{\rtf1\ansi\ansicpg1252\cocoartf2822 \cocoatextscaling0\cocoaplatform0{\fonttbl\f0\fnil\fcharset0 Menlo-Regular;} {\colortbl;\red255\green255\blue255;\red0\green0\blue0;\red255\green255\blue255;\red193\green193\blue193; \red140\green211\blue254;\red194\green126\blue101;\red212\green214\blue154;\red167\green197\blue152;\red70\green137\blue204; \red67\green192\blue160;\red89\green138\blue67;} {\*\expandedcolortbl;;\cssrgb\c0\c0\c0;\cssrgb\c100000\c100000\c100000;\cssrgb\c80000\c80000\c80000; \cssrgb\c61176\c86275\c99608;\cssrgb\c80784\c56863\c47059;\cssrgb\c86275\c86275\c66667;\cssrgb\c70980\c80784\c65882;\cssrgb\c33725\c61176\c83922; \cssrgb\c30588\c78824\c69020;\cssrgb\c41569\c60000\c33333;} \margl1440\margr1440\vieww30000\viewh16060\viewkind0 \deftab720 \pard\pardeftab720\partightenfactor0 \f0\fs24 \cf2 \cb3 \expnd0\expndtw0\kerning0 \outl0\strokewidth0 \strokec4 \{\ \strokec5 "$schema"\strokec4 : \strokec6 "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#"\strokec4 ,\ \strokec5 "contentVersion"\strokec4 : \strokec6 "1.0.0.0"\strokec4 ,\ \strokec5 "parameters"\strokec4 : \{\ \strokec5 "functionAppName"\strokec4 : \{\ \strokec5 "defaultValue"\strokec4 : \strokec7 "[format\strokec4 (\strokec6 'func-\{0\}'\strokec4 , \strokec7 uniqueString\strokec4 (\strokec7 resourceGroup\strokec4 ().\strokec5 id\strokec4 ))\strokec7 ]"\strokec4 ,\ \strokec5 "type"\strokec4 : \strokec6 "String"\strokec4 ,\ \strokec5 "metadata"\strokec4 : \{\ \strokec5 "description"\strokec4 : \strokec6 "The name of the Azure Function app."\strokec4 \ \}\ \},\ \strokec5 "storageAccountType"\strokec4 : \{\ \strokec5 "defaultValue"\strokec4 : \strokec6 "Standard_LRS"\strokec4 ,\ \strokec5 "allowedValues"\strokec4 : [\ \strokec6 "Standard_LRS"\strokec4 ,\ \strokec6 "Standard_GRS"\strokec4 ,\ \strokec6 "Standard_RAGRS"\strokec4 \ ],\ \strokec5 "type"\strokec4 : \strokec6 "String"\strokec4 ,\ \strokec5 "metadata"\strokec4 : \{\ \strokec5 "description"\strokec4 : \strokec6 "Storage Account type"\strokec4 \ \}\ \},\ \strokec5 "location"\strokec4 : \{\ \strokec5 "defaultValue"\strokec4 : \strokec7 "[resourceGroup\strokec4 ().\strokec5 location\strokec7 ]"\strokec4 ,\ \strokec5 "type"\strokec4 : \strokec6 "String"\strokec4 ,\ \strokec5 "metadata"\strokec4 : \{\ \strokec5 "description"\strokec4 : \strokec6 "Location for all resources."\strokec4 \ \}\ \},\ \strokec5 "appInsightsLocation"\strokec4 : \{\ \strokec5 "defaultValue"\strokec4 : \strokec7 "[resourceGroup\strokec4 ().\strokec5 location\strokec7 ]"\strokec4 ,\ \strokec5 "type"\strokec4 : \strokec6 "String"\strokec4 ,\ \strokec5 "metadata"\strokec4 : \{\ \strokec5 "description"\strokec4 : \strokec6 "Location for Application Insights"\strokec4 \ \}\ \},\ \strokec5 "functionAppRuntime"\strokec4 : \{\ \strokec5 "defaultValue"\strokec4 : \strokec6 "python"\strokec4 ,\ \strokec5 "allowedValues"\strokec4 : [\ \strokec6 "dotnet-isolated"\strokec4 ,\ \strokec6 "python"\strokec4 ,\ \strokec6 "java"\strokec4 ,\ \strokec6 "node"\strokec4 ,\ \strokec6 "powerShell"\strokec4 \ ],\ \strokec5 "type"\strokec4 : \strokec6 "String"\strokec4 ,\ \strokec5 "metadata"\strokec4 : \{\ \strokec5 "description"\strokec4 : \strokec6 "The language worker runtime to load in the function app."