Added PMM and calendar scripts

PMM/Set-PMMRules.ps1

@@ -0,0 +1,230 @@
+function Write-Title {
+    [CmdletBinding()]
+    param (
+        [Parameter(Mandatory=$true)]
+        [string]$Title
+    )
+
+    Write-Host $Title
+    for ($i = $Title.Length -1; $i -ge 0 ; $i--) {
+        Write-Host "-" -NoNewline
+    }
+    Write-Host
+}
+
+function Set-AzureSubscriptionVariable {
+    Write-Title -Title "Azure Subscriptions"
+    $subscriptions = Get-AzSubscription
+
+    $index = 1
+    $subscriptionTable = @{}
+    foreach ($subscription in $subscriptions) {
+        Write-Host "$index. $($subscription.Name)"
+        $subscriptionTable["$index"] = $subscription.Id
+        $index++
+    }
+
+    Write-Host
+    $selectedValue = Read-Host -Prompt "Select Azure Subscription"
+    return $subscriptionTable[$selectedValue]
+}
+
+function New-ResourceGroup {
+    $resourceGroupName = Read-Host -Prompt "Enter the name of the resource group"
+    $resource = New-AzResourceGroup -Name $resourceGroupName -Location "uksouth"
+    return $resource.ResourceId
+}
+
+function Set-ResourceGroupVariable {
+    Write-Title -Title "Azure Resource Groups"
+    $resourceGroups = Get-AzResourceGroup
+
+    $index = 1
+    $resourceGroupTable = @{}
+    foreach ($resourceGroup in $resourceGroups) {
+        Write-Host "$index. $($resourceGroup.ResourceGroupName)"
+        $resourceGroupTable["$index"] = $resourceGroup.ResourceGroupName
+        $index++
+    }
+
+    Write-Host
+    $selectedValue = Read-Host -Prompt "Select Resource Group (or 0 to create a new one)"
+
+    if ($selectedValue -eq "0") {
+        return New-ResourceGroup
+    } else {
+        return $resourceGroupTable[$selectedValue]
+    }
+}
+
+function New-ActionGroup {
+    [CmdletBinding()]
+    param (
+        [Parameter(Mandatory=$true)]
+        [string]$ResourceGroupName
+    )
+
+    $actionGroupName = Read-Host -Prompt "Enter the name of the action group"
+    $location = "global"
+
+    $emailReceiverParams = @{
+        Name = "PMM-EmailAlerts-Dev" 
+        EmailAddress = "40db3afb.DOHERTYASSOCIATES.onmicrosoft.com@emea.teams.ms" 
+        UseCommonAlertSchema = $false
+    }
+    $emailReceiver = New-AzActionGroupEmailReceiverObject @emailReceiverParams
+    
+    $webhookReceiverParams = @{
+        Name = "LogAlertsV2" 
+        ServiceUri =  "https://7037684a-c132-4a29-ae42-556d05fae681.webhook.uks.azure-automation.net/webhooks?token=Rx%2fqYg642juKtsrhebjWV%2fOt3NlfFG5tXFVkByTejFA%3d" 
+        UseCommonAlertSchema =  $true 
+        UseAadAuth =  $false
+    }
+    $webhookReceiver = New-AzActionGroupWebhookReceiverObject @webhookReceiverParams
+
+    $actionGroupParams = @{
+        ResourceGroupName = $ResourceGroupName
+        Name = $actionGroupName
+        Location = $location
+        ShortName = $actionGroupName
+        EmailReceiver = $emailReceiver
+        WebhookReceiver = $webhookReceiver
+        Enabled = $true
+    }
+    $resource = New-AzActionGroup @actionGroupParams
+    return $resource.Id
+}
+
+function Set-ActionGroupVariable {
+    [CmdletBinding()]
+    param (
+        [Parameter(Mandatory=$true)]
+        [string]$ResourceGroupName
+    )
+
+    Write-Title -Title "Azure Action Groups"
+    $actionGroups = Get-AzActionGroup
+
+    $index = 1
+    $actionGroupTable = @{}
+    foreach ($actionGroup in $actionGroups) {
+        Write-Host "$index. $($actionGroup.Name)"
+        $actionGroupTable["$index"] = $actionGroup.Id
+        $index++
