Public/Initialize-LMPOVSetup.ps1


<#
.SYNOPSIS
    This function initializes the Logic Monitor (POV) setup for SEs by automating various tasks required during POV setup.

.DESCRIPTION
    The Initialize-LMPOVSetup function sets up various components of the Logic Monitor POV.
    It can set up the website, portal metrics, alert analysis, and LM container.
    The setup for each component can be controlled individually or all at once.

.PARAMETER Website
    The name of the website to be set up. This parameter is used in both 'All' and 'Individual' parameter sets.

.PARAMETER WebsiteHttpType
    The HTTP type of the website. Defaults to "https". This parameter is used in both 'All' and 'Individual' parameter sets.

.PARAMETER PortalMetricsAPIUsername
    The username for the Portal Metrics API. Defaults to "lm_portal_metrics". This parameter is used in both 'All' and 'Individual' parameter sets.

.PARAMETER LogsAPIUsername
    The username for the Logs API. Defaults to "lm_logs". This parameter is used in both 'All' and 'Individual' parameter sets.

.PARAMETER SetupWebsite
    A switch to control the setup of the website. This parameter is used in the 'Individual' parameter set.

.PARAMETER SetupPortalMetrics
    A switch to control the setup of the portal metrics. This parameter is used in the 'Individual' parameter set.

.PARAMETER SetupAlertAnalysis
    A switch to control the setup of the alert analysis. This parameter is used in the 'Individual' parameter set.

.PARAMETER SetupLMContainer
    A switch to control the setup of the LM container. This parameter is used in the 'Individual' parameter set.

.PARAMETER LMContainerAPIUsername
    The username for the LM Container API. Defaults to "lm_container". This parameter is used in both 'All' and 'Individual' parameter sets.

.EXAMPLE
    Initialize-LMPOVSetup -RunAll -IncludeDefaults -Website example.com

    This command runs all setup processes including default options and creates a webcheck for example.com.

.INPUTS
    The function does not accept input from the pipeline.

.OUTPUTS
    The function does not return any output.

.NOTES
    The function throws an error if it fails to set up any component.
#>

Function Initialize-LMPOVSetup {

    [CmdletBinding(DefaultParameterSetName = 'Individual')]
    Param (
        [Parameter(ParameterSetName = 'All')]
        [Parameter(ParameterSetName = 'Individual')]
        [String]$Website,

        [Parameter(ParameterSetName = 'All')]
        [Parameter(ParameterSetName = 'Individual')]
        [String]$WebsiteHttpType = "https",

        [Parameter(ParameterSetName = 'All')]
        [Parameter(ParameterSetName = 'Individual')]
        [string]$PortalMetricsAPIUsername = "lm_portal_metrics",

        [Parameter(ParameterSetName = 'All')]
        [Parameter(ParameterSetName = 'Individual')]
        [string]$LogsAPIUsername = "lm_logs",

        [Parameter(ParameterSetName = 'Individual')]
        [Switch]$SetupWebsite,

        [Parameter(ParameterSetName = 'Individual')]
        [Switch]$SetupPortalMetrics,

        [Parameter(ParameterSetName = 'Individual')]
        [Switch]$SetupAlertAnalysis,

        [Parameter(ParameterSetName = 'Individual')]
        [Switch]$SetupLMContainer,

        [Parameter(ParameterSetName = 'All')]
        [Parameter(ParameterSetName = 'Individual')]
        [string]$LMContainerAPIUsername = "lm_container",

        [Parameter(ParameterSetName = 'Individual')]
        [Switch]$MoveMinimalMonitoring,

        [Parameter(ParameterSetName = 'Individual')]
        [Switch]$CleanupDynamicGroups,

        [Parameter(ParameterSetName = 'Individual')]
        [Switch]$SetupWindowsLMLogs,

        [Parameter(ParameterSetName = 'Individual')]
        [Parameter(ParameterSetName = 'All')]
        [Switch]$WindowsLogSource,

        [Parameter(ParameterSetName = 'Individual')]
        [Parameter(ParameterSetName = 'All')]
        [Switch]$IncludeDefaults,

        [Parameter(ParameterSetName = 'PostPOV-Readonly')]
        [Switch]$ReadOnlyMode,

        [Parameter(ParameterSetName = 'PostPOV-RevertReadonly')]
        [Switch]$RevertReadOnlyMode,

        [Parameter(ParameterSetName = 'Individual')]
        [Switch]$SetupCollectorServiceInsight,
        
        [Parameter(ParameterSetName = 'All')]
        [Parameter(ParameterSetName = 'Individual')]
        [String]$WindowsLMLogsEventChannels = "Application,System",

        [Parameter(ParameterSetName = 'All')]
        [Switch]$RunAll
    )
    #Check if we are logged in and have valid api creds
    Begin {
        #Check for newer version of Logic.Monitor module
        Update-LogicMonitorSEModule -CheckOnly
    }
    Process {
        $PortalInfo = Get-LMAccountStatus
        If ($($PortalInfo)) {
            $PortalName = $PortalInfo.Portal
            $DeviceName = "$PortalName.logicmonitor.com"

