terraform-azure-sentinel

It supports creating:

• Azure Log Analytics Workspace
• Azure Sentinel Solution enabled on the Workspace

Usage Examples

You can go to the tests folder, or review the examples folder: examples

Deployment

Perform the following commands on the root folder:

• terraform init to get the plugins
• terraform plan to see the infrastructure plan
• terraform apply to apply the infrastructure build
• terraform destroy to destroy the built infrastructure

< use terraform-docs to create Inputs and Outpus documentation > terraform-docs

terraform-docs markdown .

Requirements

Installed Software

The following dependencies must be installed on the development system:

• Terraform

Azure

• Terraform Provider for Azure
• CLI Tool az

Permissions

In order to deploy Azure Sentinel connectors certain additional roles and permissions may be required depending on the connector deployed. In the advanced test the Office 365 connector is deployed and the service principal used needs to be a memebr of the 'Global Administrator' or 'Securtiy Administraotr' role in the tenant for this to be enabled successfully with terraform

Providers

Name	Version
azurerm	n/a

Modules

No modules.

Resources

Name	Type
azurerm_log_analytics_solution.sentinel	resource
azurerm_log_analytics_workspace.sentinel	resource
azurerm_resource_group.sentinel	data source

Inputs

Name	Description	Type	Default	Required
log_analytics_workspace_name	Name of log analytics workspace to be created for Sentinel storage	string	n/a	yes
log_analytics_workspace_retention	Retention period in days to retain data in the log analytics workspace	string	"30"	no
resource_group_name	Name of the resource group to be imported.	string	n/a	yes

Outputs

Name	Description
log_analytics_workspace_id	The log analytics workspace id that is created and setup for Sentinel

Contributing

Refer to the contribution guidelines for information on contributing to this module.