\strokec4 \ \}\ \},\ \strokec5 "functionAppRuntimeVersion"\strokec4 : \{\ \strokec5 "defaultValue"\strokec4 : \strokec6 "3.11"\strokec4 ,\ \strokec5 "allowedValues"\strokec4 : [\ \strokec6 "3.10"\strokec4 ,\ \strokec6 "3.11"\strokec4 ,\ \strokec6 "7.4"\strokec4 ,\ \strokec6 "8.0"\strokec4 ,\ \strokec6 "10"\strokec4 ,\ \strokec6 "11"\strokec4 ,\ \strokec6 "17"\strokec4 ,\ \strokec6 "20"\strokec4 \ ],\ \strokec5 "type"\strokec4 : \strokec6 "String"\strokec4 ,\ \strokec5 "metadata"\strokec4 : \{\ \strokec5 "description"\strokec4 : \strokec6 "The language worker runtime version to load in the function app."\strokec4 \ \}\ \},\ \strokec5 "maximumInstanceCount"\strokec4 : \{\ \strokec5 "defaultValue"\strokec4 : \strokec8 100\strokec4 ,\ \strokec5 "type"\strokec4 : \strokec6 "Int"\strokec4 \ \},\ \strokec5 "instanceMemoryMB"\strokec4 : \{\ \strokec5 "defaultValue"\strokec4 : \strokec8 2048\strokec4 ,\ \strokec5 "allowedValues"\strokec4 : [\ \strokec8 512\strokec4 ,\ \strokec8 2048\strokec4 ,\ \strokec8 4096\strokec4 \ ],\ \strokec5 "type"\strokec4 : \strokec6 "Int"\strokec4 \ \},\ \strokec5 "roleNameGuid"\strokec4 : \{\ \strokec5 "defaultValue"\strokec4 : \strokec7 "[newGuid\strokec4 ()\strokec7 ]"\strokec4 ,\ \strokec5 "type"\strokec4 : \strokec6 "String"\strokec4 ,\ \strokec5 "metadata"\strokec4 : \{\ \strokec5 "description"\strokec4 : \strokec6 "A new GUID used to identify the role assignment"\strokec4 \ \}\ \},\ \strokec5 "WorkspaceId"\strokec4 : \{\ \strokec5 "type"\strokec4 : \strokec6 "string"\strokec4 ,\ \strokec5 "defaultValue"\strokec4 : \strokec6 ""\strokec4 \ \},\ \strokec5 "WorkspaceKey"\strokec4 : \{\ \strokec5 "type"\strokec4 : \strokec6 "securestring"\strokec4 ,\ \strokec5 "defaultValue"\strokec4 : \strokec6 ""\strokec4 \ \},\ \strokec5 "AwsAccessKeyId"\strokec4 : \{\ \strokec5 "type"\strokec4 : \strokec6 "string"\strokec4 ,\ \strokec5 "defaultValue"\strokec4 : \strokec6 ""\strokec4 \ \},\ \strokec5 "AwsSecretAccessKey"\strokec4 : \{\ \strokec5 "type"\strokec4 : \strokec6 "securestring"\strokec4 ,\ \strokec5 "defaultValue"\strokec4 : \strokec6 ""\strokec4 \ \},\ \strokec5 "FncAccountCode"\strokec4 : \{\ \strokec5 "type"\strokec4 : \strokec6 "string"\strokec4 ,\ \strokec5 "defaultValue"\strokec4 : \strokec6 ""\strokec4 \ \},\ \strokec5 "FncEvents"\strokec4 : \{\ \strokec5 "type"\strokec4 : \strokec6 "string"\strokec4 ,\ \strokec5 "defaultValue"\strokec4 : \strokec6 "observation,detections"\strokec4 \ \},\ \strokec5 "FncTerminateApp"\strokec4 : \{\ \strokec5 "type"\strokec4 : \strokec6 "bool"\strokec4 ,\ \strokec5 "defaultValue"\strokec4 : \strokec9 false\strokec4 \ \},\ \strokec5 "FncDaysToCollectEvents"\strokec4 : \{\ \strokec5 "type"\strokec4 : \strokec6 "int"\strokec4 ,\ \strokec5 "defaultValue"\strokec4 : \strokec8 7\strokec4 \ \},\ \strokec5 "FncIntervalMinutes"\strokec4 : \{\ \strokec5 "type"\strokec4 : \strokec6 "int"\strokec4 ,\ \strokec5 "defaultValue"\strokec4 : \strokec8 5\strokec4 \ \},\ \strokec5 "FncBucketName"\strokec4 : \{\ \strokec5 "type"\strokec4 : \strokec6 "string"\strokec4 ,\ \strokec5 "defaultValue"\strokec4 : \strokec6 ""\strokec4 \ \},\ \strokec5 "FncApiToken"\strokec4 : \{\ \strokec5 "type"\strokec4 : \strokec6 "securestring"\strokec4 ,\ \strokec5 "defaultValue"\strokec4 : \strokec6 ""\strokec4 \ \},\ \strokec5 "FncAccountUuid"\strokec4 : \{\ \strokec5 "type"\strokec4 : \strokec6 "string"\strokec4 ,\ \strokec5 "defaultValue"\strokec4 : \strokec6 ""\strokec4 \ \},\ \strokec5 "FncApiDomain"\strokec4 : \{\ \strokec5 "type"\strokec4 : \strokec6 "string"\strokec4 ,\ \strokec5 "defaultValue"\strokec4 : \strokec6 ""\strokec4 \ \},\ \strokec5 "IncludeEvents"\strokec4 : \{\ \strokec5 "type"\strokec4 : \strokec6 "bool"\strokec4 ,\ \strokec5 "defaultValue"\strokec4 : \strokec9 false\strokec4 \ \},\ \strokec5 "IncludeDescription"\strokec4 : \{\ \strokec5 "type"\strokec4 : \strokec6 "bool"\strokec4 ,\ \strokec5 "defaultValue"\strokec4 : \strokec9 true\strokec4 \ \},\ \strokec5 "IncludeSignature"\strokec4 : \{\ \strokec5 "type"\strokec4 : \strokec6 "bool"\strokec4 ,\ \strokec5 "defaultValue"\strokec4 : \strokec9 true\strokec4 \ \},\ \strokec5 "PullMuted"\strokec4 : \{\ \strokec5 "type"\strokec4 : \strokec6 "string"\strokec4 ,\ \strokec5 "defaultValue"\strokec4 : \strokec6 "all"\strokec4 \ \},\ \strokec5 "DetectionStatus"\strokec4 : \{\ \strokec5 "type"\strokec4 : \strokec6 "string"\strokec4 ,\ \strokec5 "defaultValue"\strokec4 : \strokec6 "all"\strokec4 \ \},\ \strokec5 "FncDaysToCollectDetections"\strokec4 : \{\ \strokec5 "type"\strokec4 : \strokec6 "int"\strokec4 ,\ \strokec5 "defaultValue"\strokec4 : \strokec8 0\strokec4 \ \},\ \strokec5 "PollingDelay"\strokec4 : \{\ \strokec5 "type"\strokec4 : \strokec6 "int"\strokec4 ,\ \strokec5 "defaultValue"\strokec4 : \strokec8 10\strokec4 \ \},\ \strokec5 "LogLevel"\strokec4 : \{\ \strokec5 "type"\strokec4 : \strokec6 "string"\strokec4 ,\ \strokec5 "defaultValue"\strokec4 : \strokec6 "INFO"\strokec4 \ \},\ \strokec5 "PostingLimit"\strokec4 : \{\ \strokec5 "type"\strokec4 : \strokec6 "int"\strokec4 ,\ \strokec5 "defaultValue"\strokec4 : \strokec8 3000\strokec4 \ \}\ \},\ \strokec5 "variables"\strokec4 : \{\ \strokec5 "hostingPlanName"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'functionAppName'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "applicationInsightsName"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'functionAppName'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "storageAccountName"\strokec4 : \strokec7 "[format\strokec4 (\strokec6 '\{0\}azfunctions'\strokec4 , \strokec7 uniqueString\strokec4 (\strokec7 resourceGroup\strokec4 ().\strokec5 id\strokec4 ))\strokec7 ]"\strokec4 ,\ \strokec5 "resourceToken"\strokec4 : \strokec7 "[toLower\strokec4 (\strokec7 uniqueString\strokec4 (\strokec7 subscription\strokec4 ().\strokec5 id\strokec4 , \strokec7 resourceGroup\strokec4 ().\strokec5 name\strokec4 , \strokec10 parameters\strokec4 (\strokec10 'location'\strokec4 )))\strokec7 ]"\strokec4 ,\ \strokec5 "deploymentStorageContainerName"\strokec4 : \strokec7 "[concat\strokec4 (\strokec6 'app-package-'\strokec4 , \strokec7 take\strokec4 (\strokec10 parameters\strokec4 (\strokec10 'functionAppName'\strokec4 ), \strokec8 32\strokec4 ),\strokec6 '-'\strokec4 , \strokec7 take\strokec4 (\strokec9 variables\strokec4 (\strokec9 'resourceToken'\strokec4 ), \strokec8 7\strokec4 ))\strokec7 ]"\strokec4 ,\ \strokec5 "storageBlobContributorRoleId"\strokec4 : \strokec7 "[concat\strokec4 (\strokec7 subscription\strokec4 ().