            #Generate hastable of new dynamic groups to create
            $DynamicGroupList = @{
                "All Devices" = 'true()'
                "AWS Resources" = 'isAWSService()'
                "Azure Resources" = 'isAzureService()'
                "GCP Resources" = 'isGCPService()'
                "K8s Resources" = 'system.devicetype == "8"'
                "Dead Devices" = 'system.hoststatus == "dead" || system.hoststatus == "dead-collector" || system.gcp.status == "TERMINATED" || system.azure.status == "PowerState/stopped" || system.aws.stateName == "terminated"'
                "Palo Alto" = 'hasCategory("PaloAlto")'
                "Cisco ASA" = 'hasCategory("CiscoASA")'
                "Logs Enabled Devices" = 'hasPushModules("LogUsage")'
                "Netflow Enabled Devices" = 'isNetflow()'
                "Meraki Devices" = 'meraki.productType'
                "Cisco UCS" = 'hasCategory("CiscoUCSFabricInterconnect") || hasCategory("CiscoUCSManager")'
                "Oracle" = 'hasCategory("OracleDB")'
                "Domain Controllers" = 'hasCategory("MicrosoftDomainController")'
                "Exchange Servers" = 'hasCategory("MSExchange")'
                "IIS" = 'hasCategory("MicrosoftIIS")'
                "Citrix XenApp" = 'hasCategory("CitrixBrokerActive") || hasCategory("CitrixMonitorServiceV2") || hasCategory("CitrixLicense") || hasCategory("CitrixEUEM")'
                "Cloud IaaS Resources" = 'system.cloud.pricingCategory =~ "iaas"'
                "Cloud PaaS Resources" = 'system.cloud.pricingCategory =~ "paas"'
                "Cloud Non-Compute Resources" = 'system.cloud.pricingCategory =~ "non-compute"'
                "Core Resources" = '!system.cloud.pricingCategory && !system.cloud.category && system.device.provider != "K8S"'
            }
            
            $GitubURI = "https://raw.githubusercontent.com/stevevillardi"

            #If readonly mode, siwtch all users to readonly and record previous role permissions for role back
            If($ReadOnlyMode){
                $Users = Get-LMUser | Where-Object {$_.apionly -eq $False -and $_.username -ne "lmsupport"}
                Foreach($User in $Users){
                    If($User.Note -notlike "Previous Roles:*"){
                        $PreviousRoles = $User.roles.Name -Join(",")
                        $UpdatedUser = Set-LMUser -Id $User.Id -RoleNames @("readonly") -Note "Previous Roles: $PreviousRoles"
                        If($UpdatedUser){
                            Write-Host "[INFO]: Previous role info ($($User.roles.Name -Join(","))) stored for user $($User.username), successfully converted to readonly role." -ForegroundColor Yellow
                        }
                    }
                    Else{
                        Write-Host "[INFO]: User $($User.username) previously converted, skipping processing." -ForegroundColor Gray
                    }
                }
            }
            #Revert any previous set readonly roles back to their original state
            If($RevertReadOnlyMode){
                $Users = Get-LMUser | Where-Object {$_.apionly -eq $False -and $_.username -ne "lmsupport"}
                Foreach($User in $Users){
                    $PreviousRoles = ($User.Note -Split "Previous Roles: ")[1] -Split (",")
                    If($PreviousRoles){
                        $UpdatedUser = Set-LMUser -Id $User.Id -RoleNames $PreviousRoles -Note " "
                        If($UpdatedUser){
                            Write-Host "[INFO]: Previous role info ($(($User.Note -Split "Previous Roles: ")[1])) found for user $($User.username), successfully reverted readonly role." -ForegroundColor Yellow
                        }
                    }
                    Else{
                        Write-Host "[WARN]: No previous role info found for user $($User.username), skipping role revert for user." -ForegroundColor Yellow
                    }
                }
            }

            #Create example collector service insight
            If($SetupCollectorServiceInsight -or $RunAll){
                $ServiceInsightProps = @{
                    device = @(
                        @{
                            deviceGroupFullPath = "Devices by Type/Collectors";
                            deviceDisplayName = "*";
                            deviceProperties = @()
                        }
                    )
                } | ConvertTo-Json -Depth 3

                #Create new SI resource
                $ServiceInsightResource = Get-LMDevice -name "LogicMonitorCollectorHealth"
                If(!$ServiceInsightResource){
                    $ServiceInsightResource = New-LMDevice -name "LogicMonitorCollectorHealth" -DisplayName "LogicMonitor: Collector Health" -PreferredCollectorId -4 -DeviceType 6 -Properties @{"predef.bizservice.members"=$ServiceInsightProps;"predef.bizService.evalMembersInterval"="30"}
                    If($ServiceInsightResource){
                        Write-Host "[INFO]: Successfully created service insight resource (LogicMonitor: Collector Health)"
                        #Upload SI datasource from xml
                        Try{
                            $SIDatasource = (Invoke-WebRequest -Uri "$GitubURI/LogicMonitor-Dashboards/main/POV/LogicMonitor_Collector_Health.xml" -UseBasicParsing).Content
                            Import-LMLogicModule -File $SIDatasource -Type datasource -ErrorAction Stop
                        }
                        Catch{
                            #Oops
                            Write-Error "[ERROR]: Unable to import SI template from source: $_" 
                        }
                    }
                    Else{
                        #Oops
                        Write-Error "[ERROR]: Failed to create service insight resource (LogicMonitor: Collector Health), review error message and try again." 
                    }
                }
                Else{
                    Write-Host "[INFO]: Service insight resource (LogicMonitor: Collector Health) already exists, skipping creation" -ForegroundColor Gray
                    #Upload SI datasource from xml
                    If(!$(Get-LMDatasource -DisplayName "LogicMonitor Collector Health")){
                        Try{
                            $SIDatasource = (Invoke-WebRequest -Uri "$GitubURI/LogicMonitor-Dashboards/main/POV/LogicMonitor_Collector_Health.xml").Content
                            Import-LMLogicModule -File $SIDatasource -Type datasource -ErrorAction Stop
                        }
                        Catch{
                            #Oops
                            Write-Host "[WARN]: Unable to import SI template from source: $_" -ForegroundColor Yellow
                        }
                    }
                    Else{
                        Write-Host "[INFO]: Service insight aggregate datasource (LogicMonitor Collector Health) already exists, skipping import" -ForegroundColor Gray
                    }
                }
            }

            #Create readonly API use for Portal Metrics
            If ($SetupPortalMetrics -or $RunAll) {
                $CheckAPIUser = Get-LMUser -Name "$PortalMetricsAPIUsername"
                $CheckPortalDevice = Get-LMDevice -Name $DeviceName

