Bicep resource definition
The dataConnectors resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.SecurityInsights/dataConnectors resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.SecurityInsights/dataConnectors@2023-09-01-preview' = {
etag: 'string'
name: 'string'
kind: 'string'
// For remaining properties, see Microsoft.SecurityInsights/dataConnectors objects
}
Microsoft.SecurityInsights/dataConnectors objects
Set the kind property to specify the type of object.
For APIPolling, use:
{
kind: 'APIPolling'
properties: {
connectorUiConfig: {
availability: {
isPreview: bool
status: '1'
}
connectivityCriteria: [
{
type: 'string'
value: [
'string'
]
}
]
customImage: 'string'
dataTypes: [
{
lastDataReceivedQuery: 'string'
name: 'string'
}
]
descriptionMarkdown: 'string'
graphQueries: [
{
baseQuery: 'string'
legend: 'string'
metricName: 'string'
}
]
graphQueriesTableName: 'string'
instructionSteps: [
{
description: 'string'
instructions: [
{
parameters: any(...)
type: 'string'
}
]
title: 'string'
}
]
permissions: {
customs: [
{
description: 'string'
name: 'string'
}
]
resourceProvider: [
{
permissionsDisplayText: 'string'
provider: 'string'
providerDisplayName: 'string'
requiredPermissions: {
action: bool
delete: bool
read: bool
write: bool
}
scope: 'string'
}
]
}
publisher: 'string'
sampleQueries: [
{
description: 'string'
query: 'string'
}
]
title: 'string'
}
pollingConfig: {
auth: {
apiKeyIdentifier: 'string'
apiKeyName: 'string'
authorizationEndpoint: 'string'
authorizationEndpointQueryParameters: any(...)
authType: 'string'
flowName: 'string'
isApiKeyInPostPayload: 'string'
isClientSecretInHeader: bool
redirectionEndpoint: 'string'
scope: 'string'
tokenEndpoint: 'string'
tokenEndpointHeaders: any(...)
tokenEndpointQueryParameters: any(...)
}
isActive: bool
paging: {
nextPageParaName: 'string'
nextPageTokenJsonPath: 'string'
pageCountAttributePath: 'string'
pageSize: int
pageSizeParaName: 'string'
pageTimeStampAttributePath: 'string'
pageTotalCountAttributePath: 'string'
pagingType: 'string'
searchTheLatestTimeStampFromEventsList: 'string'
}
request: {
apiEndpoint: 'string'
endTimeAttributeName: 'string'
headers: any(...)
httpMethod: 'string'
queryParameters: any(...)
queryParametersTemplate: 'string'
queryTimeFormat: 'string'
queryWindowInMin: int
rateLimitQps: int
retryCount: int
startTimeAttributeName: 'string'
timeoutInSeconds: int
}
response: {
eventsJsonPaths: [
'string'
]
isGzipCompressed: bool
successStatusJsonPath: 'string'
successStatusValue: 'string'
}
}
}
}
For AmazonWebServicesCloudTrail, use:
{
kind: 'AmazonWebServicesCloudTrail'
properties: {
awsRoleArn: 'string'
dataTypes: {
logs: {
state: 'string'
}
}
}
}
For AmazonWebServicesS3, use:
{
kind: 'AmazonWebServicesS3'
properties: {
dataTypes: {
logs: {
state: 'string'
}
}
destinationTable: 'string'
roleArn: 'string'
sqsUrls: [
'string'
]
}
}
For AzureActiveDirectory, use:
{
kind: 'AzureActiveDirectory'
properties: {
dataTypes: {
alerts: {
state: 'string'
}
}
tenantId: 'string'
}
}
For AzureAdvancedThreatProtection, use:
{
kind: 'AzureAdvancedThreatProtection'
properties: {
dataTypes: {
alerts: {
state: 'string'
}
}
tenantId: 'string'
}
}
For AzureSecurityCenter, use:
{
kind: 'AzureSecurityCenter'
properties: {
dataTypes: {
alerts: {
state: 'string'
}
}
subscriptionId: 'string'
}
}
For Dynamics365, use:
{
kind: 'Dynamics365'
properties: {
dataTypes: {
dynamics365CdsActivities: {
state: 'string'
}
}
tenantId: 'string'
}
}
For GCP, use:
{
kind: 'GCP'
properties: {
auth: {
projectNumber: 'string'
serviceAccountEmail: 'string'
workloadIdentityProviderId: 'string'
}
connectorDefinitionName: 'string'
dcrConfig: {
dataCollectionEndpoint: 'string'
dataCollectionRuleImmutableId: 'string'
streamName: 'string'
}
request: {
projectId: 'string'
subscriptionNames: [
'string'
]
}
}
}
For GenericUI, use:
{
kind: 'GenericUI'
properties: {
connectorUiConfig: {
availability: {
isPreview: bool
status: '1'
}
connectivityCriteria: [
{
type: 'string'
value: [
'string'
]
}
]
customImage: 'string'
dataTypes: [
{
lastDataReceivedQuery: 'string'
name: 'string'
}
]
descriptionMarkdown: 'string'
graphQueries: [
{
baseQuery: 'string'
legend: 'string'
metricName: 'string'
}
]
graphQueriesTableName: 'string'
instructionSteps: [
{
description: 'string'
instructions: [
{
parameters: any(...)
type: 'string'
}
]
title: 'string'
}
]
permissions: {
customs: [
{
description: 'string'
name: 'string'
}
]
resourceProvider: [
{
permissionsDisplayText: 'string'
provider: 'string'
providerDisplayName: 'string'
requiredPermissions: {
action: bool
delete: bool
read: bool
write: bool
}
scope: 'string'
}
]
}
publisher: 'string'
sampleQueries: [
{
description: 'string'
query: 'string'
}
]
title: 'string'
}
}
}
For IOT, use:
{
kind: 'IOT'
properties: {
dataTypes: {
alerts: {
state: 'string'
}
}
subscriptionId: 'string'
}
}
For MicrosoftCloudAppSecurity, use:
{
kind: 'MicrosoftCloudAppSecurity'
properties: {
dataTypes: {
alerts: {
state: 'string'
}
discoveryLogs: {
state: 'string'
}
}
tenantId: 'string'
}
}
For MicrosoftDefenderAdvancedThreatProtection, use:
{
kind: 'MicrosoftDefenderAdvancedThreatProtection'
properties: {
dataTypes: {
alerts: {
state: 'string'
}
}
tenantId: 'string'
}
}
For MicrosoftPurviewInformationProtection, use:
{
kind: 'MicrosoftPurviewInformationProtection'
properties: {
dataTypes: {
logs: {
state: 'string'
}
}
tenantId: 'string'
}
}
For MicrosoftThreatIntelligence, use:
{
kind: 'MicrosoftThreatIntelligence'
properties: {
dataTypes: {
microsoftEmergingThreatFeed: {
lookbackPeriod: 'string'
state: 'string'
}
}
tenantId: 'string'
}
}
For MicrosoftThreatProtection, use:
{
kind: 'MicrosoftThreatProtection'
properties: {
dataTypes: {
alerts: {
state: 'string'
}
incidents: {
state: 'string'
}
}
filteredProviders: {
alerts: [
'string'
]
}
tenantId: 'string'
}
}
For Office365, use:
{
kind: 'Office365'
properties: {
dataTypes: {
exchange: {
state: 'string'
}
sharePoint: {
state: 'string'
}
teams: {
state: 'string'
}
}
tenantId: 'string'
}
}
For Office365Project, use:
{
kind: 'Office365Project'
properties: {
dataTypes: {
logs: {
state: 'string'
}
}
tenantId: 'string'
}
}
For OfficeATP, use:
{
kind: 'OfficeATP'
properties: {
dataTypes: {
alerts: {
state: 'string'
}
}
tenantId: 'string'
}
}
For OfficeIRM, use:
{
kind: 'OfficeIRM'
properties: {
dataTypes: {
alerts: {
state: 'string'
}
}
tenantId: 'string'
}
}
For OfficePowerBI, use:
{
kind: 'OfficePowerBI'
properties: {
dataTypes: {
logs: {
state: 'string'
}
}
tenantId: 'string'
}
}
For ThreatIntelligence, use:
{
kind: 'ThreatIntelligence'
properties: {
dataTypes: {
indicators: {
state: 'string'
}
}
tenantId: 'string'
tipLookbackPeriod: 'string'
}
}
For ThreatIntelligenceTaxii, use:
{
kind: 'ThreatIntelligenceTaxii'
properties: {
collectionId: 'string'
dataTypes: {
taxiiClient: {
state: 'string'
}
}
friendlyName: 'string'
password: 'string'
pollingFrequency: 'string'
taxiiLookbackPeriod: 'string'
taxiiServer: 'string'
tenantId: 'string'
userName: 'string'
workspaceId: 'string'
}
}
Property Values
Microsoft.SecurityInsights/dataConnectors
AADDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'AzureActiveDirectory' (required) |
properties |
AADIP (Azure Active Directory Identity Protection) data connector properties. |
AADDataConnectorProperties |
AADDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
AlertsDataTypeOfDataConnector |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
AatpDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'AzureAdvancedThreatProtection' (required) |
properties |
AATP (Azure Advanced Threat Protection) data connector properties. |
AatpDataConnectorProperties |
AatpDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
AlertsDataTypeOfDataConnector |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
AlertsDataTypeOfDataConnector
ApiPollingParameters
ASCDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'AzureSecurityCenter' (required) |
properties |
ASC (Azure Security Center) data connector properties. |
ASCDataConnectorProperties |
ASCDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
AlertsDataTypeOfDataConnector |
subscriptionId |
The subscription id to connect to, and get the data from. |
string |
Availability
Name |
Description |
Value |
isPreview |
Set connector as preview |
bool |
status |
The connector Availability Status |
'1' |
AwsCloudTrailDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'AmazonWebServicesCloudTrail' (required) |
properties |
Amazon Web Services CloudTrail data connector properties. |
AwsCloudTrailDataConnectorProperties |
AwsCloudTrailDataConnectorDataTypes
AwsCloudTrailDataConnectorDataTypesLogs
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
AwsCloudTrailDataConnectorProperties
Name |
Description |
Value |
awsRoleArn |
The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account. |
string |
dataTypes |
The available data types for the connector. |
AwsCloudTrailDataConnectorDataTypes (required) |
