Microsoft.SecurityInsights dataConnectors 2021-03-01-preview
Article 02/13/2023
1 contributor
Feedback
In this article
Bicep resource definition
The dataConnectors resource type is an extension resource , which means you can apply it to another resource.
Use the scope
property on this resource to set the scope for this resource. See Set scope on extension resources in Bicep .
For a list of changed properties in each API version, see change log .
To create a Microsoft.SecurityInsights/dataConnectors resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.SecurityInsights/dataConnectors@2021-03-01-preview' = {
name: 'string'
kind: 'string'
scope: resourceSymbolicName
etag: 'string'
// For remaining properties, see dataConnectors objects
}
dataConnectors objects
Set the kind property to specify the type of object.
For AmazonWebServicesCloudTrail , use:
kind: 'AmazonWebServicesCloudTrail'
properties: {
dataTypes: {
logs: {
state: 'string'
}
}
}
For AzureActiveDirectory , use:
kind: 'AzureActiveDirectory'
properties: {
dataTypes: {
alerts: {
state: 'string'
}
}
tenantId: 'string'
}
For AzureAdvancedThreatProtection , use:
kind: 'AzureAdvancedThreatProtection'
properties: {
dataTypes: {
alerts: {
state: 'string'
}
}
tenantId: 'string'
}
For AzureSecurityCenter , use:
kind: 'AzureSecurityCenter'
properties: {
dataTypes: {
alerts: {
state: 'string'
}
}
subscriptionId: 'string'
}
For Dynamics365 , use:
kind: 'Dynamics365'
properties: {
dataTypes: {
dynamics365CdsActivities: {
state: 'string'
}
}
tenantId: 'string'
}
For GenericUI , use:
kind: 'GenericUI'
properties: {
connectorUiConfig: {
availability: {
isPreview: bool
status: '1'
}
connectivityCriteria: [
{
type: 'IsConnectedQuery'
value: [
'string'
]
}
]
customImage: 'string'
dataTypes: [
{
lastDataReceivedQuery: 'string'
name: 'string'
}
]
descriptionMarkdown: 'string'
graphQueries: [
{
baseQuery: 'string'
legend: 'string'
metricName: 'string'
}
]
graphQueriesTableName: 'string'
instructionSteps: [
{
description: 'string'
instructions: [
{
parameters: any()
type: 'string'
}
]
title: 'string'
}
]
permissions: {
customs: [
{
description: 'string'
name: 'string'
}
]
resourceProvider: [
{
permissionsDisplayText: 'string'
provider: 'string'
providerDisplayName: 'string'
requiredPermissions: {
action: bool
delete: bool
read: bool
write: bool
}
scope: 'string'
}
]
}
publisher: 'string'
sampleQueries: [
{
description: 'string'
query: 'string'
}
]
title: 'string'
}
}
For MicrosoftCloudAppSecurity , use:
kind: 'MicrosoftCloudAppSecurity'
properties: {
dataTypes: {
alerts: {
state: 'string'
}
discoveryLogs: {
state: 'string'
}
}
tenantId: 'string'
}
For MicrosoftDefenderAdvancedThreatProtection , use:
kind: 'MicrosoftDefenderAdvancedThreatProtection'
properties: {
dataTypes: {
alerts: {
state: 'string'
}
}
tenantId: 'string'
}
For MicrosoftThreatIntelligence , use:
kind: 'MicrosoftThreatIntelligence'
properties: {
dataTypes: {
bingSafetyPhishingURL: {
lookbackPeriod: 'string'
state: 'string'
}
microsoftEmergingThreatFeed: {
lookbackPeriod: 'string'
state: 'string'
}
}
tenantId: 'string'
}
For MicrosoftThreatProtection , use:
kind: 'MicrosoftThreatProtection'
properties: {
dataTypes: {
incidents: {
state: 'string'
}
}
tenantId: 'string'
}
For Office365 , use:
kind: 'Office365'
properties: {
dataTypes: {
exchange: {
state: 'string'
}
sharePoint: {
state: 'string'
}
teams: {
state: 'string'
}
}
tenantId: 'string'
}
For OfficeATP , use:
kind: 'OfficeATP'
properties: {
dataTypes: {
alerts: {
state: 'string'
}
}
tenantId: 'string'
}
For ThreatIntelligence , use:
kind: 'ThreatIntelligence'
properties: {
dataTypes: {
indicators: {
state: 'string'
}
}
tenantId: 'string'
tipLookbackPeriod: 'string'
}
For ThreatIntelligenceTaxii , use:
kind: 'ThreatIntelligenceTaxii'
properties: {
collectionId: 'string'
dataTypes: {
taxiiClient: {
state: 'string'
}
}
friendlyName: 'string'
password: 'string'
pollingFrequency: 'string'
taxiiLookbackPeriod: 'string'
taxiiServer: 'string'
tenantId: 'string'
userName: 'string'
workspaceId: 'string'
}
Property values
dataConnectors
AwsCloudTrailDataConnector
Name
Description
Value
kind
The data connector kind
'AmazonWebServicesCloudTrail' (required)
properties
Amazon Web Services CloudTrail data connector properties.
AwsCloudTrailDataConnectorProperties
AwsCloudTrailDataConnectorProperties
AwsCloudTrailDataConnectorDataTypes
AwsCloudTrailDataConnectorDataTypesLogs
Name
Description
Value
state
Describe whether this data type connection is enabled or not.