                If(!$CheckAPIUser -and !$CheckPortalDevice){
                    Write-Host "[INFO]: Setting up API user: $PortalMetricsAPIUsername"
                    $APIUser = New-LMAPIUser -Username "$PortalMetricsAPIUsername" -note "Auto provisioned for use with LM Portal Metrics Datasources" -RoleNames @("readonly")
                    If ($APIUser) {
                        Write-Host "[INFO]: Successfully setup API user: $PortalMetricsAPIUsername"
        
                        Write-Host "[INFO]: Creating readonly API token for user: $PortalMetricsAPIUsername"
                        $APIInfo = New-LMAPIToken -id $APIUser.id -Note "Auto provisioned for use with LM Portal Metrics Datasource"
                    }
        
                    #Setup portal mertics device if we have a valid API token
                    If ($APIInfo) {
                        Write-Host "[INFO]: Successfully created API token for user: $PortalMetricsAPIUsername | $($APIInfo.accessId) | $($APIInfo.accessKey)"
        
                        If ($PortalName) {
                            $PortalDeviceGroup = New-LMDeviceGroup -Name "LogicMonitor Portal Metrics" -AppliesTo "hasCategory(`"LogicMonitorPortal`")" -ParentGroupName "Devices by Type"
                            If ($PortalDeviceGroup) {
                                Write-Host "[INFO]: Created Portal Metrics dynamic group in Devices by Type: $($PortalDeviceGroup.name)"
                            }
    
                            $CollectorId = (Get-LMCollector | Where-Object {$_.collectorSize -ne "n/a"} | Select-Object -Last 1).id
                            Write-Host "[INFO]: Creating Portal Metrics resource: $DeviceName"
                            $PortalDevice = New-LMDevice -Name $DeviceName -DisplayName $DeviceName -Description "Auto provisioned resource to collect LM Portal Metrics" -Properties @{"lmaccess.id" = $APIInfo.accessId; "lmaccess.key" = $APIInfo.accessKey; "lmaccount" = $PortalName } -PreferredCollectorId  $CollectorId
                            If ($PortalDevice) {
                                Write-Host "[INFO]: Successfully created Portal Metrics resource: $DeviceName"
                            }
                        }
                    }
                }
                Else{
                    Write-Host "[INFO]: API User ($PortalMetricsAPIUsername) or portal metrics device ($DeviceName) already exists in portal, skipping setup for portal metrics" -ForegroundColor Gray
                }
            }

            #Setup Company Website
            If (($SetupWebsite -or $RunAll) -and $Website) {
                Write-Host "[INFO]: Setting up external webcheck for: $Website"
                $Website = $Website.split("//")[-1] #Make sure http/https is not in the entered site name
                $WebsiteResult = New-LMWebsite -Webcheck -Name $Website -HttpType $WebsiteHttpType -WebsiteDomain $Website
                If ($WebsiteResult) {
                    Write-Host "[INFO]: Successfully setup external webcheck for: $Website"
                }
            }

            #Move minimal monitoring folder into devices by type
            If ($MoveMinimalMonitoring -or $RunAll) {
                $DeviceFolderId = (Get-LMDeviceGroup -Name "Devices by Type").id
                $MinimalFolderId = (Get-LMDeviceGroup -Name "Minimal Monitoring").id
                If ($DeviceFolderId -and $MinimalFolderId) {
                    Write-Host "[INFO]: Moving minimal monitoring folder into Devices by Type"
                    $MinimalFolderGroup = Set-LMDeviceGroup -id $MinimalFolderId -ParentGroupId $DeviceFolderId
                    If ($MinimalFolderGroup) {
                        Write-Host "[INFO]: Successfully moved minimal monitoring folder into Devices by Type"
                    }
                    $MinimalFolderAppliesTo = (Get-LMDeviceGroup -Name "Minimal Monitoring").appliesTo
                    If ($MinimalFolderAppliesTo) {
                        Write-Host "[INFO]: Updating Minimal Monitoring folder to exclude Meraki and Portal Metrics resources"
                        $MinimalFolderAppliesTo = "system.sysinfo == `"`" && system.sysoid == `"`" && isDevice() && !(system.virtualization) && (monitoring != `"basic`") && system.devicetype != `"8`" && !hasCategory(`"LogicMonitorPortal`") && !hasCategory(`"MerakiAPIOrg`") && !hasCategory(`"MerakiAPINetwork`")"
                        $MinimalFolder = Set-LMDeviceGroup -Id $MinimalFolderId -AppliesTo $MinimalFolderAppliesTo
                        If ($MinimalFolder) {
                            Write-Host "[INFO]: Successfully updated minimal monitoring appliesTo query"
                        }
                    }
                }
            }

            #Cleanup dynamic groups will add Linux_SSH to the Linux folder and delete the Misc folder
            If ($CleanupDynamicGroups -or $RunAll) {
                Write-Host "[INFO]: Cleaning up default dynamic groups"
                $LinuxDeviceGroupId = (Get-LMDeviceGroup -Name "Linux Servers" | Where-Object {$_.fullPath -like "Devices by Type*"}).id
                $MiscDeviceGroupId = (Get-LMDeviceGroup -Name "Misc").id
                If(!$DeviceFolderId){
                    $DeviceFolderId = (Get-LMDeviceGroup -Name "Devices by Type").id
                }
                If ($LinuxDeviceGroupId) {
                    $ModifedLinuxGroup = Set-LMDeviceGroup -Id $LinuxDeviceGroupId -AppliesTo "isLinux() || hasCategory(`"Linux_SSH`")"
                    If ($ModifedLinuxGroup) {
                        Write-Host "[INFO]: Updated Linux Servers group to include Linux_SSH devices"
                    }
                }
                If ($MiscDeviceGroupId) {
                    $MiscDeviceGroup = Remove-LMDeviceGroup -Id $MiscDeviceGroupId
                    If ($ModifedLinuxGroup) {
                        Write-Host "[INFO]: Removed Misc devices group from Devices by Type"
                    }
                }
                Write-Host "[INFO]: Creating additional default dynamic groups"
                Foreach($Group in $DynamicGroupList.GetEnumerator()){
                    If(!$(Get-LMDeviceGroup -Name $Group.Name)){
                        $NewGroup = New-LMDeviceGroup -Name $Group.Name -ParentGroupId $DeviceFolderId -AppliesTo $Group.Value
                        If($NewGroup){
                            Write-Host "[INFO]: Created new dynamic group: $($Group.Name)"
                        }
                    }
                    Else{
                        Write-Host "[INFO]: Dynamic group: $($Group.Name) already exists, skipping creation" -ForegroundColor Gray
                    }
                }
            }

