Merge pull request #13604 from Data443/feature/tacitred-defender-v3.0.1

Solution: TacitRed Defender Threat Intelligence v3.0.1 - Fix Content Hub Deployment

Author: v-atulyadav

Solutions/TacitRed-Defender-ThreatIntelligence/Data/Solution_TacitRedDefenderThreatIntelligence.json

@@ -9,7 +9,7 @@
     ],
     "Metadata": "SolutionMetadata.json",
     "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\TacitRed-Defender-ThreatIntelligence",
-    "Version": "3.0.0",
+    "Version": "3.0.1",
     "TemplateSpec": true,
     "Is1Pconnector": false
 }

Solutions/TacitRed-Defender-ThreatIntelligence/Package/3.0.1.zip

@@ -33,7 +33,7 @@
     "email": "support@data443.com",
     "_email": "[variables('email')]",
     "_solutionName": "TacitRed-Defender-ThreatIntelligence",
-    "_solutionVersion": "3.0.0",
+    "_solutionVersion": "3.0.1",
     "solutionId": "data443riskmitigationinc1761580347231.azure-sentinel-solution-tacitred-defender-ti",
     "_solutionId": "[variables('solutionId')]",
     "TacitRedDefenderTI_FunctionApp": "TacitRedDefenderTI_FunctionApp",
@@ -65,7 +65,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TacitRedDefenderTI_FunctionApp Playbook with template version 3.0.0",
+        "description": "TacitRedDefenderTI_FunctionApp Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('playbookVersion1')]",
@@ -82,7 +82,7 @@
               "metadata": {
                 "description": "URL to the Function App code zip file"
               },
-              "defaultValue": "https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/TacitRed-Defender-ThreatIntelligence/Package/functionCode.zip"
+              "defaultValue": "https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/TacitRed-Defender-ThreatIntelligence/Playbooks/TacitRedDefenderTI_FunctionApp/functionCode.zip"
             },
             "workspace": {
               "type": "string",
@@ -205,34 +205,6 @@
                 }
               }
             },
-            {
-              "type": "Microsoft.Authorization/roleAssignments",
-              "apiVersion": "2022-04-01",
-              "name": "[[guid(resourceGroup().id, variables('functionAppName'), 'Reader')]",
-              "scope": "[[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
-              "properties": {
-                "roleDefinitionId": "[[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
-                "principalId": "[[reference(resourceId('Microsoft.Web/sites', variables('functionAppName')), '2024-04-01', 'Full').identity.principalId]",
-                "principalType": "ServicePrincipal"
-              },
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/sites', variables('functionAppName'))]"
-              ]
-            },
-            {
-              "type": "Microsoft.Authorization/roleAssignments",
-              "apiVersion": "2022-04-01",
-              "name": "[[guid(resourceGroup().id, variables('functionAppName'), 'SentinelContributor')]",
-              "scope": "[[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
-              "properties": {
-                "roleDefinitionId": "[[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ab8e14d6-4a74-4a29-9ba8-549422addade')]",
-                "principalId": "[[reference(resourceId('Microsoft.Web/sites', variables('functionAppName')), '2024-04-01', 'Full').identity.principalId]",
-                "principalType": "ServicePrincipal"
-              },
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/sites', variables('functionAppName'))]"
-              ]
-            },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
@@ -274,7 +246,9 @@
               "Azure Function"
             ],
             "postDeployment": [
-              "Deploy the TacitRedToDefenderTI playbook and provide the Function App URL"
+              "1. Assign 'Reader' role to the Function App's managed identity on your Log Analytics workspace",
+              "2. Assign 'Microsoft Sentinel Contributor' role to the Function App's managed identity on your Log Analytics workspace",
+              "3. Deploy the TacitRedToDefenderTI playbook and provide the Function App URL"
             ],
             "releaseNotes": [
               {
@@ -309,7 +283,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TacitRedToDefenderTI Playbook with template version 3.0.0",
+        "description": "TacitRedToDefenderTI Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('playbookVersion2')]",
@@ -518,7 +492,7 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.0",
+        "version": "3.0.1",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "TacitRed-Defender-ThreatIntelligence",

Solutions/TacitRed-Defender-ThreatIntelligence/Package/mainTemplate.json

@@ -12,7 +12,9 @@
     "entities": [],
     "tags": ["TacitRed", "Threat Intelligence", "Azure Function"],
     "postDeployment": [
-      "Deploy the TacitRedToDefenderTI playbook and provide the Function App URL"
+      "1. Assign 'Reader' role to the Function App's managed identity on your Log Analytics workspace",
+      "2. Assign 'Microsoft Sentinel Contributor' role to the Function App's managed identity on your Log Analytics workspace",
+      "3. Deploy the TacitRedToDefenderTI playbook and provide the Function App URL"
     ],
     "support": {
       "tier": "Partner"
@@ -41,7 +43,7 @@
       "metadata": {
         "description": "URL to the Function App code zip file"
       },
-      "defaultValue": "https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/TacitRed-Defender-ThreatIntelligence/Package/functionCode.zip"
+      "defaultValue": "https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/TacitRed-Defender-ThreatIntelligence/Playbooks/TacitRedDefenderTI_FunctionApp/functionCode.zip"
     },
     "workspace": {
       "type": "string",
@@ -158,34 +160,6 @@
           ]
         }
       }
-    },
-    {
-      "type": "Microsoft.Authorization/roleAssignments",
-      "apiVersion": "2022-04-01",
-      "name": "[guid(resourceGroup().id, variables('functionAppName'), 'Reader')]",
-      "scope": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
-      "properties": {
-        "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
-        "principalId": "[reference(resourceId('Microsoft.Web/sites', variables('functionAppName')), '2024-04-01', 'Full').identity.principalId]",
-        "principalType": "ServicePrincipal"
-      },
-      "dependsOn": [
-        "[resourceId('Microsoft.Web/sites', variables('functionAppName'))]"
-      ]
-    },
-    {
-      "type": "Microsoft.Authorization/roleAssignments",
-      "apiVersion": "2022-04-01",
-      "name": "[guid(resourceGroup().id, variables('functionAppName'), 'SentinelContributor')]",
-      "scope": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
-      "properties": {
-        "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ab8e14d6-4a74-4a29-9ba8-549422addade')]",
-        "principalId": "[reference(resourceId('Microsoft.Web/sites', variables('functionAppName')), '2024-04-01', 'Full').identity.principalId]",
-        "principalType": "ServicePrincipal"
-      },
-      "dependsOn": [
-        "[resourceId('Microsoft.Web/sites', variables('functionAppName'))]"
-      ]
     }
   ]
 }

Solutions/TacitRed-Defender-ThreatIntelligence/Playbooks/TacitRedDefenderTI_FunctionApp/azuredeploy.json

@@ -2,4 +2,5 @@
 
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
 |-------------|--------------------------------|--------------------|
+| 3.0.1       | 11-02-2026                     | Fixed deployment failure: Restored functionCode.zip package removed in prior commit. Removed workspace-scoped roleAssignments from Function App template to resolve InvalidTemplate error during Content Hub deployment. |
 | 3.0.0       | 09-12-2025                     | Initial release of TacitRed Defender Threat Intelligence solution with Azure Function and Logic App playbook for syncing TacitRed compromised credentials to Microsoft Defender Threat Intelligence. |