Microsoft.SecurityInsights dataConnectors 2021-03-01-preview

Bicep resource definition

The dataConnectors resource type is an extension resource, which means you can apply it to another resource.

Use the scope property on this resource to set the scope for this resource. See Set scope on extension resources in Bicep.

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.SecurityInsights/dataConnectors resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.SecurityInsights/dataConnectors@2021-03-01-preview' = {
  name: 'string'
  kind: 'string'
  scope: resourceSymbolicName
  etag: 'string'
  // For remaining properties, see dataConnectors objects
}

dataConnectors objects

Set the kind property to specify the type of object.

For AmazonWebServicesCloudTrail, use:

  kind: 'AmazonWebServicesCloudTrail'
  properties: {
    dataTypes: {
      logs: {
        state: 'string'
      }
    }
  }

For AzureActiveDirectory, use:

  kind: 'AzureActiveDirectory'
  properties: {
    dataTypes: {
      alerts: {
        state: 'string'
      }
    }
    tenantId: 'string'
  }

For AzureAdvancedThreatProtection, use:

  kind: 'AzureAdvancedThreatProtection'
  properties: {
    dataTypes: {
      alerts: {
        state: 'string'
      }
    }
    tenantId: 'string'
  }

For AzureSecurityCenter, use:

  kind: 'AzureSecurityCenter'
  properties: {
    dataTypes: {
      alerts: {
        state: 'string'
      }
    }
    subscriptionId: 'string'
  }

For Dynamics365, use:

  kind: 'Dynamics365'
  properties: {
    dataTypes: {
      dynamics365CdsActivities: {
        state: 'string'
      }
    }
    tenantId: 'string'
  }

For GenericUI, use:

  kind: 'GenericUI'
  properties: {
    connectorUiConfig: {
      availability: {
        isPreview: bool
        status: '1'
      }
      connectivityCriteria: [
        {
          type: 'IsConnectedQuery'
          value: [
            'string'
          ]
        }
      ]
      customImage: 'string'
      dataTypes: [
        {
          lastDataReceivedQuery: 'string'
          name: 'string'
        }
      ]
      descriptionMarkdown: 'string'
      graphQueries: [
        {
          baseQuery: 'string'
          legend: 'string'
          metricName: 'string'
        }
      ]
      graphQueriesTableName: 'string'
      instructionSteps: [
        {
          description: 'string'
          instructions: [
            {
              parameters: any()
              type: 'string'
            }
          ]
          title: 'string'
        }
      ]
      permissions: {
        customs: [
          {
            description: 'string'
            name: 'string'
          }
        ]
        resourceProvider: [
          {
            permissionsDisplayText: 'string'
            provider: 'string'
            providerDisplayName: 'string'
            requiredPermissions: {
              action: bool
              delete: bool
              read: bool
              write: bool
            }
            scope: 'string'
          }
        ]
      }
      publisher: 'string'
      sampleQueries: [
        {
          description: 'string'
          query: 'string'
        }
      ]
      title: 'string'
    }
  }

For MicrosoftCloudAppSecurity, use:

  kind: 'MicrosoftCloudAppSecurity'
  properties: {
    dataTypes: {
      alerts: {
        state: 'string'
      }
      discoveryLogs: {
        state: 'string'
      }
    }
    tenantId: 'string'
  }

For MicrosoftDefenderAdvancedThreatProtection, use:

  kind: 'MicrosoftDefenderAdvancedThreatProtection'
  properties: {
    dataTypes: {
      alerts: {
        state: 'string'
      }
    }
    tenantId: 'string'
  }

For MicrosoftThreatIntelligence, use:

  kind: 'MicrosoftThreatIntelligence'
  properties: {
    dataTypes: {
      bingSafetyPhishingURL: {
        lookbackPeriod: 'string'
        state: 'string'
      }
      microsoftEmergingThreatFeed: {
        lookbackPeriod: 'string'
        state: 'string'
      }
    }
    tenantId: 'string'
  }

For MicrosoftThreatProtection, use:

  kind: 'MicrosoftThreatProtection'
  properties: {
    dataTypes: {
      incidents: {
        state: 'string'
      }
    }
    tenantId: 'string'
  }

For Office365, use:

  kind: 'Office365'
  properties: {
    dataTypes: {
      exchange: {
        state: 'string'
      }
      sharePoint: {
        state: 'string'
      }
      teams: {
        state: 'string'
      }
    }
    tenantId: 'string'
  }

For OfficeATP, use:

  kind: 'OfficeATP'
  properties: {
    dataTypes: {
      alerts: {
        state: 'string'
      }
    }
    tenantId: 'string'
  }

For ThreatIntelligence, use:

  kind: 'ThreatIntelligence'
  properties: {
    dataTypes: {
      indicators: {
        state: 'string'
      }
    }
    tenantId: 'string'
    tipLookbackPeriod: 'string'
  }

For ThreatIntelligenceTaxii, use:

  kind: 'ThreatIntelligenceTaxii'
  properties: {
    collectionId: 'string'
    dataTypes: {
      taxiiClient: {
        state: 'string'
      }
    }
    friendlyName: 'string'
    password: 'string'
    pollingFrequency: 'string'
    taxiiLookbackPeriod: 'string'
    taxiiServer: 'string'
    tenantId: 'string'
    userName: 'string'
    workspaceId: 'string'
  }

Property values

dataConnectors

Name Description Value
name The resource name string (required)
kind Set the object type AmazonWebServicesCloudTrail
AzureActiveDirectory
AzureAdvancedThreatProtection
AzureSecurityCenter
Dynamics365
GenericUI
MicrosoftCloudAppSecurity
MicrosoftDefenderAdvancedThreatProtection
MicrosoftThreatIntelligence
MicrosoftThreatProtection
Office365
OfficeATP
ThreatIntelligence
ThreatIntelligenceTaxii (required)
scope Use when creating an extension resource at a scope that is different than the deployment scope. Target resource

For Bicep, set this property to the symbolic name of the resource to apply the extension resource.
etag Etag of the azure resource string

AwsCloudTrailDataConnector

Name Description Value
kind The data connector kind 'AmazonWebServicesCloudTrail' (required)
properties Amazon Web Services CloudTrail data connector properties. AwsCloudTrailDataConnectorProperties

AwsCloudTrailDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AwsCloudTrailDataConnectorDataTypes (required)

AwsCloudTrailDataConnectorDataTypes

Name Description Value
logs Logs data type. AwsCloudTrailDataConnectorDataTypesLogs (required)

