Sentinel Playground - Bicep Edition
Sentinel Playground is a project that aims to speed up deployment and configuration tasks of a Sentinel Lab/Demo environment, including sample content and Bicep Templates. This project seeks to use Bicep only.
Overview
The following components can be deployed/configured:
- resource group
- Log Analytics workspace + Sentinel solution
- Log Analytics workspace config (retention, daily cap)
- Sentinel config (UEBA, Anomalies)
- Sentinel data connectors
- Azure Activity
- Azure Active Directory
- Defender 365 incidents
- demo playbook (with a user-assigned Managed Identity + required permissions)
- Sentinel permissions to trigger playbooks
- Sentinel Content (including Bicep templates)
- analytics rule
- automation rule
- log query (in a query pack)
- watchlist (with CSV-support)
- all analytics rules for Azure Activity and Azure Active Directory are enabled
You can find the ReadMe including Deployment Instructions in my public repository here.
I will explain some of the key elements in seperate Blog Posts:
- Deployment Scripts + user-assigned Managed Identities
- Modules and reusablitly
- API Connections + Logic Apps
- Watchlists + CSV Files
- UI Wizard
- Outputs and Conditions