AwsS3DataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'AmazonWebServicesS3' (required) |
properties |
Amazon Web Services S3 data connector properties. |
AwsS3DataConnectorProperties |
AwsS3DataConnectorDataTypes
AwsS3DataConnectorDataTypesLogs
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
AwsS3DataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
AwsS3DataConnectorDataTypes (required) |
destinationTable |
The logs destination table name in LogAnalytics. |
string (required) |
roleArn |
The Aws Role Arn that is used to access the Aws account. |
string (required) |
sqsUrls |
The AWS sqs urls for the connector. |
string[] (required) |
CodelessApiPollingDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'APIPolling' (required) |
properties |
Codeless poling data connector properties |
ApiPollingParameters |
CodelessConnectorPollingAuthProperties
Name |
Description |
Value |
apiKeyIdentifier |
A prefix send in the header before the actual token |
string |
apiKeyName |
The header name which the token is sent with |
string |
authorizationEndpoint |
The endpoint used to authorize the user, used in Oauth 2.0 flow |
string |
authorizationEndpointQueryParameters |
The query parameters used in authorization request, used in Oauth 2.0 flow |
any |
authType |
The authentication type |
string (required) |
flowName |
Describes the flow name, for example 'AuthCode' for Oauth 2.0 |
string |
isApiKeyInPostPayload |
Marks if the key should sent in header |
string |
isClientSecretInHeader |
Marks if we should send the client secret in header or payload, used in Oauth 2.0 flow |
bool |
redirectionEndpoint |
The redirect endpoint where we will get the authorization code, used in Oauth 2.0 flow |
string |
scope |
The OAuth token scope |
string |
tokenEndpoint |
The endpoint used to issue a token, used in Oauth 2.0 flow |
string |
tokenEndpointHeaders |
The query headers used in token request, used in Oauth 2.0 flow |
any |
tokenEndpointQueryParameters |
The query parameters used in token request, used in Oauth 2.0 flow |
any |
CodelessConnectorPollingConfigProperties
CodelessConnectorPollingPagingProperties
Name |
Description |
Value |
nextPageParaName |
Defines the name of a next page attribute |
string |
nextPageTokenJsonPath |
Defines the path to a next page token JSON |
string |
pageCountAttributePath |
Defines the path to a page count attribute |
string |
pageSize |
Defines the paging size |
int |
pageSizeParaName |
Defines the name of the page size parameter |
string |
pageTimeStampAttributePath |
Defines the path to a paging time stamp attribute |
string |
pageTotalCountAttributePath |
Defines the path to a page total count attribute |
string |
pagingType |
Describes the type. could be 'None', 'PageToken', 'PageCount', 'TimeStamp' |
string (required) |
searchTheLatestTimeStampFromEventsList |
Determines whether to search for the latest time stamp in the events list |
string |
CodelessConnectorPollingRequestProperties
Name |
Description |
Value |
apiEndpoint |
Describe the endpoint we should pull the data from |
string (required) |
endTimeAttributeName |
This will be used the query events from the end of the time window |
string |
headers |
Describe the headers sent in the poll request |
any |
httpMethod |
The http method type we will use in the poll request, GET or POST |
string (required) |
queryParameters |
Describe the query parameters sent in the poll request |
any |
queryParametersTemplate |
For advanced scenarios for example user name/password embedded in nested JSON payload |
string |
queryTimeFormat |
The time format will be used the query events in a specific window |
string (required) |
queryWindowInMin |
The window interval we will use the pull the data |
int (required) |
rateLimitQps |
Defines the rate limit QPS |
int |
retryCount |
Describe the amount of time we should try and poll the data in case of failure |
int |
startTimeAttributeName |
This will be used the query events from a start of the time window |
string |
timeoutInSeconds |
The number of seconds we will consider as a request timeout |
int |
CodelessConnectorPollingResponseProperties
Name |
Description |
Value |
eventsJsonPaths |
Describes the path we should extract the data in the response |
string[] (required) |
isGzipCompressed |
Describes if the data in the response is Gzip |
bool |
successStatusJsonPath |
Describes the path we should extract the status code in the response |
string |
successStatusValue |
Describes the path we should extract the status value in the response |
string |
CodelessParameters
CodelessUiConnectorConfigProperties
CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem
Name |
Description |
Value |
type |
type of connectivity |
'IsConnectedQuery' |
value |
Queries for checking connectivity |
string[] |
CodelessUiConnectorConfigPropertiesDataTypesItem
Name |
Description |
Value |
lastDataReceivedQuery |
Query for indicate last data received |
string |
name |
Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder |
string |
CodelessUiConnectorConfigPropertiesGraphQueriesItem
Name |
Description |
Value |
baseQuery |
The base query for the graph |
string |
legend |
The legend for the graph |
string |
metricName |
the metric that the query is checking |
string |
CodelessUiConnectorConfigPropertiesInstructionStepsItem
Name |
Description |
Value |
description |
Instruction step description |
string |
instructions |
Instruction step details |
InstructionStepsInstructionsItem[] |
title |
Instruction step title |
string |
CodelessUiConnectorConfigPropertiesSampleQueriesItem
Name |
Description |
Value |
description |
The sample query description |
string |
query |
the sample query |
string |
CodelessUiDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'GenericUI' (required) |
properties |
Codeless UI data connector properties |
CodelessParameters |
DataConnectorDataTypeCommon
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
DCRConfiguration
Name |
Description |
Value |
dataCollectionEndpoint |
Represents the data collection ingestion endpoint in log analytics. |
string (required) |
dataCollectionRuleImmutableId |
The data collection rule immutable id, the rule defines the transformation and data destination. |
string (required) |
streamName |
The stream we are sending the data to. |
string (required) |
Dynamics365DataConnector
Dynamics365DataConnectorDataTypes
Dynamics365DataConnectorDataTypesDynamics365CdsActivities
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
Dynamics365DataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
Dynamics365DataConnectorDataTypes (required) |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
GCPAuthProperties
Name |
Description |
Value |
projectNumber |
The GCP project number. |
string (required) |
serviceAccountEmail |
The service account that is used to access the GCP project. |
string (required) |
workloadIdentityProviderId |
The workload identity provider id that is used to gain access to the GCP project. |
string (required) |
GCPDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'GCP' (required) |
properties |
Google Cloud Platform data connector properties. |
GCPDataConnectorProperties |
GCPDataConnectorProperties
Name |
Description |
Value |
auth |
The auth section of the connector. |
GCPAuthProperties (required) |
connectorDefinitionName |
The name of the connector definition that represents the UI config. |
string (required) |
dcrConfig |
The configuration of the destination of the data. |
DCRConfiguration |
request |
The request section of the connector. |
GCPRequestProperties (required) |
GCPRequestProperties
Name |
Description |
Value |
projectId |
The GCP project id. |
string (required) |
subscriptionNames |
The GCP pub/sub subscription names. |
string[] (required) |
InstructionStepsInstructionsItem
Name |
Description |
Value |
parameters |
The parameters for the setting |
any |
type |
The kind of the setting |
'CopyableLabel' 'InfoMessage' 'InstructionStepsGroup' (required) |
IoTDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'IOT' (required) |
properties |
IoT data connector properties. |
IoTDataConnectorProperties |
IoTDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
AlertsDataTypeOfDataConnector |
subscriptionId |
The subscription id to connect to, and get the data from. |
string |
McasDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'MicrosoftCloudAppSecurity' (required) |
properties |
MCAS (Microsoft Cloud App Security) data connector properties. |
McasDataConnectorProperties |
McasDataConnectorDataTypes
McasDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
McasDataConnectorDataTypes (required) |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
MdatpDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'MicrosoftDefenderAdvancedThreatProtection' (required) |
properties |
MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. |
MdatpDataConnectorProperties |
MdatpDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
AlertsDataTypeOfDataConnector |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
MstiDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'MicrosoftThreatIntelligence' (required) |
properties |
Microsoft Threat Intelligence data connector properties. |
MstiDataConnectorProperties |
MstiDataConnectorDataTypes
MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed
Name |
Description |
Value |
lookbackPeriod |
The lookback period for the feed to be imported. |
string (required) |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
MstiDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
MstiDataConnectorDataTypes (required) |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
MTPDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'MicrosoftThreatProtection' (required) |
properties |
MTP (Microsoft Threat Protection) data connector properties. |
MTPDataConnectorProperties |
MTPDataConnectorDataTypes
MTPDataConnectorDataTypesAlerts
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
MTPDataConnectorDataTypesIncidents
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
MTPDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
MTPDataConnectorDataTypes (required) |
filteredProviders |
The available filtered providers for the connector. |
MtpFilteredProviders |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
MtpFilteredProviders
Name |
Description |
Value |
alerts |
Alerts filtered providers. When filters are not applied, all alerts will stream through the MTP pipeline, still in private preview for all products EXCEPT MDA and MDI, which are in GA state. |
String array containing any of: 'microsoftDefenderForCloudApps' 'microsoftDefenderForIdentity' (required) |
Office365ProjectConnectorDataTypes
Office365ProjectConnectorDataTypesLogs
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
Office365ProjectDataConnector
Office365ProjectDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
Office365ProjectConnectorDataTypes (required) |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
OfficeATPDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'OfficeATP' (required) |
properties |
OfficeATP (Office 365 Advanced Threat Protection) data connector properties. |
OfficeATPDataConnectorProperties |
OfficeATPDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
AlertsDataTypeOfDataConnector |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
OfficeDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'Office365' (required) |
properties |
Office data connector properties. |
OfficeDataConnectorProperties |
OfficeDataConnectorDataTypes
OfficeDataConnectorDataTypesExchange
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
OfficeDataConnectorDataTypesSharePoint
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
OfficeDataConnectorDataTypesTeams
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
OfficeDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
OfficeDataConnectorDataTypes (required) |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
OfficeIRMDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'OfficeIRM' (required) |
properties |
OfficeIRM (Microsoft Insider Risk Management) data connector properties. |
OfficeIRMDataConnectorProperties |
OfficeIRMDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
AlertsDataTypeOfDataConnector |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
OfficePowerBIConnectorDataTypes
OfficePowerBIConnectorDataTypesLogs
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
OfficePowerBIDataConnector
OfficePowerBIDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
OfficePowerBIConnectorDataTypes (required) |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
Permissions
PermissionsCustomsItem
Name |
Description |
Value |
description |
Customs permissions description |
string |
name |
Customs permissions name |
string |
PermissionsResourceProviderItem
Name |
Description |
Value |
permissionsDisplayText |
Permission description text |
string |
provider |
Provider name |
'microsoft.aadiam/diagnosticSettings' 'Microsoft.Authorization/policyAssignments' 'Microsoft.OperationalInsights/solutions' 'Microsoft.OperationalInsights/workspaces' 'Microsoft.OperationalInsights/workspaces/datasources' 'Microsoft.OperationalInsights/workspaces/sharedKeys' |
providerDisplayName |
Permission provider display name |
string |
requiredPermissions |
Required permissions for the connector |
RequiredPermissions |
scope |
Permission provider scope |
'ResourceGroup' 'Subscription' 'Workspace' |
RequiredPermissions
Name |
Description |
Value |
action |
action permission |
bool |
delete |
delete permission |
bool |
read |
read permission |
bool |
write |
write permission |
bool |
TIDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'ThreatIntelligence' (required) |
properties |
TI (Threat Intelligence) data connector properties. |
TIDataConnectorProperties |
TIDataConnectorDataTypes
TIDataConnectorDataTypesIndicators
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
TIDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
TIDataConnectorDataTypes (required) |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
tipLookbackPeriod |
The lookback period for the feed to be imported. |
string |
TiTaxiiDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'ThreatIntelligenceTaxii' (required) |
properties |
Threat intelligence TAXII data connector properties. |
TiTaxiiDataConnectorProperties |
TiTaxiiDataConnectorDataTypes
TiTaxiiDataConnectorDataTypesTaxiiClient
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
TiTaxiiDataConnectorProperties
Name |
Description |
Value |
collectionId |
The collection id of the TAXII server. |
string |
dataTypes |
The available data types for Threat Intelligence TAXII data connector. |
TiTaxiiDataConnectorDataTypes (required) |
friendlyName |
The friendly name for the TAXII server. |
string |
password |
The password for the TAXII server. |
string |
pollingFrequency |
The polling frequency for the TAXII server. |
'OnceADay' 'OnceAMinute' 'OnceAnHour' (required) |
taxiiLookbackPeriod |
The lookback period for the TAXII server. |
string |
taxiiServer |
The API root for the TAXII server. |
string |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
userName |
The userName for the TAXII server. |
string |
workspaceId |
The workspace id. |
string |
ARM template resource definition
The dataConnectors resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.SecurityInsights/dataConnectors resource, add the following JSON to your template.
{
"etag": "string",
"name": "string",
"kind": "string"
// For remaining properties, see Microsoft.SecurityInsights/dataConnectors objects
}
Microsoft.SecurityInsights/dataConnectors objects
Set the kind property to specify the type of object.
For APIPolling, use:
{
"kind": "APIPolling",
"properties": {
"connectorUiConfig": {
"availability": {
"isPreview": "bool",
"status": "1"
},
"connectivityCriteria": [
{
"type": "string",
"value": [ "string" ]
}
],
"customImage": "string",
"dataTypes": [
{
"lastDataReceivedQuery": "string",
"name": "string"
}
],
"descriptionMarkdown": "string",
"graphQueries": [
{
"baseQuery": "string",
"legend": "string",
"metricName": "string"
}
],
"graphQueriesTableName": "string",
"instructionSteps": [
{
"description": "string",
"instructions": [
{
"parameters": {},
"type": "string"
}
],
"title": "string"
}
],
"permissions": {
"customs": [
{
"description": "string",
"name": "string"
}
],
"resourceProvider": [
{
"permissionsDisplayText": "string",
"provider": "string",
"providerDisplayName": "string",
"requiredPermissions": {
"action": "bool",
"delete": "bool",
"read": "bool",
"write": "bool"
},
"scope": "string"
}
]
},
"publisher": "string",
"sampleQueries": [
{
"description": "string",
"query": "string"
}
],
"title": "string"
},
"pollingConfig": {
"auth": {
"apiKeyIdentifier": "string",
"apiKeyName": "string",
"authorizationEndpoint": "string",
"authorizationEndpointQueryParameters": {},
"authType": "string",
"flowName": "string",
"isApiKeyInPostPayload": "string",
"isClientSecretInHeader": "bool",
"redirectionEndpoint": "string",
"scope": "string",
"tokenEndpoint": "string",
"tokenEndpointHeaders": {},
"tokenEndpointQueryParameters": {}
},
"isActive": "bool",
"paging": {
"nextPageParaName": "string",
"nextPageTokenJsonPath": "string",
"pageCountAttributePath": "string",
"pageSize": "int",
"pageSizeParaName": "string",
"pageTimeStampAttributePath": "string",
"pageTotalCountAttributePath": "string",
"pagingType": "string",
"searchTheLatestTimeStampFromEventsList": "string"
},
"request": {
"apiEndpoint": "string",
"endTimeAttributeName": "string",
"headers": {},
"httpMethod": "string",
"queryParameters": {},
"queryParametersTemplate": "string",
"queryTimeFormat": "string",
"queryWindowInMin": "int",
"rateLimitQps": "int",
"retryCount": "int",
"startTimeAttributeName": "string",