'Disabled' 'Enabled' (required)
AADDataConnector
Name
Description
Value
kind
The data connector kind
'AzureActiveDirectory' (required)
properties
AAD (Azure Active Directory) data connector properties.
AADDataConnectorProperties
AADDataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
AlertsDataTypeOfDataConnector
tenantId
The tenant id to connect to, and get the data from.
string (required)
AlertsDataTypeOfDataConnector
DataConnectorDataTypeCommon
Name
Description
Value
state
Describe whether this data type connection is enabled or not.
'Disabled' 'Enabled' (required)
AatpDataConnector
Name
Description
Value
kind
The data connector kind
'AzureAdvancedThreatProtection' (required)
properties
AATP (Azure Advanced Threat Protection) data connector properties.
AatpDataConnectorProperties
AatpDataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
AlertsDataTypeOfDataConnector
tenantId
The tenant id to connect to, and get the data from.
string (required)
ASCDataConnector
Name
Description
Value
kind
The data connector kind
'AzureSecurityCenter' (required)
properties
ASC (Azure Security Center) data connector properties.
ASCDataConnectorProperties
ASCDataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
AlertsDataTypeOfDataConnector
subscriptionId
The subscription id to connect to, and get the data from.
string
Dynamics365DataConnector
Dynamics365DataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
Dynamics365DataConnectorDataTypes (required)
tenantId
The tenant id to connect to, and get the data from.
string (required)
Dynamics365DataConnectorDataTypes
Dynamics365DataConnectorDataTypesDynamics365CdsActiv...
Name
Description
Value
state
Describe whether this data type connection is enabled or not.
'Disabled' 'Enabled' (required)
CodelessUiDataConnector
Name
Description
Value
kind
The data connector kind
'GenericUI' (required)
properties
Codeless UI data connector properties
CodelessParameters
CodelessParameters
CodelessUiConnectorConfigProperties
Availability
Name
Description
Value
isPreview
Set connector as preview
bool
status
The connector Availability Status
'1'
CodelessUiConnectorConfigPropertiesConnectivityCrite...
Name
Description
Value
type
type of connectivity
'IsConnectedQuery'
value
Queries for checking connectivity
string[]
CodelessUiConnectorConfigPropertiesDataTypesItem
Name
Description
Value
lastDataReceivedQuery
Query for indicate last data received
string
name
Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder
string
CodelessUiConnectorConfigPropertiesGraphQueriesItem
Name
Description
Value
baseQuery
The base query for the graph
string
legend
The legend for the graph
string
metricName
the metric that the query is checking
string
CodelessUiConnectorConfigPropertiesInstructionStepsI...
Name
Description
Value
description
Instruction step description
string
instructions
Instruction step details
InstructionStepsInstructionsItem []
title
Instruction step title
string
InstructionStepsInstructionsItem
Name
Description
Value
parameters
The parameters for the setting
For Bicep, you can use the any() function.
type
The kind of the setting
'CopyableLabel' 'InfoMessage' 'InstructionStepsGroup' (required)
Permissions
PermissionsCustomsItem
Name
Description
Value
description
Customs permissions description
string
name
Customs permissions name
string
PermissionsResourceProviderItem
Name
Description
Value
permissionsDisplayText
Permission description text
string
provider
Provider name
'Microsoft.Authorization/policyAssignments' 'Microsoft.OperationalInsights/solutions' 'Microsoft.OperationalInsights/workspaces' 'Microsoft.OperationalInsights/workspaces/datasources' 'Microsoft.OperationalInsights/workspaces/sharedKeys' 'microsoft.aadiam/diagnosticSettings'
providerDisplayName
Permission provider display name
string
requiredPermissions
Required permissions for the connector
RequiredPermissions
scope
Permission provider scope
'ResourceGroup' 'Subscription' 'Workspace'
RequiredPermissions
Name
Description
Value
action
action permission
bool
delete
delete permission
bool
read
read permission
bool
write
write permission
bool
CodelessUiConnectorConfigPropertiesSampleQueriesItem
Name
Description
Value
description
The sample query description
string
query
the sample query
string
McasDataConnector
Name
Description
Value
kind
The data connector kind
'MicrosoftCloudAppSecurity' (required)
properties
MCAS (Microsoft Cloud App Security) data connector properties.
McasDataConnectorProperties
McasDataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
McasDataConnectorDataTypes (required)
tenantId
The tenant id to connect to, and get the data from.
string (required)
McasDataConnectorDataTypes
MdatpDataConnector
Name
Description
Value
kind
The data connector kind
'MicrosoftDefenderAdvancedThreatProtection' (required)
properties
MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.
MdatpDataConnectorProperties
MdatpDataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
AlertsDataTypeOfDataConnector
tenantId
The tenant id to connect to, and get the data from.
string (required)
MstiDataConnector
Name
Description
Value
kind
The data connector kind
'MicrosoftThreatIntelligence' (required)
properties
Microsoft Threat Intelligence data connector properties.
MstiDataConnectorProperties
MstiDataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
MstiDataConnectorDataTypes (required)
tenantId
The tenant id to connect to, and get the data from.
string (required)
MstiDataConnectorDataTypes
MstiDataConnectorDataTypesBingSafetyPhishingURL
Name
Description
Value
lookbackPeriod
lookback period
string (required)
state
Describe whether this data type connection is enabled or not.
'Disabled' 'Enabled' (required)
MstiDataConnectorDataTypesMicrosoftEmergingThreatFee...
