az sentinel data-connector
Note
This reference is part of the sentinel extension for the Azure CLI (version 2.37.0 or higher). The extension will automatically install the first time you run an az sentinel data-connector command. Learn more about extensions.
Manage data connector with sentinel.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az sentinel data-connector connect |
Connect a data connector. |
Extension | Experimental |
| az sentinel data-connector create |
Create the data connector. |
Extension | Experimental |
| az sentinel data-connector delete |
Delete the data connector. |
Extension | Experimental |
| az sentinel data-connector disconnect |
Disconnect a data connector. |
Extension | Experimental |
| az sentinel data-connector list |
Get all data connectors. |
Extension | Experimental |
| az sentinel data-connector show |
Get a data connector. |
Extension | Experimental |
| az sentinel data-connector update |
Update the data connector. |
Extension | Experimental |
az sentinel data-connector connect
This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Connect a data connector.
az sentinel data-connector connect --data-connector-id
--resource-group
--workspace-name
[--api-key]
[--authorization-code]
[--client-id]
[--client-secret]
[--endpoint]
[--kind {APIKey, Basic, OAuth2}]
[--output-stream]
[--password]
[--rule-immutable-id]
[--user-name]Required Parameters
Connector ID.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The name of the workspace.
Optional Parameters
The API key of the audit server.
The authorization code used in OAuth 2.0 code flow to issue a token.
The client id of the OAuth 2.0 application.
The client secret of the OAuth 2.0 application.
Used in v2 logs connector. Represents the data collection ingestion endpoint in log analytics.
The authentication kind used to poll the data.
Used in v2 logs connector. The stream we are sending the data to, this is the name of the streamDeclarations defined in the DCR.
The user password in the audit log server.
Used in v2 logs connector. The data collection rule immutable id, the rule defines the transformation and data destination.
The user name in the audit log server.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az sentinel data-connector create
This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Create the data connector.
az sentinel data-connector create --data-connector-id
--resource-group
--workspace-name
[--api-polling]
[--aws-cloud-trail]
[--aws-s3]
[--azure-active-directory]
[--azure-protection]
[--azure-security-center]
[--cloud-app-security]
[--defender-protection]
[--dynamics365]
[--etag]
[--generic-ui]
[--intelligence-taxii]
[--iot]
[--microsoft-intelligence]
[--microsoft-protection]
[--office-atp]
[--office-irm]
[--office-power-bi]
[--office365]
[--office365-project]
[--threat-intelligence]Required Parameters
Connector ID.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The name of the workspace.
Optional Parameters
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Amazon web services cloud trail. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Amazon web services s3. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Azure advanced threat protection. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Microsoft cloud app security. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Microsoft defender advanced threat protection. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Etag of the azure resource.
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Threat intelligence taxii. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Microsoft threat intelligence. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Microsoft threat protection. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az sentinel data-connector delete
This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Delete the data connector.
az sentinel data-connector delete [--data-connector-id]
[--ids]
[--resource-group]
[--subscription]
[--workspace-name]
[--yes]Optional Parameters
Connector ID.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
The name of the workspace.
Do not prompt for confirmation.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az sentinel data-connector disconnect
This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Disconnect a data connector.
az sentinel data-connector disconnect --data-connector-id
--resource-group
--workspace-nameRequired Parameters
Connector ID.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The name of the workspace.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az sentinel data-connector list
This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Get all data connectors.
az sentinel data-connector list --resource-group
--workspace-nameRequired Parameters
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The name of the workspace.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az sentinel data-connector show
This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Get a data connector.
az sentinel data-connector show [--data-connector-id]
[--ids]
[--resource-group]
[--subscription]
[--workspace-name]Optional Parameters
Connector ID.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
The name of the workspace.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az sentinel data-connector update
This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Update the data connector.
az sentinel data-connector update [--add]
[--api-polling]
[--aws-cloud-trail]
[--aws-s3]
[--azure-active-directory]
[--azure-protection]
[--azure-security-center]
[--cloud-app-security]
[--data-connector-id]
[--defender-protection]
[--dynamics365]
[--etag]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--generic-ui]
[--ids]
[--intelligence-taxii]
[--iot]
[--microsoft-intelligence]
[--microsoft-protection]
[--office-atp]
[--office-irm]
[--office-power-bi]
[--office365]
[--office365-project]
[--remove]
[--resource-group]
[--set]
[--subscription]
[--threat-intelligence]
[--workspace-name]Optional Parameters
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Amazon web services cloud trail. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Amazon web services s3. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Azure advanced threat protection. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Microsoft cloud app security. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Connector ID.
Microsoft defender advanced threat protection. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Etag of the azure resource.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Threat intelligence taxii. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Microsoft threat intelligence. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Microsoft threat protection. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The name of the workspace.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
