It supports creating:
- Azure Log Analytics Workspace
- Azure Sentinel Solution enabled on the Workspace
You can go to the tests folder, or review the examples folder: examples
Perform the following commands on the root folder:
terraform init
to get the pluginsterraform plan
to see the infrastructure planterraform apply
to apply the infrastructure buildterraform destroy
to destroy the built infrastructure
< use terraform-docs to create Inputs and Outpus documentation > terraform-docs
terraform-docs markdown .
The following dependencies must be installed on the development system:
Azure
- Terraform Provider for Azure
- CLI Tool az
In order to deploy Azure Sentinel connectors certain additional roles and permissions may be required depending on the connector deployed. In the advanced test the Office 365 connector is deployed and the service principal used needs to be a memebr of the 'Global Administrator' or 'Securtiy Administraotr' role in the tenant for this to be enabled successfully with terraform
Name | Version |
---|---|
azurerm | n/a |
No modules.
Name | Type |
---|---|
azurerm_log_analytics_solution.sentinel | resource |
azurerm_log_analytics_workspace.sentinel | resource |
azurerm_resource_group.sentinel | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
log_analytics_workspace_name | Name of log analytics workspace to be created for Sentinel storage | string |
n/a | yes |
log_analytics_workspace_retention | Retention period in days to retain data in the log analytics workspace | string |
"30" |
no |
resource_group_name | Name of the resource group to be imported. | string |
n/a | yes |
Name | Description |
---|---|
log_analytics_workspace_id | The log analytics workspace id that is created and setup for Sentinel |
Refer to the contribution guidelines for information on contributing to this module.