Merge pull request #1 from SecureHats/feature/enable-workspacemanager

Base Modules

.devcontainer/devcontainer.json

@@ -12,7 +12,7 @@
       "nonFreePackages": "true"
     },
     "ghcr.io/natescherer/devcontainers-custom-features/powershell-resources:1": {
-      "resources": "powershell-yaml,Pester,PSScriptAnalyzer" //https://github.com/natescherer/devcontainers-custom-features/blob/main/src/powershell-resources/README.md
+      "resources": "powershell-yaml,Pester,PSScriptAnalyzer,AZ" //https://github.com/natescherer/devcontainers-custom-features/blob/main/src/powershell-resources/README.md
     }
   },
   "postStartCommand": "mkdir /root/.config/powershell && echo 'Import-Module -Name ./src/AzWorkspaceManager.psd1' > /root/.config/powershell/Microsoft.PowerShell_profile.ps1",
@@ -23,15 +23,18 @@
     "vscode": {
       // Set *default* container specific settings.json values on container create.
       "settings": {
-        "terminal.integrated.defaultProfile.linux": "pwsh"
+        "terminal.integrated.shell.linux": "/opt/microsoft/powershell/7/pwsh"
       },
 
       // Add the IDs of extensions you want installed when the container is created.
       "extensions": [
-        "ms-vscode.powershell",
-        "Gruntfuggly.todo-tree",
-        "TylerLeonhardt.vscode-inline-values-powershell"
-      ]
+		"ms-vscode.powershell",
+		"Gruntfuggly.todo-tree",
+		"TylerLeonhardt.vscode-inline-values-powershell",
+		"GitHub.copilot",
+		"DavidAnson.vscode-markdownlint",
+		"eamodio.gitlens"
+	]
     }
   }
 

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+    "todo-tree.tree.showBadges": true
+}

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2022 Visorian GmbH
+Copyright (c) 2022 Rogier Dijkman
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -3,8 +3,8 @@
 [![SecureHats](https://img.shields.io/badge/Open_Threat_Research-Community-brightgreen.svg)](https://twitter.com/dijkmanrogier)
 [![Maintenance](https://img.shields.io/maintenance/yes/2023.svg?style=flat-square)]()
 [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](http://makeapullrequest.com)</br>
-[![Good First Issues](https://img.shields.io/github/issues/securehats/toolbox/good%20first%20issue?color=important&label=good%20first%20issue&style=flat)](https://github.com/securehats/toolbox/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22)
-[![Needs Feedback](https://img.shields.io/github/issues/securehats/toolbox/needs%20feedback?color=blue&label=needs%20feedback%20&style=flat)](https://github.com/securehats/toolbox/issues?q=is%3Aopen+is%3Aissue+label%3A%22needs+feedback%22)
+[![Good First Issues](https://img.shields.io/github/issues/securehats/AzWorkspaceManager/good%20first%20issue?color=important&label=good%20first%20issue&style=flat)](https://github.com/securehats/AzWorkspaceManager/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22)
+[![Needs Feedback](https://img.shields.io/github/issues/securehats/AzWorkspaceManager/needs%20feedback?color=blue&label=needs%20feedback%20&style=flat)](https://github.com/securehats/AzWorkspaceManager/issues?q=is%3Aopen+is%3Aissue+label%3A%22needs+feedback%22)
 
 # Az Workspace Manager
 
@@ -25,6 +25,6 @@ inline `code-example`
 
 ## Not happy?
 
-If you encounter any issues, or hae suggestions for improvements, feel free to open an Issue
+If you encounter any issues, or have suggestions for improvements, feel free to open an Issue
 
 [Create Issue](../../issues/new/choose)