Name
Description
Value
lookbackPeriod
lookback period
string (required)
state
Describe whether this data type connection is enabled or not.
'Disabled' 'Enabled' (required)
MTPDataConnector
Name
Description
Value
kind
The data connector kind
'MicrosoftThreatProtection' (required)
properties
MTP (Microsoft Threat Protection) data connector properties.
MTPDataConnectorProperties
MTPDataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
MTPDataConnectorDataTypes (required)
tenantId
The tenant id to connect to, and get the data from.
string (required)
MTPDataConnectorDataTypes
MTPDataConnectorDataTypesIncidents
Name
Description
Value
state
Describe whether this data type connection is enabled or not.
'Disabled' 'Enabled' (required)
OfficeDataConnector
Name
Description
Value
kind
The data connector kind
'Office365' (required)
properties
Office data connector properties.
OfficeDataConnectorProperties
OfficeDataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
OfficeDataConnectorDataTypes (required)
tenantId
The tenant id to connect to, and get the data from.
string (required)
OfficeDataConnectorDataTypes
OfficeDataConnectorDataTypesExchange
Name
Description
Value
state
Describe whether this data type connection is enabled or not.
'Disabled' 'Enabled' (required)
OfficeDataConnectorDataTypesSharePoint
Name
Description
Value
state
Describe whether this data type connection is enabled or not.
'Disabled' 'Enabled' (required)
OfficeDataConnectorDataTypesTeams
Name
Description
Value
state
Describe whether this data type connection is enabled or not.
'Disabled' 'Enabled' (required)
OfficeATPDataConnector
Name
Description
Value
kind
The data connector kind
'OfficeATP' (required)
properties
OfficeATP (Office 365 Advanced Threat Protection) data connector properties.
OfficeATPDataConnectorProperties
OfficeATPDataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
AlertsDataTypeOfDataConnector
tenantId
The tenant id to connect to, and get the data from.
string (required)
TIDataConnector
Name
Description
Value
kind
The data connector kind
'ThreatIntelligence' (required)
properties
TI (Threat Intelligence) data connector properties.
TIDataConnectorProperties
TIDataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
TIDataConnectorDataTypes (required)
tenantId
The tenant id to connect to, and get the data from.
string (required)
tipLookbackPeriod
The lookback period for the feed to be imported.
string
TIDataConnectorDataTypes
TIDataConnectorDataTypesIndicators
Name
Description
Value
state
Describe whether this data type connection is enabled or not.
'Disabled' 'Enabled' (required)
TiTaxiiDataConnector
Name
Description
Value
kind
The data connector kind
'ThreatIntelligenceTaxii' (required)
properties
Threat intelligence TAXII data connector properties.
TiTaxiiDataConnectorProperties
TiTaxiiDataConnectorProperties
Name
Description
Value
collectionId
The collection id of the TAXII server.
string
dataTypes
The available data types for Threat Intelligence TAXII data connector.
TiTaxiiDataConnectorDataTypes (required)
friendlyName
The friendly name for the TAXII server.
string
password
The password for the TAXII server.
string
pollingFrequency
The polling frequency for the TAXII server.
'OnceADay' 'OnceAMinute' 'OnceAnHour' (required)
taxiiLookbackPeriod
The lookback period for the TAXII server.
string
taxiiServer
The API root for the TAXII server.
string
tenantId
The tenant id to connect to, and get the data from.
string (required)
userName
The userName for the TAXII server.
string
workspaceId
The workspace id.
string
TiTaxiiDataConnectorDataTypes
TiTaxiiDataConnectorDataTypesTaxiiClient
Name
Description
Value
state
Describe whether this data type connection is enabled or not.
'Disabled' 'Enabled' (required)
ARM template resource definition
The dataConnectors resource type is an extension resource , which means you can apply it to another resource.
Use the scope
property on this resource to set the scope for this resource. See Set scope on extension resources in ARM templates .
For a list of changed properties in each API version, see change log .
To create a Microsoft.SecurityInsights/dataConnectors resource, add the following JSON to your template.
{
"type": "Microsoft.SecurityInsights/dataConnectors",
"apiVersion": "2021-03-01-preview",
"name": "string",
"kind": "string",
"scope": "string",
"etag": "string",
// For remaining properties, see dataConnectors objects
}
dataConnectors objects
Set the kind property to specify the type of object.
