SubAssessmentsSnapshot"
390
},
391
"alertSeverityMap": {
392
"High": "high",
393
"Medium": "medium",
505
"Secure score controls": "[variables('ruleSetsForSecureScoreControlsObj')]",
506
"Regulatory compliance": "[variables('ruleSetsForSecureRegulatoryComplianceObj')]",
507
"Overall secure score - snapshot": null,
508
"Secure score controls - snapshot": "[variables('ruleSetsForSecureScoreControlsObj')]",
509
+
"Regulatory compliance - snapshot": "[variables('ruleSetsForSecureRegulatoryComplianceObj')]",
510
+
"Security recommendations - snapshot": "[variables('ruleSetsForAssessmentsObj').ruleSetsForAssessmentsArr]",
511
+
"Security findings - snapshot": "[variables('ruleSetsForSubAssessmentsObj')]"
512
},
513
"sourcesWithoutSubAssessments": {
514
"copy": [
515
{
JSON
api-version=2021-06-01
Copy definition Copy definition 4 EPAC EPAC
{ 7 items displayName: "Deploy export to Log Analytics workspace for Microsoft Defender for Cloud data" , policyType: "BuiltIn" , mode: "All" , description: "Enable export to Log Analytics workspace of Microsoft Defender for Cloud data. This policy deploys an export to Log Analytics workspace configuration with your conditions and target workspace on the assigned scope. To deploy this policy on newly created subscriptions, open the Compliance tab, select the relevant non-compliant assignment and create a remediation task." , metadata: { 2 items version: "4.1.0" , category: "Security Center" } , parameters: { 11 items resourceGroupName: { 2 items type: "String" , metadata: { 2 items displayName: "Resource group name" , description: "The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured." } } , resourceGroupLocation: { 2 items type: "String" , metadata: { 3 items displayName: "Resource group location" , description: "The location where the resource group and the export to Log Analytics workspace configuration are created." , strongType: "location" } } , createResourceGroup: { 4 items type: "Boolean" , metadata: { 2 items displayName: "Create resource group" , description: "If a resource group does not exists in the scope, a new resource group will be created. If the resource group exists and this flag is set to 'true' the policy will re-deploy the resource group. Please note this will reset any Azure Tag on the resource group." } , allowedValues: [ 2 items ] , defaultValue: true } , exportedDataTypes: { 4 items type: "Array" , metadata: { 2 items displayName: "Exported data types" , description: "The data types to be exported. To export a snapshot (preview) of the data once a week, choose the data types which contains 'snapshot', other data types will be sent in real-time streaming." } , allowedValues: [ 10 items "Security recommendations" , "Security alerts" , "Overall secure score" , "Secure score controls" , "Regulatory compliance" , "Overall secure score - snapshot" , "Secure score controls - snapshot" , "Regulatory compliance - snapshot" , "Security recommendations - snapshot" , "Security findings - snapshot" ] , defaultValue: [ 10 items "Security recommendations" , "Security alerts" , "Overall secure score" , "Secure score controls" , "Regulatory compliance" , "Overall secure score - snapshot" , "Secure score controls - snapshot" , "Regulatory compliance - snapshot" , "Security recommendations - snapshot" , "Security findings - snapshot" ] } , recommendationNames: { 3 items type: "Array" , metadata: { 2 items displayName: "Recommendation IDs" , description: "Applicable only for export of security recommendations. To export all recommendations, leave this empty. To export specific recommendations, enter a list of recommendation IDs separated by semicolons (';'). Recommendation IDs are available through the Assessments API (https://docs.microsoft.com/rest/api/securitycenter/assessments), or Azure Resource Graph Explorer, choose securityresources and microsoft.security/assessments." } , defaultValue : [] } , recommendationSeverities: { 4 items } , isSecurityFindingsEnabled: { 4 items type: "Boolean" , metadata: { 2 items displayName: "Include security findings" , description: "Security findings are results from vulnerability assessment solutions, and can be thought of as 'sub' recommendations grouped into a 'parent' recommendation." } , allowedValues: [ 2 items ] , defaultValue: true } , secureScoreControlsNames: { 3 items type: "Array" , metadata: { 2 items displayName: "Secure Score Controls IDs" , description: "Applicable only for export of secure score controls. To export all secure score controls, leave this empty. To export specific secure score controls, enter a list of secure score controls IDs separated by semicolons (';'). Secure score controls IDs are available through the Secure score controls API (https://docs.microsoft.com/rest/api/securitycenter/securescorecontrols), or Azure Resource Graph Explorer, choose securityresources and microsoft.security/securescores/securescorecontrols." } , defaultValue : [] } , alertSeverities: { 4 items } , regulatoryComplianceStandardsNames: { 3 items type: "Array" , metadata: { 2 items displayName: "Regulatory compliance standards names" , description: "Applicable only for export of regulatory compliance. To export all regulatory compliance, leave this empty. To export specific regulatory compliance standards, enter a list of these standards names separated by semicolons (';'). Regulatory compliance standards names are available through the regulatory compliance standards API (https://docs.microsoft.com/rest/api/securitycenter/regulatorycompliancestandards), or Azure Resource Graph Explorer, choose securityresources and microsoft.security/regulatorycompliancestandards." } , defaultValue : [] } , workspaceResourceId: { 2 items type: "String" , metadata: { 4 items displayName: "Log Analytics workspace" , description: "The Log Analytics workspace of where the data should be exported to." , strongType: "Microsoft.OperationalInsights/workspaces" , assignPermissions: true } } } , policyRule: { 2 items if: { 2 items field: "type" , equals: "Microsoft.Resources/subscriptions" } , then: { 2 items effect: "deployIfNotExists" , details: { 8 items type: "Microsoft.Security/automations" , name: "ExportToWorkspace" , existenceScope: "resourcegroup" , ResourceGroupName: "[parameters('resourceGroupName')]" , deploymentScope: "subscription" , roleDefinitionIds: [ 1 item "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" Contributor ] , existenceCondition: { 1 item allOf: [ 3 items { 2 items field: "Microsoft.Security/automations/isEnabled" , equals: true } , { 2 items count: { 1 item field: "Microsoft.Security/automations/sources[*]" } , equals: 🔍 "[
if(
parameters('isSecurityFindingsEnabled'),
add(
length(
parameters('exportedDataTypes')
),
1
),
length(
parameters('exportedDataTypes')
)
)
]" } , { 2 items count: { 3 items value: "[parameters('exportedDataTypes')]" , name: "dataType" , where: { 2 items count: { 2 items field: "Microsoft.Security/automations/sources[*]" , where: { 1 item anyOf: [ 10 items { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Security/automations/sources[*].eventSource" , equals: "Assessments" } , { 2 items value: 🔍 "[
current(
'dataType'
)
]", equals: "Security recommendations" } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Security/automations/sources[*].eventSource" , equals: "Alerts" } , { 2 items value: 🔍 "[
current(
'dataType'
)
]", equals: "Security alerts" } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Security/automations/sources[*].eventSource" , equals: "SecureScores" } , { 2 items value: 🔍 "[
current(
'dataType'
)
]", equals: "Overall secure score" } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Security/automations/sources[*].eventSource" , equals: "SecureScoreControls" } , { 2 items value: 🔍 "[
current(
'dataType'
)
]", equals: "Secure score controls" } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Security/automations/sources[*].eventSource" , equals: "RegulatoryComplianceAssessment" } , { 2 items value: 🔍 "[
current(
'dataType'
)
