Sentinel Source Control Through ARM Template

Aaron Dawson 10 Reputation points
2023-01-16T11:20:53.37+00:00

Hi, I've been running into some issues while trying to build an ARM template which links a Sentinel instance to Azure DevOps using Microsoft.SecurityInsights/sourcecontrols. I've got it to the stage where it now seems to need authentication to access the private repo, outputting this error:  "The repoOAuthCode field is required." this isn't referenced in any docs from what I can see.

 

I've looked into how the connection between Sentinel and the DevOps Repo is established in the UI by looking at the Network events via F12, I can see that the repoOAuthcode appears to be the same as the Authentication Bearer token in the API requests that Azure makes I was hoping that the PAT in Azure DevOps would work for this in the ARM template but it seems to instead be an Application client secret that you have to create and then I'm not confident that I could add in the token to the ARM template as there isn't any any authentication variables supported in the Schema for source control.

Any nudge in the right direction would be really appreciated. 

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
922 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,618 questions
{count} vote