For AmazonWebServicesCloudTrail , use:
"kind": "AmazonWebServicesCloudTrail",
"properties": {
"dataTypes": {
"logs": {
"state": "string"
}
}
}
For AzureActiveDirectory , use:
"kind": "AzureActiveDirectory",
"properties": {
"dataTypes": {
"alerts": {
"state": "string"
}
},
"tenantId": "string"
}
For AzureAdvancedThreatProtection , use:
"kind": "AzureAdvancedThreatProtection",
"properties": {
"dataTypes": {
"alerts": {
"state": "string"
}
},
"tenantId": "string"
}
For AzureSecurityCenter , use:
"kind": "AzureSecurityCenter",
"properties": {
"dataTypes": {
"alerts": {
"state": "string"
}
},
"subscriptionId": "string"
}
For Dynamics365 , use:
"kind": "Dynamics365",
"properties": {
"dataTypes": {
"dynamics365CdsActivities": {
"state": "string"
}
},
"tenantId": "string"
}
For GenericUI , use:
"kind": "GenericUI",
"properties": {
"connectorUiConfig": {
"availability": {
"isPreview": "bool",
"status": "1"
},
"connectivityCriteria": [
{
"type": "IsConnectedQuery",
"value": [ "string" ]
}
],
"customImage": "string",
"dataTypes": [
{
"lastDataReceivedQuery": "string",
"name": "string"
}
],
"descriptionMarkdown": "string",
"graphQueries": [
{
"baseQuery": "string",
"legend": "string",
"metricName": "string"
}
],
"graphQueriesTableName": "string",
"instructionSteps": [
{
"description": "string",
"instructions": [
{
"parameters": {},
"type": "string"
}
],
"title": "string"
}
],
"permissions": {
"customs": [
{
"description": "string",
"name": "string"
}
],
"resourceProvider": [
{
"permissionsDisplayText": "string",
"provider": "string",
"providerDisplayName": "string",
"requiredPermissions": {
"action": "bool",
"delete": "bool",
"read": "bool",
"write": "bool"
},
"scope": "string"
}
]
},
"publisher": "string",
"sampleQueries": [
{
"description": "string",
"query": "string"
}
],
"title": "string"
}
}
For MicrosoftCloudAppSecurity , use:
"kind": "MicrosoftCloudAppSecurity",
"properties": {
"dataTypes": {
"alerts": {
"state": "string"
},
"discoveryLogs": {
"state": "string"
}
},
"tenantId": "string"
}
For MicrosoftDefenderAdvancedThreatProtection , use:
"kind": "MicrosoftDefenderAdvancedThreatProtection",
"properties": {
"dataTypes": {
"alerts": {
"state": "string"
}
},
"tenantId": "string"
}
For MicrosoftThreatIntelligence , use:
"kind": "MicrosoftThreatIntelligence",
"properties": {
"dataTypes": {
"bingSafetyPhishingURL": {
"lookbackPeriod": "string",
"state": "string"
},
"microsoftEmergingThreatFeed": {
"lookbackPeriod": "string",
"state": "string"
}
},
"tenantId": "string"
}
For MicrosoftThreatProtection , use:
"kind": "MicrosoftThreatProtection",
"properties": {
"dataTypes": {
"incidents": {
"state": "string"
}
},
"tenantId": "string"
}
For Office365 , use:
"kind": "Office365",
"properties": {
"dataTypes": {
"exchange": {
"state": "string"
},
"sharePoint": {
"state": "string"
},
"teams": {
"state": "string"
}
},
"tenantId": "string"
}
For OfficeATP , use:
"kind": "OfficeATP",
"properties": {
"dataTypes": {
"alerts": {
"state": "string"
}
},
"tenantId": "string"
}
For ThreatIntelligence , use:
"kind": "ThreatIntelligence",
"properties": {
"dataTypes": {
"indicators": {
"state": "string"
}
},
"tenantId": "string",
"tipLookbackPeriod": "string"
}
For ThreatIntelligenceTaxii , use:
"kind": "ThreatIntelligenceTaxii",
"properties": {
"collectionId": "string",
"dataTypes": {
"taxiiClient": {
"state": "string"
}
},
"friendlyName": "string",
"password": "string",
"pollingFrequency": "string",
"taxiiLookbackPeriod": "string",
"taxiiServer": "string",
"tenantId": "string",
"userName": "string",
"workspaceId": "string"
}
Property values
dataConnectors
AwsCloudTrailDataConnector
Name
Description
Value
kind
The data connector kind
'AmazonWebServicesCloudTrail' (required)
properties
Amazon Web Services CloudTrail data connector properties.
AwsCloudTrailDataConnectorProperties
AwsCloudTrailDataConnectorProperties
AwsCloudTrailDataConnectorDataTypes
AwsCloudTrailDataConnectorDataTypesLogs
Name
Description
Value
state
Describe whether this data type connection is enabled or not.
'Disabled' 'Enabled' (required)
AADDataConnector
Name
Description
Value
kind
The data connector kind
'AzureActiveDirectory' (required)
properties
AAD (Azure Active Directory) data connector properties.
AADDataConnectorProperties
AADDataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
AlertsDataTypeOfDataConnector
tenantId
The tenant id to connect to, and get the data from.
string (required)
AlertsDataTypeOfDataConnector
DataConnectorDataTypeCommon
Name
Description
Value
state
Describe whether this data type connection is enabled or not.
'Disabled' 'Enabled' (required)
AatpDataConnector
Name
Description
Value
kind
The data connector kind
'AzureAdvancedThreatProtection' (required)
properties
AATP (Azure Advanced Threat Protection) data connector properties.
AatpDataConnectorProperties
AatpDataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
AlertsDataTypeOfDataConnector
tenantId
The tenant id to connect to, and get the data from.
string (required)
ASCDataConnector
Name
Description
Value
kind
The data connector kind
'AzureSecurityCenter' (required)
properties
ASC (Azure Security Center) data connector properties.
ASCDataConnectorProperties
ASCDataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
AlertsDataTypeOfDataConnector
subscriptionId
The subscription id to connect to, and get the data from.
string
Dynamics365DataConnector
Dynamics365DataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
Dynamics365DataConnectorDataTypes (required)
tenantId
The tenant id to connect to, and get the data from.
string (required)
Dynamics365DataConnectorDataTypes
Dynamics365DataConnectorDataTypesDynamics365CdsActiv...
Name
Description
Value
state
Describe whether this data type connection is enabled or not.