\strokec5 Id\strokec4 , \strokec6 '/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe'\strokec4 )\strokec7 ]"\strokec4 , \strokec11 //Storage Blob Data Contributor role\strokec4 \ \strokec5 "LogAnalyticsUri"\strokec4 : \strokec7 "[replace\strokec4 (\strokec7 environment\strokec4 ().\strokec5 portal\strokec4 , \strokec6 'https://portal'\strokec4 , \strokec7 concat\strokec4 (\strokec6 'https://'\strokec4 , \strokec7 toLower\strokec4 (\strokec10 parameters\strokec4 (\strokec10 'WorkspaceId'\strokec4 )), \strokec6 '.ods.opinsights'\strokec4 ))\strokec7 ]"\strokec4 \ \},\ \strokec5 "resources"\strokec4 : [\ \{\ \strokec5 "type"\strokec4 : \strokec6 "Microsoft.Storage/storageAccounts"\strokec4 ,\ \strokec5 "apiVersion"\strokec4 : \strokec6 "2023-01-01"\strokec4 ,\ \strokec5 "name"\strokec4 : \strokec7 "[\strokec9 variables\strokec4 (\strokec9 'storageAccountName'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "location"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'location'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "sku"\strokec4 : \{\ \strokec5 "name"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'storageAccountType'\strokec4 )\strokec7 ]"\strokec4 \ \},\ \strokec5 "kind"\strokec4 : \strokec6 "StorageV2"\strokec4 ,\ \strokec5 "properties"\strokec4 : \{\ \strokec5 "accessTier"\strokec4 : \strokec6 "Hot"\strokec4 ,\ \strokec5 "allowSharedKeyAccess"\strokec4 : \strokec9 false\strokec4 \ \}\ \},\ \{\ \strokec5 "type"\strokec4 : \strokec6 "Microsoft.Storage/storageAccounts/blobServices"\strokec4 ,\ \strokec5 "apiVersion"\strokec4 : \strokec6 "2023-01-01"\strokec4 ,\ \strokec5 "name"\strokec4 : \strokec7 "[format\strokec4 (\strokec6 '\{0\}/\{1\}'\strokec4 , \strokec9 variables\strokec4 (\strokec9 'storageAccountName'\strokec4 ), \strokec6 'default'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "dependsOn"\strokec4 : [\ \strokec7 "[resourceId\strokec4 (\strokec6 'Microsoft.Storage/storageAccounts'\strokec4 , \strokec9 variables\strokec4 (\strokec9 'storageAccountName'\strokec4 ))\strokec7 ]"\strokec4 \ ]\ \},\ \{\ \strokec5 "type"\strokec4 : \strokec6 "Microsoft.Storage/storageAccounts/blobServices/containers"\strokec4 ,\ \strokec5 "apiVersion"\strokec4 : \strokec6 "2023-01-01"\strokec4 ,\ \strokec5 "name"\strokec4 : \strokec7 "[format\strokec4 (\strokec6 '\{0\}/\{1\}/\{2\}'\strokec4 , \strokec9 variables\strokec4 (\strokec9 'storageAccountName'\strokec4 ), \strokec6 'default'\strokec4 , \strokec9 variables\strokec4 (\strokec9 'deploymentStorageContainerName'\strokec4 ))\strokec7 ]"\strokec4 ,\ \strokec5 "dependsOn"\strokec4 : [\ \strokec7 "[resourceId\strokec4 (\strokec6 'Microsoft.Storage/storageAccounts/blobServices'\strokec4 , \strokec9 variables\strokec4 (\strokec9 'storageAccountName'\strokec4 ), \strokec6 'default'\strokec4 )\strokec7 ]"\strokec4 \ ],\ \strokec5 "properties"\strokec4 : \{\ \strokec5 "publicAccess"\strokec4 : \strokec6 "None"\strokec4 \ \}\ \},\ \{\ \strokec5 "type"\strokec4 : \strokec6 "Microsoft.Web/serverfarms"\strokec4 ,\ \strokec5 "apiVersion"\strokec4 : \strokec6 "2023-12-01"\strokec4 ,\ \strokec5 "name"\strokec4 : \strokec7 "[\strokec9 variables\strokec4 (\strokec9 'hostingPlanName'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "location"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'location'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "sku"\strokec4 : \{\ \strokec5 "tier"\strokec4 : \strokec6 "FlexConsumption"\strokec4 ,\ \strokec5 "name"\strokec4 : \strokec6 "FC1"\strokec4 \ \},\ \strokec5 "kind"\strokec4 : \strokec6 "functionapp"\strokec4 ,\ \strokec5 "properties"\strokec4 : \{\ \strokec5 "reserved"\strokec4 : \strokec9 true\strokec4 \ \}\ \},\ \{\ \strokec5 "type"\strokec4 : \strokec6 "Microsoft.Insights/components"\strokec4 ,\ \strokec5 "apiVersion"\strokec4 : \strokec6 "2020-02-02"\strokec4 ,\ \strokec5 "name"\strokec4 : \strokec7 "[\strokec9 variables\strokec4 (\strokec9 'applicationInsightsName'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "location"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'appInsightsLocation'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "tags"\strokec4 : \{\ \strokec7 "[format\strokec4 (\strokec6 'hidden-link:\{0\}'\strokec4 , \strokec7 resourceId\strokec4 (\strokec6 'Microsoft.Web/sites'\strokec4 , \strokec9 variables\strokec4 (\strokec9 'applicationInsightsName'\strokec4 )))\strokec7 ]"\strokec4 : \strokec6 "Resource"\strokec4 \ \},\ \strokec5 "kind"\strokec4 : \strokec6 "web"\strokec4 ,\ \strokec5 "properties"\strokec4 : \{\ \strokec5 "Application_Type"\strokec4 : \strokec6 "web"\strokec4 \ \}\ \},\ \{\ \strokec5 "type"\strokec4 : \strokec6 "Microsoft.Web/sites"\strokec4 ,\ \strokec5 "apiVersion"\strokec4 : \strokec6 "2023-12-01"\strokec4 ,\ \strokec5 "name"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'functionAppName'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "location"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'location'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "dependsOn"\strokec4 : [\ \strokec7 "[resourceId\strokec4 (\strokec6 'Microsoft.Web/serverfarms'\strokec4 , \strokec9 variables\strokec4 (\strokec9 'hostingPlanName'\strokec4 ))\strokec7 ]"\strokec4 ,\ \strokec7 "[resourceId\strokec4 (\strokec6 'Microsoft.Insights/components'\strokec4 , \strokec9 variables\strokec4 (\strokec9 'applicationInsightsName'\strokec4 ))\strokec7 ]"\strokec4 ,\ \strokec7 "[resourceId\strokec4 (\strokec6 'Microsoft.Storage/storageAccounts'\strokec4 , \strokec9 variables\strokec4 (\strokec9 'storageAccountName'\strokec4 ))\strokec7 ]"\strokec4 \ ],\ \strokec5 "kind"\strokec4 : \strokec6 "functionapp,linux"\strokec4 ,\ \strokec5 "identity"\strokec4 : \{\ \strokec5 "type"\strokec4 : \strokec6 "SystemAssigned"\strokec4 \ \},\ \strokec5 "properties"\strokec4 : \{\ \strokec5 "serverFarmId"\strokec4 : \strokec7 "[resourceId\strokec4 (\strokec6 'Microsoft.Web/serverfarms'\strokec4 , \strokec9 variables\strokec4 (\strokec9 'hostingPlanName'\strokec4 ))\strokec7 ]"\strokec4 ,\ \strokec5 "functionAppConfig"\strokec4 : \{\ \strokec5 "deployment"\strokec4 : \{\ \strokec5 "storage"\strokec4 : \{\ \strokec5 "type"\strokec4 : \strokec6 "blobContainer"\strokec4 ,\ \strokec5 "value"\strokec4 : \strokec7 "[concat\strokec4 (\strokec7 reference\strokec4 (\strokec7 resourceId\strokec4 (\strokec6 'Microsoft.Storage/storageAccounts'\strokec4 , \strokec9 variables\strokec4 (\strokec9 'storageAccountName'\strokec4 ))).