AzWorkspaceManager/src/Public/Add-AzWorkspaceManagerGroup.ps1 at 6c0ef5c2713828c35996f426c0829beeeb8d139d · SecureHats/AzWorkspaceManager · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
function Add-AzWorkspaceManagerGroup {
    [cmdletbinding()]
    param (
        [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true)]
        [ValidateNotNullOrEmpty()]
        [ValidatePattern('^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$', ErrorMessage="It does not match expected pattern '{1}'")]
        [Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters.ResourceNameCompleterAttribute(
            "Microsoft.OperationalInsights/workspaces",
            "ResourceGroupName"
        )][string]$WorkspaceName,

        [Parameter(Mandatory = $false, ValueFromPipelineByPropertyName = $true)]
        [ValidateNotNullOrEmpty()]
        [Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters.ResourceGroupCompleterAttribute()]
        [string]$ResourceGroupName,

        [Parameter(Mandatory = $true, ValueFromPipeline = $false)]
        [ValidateNotNullOrEmpty()]
        [ValidatePattern('^[A-Za-z0-9]+( [A-Za-z0-9-]+[A-Za-z0-9])*$', ErrorMessage="It does not match expected pattern '{1}'")]
        [string]$Name,

        [Parameter(Mandatory = $false, ValueFromPipeline = $false)]
        [string]$Description = "",

        [Parameter(Mandatory = $false, ValueFromPipeline = $false)]
        [array]$workspaceManagerMembers,

        [Parameter(Mandatory = $false, ValueFromPipelineByPropertyName = $true)]
        [array]$ResourceId

    )

    begin {
        Invoke-AzWorkspaceManager -FunctionName $MyInvocation.MyCommand.Name
    }

    process {
        if ($ResourceGroupName) {
            $null = Get-AzWorkspaceManager -Name $WorkspaceName -ResourceGroupName $ResourceGroupName
        }
        else {
            $null = Get-AzWorkspaceManager -Name $WorkspaceName
        }

        if ($ResourceId) {
            foreach ($resource in $ResourceId) {
                $workspaceManagerMembers += $resource.split('/')[-1]
            }
        }
        $payload = @{
            properties = @{
                displayName         = $Name
                description         = $Description
                memberResourceNames = @(foreach ($workspaceManagerMember in $workspaceManagerMembers) { $workspaceManagerMember })
            }
        } | ConvertTo-Json

        if ($SessionVariables.workspaceManagerConfiguration -eq 'Enabled') {
            try {
                Write-Verbose "Adding Workspace Manager Group to workspace [$WorkspaceName)]"
                $uri = "$($SessionVariables.workspace)/providers/Microsoft.SecurityInsights/workspaceManagerGroups/$($Name.Replace(' ', '-'))?api-version=$($SessionVariables.apiVersion)"

                $requestParam = @{
                    Headers     = $authHeader
                    Uri         = $uri
                    Method      = 'PUT'
                    Body        = $payload
                    ContentType = 'application/json'
                }

                $apiResponse = Invoke-RestMethod @requestParam

                if ($apiResponse -ne '') {
                    $result = Format-Result -Message $apiResponse
                    return $result
                }
                else {
                    Write-Message -FunctionName $($MyInvocation.MyCommand.Name) -Message $($_.Exception.Message) -Severity 'Error'
                }
            }
            catch {
                Write-Message -FunctionName $($MyInvocation.MyCommand.Name) -Message $($_.Exception.Message) -Severity 'Error'
            }
        }
        else {
            Write-Message -FunctionName $MyInvocation.MyCommand.Name -Message "The Workspace Manager configuration is not 'Enabled' for workspace '$($WorkspaceName)'" -Severity 'Information'
        }
    }
    <#
        .SYNOPSIS
        Add a Microsoft Sentinel Workspace Manager Group.
        .DESCRIPTION
        The Add-AzWorkspaceManagerGroup cmdlet adds a workspace manager group to the configuration.
        It is possible to add child workspaces to the group or add them later. For adding child
        workspaces, use the Add-AzWorkspaceManagerMember cmdlet.
        .PARAMETER WorkspaceName
        The Name of the log analytics workspace.
        .PARAMETER ResourceGroupName
        The name of the ResouceGroup where the log analytics workspace is located.
        .PARAMETER Name
        The name of the workspace manager group.
        If an name is provided with spaces in it, the name will be converted to a name without spaces.
        The display name will be the name with spaces.
        .PARAMETER Description
        The description of the workspace manager group. If not specified, the name will be used.
        .PARAMETER workspaceManagerMembers
        The workspace manager members to add to the group. The members are workspaces that are linked to the workspace manager configuration. and used to provision Microsoft Sentinel workspaces.
        .EXAMPLE
        Add-AzWorkspaceManagerGroup -WorkspaceName "myWorkspace" -Name "Banks" -workspaceManagerMembers 'myChildWorkspace(***)'

        This example adds a Workspace Manager Group 'Banks' to the workspace and adds a child workspace to the group.
        .EXAMPLE
        Get-AzWorkspaceManagerMember -WorkspaceName "myWorkspace" | Add-AzWorkspaceManagerGroup -Name "Banks"

        This example adds a Workspace Manager Group 'Banks' to the workspace and adds all child workspaces to the group using the pipeline.
        .LINK
        Get-AzWorkspaceManagerGroup
        Remove-AzWorkspaceManagerGroup
        Add-AzWorkspaceManagerMember
        Get-AzWorkspaceManagerMember
    #>
}