Fixing template variables

mmolenda · mmolenda · commit 54911a9d2a1d · 2025-12-10T17:45:41.000+01:00
diff --git a/Solutions/Intel471/Playbooks/Intel471-ImportMalwareIntelligenceToSentinel/azuredeploy.json b/Solutions/Intel471/Playbooks/Intel471-ImportMalwareIntelligenceToSentinel/azuredeploy.json
@@ -86,19 +86,8 @@
     "variables": {
         "MicrosoftSentinelConnectionName": "[concat('sentinel-', parameters('PlaybookName'))]",
         "AzureBlobConnectionName": "[concat('azureblob-', parameters('PlaybookName'))]",
-        "StorageAccountName": "[parameters('StorageAccountName')]",
-        "StorageAccountContainerName": "[parameters('StorageAccountContainerName')]",
         "AzureKeyVaultName": "[parameters('KeyVaultName')]",
-        "AzureKeyVaultConnectionName": "[concat('keyvault-', parameters('PlaybookName'))]",
-        "BlobNameCursor": "[if(equals(parameters('Backend'), 'Titan'), 'cursorSentinel.txt', 'cursorVerity.txt')]",
-        "BlobNameFromDate": "[if(equals(parameters('Backend'), 'Titan'), 'fromdateSentinel.txt', 'fromdateVerity.txt')]",
-        "ApiURI": "[if(equals(parameters('Backend'), 'Titan'), 'https://api.intel471.com/v1/indicators/stream', 'https://api.intel471.cloud/integrations/indicators/v1/indicators/stream')]",
-        "UsernameSecretName": "[if(equals(parameters('Backend'), 'Titan'), 'TitanUserNameSentinel', 'VerityUserNameSentinel')]",
-        "ApiKeySecretName": "[if(equals(parameters('Backend'), 'Titan'), 'TitanAPIKeySentinel', 'VerityAPIKeySentinel')]",
-        "RequestParamFrom": "[if(equals(parameters('Backend'), 'Titan'), 'lastUpdatedFrom', 'from')]",
-        "RequestParamSize": "[if(equals(parameters('Backend'), 'Titan'), 'count', 'size')]",
-        "RequestThreatType": "[if(equals(parameters('Backend'), 'Titan'), 'threatType', 'threat_type')]",
-        "ResponseFieldCursor": "[if(equals(parameters('Backend'), 'Titan'), 'cursorNext', 'cursor_next')]"
+        "AzureKeyVaultConnectionName": "[concat('keyvault-', parameters('PlaybookName'))]"
     },
     "resources": [
         {
@@ -128,8 +117,8 @@
                     "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azureblob')]"
                 },
                 "parameterValues": {
-                    "accountName": "[variables('StorageAccountName')]",
-                    "accessKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('StorageAccountName')), '2022-09-01').keys[0].value]"
+                    "accountName": "[parameters('StorageAccountName')]",
+                    "accessKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('StorageAccountName')), '2022-09-01').keys[0].value]"
                 }
             }
         },
@@ -186,15 +175,39 @@
                             "type": "String"
                         },
                         "BlobNameCursor": {
-                            "defaultValue": "[variables('BlobNameCursor')]",
+                            "defaultValue": "",
                             "type": "String"
                         },
                         "BlobNameFromDate": {
-                            "defaultValue": "[variables('BlobNameFromDate')]",
+                            "defaultValue": "",
+                            "type": "String"
+                        },
+                        "ApiURI": {
+                            "defaultValue": "",
+                            "type": "String"
+                        },
+                        "UsernameSecretName": {
+                            "defaultValue": "",
+                            "type": "String"
+                        },
+                        "ApiKeySecretName": {
+                            "defaultValue": "",
+                            "type": "String"
+                        },
+                        "RequestParamFrom": {
+                            "defaultValue": "",
+                            "type": "String"
+                        },
+                        "RequestParamSize": {
+                            "defaultValue": "",
+                            "type": "String"
+                        },
+                        "RequestThreatType": {
+                            "defaultValue": "",
                             "type": "String"
                         },
                         "ResponseFieldCursor": {
-                            "defaultValue": "[variables('ResponseFieldCursor')]",
+                            "defaultValue": "",
                             "type": "String"
                         },
                         "LookBackDays": {
@@ -288,7 +301,7 @@
                                 "HTTP": {
                                     "type": "Http",
                                     "inputs": {
-                                        "uri": "[variables('ApiURI')]",
+                                        "uri": "@parameters('ApiURI')",
