Deploy Sentinel

# Define providers for this terraform project 
terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "=3.0.0"
    }
  }
}

# Configure the Microsoft Azure Provider
# Required to even work, but not neccesary to configure anything more than this
provider "azurerm" {
  features {}
}

# Create a resource group
# Terraform location mapping list: https://github.com/claranet/terraform-azurerm-regions/blob/master/REGIONS.md
resource "azurerm_resource_group" "resourceGroup" {
  name     = "rg-sentinel-dev-westeurope-01"
  location = "West Europe"
}

# Create a log analytics workspace

resource "azurerm_log_analytics_workspace" "logAnalyticsWorkspace" {
  name                = "log-sentinel-dev-westeurope-01"
  location            = azurerm_resource_group.resourceGroup.location
 resource_group_name = azurerm_resource_group.resourceGroup.name
  sku                 = "PerGB2018"
  retention_in_days   = 90
}

# Add the solution SecurityInsights to the log analytics workspace, which makes it Sentinel
resource "azurerm_log_analytics_solution" "la-SecurityInsights" {
  solution_name         = "SecurityInsights"
  location              = azurerm_resource_group.resourceGroup.location
  resource_group_name   = azurerm_resource_group.resourceGroup.name
  workspace_resource_id = azurerm_log_analytics_workspace.logAnalyticsWorkspace.id
  workspace_name        = azurerm_log_analytics_workspace.logAnalyticsWorkspace.name
  plan {
    publisher = "Microsoft"
    product   = "OMSGallery/SecurityInsights"
  }
}