            #Add k8s role with proper permissions
            If($RunAll -or $SetupLMContainer){
                $LMContainerAPIRoleName = "lm-container"
                $LMContainerAPIUser = Get-LMUser -Name "$LMContainerAPIUsername"
                $LMContainerAPIRole = Get-LMRole -Name $LMContainerAPIRoleName

                If(!$LMContainerAPIRole){
                    Write-Host "[INFO]: Setting up LM Container API Role: $LMContainerAPIRoleName"
                    $LMContainerAPIRole = New-LMRole -Name $LMContainerAPIRoleName -ResourcePermission manage -LogsPermission manage -DashboardsPermission manage -SettingsPermission manage-collectors -Description "Auto provisioned to allow for API token creation for use with lm-container"
                    If($LMContainerAPIRole){
                        Write-Host "[INFO]: Successfully setup API role: $LMContainerAPIRoleName"
                    }
                }
                Else{
                    Write-Host "[INFO]: LM Container API Role ($LMContainerAPIRoleName) already exists in portal, skipping setup" -ForegroundColor Gray
                }

                If(!$LMContainerAPIUser){
                    Write-Host "[INFO]: Setting up LM Container API user: $LMContainerAPIUsername"
                    $LMContainerAPIUser = New-LMAPIUser -Username "$LMContainerAPIUsername" -note "Auto provisioned for use with LM Container" -RoleNames @($LMContainerAPIRoleName)
                    If ($LMContainerAPIUser) {
                        Write-Host "[INFO]: Successfully setup API user: $LMContainerAPIUsername"
                    }
                }
            }

            If($SetupWindowsLMLogs -or $RunAll){
                #Setup Windows Events Logsource
                If($WindowsLogSource){
                    Write-Host "[INFO]: Setting up Windows Events LogSource"
                    $ModuleList = @(
                        @{
                            name = "Windows_Events.xml"
                            type = "logsource"
                            repo = "LogicMonitor-Dashboards/main/POV"
                        }
                    )
    
                    Foreach($Module in $ModuleList){
                        $ModuleName = $Module.name.Split(".")[0]
                        $LogicModule = Get-LMLogSource -name $ModuleName
                        If(!$LogicModule){
                            Try{
                                $LogicModule = (Invoke-WebRequest -Uri "$GitubURI/$($Module.repo)/$($Module.name)").Content
                                Import-LMLogicModule -File $LogicModule -Type $Module.type -ErrorAction Stop
                                Write-Host "[INFO]: Successfully imported $ModuleName logsource"
                            }
                            Catch{
                                #Oops
                                Write-Error "[ERROR]: Unable to import $ModuleName LogicModule from source: $_" 
                            }
                        }
                        Else{
                            Write-Host "[INFO]: LogicModule LogSource $ModuleName already exists, skipping import" -ForegroundColor Gray
                        }
                    }
                }
                Else{
                    Write-Host "[INFO]: Setting up Windows Events DataSource"
                    $LogsAPIRoleName = "lm-logs-ingest"
                    $LogsAPIUser = Get-LMUser -Name "$LogsAPIUsername"
                    $LogsAPIRole = Get-LMRole -Name $LogsAPIRoleName
                    If(!$LogsAPIRole){
                        Write-Host "[INFO]: Setting up LM Logs API Role: $LogsAPIRoleName"
                        $LogsAPIRole = New-LMRole -Name $LogsAPIRoleName -ResourcePermission view -LogsPermission manage -Description "Auto provisioned to allow for windows events ingest via datasource"
                        If($LogsAPIRole){
                            Write-Host "[INFO]: Successfully setup API role: $LogsAPIRoleName"
                        }
                    }
                    Else{
                        Write-Host "[INFO]: LM Logs API Role ($LogsAPIRoleName) already exists in portal, skipping setup" -ForegroundColor Gray
                    }
    
                    If(!$LogsAPIUser){
                        Write-Host "[INFO]: Setting up LM Logs API user: $LogsAPIUsername"
                        $LogsAPIUser = New-LMAPIUser -Username "$LogsAPIUsername" -note "Auto provisioned for use with Windows LM Logs Datasource" -RoleNames @($LogsAPIRoleName)
                        If ($LogsAPIUser) {
                            Write-Host "[INFO]: Successfully setup API user: $LogsAPIUsername"
            
                            Write-Host "[INFO]: Creating administrator API token for user: $LogsAPIUsername"
                            $LMLogsAPIINfo = New-LMAPIToken -id $LogsAPIUser.id -Note "Auto provisioned for use with Windows LM Logs Datasource"
                        }
            
                        #Import Datasource and apply properties to windows server group
                        If ($LMLogsAPIINfo) {
                            Write-Host "[INFO]: Successfully created API token for user: $LogsAPIUsername | $($LMLogsAPIINfo.accessId) | $($LMLogsAPIINfo.accessKey)"
            
                            $WindowsServerDeviceGroup =  Get-LMDeviceGroup -Name "Windows Servers" | Where-Object {$_.fullPath -like "Devices by Type*"}
    