"timeoutInSeconds": "int"
},
"response": {
"eventsJsonPaths": [ "string" ],
"isGzipCompressed": "bool",
"successStatusJsonPath": "string",
"successStatusValue": "string"
}
}
}
}
For AmazonWebServicesCloudTrail, use:
{
"kind": "AmazonWebServicesCloudTrail",
"properties": {
"awsRoleArn": "string",
"dataTypes": {
"logs": {
"state": "string"
}
}
}
}
For AmazonWebServicesS3, use:
{
"kind": "AmazonWebServicesS3",
"properties": {
"dataTypes": {
"logs": {
"state": "string"
}
},
"destinationTable": "string",
"roleArn": "string",
"sqsUrls": [ "string" ]
}
}
For AzureActiveDirectory, use:
{
"kind": "AzureActiveDirectory",
"properties": {
"dataTypes": {
"alerts": {
"state": "string"
}
},
"tenantId": "string"
}
}
For AzureAdvancedThreatProtection, use:
{
"kind": "AzureAdvancedThreatProtection",
"properties": {
"dataTypes": {
"alerts": {
"state": "string"
}
},
"tenantId": "string"
}
}
For AzureSecurityCenter, use:
{
"kind": "AzureSecurityCenter",
"properties": {
"dataTypes": {
"alerts": {
"state": "string"
}
},
"subscriptionId": "string"
}
}
For Dynamics365, use:
{
"kind": "Dynamics365",
"properties": {
"dataTypes": {
"dynamics365CdsActivities": {
"state": "string"
}
},
"tenantId": "string"
}
}
For GCP, use:
{
"kind": "GCP",
"properties": {
"auth": {
"projectNumber": "string",
"serviceAccountEmail": "string",
"workloadIdentityProviderId": "string"
},
"connectorDefinitionName": "string",
"dcrConfig": {
"dataCollectionEndpoint": "string",
"dataCollectionRuleImmutableId": "string",
"streamName": "string"
},
"request": {
"projectId": "string",
"subscriptionNames": [ "string" ]
}
}
}
For GenericUI, use:
{
"kind": "GenericUI",
"properties": {
"connectorUiConfig": {
"availability": {
"isPreview": "bool",
"status": "1"
},
"connectivityCriteria": [
{
"type": "string",
"value": [ "string" ]
}
],
"customImage": "string",
"dataTypes": [
{
"lastDataReceivedQuery": "string",
"name": "string"
}
],
"descriptionMarkdown": "string",
"graphQueries": [
{
"baseQuery": "string",
"legend": "string",
"metricName": "string"
}
],
"graphQueriesTableName": "string",
"instructionSteps": [
{
"description": "string",
"instructions": [
{
"parameters": {},
"type": "string"
}
],
"title": "string"
}
],
"permissions": {
"customs": [
{
"description": "string",
"name": "string"
}
],
"resourceProvider": [
{
"permissionsDisplayText": "string",
"provider": "string",
"providerDisplayName": "string",
"requiredPermissions": {
"action": "bool",
"delete": "bool",
"read": "bool",
"write": "bool"
},
"scope": "string"
}
]
},
"publisher": "string",
"sampleQueries": [
{
"description": "string",
"query": "string"
}
],
"title": "string"
}
}
}
For IOT, use:
{
"kind": "IOT",
"properties": {
"dataTypes": {
"alerts": {
"state": "string"
}
},
"subscriptionId": "string"
}
}
For MicrosoftCloudAppSecurity, use:
{
"kind": "MicrosoftCloudAppSecurity",
"properties": {
"dataTypes": {
"alerts": {
"state": "string"
},
"discoveryLogs": {
"state": "string"
}
},
"tenantId": "string"
}
}
For MicrosoftDefenderAdvancedThreatProtection, use:
{
"kind": "MicrosoftDefenderAdvancedThreatProtection",
"properties": {
"dataTypes": {
"alerts": {
"state": "string"
}
},
"tenantId": "string"
}
}
For MicrosoftPurviewInformationProtection, use:
{
"kind": "MicrosoftPurviewInformationProtection",
"properties": {
"dataTypes": {
"logs": {
"state": "string"
}
},
"tenantId": "string"
}
}
For MicrosoftThreatIntelligence, use:
{
"kind": "MicrosoftThreatIntelligence",
"properties": {
"dataTypes": {
"microsoftEmergingThreatFeed": {
"lookbackPeriod": "string",
"state": "string"
}
},
"tenantId": "string"
}
}
For MicrosoftThreatProtection, use:
{
"kind": "MicrosoftThreatProtection",
"properties": {
"dataTypes": {
"alerts": {
"state": "string"
},
"incidents": {
"state": "string"
}
},
"filteredProviders": {
"alerts": [ "string" ]
},
"tenantId": "string"
}
}
For Office365, use:
{
"kind": "Office365",
"properties": {
"dataTypes": {
"exchange": {
"state": "string"
},
"sharePoint": {
"state": "string"
},
"teams": {
"state": "string"
}
},
"tenantId": "string"
}
}
For Office365Project, use:
{
"kind": "Office365Project",
"properties": {
"dataTypes": {
"logs": {
"state": "string"
}
},
"tenantId": "string"
}
}
For OfficeATP, use:
{
"kind": "OfficeATP",
"properties": {
"dataTypes": {
"alerts": {
"state": "string"
}
},
"tenantId": "string"
}
}
For OfficeIRM, use:
{
"kind": "OfficeIRM",
"properties": {
"dataTypes": {
"alerts": {
"state": "string"
}
},
"tenantId": "string"
}
}
For OfficePowerBI, use:
{
"kind": "OfficePowerBI",
"properties": {
"dataTypes": {
"logs": {
"state": "string"
}
},
"tenantId": "string"
}
}
For ThreatIntelligence, use:
{
"kind": "ThreatIntelligence",
"properties": {
"dataTypes": {
"indicators": {
"state": "string"
}
},
"tenantId": "string",
"tipLookbackPeriod": "string"
}
}
For ThreatIntelligenceTaxii, use:
{
"kind": "ThreatIntelligenceTaxii",
"properties": {
"collectionId": "string",
"dataTypes": {
"taxiiClient": {
"state": "string"
}
},
"friendlyName": "string",
"password": "string",
"pollingFrequency": "string",
"taxiiLookbackPeriod": "string",
"taxiiServer": "string",
"tenantId": "string",
"userName": "string",
"workspaceId": "string"
}
}
Property Values
Microsoft.SecurityInsights/dataConnectors
AADDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'AzureActiveDirectory' (required) |
properties |
AADIP (Azure Active Directory Identity Protection) data connector properties. |
AADDataConnectorProperties |
AADDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
AlertsDataTypeOfDataConnector |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
AatpDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'AzureAdvancedThreatProtection' (required) |
properties |
AATP (Azure Advanced Threat Protection) data connector properties. |
AatpDataConnectorProperties |
AatpDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
AlertsDataTypeOfDataConnector |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
AlertsDataTypeOfDataConnector
ApiPollingParameters
ASCDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'AzureSecurityCenter' (required) |
properties |
ASC (Azure Security Center) data connector properties. |
ASCDataConnectorProperties |
ASCDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
AlertsDataTypeOfDataConnector |
subscriptionId |
The subscription id to connect to, and get the data from. |
string |
Availability
Name |
Description |
Value |
isPreview |
Set connector as preview |
bool |
status |
The connector Availability Status |
'1' |
AwsCloudTrailDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'AmazonWebServicesCloudTrail' (required) |
properties |
Amazon Web Services CloudTrail data connector properties. |
AwsCloudTrailDataConnectorProperties |
AwsCloudTrailDataConnectorDataTypes
AwsCloudTrailDataConnectorDataTypesLogs
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
AwsCloudTrailDataConnectorProperties
Name |
Description |
Value |
awsRoleArn |
The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account. |
string |
dataTypes |
The available data types for the connector. |
AwsCloudTrailDataConnectorDataTypes (required) |
AwsS3DataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'AmazonWebServicesS3' (required) |
properties |
Amazon Web Services S3 data connector properties. |
AwsS3DataConnectorProperties |
AwsS3DataConnectorDataTypes
AwsS3DataConnectorDataTypesLogs
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
AwsS3DataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
AwsS3DataConnectorDataTypes (required) |
destinationTable |
The logs destination table name in LogAnalytics. |
string (required) |
roleArn |
The Aws Role Arn that is used to access the Aws account. |
string (required) |
sqsUrls |
The AWS sqs urls for the connector. |
string[] (required) |
CodelessApiPollingDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'APIPolling' (required) |
properties |
Codeless poling data connector properties |
ApiPollingParameters |
CodelessConnectorPollingAuthProperties
Name |
Description |
Value |
apiKeyIdentifier |
A prefix send in the header before the actual token |
string |
apiKeyName |
The header name which the token is sent with |
string |
authorizationEndpoint |
The endpoint used to authorize the user, used in Oauth 2.0 flow |
string |
authorizationEndpointQueryParameters |
The query parameters used in authorization request, used in Oauth 2.0 flow |
any |
authType |
The authentication type |
string (required) |
flowName |
Describes the flow name, for example 'AuthCode' for Oauth 2.0 |
string |
isApiKeyInPostPayload |
Marks if the key should sent in header |
string |
isClientSecretInHeader |
Marks if we should send the client secret in header or payload, used in Oauth 2.0 flow |
bool |
redirectionEndpoint |
The redirect endpoint where we will get the authorization code, used in Oauth 2.0 flow |
string |
scope |
The OAuth token scope |
string |
tokenEndpoint |
The endpoint used to issue a token, used in Oauth 2.0 flow |
