Skip to content

Add Sentinel Solution deployment package (mainTemplate + createUiDefinition)#79

Merged
TFT444 merged 3 commits into
devfrom
feature/sentinel-solution-package
Jun 6, 2026
Merged

Add Sentinel Solution deployment package (mainTemplate + createUiDefinition)#79
TFT444 merged 3 commits into
devfrom
feature/sentinel-solution-package

Conversation

@TFT444
Copy link
Copy Markdown
Owner

@TFT444 TFT444 commented Jun 4, 2026

Summary

Closes #71

Adds the solution/ directory with the top-level ARM deployment orchestration for RetailShield as a Microsoft Sentinel Solution. This ties together all other RetailShield components (analytics rules, playbooks, data connector) into a single deployable package with an optional Azure portal wizard.

Files added

solution/
├── mainTemplate.json        ARM orchestration template (all components)
├── createUiDefinition.json  Azure portal wizard UI definition
└── README.md                Deployment guide and architecture overview

mainTemplate.json

  • Linked deployment resources for all 5 playbooks, 13 analytics rules, and the data connector ARM template
  • Three conditional flags: deployAnalyticsRules, deployPlaybooks, deployDataConnector — each can be set to false to skip that component group
  • Analytics rules depend on the data connector deployment (ensuring tables exist first)
  • Parameters: workspaceName, location, complianceContactEmail, organisationName

createUiDefinition.json

  • Guided Azure portal wizard with three steps: Playbooks, Detection Rules, Pre-deployment Checklist
  • Compliance contact email and organisation name fields with validation
  • InfoBox warning that the incident-reporting playbook never auto-submits to regulators
  • Pre-deployment checklist InfoBox listing watchlist and data connector prerequisites

How to test

  1. JSON validation:

    python -m json.tool solution/mainTemplate.json
python -m json.tool solution/createUiDefinition.json

  2. CLI deployment (dry-run / what-if):

    az deployment group what-if \
  --resource-group <rg> \
  --template-file solution/mainTemplate.json \
  --parameters workspaceName=<workspace> complianceContactEmail=test@example.com

    Confirm the what-if output lists linked deployments for all components without errors.

  3. Portal UI test: Navigate to Deploy a custom template in the Azure portal, load both mainTemplate.json and createUiDefinition.json via the Create UI definition preview tool at https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/SandboxBlade. Verify all three wizard steps render correctly with the correct labels, validations, and InfoBox warnings.

  4. Selective deployment: Re-run the CLI with deployPlaybooks=false and confirm the what-if output excludes Logic App deployments.

Generated by Claude Code

@TFT444
Add Sentinel Solution deployment package (mainTemplate, UI definition…
7b7a49b 
…, README)

Adds solution/ with a top-level mainTemplate.json that orchestrates deployment
of all RetailShield components (custom tables, 13 analytics rules, 5 playbooks)
via linked ARM template deployments with conditional flags per component type.
createUiDefinition.json provides a guided Azure portal wizard experience with
pre-deployment checklist and compliance contact configuration.

Closes #71
@vercel
Copy link
Copy Markdown

vercel Bot commented Jun 4, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
retail-shield Ready Ready Preview, Comment Jun 6, 2026 10:52am

@TFT444
Fix corrupted test file: restore proper newlines in test_kql_rules.py
51f3aff 
The file was stored with literal \n sequences instead of real newlines
(MCP push_files encoding bug from previous session), causing syntax
errors in pytest and flake8 on every branch forked from dev.
@TFT444 TFT444 merged commit 5339a2c into dev Jun 6, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@TFT444