New-AzSecurityConnector
Create a security connector. If a security connector is already created and a subsequent request is issued for the same security connector id, then it will be updated.
Syntax
New-AzSecurityConnector
-Name <String>
-ResourceGroupName <String>
[-SubscriptionId <String>]
[-EnvironmentData <ISecurityConnectorEnvironment>]
[-EnvironmentName <String>]
[-Etag <String>]
[-HierarchyIdentifier <String>]
[-Kind <String>]
[-Location <String>]
[-Offering <ICloudOffering[]>]
[-Tag <Hashtable>]
[-DefaultProfile <PSObject>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
Create a security connector. If a security connector is already created and a subsequent request is issued for the same security connector id, then it will be updated.
Examples
Example 1: Create AWS security connector
$account = "891376984375"
$arnPrefix = "arn:aws:iam::$($account):role"
$cspmMonitorOffering = New-AzSecurityCspmMonitorAwsOfferingObject -NativeCloudConnectionCloudRoleArn "$arnPrefix/CspmMonitorAws"
$dcspmOffering = New-AzSecurityDefenderCspmAwsOfferingObject `
-VMScannerEnabled $true -ConfigurationScanningMode Default -ConfigurationCloudRoleArn "$arnPrefix/DefenderForCloud-AgentlessScanner" `
-DataSensitivityDiscoveryEnabled $true -DataSensitivityDiscoveryCloudRoleArn "$arnPrefix/SensitiveDataDiscovery" `
-DatabaseDspmEnabled $true -DatabaseDspmCloudRoleArn "$arnPrefix/DefenderForCloud-DataSecurityPostureDB" `
-CiemDiscoveryCloudRoleArn "$arnPrefix/DefenderForCloud-Ciem" -CiemOidcAzureActiveDirectoryAppName "mciem-aws-oidc-connector" -CiemOidcCloudRoleArn "$arnPrefix/DefenderForCloud-OidcCiem" `
-MdcContainerImageAssessmentEnabled $true -MdcContainerImageAssessmentCloudRoleArn "$arnPrefix/MDCContainersImageAssessmentRole" `
-MdcContainerAgentlessDiscoveryK8SEnabled $true -MdcContainerAgentlessDiscoveryK8SCloudRoleArn "$arnPrefix/MDCContainersAgentlessDiscoveryK8sRole"
$defenderForContainersOffering = New-AzSecurityDefenderForContainersAwsOfferingObject `
-AutoProvisioning $true -KuberneteServiceCloudRoleArn "$arnPrefix/DefenderForCloud-Containers-K8s" -KuberneteScubaReaderCloudRoleArn "$arnPrefix/DefenderForCloud-DataCollection" `
-KinesiToS3CloudRoleArn "$arnPrefix/DefenderForCloud-Containers-K8s-kinesis-to-s3" -CloudWatchToKinesiCloudRoleArn "$arnPrefix/DefenderForCloud-Containers-K8s-cloudwatch-to-kinesis" `
-KubeAuditRetentionTime 30 -ScubaExternalId "a47ae0a2-7bf7-482a-897a-7a139d30736c" `
-MdcContainerAgentlessDiscoveryK8SEnabled $true -MdcContainerAgentlessDiscoveryK8SCloudRoleArn "$arnPrefix/MDCContainersAgentlessDiscoveryK8sRole" `
-MdcContainerImageAssessmentEnabled $true -MdcContainerImageAssessmentCloudRoleArn "$arnPrefix/MDCContainersImageAssessmentRole" `
-EnableContainerVulnerabilityAssessment $false
$environment = New-AzSecurityAwsEnvironmentObject -ScanInterval 24
New-AzSecurityConnector -Name "aws-sdktest01" -ResourceGroupName "securityConnectors-tests" `
-EnvironmentData $environment -EnvironmentName AWS -HierarchyIdentifier "$account" `
-Offering @($cspmMonitorOffering, $dcspmOffering, $defenderForContainersOffering) `
-Location "CentralUS"
EnvironmentData : {
"environmentType": "AwsAccount",
"regions": [ ],
"scanInterval": 24
}
EnvironmentName : AWS
Etag :
HierarchyIdentifier : 891376984375
HierarchyIdentifierTrialEndDate : 3/24/2024 12:00:00 AM
