{
  "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
  "handler": "Microsoft.Azure.CreateUIDef",
  "version": "0.1.2-preview",
  "parameters": {
    "config": {
      "isWizard": false,
      "basics": {
        "description": "test",
        "subscription": {
          "resourceProviders": [
            "Microsoft.OperationsManagement/solutions",
            "Microsoft.OperationalInsights/workspaces/providers/alertRules",
            "Microsoft.Insights/workbooks",
            "Microsoft.Logic/workflows"
          ]
        },
        "location": {
          "metadata": {
            "hidden": "Hiding location, we get it from the log analytics workspace"
          },
          "visible": false
        },
        "resourceGroup": {
          "allowExisting": true
        }
      }
    },
    "basics": [
      {
        "name": "getLAWorkspace",
        "type": "Microsoft.Solutions.ArmApiControl",
        "toolTip": "This filters by workspaces that exist in the Resource Group selected",
        "condition": "[greater(length(resourceGroup().name),0)]",
        "request": {
          "method": "GET",
          "path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]"
        }
      },
      {
        "name": "workspace",
        "type": "Microsoft.Common.DropDown",
        "label": "Workspace",
        "placeholder": "Select a workspace",
        "toolTip": "This dropdown will list only workspace that exists in the Resource Group selected",
        "constraints": {
          "allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]",
          "required": true
        },
        "visible": true
      },
	  {
        "name": "getDCR",
        "type": "Microsoft.Solutions.ArmApiControl",
        "toolTip": "This filters by Data Collection Rule IDs that exist in the Resource Group selected",
        "condition": "[greater(length(resourceGroup().name),0)]",
        "request": {
          "method": "GET",
          "path": "[concat(subscription().id,'/providers/Microsoft.Insights/dataCollectionRules?api-version=2023-03-11')]"           		  
        }
	  },
      {
        "name": "immutable DCR",
        "type": "Microsoft.Common.DropDown",
        "label": "DCR",
        "placeholder": "Select a DCR",
        "toolTip": "This dropdown will list the immutable Data Collection Rule IDs that exists in the Resource Group selected",
        "constraints": {
          "allowedValues": "[map(filter(basics('getDCR').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]",
          "required": true
        },
        "visible": true
      }
    ],
    "steps": [
      {
        "name": "dataconnectors",
        "label": "Data Connectors",
        "bladeTitle": "Data Connectors",
        "elements": [
          {
            "name": "dataconnectors1-text",
            "type": "Microsoft.Common.TextBlock",
            "options": {
              "text": "Test"
            }
          },
          {
            "name": "dataconnectors-link2",
            "type": "Microsoft.Common.TextBlock",
            "options": {
              "link": {
                "label": "Learn more about connecting data sources",
                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
              }
            }
          }
        ]
      },
      {
        "name": "analytics",
        "label": "Analytics",
        "subLabel": {
          "preValidation": "Configure the analytics",
          "postValidation": "Done"
        },
        "bladeTitle": "Analytics",
        "elements": [
          {
            "name": "analytics-text",
            "type": "Microsoft.Common.TextBlock",
            "options": {
              "text": "This solution installs the following analytic rule templates. After installing the solution, create and enable analytic rules in Manage solution view."
            }
          },
          {
            "name": "analytics-link",
            "type": "Microsoft.Common.TextBlock",
            "options": {
              "link": {
                "label": "Learn more",
                "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-detect-threats-custom?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef"
              }
            }
          },
          {
            "name": "analytic1",
            "type": "Microsoft.Common.Section",
            "label": "SSG_Security_Incidents",
            "elements": [
              {
                "name": "analytic1-text",
                "type": "Microsoft.Common.TextBlock",
                "options": {
                  "text": "The security analytic rule is designed to scrutinize network activity involving private IP addresses within an organization's internal network. By filtering log entries to include only those where either the source or the destination IP is private, the rule focuses on internal communications that could indicate unauthorized access, internal threats, or other security anomalies."
                }
              }
            ]
          }
        ]
      }
    ],
    "outputs": {
      "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
      "location": "[location()]",
      "workspace": "[basics('workspace')]"
    }
  }
}