\strokec5 primaryEndpoints\strokec4 .\strokec5 blob\strokec4 , \strokec9 variables\strokec4 (\strokec9 'deploymentStorageContainerName'\strokec4 ))\strokec7 ]"\strokec4 ,\ \strokec5 "authentication"\strokec4 : \{\ \strokec5 "type"\strokec4 : \strokec6 "SystemAssignedIdentity"\strokec4 \ \}\ \}\ \},\ \strokec5 "scaleAndConcurrency"\strokec4 : \{\ \strokec5 "maximumInstanceCount"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'maximumInstanceCount'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "instanceMemoryMB"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'instanceMemoryMB'\strokec4 )\strokec7 ]"\strokec4 \ \},\ \strokec5 "runtime"\strokec4 : \{\ \strokec5 "name"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'functionAppRuntime'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "version"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'functionAppRuntimeVersion'\strokec4 )\strokec7 ]"\strokec4 \ \}\ \},\ \strokec5 "siteConfig"\strokec4 : \{\ \strokec5 "appSettings"\strokec4 : [\ \{\ \strokec5 "name"\strokec4 : \strokec6 "AzureWebJobsStorage__accountName"\strokec4 ,\ \strokec5 "value"\strokec4 : \strokec7 "[\strokec9 variables\strokec4 (\strokec9 'storageAccountName'\strokec4 )\strokec7 ]"\strokec4 \ \},\ \{\ \strokec5 "name"\strokec4 : \strokec6 "APPINSIGHTS_INSTRUMENTATIONKEY"\strokec4 ,\ \strokec5 "value"\strokec4 : \strokec7 "[reference\strokec4 (\strokec7 resourceId\strokec4 (\strokec6 'Microsoft.Insights/components'\strokec4 , \strokec10 parameters\strokec4 (\strokec10 'functionAppName'\strokec4 )), \strokec6 '2020-02-02'\strokec4 ).\strokec5 InstrumentationKey\strokec7 ]"\strokec4 \ \}\ ]\ \}\ \},\ \strokec5 "resources"\strokec4 : [\ \{\ \strokec5 "apiVersion"\strokec4 : \strokec6 "2023-12-01"\strokec4 ,\ \strokec5 "type"\strokec4 : \strokec6 "config"\strokec4 ,\ \strokec5 "name"\strokec4 : \strokec6 "appsettings"\strokec4 ,\ \strokec5 "dependsOn"\strokec4 : [\ \strokec7 "[resourceId\strokec4 (\strokec6 'Microsoft.Web/sites'\strokec4 , \strokec10 parameters\strokec4 (\strokec10 'functionAppName'\strokec4 ))\strokec7 ]"\strokec4 \ ],\ \strokec5 "properties"\strokec4 : \{\ \strokec5 "FUNCTIONS_EXTENSION_VERSION"\strokec4 : \strokec6 "~4"\strokec4 ,\ \strokec5 "APPINSIGHTS_INSTRUMENTATIONKEY"\strokec4 : \strokec7 "[reference\strokec4 (\strokec7 resourceId\strokec4 (\strokec6 'Microsoft.insights/components'\strokec4 , \strokec9 variables\strokec4 (\strokec9 'applicationInsightsName'\strokec4 )), \strokec6 '2020-02-02'\strokec4 ).\strokec5 InstrumentationKey\strokec7 ]"\strokec4 ,\ \strokec5 "APPLICATIONINSIGHTS_CONNECTION_STRING"\strokec4 : \strokec7 "[reference\strokec4 (\strokec7 resourceId\strokec4 (\strokec6 'microsoft.insights/components'\strokec4 , \strokec9 variables\strokec4 (\strokec9 'applicationInsightsName'\strokec4 )), \strokec6 '2020-02-02'\strokec4 ).