AwsCloudTrailDataConnectorDataTypesLogs

Name Description Value
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled' (required)

AADDataConnector

Name Description Value
kind The data connector kind 'AzureActiveDirectory' (required)
properties AAD (Azure Active Directory) data connector properties. AADDataConnectorProperties

AADDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AlertsDataTypeOfDataConnector
tenantId The tenant id to connect to, and get the data from. string (required)

AlertsDataTypeOfDataConnector

Name Description Value
alerts Alerts data type connection. DataConnectorDataTypeCommon (required)

DataConnectorDataTypeCommon

Name Description Value
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled' (required)

AatpDataConnector

Name Description Value
kind The data connector kind 'AzureAdvancedThreatProtection' (required)
properties AATP (Azure Advanced Threat Protection) data connector properties. AatpDataConnectorProperties

AatpDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AlertsDataTypeOfDataConnector
tenantId The tenant id to connect to, and get the data from. string (required)

ASCDataConnector

Name Description Value
kind The data connector kind 'AzureSecurityCenter' (required)
properties ASC (Azure Security Center) data connector properties. ASCDataConnectorProperties

ASCDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AlertsDataTypeOfDataConnector
subscriptionId The subscription id to connect to, and get the data from. string

Dynamics365DataConnector

Name Description Value
kind The data connector kind 'Dynamics365' (required)
properties Dynamics365 data connector properties. Dynamics365DataConnectorProperties

Dynamics365DataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. Dynamics365DataConnectorDataTypes (required)
tenantId The tenant id to connect to, and get the data from. string (required)

Dynamics365DataConnectorDataTypes

Name Description Value
dynamics365CdsActivities Common Data Service data type connection. Dynamics365DataConnectorDataTypesDynamics365CdsActiv... (required)

Dynamics365DataConnectorDataTypesDynamics365CdsActiv...

Name Description Value
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled' (required)

CodelessUiDataConnector

Name Description Value
kind The data connector kind 'GenericUI' (required)
properties Codeless UI data connector properties CodelessParameters

CodelessParameters

Name Description Value
connectorUiConfig Config to describe the instructions blade CodelessUiConnectorConfigProperties

CodelessUiConnectorConfigProperties

Name Description Value
availability Connector Availability Status Availability (required)
connectivityCriteria Define the way the connector check connectivity CodelessUiConnectorConfigPropertiesConnectivityCrite...[] (required)
customImage An optional custom image to be used when displaying the connector within Azure Sentinel's connector's gallery string
dataTypes Data types to check for last data received CodelessUiConnectorConfigPropertiesDataTypesItem[] (required)
descriptionMarkdown Connector description string (required)
graphQueries The graph query to show the current data status CodelessUiConnectorConfigPropertiesGraphQueriesItem[] (required)
graphQueriesTableName Name of the table the connector will insert the data to string (required)
instructionSteps Instruction steps to enable the connector CodelessUiConnectorConfigPropertiesInstructionStepsI...[] (required)
permissions Permissions required for the connector Permissions (required)
publisher Connector publisher name string (required)
sampleQueries The sample queries for the connector CodelessUiConnectorConfigPropertiesSampleQueriesItem[] (required)
title Connector blade title string (required)

Availability

Name Description Value
isPreview Set connector as preview bool
status The connector Availability Status '1'

CodelessUiConnectorConfigPropertiesConnectivityCrite...

Name Description Value
type type of connectivity 'IsConnectedQuery'
value Queries for checking connectivity string[]

CodelessUiConnectorConfigPropertiesDataTypesItem

Name Description Value
lastDataReceivedQuery Query for indicate last data received string
name Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder string

CodelessUiConnectorConfigPropertiesGraphQueriesItem

Name Description Value
baseQuery The base query for the graph string
legend The legend for the graph string
metricName the metric that the query is checking string

CodelessUiConnectorConfigPropertiesInstructionStepsI...

Name Description Value
description Instruction step description string
instructions Instruction step details InstructionStepsInstructionsItem[]
title Instruction step title string

InstructionStepsInstructionsItem

Name Description Value
parameters The parameters for the setting For Bicep, you can use the any() function.
type The kind of the setting 'CopyableLabel'
'InfoMessage'
'InstructionStepsGroup' (required)

Permissions

Name Description Value
customs Customs permissions required for the connector PermissionsCustomsItem[]
resourceProvider Resource provider permissions required for the connector PermissionsResourceProviderItem[]

PermissionsCustomsItem

Name Description Value
description Customs permissions description string
name Customs permissions name string

PermissionsResourceProviderItem

Name Description Value
permissionsDisplayText Permission description text string
provider Provider name 'Microsoft.Authorization/policyAssignments'
'Microsoft.OperationalInsights/solutions'
'Microsoft.OperationalInsights/workspaces'
'Microsoft.OperationalInsights/workspaces/datasources'
'Microsoft.OperationalInsights/workspaces/sharedKeys'
'microsoft.aadiam/diagnosticSettings'
providerDisplayName Permission provider display name string
requiredPermissions Required permissions for the connector RequiredPermissions
scope Permission provider scope 'ResourceGroup'
'Subscription'
'Workspace'

RequiredPermissions

Name Description Value
action action permission bool
delete delete permission bool
read read permission bool
write write permission bool

CodelessUiConnectorConfigPropertiesSampleQueriesItem

Name Description Value
description The sample query description string
query the sample query string

McasDataConnector

Name Description Value
kind The data connector kind 'MicrosoftCloudAppSecurity' (required)
properties MCAS (Microsoft Cloud App Security) data connector properties. McasDataConnectorProperties

McasDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. McasDataConnectorDataTypes (required)
tenantId The tenant id to connect to, and get the data from. string (required)

McasDataConnectorDataTypes

Name Description Value
alerts Alerts data type connection. DataConnectorDataTypeCommon (required)
discoveryLogs Discovery log data type connection. DataConnectorDataTypeCommon

MdatpDataConnector

Name Description Value
kind The data connector kind 'MicrosoftDefenderAdvancedThreatProtection' (required)
properties MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. MdatpDataConnectorProperties

MdatpDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AlertsDataTypeOfDataConnector
tenantId The tenant id to connect to, and get the data from. string (required)

MstiDataConnector

Name Description Value
kind The data connector kind 'MicrosoftThreatIntelligence' (required)
properties Microsoft Threat Intelligence data connector properties. MstiDataConnectorProperties

MstiDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. MstiDataConnectorDataTypes (required)
tenantId The tenant id to connect to, and get the data from. string (required)

MstiDataConnectorDataTypes

Name Description Value
bingSafetyPhishingURL Data type for Microsoft Threat Intelligence Platforms data connector. MstiDataConnectorDataTypesBingSafetyPhishingURL (required)
microsoftEmergingThreatFeed Data type for Microsoft Threat Intelligence Platforms data connector. MstiDataConnectorDataTypesMicrosoftEmergingThreatFee... (required)

MstiDataConnectorDataTypesBingSafetyPhishingURL

Name Description Value
lookbackPeriod lookback period string (required)
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled' (required)

MstiDataConnectorDataTypesMicrosoftEmergingThreatFee...