Id : /subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/securityconnectors-tests/providers/Microsoft.Security/securityConnectors/aws-sdktes
t01
Kind :
Location : CentralUS
Name : aws-sdktest01
Offering : {{
"offeringType": "CspmMonitorAws",
"nativeCloudConnection": {
"cloudRoleArn": "arn:aws:iam::891376984375:role/CspmMonitorAws"
}
}, {
"offeringType": "DefenderCspmAws",
"vmScanners": {
"configuration": {
"cloudRoleArn": "arn:aws:iam::891376984375:role/DefenderForCloud-AgentlessScanner",
"scanningMode": "Default"
},
"enabled": true
},
"dataSensitivityDiscovery": {
"enabled": true,
"cloudRoleArn": "arn:aws:iam::891376984375:role/SensitiveDataDiscovery"
},
"databasesDspm": {
"enabled": true,
"cloudRoleArn": "arn:aws:iam::891376984375:role/DefenderForCloud-DataSecurityPostureDB"
},
"ciem": {
"ciemDiscovery": {
"cloudRoleArn": "arn:aws:iam::891376984375:role/DefenderForCloud-Ciem"
},
"ciemOidc": {
"cloudRoleArn": "arn:aws:iam::891376984375:role/DefenderForCloud-OidcCiem",
"azureActiveDirectoryAppName": "mciem-aws-oidc-connector"
}
},
"mdcContainersImageAssessment": {
"enabled": true,
"cloudRoleArn": "arn:aws:iam::891376984375:role/MDCContainersImageAssessmentRole"
},
"mdcContainersAgentlessDiscoveryK8s": {
"enabled": true,
"cloudRoleArn": "arn:aws:iam::891376984375:role/MDCContainersAgentlessDiscoveryK8sRole"
}
}, {
"offeringType": "DefenderForContainersAws",
"kubernetesService": {
"cloudRoleArn": "arn:aws:iam::891376984375:role/DefenderForCloud-Containers-K8s"
},
"kubernetesScubaReader": {
"cloudRoleArn": "arn:aws:iam::891376984375:role/DefenderForCloud-DataCollection"
},
"cloudWatchToKinesis": {
"cloudRoleArn": "arn:aws:iam::891376984375:role/DefenderForCloud-Containers-K8s-cloudwatch-to-kinesis"
},
"kinesisToS3": {
"cloudRoleArn": "arn:aws:iam::891376984375:role/DefenderForCloud-Containers-K8s-kinesis-to-s3"
},
"mdcContainersImageAssessment": {
"enabled": true,
"cloudRoleArn": "arn:aws:iam::891376984375:role/MDCContainersImageAssessmentRole"
},
"mdcContainersAgentlessDiscoveryK8s": {
"enabled": true,
"cloudRoleArn": "arn:aws:iam::891376984375:role/MDCContainersAgentlessDiscoveryK8sRole"
},
"enableContainerVulnerabilityAssessment": false,
"autoProvisioning": true,
"kubeAuditRetentionTime": 30,
"scubaExternalId": "a47ae0a2-7bf7-482a-897a-7a139d30736c"
}}
ResourceGroupName : securityconnectors-tests
SystemDataCreatedAt : 2/22/2024 11:45:53 PM
SystemDataCreatedBy : c3d82ccb-fee1-430c-949e-6c0a217c00a8
SystemDataCreatedByType : Application
SystemDataLastModifiedAt : 2/22/2024 11:45:53 PM
SystemDataLastModifiedBy : c3d82ccb-fee1-430c-949e-6c0a217c00a8
SystemDataLastModifiedByType : Application
Tag : {
}
Type : Microsoft.Security/securityconnectors
Example 2: Create GCP security connector
$account = "843025268399"
$emailSuffix = "myproject.iam.gserviceaccount.com"
$cspmMonitorOffering = New-AzSecurityCspmMonitorGcpOfferingObject -NativeCloudConnectionServiceAccountEmailAddress "microsoft-defender-cspm@$emailSuffix" -NativeCloudConnectionWorkloadIdentityProviderId "cspm"
$dcspmOffering = New-AzSecurityDefenderCspmGcpOfferingObject `
-VMScannerEnabled $true -ConfigurationScanningMode Default -ConfigurationExclusionTag @{key="value"} `
-MdcContainerAgentlessDiscoveryK8SEnabled $true -MdcContainerAgentlessDiscoveryK8SServiceAccountEmailAddress "mdc-containers-k8s-operator@$emailSuffix" -MdcContainerAgentlessDiscoveryK8SWorkloadIdentityProviderId "containers" `