docs/en-US/Add-AzWorkspaceManagerAssignmentJobs.md

@@ -0,0 +1,117 @@
+---
+external help file: AzWorkspaceManager-help.xml
+Module Name: AzWorkspaceManager
+online version:
+schema: 2.0.0
+---
+
+# Add-AzWorkspaceManagerAssignmentJobs
+
+## SYNOPSIS
+Adds a Microsoft Sentinel Workspace Manager Assignment Job
+
+## SYNTAX
+
+```
+Add-AzWorkspaceManagerAssignmentJobs [-WorkspaceName] <String> [[-ResourceGroupName] <String>]
+ [[-Name] <String>] [[-ResourceId] <Array>] [<CommonParameters>]
+```
+
+## DESCRIPTION
+The Add-AzWorkspaceManagerAssignmentJobs command adds a Workspace Manager Assignment Job to the workspace.
+By default the name of the Workspace Manager Assignment is the same as the Workspace Manager Group.
+
+## EXAMPLES
+
+### EXAMPLE 1
+```
+Add-AzWorkspaceManagerAssignmentJobs -WorkspaceName 'MyWorkspace' -Name 'MyWorkspaceManagerAssignment'
+```
+
+This example adds a Workspace Manager Assignment Job to the workspace 'MyWorkspace' with the name 'MyWorkspaceManagerAssignment'
+
+### EXAMPLE 2
+```
+Add-AzWorkspaceManagerAssignmentJobs -WorkspaceName 'MyWorkspace' -ResourceGroupName 'MyResourceGroup'
+```
+
+This example adds a Workspace Manager Assignment Job to the workspace 'MyWorkspace' in the resourcegroup 'MyResourceGroup' with the name 'MyWorkspaceManagerAssignment'
+
+### EXAMPLE 3
+```
+Get-AzWorkspaceManagerAssignments -WorkspaceName 'MyWorkspace' | Add-AzWorkspaceManagerAssignmentJobs
+```
+
+This example adds a Workspace Manager Assignment Job to the workspace 'MyWorkspace' for each Workspace Manager Assignment found
+
+## PARAMETERS
+
+### -WorkspaceName
+The name of the log analytics workspace
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+
+Required: True
+Position: 1
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -ResourceGroupName
+The name of the ResouceGroup where the log analytics workspace is located
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: 2
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -Name
+The name of the workspace manager assignment.
+This is the same as the Workspace Manager GroupName unless specified otherwise
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: 3
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ResourceId
+{{ Fill ResourceId Description }}
+
+```yaml
+Type: Array
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: 4
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+## OUTPUTS
+
+## NOTES

docs/en-US/Add-AzWorkspaceManagerAssignments.md

@@ -0,0 +1,137 @@
+---
+external help file: AzWorkspaceManager-help.xml
+Module Name: AzWorkspaceManager
+online version:
+schema: 2.0.0
+---
+
+# Add-AzWorkspaceManagerAssignments
+
+## SYNOPSIS
+Adds a Microsoft Sentinel Workspace Manager Assignment
+
+## SYNTAX
+
+```
+Add-AzWorkspaceManagerAssignments [-WorkspaceName] <String> [[-ResourceGroupName] <String>]
+ [-GroupName] <String> [[-Name] <Array>] [[-ResourceId] <Array>] [<CommonParameters>]
+```
+
+## DESCRIPTION
+The Add-AzWorkspaceManagerAssignments command adds a Workspace Manager Assignment to a Workspace Manager Group.
+These assignments are used to provision Microsoft Sentinel workspaces.
+The Workspace Manager Assignment name is constructed by the GroupName.
+The resource id's of the items that are added to the assignment are stored in the properties of the assignment.
+These resources need to be in the same instance as the workspace manager configuration.
+If the resource id's are not in the same instance as the workspace manager configuration, the assignment will not be created and an error will be thrown.
+
+## EXAMPLES
+
+### EXAMPLE 1
+```
+Add-AzWorkspaceManagerAssignments -WorkspaceName "myWorkspace" -Name "AlertRules" -GroupName 'myGroup'
+```
+
+This example adds a Workspace Manager Assignment to the workspace with the name 'AlertRules' and assigns this to the group 'myGroup'.
+
+### EXAMPLE 2
+```
+Add-AzWorkspaceManagerAssignments -WorkspaceName "myWorkspace" -Name "AlertRules" -GroupName 'myGroup' -ResourceId "/subscriptions/***/resourceGroups/dev-sentinel/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/95204744-39a6-4510-8505-ef13549bc0da"
+```
+
+This example adds a Workspace Manager Assignment to the workspace with the name 'AlertRules' and assigns this to the group 'myGroup' and adds the alert rule to the assignment.
+
+### EXAMPLE 3
+```
+Get-AzWorkspaceManagerItems -WorkspaceName "myWorkspace" -Type "AlertRules" | Add-AzWorkspaceManagerAssignments -GroupName 'myGroup'
+```
+
+This example gets all the alert rules from the workspace with the name 'myWorkspace' and adds these to the Workspace Manager Assignment with the name 'AlertRules'.
+
+## PARAMETERS
+
+### -WorkspaceName
+The name of the log analytics workspace
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+
+Required: True
+Position: 1
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -ResourceGroupName
+The name of the ResouceGroup where the log analytics workspace is located
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: 2
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -GroupName
+The name of the workspace manager group
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+
+Required: True
+Position: 3
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Name
+The name of the workspace manager assignment
+
+```yaml
+Type: Array
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: 4
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ResourceId
+The ResourceId's of the items that to be added to the Workspace Manager Assignment.
+This can be a single value or an array of values.
+
+```yaml
+Type: Array
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: 5
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+## OUTPUTS
+
+## NOTES
+