Name Description Value
lookbackPeriod lookback period string (required)
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled' (required)

MTPDataConnector

Name Description Value
kind The data connector kind 'MicrosoftThreatProtection' (required)
properties MTP (Microsoft Threat Protection) data connector properties. MTPDataConnectorProperties

MTPDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. MTPDataConnectorDataTypes (required)
tenantId The tenant id to connect to, and get the data from. string (required)

MTPDataConnectorDataTypes

Name Description Value
incidents Data type for Microsoft Threat Protection Platforms data connector. MTPDataConnectorDataTypesIncidents (required)

MTPDataConnectorDataTypesIncidents

Name Description Value
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled' (required)

OfficeDataConnector

Name Description Value
kind The data connector kind 'Office365' (required)
properties Office data connector properties. OfficeDataConnectorProperties

OfficeDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. OfficeDataConnectorDataTypes (required)
tenantId The tenant id to connect to, and get the data from. string (required)

OfficeDataConnectorDataTypes

Name Description Value
exchange Exchange data type connection. OfficeDataConnectorDataTypesExchange (required)
sharePoint SharePoint data type connection. OfficeDataConnectorDataTypesSharePoint (required)
teams Teams data type connection. OfficeDataConnectorDataTypesTeams (required)

OfficeDataConnectorDataTypesExchange

Name Description Value
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled' (required)

OfficeDataConnectorDataTypesSharePoint

Name Description Value
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled' (required)

OfficeDataConnectorDataTypesTeams

Name Description Value
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled' (required)

OfficeATPDataConnector

Name Description Value
kind The data connector kind 'OfficeATP' (required)
properties OfficeATP (Office 365 Advanced Threat Protection) data connector properties. OfficeATPDataConnectorProperties

OfficeATPDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AlertsDataTypeOfDataConnector
tenantId The tenant id to connect to, and get the data from. string (required)

TIDataConnector

Name Description Value
kind The data connector kind 'ThreatIntelligence' (required)
properties TI (Threat Intelligence) data connector properties. TIDataConnectorProperties

TIDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. TIDataConnectorDataTypes (required)
tenantId The tenant id to connect to, and get the data from. string (required)
tipLookbackPeriod The lookback period for the feed to be imported. string

TIDataConnectorDataTypes

Name Description Value
indicators Data type for indicators connection. TIDataConnectorDataTypesIndicators (required)

TIDataConnectorDataTypesIndicators

Name Description Value
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled' (required)

TiTaxiiDataConnector

Name Description Value
kind The data connector kind 'ThreatIntelligenceTaxii' (required)
properties Threat intelligence TAXII data connector properties. TiTaxiiDataConnectorProperties

TiTaxiiDataConnectorProperties

Name Description Value
collectionId The collection id of the TAXII server. string
dataTypes The available data types for Threat Intelligence TAXII data connector. TiTaxiiDataConnectorDataTypes (required)
friendlyName The friendly name for the TAXII server. string
password The password for the TAXII server. string
pollingFrequency The polling frequency for the TAXII server. 'OnceADay'
'OnceAMinute'
'OnceAnHour' (required)
taxiiLookbackPeriod The lookback period for the TAXII server. string
taxiiServer The API root for the TAXII server. string
tenantId The tenant id to connect to, and get the data from. string (required)
userName The userName for the TAXII server. string
workspaceId The workspace id. string

TiTaxiiDataConnectorDataTypes

Name Description Value
taxiiClient Data type for TAXII connector. TiTaxiiDataConnectorDataTypesTaxiiClient (required)

TiTaxiiDataConnectorDataTypesTaxiiClient

Name Description Value
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled' (required)

ARM template resource definition

The dataConnectors resource type is an extension resource, which means you can apply it to another resource.

Use the scope property on this resource to set the scope for this resource. See Set scope on extension resources in ARM templates.

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.SecurityInsights/dataConnectors resource, add the following JSON to your template.

{
  "type": "Microsoft.SecurityInsights/dataConnectors",
  "apiVersion": "2021-03-01-preview",
  "name": "string",
  "kind": "string",
  "scope": "string",
  "etag": "string",
  // For remaining properties, see dataConnectors objects
}

dataConnectors objects

Set the kind property to specify the type of object.

For AmazonWebServicesCloudTrail, use:

  "kind": "AmazonWebServicesCloudTrail",
  "properties": {
    "dataTypes": {
      "logs": {
        "state": "string"
      }
    }
  }

For AzureActiveDirectory, use:

  "kind": "AzureActiveDirectory",
  "properties": {
    "dataTypes": {
      "alerts": {
        "state": "string"
      }
    },
    "tenantId": "string"
  }

For AzureAdvancedThreatProtection, use:

  "kind": "AzureAdvancedThreatProtection",
  "properties": {
    "dataTypes": {
      "alerts": {
        "state": "string"
      }
    },
    "tenantId": "string"
  }

For AzureSecurityCenter, use:

  "kind": "AzureSecurityCenter",
  "properties": {
    "dataTypes": {
      "alerts": {
        "state": "string"
      }
    },
    "subscriptionId": "string"
  }

For Dynamics365, use:

  "kind": "Dynamics365",
  "properties": {
    "dataTypes": {
      "dynamics365CdsActivities": {
        "state": "string"
      }
    },
    "tenantId": "string"
  }

For GenericUI, use:

  "kind": "GenericUI",
  "properties": {
    "connectorUiConfig": {
      "availability": {
        "isPreview": "bool",
        "status": "1"
      },
      "connectivityCriteria": [
        {
          "type": "IsConnectedQuery",
          "value": [ "string" ]
        }
      ],
      "customImage": "string",
      "dataTypes": [
        {
          "lastDataReceivedQuery": "string",
          "name": "string"
        }
      ],
      "descriptionMarkdown": "string",
      "graphQueries": [
        {
          "baseQuery": "string",
          "legend": "string",
          "metricName": "string"
        }
      ],
      "graphQueriesTableName": "string",
      "instructionSteps": [
        {
          "description": "string",
          "instructions": [
            {
              "parameters": {},
              "type": "string"
            }
          ],
          "title": "string"
        }
      ],
      "permissions": {
        "customs": [
          {
            "description": "string",
            "name": "string"
          }
        ],
        "resourceProvider": [
          {
            "permissionsDisplayText": "string",
            "provider": "string",
            "providerDisplayName": "string",
            "requiredPermissions": {
              "action": "bool",
              "delete": "bool",
              "read": "bool",
              "write": "bool"
            },
            "scope": "string"
          }
        ]
      },
      "publisher": "string",
      "sampleQueries": [
        {
          "description": "string",
          "query": "string"
        }
      ],
      "title": "string"
    }
  }