'Disabled' 'Enabled' (required)
CodelessUiDataConnector
Name
Description
Value
kind
The data connector kind
'GenericUI' (required)
properties
Codeless UI data connector properties
CodelessParameters
CodelessParameters
CodelessUiConnectorConfigProperties
Availability
Name
Description
Value
isPreview
Set connector as preview
bool
status
The connector Availability Status
'1'
CodelessUiConnectorConfigPropertiesConnectivityCrite...
Name
Description
Value
type
type of connectivity
'IsConnectedQuery'
value
Queries for checking connectivity
string[]
CodelessUiConnectorConfigPropertiesDataTypesItem
Name
Description
Value
lastDataReceivedQuery
Query for indicate last data received
string
name
Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder
string
CodelessUiConnectorConfigPropertiesGraphQueriesItem
Name
Description
Value
baseQuery
The base query for the graph
string
legend
The legend for the graph
string
metricName
the metric that the query is checking
string
CodelessUiConnectorConfigPropertiesInstructionStepsI...
Name
Description
Value
description
Instruction step description
string
instructions
Instruction step details
InstructionStepsInstructionsItem []
title
Instruction step title
string
InstructionStepsInstructionsItem
Name
Description
Value
parameters
The parameters for the setting
type
The kind of the setting
'CopyableLabel' 'InfoMessage' 'InstructionStepsGroup' (required)
Permissions
PermissionsCustomsItem
Name
Description
Value
description
Customs permissions description
string
name
Customs permissions name
string
PermissionsResourceProviderItem
Name
Description
Value
permissionsDisplayText
Permission description text
string
provider
Provider name
'Microsoft.Authorization/policyAssignments' 'Microsoft.OperationalInsights/solutions' 'Microsoft.OperationalInsights/workspaces' 'Microsoft.OperationalInsights/workspaces/datasources' 'Microsoft.OperationalInsights/workspaces/sharedKeys' 'microsoft.aadiam/diagnosticSettings'
providerDisplayName
Permission provider display name
string
requiredPermissions
Required permissions for the connector
RequiredPermissions
scope
Permission provider scope
'ResourceGroup' 'Subscription' 'Workspace'
RequiredPermissions
Name
Description
Value
action
action permission
bool
delete
delete permission
bool
read
read permission
bool
write
write permission
bool
CodelessUiConnectorConfigPropertiesSampleQueriesItem
Name
Description
Value
description
The sample query description
string
query
the sample query
string
McasDataConnector
Name
Description
Value
kind
The data connector kind
'MicrosoftCloudAppSecurity' (required)
properties
MCAS (Microsoft Cloud App Security) data connector properties.
McasDataConnectorProperties
McasDataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
McasDataConnectorDataTypes (required)
tenantId
The tenant id to connect to, and get the data from.
string (required)
McasDataConnectorDataTypes
MdatpDataConnector
Name
Description
Value
kind
The data connector kind
'MicrosoftDefenderAdvancedThreatProtection' (required)
properties
MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.
MdatpDataConnectorProperties
MdatpDataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
AlertsDataTypeOfDataConnector
tenantId
The tenant id to connect to, and get the data from.
string (required)
MstiDataConnector
Name
Description
Value
kind
The data connector kind
'MicrosoftThreatIntelligence' (required)
properties
Microsoft Threat Intelligence data connector properties.
MstiDataConnectorProperties
MstiDataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
MstiDataConnectorDataTypes (required)
tenantId
The tenant id to connect to, and get the data from.
string (required)
MstiDataConnectorDataTypes
MstiDataConnectorDataTypesBingSafetyPhishingURL
Name
Description
Value
lookbackPeriod
lookback period
string (required)
state
Describe whether this data type connection is enabled or not.
'Disabled' 'Enabled' (required)
MstiDataConnectorDataTypesMicrosoftEmergingThreatFee...
Name
Description
Value
lookbackPeriod
lookback period
string (required)
state
Describe whether this data type connection is enabled or not.
'Disabled' 'Enabled' (required)
MTPDataConnector
Name
Description
Value
kind
The data connector kind
'MicrosoftThreatProtection' (required)
properties
MTP (Microsoft Threat Protection) data connector properties.
MTPDataConnectorProperties
MTPDataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
MTPDataConnectorDataTypes (required)
tenantId
The tenant id to connect to, and get the data from.
string (required)
MTPDataConnectorDataTypes
MTPDataConnectorDataTypesIncidents
Name
Description
Value
state
Describe whether this data type connection is enabled or not.
'Disabled' 'Enabled' (required)
OfficeDataConnector
Name
Description
Value
kind
The data connector kind
'Office365' (required)
properties
Office data connector properties.
OfficeDataConnectorProperties
OfficeDataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
OfficeDataConnectorDataTypes (required)
tenantId
The tenant id to connect to, and get the data from.
string (required)
OfficeDataConnectorDataTypes
OfficeDataConnectorDataTypesExchange
Name
Description
Value
state
Describe whether this data type connection is enabled or not.
'Disabled' 'Enabled' (required)
OfficeDataConnectorDataTypesSharePoint
Name
Description
Value
state
Describe whether this data type connection is enabled or not.
'Disabled' 'Enabled' (required)
OfficeDataConnectorDataTypesTeams
Name
Description
Value
state
Describe whether this data type connection is enabled or not.