string |
tokenEndpointHeaders |
The query headers used in token request, used in Oauth 2.0 flow |
any |
tokenEndpointQueryParameters |
The query parameters used in token request, used in Oauth 2.0 flow |
any |
CodelessConnectorPollingConfigProperties
CodelessConnectorPollingPagingProperties
Name |
Description |
Value |
nextPageParaName |
Defines the name of a next page attribute |
string |
nextPageTokenJsonPath |
Defines the path to a next page token JSON |
string |
pageCountAttributePath |
Defines the path to a page count attribute |
string |
pageSize |
Defines the paging size |
int |
pageSizeParaName |
Defines the name of the page size parameter |
string |
pageTimeStampAttributePath |
Defines the path to a paging time stamp attribute |
string |
pageTotalCountAttributePath |
Defines the path to a page total count attribute |
string |
pagingType |
Describes the type. could be 'None', 'PageToken', 'PageCount', 'TimeStamp' |
string (required) |
searchTheLatestTimeStampFromEventsList |
Determines whether to search for the latest time stamp in the events list |
string |
CodelessConnectorPollingRequestProperties
Name |
Description |
Value |
apiEndpoint |
Describe the endpoint we should pull the data from |
string (required) |
endTimeAttributeName |
This will be used the query events from the end of the time window |
string |
headers |
Describe the headers sent in the poll request |
any |
httpMethod |
The http method type we will use in the poll request, GET or POST |
string (required) |
queryParameters |
Describe the query parameters sent in the poll request |
any |
queryParametersTemplate |
For advanced scenarios for example user name/password embedded in nested JSON payload |
string |
queryTimeFormat |
The time format will be used the query events in a specific window |
string (required) |
queryWindowInMin |
The window interval we will use the pull the data |
int (required) |
rateLimitQps |
Defines the rate limit QPS |
int |
retryCount |
Describe the amount of time we should try and poll the data in case of failure |
int |
startTimeAttributeName |
This will be used the query events from a start of the time window |
string |
timeoutInSeconds |
The number of seconds we will consider as a request timeout |
int |
CodelessConnectorPollingResponseProperties
Name |
Description |
Value |
eventsJsonPaths |
Describes the path we should extract the data in the response |
string[] (required) |
isGzipCompressed |
Describes if the data in the response is Gzip |
bool |
successStatusJsonPath |
Describes the path we should extract the status code in the response |
string |
successStatusValue |
Describes the path we should extract the status value in the response |
string |
CodelessParameters
CodelessUiConnectorConfigProperties
CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem
Name |
Description |
Value |
type |
type of connectivity |
'IsConnectedQuery' |
value |
Queries for checking connectivity |
string[] |
CodelessUiConnectorConfigPropertiesDataTypesItem
Name |
Description |
Value |
lastDataReceivedQuery |
Query for indicate last data received |
string |
name |
Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder |
string |
CodelessUiConnectorConfigPropertiesGraphQueriesItem
Name |
Description |
Value |
baseQuery |
The base query for the graph |
string |
legend |
The legend for the graph |
string |
metricName |
the metric that the query is checking |
string |
CodelessUiConnectorConfigPropertiesInstructionStepsItem
Name |
Description |
Value |
description |
Instruction step description |
string |
instructions |
Instruction step details |
InstructionStepsInstructionsItem[] |
title |
Instruction step title |
string |
CodelessUiConnectorConfigPropertiesSampleQueriesItem
Name |
Description |
Value |
description |
The sample query description |
string |
query |
the sample query |
string |
CodelessUiDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'GenericUI' (required) |
properties |
Codeless UI data connector properties |
CodelessParameters |
DataConnectorDataTypeCommon
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
DCRConfiguration
Name |
Description |
Value |
dataCollectionEndpoint |
Represents the data collection ingestion endpoint in log analytics. |
string (required) |
dataCollectionRuleImmutableId |
The data collection rule immutable id, the rule defines the transformation and data destination. |
string (required) |
streamName |
The stream we are sending the data to. |
string (required) |
Dynamics365DataConnector
Dynamics365DataConnectorDataTypes
Dynamics365DataConnectorDataTypesDynamics365CdsActivities
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
Dynamics365DataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
Dynamics365DataConnectorDataTypes (required) |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
GCPAuthProperties
Name |
Description |
Value |
projectNumber |
The GCP project number. |
string (required) |
serviceAccountEmail |
The service account that is used to access the GCP project. |
string (required) |
workloadIdentityProviderId |
The workload identity provider id that is used to gain access to the GCP project. |
string (required) |
GCPDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'GCP' (required) |
properties |
Google Cloud Platform data connector properties. |
GCPDataConnectorProperties |
GCPDataConnectorProperties
Name |
Description |
Value |
auth |
The auth section of the connector. |
GCPAuthProperties (required) |
connectorDefinitionName |
The name of the connector definition that represents the UI config. |
string (required) |
dcrConfig |
The configuration of the destination of the data. |
DCRConfiguration |
request |
The request section of the connector. |
GCPRequestProperties (required) |
GCPRequestProperties
Name |
Description |
Value |
projectId |
The GCP project id. |
string (required) |
subscriptionNames |
The GCP pub/sub subscription names. |
string[] (required) |
InstructionStepsInstructionsItem
Name |
Description |
Value |
parameters |
The parameters for the setting |
any |
type |
The kind of the setting |
'CopyableLabel' 'InfoMessage' 'InstructionStepsGroup' (required) |
IoTDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'IOT' (required) |
properties |
IoT data connector properties. |
IoTDataConnectorProperties |
IoTDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
AlertsDataTypeOfDataConnector |
subscriptionId |
The subscription id to connect to, and get the data from. |
string |
McasDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'MicrosoftCloudAppSecurity' (required) |
properties |
MCAS (Microsoft Cloud App Security) data connector properties. |
McasDataConnectorProperties |
McasDataConnectorDataTypes
McasDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
McasDataConnectorDataTypes (required) |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
MdatpDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'MicrosoftDefenderAdvancedThreatProtection' (required) |
properties |
MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. |
MdatpDataConnectorProperties |
MdatpDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
AlertsDataTypeOfDataConnector |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
MstiDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'MicrosoftThreatIntelligence' (required) |
properties |
Microsoft Threat Intelligence data connector properties. |
MstiDataConnectorProperties |
MstiDataConnectorDataTypes
MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed
Name |
Description |
Value |
lookbackPeriod |
The lookback period for the feed to be imported. |
string (required) |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
MstiDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
MstiDataConnectorDataTypes (required) |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
MTPDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'MicrosoftThreatProtection' (required) |
properties |
MTP (Microsoft Threat Protection) data connector properties. |
MTPDataConnectorProperties |
MTPDataConnectorDataTypes
MTPDataConnectorDataTypesAlerts
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
MTPDataConnectorDataTypesIncidents
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
MTPDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
MTPDataConnectorDataTypes (required) |
filteredProviders |
The available filtered providers for the connector. |
MtpFilteredProviders |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
MtpFilteredProviders
Name |
Description |
Value |
alerts |
Alerts filtered providers. When filters are not applied, all alerts will stream through the MTP pipeline, still in private preview for all products EXCEPT MDA and MDI, which are in GA state. |
String array containing any of: 'microsoftDefenderForCloudApps' 'microsoftDefenderForIdentity' (required) |
Office365ProjectConnectorDataTypes
Office365ProjectConnectorDataTypesLogs
