Microsoft.SecurityInsights dataConnectors 2022-08-01

Bicep resource definition

The dataConnectors resource type is an extension resource, which means you can apply it to another resource.

Use the scope property on this resource to set the scope for this resource. See Set scope on extension resources in Bicep.

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.SecurityInsights/dataConnectors resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.SecurityInsights/dataConnectors@2022-08-01' = {
  name: 'string'
  kind: 'string'
  scope: resourceSymbolicName
  etag: 'string'
  // For remaining properties, see dataConnectors objects
}

dataConnectors objects

Set the kind property to specify the type of object.

For AmazonWebServicesCloudTrail, use:

  kind: 'AmazonWebServicesCloudTrail'
  properties: {
    dataTypes: {
      logs: {
        state: 'string'
      }
    }
  }

For AzureActiveDirectory, use:

  kind: 'AzureActiveDirectory'
  properties: {
    dataTypes: {
      alerts: {
        state: 'string'
      }
    }
    tenantId: 'string'
  }

For AzureAdvancedThreatProtection, use:

  kind: 'AzureAdvancedThreatProtection'
  properties: {
    dataTypes: {
      alerts: {
        state: 'string'
      }
    }
    tenantId: 'string'
  }

For AzureSecurityCenter, use:

  kind: 'AzureSecurityCenter'
  properties: {
    dataTypes: {
      alerts: {
        state: 'string'
      }
    }
    subscriptionId: 'string'
  }

For MicrosoftCloudAppSecurity, use:

  kind: 'MicrosoftCloudAppSecurity'
  properties: {
    dataTypes: {
      alerts: {
        state: 'string'
      }
      discoveryLogs: {
        state: 'string'
      }
    }
    tenantId: 'string'
  }

For MicrosoftDefenderAdvancedThreatProtection, use:

  kind: 'MicrosoftDefenderAdvancedThreatProtection'
  properties: {
    dataTypes: {
      alerts: {
        state: 'string'
      }
    }
    tenantId: 'string'
  }

For Office365, use:

  kind: 'Office365'
  properties: {
    dataTypes: {
      exchange: {
        state: 'string'
      }
      sharePoint: {
        state: 'string'
      }
      teams: {
        state: 'string'
      }
    }
    tenantId: 'string'
  }

For ThreatIntelligence, use:

  kind: 'ThreatIntelligence'
  properties: {
    dataTypes: {
      indicators: {
        state: 'string'
      }
    }
    tenantId: 'string'
    tipLookbackPeriod: 'string'
  }

Property values

dataConnectors

Name Description Value
name The resource name string (required)
kind Set the object type AmazonWebServicesCloudTrail
AzureActiveDirectory
AzureAdvancedThreatProtection
AzureSecurityCenter
MicrosoftCloudAppSecurity
MicrosoftDefenderAdvancedThreatProtection
Office365
ThreatIntelligence (required)
scope Use when creating an extension resource at a scope that is different than the deployment scope. Target resource

For Bicep, set this property to the symbolic name of the resource to apply the extension resource.
etag Etag of the azure resource string

AwsCloudTrailDataConnector

Name Description Value
kind The data connector kind 'AmazonWebServicesCloudTrail' (required)
properties Amazon Web Services CloudTrail data connector properties. AwsCloudTrailDataConnectorProperties

AwsCloudTrailDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AwsCloudTrailDataConnectorDataTypes

AwsCloudTrailDataConnectorDataTypes

Name Description Value
logs Logs data type. AwsCloudTrailDataConnectorDataTypesLogs

AwsCloudTrailDataConnectorDataTypesLogs

Name Description Value
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled'

AADDataConnector

Name Description Value
kind The data connector kind 'AzureActiveDirectory' (required)
properties AAD (Azure Active Directory) data connector properties. AADDataConnectorProperties

AADDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AlertsDataTypeOfDataConnector
tenantId The tenant id to connect to, and get the data from. string

AlertsDataTypeOfDataConnector

Name Description Value
alerts Alerts data type connection. DataConnectorDataTypeCommon

DataConnectorDataTypeCommon

Name Description Value
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled'

AatpDataConnector

Name Description Value
kind The data connector kind 'AzureAdvancedThreatProtection' (required)
properties AATP (Azure Advanced Threat Protection) data connector properties. AatpDataConnectorProperties

AatpDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AlertsDataTypeOfDataConnector
tenantId The tenant id to connect to, and get the data from. string

ASCDataConnector

Name Description Value
kind The data connector kind 'AzureSecurityCenter' (required)
properties ASC (Azure Security Center) data connector properties. ASCDataConnectorProperties

ASCDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AlertsDataTypeOfDataConnector
subscriptionId The subscription id to connect to, and get the data from. string

McasDataConnector

Name Description Value
kind The data connector kind 'MicrosoftCloudAppSecurity' (required)
properties MCAS (Microsoft Cloud App Security) data connector properties. McasDataConnectorProperties

McasDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. McasDataConnectorDataTypes
tenantId The tenant id to connect to, and get the data from. string

McasDataConnectorDataTypes

Name Description Value
alerts Alerts data type connection. DataConnectorDataTypeCommon
discoveryLogs Discovery log data type connection. DataConnectorDataTypeCommon

MdatpDataConnector

Name Description Value
kind The data connector kind 'MicrosoftDefenderAdvancedThreatProtection' (required)
properties MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. MdatpDataConnectorProperties

MdatpDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AlertsDataTypeOfDataConnector
tenantId The tenant id to connect to, and get the data from. string

OfficeDataConnector

Name Description Value
kind The data connector kind 'Office365' (required)
properties Office data connector properties. OfficeDataConnectorProperties

OfficeDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. OfficeDataConnectorDataTypes
tenantId The tenant id to connect to, and get the data from. string

OfficeDataConnectorDataTypes

Name Description Value
exchange Exchange data type connection. OfficeDataConnectorDataTypesExchange
sharePoint SharePoint data type connection. OfficeDataConnectorDataTypesSharePoint
teams Teams data type connection. OfficeDataConnectorDataTypesTeams

OfficeDataConnectorDataTypesExchange

Name Description Value
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled'

OfficeDataConnectorDataTypesSharePoint

Name Description Value
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled'

OfficeDataConnectorDataTypesTeams

Name Description Value
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled'

TIDataConnector

Name Description Value
kind The data connector kind 'ThreatIntelligence' (required)
properties TI (Threat Intelligence) data connector properties. TIDataConnectorProperties

TIDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. TIDataConnectorDataTypes
tenantId The tenant id to connect to, and get the data from. string
tipLookbackPeriod The lookback period for the feed to be imported. string

TIDataConnectorDataTypes

Name Description Value
indicators Data type for indicators connection. TIDataConnectorDataTypesIndicators

TIDataConnectorDataTypesIndicators

Name Description Value
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled'

ARM template resource definition

The dataConnectors resource type is an extension resource, which means you can apply it to another resource.

Use the scope property on this resource to set the scope for this resource. See Set scope on extension resources in ARM templates.

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.SecurityInsights/dataConnectors resource, add the following JSON to your template.

{
  "type": "Microsoft.SecurityInsights/dataConnectors",
  "apiVersion": "2022-08-01",
  "name": "string",
  "kind": "string",
  "scope": "string",
  "etag": "string",
  // For remaining properties, see dataConnectors objects
}

dataConnectors objects

Set the kind property to specify the type of object.

For AmazonWebServicesCloudTrail, use:

  "kind": "AmazonWebServicesCloudTrail",
  "properties": {
    "dataTypes": {
      "logs": {
        "state": "string"
      }
    }
  }

For AzureActiveDirectory, use:

  "kind": "AzureActiveDirectory",
  "properties": {
    "dataTypes": {
      "alerts": {
        "state": "string"
      }
    },
    "tenantId": "string"
  }

For AzureAdvancedThreatProtection, use:

  "kind": "AzureAdvancedThreatProtection",
  "properties": {
    "dataTypes": {
      "alerts": {
        "state": "string"
      }
    },
    "tenantId": "string"
  }

For AzureSecurityCenter, use:

  "kind": "AzureSecurityCenter",
  "properties": {
    "dataTypes": {
      "alerts": {
        "state": "string"
      }
    },
    "subscriptionId": "string"
  }

For MicrosoftCloudAppSecurity, use:

