Merge pull request #20 from quantum-sec/feature/XDR-4570

XDR-4570: Modify package module to read content instead of filePath

modules/sentinel-automation-rule/README.md

@@ -23,9 +23,9 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_automation_rule"></a> [automation\_rule](#input\_automation\_rule) | Automation rule to be deployed. | `string` | n/a | yes |
 | <a name="input_environment"></a> [environment](#input\_environment) | The type of environment (e.g. `dev`, `stage`, or `prod`). | `string` | n/a | yes |
-| <a name="input_log_analytics_workspace_id"></a> [log\_analytics\_workspace\_id](#input\_log\_analytics\_workspace\_id) | n/a | `string` | n/a | yes |
+| <a name="input_log_analytics_workspace_id"></a> [log\_analytics\_workspace\_id](#input\_log\_analytics\_workspace\_id) | The ID of the Log Analytics workspace. | `string` | n/a | yes |
 | <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group in which the playbook is provisioned. | `string` | n/a | yes |
 | <a name="input_unique_name_prefix"></a> [unique\_name\_prefix](#input\_unique\_name\_prefix) | A unique string prepended to the resource name to ensure it is globally unique (i.e. your company name). | `string` | n/a | yes |
-| <a name="input_file_path"></a> [file\_path](#input\_file\_path) | The file path to the automation rule. | `string` | `""` | no |
 <!-- END_TF_DOCS -->

modules/sentinel-automation-rule/main.tf

@@ -13,7 +13,7 @@ terraform {
 # ---------------------------------------------------------------------------------------------------------------------
 
 locals {
-  automation_rule_object = jsondecode(file("${var.file_path}.json"))
+  automation_rule_object = jsondecode(var.automation_rule)
 }
 
 data "azurerm_subscription" "current" {
@@ -45,7 +45,7 @@ resource "azurerm_sentinel_automation_rule" "sentinel_automation_rule" {
 
     content {
       order        = action_playbook.value["order"]
-      logic_app_id = "/subscriptions/${data.azurerm_subscription.current.subscription_id}/resourceGroups/${var.resource_group_name}/providers/Microsoft.Logic/workflows/${try(action_playbook.value["prefixed"], false) ? "${var.unique_name_prefix}-${action_playbook.value["logic_app_id"]}-${var.environment}" : action_playbook.value["logic_app_id"]}"
+      logic_app_id = "/subscriptions/${data.azurerm_subscription.current.subscription_id}/resourceGroups/${var.resource_group_name}/providers/Microsoft.Logic/workflows/${tobool(try(action_playbook.value["prefixed"], false)) ? "${var.unique_name_prefix}-${action_playbook.value["logic_app_id"]}-${var.environment}" : action_playbook.value["logic_app_id"]}"
       tenant_id    = try(action_playbook.value["tenant_id"], null)
     }
   }

modules/sentinel-automation-rule/vars.tf

@@ -1,13 +1,18 @@
 variable "log_analytics_workspace_id" {
-  type = string
+  description = "The ID of the Log Analytics workspace."
+  type        = string
 }
 
-variable "file_path" {
-  description = "The file path to the automation rule."
+variable "automation_rule" {
+  description = "Automation rule to be deployed."
   type        = string
-  default     = ""
 }
 
+#variable "logic_app_id" {
+#  description = "Resource ID of the SOAR Webhook connector logic app."
+#  type        = string
+#}
+
 variable "resource_group_name" {
   description = "The name of the resource group in which the playbook is provisioned."
   type        = string

modules/sentinel-library-rule/README.md

@@ -6,19 +6,25 @@
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.2 |
 | <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | >= 3.42 |
 
-## Modules
+## Providers
 
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_rule"></a> [rule](#module\_rule) | ../sentinel-scheduled-alert-rule | n/a |
+| Name | Version |
+|------|---------|
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | >= 3.42 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_sentinel_alert_rule_scheduled.rule](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sentinel_alert_rule_scheduled) | resource |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_log_analytics_workspace_id"></a> [log\_analytics\_workspace\_id](#input\_log\_analytics\_workspace\_id) | The ID of the Log Analytics workspace in which Azure Sentinel is deployed. | `string` | n/a | yes |
 | <a name="input_path"></a> [path](#input\_path) | The relative path of the rule definition from the rules directory, excluding its file extension. | `string` | n/a | yes |
-| <a name="input_content_path_rules"></a> [content\_path\_rules](#input\_content\_path\_rules) | The path to the rules directory.<br><br>Default empty value will use pre-packaged rules.<br>If you have rules in /opt/xdr/content/rules then you may want to provide a value of "/opt/xdr/content/rules" | `string` | `""` | no |
+| <a name="input_rule"></a> [rule](#input\_rule) | The rule definition. | `string` | n/a | yes |
 
 ## Outputs