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
Office365ProjectDataConnector
Office365ProjectDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
Office365ProjectConnectorDataTypes (required) |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
OfficeATPDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'OfficeATP' (required) |
properties |
OfficeATP (Office 365 Advanced Threat Protection) data connector properties. |
OfficeATPDataConnectorProperties |
OfficeATPDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
AlertsDataTypeOfDataConnector |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
OfficeDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'Office365' (required) |
properties |
Office data connector properties. |
OfficeDataConnectorProperties |
OfficeDataConnectorDataTypes
OfficeDataConnectorDataTypesExchange
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
OfficeDataConnectorDataTypesSharePoint
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
OfficeDataConnectorDataTypesTeams
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
OfficeDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
OfficeDataConnectorDataTypes (required) |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
OfficeIRMDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'OfficeIRM' (required) |
properties |
OfficeIRM (Microsoft Insider Risk Management) data connector properties. |
OfficeIRMDataConnectorProperties |
OfficeIRMDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
AlertsDataTypeOfDataConnector |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
OfficePowerBIConnectorDataTypes
OfficePowerBIConnectorDataTypesLogs
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
OfficePowerBIDataConnector
OfficePowerBIDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
OfficePowerBIConnectorDataTypes (required) |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
Permissions
PermissionsCustomsItem
Name |
Description |
Value |
description |
Customs permissions description |
string |
name |
Customs permissions name |
string |
PermissionsResourceProviderItem
Name |
Description |
Value |
permissionsDisplayText |
Permission description text |
string |
provider |
Provider name |
'microsoft.aadiam/diagnosticSettings' 'Microsoft.Authorization/policyAssignments' 'Microsoft.OperationalInsights/solutions' 'Microsoft.OperationalInsights/workspaces' 'Microsoft.OperationalInsights/workspaces/datasources' 'Microsoft.OperationalInsights/workspaces/sharedKeys' |
providerDisplayName |
Permission provider display name |
string |
requiredPermissions |
Required permissions for the connector |
RequiredPermissions |
scope |
Permission provider scope |
'ResourceGroup' 'Subscription' 'Workspace' |
RequiredPermissions
Name |
Description |
Value |
action |
action permission |
bool |
delete |
delete permission |
bool |
read |
read permission |
bool |
write |
write permission |
bool |
TIDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'ThreatIntelligence' (required) |
properties |
TI (Threat Intelligence) data connector properties. |
TIDataConnectorProperties |
TIDataConnectorDataTypes
TIDataConnectorDataTypesIndicators
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
TIDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
TIDataConnectorDataTypes (required) |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
tipLookbackPeriod |
The lookback period for the feed to be imported. |
string |
TiTaxiiDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'ThreatIntelligenceTaxii' (required) |
properties |
Threat intelligence TAXII data connector properties. |
TiTaxiiDataConnectorProperties |
TiTaxiiDataConnectorDataTypes
TiTaxiiDataConnectorDataTypesTaxiiClient
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
TiTaxiiDataConnectorProperties
Name |
Description |
Value |
collectionId |
The collection id of the TAXII server. |
string |
dataTypes |
The available data types for Threat Intelligence TAXII data connector. |
TiTaxiiDataConnectorDataTypes (required) |
friendlyName |
The friendly name for the TAXII server. |
string |
password |
The password for the TAXII server. |
string |
pollingFrequency |
The polling frequency for the TAXII server. |
'OnceADay' 'OnceAMinute' 'OnceAnHour' (required) |
taxiiLookbackPeriod |
The lookback period for the TAXII server. |
string |
taxiiServer |
The API root for the TAXII server. |
string |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
userName |
The userName for the TAXII server. |
string |
workspaceId |
The workspace id. |
string |
Usage Examples
The dataConnectors resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.SecurityInsights/dataConnectors resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
etag = "string"
name = "string"
kind = "string"
// For remaining properties, see Microsoft.SecurityInsights/dataConnectors objects
}
Microsoft.SecurityInsights/dataConnectors objects
Set the kind property to specify the type of object.
For APIPolling, use:
{
kind = "APIPolling"
properties = {
connectorUiConfig = {
availability = {
isPreview = bool
status = "1"
}
connectivityCriteria = [
{
type = "string"
value = [
"string"
]
}
]
customImage = "string"
dataTypes = [
{
lastDataReceivedQuery = "string"
name = "string"
}
]
descriptionMarkdown = "string"
graphQueries = [
{
baseQuery = "string"
legend = "string"
metricName = "string"
}
]
graphQueriesTableName = "string"
instructionSteps = [
{
description = "string"
instructions = [
{
parameters = ?
type = "string"
}
]
title = "string"
}
]
permissions = {
customs = [
{
description = "string"
name = "string"
}
]
resourceProvider = [
{
permissionsDisplayText = "string"
provider = "string"
providerDisplayName = "string"
requiredPermissions = {
action = bool
delete = bool
read = bool
write = bool
}
scope = "string"
}
]
}
publisher = "string"
sampleQueries = [
{
description = "string"
query = "string"
}
]
title = "string"
}
pollingConfig = {
auth = {
apiKeyIdentifier = "string"
apiKeyName = "string"
authorizationEndpoint = "string"
authorizationEndpointQueryParameters = ?
authType = "string"
flowName = "string"
isApiKeyInPostPayload = "string"
isClientSecretInHeader = bool
redirectionEndpoint = "string"
scope = "string"
tokenEndpoint = "string"
tokenEndpointHeaders = ?
tokenEndpointQueryParameters = ?
}
isActive = bool
paging = {
nextPageParaName = "string"
nextPageTokenJsonPath = "string"
pageCountAttributePath = "string"
pageSize = int
pageSizeParaName = "string"
pageTimeStampAttributePath = "string"
pageTotalCountAttributePath = "string"
pagingType = "string"
searchTheLatestTimeStampFromEventsList = "string"
}
request = {
apiEndpoint = "string"
endTimeAttributeName = "string"
headers = ?
httpMethod = "string"
queryParameters = ?
queryParametersTemplate = "string"
queryTimeFormat = "string"
queryWindowInMin = int
rateLimitQps = int
retryCount = int
startTimeAttributeName = "string"
timeoutInSeconds = int
}
response = {
eventsJsonPaths = [
"string"
]
isGzipCompressed = bool
successStatusJsonPath = "string"
successStatusValue = "string"
}
}
}
}
For AmazonWebServicesCloudTrail, use:
{
kind = "AmazonWebServicesCloudTrail"
properties = {
awsRoleArn = "string"
dataTypes = {
logs = {
state = "string"
}
}
}
}
For AmazonWebServicesS3, use:
{
kind = "AmazonWebServicesS3"
properties = {
dataTypes = {
logs = {
state = "string"
}
}
destinationTable = "string"
roleArn = "string"
sqsUrls = [
"string"
]
}
}
For AzureActiveDirectory, use:
{
kind = "AzureActiveDirectory"
properties = {
dataTypes = {
alerts = {
state = "string"
}
}
tenantId = "string"
}
}
For AzureAdvancedThreatProtection, use:
{
kind = "AzureAdvancedThreatProtection"
properties = {
dataTypes = {
alerts = {
state = "string"
}
}
tenantId = "string"
}
}
For AzureSecurityCenter, use:
{
kind = "AzureSecurityCenter"
properties = {
dataTypes = {
alerts = {
state = "string"
}
}
subscriptionId = "string"
}
}
For Dynamics365, use:
{
kind = "Dynamics365"
properties = {
dataTypes = {
dynamics365CdsActivities = {
state = "string"
}
}
tenantId = "string"
}
}
For GCP, use:
{
kind = "GCP"
properties = {
auth = {
projectNumber = "string"
serviceAccountEmail = "string"
workloadIdentityProviderId = "string"
}
connectorDefinitionName = "string"
dcrConfig = {
dataCollectionEndpoint = "string"
dataCollectionRuleImmutableId = "string"
streamName = "string"
}
request = {
projectId = "string"
subscriptionNames = [
"string"
]
}
}
}
For GenericUI, use:
{
kind = "GenericUI"
properties = {
connectorUiConfig = {
availability = {
isPreview = bool
status = "1"
}
connectivityCriteria = [
{
type = "string"
value = [
"string"
]
}
]
customImage = "string"
dataTypes = [
{
lastDataReceivedQuery = "string"
name = "string"
}
]
descriptionMarkdown = "string"
graphQueries = [
{
baseQuery = "string"
legend = "string"
metricName = "string"
}
]
graphQueriesTableName = "string"
instructionSteps = [
{
description = "string"
instructions = [
{
parameters = ?