  "kind": "MicrosoftCloudAppSecurity",
  "properties": {
    "dataTypes": {
      "alerts": {
        "state": "string"
      },
      "discoveryLogs": {
        "state": "string"
      }
    },
    "tenantId": "string"
  }

For MicrosoftDefenderAdvancedThreatProtection, use:

  "kind": "MicrosoftDefenderAdvancedThreatProtection",
  "properties": {
    "dataTypes": {
      "alerts": {
        "state": "string"
      }
    },
    "tenantId": "string"
  }

For Office365, use:

  "kind": "Office365",
  "properties": {
    "dataTypes": {
      "exchange": {
        "state": "string"
      },
      "sharePoint": {
        "state": "string"
      },
      "teams": {
        "state": "string"
      }
    },
    "tenantId": "string"
  }

For ThreatIntelligence, use:

  "kind": "ThreatIntelligence",
  "properties": {
    "dataTypes": {
      "indicators": {
        "state": "string"
      }
    },
    "tenantId": "string",
    "tipLookbackPeriod": "string"
  }

Property values

dataConnectors

Name Description Value
type The resource type 'Microsoft.SecurityInsights/dataConnectors'
apiVersion The resource api version '2022-08-01'
name The resource name string (required)
kind Set the object type AmazonWebServicesCloudTrail
AzureActiveDirectory
AzureAdvancedThreatProtection
AzureSecurityCenter
MicrosoftCloudAppSecurity
MicrosoftDefenderAdvancedThreatProtection
Office365
ThreatIntelligence (required)
scope Use when creating an extension resource at a scope that is different than the deployment scope. Target resource

For JSON, set the value to the full name of the resource to apply the extension resource to.
etag Etag of the azure resource string

AwsCloudTrailDataConnector

Name Description Value
kind The data connector kind 'AmazonWebServicesCloudTrail' (required)
properties Amazon Web Services CloudTrail data connector properties. AwsCloudTrailDataConnectorProperties

AwsCloudTrailDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AwsCloudTrailDataConnectorDataTypes

AwsCloudTrailDataConnectorDataTypes

Name Description Value
logs Logs data type. AwsCloudTrailDataConnectorDataTypesLogs

AwsCloudTrailDataConnectorDataTypesLogs

Name Description Value
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled'

AADDataConnector

Name Description Value
kind The data connector kind 'AzureActiveDirectory' (required)
properties AAD (Azure Active Directory) data connector properties. AADDataConnectorProperties

AADDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AlertsDataTypeOfDataConnector
tenantId The tenant id to connect to, and get the data from. string

AlertsDataTypeOfDataConnector

Name Description Value
alerts Alerts data type connection. DataConnectorDataTypeCommon

DataConnectorDataTypeCommon

Name Description Value
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled'

AatpDataConnector

Name Description Value
kind The data connector kind 'AzureAdvancedThreatProtection' (required)
properties AATP (Azure Advanced Threat Protection) data connector properties. AatpDataConnectorProperties

AatpDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AlertsDataTypeOfDataConnector
tenantId The tenant id to connect to, and get the data from. string

ASCDataConnector

Name Description Value
kind The data connector kind 'AzureSecurityCenter' (required)
properties ASC (Azure Security Center) data connector properties. ASCDataConnectorProperties

ASCDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AlertsDataTypeOfDataConnector
subscriptionId The subscription id to connect to, and get the data from. string

McasDataConnector

Name Description Value
kind The data connector kind 'MicrosoftCloudAppSecurity' (required)
properties MCAS (Microsoft Cloud App Security) data connector properties. McasDataConnectorProperties

McasDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. McasDataConnectorDataTypes
tenantId The tenant id to connect to, and get the data from. string

McasDataConnectorDataTypes

Name Description Value
alerts Alerts data type connection. DataConnectorDataTypeCommon
discoveryLogs Discovery log data type connection. DataConnectorDataTypeCommon

MdatpDataConnector

Name Description Value
kind The data connector kind 'MicrosoftDefenderAdvancedThreatProtection' (required)
properties MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. MdatpDataConnectorProperties

MdatpDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AlertsDataTypeOfDataConnector
tenantId The tenant id to connect to, and get the data from. string

OfficeDataConnector

Name Description Value
kind The data connector kind 'Office365' (required)
properties Office data connector properties. OfficeDataConnectorProperties

OfficeDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. OfficeDataConnectorDataTypes
tenantId The tenant id to connect to, and get the data from. string

OfficeDataConnectorDataTypes

Name Description Value
exchange Exchange data type connection. OfficeDataConnectorDataTypesExchange
sharePoint SharePoint data type connection. OfficeDataConnectorDataTypesSharePoint
teams Teams data type connection. OfficeDataConnectorDataTypesTeams

OfficeDataConnectorDataTypesExchange

Name Description Value
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled'

OfficeDataConnectorDataTypesSharePoint

Name Description Value
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled'

OfficeDataConnectorDataTypesTeams

Name Description Value
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled'

TIDataConnector

Name Description Value
kind The data connector kind 'ThreatIntelligence' (required)
properties TI (Threat Intelligence) data connector properties. TIDataConnectorProperties

TIDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. TIDataConnectorDataTypes
tenantId The tenant id to connect to, and get the data from. string
tipLookbackPeriod The lookback period for the feed to be imported. string

TIDataConnectorDataTypes

Name Description Value
indicators Data type for indicators connection. TIDataConnectorDataTypesIndicators

TIDataConnectorDataTypesIndicators

Name Description Value
state Describe whether this data type connection is enabled or not. 'Disabled'
'Enabled'

Terraform (AzAPI provider) resource definition

The dataConnectors resource type is an extension resource, which means you can apply it to another resource.

Use the parent_id property on this resource to set the scope for this resource.

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.SecurityInsights/dataConnectors resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.SecurityInsights/dataConnectors@2022-08-01"
  name = "string"
  parent_id = "string"
  // For remaining properties, see dataConnectors objects
  body = jsonencode({
    kind = "string"
    etag = "string"
  })
}

dataConnectors objects

Set the kind property to specify the type of object.

For AmazonWebServicesCloudTrail, use:

  kind = "AmazonWebServicesCloudTrail"
  properties = {
    dataTypes = {
      logs = {
        state = "string"
      }
    }
  }

For AzureActiveDirectory, use:

  kind = "AzureActiveDirectory"
  properties = {
    dataTypes = {
      alerts = {
        state = "string"
      }
    }
    tenantId = "string"
  }

For AzureAdvancedThreatProtection, use:

  kind = "AzureAdvancedThreatProtection"
  properties = {
    dataTypes = {
      alerts = {
        state = "string"
      }
    }
    tenantId = "string"
  }

For AzureSecurityCenter, use:

  kind = "AzureSecurityCenter"
  properties = {
    dataTypes = {
      alerts = {
        state = "string"
      }
    }
    subscriptionId = "string"
  }

For MicrosoftCloudAppSecurity, use:

  kind = "MicrosoftCloudAppSecurity"
  properties = {
    dataTypes = {
      alerts = {
        state = "string"
      }
      discoveryLogs = {
        state = "string"
      }
    }
    tenantId = "string"
  }

For MicrosoftDefenderAdvancedThreatProtection, use:

  kind = "MicrosoftDefenderAdvancedThreatProtection"
  properties = {
    dataTypes = {
      alerts = {
        state = "string"
      }
    }
    tenantId = "string"
  }

For Office365, use:

  kind = "Office365"
  properties = {
    dataTypes = {
      exchange = {
        state = "string"
      }
      sharePoint = {
        state = "string"
      }
      teams = {
        state = "string"
      }
    }
    tenantId = "string"
  }

For ThreatIntelligence, use:

  kind = "ThreatIntelligence"
  properties = {
    dataTypes = {
      indicators = {
        state = "string"
      }
    }
    tenantId = "string"
    tipLookbackPeriod = "string"
  }

Property values

dataConnectors

Name Description Value
type The resource type "Microsoft.SecurityInsights/dataConnectors@2022-08-01"
name The resource name string (required)
parent_id The ID of the resource to apply this extension resource to. string (required)
kind Set the object type AmazonWebServicesCloudTrail
AzureActiveDirectory
AzureAdvancedThreatProtection
AzureSecurityCenter
MicrosoftCloudAppSecurity
MicrosoftDefenderAdvancedThreatProtection
Office365
ThreatIntelligence (required)
etag Etag of the azure resource string