For MicrosoftCloudAppSecurity, use:

  "kind": "MicrosoftCloudAppSecurity",
  "properties": {
    "dataTypes": {
      "alerts": {
        "state": "string"
      },
      "discoveryLogs": {
        "state": "string"
      }
    },
    "tenantId": "string"
  }

For MicrosoftDefenderAdvancedThreatProtection, use:

  "kind": "MicrosoftDefenderAdvancedThreatProtection",
  "properties": {
    "dataTypes": {
      "alerts": {
        "state": "string"
      }
    },
    "tenantId": "string"
  }

For MicrosoftThreatIntelligence, use:

  "kind": "MicrosoftThreatIntelligence",
  "properties": {
    "dataTypes": {
      "bingSafetyPhishingURL": {
        "lookbackPeriod": "string",
        "state": "string"
      },
      "microsoftEmergingThreatFeed": {
        "lookbackPeriod": "string",
        "state": "string"
      }
    },
    "tenantId": "string"
  }

For MicrosoftThreatProtection, use:

  "kind": "MicrosoftThreatProtection",
  "properties": {
    "dataTypes": {
      "incidents": {
        "state": "string"
      }
    },
    "tenantId": "string"
  }

For Office365, use:

  "kind": "Office365",
  "properties": {
    "dataTypes": {
      "exchange": {
        "state": "string"
      },
      "sharePoint": {
        "state": "string"
      },
      "teams": {
        "state": "string"
      }
    },
    "tenantId": "string"
  }

For OfficeATP, use:

  "kind": "OfficeATP",
  "properties": {
    "dataTypes": {
      "alerts": {
        "state": "string"
      }
    },
    "tenantId": "string"
  }

For ThreatIntelligence, use:

  "kind": "ThreatIntelligence",
  "properties": {
    "dataTypes": {
      "indicators": {
        "state": "string"
      }
    },
    "tenantId": "string",
    "tipLookbackPeriod": "string"
  }

For ThreatIntelligenceTaxii, use:

  "kind": "ThreatIntelligenceTaxii",
  "properties": {
    "collectionId": "string",
    "dataTypes": {
      "taxiiClient": {
        "state": "string"
      }
    },
    "friendlyName": "string",
    "password": "string",
    "pollingFrequency": "string",
    "taxiiLookbackPeriod": "string",
    "taxiiServer": "string",
    "tenantId": "string",
    "userName": "string",
    "workspaceId": "string"
  }

Property values

dataConnectors

Name Description Value
type The resource type 'Microsoft.SecurityInsights/dataConnectors'
apiVersion The resource api version '2021-03-01-preview'
name The resource name string (required)
kind Set the object type AmazonWebServicesCloudTrail
AzureActiveDirectory
AzureAdvancedThreatProtection
AzureSecurityCenter
Dynamics365
GenericUI
MicrosoftCloudAppSecurity
MicrosoftDefenderAdvancedThreatProtection
MicrosoftThreatIntelligence
MicrosoftThreatProtection
Office365
OfficeATP
ThreatIntelligence
ThreatIntelligenceTaxii (required)
scope Use when creating an extension resource at a scope that is different than the deployment scope. Target resource

For JSON, set the value to the full name of the resource to apply the extension resource to.
etag Etag of the azure resource string

AwsCloudTrailDataConnector

Name Description Value
kind The data connector kind 'AmazonWebServicesCloudTrail' (required)
properties Amazon Web Services CloudTrail data connector properties. AwsCloudTrailDataConnectorProperties

AwsCloudTrailDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AwsCloudTrailDataConnectorDataTypes (required)

AwsCloudTrailDataConnectorDataTypes

Name Description Value
logs Logs data type. AwsCloudTrailDataConnectorDataTypesLogs (required)

AwsCloudTrailDataConnectorDataTypesLogs

Name Description Value
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled' (required)

AADDataConnector

Name Description Value
kind The data connector kind 'AzureActiveDirectory' (required)
properties AAD (Azure Active Directory) data connector properties. AADDataConnectorProperties

AADDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AlertsDataTypeOfDataConnector
tenantId The tenant id to connect to, and get the data from. string (required)

AlertsDataTypeOfDataConnector

Name Description Value
alerts Alerts data type connection. DataConnectorDataTypeCommon (required)

DataConnectorDataTypeCommon

Name Description Value
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled' (required)

AatpDataConnector

Name Description Value
kind The data connector kind 'AzureAdvancedThreatProtection' (required)
properties AATP (Azure Advanced Threat Protection) data connector properties. AatpDataConnectorProperties

AatpDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AlertsDataTypeOfDataConnector
tenantId The tenant id to connect to, and get the data from. string (required)

ASCDataConnector

Name Description Value
kind The data connector kind 'AzureSecurityCenter' (required)
properties ASC (Azure Security Center) data connector properties. ASCDataConnectorProperties

ASCDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AlertsDataTypeOfDataConnector
subscriptionId The subscription id to connect to, and get the data from. string

Dynamics365DataConnector

Name Description Value
kind The data connector kind 'Dynamics365' (required)
properties Dynamics365 data connector properties. Dynamics365DataConnectorProperties

Dynamics365DataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. Dynamics365DataConnectorDataTypes (required)
tenantId The tenant id to connect to, and get the data from. string (required)

Dynamics365DataConnectorDataTypes

Name Description Value
dynamics365CdsActivities Common Data Service data type connection. Dynamics365DataConnectorDataTypesDynamics365CdsActiv... (required)

Dynamics365DataConnectorDataTypesDynamics365CdsActiv...