\strokec5 ConnectionString\strokec7 ]"\strokec4 ,\ \strokec5 "WorkspaceId"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'WorkspaceID'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "WorkspaceKey"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'WorkspaceKey'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "AwsAccessKeyId"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'AwsAccessKeyId'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "AwsSecretAccessKey"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'AwsSecretAccessKey'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "FncAccountCode"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'FncAccountCode'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "FncEvents"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'FncEvents'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "FncTerminateApp"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'FncTerminateApp'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "FncDaysToCollectEvents"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'FncDaysToCollectEvents'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "FncIntervalMinutes"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'FncIntervalMinutes'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "FncBucketName"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'FncBucketName'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "FncApiToken"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'FncApiToken'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "FncAccountUuid"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'FncAccountUuid'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "FncApiDomain"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'FncApiDomain'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "IncludeEvents"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'IncludeEvents'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "IncludeDescription"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'IncludeDescription'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "IncludeSignature"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'IncludeSignature'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "PullMuted"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'PullMuted'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "DetectionStatus"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'DetectionStatus'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "FncDaysToCollectDetections"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'FncDaysToCollectDetections'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "PollingDelay"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'PollingDelay'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "LogLevel"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'LogLevel'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "PostingLimit"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'PostingLimit'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "logAnalyticsUri"\strokec4 : \strokec7 "[\strokec9 variables\strokec4 (\strokec9 'LogAnalyticsUri'\strokec4 )\strokec7 ]"\strokec4 \ \}\ \}\ ]\ \},\ \{ \strokec11 //Gives the function app access to the storage account using system assigned managed identity\strokec4 \ \strokec5 "type"\strokec4 : \strokec6 "Microsoft.Authorization/roleAssignments"\strokec4 ,\ \strokec5 "apiVersion"\strokec4 : \strokec6 "2022-04-01"\strokec4 ,\ \strokec5 "name"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'roleNameGuid'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "dependsOn"\strokec4 : [\ \strokec7 "[resourceId\strokec4 (\strokec6 'Microsoft.Storage/storageAccounts'\strokec4 , \strokec9 variables\strokec4 (\strokec9 'storageAccountName'\strokec4 ))\strokec7 ]"\strokec4 ,\ \strokec7 "[resourceId\strokec4 (\strokec6 'Microsoft.Web/sites'\strokec4 , \strokec10 parameters\strokec4 (\strokec10 'functionAppName'\strokec4 ))\strokec7 ]"\strokec4 \ ],\ \strokec5 "properties"\strokec4 : \{\ \strokec5 "principalId"\strokec4 : \strokec7 "[reference\strokec4 (\strokec7 resourceId\strokec4 (\strokec6 'Microsoft.Web/sites'\strokec4 , \strokec10 parameters\strokec4 (\strokec10 'functionAppName'\strokec4 )), \strokec6 '2016-08-01'\strokec4 , \strokec6 'Full'\strokec4 ).\strokec5 identity\strokec4 .\strokec5 principalId\strokec7 ]"\strokec4 ,\ \strokec5 "roleDefinitionId"\strokec4 : \strokec7 "[\strokec9 variables\strokec4 (\strokec9 'storageBlobContributorRoleId'\strokec4 )\strokec7 ]"\strokec4 \ \},\ \strokec5 "scope"\strokec4 : \strokec7 "[concat\strokec4 (\strokec6 'Microsoft.Storage/storageAccounts'\strokec4 , \strokec6 '/'\strokec4 , \strokec9 variables\strokec4 (\strokec9 'storageAccountName'\strokec4 ))\strokec7 ]"\strokec4 \ \},\ \{ \strokec11 //Wait for 30 seconds before starting OneDeploy to complete role assignment before deployment\strokec4 \ \strokec5 "type"\strokec4 : \strokec6 "Microsoft.Resources/deploymentScripts"\strokec4 ,\ \strokec5 "apiVersion"\strokec4 : \strokec6 "2020-10-01"\strokec4 ,\ \strokec5 "name"\strokec4 : \strokec6 "WaitSection"\strokec4 ,\ \strokec5 "location"\strokec4 : \strokec7 "[\strokec10 parameters\strokec4 (\strokec10 'location'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "dependsOn"\strokec4 : [\ \strokec7 "[resourceId\strokec4 (\strokec6 'Microsoft.Web/sites'\strokec4 , \strokec10 parameters\strokec4 (\strokec10 'functionAppName'\strokec4 ))\strokec7 ]"\strokec4 \ ],\ \strokec5 "kind"\strokec4 : \strokec6 "AzurePowerShell"\strokec4 ,\ \strokec5 "properties"\strokec4 : \{\ \strokec5 "azPowerShellVersion"\strokec4 : \strokec6 "7.0"\strokec4 ,\ \strokec5 "scriptContent"\strokec4 : \strokec6 "start-sleep -Seconds 30"\strokec4 ,\ \strokec5 "cleanupPreference"\strokec4 : \strokec6 "Always"\strokec4 ,\ \strokec5 "retentionInterval"\strokec4 : \strokec6 "PT1H"\strokec4 \ \}\ \},\ \{\ \strokec5 "type"\strokec4 : \strokec6 "Microsoft.Web/sites/extensions"\strokec4 ,\ \strokec5 "apiVersion"\strokec4 : \strokec6 "2022-09-01"\strokec4 ,\ \strokec5 "name"\strokec4 : \strokec7 "[format\strokec4 (\strokec6 '\{0\}/\{1\}'\strokec4 , \strokec10 parameters\strokec4 (\strokec10 'functionAppName'\strokec4 ), \strokec6 'onedeploy'\strokec4 )\strokec7 ]"\strokec4 ,\ \strokec5 "dependsOn"\strokec4 : [\ \strokec6 "WaitSection"\strokec4 \ ],\ \strokec5 "properties"\strokec4 : \{\ \strokec5 "packageUri"\strokec4 : \strokec6 "https://aka.ms/sentinel-FortinetFortiNDR-functionapp"\strokec4 ,\ \strokec5 "remoteBuild"\strokec4 : \strokec9 true\strokec4 \ \}\ \}\ ]\ \}\ \ }