]", equals: "Regulatory compliance" } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Security/automations/sources[*].eventSource" , equals: "SecureScoresSnapshot" } , { 2 items value: 🔍 "[
current(
'dataType'
)
]", equals: "Overall secure score - snapshot" } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Security/automations/sources[*].eventSource" , equals: "SecureScoreControlsSnapshot" } , { 2 items value: 🔍 "[
current(
'dataType'
)
]", equals: "Secure score controls - snapshot" } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Security/automations/sources[*].eventSource" , equals: "RegulatoryComplianceAssessmentSnapshot" } , { 2 items value: 🔍 "[
current(
'dataType'
)
]", equals: "Regulatory compliance - snapshot" } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Security/automations/sources[*].eventSource" , equals: "AssessmentsSnapshot" } , { 2 items value: 🔍 "[
current(
'dataType'
)
]", equals: "Security recommendations - snapshot" } ] } , { 1 item allOf: [ 2 items { 2 items field: "Microsoft.Security/automations/sources[*].eventSource" , equals: "SubAssessmentsSnapshot" } , { 2 items value: 🔍 "[
current(
'dataType'
)
]", equals: "Security findings - snapshot" } ] } ] } } , equals: 1 } } , equals: 🔍 "[
length(
parameters('exportedDataTypes')
)
]" } ] } , deployment: { 2 items location: "westeurope" , properties: { 3 items mode: "incremental" , template: { 5 items $schema: "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#" , contentVersion: "1.0.0.0" , parameters: { 12 items resourceGroupName: { 1 item } , resourceGroupLocation: { 1 item } , createResourceGroup: { 1 item } , exportedDataTypes: { 1 item } , isSecurityFindingsEnabled: { 1 item } , recommendationNames: { 1 item } , recommendationSeverities: { 1 item } , alertSeverities: { 1 item } , secureScoreControlsNames: { 1 item } , regulatoryComplianceStandardsNames: { 1 item } , workspaceResourceId: { 1 item } , guidValue: { 2 items type: "string" , defaultValue: "[newGuid()]" } } , variables: { 31 items scopeDescription: "scope for subscription {0}" , subAssessmentRuleExpectedValue: "/assessments/{0}/" , recommendationNamesLength: 🔍 "[
length(
parameters('recommendationNames')
)
]", secureScoreControlsNamesLength: 🔍 "[
length(
parameters('secureScoreControlsNames')
)
]", secureScoreControlsLengthIfEmpty: 🔍 "[
if(
equals(
variables(
'secureScoreControlsNamesLength'
),
0
),
1,
variables(
'secureScoreControlsNamesLength'
)
)
]", regulatoryComplianceStandardsNamesLength: 🔍 "[
length(
parameters('regulatoryComplianceStandardsNames')
)
]", regulatoryComplianceStandardsNamesLengthIfEmpty: 🔍 "[
if(
equals(
variables(
'regulatoryComplianceStandardsNamesLength'
),
0
),
1,
variables(
'regulatoryComplianceStandardsNamesLength'
)
)
]", recommendationSeveritiesLength: 🔍 "[
length(
parameters('recommendationSeverities')
)
]", alertSeveritiesLength: 🔍 "[
length(
parameters('alertSeverities')
)
]", recommendationNamesLengthIfEmpty: 🔍 "[
if(
equals(
variables(
'recommendationNamesLength'
),
0
),
1,
variables(
'recommendationNamesLength'
)
)
]", recommendationSeveritiesLengthIfEmpty: 🔍 "[
if(
equals(
variables(
'recommendationSeveritiesLength'
),
0
),
1,
variables(
'recommendationSeveritiesLength'
)
)
]", alertSeveritiesLengthIfEmpty: 🔍 "[
if(
equals(
variables(
'alertSeveritiesLength'
),
0
),
1,
variables(
'alertSeveritiesLength'
)
)
]", totalRuleCombinationsForOneRecommendationName: "[variables('recommendationSeveritiesLengthIfEmpty')]" , totalRuleCombinationsForOneRecommendationSeverity: 1 , exportedDataTypesLength: 🔍 "[
length(
parameters('exportedDataTypes')
)
]", exportedDataTypesLengthIfEmpty: 🔍 "[
if(
equals(
variables(
'exportedDataTypesLength'
),
0
),
1,
variables(
'exportedDataTypesLength'
)
)
