diff --git a/application-workloads/darktrace/darktrace-vsensor-standalone/azuredeploy.json b/application-workloads/darktrace/darktrace-vsensor-standalone/azuredeploy.json deleted file mode 100644 index b5f810458f04..000000000000 --- a/application-workloads/darktrace/darktrace-vsensor-standalone/azuredeploy.json +++ /dev/null @@ -1,294 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.13.1.58284", - "templateHash": "6465596948281121102" - } - }, - "parameters": { - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Location for all resources. The default is the Resource Group location." - } - }, - "virtualNetworkResourceGroupName": { - "type": "string", - "metadata": { - "description": "Name of the Virtual Network Resource Group." - } - }, - "virtualNetworkName": { - "type": "string", - "metadata": { - "description": "Name of the Virtual Network, should be in the above Location." - } - }, - "subnet1Name": { - "type": "string", - "metadata": { - "description": "Name of the Subnet in the Virtual Network." - } - }, - "networkSecurityGroupName": { - "type": "string", - "metadata": { - "description": "Name for the Network Security Group that the template will create. Note that a pre-existing Network Security Group with the same name will be replaced." - } - }, - "MgmtSourceAddressOrRange": { - "type": "string", - "metadata": { - "description": "Provide an address range using CIDR notation (e.g. 10.1.0.0/24), or an IP address (e.g. 192.168.99.21) for Management access via ssh (port 22/TCP). You can also provide a comma-separated list of IP addresses and/or address ranges (a valid comma-separated list is 10.1.0.4,10.2.1.0/24). To allow access from any IP you can use 0.0.0.0/0." - } - }, - "vsensorName": { - "type": "string", - "metadata": { - "description": "The name of the vSensor." - } - }, - "numberOfVsensors": { - "type": "int", - "defaultValue": 1, - "maxValue": 4, - "minValue": 1, - "metadata": { - "description": "Number of vSensors to be deployed, max is 4." - } - }, - "diskSize": { - "type": "int", - "defaultValue": 30, - "maxValue": 1024, - "minValue": 30, - "metadata": { - "description": "The vSensor disk size in GB between 30 and 1024. Check the Darktrace customer portal for more information." - } - }, - "virtualMachineSize": { - "type": "string", - "defaultValue": "Standard_D2s_v3", - "metadata": { - "description": "The VM size. Check the Darktrace customer portal for more information about the vSensor Virtual Hardware requirements." - } - }, - "adminUsername": { - "type": "string", - "metadata": { - "description": "Username to be created when the vSensor is spun up. Note that password authentication over ssh for newly created VMs is disabled." - } - }, - "adminPublicKey": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Public key for the adminUsername user to ssh the vSensor." - } - }, - "applianceHostName": { - "type": "string", - "metadata": { - "description": "The FQDN or the IP of the Darktrace master instance (virtual/physical)." - } - }, - "appliancePort": { - "type": "int", - "defaultValue": 443, - "maxValue": 65535, - "minValue": 1, - "metadata": { - "description": "Darktrace master instance connection port." - } - }, - "updateKey": { - "type": "secureString", - "metadata": { - "description": "Darktrace Update Key needed to install the vSensor package. Contact your Darktrace representative for more information." - } - }, - "pushToken": { - "type": "secureString", - "metadata": { - "description": "The push token that vSensor will use to connect and register on the Darktrace master instance. Should be generated on the Darktrace master instance." - } - }, - "osSensorHMACToken": { - "type": "secureString", - "metadata": { - "description": "TThe osSensor HMAC Token." - } - } - }, - "variables": { - "nsgSourceAddressPrefix": "[split(variables('varMgmtSourceAddressOrRange'), ',')]", - "varMgmtSourceAddressOrRange": "[replace(parameters('MgmtSourceAddressOrRange'), ' ', '')]" - }, - "resources": [ - { - "type": "Microsoft.Network/networkSecurityGroups", - "apiVersion": "2022-05-01", - "name": "[parameters('networkSecurityGroupName')]", - "location": "[parameters('location')]", - "properties": { - "securityRules": [ - { - "name": "AllowMgmtInPorts22", - "properties": { - "description": "Allow