    
                            If ($WindowsServerDeviceGroup) {
                                Write-Host "[INFO]: Adding API properties to Windows Server device group"
                                $UpdatedWindowsServerDeviceGroup = Set-LMDeviceGroup -Id $WindowsServerDeviceGroup.Id -Properties @{"lmaccess.id" = $LMLogsAPIINfo.accessId; "lmaccess.key" = $LMLogsAPIINfo.accessKey; "lmaccount" = $PortalName; "lmlogs.winevent.channels" = $WindowsLMLogsEventChannels; "lmlogs.winevent.detailed_message" = "false" }
                                If ($UpdatedWindowsServerDeviceGroup) {
                                    Write-Host "[INFO]: Successfully updated Windows Server device group for LM Logs"
                                }
                            }
    
    
                        }
                    }
                    Else{
                        Write-Host "[INFO]: LM Logs API User ($LogsAPIUsername) already exists in portal, skipping setup" -ForegroundColor Gray
                    }
    
                    #Import LM Logs Datasource
                    $LogsDatasource = Get-LMDatasource -Name "Windows_Events_LMLogs"
                    If(!$LogsDatasource){
                        Import-LMExchangeModule -LMExchangeId "2cb0a988-487a-48a6-b332-62003ef3b3dc" #core module
                        Start-Sleep -Seconds 5 #Added manual pause to ensure datasource is available after importing from the exchange
                        $LogsDatasource = Set-LMDatasource -Name Windows_Events_LMLogs -appliesTo "isWindows() && lmlogs.winevent.channels && lmaccess.id && lmaccess.key && lmaccount"
                        If($LogsDatasource){
                            Write-Host "[INFO]: Successfully added core module (Windows_Events_LMLogs) and updated appliesto logic"
                        }
                        Else{
                            Write-Host "[WARN]: Successfully added core module (Windows_Events_LMLogs) but was unable to modify the appliesTo criteria, please manually set the appliesTo criteria for the datasource to apply: 'isWindows() && lmlogs.winevent.channels && lmaccess.id && lmaccess.key && lmaccount'" -ForegroundColor Yellow
                        }
                    }
                    Else{
                        Write-Host "[INFO]: LM Logs core logicmodule ($($LogsDatasource.displayname)) already exists in portal, skipping setup" -ForegroundColor Gray
                    }
                }
            }

            If($IncludeDefaults -or $SetupAlertAnalysis){
                #Deploy AlertDuration dashboard
                Write-Host "[INFO]: Setting up Alert Analysis Dashboard and LogicModules from repo."
                $CheckPortalDevice = Get-LMDevice -Name $DeviceName
                If($CheckPortalDevice){
                    #Setup alert analysis package
                        #Import default DSes
                        $ModuleList = @(
                            @{
                                name = "LogicMonitor_Device_Alert_Statistics.xml"
                                type = "datasource"
                                repo = "LogicMonitor-Dashboards/main/Suites/Alert%20Duration"
                            },
                            @{
                                name = "LogicMonitor_DeviceGroup_Alert_Statistics.xml"
                                type = "datasource"
                                repo = "LogicMonitor-Dashboards/main/Suites/Alert%20Duration"
                            },
                            @{
                                name = "LogicMonitor_Portal_Alert_Statistics_Cache.xml"
                                type = "datasource"
                                repo = "LogicMonitor-Dashboards/main/Suites/Alert%20Duration"
                            },
                            @{
                                name = "LogicMonitor_Portal_Alert_Statistics.xml"
                                type = "datasource"
                                repo = "LogicMonitor-Dashboards/main/Suites/Alert%20Duration"
                            }
                        )

                        Foreach($Module in $ModuleList){
                            $ModuleName = $Module.name.Split(".")[0]
                            $LogicModule = Get-LMDataSource -name $ModuleName
                            If(!$LogicModule){
                                Try{
                                    $LogicModule = (Invoke-WebRequest -Uri "$GitubURI/$($Module.repo)/$($Module.name)").Content
                                    Import-LMLogicModule -File $LogicModule -Type $Module.type -ErrorAction Stop
                                    Write-Host "[INFO]: Successfully imported $ModuleName datasource"
                                }
                                Catch{
                                    #Oops
                                    Write-Error "[ERROR]: Unable to import $ModuleName LogicModule from source: $_" 
                                }
                            }
                            Else{
                                Write-Host "[INFO]: LogicModule $ModuleName already exists, skipping import" -ForegroundColor Gray
                            }
                        }

                    $AlertAnalysisProps = @{
                        "alert.analysis.period"="7"
                        "alert.analysis.excludeUnACKedAlerts"="false"
                        "alert.analysis.excludeSDTedAlerts"="false"
                        "alert.analysis.datasourceList"="*"
                        "alert.analysis.minimumTimeInSeconds"="0"
                    }

                    Set-LMDevice -Id $CheckPortalDevice.Id -Properties $AlertAnalysisProps | Out-Null
                    $AlertDurationRootFolder = (Get-LMDashboardGroup -Name "LogicMonitor").Id
                    If(!$AlertDurationRootFolder){$AlertDurationRootFolder = 1}

                    Try{
                        $AlertDurationDashboardFile = (Invoke-WebRequest -Uri "$GitubURI/LogicMonitor-Dashboards/main/Suites/Alert%20Duration/Alert_Analysis_Overview.json").Content
                        $AlertDurationDashboard = Get-LMDashboard -Name "Alert Analysis Overview"
                        If(!$AlertDurationDashboard){
                            $ImportAlertDurationDashboard = Import-LMDashboard -File $AlertDurationDashboardFile -ParentGroupId $AlertDurationRootFolder
                            Write-Host "[INFO]: Successfully imported Alert Analysis Dashboard"
                        }
                        Else{
                            Write-Host "[INFO]: Alert Analysis Dashboard already exists, skipping import" -ForegroundColor Gray
                        }
                    }
                    Catch{
                        #Oops
                        Write-Error "[ERROR]: Unable to import Alert Analysis dashboard from source: $_" 
                    }
                }
                Else{
                    Write-Host "[WARN]: Unable to import Alert Analysis dashboard template: PortalMetrics device not found, please deploy before attempting to deploy" -ForegroundColor Yellow
                }
            }
            
