Azure · v-prasadboke · Oct 10, 2024 · Sep 18, 2024 · Sep 19, 2024 · Oct 1, 2024
@@ -21,23 +21,16 @@
 
 cs = os.environ.get('ConnectionString')
 
-customer_id = os.environ.get('WorkspaceID')
-shared_key = os.environ.get('WorkspaceKey')
+customer_id = os.environ.get('AzureSentinelWorkspaceId','')
+shared_key = os.environ.get('AzureSentinelSharedKey')
 verify = False
 logAnalyticsUri = 'https://' + customer_id + '.ods.opinsights.azure.com'
 
-pattern = r'https:\/\/([\w\-]+)\.ods\.opinsights\.azure.([a-zA-Z\.]+)$'
-match = re.match(pattern, str(logAnalyticsUri))
-if (not match):
-    logging.info(f"Invalid url : {logAnalyticsUri}")
-    raise Exception("Lookout: Invalid Log Analytics Uri.")
-
-key_vault_name = os.environ.get("KeyVaultName")
+key_vault_name = os.environ.get("KeyVaultName","Commvault-Integration-KV")
 uri = None
 url = None
 qsdk_token = None
 headers = {
-    "authtoken": "QSDK " + qsdk_token,
     "Content-Type": "application/json",
     "Accept": "application/json",
 }
@@ -99,8 +92,8 @@
         "paths": [{"path": "/**/*"}],
     }
 
-
-@app.schedule(schedule="0 */5 * * * *", arg_name="myTimer", run_on_startup=False,
+@app.function_name(name="AzureFunctionCommvaultSecurityIQ")
+@app.schedule(schedule="0 */5 * * * *", arg_name="myTimer", run_on_startup=True,
               use_monitor=False)
 def myTimer(myTimer: func.TimerRequest) -> None:
     global qsdk_token,url
@@ -110,7 +103,11 @@ def myTimer(myTimer: func.TimerRequest) -> None:
 
     logging.info('Executing Python timer trigger function.')
 
-
+    pattern = r'https:\/\/([\w\-]+)\.ods\.opinsights\.azure.([a-zA-Z\.]+)$'
+    match = re.match(pattern, str(logAnalyticsUri))
+    if (not match):
+        logging.info(f"Invalid url : {logAnalyticsUri}")
+        raise Exception("Lookout: Invalid Log Analytics Uri.")
     try:
         credential = DefaultAzureCredential()
         client = SecretClient(vault_url=f"https://{key_vault_name}.vault.azure.net", credential=credential)
@@ -119,7 +116,7 @@ def myTimer(myTimer: func.TimerRequest) -> None:
         url = "https://" + uri + "/commandcenter/api"
         secret_name = "access-token"
         qsdk_token = client.get_secret(secret_name).value
-
+        headers["authtoken"] = "QSDK "+qsdk_token
         ustring = "/events?level=10&showInfo=false&showMinor=false&showMajor=true&showCritical=false&showAnomalous=true"
         f_url = url + ustring
         current_date = datetime.utcnow()
@@ -657,4 +654,4 @@ def read_blob(connection_string, container_name, blob_name):
 
     except Exception as e:
         logging.error(f"An error occurred: {str(e)}")
-        raise e
+        raise e
@@ -28,7 +28,7 @@
             "type": "string",
             "metadata": {
                 "description": "Migrate Classic Application Insights to Log Analytic Workspace which is retiring by 29 Febraury 2024. Use 'Log Analytic Workspace-->Properties' blade having 'Resource ID' property value. This is a fully qualified resourceId which is in format '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}'"
-            }
+            } 
         }
     },
     "variables": {
@@ -139,7 +139,7 @@
                 "alwaysOn": true,
                 "reserved": true,
                 "siteConfig": {
-                    "linuxFxVersion": "python|3.8"
+                    "linuxFxVersion": "python|3.11"
                 }
             },
 
@@ -152,6 +152,7 @@
                         "[concat('Microsoft.Web/sites/', variables('FunctionName'))]"
                     ],
                     "properties": {
+
                         "FUNCTIONS_EXTENSION_VERSION": "~4",
                         "FUNCTIONS_WORKER_RUNTIME": "python",
                         "APPINSIGHTS_INSTRUMENTATIONKEY": "[reference(resourceId('Microsoft.insights/components', variables('FunctionName')), '2015-05-01').InstrumentationKey]",