-MdcContainerImageAssessmentEnabled $true -MdcContainerImageAssessmentServiceAccountEmailAddress "mdc-containers-artifact-assess@$emailSuffix" -MdcContainerImageAssessmentWorkloadIdentityProviderId "containers" `
-DataSensitivityDiscoveryEnabled $true -DataSensitivityDiscoveryServiceAccountEmailAddress "mdc-data-sec-posture-storage@$emailSuffix" -DataSensitivityDiscoveryWorkloadIdentityProviderId "data-security-posture-storage" `
-CiemDiscoveryServiceAccountEmailAddress "microsoft-defender-ciem@$emailSuffix" -CiemDiscoveryAzureActiveDirectoryAppName "mciem-gcp-oidc-app" -CiemDiscoveryWorkloadIdentityProviderId "ciem-discovery"
$defenderForContainersOffering = New-AzSecurityDefenderForContainersGcpOfferingObject `
-NativeCloudConnectionServiceAccountEmailAddress "microsoft-defender-containers@$emailSuffix" -NativeCloudConnectionWorkloadIdentityProviderId "containers" `
-DataPipelineNativeCloudConnectionServiceAccountEmailAddress "ms-defender-containers-stream@$emailSuffix" -DataPipelineNativeCloudConnectionWorkloadIdentityProviderId "containers-streams" `
-AuditLogsAutoProvisioningFlag $true -DefenderAgentAutoProvisioningFlag $true -PolicyAgentAutoProvisioningFlag $true `
-MdcContainerAgentlessDiscoveryK8SEnabled $true -MdcContainerAgentlessDiscoveryK8SWorkloadIdentityProviderId "containers" -MdcContainerAgentlessDiscoveryK8SServiceAccountEmailAddress "mdc-containers-k8s-operator@$emailSuffix" `
-MdcContainerImageAssessmentEnabled $true -MdcContainerImageAssessmentWorkloadIdentityProviderId "containers" -MdcContainerImageAssessmentServiceAccountEmailAddress "mdc-containers-artifact-assess@$emailSuffix"
$environment = New-AzSecurityGcpProjectEnvironmentObject -ScanInterval 24 -ProjectDetailProjectId "asc-sdk-samples" -ProjectDetailProjectNumber "$account"
New-AzSecurityConnector -Name "gcp-sdktest01" -ResourceGroupName "securityConnectors-tests" -EnvironmentData $environment -EnvironmentName GCP -HierarchyIdentifier "$account" `
-Offering @($cspmMonitorOffering, $dcspmOffering, $defenderForContainersOffering) -Location "CentralUS"
EnvironmentData : {
"environmentType": "GcpProject",
"projectDetails": {
"projectNumber": "843025268399",
"projectId": "asc-sdk-samples"
},
"scanInterval": 24
}
EnvironmentName : GCP
Etag :
HierarchyIdentifier : 843025268399
HierarchyIdentifierTrialEndDate : 3/24/2024 12:00:00 AM
Id : /subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/securityconnectors-tests/providers/Microsoft.Security/securityConnectors/gcp-sdktest01
Kind :
Location : CentralUS
Name : gcp-sdktest01
Offering : {{
"offeringType": "CspmMonitorGcp",
"nativeCloudConnection": {
"workloadIdentityProviderId": "cspm",
"serviceAccountEmailAddress": "[email protected]"
}
}, {
"offeringType": "DefenderCspmGcp",
"ciemDiscovery": {
"workloadIdentityProviderId": "ciem-discovery",
"serviceAccountEmailAddress": "[email protected]",
"azureActiveDirectoryAppName": "mciem-gcp-oidc-app"
},
"vmScanners": {
"configuration": {
"scanningMode": "Default",
"exclusionTags": {
"key": "value"
}
},
"enabled": true
},
"dataSensitivityDiscovery": {
"enabled": true,
"workloadIdentityProviderId": "data-security-posture-storage",
"serviceAccountEmailAddress": "[email protected]"
},
"mdcContainersImageAssessment": {
"enabled": true,
"workloadIdentityProviderId": "containers",
"serviceAccountEmailAddress": "[email protected]"
},