             #Setup common default options/imports
             If($IncludeDefaults){
                #Setup new user welcome message
                $MessageSubject = "LogicMonitor Account Created - (##USER##)"
                #Message Template
                $MessageTemplate = "PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMDEvL0VOIiAiaHR0cDovL3d3dy53My5vcmcvVFIvaHRtbDQvc3RyaWN0LmR0ZCI+PEhUTUw+PEhFQUQ+PFRJVExFPjwvVElUTEU+PC9IRUFEPjxCT0RZPjx0YWJsZSBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSI1IiBjZWxsc3BhY2luZz0iNSIgc3R5bGU9ImhlaWdodDo0MDBweDsgd2lkdGg6NTUwcHgiPgoJPHRib2R5PgoJCTx0cj4KCQkJPHRkPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTNweCI+QSBMb2dpY01vbml0b3IgYWNjb3VudCBoYXMgYmVlbiBjcmVhdGVkIGZvciB5b3UuIEhlcmUmIzM5O3Mgd2hhdCB5b3UgbmVlZCB0byBrbm93IHRvIGdldCBzdGFydGVkOjwvc3Bhbj4KCQkJPGRpdj48YnIgLz4KCQkJPHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxM3B4Ij5Mb2dnaW5nIGluOjwvc3Bhbj4KCQkJPHVsPgoJCQkJPGxpPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTNweCI+WW91IGNhbiBsb2cgaW4gdG8geW91ciBhY2NvdW50IGF0Jm5ic3A7PGEgaHJlZj0iaHR0cDovLyMjQ09NUEFOWSMjIyNET01BSU4jIy8iIHRhcmdldD0iX2JsYW5rIj4jI0NPTVBBTlkjIyMjRE9NQUlOIyM8L2E+PC9zcGFuPjwvbGk+CgkJCQk8bGk+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxM3B4Ij5Zb3UgbXVzdCBsb2cgaW4gd2l0aCB0aGUgdXNlciAmcXVvdDs8c3Ryb25nPiMjVVNFUiMjPC9zdHJvbmc+JnF1b3Q7IGFuZCB0aGUgcGFzc3dvcmQgY3JlYXRlZCZuYnNwO2ZvciB5b3VyIHVzZXIgYWNjb3VudDwvc3Bhbj48L2xpPgoJCQk8L3VsPgoKCQkJPHA+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxM3B4Ij48c3Ryb25nPk5vdGU6PC9zdHJvbmc+Jm5ic3A7SXQgaXMgcG9zc2libGUgdGhpcyBhY2NvdW50IHdhcyBnZW5lcmF0ZWQgYnkgeW91ciBMb2dpY01vbml0b3IgYWRtaW5pc3RhdG9yLCBpZiB5b3UgZG8gbm90IGtub3cgdGhlIHBhc3N3b3JkLCB5b3UgY2FuIHJlc2V0IHRoZSBwYXNzd29yZCBieSB2aXNpdGluZzogPGEgaHJlZj0iaHR0cDovLyMjQ09NUEFOWSMjIyNET01BSU4jIy8iIHRhcmdldD0iX2JsYW5rIj4jI0NPTVBBTlkjIyMjRE9NQUlOIyM8L2E+Jm5ic3A7YW5kIGNob29zaW5nICZxdW90OzxzdHJvbmc+SSBmb3Jnb3QgbXkgcGFzc3dvcmQ8L3N0cm9uZz4mcXVvdDs8L3NwYW4+PC9wPgoJCQk8L2Rpdj4KCgkJCTxkaXY+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxM3B4Ij5MZWFybmluZyBhYm91dCBMb2dpY01vbml0b3I6PC9zcGFuPgoKCQkJPHVsPgoJCQkJPGxpPgoJCQkJPHA+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxM3B4Ij5Mb2cgaW50byB5b3VyIHBvcnRhbCBhbmQgY2xpY2sgdGhlIFRyYWluaW5nIGxpbmsgaW4gdGhlIHVwcGVyIHJpZ2h0IGhhbmQgY29ybmVyLiBZb3Ugd2lsbCBmaW5kIGEgJnF1b3Q7R2V0dGluZyBTdGFydGVkIHdpdGggTG9naWNNb25pdG9yJnF1b3Q7IGNvdXJzZSB0aGVyZSB0byBoZWxwIHlvdSBiZWdpbiB5b3VyIExvZ2ljTW9uaXRvciBqb3VybmV5PC9zcGFuPjwvcD4KCQkJCTwvbGk+CgkJCQk8bGk+CgkJCQk8cD48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEzcHgiPlJlYWQgb3VyIDxhIGhyZWY9Imh0dHBzOi8vd3d3LmxvZ2ljbW9uaXRvci5jb20vc3VwcG9ydC9nZXR0aW5nLXN0YXJ0ZWQvaS1qdXN0LXNpZ25lZC11cC1mb3ItbG9naWNtb25pdG9yLW5vdy13aGF0LzEtYWJvdXQtdGhlLWxvZ2ljbW9uaXRvci1zb2x1dGlvbi8iPkdldHRpbmcgU3RhcnRlZCBHdWlkZTwvYT48L3NwYW4+PC9wPgoJCQkJPC9saT4KCQkJCTxsaT4KCQkJCTxwPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTNweCI+U2lnbiB1cCBmb3IgYSA8YSBocmVmPSJodHRwczovL3d3dy5sb2dpY21vbml0b3IuY29tL2xpdmUtdHJhaW5pbmctd2ViaW5hcnMvIj53ZWJpbmFyPC9hPiBvciByZXZpZXcgb3VyIDxhIGhyZWY9Imh0dHBzOi8vd3d3LmxvZ2ljbW9uaXRvci5jb20vYWNhZGVteS8iPm90aGVyIGF2YWlsYWJsZSByZXNvdXJjZXM8L2E+Jm5ic3A7PC9zcGFuPiZuYnNwOzwvcD4KCQkJCTwvbGk+CgkJCQk8bGk+CgkJCQk8cD48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEzcHgiPkNoZWNrIG91dCBvdXIgPGEgaHJlZj0iaHR0cHM6Ly93d3cubG9naWNtb25pdG9yLmNvbS9zdXBwb3J0LyI+c3VwcG9ydCBjZW50ZXI8L2E+PC9zcGFuPjwvcD4KCQkJCTwvbGk+CgkJCQk8bGk+CgkJCQk8cD48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEzcHgiPlN1YnNjcmliZSB0byBvdXIgPGEgaHJlZj0iaHR0cHM6Ly93d3cubG9naWNtb25pdG9yLmNvbS9yZWxlYXNlLW5vdGVzLyI+cmVsZWFzZSBub3RlczwvYT48L3NwYW4+PC9wPgoJCQkJPC9saT4KCQkJPC91bD4KCQkJPC9kaXY+CgoJCQk8ZGl2PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTNweCI+SWYgeW91IG5lZWQgaGVscDo8L3NwYW4+CgoJCQk8dWw+CgkJCQk8bGk+CgkJCQk8cD48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEzcHgiPkNvbnRhY3QgPGEgaHJlZj0iaHR0cHM6Ly9zdXBwb3J0LmxvZ2ljbW9uaXRvci5jb20vaGMvZW4tdXMvcmVxdWVzdHMvbmV3LyI+c3VwcG9ydDwvYT48L3NwYW4+PC9wPgoJCQkJPC9saT4KCQkJCTxsaT4KCQkJCTxwPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTNweCI+U2lnbiB1cCBmb3IgYSA8YSBocmVmPSJodHRwczovL3d3dy5sb2dpY21vbml0b3IuY29tL3N1cHBvcnQvY2VydGlmaWNhdGlvbi9sb2dpY21vbml0b3ItY2VydGlmaWNhdGlvbi1wcm9ncmFtcy8iPmNlcnRpZmljYXRpb24gY291cnNlPC9hPiBvciBmaW5kIGEgY2VydGlmaWVkIGluZGl2aWR1YWwgd2l0aGluIHlvdXIgY29tcGFueTwvc3Bhbj48L3A+CgkJCQk8L2xpPgoJCQk8L3VsPgoJCQk8L2Rpdj4KCgkJCTxkaXY+PGJyIC8+CgkJCTxzcGFuIHN0eWxlPSJmb250LXNpemU6MTNweCI+SGFwcHkgTW9uaXRvcmluZyE8L3NwYW4+PGJyIC8+CgkJCTxzcGFuIHN0eWxlPSJmb250LXNpemU6MTNweCI+VGhlIExvZ2ljTW9uaXRvciB0ZWFtPC9zcGFuPjwvZGl2PgoJCQk8L3RkPgoJCTwvdHI+Cgk8L3Rib2R5Pgo8L3RhYmxlPgo8L0JPRFk+PC9IVE1MPg=="
                $MessageTemplate = [Text.Encoding]::Utf8.GetString([Convert]::FromBase64String($MessageTemplate))

