forked from tenable/Azure-Sentinel
-
Notifications
You must be signed in to change notification settings - Fork 0
/
deploy.json
53 lines (53 loc) · 1.83 KB
/
deploy.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
{
"properties": {
"immutableId": "dcr-921991fa23a644c599ed829572aa35b5",
"dataSources": {
"windowsEventLogs": [
{
"streams": [
"Microsoft-WindowsEvent"
],
"xPathQueries": [
"ForwardedEvents!*"
],
"name": "eventLogsDataSource"
}
]
},
"destinations": {
"logAnalytics": [
{
"workspaceResourceId": "/subscriptions/78ffdd91-611e-402f-8a7e-7ab0b209b7c6/resourceGroups/3pdatasample/providers/Microsoft.OperationalInsights/workspaces/3p-test-customdata",
"workspaceId": "6b57e303-6aa4-4f18-b3ba-b2f816756897",
"name": "DataCollectionEvent"
}
]
},
"dataFlows": [
{
"streams": [
"Microsoft-WindowsEvent"
],
"destinations": [
"DataCollectionEvent"
]
}
],
"provisioningState": "Succeeded"
},
"location": "eastus2",
"tags": {},
"kind": "Windows",
"id": "/subscriptions/de5fb112-5d5d-42d4-a9ea-5f3b1359c6a6/resourceGroups/yuvalnaor-rg/providers/Microsoft.Insights/dataCollectionRules/sysmon-flow",
"name": "sysmon-flow",
"type": "Microsoft.Insights/dataCollectionRules",
"etag": "\"f7012089-0000-0200-0000-6124bf910000\"",
"systemData": {
"createdBy": "[email protected]",
"createdByType": "User",
"createdAt": "2021-08-24T09:44:49.4703581Z",
"lastModifiedBy": "[email protected]",
"lastModifiedByType": "User",
"lastModifiedAt": "2021-08-24T09:44:49.4703581Z"
}
}