'Disabled' 'Enabled' (required)
OfficeATPDataConnector
Name
Description
Value
kind
The data connector kind
'OfficeATP' (required)
properties
OfficeATP (Office 365 Advanced Threat Protection) data connector properties.
OfficeATPDataConnectorProperties
OfficeATPDataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
AlertsDataTypeOfDataConnector
tenantId
The tenant id to connect to, and get the data from.
string (required)
TIDataConnector
Name
Description
Value
kind
The data connector kind
'ThreatIntelligence' (required)
properties
TI (Threat Intelligence) data connector properties.
TIDataConnectorProperties
TIDataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
TIDataConnectorDataTypes (required)
tenantId
The tenant id to connect to, and get the data from.
string (required)
tipLookbackPeriod
The lookback period for the feed to be imported.
string
TIDataConnectorDataTypes
TIDataConnectorDataTypesIndicators
Name
Description
Value
state
Describe whether this data type connection is enabled or not.
'Disabled' 'Enabled' (required)
TiTaxiiDataConnector
Name
Description
Value
kind
The data connector kind
'ThreatIntelligenceTaxii' (required)
properties
Threat intelligence TAXII data connector properties.
TiTaxiiDataConnectorProperties
TiTaxiiDataConnectorProperties
Name
Description
Value
collectionId
The collection id of the TAXII server.
string
dataTypes
The available data types for Threat Intelligence TAXII data connector.
TiTaxiiDataConnectorDataTypes (required)
friendlyName
The friendly name for the TAXII server.
string
password
The password for the TAXII server.
string
pollingFrequency
The polling frequency for the TAXII server.
'OnceADay' 'OnceAMinute' 'OnceAnHour' (required)
taxiiLookbackPeriod
The lookback period for the TAXII server.
string
taxiiServer
The API root for the TAXII server.
string
tenantId
The tenant id to connect to, and get the data from.
string (required)
userName
The userName for the TAXII server.
string
workspaceId
The workspace id.
string
TiTaxiiDataConnectorDataTypes
TiTaxiiDataConnectorDataTypesTaxiiClient
Name
Description
Value
state
Describe whether this data type connection is enabled or not.
'Disabled' 'Enabled' (required)
The dataConnectors resource type is an extension resource , which means you can apply it to another resource.
Use the parent_id
property on this resource to set the scope for this resource.
For a list of changed properties in each API version, see change log .
To create a Microsoft.SecurityInsights/dataConnectors resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.SecurityInsights/dataConnectors@2021-03-01-preview"
name = "string"
parent_id = "string"
// For remaining properties, see dataConnectors objects
body = jsonencode({
kind = "string"
etag = "string"
})
}
dataConnectors objects
Set the kind property to specify the type of object.
For AmazonWebServicesCloudTrail , use:
kind = "AmazonWebServicesCloudTrail"
properties = {
dataTypes = {
logs = {
state = "string"
}
}
}
For AzureActiveDirectory , use:
kind = "AzureActiveDirectory"
properties = {
dataTypes = {
alerts = {
state = "string"
}
}
tenantId = "string"
}
For AzureAdvancedThreatProtection , use:
kind = "AzureAdvancedThreatProtection"
properties = {
dataTypes = {
alerts = {
state = "string"
}
}
tenantId = "string"
}
For AzureSecurityCenter , use:
kind = "AzureSecurityCenter"
properties = {
dataTypes = {
alerts = {
state = "string"
}
}
subscriptionId = "string"
}
For Dynamics365 , use:
kind = "Dynamics365"
properties = {
dataTypes = {
dynamics365CdsActivities = {
state = "string"
}
}
tenantId = "string"
}
For GenericUI , use:
kind = "GenericUI"
properties = {
connectorUiConfig = {
availability = {
isPreview = bool
status = "1"
}
connectivityCriteria = [
{
type = "IsConnectedQuery"
value = [
"string"
]
}
]
customImage = "string"
dataTypes = [
{
lastDataReceivedQuery = "string"
name = "string"
}
]
descriptionMarkdown = "string"
graphQueries = [
{
baseQuery = "string"
legend = "string"
metricName = "string"
}
]
graphQueriesTableName = "string"
instructionSteps = [
{
description = "string"
instructions = [
{
type = "string"
}
]
title = "string"
}
]
permissions = {
customs = [
{
description = "string"
name = "string"
}
]
resourceProvider = [
{
permissionsDisplayText = "string"
provider = "string"
providerDisplayName = "string"
requiredPermissions = {
action = bool
delete = bool
read = bool
write = bool
}
scope = "string"
}
]
}
publisher = "string"
sampleQueries = [
{
description = "string"
query = "string"
}
]
title = "string"
}
}
For MicrosoftCloudAppSecurity , use:
kind = "MicrosoftCloudAppSecurity"
properties = {
dataTypes = {
alerts = {
state = "string"
}
discoveryLogs = {
state = "string"
}
}
tenantId = "string"
}
For MicrosoftDefenderAdvancedThreatProtection , use:
kind = "MicrosoftDefenderAdvancedThreatProtection"
properties = {
dataTypes = {
alerts = {
state = "string"
}
}
tenantId = "string"
}
For MicrosoftThreatIntelligence , use:
kind = "MicrosoftThreatIntelligence"
properties = {
dataTypes = {
bingSafetyPhishingURL = {
lookbackPeriod = "string"
state = "string"
}
microsoftEmergingThreatFeed = {
lookbackPeriod = "string"
state = "string"
}
}
tenantId = "string"
}
For MicrosoftThreatProtection , use:
kind = "MicrosoftThreatProtection"
properties = {
dataTypes = {
incidents = {
state = "string"
}
}
tenantId = "string"
}
For Office365 , use:
kind = "Office365"
properties = {
dataTypes = {
exchange = {
state = "string"
}
sharePoint = {
state = "string"
}
teams = {
state = "string"
}
}
tenantId = "string"
}
For OfficeATP , use:
kind = "OfficeATP"
properties = {
dataTypes = {
alerts = {
state = "string"
}
}
tenantId = "string"
}
For ThreatIntelligence , use:
kind = "ThreatIntelligence"
properties = {
dataTypes = {
indicators = {
state = "string"
}
}
tenantId = "string"
tipLookbackPeriod = "string"
}
For ThreatIntelligenceTaxii , use:
kind = "ThreatIntelligenceTaxii"
properties = {
collectionId = "string"
dataTypes = {
taxiiClient = {
state = "string"
}
}
friendlyName = "string"
password = "string"
pollingFrequency = "string"
taxiiLookbackPeriod = "string"
taxiiServer = "string"
tenantId = "string"
userName = "string"
workspaceId = "string"
}
Property values
dataConnectors
AwsCloudTrailDataConnector
Name
Description
Value
kind
The data connector kind
"AmazonWebServicesCloudTrail" (required)
properties
Amazon Web Services CloudTrail data connector properties.