Name Description Value
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled' (required)

CodelessUiDataConnector

Name Description Value
kind The data connector kind 'GenericUI' (required)
properties Codeless UI data connector properties CodelessParameters

CodelessParameters

Name Description Value
connectorUiConfig Config to describe the instructions blade CodelessUiConnectorConfigProperties

CodelessUiConnectorConfigProperties

Name Description Value
availability Connector Availability Status Availability (required)
connectivityCriteria Define the way the connector check connectivity CodelessUiConnectorConfigPropertiesConnectivityCrite...[] (required)
customImage An optional custom image to be used when displaying the connector within Azure Sentinel's connector's gallery string
dataTypes Data types to check for last data received CodelessUiConnectorConfigPropertiesDataTypesItem[] (required)
descriptionMarkdown Connector description string (required)
graphQueries The graph query to show the current data status CodelessUiConnectorConfigPropertiesGraphQueriesItem[] (required)
graphQueriesTableName Name of the table the connector will insert the data to string (required)
instructionSteps Instruction steps to enable the connector CodelessUiConnectorConfigPropertiesInstructionStepsI...[] (required)
permissions Permissions required for the connector Permissions (required)
publisher Connector publisher name string (required)
sampleQueries The sample queries for the connector CodelessUiConnectorConfigPropertiesSampleQueriesItem[] (required)
title Connector blade title string (required)

Availability

Name Description Value
isPreview Set connector as preview bool
status The connector Availability Status '1'

CodelessUiConnectorConfigPropertiesConnectivityCrite...

Name Description Value
type type of connectivity 'IsConnectedQuery'
value Queries for checking connectivity string[]

CodelessUiConnectorConfigPropertiesDataTypesItem

Name Description Value
lastDataReceivedQuery Query for indicate last data received string
name Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder string

CodelessUiConnectorConfigPropertiesGraphQueriesItem

Name Description Value
baseQuery The base query for the graph string
legend The legend for the graph string
metricName the metric that the query is checking string

CodelessUiConnectorConfigPropertiesInstructionStepsI...

Name Description Value
description Instruction step description string
instructions Instruction step details InstructionStepsInstructionsItem[]
title Instruction step title string

InstructionStepsInstructionsItem

Name Description Value
parameters The parameters for the setting
type The kind of the setting 'CopyableLabel'
'InfoMessage'
'InstructionStepsGroup' (required)

Permissions

Name Description Value
customs Customs permissions required for the connector PermissionsCustomsItem[]
resourceProvider Resource provider permissions required for the connector PermissionsResourceProviderItem[]

PermissionsCustomsItem

Name Description Value
description Customs permissions description string
name Customs permissions name string

PermissionsResourceProviderItem

Name Description Value
permissionsDisplayText Permission description text string
provider Provider name 'Microsoft.Authorization/policyAssignments'
'Microsoft.OperationalInsights/solutions'
'Microsoft.OperationalInsights/workspaces'
'Microsoft.OperationalInsights/workspaces/datasources'
'Microsoft.OperationalInsights/workspaces/sharedKeys'
'microsoft.aadiam/diagnosticSettings'
providerDisplayName Permission provider display name string
requiredPermissions Required permissions for the connector RequiredPermissions
scope Permission provider scope 'ResourceGroup'
'Subscription'
'Workspace'

RequiredPermissions

Name Description Value
action action permission bool
delete delete permission bool
read read permission bool
write write permission bool

CodelessUiConnectorConfigPropertiesSampleQueriesItem

Name Description Value
description The sample query description string
query the sample query string

McasDataConnector

Name Description Value
kind The data connector kind 'MicrosoftCloudAppSecurity' (required)
properties MCAS (Microsoft Cloud App Security) data connector properties. McasDataConnectorProperties

McasDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. McasDataConnectorDataTypes (required)
tenantId The tenant id to connect to, and get the data from. string (required)

McasDataConnectorDataTypes

Name Description Value
alerts Alerts data type connection. DataConnectorDataTypeCommon (required)
discoveryLogs Discovery log data type connection. DataConnectorDataTypeCommon

MdatpDataConnector

Name Description Value
kind The data connector kind 'MicrosoftDefenderAdvancedThreatProtection' (required)
properties MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. MdatpDataConnectorProperties

MdatpDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AlertsDataTypeOfDataConnector
tenantId The tenant id to connect to, and get the data from. string (required)

MstiDataConnector

Name Description Value
kind The data connector kind 'MicrosoftThreatIntelligence' (required)
properties Microsoft Threat Intelligence data connector properties. MstiDataConnectorProperties

MstiDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. MstiDataConnectorDataTypes (required)
tenantId The tenant id to connect to, and get the data from. string (required)

MstiDataConnectorDataTypes

Name Description Value
bingSafetyPhishingURL Data type for Microsoft Threat Intelligence Platforms data connector. MstiDataConnectorDataTypesBingSafetyPhishingURL (required)
microsoftEmergingThreatFeed Data type for Microsoft Threat Intelligence Platforms data connector. MstiDataConnectorDataTypesMicrosoftEmergingThreatFee... (required)

MstiDataConnectorDataTypesBingSafetyPhishingURL

Name Description Value
lookbackPeriod lookback period string (required)
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled' (required)

MstiDataConnectorDataTypesMicrosoftEmergingThreatFee...

Name Description Value
lookbackPeriod lookback period string (required)
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled' (required)

MTPDataConnector

Name Description Value
kind The data connector kind 'MicrosoftThreatProtection' (required)
properties MTP (Microsoft Threat Protection) data connector properties. MTPDataConnectorProperties

MTPDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. MTPDataConnectorDataTypes (required)
tenantId The tenant id to connect to, and get the data from. string (required)

MTPDataConnectorDataTypes

Name Description Value
incidents Data type for Microsoft Threat Protection Platforms data connector. MTPDataConnectorDataTypesIncidents (required)

MTPDataConnectorDataTypesIncidents

Name Description Value
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled' (required)

OfficeDataConnector

Name Description Value
kind The data connector kind 'Office365' (required)
properties Office data connector properties. OfficeDataConnectorProperties

OfficeDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. OfficeDataConnectorDataTypes (required)
tenantId The tenant id to connect to, and get the data from. string (required)

OfficeDataConnectorDataTypes

Name Description Value
exchange Exchange data type connection. OfficeDataConnectorDataTypesExchange (required)
sharePoint SharePoint data type connection. OfficeDataConnectorDataTypesSharePoint (required)
teams Teams data type connection. OfficeDataConnectorDataTypesTeams (required)

OfficeDataConnectorDataTypesExchange

Name Description Value
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled' (required)

OfficeDataConnectorDataTypesSharePoint

Name Description Value
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled' (required)

OfficeDataConnectorDataTypesTeams

Name Description Value
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled' (required)

