I have to deploy data connectors in sentinel using infa as a code.

16557136 21 Reputation points
2022-09-19T18:54:47.68+00:00

I have to code to automatically deploy data connectors using bicep/ARM or Powershell. I have gone through this link "https://github.com/Azure/Azure-Sentinel/tree/master/Tools/Sentinel-All-In-One" which has solve my 90% problem.
but if I have to add a connector like "network Security group, Microsoft defender for identity etc" I cannot find any source for properties and kind.
when I am adding manually and using LIST rest API to fetch details, nothing Is printing.
GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors?api-version=2021-10-01
242619-image.png

while there are 7 data connectors on portal.
242605-image.png

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,109 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Clive Watson 6,346 Reputation points MVP
    2022-09-20T13:56:08.757+00:00

    What is slightly unclear is that this isn't a "All Connectors" REST api , it's just the connectors listed here https://learn.microsoft.com/en-us/rest/api/securityinsights/stable/data-connectors/list?tabs=HTTP#dataconnectorkind of which you have 4 of them. This has been raised many times, hopefully Microsoft will add others to this or provide another api/method.

    Please accept the answer if this helps you, and this will help others.


  2. Clive Watson 6,346 Reputation points MVP
    2022-09-20T15:44:19.973+00:00

    The api is working correctly, the api reports on these Connectors only (as per my link above)
    243086-image.png

    azure activity, azure key Vault and Network security group are NOT in that list so wont show up using this api. The portal is using another method for the count, we have no public api to use to do the same at this time.

    Please accept the answer if this helps you, and this will help others.

    0 comments No comments

  3. 16557136 21 Reputation points
    2022-09-20T15:53:55.69+00:00

    Thanks for your replies. It cleared my doubt. Can you or someone help me how to write arm or Json for data connectors apart from the list you mentioned. there are 128 on portal. any source for deploying data connectors using rest api or ARM templates. where to find all required properties and kind?

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.