This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.
The purpose of this article is to show how you can automate the process of deploying the resources to setup log reporting to the CISA TALON, which is part of the TIC 3.0 Compliance requirements. There are many published resources on TIC 3.0 Compliance, which will be listed below, but this particular article will be focused on automating the deployment of the resources needed to setup the required log reporting to the CISA TALON.
Working level knowledge of Azure Event Hub, Entra, and Azure automated deployments.
This solution utilizes Azure PowerShell, Azure CLI, and Azure Bicep to deploy the required resources to setup the log reporting to the CISA TALON. The code described is published on GitHub HERE.
Here is a list of the actions taken by the code as described:
- Setup Deployment Environment (PowerShell, Bicep, CLI, etc)
- Logging of Activities/Errors
- Validate Resource Group
- Validate/Create Entra Service Principal
- Validate/Upload Certificate to Entra Service Principal
- Execute Bicep Deployment
- Validate/Create Azure Event Hub
- Validate/Create Azure Event Hub Namespace
- Create Required RBAC Role Assignment
Executing the Code
Note: Powershell modules Az.Accounts & Az.Resources, Az CLI, and Bicep must be installed with current version prior to executing the script. The script assumes all files are stored in the same directory.
You will need to launch the PowerShell script ".ps1" to execute the build. The PowerShell script will do some validation, some creation, and then it will call the Bicep template to complete the build. When launching the PowerShell script, be sure to read the help section at the top of the script or by using the "Get-Help TIC3-Talon-Build-Launcher.ps1" command. When launching the PowerShell script, you must set your appropriate values in the "Param" section of the PowerShell script OR specify them as command-line arguments. As documented in the PowerShell help in the script, the input parameters are as follows:
An example of a command-line launch of the script would be:
Once the code execution is complete, you should validate the build by reviewing the output log from the script and by checking your Azure resources to see if they are present as expected.
Note: This code was created based on instructions to configure log reporting for TIC 3.0 compliance. If there are any changes to this process, they may not be reflected in this code as this code was created based on a specific version of the configuration.
Special Thanks to @Laura Hutchcroft for the assist.