OfficeATPDataConnector

Name Description Value
kind The data connector kind 'OfficeATP' (required)
properties OfficeATP (Office 365 Advanced Threat Protection) data connector properties. OfficeATPDataConnectorProperties

OfficeATPDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AlertsDataTypeOfDataConnector
tenantId The tenant id to connect to, and get the data from. string (required)

TIDataConnector

Name Description Value
kind The data connector kind 'ThreatIntelligence' (required)
properties TI (Threat Intelligence) data connector properties. TIDataConnectorProperties

TIDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. TIDataConnectorDataTypes (required)
tenantId The tenant id to connect to, and get the data from. string (required)
tipLookbackPeriod The lookback period for the feed to be imported. string

TIDataConnectorDataTypes

Name Description Value
indicators Data type for indicators connection. TIDataConnectorDataTypesIndicators (required)

TIDataConnectorDataTypesIndicators

Name Description Value
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled' (required)

TiTaxiiDataConnector

Name Description Value
kind The data connector kind 'ThreatIntelligenceTaxii' (required)
properties Threat intelligence TAXII data connector properties. TiTaxiiDataConnectorProperties

TiTaxiiDataConnectorProperties

Name Description Value
collectionId The collection id of the TAXII server. string
dataTypes The available data types for Threat Intelligence TAXII data connector. TiTaxiiDataConnectorDataTypes (required)
friendlyName The friendly name for the TAXII server. string
password The password for the TAXII server. string
pollingFrequency The polling frequency for the TAXII server. 'OnceADay'
'OnceAMinute'
'OnceAnHour' (required)
taxiiLookbackPeriod The lookback period for the TAXII server. string
taxiiServer The API root for the TAXII server. string
tenantId The tenant id to connect to, and get the data from. string (required)
userName The userName for the TAXII server. string
workspaceId The workspace id. string

TiTaxiiDataConnectorDataTypes

Name Description Value
taxiiClient Data type for TAXII connector. TiTaxiiDataConnectorDataTypesTaxiiClient (required)

TiTaxiiDataConnectorDataTypesTaxiiClient

Name Description Value
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled' (required)

Terraform (AzAPI provider) resource definition

The dataConnectors resource type is an extension resource, which means you can apply it to another resource.

Use the parent_id property on this resource to set the scope for this resource.

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.SecurityInsights/dataConnectors resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.SecurityInsights/dataConnectors@2021-03-01-preview"
  name = "string"
  parent_id = "string"
  // For remaining properties, see dataConnectors objects
  body = jsonencode({
    kind = "string"
    etag = "string"
  })
}

dataConnectors objects

Set the kind property to specify the type of object.

For AmazonWebServicesCloudTrail, use:

  kind = "AmazonWebServicesCloudTrail"
  properties = {
    dataTypes = {
      logs = {
        state = "string"
      }
    }
  }

For AzureActiveDirectory, use:

  kind = "AzureActiveDirectory"
  properties = {
    dataTypes = {
      alerts = {
        state = "string"
      }
    }
    tenantId = "string"
  }

For AzureAdvancedThreatProtection, use:

  kind = "AzureAdvancedThreatProtection"
  properties = {
    dataTypes = {
      alerts = {
        state = "string"
      }
    }
    tenantId = "string"
  }

For AzureSecurityCenter, use:

  kind = "AzureSecurityCenter"
  properties = {
    dataTypes = {
      alerts = {
        state = "string"
      }
    }
    subscriptionId = "string"
  }

For Dynamics365, use:

  kind = "Dynamics365"
  properties = {
    dataTypes = {
      dynamics365CdsActivities = {
        state = "string"
      }
    }
    tenantId = "string"
  }

For GenericUI, use:

  kind = "GenericUI"
  properties = {
    connectorUiConfig = {
      availability = {
        isPreview = bool
        status = "1"
      }
      connectivityCriteria = [
        {
          type = "IsConnectedQuery"
          value = [
            "string"
          ]
        }
      ]
      customImage = "string"
      dataTypes = [
        {
          lastDataReceivedQuery = "string"
          name = "string"
        }
      ]
      descriptionMarkdown = "string"
      graphQueries = [
        {
          baseQuery = "string"
          legend = "string"
          metricName = "string"
        }
      ]
      graphQueriesTableName = "string"
      instructionSteps = [
        {
          description = "string"
          instructions = [
            {
              type = "string"
            }
          ]
          title = "string"
        }
      ]
      permissions = {
        customs = [
          {
            description = "string"
            name = "string"
          }
        ]
        resourceProvider = [
          {
            permissionsDisplayText = "string"
            provider = "string"
            providerDisplayName = "string"
            requiredPermissions = {
              action = bool
              delete = bool
              read = bool
              write = bool
            }
            scope = "string"
          }
        ]
      }
      publisher = "string"
      sampleQueries = [
        {
          description = "string"
          query = "string"
        }
      ]
      title = "string"
    }
  }

For MicrosoftCloudAppSecurity, use:

  kind = "MicrosoftCloudAppSecurity"
  properties = {
    dataTypes = {
      alerts = {
        state = "string"
      }
      discoveryLogs = {
        state = "string"
      }
    }
    tenantId = "string"
  }

For MicrosoftDefenderAdvancedThreatProtection, use:

  kind = "MicrosoftDefenderAdvancedThreatProtection"
  properties = {
    dataTypes = {
      alerts = {
        state = "string"
      }
    }
    tenantId = "string"
  }

For MicrosoftThreatIntelligence, use:

  kind = "MicrosoftThreatIntelligence"
  properties = {
    dataTypes = {
      bingSafetyPhishingURL = {
        lookbackPeriod = "string"
        state = "string"
      }
      microsoftEmergingThreatFeed = {
        lookbackPeriod = "string"
        state = "string"
      }
    }
    tenantId = "string"
  }

For MicrosoftThreatProtection, use:

  kind = "MicrosoftThreatProtection"
  properties = {
    dataTypes = {
      incidents = {
        state = "string"
      }
    }
    tenantId = "string"
  }

For Office365, use:

  kind = "Office365"
  properties = {
    dataTypes = {
      exchange = {
        state = "string"
      }
      sharePoint = {
        state = "string"
      }
      teams = {
        state = "string"
      }
    }
    tenantId = "string"
  }

For OfficeATP, use:

  kind = "OfficeATP"
  properties = {
    dataTypes = {
      alerts = {
        state = "string"
      }
    }
    tenantId = "string"
  }

For ThreatIntelligence, use:

  kind = "ThreatIntelligence"
  properties = {
    dataTypes = {
      indicators = {
        state = "string"
      }
    }
    tenantId = "string"
    tipLookbackPeriod = "string"
  }