                Try{
                    $MessageResult = Set-LMNewUserMessage -MessageBody $MessageTemplate -MessageSubject $MessageSubject -ErrorAction Stop
                    Write-Host "[INFO]: Successfully updated new user welcome email template"
                }
                Catch{
                    Write-Error "[ERROR]: Unable to modify new user welcome email template: $_" 
                }

                #Set SSL_Cert DS to only alert on non self signed certs
                $SSLDatasourceName = "SSL_Certificates"
                $SSLDatasource = Get-LMDatasource -name $SSLDatasourceName
                If($SSLDatasource){
                    If($SSLDatasource.dataPoints.name.IndexOf("Alerting_DaysRemainingIfNotSelfSigned") -ne 1 -and $SSLDatasource.dataPoints.name.IndexOf("DaysRemaining") -ne 1){
                        Try{
                            $SSLDatasource.dataPoints[$SSLDatasource.dataPoints.name.IndexOf("Alerting_DaysRemainingIfNotSelfSigned")].alertExpr = "< 28 7 2"
                            $SSLDatasource.dataPoints[$SSLDatasource.dataPoints.name.IndexOf("DaysRemaining")].alertExpr = $null
                            $SSLResult = Set-LMDatasource -Id $SSLDatasource.id -Datapoints $SSLDatasource.datapoints -ErrorAction Stop
                            Write-Host "[INFO]: Successfully updated default alert thresholds on LogicModule ($SSLDatasourceName)"
                        }
                        Catch{
                            Write-Error "[ERROR]: Unable to modify default alert thresholds on LogicModule ($SSLDatasourceName): $_" 
                        }
                    }
                    Else{
                        #Unable to find required datapoints for modification
                        Write-Error "[ERROR]: Unable to modify default alert thresholds on LogicModule ($SSLDatasourceName), expected datapoints not found" 
                    }
                }
                Else{
                    #Unable to find SSL_Certificates DS
                    Write-Error "[ERROR]: Unable to locate LogicModule ($SSLDatasourceName), skipping alert threshold modification" 
                }

