az sentinel data-connector
Note
This reference is part of the sentinel extension for the Azure CLI (version 2.37.0 or higher). The extension will automatically install the first time you run an az sentinel data-connector command. Learn more about extensions.
Manage data connector with sentinel.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az sentinel data-connector connect |
Connect a data connector. |
Extension | Experimental |
| az sentinel data-connector create |
Create the data connector. |
Extension | Experimental |
| az sentinel data-connector delete |
Delete the data connector. |
Extension | Experimental |
| az sentinel data-connector disconnect |
Disconnect a data connector. |
Extension | Experimental |
| az sentinel data-connector list |
Get all data connectors. |
Extension | Experimental |
| az sentinel data-connector show |
Get a data connector. |
Extension | Experimental |
| az sentinel data-connector update |
Update the data connector. |
Extension | Experimental |
az sentinel data-connector connect
This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Connect a data connector.
az sentinel data-connector connect --data-connector-id
--resource-group
--workspace-name
[--api-key]
[--authorization-code]
[--client-id]
[--client-secret]
[--endpoint]
[--kind {APIKey, Basic, OAuth2}]
[--output-stream]
[--password]
[--rule-immutable-id]
[--user-name]Required Parameters
Connector ID.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The name of the workspace.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
The API key of the audit server.
| Property | Value |
|---|---|
| Parameter group: | ConnectBody Arguments |
The authorization code used in OAuth 2.0 code flow to issue a token.
| Property | Value |
|---|---|
| Parameter group: | ConnectBody Arguments |
The client id of the OAuth 2.0 application.
| Property | Value |
|---|---|
| Parameter group: | ConnectBody Arguments |
The client secret of the OAuth 2.0 application.
| Property | Value |
|---|---|
| Parameter group: | ConnectBody Arguments |
Used in v2 logs connector. Represents the data collection ingestion endpoint in log analytics.
| Property | Value |
|---|---|
| Parameter group: | ConnectBody Arguments |
The authentication kind used to poll the data.
| Property | Value |
|---|---|
| Parameter group: | ConnectBody Arguments |
| Accepted values: | APIKey, Basic, OAuth2 |
Used in v2 logs connector. The stream we are sending the data to, this is the name of the streamDeclarations defined in the DCR.
| Property | Value |
|---|---|
| Parameter group: | ConnectBody Arguments |
The user password in the audit log server.
| Property | Value |
|---|---|
| Parameter group: | ConnectBody Arguments |
Used in v2 logs connector. The data collection rule immutable id, the rule defines the transformation and data destination.
| Property | Value |
|---|---|
| Parameter group: | ConnectBody Arguments |
The user name in the audit log server.
| Property | Value |
|---|---|
| Parameter group: | ConnectBody Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az sentinel data-connector create
This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Create the data connector.
az sentinel data-connector create --data-connector-id --name
--resource-group
--workspace-name
[--api-polling]
[--aws-cloud-trail]
[--aws-s3]
[--azure-active-directory]
[--azure-protection]
[--azure-security-center]
[--cloud-app-security]
[--defender-protection]
[--dynamics365]
[--etag]
[--generic-ui]
[--intelligence-taxii]
[--iot]
[--microsoft-intelligence]
[--microsoft-protection]
[--office-atp]
[--office-irm]
[--office-power-bi]
[--office365]
[--office365-project]
[--threat-intelligence]Required Parameters
Connector ID.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The name of the workspace.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Amazon web services cloud trail. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Amazon web services s3. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Azure advanced threat protection. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Microsoft cloud app security. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Microsoft defender advanced threat protection. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Etag of the azure resource.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Threat intelligence taxii. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Microsoft threat intelligence. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Microsoft threat protection. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az sentinel data-connector delete
This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Delete the data connector.
az sentinel data-connector delete [--data-connector-id --name]
[--ids]
[--resource-group]
[--subscription]
[--workspace-name]
[--yes]Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Connector ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
The name of the workspace.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Do not prompt for confirmation.
| Property | Value |
|---|---|
| Default value: | False |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az sentinel data-connector disconnect
This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Disconnect a data connector.
az sentinel data-connector disconnect --data-connector-id
--resource-group
--workspace-nameRequired Parameters
Connector ID.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The name of the workspace.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az sentinel data-connector list
This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Get all data connectors.
az sentinel data-connector list --resource-group
--workspace-nameRequired Parameters
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The name of the workspace.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az sentinel data-connector show
This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Get a data connector.
az sentinel data-connector show [--data-connector-id --name]
[--ids]
[--resource-group]
[--subscription]
[--workspace-name]Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Connector ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
The name of the workspace.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az sentinel data-connector update
This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Update the data connector.
az sentinel data-connector update [--add]
[--api-polling]
[--aws-cloud-trail]
[--aws-s3]
[--azure-active-directory]
[--azure-protection]
[--azure-security-center]
[--cloud-app-security]
[--data-connector-id --name]
[--defender-protection]
[--dynamics365]
[--etag]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--generic-ui]
[--ids]
[--intelligence-taxii]
[--iot]
[--microsoft-intelligence]
[--microsoft-protection]
[--office-atp]
[--office-irm]
[--office-power-bi]
[--office365]
[--office365-project]
[--remove]
[--resource-group]
[--set]
[--subscription]
[--threat-intelligence]
[--workspace-name]Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Amazon web services cloud trail. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Amazon web services s3. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Azure advanced threat protection. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Microsoft cloud app security. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Connector ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Microsoft defender advanced threat protection. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Etag of the azure resource.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Threat intelligence taxii. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Microsoft threat intelligence. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Microsoft threat protection. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DataConnector Arguments |
The name of the workspace.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