@@ -6,4 +6,5 @@ azure-functions
 azure-storage-blob
 azure-identity
 azure-keyvault-secrets
-requests
+requests
+cryptography==41.0.3
@@ -478,7 +478,6 @@
             "location": "[parameters('location')]",
             "subscriptionId": "[[subscription().subscriptionId]",
             "tenantId": "[[subscription().tenantId]",
-            "keyvaultApiId": "[[concat('/subscriptions/', variables('subscriptionId'), '/providers/Microsoft.Web/locations/', variables('location'),'/managedApis/keyvault')]",
             "AzureautomationConnectionName": "[[concat('Azureautomation-', parameters('PlaybookName'))]",
             "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
             "KeyvaultConnectionName": "[[concat('Keyvault-', parameters('PlaybookName'))]",
@@ -930,7 +929,6 @@
             "location": "[parameters('location')]",
             "subscriptionId": "[[subscription().subscriptionId]",
             "tenantId": "[[subscription().tenantId]",
-            "keyvaultApiId": "[[concat('/subscriptions/', variables('subscriptionId'), '/providers/Microsoft.Web/locations/', variables('location'),'/managedApis/keyvault')]",
             "AzureautomationConnectionName": "[[concat('Azureautomation-', parameters('PlaybookName'))]",
             "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
             "KeyvaultConnectionName": "[[concat('Keyvault-', parameters('PlaybookName'))]",
@@ -1274,7 +1272,6 @@
             "location": "[parameters('location')]",
             "subscriptionId": "[[subscription().subscriptionId]",
             "tenantId": "[[subscription().tenantId]",
-            "keyvaultApiId": "[[concat('/subscriptions/', variables('subscriptionId'), '/providers/Microsoft.Web/locations/', variables('location'),'/managedApis/keyvault')]",
             "AzureautomationConnectionName": "[[concat('Azureautomation-', parameters('PlaybookName'))]",
             "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
             "KeyvaultConnectionName": "[[concat('Keyvault-', parameters('PlaybookName'))]",

@@ -42,7 +42,6 @@
 		"location": "[resourceGroup().location]",
         "subscriptionId": "[subscription().subscriptionId]",
         "tenantId": "[subscription().tenantId]",
-        "keyvaultApiId": "[concat('/subscriptions/', variables('subscriptionId'), '/providers/Microsoft.Web/locations/', variables('location'),'/managedApis/keyvault')]",
         "AzureautomationConnectionName":  "[concat('Azureautomation-', parameters('PlaybookName'))]",
         "MicrosoftSentinelConnectionName":  "[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
         "KeyvaultConnectionName":  "[concat('Keyvault-', parameters('PlaybookName'))]"

@@ -42,7 +42,6 @@
 		"location": "[resourceGroup().location]",
         "subscriptionId": "[subscription().subscriptionId]",
         "tenantId": "[subscription().tenantId]",
-        "keyvaultApiId": "[concat('/subscriptions/', variables('subscriptionId'), '/providers/Microsoft.Web/locations/', variables('location'),'/managedApis/keyvault')]",
         "AzureautomationConnectionName":  "[concat('Azureautomation-', parameters('PlaybookName'))]",
         "MicrosoftSentinelConnectionName":  "[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
         "KeyvaultConnectionName":  "[concat('Keyvault-', parameters('PlaybookName'))]"

@@ -42,7 +42,6 @@
 		"location": "[resourceGroup().location]",
         "subscriptionId": "[subscription().subscriptionId]",
         "tenantId": "[subscription().tenantId]",
-        "keyvaultApiId": "[concat('/subscriptions/', variables('subscriptionId'), '/providers/Microsoft.Web/locations/', variables('location'),'/managedApis/keyvault')]",
         "AzureautomationConnectionName":  "[concat('Azureautomation-', parameters('PlaybookName'))]",
         "MicrosoftSentinelConnectionName":  "[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
         "KeyvaultConnectionName":  "[concat('Keyvault-', parameters('PlaybookName'))]"