diff --git a/modules/integrations/additional-resources/README.md b/modules/integrations/additional-resources/README.md
new file mode 100644
index 0000000..db4cc74
--- /dev/null
+++ b/modules/integrations/additional-resources/README.md
@@ -0,0 +1,50 @@
+# Azure Additional Resources Module
+
+This module creates diagnostic settings for all the resources specified by the client and directs the logs for those specified resources to the existing Event Hub, which will be queried by the Sysdig backend for log ingestion.
+The resources will forward only the logs specified by the user.
+
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | >= 1.0.0 |
+| [azurerm](#requirement\_azurerm) | >= 3.76.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [azurerm](#provider\_azurerm) | >= 3.76.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------|
+| [azurerm_monitor_diagnostic_setting.sysdig_custom_diagnostic_settings](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_diagnostic_setting) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|-------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------|----------|---------|:--------:|
+| [event\_hub\_name](#input\_event\_hub\_name) | Event Hub integration created for Sysdig Log Ingestion | `string` | n/a | yes |
+| [sysdig\_authorization\_id](#input\_sysdig\_authorization\_id) | Identifier of Authorization Rule for the Sysdig Namespace | `string` | n/a | yes |
+| [deployment\_identifier](#input\_deployment\_identifier) | Identifier of Deployment that gets added to provisioned resources | `string` | n/a | yes |
+| [diagnostic\_settings](#input\_diagnostic\_settings) | Map of resource IDs to the list of logs to enable | `map(list(string))` | {} | yes |
+## Outputs
+
+No outputs.
+
+
+
+## Authors
+
+Module is maintained by [Sysdig](https://sysdig.com).
+
+## License
+
+Apache 2 Licensed. See LICENSE for full details.
diff --git a/modules/integrations/additional-resources/main.tf b/modules/integrations/additional-resources/main.tf
new file mode 100644
index 0000000..5c31d4c
--- /dev/null
+++ b/modules/integrations/additional-resources/main.tf
@@ -0,0 +1,15 @@
+# M2
+resource "azurerm_monitor_diagnostic_setting" "sysdig_custom_diagnostic_settings" {
+ for_each = var.diagnostic_settings
+ name = "sysdig-diagnostic-settings-${substr(md5(each.key), 0, 8)}-${var.deployment_identifier}"
+ target_resource_id = each.key
+ eventhub_authorization_rule_id = var.sysdig_authorization_id
+ eventhub_name = var.event_hub_name
+
+ dynamic "enabled_log" {
+ for_each = each.value
+ content {
+ category = enabled_log.value
+ }
+ }
+}
diff --git a/modules/integrations/additional-resources/variables.tf b/modules/integrations/additional-resources/variables.tf
new file mode 100644
index 0000000..e768c12
--- /dev/null
+++ b/modules/integrations/additional-resources/variables.tf
@@ -0,0 +1,20 @@
+variable "sysdig_authorization_id" {
+ type = string
+ description = "Identifier of Authorization Rule for the Sysdig Namespace"
+}
+
+variable "event_hub_name" {
+ type = string
+ description = "Event Hub integration created for Sysdig Log Ingestion"
+}
+
+variable "diagnostic_settings" {
+ type = map(list(string))
+ description = "Map of resource IDs to the list of logs to enable"
+ default = {}
+}
+
+variable "deployment_identifier" {
+ type = string
+ description = "Identifier of Deployment that gets added to provisioned resources"
+}
diff --git a/modules/integrations/additional-resources/versions.tf b/modules/integrations/additional-resources/versions.tf
new file mode 100644
index 0000000..c97d7e2
--- /dev/null
+++ b/modules/integrations/additional-resources/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+ required_version = ">= 1.0.0"
+
+ required_providers {
+ azurerm = {
+ source = "hashicorp/azurerm"
+ version = ">= 3.76.0"
+ }
+ }
+}
diff --git a/modules/integrations/event-hub/README.md b/modules/integrations/event-hub/README.md
index f9334f8..c71e542 100644
--- a/modules/integrations/event-hub/README.md
+++ b/modules/integrations/event-hub/README.md
@@ -85,9 +85,12 @@ No modules.
| [enabled\_entra\_logs](#input\_enabled\_entra\_logs) | List of Entra logs to enable | `list(string)` | `["AuditLogs","SignInLogs","NonInteractiveUserSignInLogs","ServicePrincipalSignInLogs","ManagedIdentitySignInLogs","ProvisioningLogs","ADFSSignInLogs","RiskyUsers","UserRiskEvents","NetworkAccessTrafficLogs","RiskyServicePrincipals","ServicePrincipalRiskEvents","EnrichedOffice365AuditLogs","MicrosoftGraphActivityLogs","RemoteNetworkHealthLogs"]` | no |
## Outputs
-| Name | Description |
-|------|-------------|
-| [event\_hub\_component\_id](#output\_event\_hub\_component\_id) | Component identifier of Event Hub integration created in Sysdig Backend for Log Ingestion |
+| Name | Description |
+|-----------------------------------------------------------------------------------------------------------------------|-------------|
+| [event\_hub\_component\_id](#output\_event\_hub\_component\_id) | Component identifier of Event Hub integration created in Sysdig Backend for Log Ingestion |
+| [event\_hub\_name](#output\_event\_hub\_name) | Event Hub integration created for Sysdig Log Ingestion |
+| [sysdig\_authorization\_id](#output\_sysdig\_authorization\_id) | Identifier of Authorization Rule for the Sysdig Namespace |
+| [unique\_deployment\_id](#output\_unique\_deployment\_id) | Identifier of Deployment that gets added to provisioned resources |
## Authors
diff --git a/modules/integrations/event-hub/main.tf b/modules/integrations/event-hub/main.tf
index c374092..ce04fb7 100644
--- a/modules/integrations/event-hub/main.tf
+++ b/modules/integrations/event-hub/main.tf
@@ -184,4 +184,4 @@ resource "sysdig_secure_cloud_auth_account_component" "azure_event_hub" {
}
}
})
-}
\ No newline at end of file
+}
diff --git a/modules/integrations/event-hub/outputs.tf b/modules/integrations/event-hub/outputs.tf
index 2c4c64a..a26681b 100644
--- a/modules/integrations/event-hub/outputs.tf
+++ b/modules/integrations/event-hub/outputs.tf
@@ -2,4 +2,19 @@ output "event_hub_component_id" {
value = "${sysdig_secure_cloud_auth_account_component.azure_event_hub.type}/${sysdig_secure_cloud_auth_account_component.azure_event_hub.instance}"
description = "Component identifier of Event Hub integration created in Sysdig Backend for Log Ingestion"
depends_on = [ sysdig_secure_cloud_auth_account_component.azure_event_hub ]
-}
\ No newline at end of file
+}
+
+output "event_hub_name" {
+ value = azurerm_eventhub.sysdig_event_hub.name
+ description = "Event Hub integration created for Sysdig Log Ingestion"
+}
+
+output "sysdig_authorization_id" {
+ value = azurerm_eventhub_namespace_authorization_rule.sysdig_rule.id
+ description = "Identifier of Authorization Rule for the Sysdig Namespace"
+}
+
+output "unique_deployment_id" {
+ value = "${random_string.random.result}-${local.subscription_hash}"
+ description = "Identifier of Deployment that gets added to provisioned resources"
+}