"mdcContainersAgentlessDiscoveryK8s": {
"enabled": true,
"workloadIdentityProviderId": "containers",
"serviceAccountEmailAddress": "[email protected]"
}
}, {
"offeringType": "DefenderForContainersGcp",
"nativeCloudConnection": {
"serviceAccountEmailAddress": "[email protected]",
"workloadIdentityProviderId": "containers"
},
"dataPipelineNativeCloudConnection": {
"serviceAccountEmailAddress": "[email protected]",
"workloadIdentityProviderId": "containers-streams"
},
"mdcContainersImageAssessment": {
"enabled": true,
"workloadIdentityProviderId": "containers",
"serviceAccountEmailAddress": "[email protected]"
},
"mdcContainersAgentlessDiscoveryK8s": {
"enabled": true,
"workloadIdentityProviderId": "containers",
"serviceAccountEmailAddress": "[email protected]"
},
"auditLogsAutoProvisioningFlag": true,
"defenderAgentAutoProvisioningFlag": true,
"policyAgentAutoProvisioningFlag": true
}}
ResourceGroupName : securityconnectors-tests
SystemDataCreatedAt : 2/22/2024 11:45:53 PM
SystemDataCreatedBy : c3d82ccb-fee1-430c-949e-6c0a217c00a8
SystemDataCreatedByType : Application
SystemDataLastModifiedAt : 2/22/2024 11:45:53 PM
SystemDataLastModifiedBy : c3d82ccb-fee1-430c-949e-6c0a217c00a8
SystemDataLastModifiedByType : Application
Tag : {}
Type : Microsoft.Security/securityconnectors
Example 3: Create AzureDevOps security connector
New-AzSecurityConnector -ResourceGroupName "securityConnectors-pwsh-tmp" -Name "ado-sdk-pwsh-test03" `
-EnvironmentName AzureDevOps -EnvironmentData (New-AzSecurityAzureDevOpsScopeEnvironmentObject) `
-HierarchyIdentifier ([guid]::NewGuid().ToString()) -Location "CentralUS" `
-Offering @(New-AzSecurityCspmMonitorAzureDevOpsOfferingObject)
EnvironmentData : {
"environmentType": "AzureDevOpsScope"
}
EnvironmentName : AzureDevOps
Etag :
HierarchyIdentifier : 9dd01e19-8aaf-43a2-8dd4-1c5992f4df35
HierarchyIdentifierTrialEndDate :
Id : /subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/securityconnectors-pwsh-tmp/providers/Microsoft.Security/securityConnectors/ado-sdk-pwsh-test03
Kind :
Location : CentralUS
Name : ado-sdk-pwsh-test03
Offering : {{
"offeringType": "CspmMonitorAzureDevOps"
}}
ResourceGroupName : securityconnectors-pwsh-tmp
SystemDataCreatedAt : 2/24/2024 12:13:11 AM
SystemDataCreatedBy : c3d82ccb-fee1-430c-949e-6c0a217c00a8
SystemDataCreatedByType : Application
SystemDataLastModifiedAt : 2/24/2024 12:13:11 AM
SystemDataLastModifiedBy : c3d82ccb-fee1-430c-949e-6c0a217c00a8
SystemDataLastModifiedByType : Application
Tag : {
}
Type : Microsoft.Security/securityconnectors
Example 4: Create GitHub security connector
New-AzSecurityConnector -ResourceGroupName "securityConnectors-pwsh-tmp" -Name "gh-sdk-pwsh-test03" `
-EnvironmentName GitHub -EnvironmentData (New-AzSecurityGitHubScopeEnvironmentObject) `
-HierarchyIdentifier ([guid]::NewGuid().ToString()) -Location "CentralUS" `
-Offering @(New-AzSecurityCspmMonitorGithubOfferingObject)
EnvironmentData : {
"environmentType": "GithubScope"
}
EnvironmentName : Github
Etag :
HierarchyIdentifier : e8661d05-8003-46ae-b687-fa83746f44f3
HierarchyIdentifierTrialEndDate :
Id : /subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/securityconnectors-pwsh-tmp/providers/Microsoft.Security/securityConnectors/gh-sdk-pwsh-test03
Kind :
Location : CentralUS
Name : gh-sdk-pwsh-test03
Offering : {{
"offeringType": "CspmMonitorGithub"
}}
