-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmain.bicep
131 lines (113 loc) · 4.15 KB
/
main.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
targetScope = 'subscription'
// Parameters
param deploymentParams object
param rgParams object
param storageAccountParams object
param logAnalyticsWorkspaceParams object
param dceParams object
param vnetParams object
param vmParams object
param brandTags object
var location = deploymentParams.location
var rgName = '${deploymentParams.enterprise_name}_${deploymentParams.enterprise_name_suffix}_${deploymentParams.global_uniqueness}'
param dateNow string = utcNow('yyyy-MM-dd-hh-mm')
param tags object = union(brandTags, {last_deployed:dateNow})
// Create Resource Group
module r_rg 'modules/resource_group/create_rg.bicep' = {
name: rgName
params: {
rgName: rgName
location: location
tags:tags
}
}
// Crate VNets
module r_vnet 'modules/vnet/create_vnet.bicep' = {
scope: resourceGroup(r_rg.name)
name: '${vnetParams.vnetNamePrefix}_${deploymentParams.global_uniqueness}_Vnet'
params: {
deploymentParams:deploymentParams
vnetParams:vnetParams
tags: tags
}
dependsOn: [
r_rg
]
}
// Create Virtual Machine
module r_vm 'modules/vm/create_vm.bicep' = {
scope: resourceGroup(r_rg.name)
name: '${vmParams.vmNamePrefix}_${deploymentParams.global_uniqueness}_Vm'
params: {
deploymentParams:deploymentParams
vmParams: vmParams
vnetName: r_vnet.outputs.vnetName
dataCollectionEndpointId: r_dataCollectionEndpoint.outputs.DataCollectionEndpointId
dataCollectionRuleId: r_dataCollectionRule.outputs.dataCollectionRuleId
tags: tags
}
dependsOn: [
r_vnet
]
}
// Create the Log Analytics Workspace
module r_logAnalyticsWorkspace 'modules/monitor/log_analytics_workspace.bicep' = {
scope: resourceGroup(r_rg.name)
name: '${logAnalyticsWorkspaceParams.workspaceName}_${deploymentParams.global_uniqueness}_La'
params: {
deploymentParams:deploymentParams
logAnalyticsWorkspaceParams: logAnalyticsWorkspaceParams
tags: tags
}
}
// Create Data Collection Endpoint
module r_dataCollectionEndpoint 'modules/monitor/data_collection_endpoint.bicep' = {
scope: resourceGroup(r_rg.name)
name: '${dceParams.endpointName}_${deploymentParams.global_uniqueness}_dce'
params: {
deploymentParams:deploymentParams
dceParams: dceParams
osKind: 'linux'
tags: tags
}
}
// Create the Data Collection Rule
module r_dataCollectionRule 'modules/monitor/data_collection_rule.bicep' = {
scope: resourceGroup(r_rg.name)
name: '${logAnalyticsWorkspaceParams.workspaceName}_${deploymentParams.global_uniqueness}_Dcr'
params: {
deploymentParams:deploymentParams
osKind: 'Linux'
ruleName: 'webStoreDataCollectorRule'
logFilePattern: '/var/log/miztiik*.json'
dataCollectionEndpointId: r_dataCollectionEndpoint.outputs.DataCollectionEndpointId
customTableNamePrefix: r_logAnalyticsWorkspace.outputs.customTableNamePrefix
logAnalyticsPayGWorkspaceName:r_logAnalyticsWorkspace.outputs.logAnalyticsPayGWorkspaceName
logAnalyticsPayGWorkspaceId:r_logAnalyticsWorkspace.outputs.logAnalyticsPayGWorkspaceId
tags: tags
}
dependsOn: [
r_logAnalyticsWorkspace
]
}
//Create Fraud Alert
module r_create_fraud_alert 'modules/monitor/create_alert.bicep' = {
scope: resourceGroup(r_rg.name)
name: '${logAnalyticsWorkspaceParams.workspaceName}_${deploymentParams.global_uniqueness}_Fraud_Alert'
params: {
deploymentParams:deploymentParams
alertRuleDescription: 'Miztiik Store Fraud Alerts - When order is deeply discounted(>90%), Higher Quantity(>1) and Priority shipping is requested'
alertRuleName: 'Webstore_Fraud_Alert_${deploymentParams.global_uniqueness}'
alertRuleDisplayName: 'Miztiik Store Fraud Alerts'
alertRuleSeverity: 0
kql_alert_query: '${r_logAnalyticsWorkspace.outputs.customTableName} | where discount > 90 and qty >1 and priority_shipping==true'
scope_workspaceId_1: r_logAnalyticsWorkspace.outputs.logAnalyticsPayGWorkspaceId
autoMitigate: true
evaluationFrequency: 'PT1M' // Choose how often the alert rule should run. If the frequency is smaller than the aggregation granularity, this will result in sliding window evaluation.
windowSize: 'PT5M' //Aggregation of fraud log window
tags: tags
}
dependsOn: [
r_logAnalyticsWorkspace
]
}