                                         "method": "GET",
                                         "headers": {
                                             "User-Agent": "Intel 471 - Malware Intelligence Sentinel - Azure Logic App 4.0.0"
@@ -562,7 +575,7 @@
                                     }
                                 },
                                 "method": "get",
-                                "path": "[concat('/secrets/', variables('ApiKeySecretName'), '/value')]"
+                                "path": "@concat('/secrets/', parameters('ApiKeySecretName'), '/value')"
                             },
                             "runAfter": {
                                 "GetUsername": [
@@ -619,7 +632,7 @@
                                     }
                                 },
                                 "method": "get",
-                                "path": "[concat('/secrets/', variables('UsernameSecretName'), '/value')]"
+                                "path": "@concat('/secrets/', parameters('UsernameSecretName'), '/value')"
                             },
                             "runAfter": {}
                         },
@@ -794,9 +807,9 @@
                                         "name": "payload",
                                         "type": "object",
                                         "value": {
-                                            "[variables('RequestParamSize')]": 100,
-                                            "[variables('RequestThreatType')]": "malware",
-                                            "[variables('RequestParamFrom')]": "@{variables('fromDate')}"
+                                            "@{parameters('RequestParamSize')}": 100,
+                                            "@{parameters('RequestThreatType')}": "malware",
+                                            "@{parameters('RequestParamFrom')}": "@{variables('fromDate')}"
                                         }
                                     }
                                 ]
@@ -840,18 +853,45 @@
                             }
                         }
                     },
+                    "WorkspaceID": {
+                        "value": "[parameters('WorkspaceID')]"
+                    },
                     "StorageAccountName": {
-                        "value": "[variables('StorageAccountName')]"
+                        "value": "[parameters('StorageAccountName')]"
                     },
                     "StorageAccountContainerName": {
-                        "value": "[variables('StorageAccountContainerName')]"
+                        "value": "[parameters('StorageAccountContainerName')]"
+                    },
+                    "BlobNameCursor": {
+                        "value": "[if(equals(parameters('Backend'), 'Titan'), 'cursorSentinel.txt', 'cursorVerity.txt')]"
+                    },
+                    "BlobNameFromDate": {
+                        "value": "[if(equals(parameters('Backend'), 'Titan'), 'fromdateSentinel.txt', 'fromdateVerity.txt')]"
+                    },
+                    "ApiURI": {
+                        "value": "[if(equals(parameters('Backend'), 'Titan'), 'https://api.intel471.com/v1/indicators/stream', 'https://api.intel471.cloud/integrations/indicators/v1/indicators/stream')]"
+                    },
+                    "UsernameSecretName": {
+                        "value": "[if(equals(parameters('Backend'), 'Titan'), 'TitanUserNameSentinel', 'VerityUserNameSentinel')]"
+                    },
+                    "ApiKeySecretName": {
+                        "value": "[if(equals(parameters('Backend'), 'Titan'), 'TitanAPIKeySentinel', 'VerityAPIKeySentinel')]"
+                    },
+                    "RequestParamFrom": {
+                        "value": "[if(equals(parameters('Backend'), 'Titan'), 'lastUpdatedFrom', 'from')]"
+                    },
+                    "RequestParamSize": {
+                        "value": "[if(equals(parameters('Backend'), 'Titan'), 'count', 'size')]"
+                    },
+                    "RequestThreatType": {
+                        "value": "[if(equals(parameters('Backend'), 'Titan'), 'threatType', 'threat_type')]"
+                    },
+                    "ResponseFieldCursor": {
+                        "value": "[if(equals(parameters('Backend'), 'Titan'), 'cursorNext', 'cursor_next')]"
                     },
                     "LookBackDays": {
                         "value": "[parameters('LookBackDays')]"
                     },
-                    "WorkspaceID": {
-                        "value": "[parameters('WorkspaceID')]"
-                    },
                     "Backend": {
                         "value": "[parameters('Backend')]"
                     }
