{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "metadata": {
    "_generator": {
      "name": "bicep",
      "version": "0.5.6.12127",
      "templateHash": "5191074894407113732"
    }
  },
  "parameters": {
    "automationName": {
      "type": "string",
      "maxLength": 24,
      "minLength": 3
    },
    "location": {
      "type": "string",
      "defaultValue": "[resourceGroup().location]",
      "metadata": {
        "description": "Location for the automation"
      }
    },
    "logicAppName": {
      "type": "string",
      "minLength": 3
    },
    "logicAppResourceGroupName": {
      "type": "string",
      "minLength": 3
    },
    "subscriptionId": {
      "type": "string",
      "defaultValue": "[subscription().subscriptionId]",
      "metadata": {
        "description": "The Azure resource GUID id of the subscription"
      }
    },
    "alertSettings": {
      "type": "object",
      "metadata": {
        "description": "The alert settings object used for deploying the automation"
      }
    }
  },
  "variables": {
    "automationDescription": "automation description for subscription {0}",
    "scopeDescription": "automation scope for subscription {0}"
  },
  "resources": [
    {
      "type": "Microsoft.Security/automations",
      "apiVersion": "2019-01-01-preview",
      "name": "[parameters('automationName')]",
      "location": "[parameters('location')]",
      "properties": {
        "description": "[format(variables('automationDescription'), parameters('subscriptionId'))]",
        "isEnabled": true,
        "actions": [
          {
            "actionType": "LogicApp",
            "logicAppResourceId": "[resourceId('Microsoft.Logic/workflows', parameters('logicAppName'))]",
            "uri": "[listCallbackURL(resourceId(parameters('subscriptionId'), parameters('logicAppResourceGroupName'), 'Microsoft.Logic/workflows/triggers', parameters('logicAppName'), 'manual'), '2019-05-01').value]"
          }
        ],
        "scopes": [
          {
            "description": "[format(variables('scopeDescription'), parameters('subscriptionId'))]",
            "scopePath": "[subscription().id]"
          }
        ],
        "sources": [
          {
            "copy": [
              {
                "name": "ruleSets",
                "count": "[length(range(0, length(parameters('alertSettings').alertSeverityMapping)))]",
                "input": {
                  "rules": [
                    {
                      "propertyJPath": "[parameters('alertSettings').alertSeverityMapping[range(0, length(parameters('alertSettings').alertSeverityMapping))[copyIndex('ruleSets')]].jpath]",
                      "propertyType": "String",
                      "expectedValue": "[parameters('alertSettings').alertSeverityMapping[range(0, length(parameters('alertSettings').alertSeverityMapping))[copyIndex('ruleSets')]].expectedValue]",
                      "operator": "[parameters('alertSettings').alertSeverityMapping[range(0, length(parameters('alertSettings').alertSeverityMapping))[copyIndex('ruleSets')]].operator]"
                    },
                    {
                      "propertyJPath": "Severity",
                      "propertyType": "String",
                      "expectedValue": "[parameters('alertSettings').alertSeverityMapping[range(0, length(parameters('alertSettings').alertSeverityMapping))[copyIndex('ruleSets')]].severity]",
                      "operator": "Equals"
                    }
                  ]
                }
              }
            ],
            "eventSource": "Alerts"
          }
        ]
      }
    }
  ]
}