You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/ci-cd-custom-content.md
+13-13Lines changed: 13 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -19,7 +19,7 @@ ms.custom: template-concept
19
19
The Microsoft Sentinel repositories feature provides a central experience for the deployment and management of Sentinel content as code. Repositories allow connections to an external source control for continuous integration / continuous delivery (CI/CD). This automation removes the burden of manual processes to update and deploy your custom content across workspaces. For more information on Sentinel content, see [About Microsoft Sentinel content and solutions](sentinel-solutions.md).
20
20
21
21
> [!IMPORTANT]
22
-
> The Microsoft Sentinel **Repositories** feature is currently in **PREVIEW**. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
22
+
> The Microsoft Sentinel **Repositories** feature is currently in **PREVIEW**. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for more legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
23
23
>
24
24
25
25
## Plan your repository connection
@@ -34,7 +34,7 @@ Microsoft Sentinel repositories require careful planning to ensure you have the
34
34
35
35
Repositories require an **Owner** role in the resource group that contains your Microsoft Sentinel workspace. This role is required to create the connection between Microsoft Sentinel and your source control repository. If you're unable to use the Owner role in your environment, use the combination of **User Access Administrator** and **Sentinel Contributor** roles to create the connection.
36
36
37
-
If you find content in a public repository where you aren't a contributor, first import, fork, or clone the content to a repo where you are a contributor. Then connect your repo to your Microsoft Sentinel workspace. For more information, see [Deploy custom content from your repository](ci-cd.md).
37
+
If you find content in a public repository where you aren't a contributor, first import, fork, or clone the content to a repo where you're a contributor. Then connect your repo to your Microsoft Sentinel workspace. For more information, see [Deploy custom content from your repository](ci-cd.md).
38
38
39
39
## Plan your repository content
40
40
@@ -43,13 +43,13 @@ Repository content must be stored as [Bicep files](../azure-resource-manager/bic
43
43
Deploy Bicep file templates alongside or instead of ARM JSON templates. If you're considering infrastructure as code options, we recommend looking at Bicep. For more information, see [What is Bicep?](../azure-resource-manager/bicep/overview.md).
44
44
45
45
> [!IMPORTANT]
46
-
> In order to use Bicep templates, your repositories connection needs to be updated if your connection was created before November 1st, 2024. Repositories connections must be [removed](ci-cd.md#remove-a-repository-connection) and recreated in order to update.
46
+
> In order to use Bicep templates, your repositories connection needs to be updated if your connection was created before November 1, 2024. Repositories connections must be [removed](ci-cd.md#remove-a-repository-connection) and recreated in order to update.
47
47
48
48
Even if your original content is an ARM template, consider converting to Bicep to make the review and update processes less complex. Bicep is closely related to ARM because during a deployment, each Bicep file is converted to an ARM template. For more information on converting ARM templates, see [Decompiling ARM template JSON to Bicep](../azure-resource-manager/bicep/decompile.md).
49
49
50
50
> [!NOTE]
51
51
> Known Bicep limitations:
52
-
> - Bicep templates do not support the `id` property. When decompiling ARM JSON to Bicep, make sure you don't have this property. For example, analytic rule templates exported from Microsoft Sentinel have the `id` property that needs removal.
52
+
> - Bicep templates don't support the `id` property. When decompiling ARM JSON to Bicep, make sure you don't have this property. For example, analytic rule templates exported from Microsoft Sentinel have the `id` property that needs removal.
53
53
> - Change the ARM JSON schema to version `2019-04-01` for best results when decompiling.
54
54
55
55
### Validate your content
@@ -68,7 +68,7 @@ The following Microsoft Sentinel content types can be deployed through a reposit
68
68
69
69
The repositories deployment doesn't validate the content except to confirm it's in the correct JSON or Bicep format. The first step to validate your content is to test it within Microsoft Sentinel. Another option is to apply the [Microsoft Sentinel GitHub validation process](https://github.com/Azure/Azure-Sentinel/wiki#test-your-contribution) and tools to complement your validation process.
70
70
71
-
A sample repository is available with templates for each of the content types listed above. The repo also demonstrates how to use advanced features of repository connections. For more information, see [Sentinel CICD repositories sample](https://github.com/SentinelCICD/RepositoriesSampleContent).
71
+
A sample repository is available with templates for each of the content types listed. The repo also demonstrates how to use advanced features of repository connections. For more information, see [Microsoft Sentinel CI/CD repositories sample](https://github.com/SentinelCICD/RepositoriesSampleContent).
72
72
73
73
74
74
:::image type="content" source="media/ci-cd-custom-content/repositories-connection-success.png" alt-text="Screenshot of a successful repository connection. The RepositoriesSampleContent is shown. This screenshot is after the sample was imported from the SentinelCICD repo to a private GitHub repo in the FourthCoffee organization." lightbox="media/ci-cd-custom-content/repositories-connection-success.png":::
@@ -77,7 +77,7 @@ A sample repository is available with templates for each of the content types li
77
77
### Maximum connections and deployments
78
78
79
79
- Each Microsoft Sentinel workspace is currently limited to **five repository connections**.