For ThreatIntelligenceTaxii, use:

  kind = "ThreatIntelligenceTaxii"
  properties = {
    collectionId = "string"
    dataTypes = {
      taxiiClient = {
        state = "string"
      }
    }
    friendlyName = "string"
    password = "string"
    pollingFrequency = "string"
    taxiiLookbackPeriod = "string"
    taxiiServer = "string"
    tenantId = "string"
    userName = "string"
    workspaceId = "string"
  }

Property values

dataConnectors

Name Description Value
type The resource type "Microsoft.SecurityInsights/dataConnectors@2021-03-01-preview"
name The resource name string (required)
parent_id The ID of the resource to apply this extension resource to. string (required)
kind Set the object type AmazonWebServicesCloudTrail
AzureActiveDirectory
AzureAdvancedThreatProtection
AzureSecurityCenter
Dynamics365
GenericUI
MicrosoftCloudAppSecurity
MicrosoftDefenderAdvancedThreatProtection
MicrosoftThreatIntelligence
MicrosoftThreatProtection
Office365
OfficeATP
ThreatIntelligence
ThreatIntelligenceTaxii (required)
etag Etag of the azure resource string

AwsCloudTrailDataConnector

Name Description Value
kind The data connector kind "AmazonWebServicesCloudTrail" (required)
properties Amazon Web Services CloudTrail data connector properties. AwsCloudTrailDataConnectorProperties

AwsCloudTrailDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AwsCloudTrailDataConnectorDataTypes (required)

AwsCloudTrailDataConnectorDataTypes

Name Description Value
logs Logs data type. AwsCloudTrailDataConnectorDataTypesLogs (required)

AwsCloudTrailDataConnectorDataTypesLogs

Name Description Value
state Describe whether this data type connection is enabled or not. "Disabled"
"Enabled" (required)

AADDataConnector

Name Description Value
kind The data connector kind "AzureActiveDirectory" (required)
properties AAD (Azure Active Directory) data connector properties. AADDataConnectorProperties

AADDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AlertsDataTypeOfDataConnector
tenantId The tenant id to connect to, and get the data from. string (required)

AlertsDataTypeOfDataConnector

Name Description Value
alerts Alerts data type connection. DataConnectorDataTypeCommon (required)

DataConnectorDataTypeCommon

Name Description Value
state Describe whether this data type connection is enabled or not. "Disabled"
"Enabled" (required)

AatpDataConnector

Name Description Value
kind The data connector kind "AzureAdvancedThreatProtection" (required)
properties AATP (Azure Advanced Threat Protection) data connector properties. AatpDataConnectorProperties

AatpDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AlertsDataTypeOfDataConnector
tenantId The tenant id to connect to, and get the data from. string (required)

ASCDataConnector

Name Description Value
kind The data connector kind "AzureSecurityCenter" (required)
properties ASC (Azure Security Center) data connector properties. ASCDataConnectorProperties

ASCDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AlertsDataTypeOfDataConnector
subscriptionId The subscription id to connect to, and get the data from. string

Dynamics365DataConnector

Name Description Value
kind The data connector kind "Dynamics365" (required)
properties Dynamics365 data connector properties. Dynamics365DataConnectorProperties

Dynamics365DataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. Dynamics365DataConnectorDataTypes (required)
tenantId The tenant id to connect to, and get the data from. string (required)

Dynamics365DataConnectorDataTypes

Name Description Value
dynamics365CdsActivities Common Data Service data type connection. Dynamics365DataConnectorDataTypesDynamics365CdsActiv... (required)

Dynamics365DataConnectorDataTypesDynamics365CdsActiv...

Name Description Value
state Describe whether this data type connection is enabled or not. "Disabled"
"Enabled" (required)

CodelessUiDataConnector

Name Description Value
kind The data connector kind "GenericUI" (required)
properties Codeless UI data connector properties CodelessParameters

CodelessParameters

Name Description Value
connectorUiConfig Config to describe the instructions blade CodelessUiConnectorConfigProperties

CodelessUiConnectorConfigProperties

Name Description Value
availability Connector Availability Status Availability (required)
connectivityCriteria Define the way the connector check connectivity CodelessUiConnectorConfigPropertiesConnectivityCrite...[] (required)
customImage An optional custom image to be used when displaying the connector within Azure Sentinel's connector's gallery string
dataTypes Data types to check for last data received CodelessUiConnectorConfigPropertiesDataTypesItem[] (required)
descriptionMarkdown Connector description string (required)
graphQueries The graph query to show the current data status CodelessUiConnectorConfigPropertiesGraphQueriesItem[] (required)
graphQueriesTableName Name of the table the connector will insert the data to string (required)
instructionSteps Instruction steps to enable the connector CodelessUiConnectorConfigPropertiesInstructionStepsI...[] (required)
permissions Permissions required for the connector Permissions (required)
publisher Connector publisher name string (required)
sampleQueries The sample queries for the connector CodelessUiConnectorConfigPropertiesSampleQueriesItem[] (required)
title Connector blade title string (required)

Availability

Name Description Value
isPreview Set connector as preview bool
status The connector Availability Status "1"

CodelessUiConnectorConfigPropertiesConnectivityCrite...

Name Description Value
type type of connectivity "IsConnectedQuery"
value Queries for checking connectivity string[]

CodelessUiConnectorConfigPropertiesDataTypesItem

Name Description Value
lastDataReceivedQuery Query for indicate last data received string
name Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder string

CodelessUiConnectorConfigPropertiesGraphQueriesItem

Name Description Value
baseQuery The base query for the graph string
legend The legend for the graph string
metricName the metric that the query is checking string

CodelessUiConnectorConfigPropertiesInstructionStepsI...