AwsCloudTrailDataConnectorProperties
AwsCloudTrailDataConnectorProperties
AwsCloudTrailDataConnectorDataTypes
AwsCloudTrailDataConnectorDataTypesLogs
Name
Description
Value
state
Describe whether this data type connection is enabled or not.
"Disabled" "Enabled" (required)
AADDataConnector
Name
Description
Value
kind
The data connector kind
"AzureActiveDirectory" (required)
properties
AAD (Azure Active Directory) data connector properties.
AADDataConnectorProperties
AADDataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
AlertsDataTypeOfDataConnector
tenantId
The tenant id to connect to, and get the data from.
string (required)
AlertsDataTypeOfDataConnector
DataConnectorDataTypeCommon
Name
Description
Value
state
Describe whether this data type connection is enabled or not.
"Disabled" "Enabled" (required)
AatpDataConnector
Name
Description
Value
kind
The data connector kind
"AzureAdvancedThreatProtection" (required)
properties
AATP (Azure Advanced Threat Protection) data connector properties.
AatpDataConnectorProperties
AatpDataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
AlertsDataTypeOfDataConnector
tenantId
The tenant id to connect to, and get the data from.
string (required)
ASCDataConnector
Name
Description
Value
kind
The data connector kind
"AzureSecurityCenter" (required)
properties
ASC (Azure Security Center) data connector properties.
ASCDataConnectorProperties
ASCDataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
AlertsDataTypeOfDataConnector
subscriptionId
The subscription id to connect to, and get the data from.
string
Dynamics365DataConnector
Dynamics365DataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
Dynamics365DataConnectorDataTypes (required)
tenantId
The tenant id to connect to, and get the data from.
string (required)
Dynamics365DataConnectorDataTypes
Dynamics365DataConnectorDataTypesDynamics365CdsActiv...
Name
Description
Value
state
Describe whether this data type connection is enabled or not.
"Disabled" "Enabled" (required)
CodelessUiDataConnector
Name
Description
Value
kind
The data connector kind
"GenericUI" (required)
properties
Codeless UI data connector properties
CodelessParameters
CodelessParameters
CodelessUiConnectorConfigProperties
Availability
Name
Description
Value
isPreview
Set connector as preview
bool
status
The connector Availability Status
"1"
CodelessUiConnectorConfigPropertiesConnectivityCrite...
Name
Description
Value
type
type of connectivity
"IsConnectedQuery"
value
Queries for checking connectivity
string[]
CodelessUiConnectorConfigPropertiesDataTypesItem
Name
Description
Value
lastDataReceivedQuery
Query for indicate last data received
string
name
Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder
string
CodelessUiConnectorConfigPropertiesGraphQueriesItem
Name
Description
Value
baseQuery
The base query for the graph
string
legend
The legend for the graph
string
metricName
the metric that the query is checking
string
CodelessUiConnectorConfigPropertiesInstructionStepsI...
Name
Description
Value
description
Instruction step description
string
instructions
Instruction step details
InstructionStepsInstructionsItem []
title
Instruction step title
string
InstructionStepsInstructionsItem
Name
Description
Value
parameters
The parameters for the setting
type
The kind of the setting
"CopyableLabel" "InfoMessage" "InstructionStepsGroup" (required)
Permissions
PermissionsCustomsItem
Name
Description
Value
description
Customs permissions description
string
name
Customs permissions name
string
PermissionsResourceProviderItem
Name
Description
Value
permissionsDisplayText
Permission description text
string
provider
Provider name
"Microsoft.Authorization/policyAssignments" "Microsoft.OperationalInsights/solutions" "Microsoft.OperationalInsights/workspaces" "Microsoft.OperationalInsights/workspaces/datasources" "Microsoft.OperationalInsights/workspaces/sharedKeys" "microsoft.aadiam/diagnosticSettings"
providerDisplayName
Permission provider display name
string
requiredPermissions
Required permissions for the connector
RequiredPermissions
scope
Permission provider scope
"ResourceGroup" "Subscription" "Workspace"
RequiredPermissions
Name
Description
Value
action
action permission
bool
delete
delete permission
bool
read
read permission
bool
write
write permission
bool
CodelessUiConnectorConfigPropertiesSampleQueriesItem
Name
Description
Value
description
The sample query description
string
query
the sample query
string
McasDataConnector
Name
Description
Value
kind
The data connector kind
"MicrosoftCloudAppSecurity" (required)
properties
MCAS (Microsoft Cloud App Security) data connector properties.