type = "string"
}
]
title = "string"
}
]
permissions = {
customs = [
{
description = "string"
name = "string"
}
]
resourceProvider = [
{
permissionsDisplayText = "string"
provider = "string"
providerDisplayName = "string"
requiredPermissions = {
action = bool
delete = bool
read = bool
write = bool
}
scope = "string"
}
]
}
publisher = "string"
sampleQueries = [
{
description = "string"
query = "string"
}
]
title = "string"
}
}
}
For IOT, use:
{
kind = "IOT"
properties = {
dataTypes = {
alerts = {
state = "string"
}
}
subscriptionId = "string"
}
}
For MicrosoftCloudAppSecurity, use:
{
kind = "MicrosoftCloudAppSecurity"
properties = {
dataTypes = {
alerts = {
state = "string"
}
discoveryLogs = {
state = "string"
}
}
tenantId = "string"
}
}
For MicrosoftDefenderAdvancedThreatProtection, use:
{
kind = "MicrosoftDefenderAdvancedThreatProtection"
properties = {
dataTypes = {
alerts = {
state = "string"
}
}
tenantId = "string"
}
}
For MicrosoftPurviewInformationProtection, use:
{
kind = "MicrosoftPurviewInformationProtection"
properties = {
dataTypes = {
logs = {
state = "string"
}
}
tenantId = "string"
}
}
For MicrosoftThreatIntelligence, use:
{
kind = "MicrosoftThreatIntelligence"
properties = {
dataTypes = {
microsoftEmergingThreatFeed = {
lookbackPeriod = "string"
state = "string"
}
}
tenantId = "string"
}
}
For MicrosoftThreatProtection, use:
{
kind = "MicrosoftThreatProtection"
properties = {
dataTypes = {
alerts = {
state = "string"
}
incidents = {
state = "string"
}
}
filteredProviders = {
alerts = [
"string"
]
}
tenantId = "string"
}
}
For Office365, use:
{
kind = "Office365"
properties = {
dataTypes = {
exchange = {
state = "string"
}
sharePoint = {
state = "string"
}
teams = {
state = "string"
}
}
tenantId = "string"
}
}
For Office365Project, use:
{
kind = "Office365Project"
properties = {
dataTypes = {
logs = {
state = "string"
}
}
tenantId = "string"
}
}
For OfficeATP, use:
{
kind = "OfficeATP"
properties = {
dataTypes = {
alerts = {
state = "string"
}
}
tenantId = "string"
}
}
For OfficeIRM, use:
{
kind = "OfficeIRM"
properties = {
dataTypes = {
alerts = {
state = "string"
}
}
tenantId = "string"
}
}
For OfficePowerBI, use:
{
kind = "OfficePowerBI"
properties = {
dataTypes = {
logs = {
state = "string"
}
}
tenantId = "string"
}
}
For ThreatIntelligence, use:
{
kind = "ThreatIntelligence"
properties = {
dataTypes = {
indicators = {
state = "string"
}
}
tenantId = "string"
tipLookbackPeriod = "string"
}
}
For ThreatIntelligenceTaxii, use:
{
kind = "ThreatIntelligenceTaxii"
properties = {
collectionId = "string"
dataTypes = {
taxiiClient = {
state = "string"
}
}
friendlyName = "string"
password = "string"
pollingFrequency = "string"
taxiiLookbackPeriod = "string"
taxiiServer = "string"
tenantId = "string"
userName = "string"
workspaceId = "string"
}
}
Property Values
Microsoft.SecurityInsights/dataConnectors
AADDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'AzureActiveDirectory' (required) |
properties |
AADIP (Azure Active Directory Identity Protection) data connector properties. |
AADDataConnectorProperties |
AADDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
AlertsDataTypeOfDataConnector |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
AatpDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'AzureAdvancedThreatProtection' (required) |
properties |
AATP (Azure Advanced Threat Protection) data connector properties. |
AatpDataConnectorProperties |
AatpDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
AlertsDataTypeOfDataConnector |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
AlertsDataTypeOfDataConnector
ApiPollingParameters
ASCDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'AzureSecurityCenter' (required) |
properties |
ASC (Azure Security Center) data connector properties. |
ASCDataConnectorProperties |
ASCDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
AlertsDataTypeOfDataConnector |
subscriptionId |
The subscription id to connect to, and get the data from. |
string |
Availability
Name |
Description |
Value |
isPreview |
Set connector as preview |
bool |
status |
The connector Availability Status |
'1' |
AwsCloudTrailDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'AmazonWebServicesCloudTrail' (required) |
properties |
Amazon Web Services CloudTrail data connector properties. |
AwsCloudTrailDataConnectorProperties |
AwsCloudTrailDataConnectorDataTypes
AwsCloudTrailDataConnectorDataTypesLogs
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
AwsCloudTrailDataConnectorProperties
Name |
Description |
Value |
awsRoleArn |
The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account. |
string |
dataTypes |
The available data types for the connector. |
AwsCloudTrailDataConnectorDataTypes (required) |
AwsS3DataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'AmazonWebServicesS3' (required) |
properties |
Amazon Web Services S3 data connector properties. |
AwsS3DataConnectorProperties |
AwsS3DataConnectorDataTypes
AwsS3DataConnectorDataTypesLogs
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
AwsS3DataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
AwsS3DataConnectorDataTypes (required) |
destinationTable |
The logs destination table name in LogAnalytics. |
string (required) |
roleArn |
The Aws Role Arn that is used to access the Aws account. |
string (required) |
sqsUrls |
The AWS sqs urls for the connector. |
string[] (required) |
CodelessApiPollingDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'APIPolling' (required) |
properties |
Codeless poling data connector properties |
ApiPollingParameters |
CodelessConnectorPollingAuthProperties
Name |
Description |
Value |
apiKeyIdentifier |
A prefix send in the header before the actual token |
string |
apiKeyName |
The header name which the token is sent with |
string |
authorizationEndpoint |
The endpoint used to authorize the user, used in Oauth 2.0 flow |
string |
authorizationEndpointQueryParameters |
The query parameters used in authorization request, used in Oauth 2.0 flow |
any |
authType |
The authentication type |
string (required) |
flowName |
Describes the flow name, for example 'AuthCode' for Oauth 2.0 |
string |
isApiKeyInPostPayload |
Marks if the key should sent in header |
string |
isClientSecretInHeader |
Marks if we should send the client secret in header or payload, used in Oauth 2.0 flow |
bool |
redirectionEndpoint |
The redirect endpoint where we will get the authorization code, used in Oauth 2.0 flow |
string |
scope |
The OAuth token scope |
string |
tokenEndpoint |
The endpoint used to issue a token, used in Oauth 2.0 flow |
string |
tokenEndpointHeaders |
The query headers used in token request, used in Oauth 2.0 flow |
any |
tokenEndpointQueryParameters |
The query parameters used in token request, used in Oauth 2.0 flow |
any |
CodelessConnectorPollingConfigProperties
CodelessConnectorPollingPagingProperties
Name |
Description |
Value |
nextPageParaName |
Defines the name of a next page attribute |
string |
nextPageTokenJsonPath |
Defines the path to a next page token JSON |
string |
pageCountAttributePath |
Defines the path to a page count attribute |
string |
pageSize |
Defines the paging size |
int |
pageSizeParaName |
Defines the name of the page size parameter |
string |
pageTimeStampAttributePath |
Defines the path to a paging time stamp attribute |
string |
pageTotalCountAttributePath |
Defines the path to a page total count attribute |
string |
pagingType |
Describes the type. could be 'None', 'PageToken', 'PageCount', 'TimeStamp' |
string (required) |
searchTheLatestTimeStampFromEventsList |
Determines whether to search for the latest time stamp in the events list |
string |
CodelessConnectorPollingRequestProperties
Name |
Description |
Value |
apiEndpoint |
Describe the endpoint we should pull the data from |
string (required) |
endTimeAttributeName |
This will be used the query events from the end of the time window |
string |
headers |
Describe the headers sent in the poll request |
any |
httpMethod |
The http method type we will use in the poll request, GET or POST |
string (required) |
queryParameters |
Describe the query parameters sent in the poll request |
any |
queryParametersTemplate |
For advanced scenarios for example user name/password embedded in nested JSON payload |
string |
queryTimeFormat |
The time format will be used the query events in a specific window |
string (required) |
queryWindowInMin |
The window interval we will use the pull the data |
int (required) |
rateLimitQps |
Defines the rate limit QPS |
int |
retryCount |
Describe the amount of time we should try and poll the data in case of failure |
int |
startTimeAttributeName |
This will be used the query events from a start of the time window |
string |
timeoutInSeconds |
The number of seconds we will consider as a request timeout |
int |
CodelessConnectorPollingResponseProperties
Name |
Description |
Value |
eventsJsonPaths |
Describes the path we should extract the data in the response |
string[] (required) |
isGzipCompressed |
Describes if the data in the response is Gzip |
bool |
successStatusJsonPath |
Describes the path we should extract the status code in the response |
string |
successStatusValue |
Describes the path we should extract the status value in the response |
string |
CodelessParameters
CodelessUiConnectorConfigProperties
CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem
Name |
Description |
Value |
type |
type of connectivity |
'IsConnectedQuery' |
value |
Queries for checking connectivity |
string[] |
CodelessUiConnectorConfigPropertiesDataTypesItem
Name |
Description |
Value |
lastDataReceivedQuery |
Query for indicate last data received |
string |
name |
Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder |
string |
CodelessUiConnectorConfigPropertiesGraphQueriesItem
Name |
Description |
Value |
baseQuery |
The base query for the graph |
string |
legend |
The legend for the graph |
string |
metricName |
the metric that the query is checking |
string |
CodelessUiConnectorConfigPropertiesInstructionStepsItem
Name |
Description |
Value |
description |
Instruction step description |