80
-
- Each Azure resource group is limited to **800 deployments** in its deployment history. If you have a high volume of template deployments in your resource group(s), you may see the `Deployment QuotaExceeded` error. For more information, see [DeploymentQuotaExceeded](/azure/azure-resource-manager/templates/deployment-quota-exceeded) in the Azure Resource Manager templates documentation.
80
+
- Each Azure resource group is limited to **800 deployments** in its deployment history. If you have a high volume of template deployments one or more of your resource groups, you may see the `Deployment QuotaExceeded` error. For more information, see [DeploymentQuotaExceeded](/azure/azure-resource-manager/templates/deployment-quota-exceeded) in the Azure Resource Manager templates documentation.
81
81
82
82
83
83
## Improve performance with smart deployments
@@ -86,24 +86,24 @@ A sample repository is available with templates for each of the content types li
86
86
> To ensure smart deployments works in GitHub, Workflows must have read and write permissions on your repository. See [Managing GitHub Actions settings for a repository](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository) for more details.
87
87
>
88
88
89
-
The **smart deployments** feature is a back-end capability that improves performance by actively tracking modifications made to the content files of a connected repository. It uses a CSV file within the '.sentinel' folder in your repository to audit each commit. The workflow avoids redeploying content that hasn't been modified since the last deployment. This process improves your deployment performance and prevents tampering with unchanged content in your workspace, such as resetting dynamic schedules of your analytics rules.
89
+
The **smart deployments** feature is a back-end capability that improves performance by actively tracking modifications made to the content files of a connected repository. It uses a CSV file within the `.sentinel` folder in your repository to audit each commit. The workflow avoids redeploying content that hasn't been modified since the last deployment. This process improves your deployment performance and prevents tampering with unchanged content in your workspace, such as resetting dynamic schedules of your analytics rules.
90
90
91
-
Smart deployments are enabled by default on newly created connections. If you prefer all source control content to be deployed every time a deployment is triggered, regardless of whether that content was modified or not, modify your workflow to disable smart deployments. For more information, see [Customize the workflow or pipeline](ci-cd-custom-deploy.md#customize-the-workflow-or-pipeline).
91
+
Smart deployments are enabled by default on newly created connections. If you prefer all source control content deployed every time a deployment is triggered, whether that content was modified or not, modify your workflow to disable smart deployments. For more information, see [Customize the workflow or pipeline](ci-cd-custom-deploy.md#customize-the-workflow-or-pipeline).
92
92
93
93
## Consider deployment customization options
94
94
95
-
A number of customization options are available to consider when deploying content with Microsoft Sentinel repositories.
95
+
Consider the following customization options when deploying content with Microsoft Sentinel repositories.
96
96
97
97
#### Customize the workflow or pipeline
98
98
99
-
You may want to customize the workflow or pipeline in one of the following ways:
99
+
Customize the workflow or pipeline in one of the following ways:
100
100
- configure different deployment triggers
101
101
- deploy content only from a specific root folder for a given workspace
102
102
- schedule the workflow to run periodically
103
103
- combine different workflow events together
104
104
- turn off smart deployments
105
105
106
-
These customizations are defined in a .yml file specific to your workflow or pipeline. For more details on how to implement, see [Customize repository deployments](ci-cd-custom-deploy.md#customize-the-workflow-or-pipeline)
106
+
These customizations are defined in a .yml file specific to your workflow or pipeline. For more information on how to implement, see [Customize repository deployments](ci-cd-custom-deploy.md#customize-the-workflow-or-pipeline)
107
107
108
108
#### Customize the deployment
109
109
@@ -112,13 +112,13 @@ Once the workflow or pipeline is triggered, the deployment supports the followin
112
112
- exclude content from deployment
113
113
- specify ARM template parameter files
114
114
115
-
These options are available through a feature of the PowerShell deployment script called from the workflow or pipeline. For more details on how to implement these customizations, see [Customize repository deployments](ci-cd-custom-deploy.md#customize-your-connection-configuration).
115
+
These options are available through a feature of the PowerShell deployment script called from the workflow or pipeline. For more information on how to implement these customizations, see [Customize repository deployments](ci-cd-custom-deploy.md#customize-your-connection-configuration).
116
116
117
117
118
118
## Next steps
119
119
120
120
Get more examples and step by step instructions on deploying Microsoft Sentinel repositories.
121
121
122
122
-[Deploy custom content from your repository](ci-cd.md)
-[Automate Sentinel integration with DevOps](/azure/architecture/example-scenario/devops/automate-sentinel-integration#microsoft-sentinel-repositories)
0 commit comments