                #Import default DSes
                $ModuleList = @(
                    @{
                        name = "Microsoft_Windows_Services_AD.xml"
                        type = "datasource"
                        repo = "LogicMonitor-Dashboards/main/POV"
                    },
                    @{
                        name = "LogicMonitor_Collector_Configurations.xml"
                        type = "configsource"
                        repo = "LogicMonitor-Dashboards/main/POV"
                    },
                    @{
                        name = "NoData_Metrics.xml"
                        type = "datasource"
                        repo = "LogicMonitor-Dashboards/main/POV"
                    },
                    @{
                        name = "NoData_Tasks_By_Type_v2.xml"
                        type = "datasource"
                        repo = "LogicMonitor-Dashboards/main/POV"
                    },
                    @{
                        name = "NoData_Tasks_Overall_v2.xml"
                        type = "datasource"
                        repo = "LogicMonitor-Dashboards/main/POV"
                    },
                    @{
                        name = "NoData_Tasks_Discovery_v2.json"
                        type = "propertyrules"
                        repo = "LogicMonitor-Dashboards/main/POV"
                    }
                )
                Foreach($Module in $ModuleList){
                    $ModuleName = $Module.name.Split(".")[0]
                    $LogicModule = Switch($Module.type){
                        "datasource" {Get-LMDataSource -name $ModuleName}
                        "configsource" {Get-LMConfigSource -name $ModuleName}
                        "propertyrules" {Get-LMPropertySource -name $ModuleName}
                        default {Get-LMDataSource -name $ModuleName}
                    }
                    If(!$LogicModule){
                        Try{
                            $LogicModule = (Invoke-WebRequest -Uri "$GitubURI/$($Module.repo)/$($Module.name)").Content
                            Import-LMLogicModule -File $LogicModule -Type $Module.type -ErrorAction Stop
                            Write-Host "[INFO]: Successfully imported $ModuleName datasource"
                        }
                        Catch{
                            #Oops
                            Write-Error "[ERROR]: Unable to import $ModuleName LogicModule from source: $_" 
                        }
                    }
                    Else{
                        Write-Host "[INFO]: LogicModule $ModuleName already exists, skipping import" -ForegroundColor Gray
                    }
                }

                #Deploy Dynamic Dashboards
                $DashboardList = @(
                    @{
                        name = "Dynamic_Dashboard_-_Network_Performance.json"
                        repo = "LogicMonitor-Dashboards/main/Dynamic%20Dashboards"
                    },
                    @{
                        name = "Dynamic_Dashboard_-_Windows.json"
                        repo = "LogicMonitor-Dashboards/main/Dynamic%20Dashboards"
                    },
                    @{
                        name = "Dynamic_Dashboard_-_Windows_(Textbox_Selector).json"
                        repo = "LogicMonitor-Dashboards/main/Dynamic%20Dashboards"
                    },
                    # @{
                    # name = "Dynamic_Dashboard_-_vCenter_VMs.json"
                    # repo = "LogicMonitor-Dashboards/main/Dynamic%20Dashboards"
                    # },
                    @{
                        name = "Dynamic_Server-at-a-Glance__Linux(SNMP).json"
                        repo = "LogicMonitor-Dashboards/main/Dynamic%20Dashboards"
                    },
                    @{
                        name = "Dynamic_Server-at-a-Glance__Linux(SSH).json"
                        repo = "LogicMonitor-Dashboards/main/Dynamic%20Dashboards"
                    },
                    @{
                        name = "Dynamic_Server-at-a-Glance__Windows.json"
                        repo = "LogicMonitor-Dashboards/main/Dynamic%20Dashboards"
                    }
                )

                #Generate API Key and Role
                $DashboardAPIRoleName = "lm-dynamic-dashboards"
                $DashboardAPIUserName = "lm_dynamic_dashboards"
                $DashboardAPIRole = Get-LMRole -Name $DashboardAPIRoleName
                $DashboardAPIUser = Get-LMUser -Name $DashboardAPIUserName
                If(!$DashboardAPIRole){
                    $DashboardAPIRole = New-LMRole -Name $DashboardAPIRoleName -ResourcePermission view -DashboardsPermission manage -Description "Auto provisioned for use with dynamic dashboards"
                    Write-Host "[INFO]: Successfully generated required API role ($DashboardAPIRoleName) for dynamic dashboards"
                }
                If(!$DashboardAPIUser){
                    $DashboardAPIUser = New-LMAPIUser -Username "$DashboardAPIUserName" -note "Auto provisioned for use with dynamic dashboards" -RoleNames @($DashboardAPIRoleName)
                    Write-Host "[INFO]: Successfully generated required API user ($DashboardAPIUserName) for dynamic dashboards"
                }
                If($DashboardAPIRole -and $DashboardAPIUser){
                    $APIToken = New-LMAPIToken -Username $DashboardAPIUserName -Note "Auto provisioned for use with dynamic dashboards"
                    If($APIToken){
                        Write-Host "[INFO]: Successfully generated required API token for dynamic dashboards for user: $DashboardAPIUserName"
                    }
                }
                Else{
                    Write-Host "Unable to generate required API token for dynamic dashboards, manually update the required tokens to use dynamic dashboards"
                }

                Write-Host "[INFO]: Importing dynamic dashboards from repo."
                $DynamicDashboardGroup = (Get-LMDashboardGroup -Name "Dynamic Dashboards").Id
                If(!$DynamicDashboardGroup){
                    $DynamicDashboardGroup = (New-LMDashboardGroup -Name "Dynamic Dashboards" -ParentGroupId 1).Id
                }

                Foreach($Dashboard in $DashboardList){
                    Try{
                        $DashboardFile = (Invoke-WebRequest -Uri "$GitubURI/$($Dashboard.repo)/$($Dashboard.name)").Content
                        If(!$(Get-LMDashboard -Name $(($DashboardFile | ConvertFrom-Json).Name))){
                            $ImportedDashboard = Import-LMDashboard -File $DashboardFile -ReplaceAPITokensOnImport -APIToken $APIToken -ParentGroupId $DynamicDashboardGroup -ErrorAction Stop
                        }
                        Else{
                            Write-Host "[INFO]: Dashboard $($Dashboard.name) already exists, skipping import" -ForegroundColor Gray
                        }
                    }
                    Catch{
                        #Oops
                        Write-Error "[ERROR]: Unable to import $($Dashboard.name) template from source: $_" 
                    }
                }

            }
        }
        Else {
            Write-Error "Please ensure you are logged in before running any commands, use Connect-LMAccount to login and try again."
        }
    }
    End {}
}