string |
instructions |
Instruction step details |
InstructionStepsInstructionsItem[] |
title |
Instruction step title |
string |
CodelessUiConnectorConfigPropertiesSampleQueriesItem
Name |
Description |
Value |
description |
The sample query description |
string |
query |
the sample query |
string |
CodelessUiDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'GenericUI' (required) |
properties |
Codeless UI data connector properties |
CodelessParameters |
DataConnectorDataTypeCommon
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
DCRConfiguration
Name |
Description |
Value |
dataCollectionEndpoint |
Represents the data collection ingestion endpoint in log analytics. |
string (required) |
dataCollectionRuleImmutableId |
The data collection rule immutable id, the rule defines the transformation and data destination. |
string (required) |
streamName |
The stream we are sending the data to. |
string (required) |
Dynamics365DataConnector
Dynamics365DataConnectorDataTypes
Dynamics365DataConnectorDataTypesDynamics365CdsActivities
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
Dynamics365DataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
Dynamics365DataConnectorDataTypes (required) |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
GCPAuthProperties
Name |
Description |
Value |
projectNumber |
The GCP project number. |
string (required) |
serviceAccountEmail |
The service account that is used to access the GCP project. |
string (required) |
workloadIdentityProviderId |
The workload identity provider id that is used to gain access to the GCP project. |
string (required) |
GCPDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'GCP' (required) |
properties |
Google Cloud Platform data connector properties. |
GCPDataConnectorProperties |
GCPDataConnectorProperties
Name |
Description |
Value |
auth |
The auth section of the connector. |
GCPAuthProperties (required) |
connectorDefinitionName |
The name of the connector definition that represents the UI config. |
string (required) |
dcrConfig |
The configuration of the destination of the data. |
DCRConfiguration |
request |
The request section of the connector. |
GCPRequestProperties (required) |
GCPRequestProperties
Name |
Description |
Value |
projectId |
The GCP project id. |
string (required) |
subscriptionNames |
The GCP pub/sub subscription names. |
string[] (required) |
InstructionStepsInstructionsItem
Name |
Description |
Value |
parameters |
The parameters for the setting |
any |
type |
The kind of the setting |
'CopyableLabel' 'InfoMessage' 'InstructionStepsGroup' (required) |
IoTDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'IOT' (required) |
properties |
IoT data connector properties. |
IoTDataConnectorProperties |
IoTDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
AlertsDataTypeOfDataConnector |
subscriptionId |
The subscription id to connect to, and get the data from. |
string |
McasDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'MicrosoftCloudAppSecurity' (required) |
properties |
MCAS (Microsoft Cloud App Security) data connector properties. |
McasDataConnectorProperties |
McasDataConnectorDataTypes
McasDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
McasDataConnectorDataTypes (required) |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
MdatpDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'MicrosoftDefenderAdvancedThreatProtection' (required) |
properties |
MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. |
MdatpDataConnectorProperties |
MdatpDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
AlertsDataTypeOfDataConnector |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
MstiDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'MicrosoftThreatIntelligence' (required) |
properties |
Microsoft Threat Intelligence data connector properties. |
MstiDataConnectorProperties |
MstiDataConnectorDataTypes
MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed
Name |
Description |
Value |
lookbackPeriod |
The lookback period for the feed to be imported. |
string (required) |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
MstiDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
MstiDataConnectorDataTypes (required) |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
MTPDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'MicrosoftThreatProtection' (required) |
properties |
MTP (Microsoft Threat Protection) data connector properties. |
MTPDataConnectorProperties |
MTPDataConnectorDataTypes
MTPDataConnectorDataTypesAlerts
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
MTPDataConnectorDataTypesIncidents
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
MTPDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
MTPDataConnectorDataTypes (required) |
filteredProviders |
The available filtered providers for the connector. |
MtpFilteredProviders |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
MtpFilteredProviders
Name |
Description |
Value |
alerts |
Alerts filtered providers. When filters are not applied, all alerts will stream through the MTP pipeline, still in private preview for all products EXCEPT MDA and MDI, which are in GA state. |
String array containing any of: 'microsoftDefenderForCloudApps' 'microsoftDefenderForIdentity' (required) |
Office365ProjectConnectorDataTypes
Office365ProjectConnectorDataTypesLogs
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
Office365ProjectDataConnector
Office365ProjectDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
Office365ProjectConnectorDataTypes (required) |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
OfficeATPDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'OfficeATP' (required) |
properties |
OfficeATP (Office 365 Advanced Threat Protection) data connector properties. |
OfficeATPDataConnectorProperties |
OfficeATPDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
AlertsDataTypeOfDataConnector |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
OfficeDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'Office365' (required) |
properties |
Office data connector properties. |
OfficeDataConnectorProperties |
OfficeDataConnectorDataTypes
OfficeDataConnectorDataTypesExchange
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
OfficeDataConnectorDataTypesSharePoint
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
OfficeDataConnectorDataTypesTeams
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
OfficeDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
OfficeDataConnectorDataTypes (required) |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
OfficeIRMDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'OfficeIRM' (required) |
properties |
OfficeIRM (Microsoft Insider Risk Management) data connector properties. |
OfficeIRMDataConnectorProperties |
OfficeIRMDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
AlertsDataTypeOfDataConnector |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
OfficePowerBIConnectorDataTypes
OfficePowerBIConnectorDataTypesLogs
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
OfficePowerBIDataConnector
OfficePowerBIDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
OfficePowerBIConnectorDataTypes (required) |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
Permissions
PermissionsCustomsItem
Name |
Description |
Value |
description |
Customs permissions description |
string |
name |
Customs permissions name |
string |
PermissionsResourceProviderItem
Name |
Description |
Value |
permissionsDisplayText |
Permission description text |
string |
provider |
Provider name |
'microsoft.aadiam/diagnosticSettings' 'Microsoft.Authorization/policyAssignments' 'Microsoft.OperationalInsights/solutions' 'Microsoft.OperationalInsights/workspaces' 'Microsoft.OperationalInsights/workspaces/datasources' 'Microsoft.OperationalInsights/workspaces/sharedKeys' |
providerDisplayName |
Permission provider display name |
string |
requiredPermissions |
Required permissions for the connector |
RequiredPermissions |
scope |
Permission provider scope |
'ResourceGroup' 'Subscription' 'Workspace' |
RequiredPermissions
Name |
Description |
Value |
action |
action permission |
bool |
delete |
delete permission |
bool |
read |
read permission |
bool |
write |
write permission |
bool |
TIDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'ThreatIntelligence' (required) |
properties |
TI (Threat Intelligence) data connector properties. |
TIDataConnectorProperties |
TIDataConnectorDataTypes
TIDataConnectorDataTypesIndicators
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
TIDataConnectorProperties
Name |
Description |
Value |
dataTypes |
The available data types for the connector. |
TIDataConnectorDataTypes (required) |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
tipLookbackPeriod |
The lookback period for the feed to be imported. |
string |
TiTaxiiDataConnector
Name |
Description |
Value |
kind |
The data connector kind |
'ThreatIntelligenceTaxii' (required) |
properties |
Threat intelligence TAXII data connector properties. |
TiTaxiiDataConnectorProperties |
TiTaxiiDataConnectorDataTypes
TiTaxiiDataConnectorDataTypesTaxiiClient
Name |
Description |
Value |
state |
Describe whether this data type connection is enabled or not. |
'Disabled' 'Enabled' (required) |
TiTaxiiDataConnectorProperties
Name |
Description |
Value |
collectionId |
The collection id of the TAXII server. |
string |
dataTypes |
The available data types for Threat Intelligence TAXII data connector. |
TiTaxiiDataConnectorDataTypes (required) |
friendlyName |
The friendly name for the TAXII server. |
string |
password |
The password for the TAXII server. |
string |
pollingFrequency |
The polling frequency for the TAXII server. |
'OnceADay' 'OnceAMinute' 'OnceAnHour' (required) |
taxiiLookbackPeriod |
The lookback period for the TAXII server. |
string |
taxiiServer |
The API root for the TAXII server. |
string |
tenantId |
The tenant id to connect to, and get the data from. |
string (required) |
userName |
The userName for the TAXII server. |
string |
workspaceId |
The workspace id. |
string |