Inbound traffic to TCP ports 22 from customer selected IPs/Ranges.", - "direction": "Inbound", - "priority": 1001, - "access": "Allow", - "protocol": "TCP", - "sourcePortRange": "*", - "destinationPortRanges": [ - "22" - ], - "sourceAddressPrefixes": "[variables('nsgSourceAddressPrefix')]", - "destinationAddressPrefix": "*" - } - }, - { - "name": "AllowVnetInPorts80_443", - "properties": { - "description": "Allow Inbound traffic to TCP ports 80 and 443 from all VMs in the Vnet.", - "direction": "Inbound", - "priority": 1011, - "access": "Allow", - "protocol": "TCP", - "sourcePortRange": "*", - "destinationPortRanges": [ - "80", - "443" - ], - "sourceAddressPrefix": "VirtualNetwork", - "destinationAddressPrefix": "VirtualNetwork" - } - }, - { - "name": "DenyAllIn", - "properties": { - "description": "Deny all Inbound traffic.", - "direction": "Inbound", - "priority": 1021, - "access": "Deny", - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "*", - "sourceAddressPrefix": "*", - "destinationAddressPrefix": "*" - } - } - ] - } - }, - { - "copy": { - "name": "nic", - "count": "[length(range(0, parameters('numberOfVsensors')))]" - }, - "type": "Microsoft.Network/networkInterfaces", - "apiVersion": "2022-05-01", - "name": "[format('{0}-{1}-nic', parameters('vsensorName'), add(range(0, parameters('numberOfVsensors'))[copyIndex()], 1))]", - "location": "[parameters('location')]", - "properties": { - "ipConfigurations": [ - { - "name": "ipconfig1", - "properties": { - "subnet": { - "id": "[resourceId(parameters('virtualNetworkResourceGroupName'), 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnet1Name'))]" - }, - "privateIPAllocationMethod": "Dynamic" - } - } - ], - "enableAcceleratedNetworking": true, - "networkSecurityGroup": { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName'))]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName'))]" - ] - }, - { - "copy": { - "name": "vm", - "count": "[length(range(0, parameters('numberOfVsensors')))]" - }, - "type": "Microsoft.Compute/virtualMachines", - "apiVersion": "2022-08-01", - "name": "[format('{0}-{1}', parameters('vsensorName'), add(range(0, parameters('numberOfVsensors'))[copyIndex()], 1))]", - "location": "[parameters('location')]", - "properties": { - "hardwareProfile": { - "vmSize": "[parameters('virtualMachineSize')]" - }, - "storageProfile": { - "osDisk": { - "createOption": "fromImage", - "diskSizeGB": "[parameters('diskSize')]", - "managedDisk": { - "storageAccountType": "StandardSSD_LRS" - }, - "deleteOption": "delete" - }, - "imageReference": { - "publisher": "canonical", - "offer": "0001-com-ubuntu-server-focal", - "sku": "20_04-lts-gen2", - "version": "latest" - } - }, - "networkProfile": { - "networkInterfaces": [ - { - "id": "[resourceId('Microsoft.Network/networkInterfaces', format('{0}-{1}-nic', parameters('vsensorName'), add(range(0, parameters('numberOfVsensors'))[range(0, parameters('numberOfVsensors'))[copyIndex()]], 1)))]", - "properties": { - "deleteOption": "delete" - } - } - ] - }, - "osProfile": { - "computerName": "[parameters('vsensorName')]", - "adminUsername": "[parameters('adminUsername')]", - "linuxConfiguration": { - "disablePasswordAuthentication": true, - "ssh": { - "publicKeys": [ - { - "path": "[format('/home/{0}/.ssh/authorized_keys', parameters('adminUsername'))]", - "keyData": "[parameters('adminPublicKey')]" - } - ] - }, - "patchSettings": { - "patchMode": "ImageDefault" - } - }, - "customData": "[base64(format('#!/bin/bash\nbash <(wget https://packages.darktrace.com/install -O -) --updateKey \"{0}\"\n sleep 5\n/usr/sbin/set_pushtoken.sh \"{1}\" {2}:{3}\nsleep 5\nset_ossensor_hmac.sh \"{4}\"', parameters('updateKey'), parameters('pushToken'), parameters('applianceHostName'), parameters('appliancePort'), parameters('osSensorHMACToken')))]" - }, - "diagnosticsProfile": { - "bootDiagnostics": { - "enabled": true - } - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/networkInterfaces', format('{0}-{1}-nic', parameters('vsensorName'), add(range(0, parameters('numberOfVsensors'))[range(0, parameters('numberOfVsensors'))[copyIndex()]], 1)))]" - ] - } - ], - "outputs": { - "allowedManagementIPsAndRanges": { - "type": "array", - "value": "[variables('nsgSourceAddressPrefix')]" - } - } -} \ No newline at end of file