+    }
+
+    Write-Host
+    $selectedValue = Read-Host -Prompt "Select Action Group (or 0 to create a new one)"
+
+    if ($selectedValue -eq "0") {
+        return New-ActionGroup -ResourceGroupName $ResourceGroupName
+    } else {
+        return $actionGroupTable[$selectedValue]
+    }
+}
+
+function Set-LogAnalyticsWorkspaceVariable {
+    Write-Title -Title "Azure Log Analytics Workspaces"
+    $logAnalyticsWorkspaces = Get-AzOperationalInsightsWorkspace
+
+    $index = 1
+    $lawTable = @{}
+    foreach ($logAnalyticsWorkspace in $logAnalyticsWorkspaces) {
+        Write-Host "$index. $($logAnalyticsWorkspace.Name)"
+        $lawTable["$index"] = $logAnalyticsWorkspace.ResourceId
+        $index++
+    }
+
+    Write-Host
+    $selectedValue = Read-Host -Prompt "Select Log Analytics Workspace"
+
+    return $lawTable[$selectedValue]
+}
+
+function Set-DetectionRules {
+    [Parameter(Mandatory=$true)]
+    [string]$ResourceGroupName,
+    [Parameter(Mandatory=$true)]
+    [string]$ActionGroupId,
+    [Parameter(Mandatory=$true)]
+    [string]$LogAnalyticsWorkspaceId
+
+    $rules = Get-ChildItem "Alert Detection Rules"
+
+
+    foreach ($rule in $rules) {
+        $query = Get-Content -Path $rule.FullName -Raw
+        $fileNameWithoutExtension = $rule.Name -replace "\.[^.]+$", ""
+
+        Write-Host "Processing $fileNameWithoutExtension..." -NoNewline
+
+        $detectionRuleParams = @{
+            Query = $query
+            Name = $fileNameWithoutExtension
+            ResourceGroupName = $resourceGroup 
+            ActionGroupId = $actionGroup 
+            LogAnalyticsWorkspaceId = $logAnalyticsWorkspace
+        }
+
+        Set-DetectionRule @detectionRuleParams
+        Write-Host "Done"
+    }
+
+}
+
+function Set-DetectionRule {
+    [CmdletBinding()]
+    param (
+        [Parameter(Mandatory=$true)]
+        [string]$Query,
+        [Parameter(Mandatory=$true)]
+        [string]$Name,
+        [Parameter(Mandatory=$true)]
+        [string]$ResourceGroupName,
+        [Parameter(Mandatory=$true)]
+        [string]$ActionGroupId,
+        [Parameter(Mandatory=$true)]
+        [string]$LogAnalyticsWorkspaceId
+    )
+
+    $dimension = New-AzScheduledQueryRuleDimensionObject -Name AADTenantId -Operator Include -Value *
+    $condition=New-AzScheduledQueryRuleConditionObject -Dimension $dimension -Query $Query -TimeAggregation "Count" -Operator "GreaterThan" -Threshold "0"
+
+    $timespan = New-TimeSpan -Minutes 15
+    $location = "uksouth"
+    $severity = 3
+
+    $ruleParams = @{
+        DisplayName = $Name
+        Name = $Name
+        EvaluationFrequency = $timespan
+        Location = $location
+        WindowSize = $timespan
+        ResourceGroupName = $ResourceGroupName
+        TargetResource = $LogAnalyticsWorkspaceId
+        Severity = $severity
+        ActionGroup = $ActionGroupId
+        CriterionAllOf = $condition
+        Scope = $LogAnalyticsWorkspaceId
+    }
+    $resource = New-AzScheduledQueryRule @ruleParams
+}
+
+# Set-DetectionRules
+
+$azureSubscription = Set-AzureSubscriptionVariable
+Set-AzContext -Subscription $azureSubscription
+
+Write-Host
+
+$resourceGroup = Set-ResourceGroupVariable
+
+Write-Host
+
+$actionGroup = Set-ActionGroupVariable -ResourceGroupName $resourceGroup
+
+Write-Host
+
+$logAnalyticsWorkspace = Set-LogAnalyticsWorkspaceVariable
+
+Set-DetectionRules -ResourceGroupName $resourceGroup -ActionGroupId $actionGroup -LogAnalyticsWorkspaceId $logAnalyticsWorkspace