McasDataConnectorProperties
McasDataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
McasDataConnectorDataTypes (required)
tenantId
The tenant id to connect to, and get the data from.
string (required)
McasDataConnectorDataTypes
MdatpDataConnector
Name
Description
Value
kind
The data connector kind
"MicrosoftDefenderAdvancedThreatProtection" (required)
properties
MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.
MdatpDataConnectorProperties
MdatpDataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
AlertsDataTypeOfDataConnector
tenantId
The tenant id to connect to, and get the data from.
string (required)
MstiDataConnector
Name
Description
Value
kind
The data connector kind
"MicrosoftThreatIntelligence" (required)
properties
Microsoft Threat Intelligence data connector properties.
MstiDataConnectorProperties
MstiDataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
MstiDataConnectorDataTypes (required)
tenantId
The tenant id to connect to, and get the data from.
string (required)
MstiDataConnectorDataTypes
MstiDataConnectorDataTypesBingSafetyPhishingURL
Name
Description
Value
lookbackPeriod
lookback period
string (required)
state
Describe whether this data type connection is enabled or not.
"Disabled" "Enabled" (required)
MstiDataConnectorDataTypesMicrosoftEmergingThreatFee...
Name
Description
Value
lookbackPeriod
lookback period
string (required)
state
Describe whether this data type connection is enabled or not.
"Disabled" "Enabled" (required)
MTPDataConnector
Name
Description
Value
kind
The data connector kind
"MicrosoftThreatProtection" (required)
properties
MTP (Microsoft Threat Protection) data connector properties.
MTPDataConnectorProperties
MTPDataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
MTPDataConnectorDataTypes (required)
tenantId
The tenant id to connect to, and get the data from.
string (required)
MTPDataConnectorDataTypes
MTPDataConnectorDataTypesIncidents
Name
Description
Value
state
Describe whether this data type connection is enabled or not.
"Disabled" "Enabled" (required)
OfficeDataConnector
Name
Description
Value
kind
The data connector kind
"Office365" (required)
properties
Office data connector properties.
OfficeDataConnectorProperties
OfficeDataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
OfficeDataConnectorDataTypes (required)
tenantId
The tenant id to connect to, and get the data from.
string (required)
OfficeDataConnectorDataTypes
OfficeDataConnectorDataTypesExchange
Name
Description
Value
state
Describe whether this data type connection is enabled or not.
"Disabled" "Enabled" (required)
OfficeDataConnectorDataTypesSharePoint
Name
Description
Value
state
Describe whether this data type connection is enabled or not.
"Disabled" "Enabled" (required)
OfficeDataConnectorDataTypesTeams
Name
Description
Value
state
Describe whether this data type connection is enabled or not.
"Disabled" "Enabled" (required)
OfficeATPDataConnector
Name
Description
Value
kind
The data connector kind
"OfficeATP" (required)
properties
OfficeATP (Office 365 Advanced Threat Protection) data connector properties.
OfficeATPDataConnectorProperties
OfficeATPDataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
AlertsDataTypeOfDataConnector
tenantId
The tenant id to connect to, and get the data from.
string (required)
TIDataConnector
Name
Description
Value
kind
The data connector kind
"ThreatIntelligence" (required)
properties
TI (Threat Intelligence) data connector properties.
TIDataConnectorProperties
TIDataConnectorProperties
Name
Description
Value
dataTypes
The available data types for the connector.
TIDataConnectorDataTypes (required)
tenantId
The tenant id to connect to, and get the data from.
string (required)
tipLookbackPeriod
The lookback period for the feed to be imported.
string
TIDataConnectorDataTypes
TIDataConnectorDataTypesIndicators
Name
Description
Value
state
Describe whether this data type connection is enabled or not.
"Disabled" "Enabled" (required)
TiTaxiiDataConnector
Name
Description
Value
kind
The data connector kind
"ThreatIntelligenceTaxii" (required)
properties
Threat intelligence TAXII data connector properties.
TiTaxiiDataConnectorProperties
TiTaxiiDataConnectorProperties
Name
Description
Value
collectionId
The collection id of the TAXII server.
string
dataTypes
The available data types for Threat Intelligence TAXII data connector.
TiTaxiiDataConnectorDataTypes (required)
friendlyName
The friendly name for the TAXII server.
string
password
The password for the TAXII server.
string
pollingFrequency
The polling frequency for the TAXII server.
"OnceADay" "OnceAMinute" "OnceAnHour" (required)
taxiiLookbackPeriod
The lookback period for the TAXII server.
string
taxiiServer
The API root for the TAXII server.
string
tenantId
The tenant id to connect to, and get the data from.
string (required)
userName
The userName for the TAXII server.
string
workspaceId
The workspace id.
string
TiTaxiiDataConnectorDataTypes
TiTaxiiDataConnectorDataTypesTaxiiClient
Name
Description
Value
state
Describe whether this data type connection is enabled or not.
"Disabled" "Enabled" (required)