]", dataTypeMap: { 10 items Security recommendations: "Assessments" , Security alerts: "Alerts" , Overall secure score: "SecureScores" , Secure score controls: "SecureScoreControls" , Regulatory compliance: "RegulatoryComplianceAssessment" , Overall secure score - snapshot: "SecureScoresSnapshot" , Secure score controls - snapshot: "SecureScoreControlsSnapshot" , Regulatory compliance - snapshot: "RegulatoryComplianceAssessmentSnapshot" , Security recommendations - snapshot: "AssessmentsSnapshot" , Security findings - snapshot: "SubAssessmentsSnapshot" } , alertSeverityMap: { 3 items High: "high" , Medium: "medium" , Low: "low" } , ruleSetsForAssessmentsObj: { 1 item copy: [ 1 item { 3 items name: "ruleSetsForAssessmentsArr" , count: 🔍 "[
mul(
variables(
'recommendationNamesLengthIfEmpty'
),
variables(
'recommendationSeveritiesLengthIfEmpty'
)
)
]", input: { 1 item rules: [ 2 items { 4 items propertyJPath: 🔍 "[
if(
equals(
variables(
'recommendationNamesLength'
),
0
),
'type',
'name'
)
]", propertyType: "string" , expectedValue: 🔍 "[
if(
equals(
variables(
'recommendationNamesLength'
),
0
),
'Microsoft.Security/assessments',
parameters('recommendationNames')[
mod(
div(
copyIndex(
'ruleSetsForAssessmentsArr'
),
variables(
'totalRuleCombinationsForOneRecommendationName'
)
),
variables(
'recommendationNamesLength'
)
)
]
)
]", operator: "Contains" } , { 4 items propertyJPath: "properties.metadata.severity" , propertyType: "string" , expectedValue: "[parameters('recommendationSeverities')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationSeverity')),variables('recommendationSeveritiesLength'))]]" , operator: "Equals" } ] } } ] } , customRuleSetsForSubAssessmentsObj: { 1 item copy: [ 1 item { 3 items name: "ruleSetsForSubAssessmentsArr" , count: "[variables('recommendationNamesLengthIfEmpty')]" , input: { 1 item rules: [ 1 item { 4 items propertyJPath: "id" , propertyType: "string" , expectedValue: 🔍 "[
if(
equals(
variables(
'recommendationNamesLength'
),
0
),
json(
'null'
),
replace(
variables(
'subAssessmentRuleExpectedValue'
),
'{
0
}',
parameters('recommendationNames')[
copyIndex(
'ruleSetsForSubAssessmentsArr'
)
]
)
)
]", operator: "Contains" } ] } } ] } , ruleSetsForAlertsObj: { 1 item copy: [ 1 item { 3 items name: "ruleSetsForAlertsArr" , count: "[variables('alertSeveritiesLengthIfEmpty')]" , input: { 1 item rules: [ 1 item { 4 items propertyJPath: "Severity" , propertyType: "string" , expectedValue: "[variables('alertSeverityMap')[parameters('alertSeverities')[mod(copyIndex('ruleSetsForAlertsArr'),variables('alertSeveritiesLengthIfEmpty'))]]]" , operator: "Equals" } ] } } ] } , customRuleSetsForSecureScoreControlsObj: { 1 item copy: [ 1 item { 3 items name: "ruleSetsForSecureScoreControlsArr" , count: "[variables('secureScoreControlsLengthIfEmpty')]" , input: { 1 item rules: [ 1 item { 4 items propertyJPath: "name" , propertyType: "string" , expectedValue: 🔍 "[
if(
equals(
variables(
'secureScoreControlsNamesLength'
),
0
),
json(
'null'
),
parameters('secureScoreControlsNames')[
copyIndex(
'ruleSetsForSecureScoreControlsArr'
)
]
)
]", operator: "Equals" } ] } } ] } , customRuleSetsForRegulatoryComplianceObj: { 1 item copy: [ 1 item { 3 items name: "ruleSetsForRegulatoryCompliancArr" , count: "[variables('regulatoryComplianceStandardsNamesLengthIfEmpty')]" , input: { 1 item rules: [ 1 item { 4 items propertyJPath: "id" , propertyType: "string" , expectedValue: 🔍 "[
if(
equals(
variables(
'regulatoryComplianceStandardsNamesLength'
),
0
),
json(
'null'
),
parameters('regulatoryComplianceStandardsNames')[
copyIndex(
'ruleSetsForRegulatoryCompliancArr'
)
]
)
]", operator: "Contains" } ] } } ] } , ruleSetsForSecureScoreControlsObj: 🔍 "[
if(
equals(
variables(
'secureScoreControlsNamesLength'
),
0
),
json(
'null'
),
variables(
'customRuleSetsForSecureScoreControlsObj'
).ruleSetsForSecureScoreControlsArr
)
]", ruleSetsForSecureRegulatoryComplianceObj: 🔍 "[
if(
equals(
variables(
'regulatoryComplianceStandardsNamesLength'
),
0
),
json(
'null'
),
variables(
'customRuleSetsForRegulatoryComplianceObj'
).ruleSetsForRegulatoryCompliancArr
)
]", ruleSetsForSubAssessmentsObj: 🔍 "[
if(
equals(
variables(
'recommendationNamesLength'
),
0
),
json(
'null'
),
variables(
'customRuleSetsForSubAssessmentsObj'
).ruleSetsForSubAssessmentsArr
)
