-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
43 lines (39 loc) · 2.13 KB
/
.env.example
File metadata and controls
43 lines (39 loc) · 2.13 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# Local development credentials for the detection pipeline.
# Copy to `.env` and fill in. NEVER commit `.env` (it is gitignored).
#
# These are picked up automatically by DefaultAzureCredential via
# pipeline/utils/env.py at CLI startup. Process env always wins, so
# this file cannot override GitHub Actions OIDC in CI.
# --- Required: app registration for local API calls -----------------------
# CI uses OIDC federated credentials (no AZURE_CLIENT_SECRET in CI),
# but local dev uses the client-secret flow because OIDC requires the
# GitHub Actions runtime. The same app registration works for both.
AZURE_TENANT_ID=
AZURE_CLIENT_ID=
AZURE_CLIENT_SECRET=
# --- Required to run the integration test suite ---------------------------
# Set to 1 to opt in. Without this, tests/integration/* are skipped.
RUN_LIVE_TESTS=0
# --- Multi-workspace selection (DESIGN §6) -----------------------------
# Workspace targeting is configured in config/tenant.yml under
# `sentinelWorkspaces:` (one entry per workspace, each tagged with
# role: prod | integration | dev). Use --role / --workspace on the CLI
# to pick one. There are no INTEGRATION_* env-var overrides — if you
# need to test against a different workspace locally, add it as a
# sentinelWorkspace in tenant.yml and pass --workspace <name>.
# Required app-reg permissions:
# Sentinel: Microsoft Sentinel Contributor on each target workspace's RG.
# Defender: Graph application permissions (tenant-level)
# CustomDetection.ReadWrite.All
# SecurityAlert.ReadWrite.All (admin consent required)
#
# --- Alert tracking (contentops alerts) -----------------------------------
# The `alerts collect` / `alerts rollup` / `alerts report` commands query
# the Microsoft Graph Security alerts_v2 endpoint (v1.0). This requires:
#
# Graph application permission: SecurityAlert.Read.All (admin consent)
#
# When the permission is not granted (403), or the tenant uses standalone
# Sentinel (not onboarded into Defender XDR), the provider falls back to
# listing Sentinel ARM incidents automatically. No extra permission is
# needed beyond the Sentinel Contributor role already required above.