Name Description Value
description Instruction step description string
instructions Instruction step details InstructionStepsInstructionsItem[]
title Instruction step title string

InstructionStepsInstructionsItem

Name Description Value
parameters The parameters for the setting
type The kind of the setting "CopyableLabel"
"InfoMessage"
"InstructionStepsGroup" (required)

Permissions

Name Description Value
customs Customs permissions required for the connector PermissionsCustomsItem[]
resourceProvider Resource provider permissions required for the connector PermissionsResourceProviderItem[]

PermissionsCustomsItem

Name Description Value
description Customs permissions description string
name Customs permissions name string

PermissionsResourceProviderItem

Name Description Value
permissionsDisplayText Permission description text string
provider Provider name "Microsoft.Authorization/policyAssignments"
"Microsoft.OperationalInsights/solutions"
"Microsoft.OperationalInsights/workspaces"
"Microsoft.OperationalInsights/workspaces/datasources"
"Microsoft.OperationalInsights/workspaces/sharedKeys"
"microsoft.aadiam/diagnosticSettings"
providerDisplayName Permission provider display name string
requiredPermissions Required permissions for the connector RequiredPermissions
scope Permission provider scope "ResourceGroup"
"Subscription"
"Workspace"

RequiredPermissions

Name Description Value
action action permission bool
delete delete permission bool
read read permission bool
write write permission bool

CodelessUiConnectorConfigPropertiesSampleQueriesItem

Name Description Value
description The sample query description string
query the sample query string

McasDataConnector

Name Description Value
kind The data connector kind "MicrosoftCloudAppSecurity" (required)
properties MCAS (Microsoft Cloud App Security) data connector properties. McasDataConnectorProperties

McasDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. McasDataConnectorDataTypes (required)
tenantId The tenant id to connect to, and get the data from. string (required)

McasDataConnectorDataTypes

Name Description Value
alerts Alerts data type connection. DataConnectorDataTypeCommon (required)
discoveryLogs Discovery log data type connection. DataConnectorDataTypeCommon

MdatpDataConnector

Name Description Value
kind The data connector kind "MicrosoftDefenderAdvancedThreatProtection" (required)
properties MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. MdatpDataConnectorProperties

MdatpDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AlertsDataTypeOfDataConnector
tenantId The tenant id to connect to, and get the data from. string (required)

MstiDataConnector

Name Description Value
kind The data connector kind "MicrosoftThreatIntelligence" (required)
properties Microsoft Threat Intelligence data connector properties. MstiDataConnectorProperties

MstiDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. MstiDataConnectorDataTypes (required)
tenantId The tenant id to connect to, and get the data from. string (required)

MstiDataConnectorDataTypes

Name Description Value
bingSafetyPhishingURL Data type for Microsoft Threat Intelligence Platforms data connector. MstiDataConnectorDataTypesBingSafetyPhishingURL (required)
microsoftEmergingThreatFeed Data type for Microsoft Threat Intelligence Platforms data connector. MstiDataConnectorDataTypesMicrosoftEmergingThreatFee... (required)

MstiDataConnectorDataTypesBingSafetyPhishingURL

Name Description Value
lookbackPeriod lookback period string (required)
state Describe whether this data type connection is enabled or not. "Disabled"
"Enabled" (required)

MstiDataConnectorDataTypesMicrosoftEmergingThreatFee...

Name Description Value
lookbackPeriod lookback period string (required)
state Describe whether this data type connection is enabled or not. "Disabled"
"Enabled" (required)

MTPDataConnector

Name Description Value
kind The data connector kind "MicrosoftThreatProtection" (required)
properties MTP (Microsoft Threat Protection) data connector properties. MTPDataConnectorProperties

MTPDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. MTPDataConnectorDataTypes (required)
tenantId The tenant id to connect to, and get the data from. string (required)

MTPDataConnectorDataTypes

Name Description Value
incidents Data type for Microsoft Threat Protection Platforms data connector. MTPDataConnectorDataTypesIncidents (required)

MTPDataConnectorDataTypesIncidents

Name Description Value
state Describe whether this data type connection is enabled or not. "Disabled"
"Enabled" (required)

OfficeDataConnector

Name Description Value
kind The data connector kind "Office365" (required)
properties Office data connector properties. OfficeDataConnectorProperties

OfficeDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. OfficeDataConnectorDataTypes (required)
tenantId The tenant id to connect to, and get the data from. string (required)

OfficeDataConnectorDataTypes

Name Description Value
exchange Exchange data type connection. OfficeDataConnectorDataTypesExchange (required)
sharePoint SharePoint data type connection. OfficeDataConnectorDataTypesSharePoint (required)
teams Teams data type connection. OfficeDataConnectorDataTypesTeams (required)

OfficeDataConnectorDataTypesExchange

Name Description Value
state Describe whether this data type connection is enabled or not. "Disabled"
"Enabled" (required)

OfficeDataConnectorDataTypesSharePoint

Name Description Value
state Describe whether this data type connection is enabled or not. "Disabled"
"Enabled" (required)

OfficeDataConnectorDataTypesTeams

Name Description Value
state Describe whether this data type connection is enabled or not. "Disabled"
"Enabled" (required)

OfficeATPDataConnector

Name Description Value
kind The data connector kind "OfficeATP" (required)
properties OfficeATP (Office 365 Advanced Threat Protection) data connector properties. OfficeATPDataConnectorProperties

OfficeATPDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AlertsDataTypeOfDataConnector
tenantId The tenant id to connect to, and get the data from. string (required)

TIDataConnector

Name Description Value
kind The data connector kind "ThreatIntelligence" (required)
properties TI (Threat Intelligence) data connector properties. TIDataConnectorProperties

TIDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. TIDataConnectorDataTypes (required)
tenantId The tenant id to connect to, and get the data from. string (required)
tipLookbackPeriod The lookback period for the feed to be imported. string

TIDataConnectorDataTypes

Name Description Value
indicators Data type for indicators connection. TIDataConnectorDataTypesIndicators (required)

TIDataConnectorDataTypesIndicators

Name Description Value
state Describe whether this data type connection is enabled or not. "Disabled"
"Enabled" (required)

TiTaxiiDataConnector

Name Description Value
kind The data connector kind "ThreatIntelligenceTaxii" (required)
properties Threat intelligence TAXII data connector properties. TiTaxiiDataConnectorProperties

TiTaxiiDataConnectorProperties

Name Description Value
collectionId The collection id of the TAXII server. string
dataTypes The available data types for Threat Intelligence TAXII data connector. TiTaxiiDataConnectorDataTypes (required)
friendlyName The friendly name for the TAXII server. string
password The password for the TAXII server. string
pollingFrequency The polling frequency for the TAXII server. "OnceADay"
"OnceAMinute"
"OnceAnHour" (required)
taxiiLookbackPeriod The lookback period for the TAXII server. string
taxiiServer The API root for the TAXII server. string
tenantId The tenant id to connect to, and get the data from. string (required)
userName The userName for the TAXII server. string
workspaceId The workspace id. string

TiTaxiiDataConnectorDataTypes

Name Description Value
taxiiClient Data type for TAXII connector. TiTaxiiDataConnectorDataTypesTaxiiClient (required)

TiTaxiiDataConnectorDataTypesTaxiiClient

Name Description Value
state Describe whether this data type connection is enabled or not. "Disabled"
"Enabled" (required)