ResourceGroupName : securityconnectors-pwsh-tmp
SystemDataCreatedAt : 2/24/2024 12:55:33 AM
SystemDataCreatedBy : c3d82ccb-fee1-430c-949e-6c0a217c00a8
SystemDataCreatedByType : Application
SystemDataLastModifiedAt : 2/24/2024 12:55:33 AM
SystemDataLastModifiedBy : c3d82ccb-fee1-430c-949e-6c0a217c00a8
SystemDataLastModifiedByType : Application
Tag : {
}
Type : Microsoft.Security/securityconnectors
Example 5: Create GitLab security connector
New-AzSecurityConnector -ResourceGroupName "securityConnectors-pwsh-tmp" -Name "gl-sdk-pwsh-test03" `
-EnvironmentName GitLab -EnvironmentData (New-AzSecurityGitLabScopeEnvironmentObject) `
-HierarchyIdentifier ([guid]::NewGuid().ToString()) -Location "CentralUS" `
-Offering @(New-AzSecurityCspmMonitorGitLabOfferingObject)
EnvironmentData : {
"environmentType": "GitLabScope"
}
EnvironmentName : GitLab
Etag :
HierarchyIdentifier : e8661d05-8003-46ae-b687-fa83746f44f3
HierarchyIdentifierTrialEndDate :
Id : /subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/securityconnectors-pwsh-tmp/providers/Microsoft.Security/securityConnectors/gl-sdk-pwsh-test03
Kind :
Location : CentralUS
Name : gl-sdk-pwsh-test03
Offering : {{
"offeringType": "CspmMonitorGitLab"
}}
ResourceGroupName : securityconnectors-pwsh-tmp
SystemDataCreatedAt : 2/24/2024 12:55:33 AM
SystemDataCreatedBy : c3d82ccb-fee1-430c-949e-6c0a217c00a8
SystemDataCreatedByType : Application
SystemDataLastModifiedAt : 2/24/2024 12:55:33 AM
SystemDataLastModifiedBy : c3d82ccb-fee1-430c-949e-6c0a217c00a8
SystemDataLastModifiedByType : Application
Tag : {
}
Type : Microsoft.Security/securityconnectors
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DefaultProfile
The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription.
Type: | PSObject |
Aliases: | AzureRMContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-EnvironmentData
The security connector environment data.
Type: | ISecurityConnectorEnvironment |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-EnvironmentName
The multi cloud resource's cloud name.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Etag
Entity tag is used for comparing two or more entities from the same requested resource.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-HierarchyIdentifier
The multi cloud resource identifier (account id in case of AWS connector, project number in case of GCP connector).
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Kind
Kind of the resource
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Location
Location where the resource is stored
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Name
The security connector name.
Type: | String |
Aliases: | SecurityConnectorName |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Offering
A collection of offerings for the security connector.
Type: | ICloudOffering[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ResourceGroupName
The name of the resource group within the user's subscription. The name is case insensitive.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SubscriptionId
Azure subscription ID
Type: | String |
Position: | Named |
Default value: | (Get-AzContext).Subscription.Id |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Tag
A list of key value pairs that describe the resource.
Type: | Hashtable |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Outputs
Azure PowerShell