]", subAssessmentSource: [ 1 item { 2 items eventSource: "SubAssessments" , ruleSets: "[variables('ruleSetsForSubAssessmentsObj')]" } ] , ruleSetsMap: { 10 items Security recommendations: "[variables('ruleSetsForAssessmentsObj').ruleSetsForAssessmentsArr]" , Security alerts: "[variables('ruleSetsForAlertsObj').ruleSetsForAlertsArr]" , Overall secure score: null , Secure score controls: "[variables('ruleSetsForSecureScoreControlsObj')]" , Regulatory compliance: "[variables('ruleSetsForSecureRegulatoryComplianceObj')]" , Overall secure score - snapshot: null , Secure score controls - snapshot: "[variables('ruleSetsForSecureScoreControlsObj')]" , Regulatory compliance - snapshot: "[variables('ruleSetsForSecureRegulatoryComplianceObj')]" , Security recommendations - snapshot: "[variables('ruleSetsForAssessmentsObj').ruleSetsForAssessmentsArr]" , Security findings - snapshot: "[variables('ruleSetsForSubAssessmentsObj')]" } , sourcesWithoutSubAssessments: { 1 item copy: [ 1 item { 3 items name: "sources" , count: "[variables('exportedDataTypesLengthIfEmpty')]" , input: { 2 items eventSource: "[variables('dataTypeMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]" , ruleSets: "[variables('ruleSetsMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]" } } ] } , sourcesWithSubAssessments: 🔍 "[
concat(
variables(
'subAssessmentSource'
),
variables(
'sourcesWithoutSubAssessments'
).sources
)
]", sources: 🔍 "[
if(
equals(
parameters('isSecurityFindingsEnabled'),
bool(
'true'
)
),
variables(
'sourcesWithSubAssessments'
),
variables(
'sourcesWithoutSubAssessments'
).sources
)
]" } , resources: [ 2 items { 5 items condition: "[parameters('createResourceGroup')]" , name: "[parameters('resourceGroupName')]" , type: "Microsoft.Resources/resourceGroups" , apiVersion: "2019-10-01" , location: "[parameters('resourceGroupLocation')]" } , { 6 items type: "Microsoft.Resources/deployments" , apiVersion: "2019-10-01" , name: 🔍 "[
concat(
'nestedAutomationDeployment',
'_',
parameters('guidValue')
)
]", resourceGroup: "[parameters('resourceGroupName')]" , dependsOn: [ 1 item 🔍 "[
resourceId(
'Microsoft.Resources/resourceGroups/',
parameters('resourceGroupName')
)
]"] , properties: { 2 items mode: "Incremental" , template: { 5 items $schema: "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" , contentVersion: "1.0.0.0" , parameters : {} , variables : {} , resources: [ 1 item { 7 items tags : {} , apiVersion: "2019-01-01-preview" , location: "[parameters('resourceGroupLocation')]" , name: "ExportToWorkspace" , type: "Microsoft.Security/automations" , dependsOn : [] , properties: { 5 items description: "Export Microsoft Defender for Cloud data to Log Analytics workspace via policy" , isEnabled: true , scopes: [ 1 item { 2 items description: 🔍 "[
replace(
variables(
'scopeDescription'
),
'{
0
}',
subscription().subscriptionId
)
]", scopePath: "[subscription().id]" } ] , sources: "[variables('sources')]" , actions: [ 1 item { 2 items actionType: "Workspace" , workspaceResourceId: "[parameters('workspaceResourceId')]" } ] } } ] } } } ] } , parameters: { 11 items resourceGroupName: { 1 item value: "[parameters('resourceGroupName')]" } , resourceGroupLocation: { 1 item value: "[parameters('resourceGroupLocation')]" } , createResourceGroup: { 1 item value: "[parameters('createResourceGroup')]" } , exportedDataTypes: { 1 item value: "[parameters('exportedDataTypes')]" } , isSecurityFindingsEnabled: { 1 item value: "[parameters('isSecurityFindingsEnabled')]" } , recommendationNames: { 1 item value: "[parameters('recommendationNames')]" } , secureScoreControlsNames: { 1 item value: "[parameters('secureScoreControlsNames')]" } , recommendationSeverities: { 1 item value: "[parameters('recommendationSeverities')]" } , alertSeverities: { 1 item value: "[parameters('alertSeverities')]" } , regulatoryComplianceStandardsNames: { 1 item value: "[parameters('regulatoryComplianceStandardsNames')]" } , workspaceResourceId: { 1 item value: "[parameters('workspaceResourceId')]" } } } } } } } }