AwsCloudTrailDataConnector

Name Description Value
kind The data connector kind "AmazonWebServicesCloudTrail" (required)
properties Amazon Web Services CloudTrail data connector properties. AwsCloudTrailDataConnectorProperties

AwsCloudTrailDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AwsCloudTrailDataConnectorDataTypes

AwsCloudTrailDataConnectorDataTypes

Name Description Value
logs Logs data type. AwsCloudTrailDataConnectorDataTypesLogs

AwsCloudTrailDataConnectorDataTypesLogs

Name Description Value
state Describe whether this data type connection is enabled or not. "Disabled"
"Enabled"

AADDataConnector

Name Description Value
kind The data connector kind "AzureActiveDirectory" (required)
properties AAD (Azure Active Directory) data connector properties. AADDataConnectorProperties

AADDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AlertsDataTypeOfDataConnector
tenantId The tenant id to connect to, and get the data from. string

AlertsDataTypeOfDataConnector

Name Description Value
alerts Alerts data type connection. DataConnectorDataTypeCommon

DataConnectorDataTypeCommon

Name Description Value
state Describe whether this data type connection is enabled or not. "Disabled"
"Enabled"

AatpDataConnector

Name Description Value
kind The data connector kind "AzureAdvancedThreatProtection" (required)
properties AATP (Azure Advanced Threat Protection) data connector properties. AatpDataConnectorProperties

AatpDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AlertsDataTypeOfDataConnector
tenantId The tenant id to connect to, and get the data from. string

ASCDataConnector

Name Description Value
kind The data connector kind "AzureSecurityCenter" (required)
properties ASC (Azure Security Center) data connector properties. ASCDataConnectorProperties

ASCDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AlertsDataTypeOfDataConnector
subscriptionId The subscription id to connect to, and get the data from. string

McasDataConnector

Name Description Value
kind The data connector kind "MicrosoftCloudAppSecurity" (required)
properties MCAS (Microsoft Cloud App Security) data connector properties. McasDataConnectorProperties

McasDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. McasDataConnectorDataTypes
tenantId The tenant id to connect to, and get the data from. string

McasDataConnectorDataTypes

Name Description Value
alerts Alerts data type connection. DataConnectorDataTypeCommon
discoveryLogs Discovery log data type connection. DataConnectorDataTypeCommon

MdatpDataConnector

Name Description Value
kind The data connector kind "MicrosoftDefenderAdvancedThreatProtection" (required)
properties MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. MdatpDataConnectorProperties

MdatpDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. AlertsDataTypeOfDataConnector
tenantId The tenant id to connect to, and get the data from. string

OfficeDataConnector

Name Description Value
kind The data connector kind "Office365" (required)
properties Office data connector properties. OfficeDataConnectorProperties

OfficeDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. OfficeDataConnectorDataTypes
tenantId The tenant id to connect to, and get the data from. string

OfficeDataConnectorDataTypes

Name Description Value
exchange Exchange data type connection. OfficeDataConnectorDataTypesExchange
sharePoint SharePoint data type connection. OfficeDataConnectorDataTypesSharePoint
teams Teams data type connection. OfficeDataConnectorDataTypesTeams

OfficeDataConnectorDataTypesExchange

Name Description Value
state Describe whether this data type connection is enabled or not. "Disabled"
"Enabled"

OfficeDataConnectorDataTypesSharePoint

Name Description Value
state Describe whether this data type connection is enabled or not. "Disabled"
"Enabled"

OfficeDataConnectorDataTypesTeams

Name Description Value
state Describe whether this data type connection is enabled or not. "Disabled"
"Enabled"

TIDataConnector

Name Description Value
kind The data connector kind "ThreatIntelligence" (required)
properties TI (Threat Intelligence) data connector properties. TIDataConnectorProperties

TIDataConnectorProperties

Name Description Value
dataTypes The available data types for the connector. TIDataConnectorDataTypes
tenantId The tenant id to connect to, and get the data from. string
tipLookbackPeriod The lookback period for the feed to be imported. string

TIDataConnectorDataTypes

Name Description Value
indicators Data type for indicators connection. TIDataConnectorDataTypesIndicators

TIDataConnectorDataTypesIndicators

Name Description Value
state Describe whether this data type connection is enabled or not. "Disabled"
"Enabled"